0
0

Operation: Defend The North 2025 (Vancouver)

Operation Defend the North 2025 Vancouver

Nationwide chaos erupts as payment systems and prescription services crash across grocery and pharmacy chains. But this is just the surface. Investigators uncover that the breach enabled covert access to Canada’s national data recovery infrastructure—a move designed for long-term persistence. It’s quiet. Strategic. And deadly.

Operation: Defend the North – Vancouver is where subtle threats become systemic disasters. In this advanced scenario, participants engage in a live tabletop exercise built to expose the hidden dangers of supply chain infiltration. Collaborate with cybersecurity leaders, policy influencers, and tech experts as you respond to the most silent—and most dangerous—phase of the national cyber siege.

Sometimes the biggest threat is the one you don’t see.

Will you detect it in time?

This event is online and in-person.

O Canada, we stand on guard for thee. Protégera nos foyers et nos droits.

Share This Event
Event Details
Add to Calendar
VIP Admission
$349.00

Access to All Event Modules

Tabletop Cyber Crisis Simulation

Continental Breakfast, Boxed Lunch & Refreshment Breaks

In-Person Networking with Cyber Leaders

Experience the frontline of cyber defence—up close and in action

General Admission
$199.00

Access to All Event Modules

Tabletop Cyber Crisis Simulation

Continental Breakfast, Boxed Lunch, Breaks

Connect with Canada’s Cyber Community

Experience the frontline of cyber defence—live

Virtual Full Access
$10.00

Stream All Modules in Real Time

Live Chat, Polls & Attendee Engagement

Access Virtual Booths & Partner Content

Watch Live or On-Demand via the siberX App

Total access from anywhere—on your terms

Virtual Starter Pass (Free)
$0.00

Free Access to the Opening Module

Preview the Cyber Simulation Live

Engage with Participants in Real Time

Upgrade to Unlock Full Event Access

Your front-row seat to crisis response

Alex Dow
Chief Innovations Officer
Mirai Security
Chief Innovations Officer at Mirai Security
Ali Abbas Hirji
Chair of Operation
Operation: Defend the North - siberX
Chair of Operation at Operation: Defend the North - siberX
Hardeep Mehrotara
Vice President Information Security and Architecture
Concert Properties
Vice President Information Security and Architecture at Concert Properties
Maleena Singh
Director of Incident Response
Mirai Security Inc.
Director of Incident Response at Mirai Security Inc.
Mary Carmichael
Director, Governance, Risk, and Compliance Advisory
Momentum Technology
Director, Governance, Risk, and Compliance Advisory at Momentum Technology
Michael Buckley
Security Operations Center Lead
Mark Anthony Group
Security Operations Center Lead at Mark Anthony Group
Neumann Lim
Manager of Cybersecurity
Odlum Brown
Manager of Cybersecurity at Odlum Brown
Octavia Howell
VP, CISO
Equifax Canada
VP, CISO at Equifax Canada
Rob Davidson
Director of Security Services, CISO
Pacific Blue Cross
Director of Security Services, CISO at Pacific Blue Cross
Trevor Verbeke
Divisional Manager Infrastructure & Cyber Security
Metro Vancouver
Divisional Manager Infrastructure & Cyber Security at Metro Vancouver
Vivek Khindria
President and Principal Consultant
Risk Embrace Inc
President and Principal Consultant at Risk Embrace Inc

  • Join us for breakfast and start your day off right!

  • Kick off "Defend the North" with an exciting overview of our mission and prepare for a dynamic cyber defence simulation.

  • The sun rises over Canada’s east coast—and as ODTN Mart, a national grocer and pharmacy chain, prepares to unlock its doors to early morning customers, something is off. Point-of-sale systems won’t boot. Pharmacy terminals freeze. Across the Maritimes, store managers frantically reboot systems, only to hit the same dead ends. Calls to the outsourced IT help desk flood in. The queue fills with Priority 1 tickets, but support agents are stuck. The systems look online—but nothing works. Their playbooks don’t cover this. And worse? The POS systems are managed by yet another third party—one no one seems to know how to reach. Escalations to ODTN Mart’s headquarters in Vancouver go unanswered. It’s still 5 a.m. on the West Coast and store managers are forced to keep the doors locked. The initial hours are a flurry of frantic reports and rudimentary checks. The challenge now is to move beyond simple detection of the widespread failure and begin the critical analysis: What is the root cause? Is this a technical malfunction, a systemic error, or the tell-tale signs of a malicious intrusion?

  • Recharge with a tasty snack break!

  • As the scope of the disruption becomes apparent, the initial focus shifts to containment. The priority is to prevent further spread and isolate affected systems to limit the damage. Network segments in the Maritime region may be temporarily isolated, and remote access points are scrutinized. Simultaneously, the discovery phase intensifies. Technical teams in Vancouver begin a deeper dive into system logs, network traffic, and any available diagnostic data. They are searching for anomalies, patterns, or indicators of compromise that might explain the widespread outages. The lack of direct access to the third-party POS infrastructure presents a significant obstacle to thorough discovery. Investigators must rely on indirect evidence and the limited information trickling in from the affected stores and the overwhelmed support channels. Understanding the adversary's methods and objectives, if this is indeed an attack, is paramount.

  • Refuel and re-energize with a warm lunch!

  • Once the root cause is identified and the extent of the compromise (if any) is understood, the eradication phase begins. This involves removing the threat actors, malicious software, or underlying issues from the affected systems and the wider network. Depending on the nature of the incident, this could involve patching vulnerabilities, removing malware, resetting compromised accounts, or reconfiguring systems. The challenge is amplified by the reliance on a third-party for the critical POS systems. Eradication efforts may require close coordination and cooperation with this external vendor, assuming contact can be established. Ensuring the threat is completely eliminated and that no backdoors or persistent access remains is crucial before full recovery can commence.

  • Recharge with a tasty snack break!

  • With containment and eradication underway, the response efforts broaden. Communication becomes critical – keeping stakeholders informed, managing public perception, and coordinating with any external agencies, such as law enforcement or cybersecurity firms. Recovery plans are activated, focusing on restoring critical services and bringing systems back online in a controlled and prioritized manner. Post-incident activity begins even as recovery is ongoing. This involves documenting the incident in detail, preserving evidence for potential legal or investigative purposes, and starting to formulate lessons learned. Initial assessments of the incident response process itself are conducted to identify areas for improvement.

  • Take a moment to stretch and breathe deep!

  • As systems are restored and the immediate crisis subsides, the final phase involves closing remarks and a comprehensive hotwash. Leadership provides an overview of the incident, the response efforts, and the initial impact. The hotwash is a critical debriefing session involving all key stakeholders who participated in the response. The goal is to openly and honestly discuss what went well, what could have been done better, and to identify concrete action items for improving future preparedness and response capabilities. This session ensures that the lessons learned are captured, documented, and translated into tangible improvements in ODTN Mart's security posture, incident response plans, and third-party risk management strategies.

  • Join us for breakfast and start your day off right!

  • Kick off "Defend the North" with an exciting overview of our mission and prepare for a dynamic cyber defence simulation.

  • The sun rises over Canada’s east coast—and as ODTN Mart, a national grocer and pharmacy chain, prepares to unlock its doors to early morning customers, something is off. Point-of-sale systems won’t boot. Pharmacy terminals freeze. Across the Maritimes, store managers frantically reboot systems, only to hit the same dead ends. Calls to the outsourced IT help desk flood in. The queue fills with Priority 1 tickets, but support agents are stuck. The systems look online—but nothing works. Their playbooks don’t cover this. And worse? The POS systems are managed by yet another third party—one no one seems to know how to reach. Escalations to ODTN Mart’s headquarters in Vancouver go unanswered. It’s still 5 a.m. on the West Coast and store managers are forced to keep the doors locked. The initial hours are a flurry of frantic reports and rudimentary checks. The challenge now is to move beyond simple detection of the widespread failure and begin the critical analysis: What is the root cause? Is this a technical malfunction, a systemic error, or the tell-tale signs of a malicious intrusion?

  • Recharge with a tasty snack break!

  • As the scope of the disruption becomes apparent, the initial focus shifts to containment. The priority is to prevent further spread and isolate affected systems to limit the damage. Network segments in the Maritime region may be temporarily isolated, and remote access points are scrutinized. Simultaneously, the discovery phase intensifies. Technical teams in Vancouver begin a deeper dive into system logs, network traffic, and any available diagnostic data. They are searching for anomalies, patterns, or indicators of compromise that might explain the widespread outages. The lack of direct access to the third-party POS infrastructure presents a significant obstacle to thorough discovery. Investigators must rely on indirect evidence and the limited information trickling in from the affected stores and the overwhelmed support channels. Understanding the adversary's methods and objectives, if this is indeed an attack, is paramount.

  • Refuel and re-energize with a warm lunch!

  • Once the root cause is identified and the extent of the compromise (if any) is understood, the eradication phase begins. This involves removing the threat actors, malicious software, or underlying issues from the affected systems and the wider network. Depending on the nature of the incident, this could involve patching vulnerabilities, removing malware, resetting compromised accounts, or reconfiguring systems. The challenge is amplified by the reliance on a third-party for the critical POS systems. Eradication efforts may require close coordination and cooperation with this external vendor, assuming contact can be established. Ensuring the threat is completely eliminated and that no backdoors or persistent access remains is crucial before full recovery can commence.

  • Recharge with a tasty snack break!

  • With containment and eradication underway, the response efforts broaden. Communication becomes critical – keeping stakeholders informed, managing public perception, and coordinating with any external agencies, such as law enforcement or cybersecurity firms. Recovery plans are activated, focusing on restoring critical services and bringing systems back online in a controlled and prioritized manner. Post-incident activity begins even as recovery is ongoing. This involves documenting the incident in detail, preserving evidence for potential legal or investigative purposes, and starting to formulate lessons learned. Initial assessments of the incident response process itself are conducted to identify areas for improvement.

  • Take a moment to stretch and breathe deep!

  • As systems are restored and the immediate crisis subsides, the final phase involves closing remarks and a comprehensive hotwash. Leadership provides an overview of the incident, the response efforts, and the initial impact. The hotwash is a critical debriefing session involving all key stakeholders who participated in the response. The goal is to openly and honestly discuss what went well, what could have been done better, and to identify concrete action items for improving future preparedness and response capabilities. This session ensures that the lessons learned are captured, documented, and translated into tangible improvements in ODTN Mart's security posture, incident response plans, and third-party risk management strategies.

Join us as a sponsor and position your brand at the forefront of cybersecurity innovation—gain exclusive visibility, connect with industry leaders, and make a lasting impact in the cyber community.

Air Canada Ticket Promo Code

V4CWUMJ1
  • The booking is to be made to the following city: Vancouver, YVR (CA)
  • The travel period begins Wednesday, October 15, 2025 and ends Thursday, October 30, 2025.
  • Travel is valid Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday.
  • For North America: 5% applies on standard fares, 10% on flex fares & higher.
  • For International Travel: 10% on standard fares & higher.
About the Venue

Simon Fraser University

580 W Hastings St, Vancouver, BC V6B 5K3

A beacon of academic excellence in Vancouver, British Columbia, Simon Fraser University combines innovative architecture with a breathtaking natural setting. Its modern facilities and vibrant campus culture create an inspiring environment for learning, collaboration, and growth.

Event Details
Add to Calendar

Our site uses cookies to provide necessary website functionality, improve your experience and analyze our traffic. Click here to learn more.

I Accept