0
0

Operation: Defend The North 2025 (Vancouver)

Operation Defend the North 2025 Vancouver

OPERATION: DEFEND THE NORTHA Canadian Cybersecurity Readiness Exercise

Our immersive event simulates a large-scale cyber attack targeting Canada’s critical sectors — Energy, Finance & Banking, Healthcare, Government Services, and Telecommunications. Through a dynamic and interactive tabletop exercise, participants will navigate a high-stakes cyber crisis scenario. This experience brings together industry leaders, cybersecurity professionals, policymakers, and key stakeholders to collaboratively strengthen our national cyber resilience.

This event is online and in-person.

O Canada, we stand on guard for thee.

Protégera nos foyers et nos droits.

Share This Event
Event Details
Add to Calendar
VIP Admission
$349.00

Exclusive VIP Access to All Modules

High-Pressure Cyber Simulation Experience

Private Hot Breakfast & Gourmet Lunch Service

Dedicated VIP Lounge & Executive Networking

Where leadership, intelligence, and crisis converge

General Admission
$199.00

Access to All Event Modules

Tabletop Cyber Crisis Simulation

Continental Breakfast, Boxed Lunch & Refreshment Breaks

In-Person Networking with Canada’s Cyber Leaders

Experience the frontline of cyber defence—up close and in action

Virtual Full Access
$10.00

Stream All Modules Live

Participate in Real-Time Chat & Polls

Access Virtual Expo Booths & Resources

On-Demand Replay via the siberX Platform

Join Canada’s Cyber Community—Anywhere

Virtual Starter Pass (Free)
Free

Free Access to the Opening Module

Preview the Live Cyber Crisis Simulation

Connect with Attendees in Real Time

Upgrade Anytime for Full Access

Experience the Event on the siberX Platform

Alex Dow
Chief Innovations Officer
Mirai Security
Chief Innovations Officer at Mirai Security
Ali Abbas Hirji
Chair of Operation
Operation: Defend the North - siberX
Chair of Operation at Operation: Defend the North - siberX
Hardeep Mehrotara
Vice President Information Security and Architecture
Concert Properties
Vice President Information Security and Architecture at Concert Properties
Maleena Singh
Director of Incident Response
Mirai Security Inc.
Director of Incident Response at Mirai Security Inc.
Mary Carmichael
President
ISACA Vancouver
President at ISACA Vancouver
Michael Buckley
Security Operations Center Lead
Mark Anthony Group
Security Operations Center Lead at Mark Anthony Group
Neumann Lim
Manager of Cybersecurity
Odlum Brown
Manager of Cybersecurity at Odlum Brown
Octavia Howell
VP, CISO
Equifax Canada
VP, CISO at Equifax Canada
Rob Davidson
Director of Security Services, CISO
Pacific Blue Cross
Director of Security Services, CISO at Pacific Blue Cross
Trevor Verbeke
Divisional Manager Infrastructure & Cyber Security
Metro Vancouver
Divisional Manager Infrastructure & Cyber Security at Metro Vancouver

  • Join us for breakfast and start your day off right!

  • Kick off "Defend the North" with an exciting overview of our mission and prepare for a dynamic cyber defence simulation.

  • The sun rises over Canada’s east coast—and as ODTN Mart, a national grocer and pharmacy chain, prepares to unlock its doors to early morning customers, something is off. Point-of-sale systems won’t boot. Pharmacy terminals freeze. Across the Maritimes, store managers frantically reboot systems, only to hit the same dead ends. Calls to the outsourced IT help desk flood in. The queue fills with Priority 1 tickets, but support agents are stuck. The systems look online—but nothing works. Their playbooks don’t cover this. And worse? The POS systems are managed by yet another third party—one no one seems to know how to reach. Escalations to ODTN Mart’s headquarters in Vancouver go unanswered. It’s still 5 a.m. on the West Coast and store managers are forced to keep the doors locked. The initial hours are a flurry of frantic reports and rudimentary checks. The challenge now is to move beyond simple detection of the widespread failure and begin the critical analysis: What is the root cause? Is this a technical malfunction, a systemic error, or the tell-tale signs of a malicious intrusion?

  • Recharge with a tasty snack break!

  • As the scope of the disruption becomes apparent, the initial focus shifts to containment. The priority is to prevent further spread and isolate affected systems to limit the damage. Network segments in the Maritime region may be temporarily isolated, and remote access points are scrutinized. Simultaneously, the discovery phase intensifies. Technical teams in Vancouver begin a deeper dive into system logs, network traffic, and any available diagnostic data. They are searching for anomalies, patterns, or indicators of compromise that might explain the widespread outages. The lack of direct access to the third-party POS infrastructure presents a significant obstacle to thorough discovery. Investigators must rely on indirect evidence and the limited information trickling in from the affected stores and the overwhelmed support channels. Understanding the adversary's methods and objectives, if this is indeed an attack, is paramount.

  • Refuel and re-energize with a warm lunch!

  • Once the root cause is identified and the extent of the compromise (if any) is understood, the eradication phase begins. This involves removing the threat actors, malicious software, or underlying issues from the affected systems and the wider network. Depending on the nature of the incident, this could involve patching vulnerabilities, removing malware, resetting compromised accounts, or reconfiguring systems. The challenge is amplified by the reliance on a third-party for the critical POS systems. Eradication efforts may require close coordination and cooperation with this external vendor, assuming contact can be established. Ensuring the threat is completely eliminated and that no backdoors or persistent access remains is crucial before full recovery can commence.

  • Recharge with a tasty snack break!

  • With containment and eradication underway, the response efforts broaden. Communication becomes critical – keeping stakeholders informed, managing public perception, and coordinating with any external agencies, such as law enforcement or cybersecurity firms. Recovery plans are activated, focusing on restoring critical services and bringing systems back online in a controlled and prioritized manner. Post-incident activity begins even as recovery is ongoing. This involves documenting the incident in detail, preserving evidence for potential legal or investigative purposes, and starting to formulate lessons learned. Initial assessments of the incident response process itself are conducted to identify areas for improvement.

  • Take a moment to stretch and breathe deep!

  • As systems are restored and the immediate crisis subsides, the final phase involves closing remarks and a comprehensive hotwash. Leadership provides an overview of the incident, the response efforts, and the initial impact. The hotwash is a critical debriefing session involving all key stakeholders who participated in the response. The goal is to openly and honestly discuss what went well, what could have been done better, and to identify concrete action items for improving future preparedness and response capabilities. This session ensures that the lessons learned are captured, documented, and translated into tangible improvements in ODTN Mart's security posture, incident response plans, and third-party risk management strategies.

  • Join us for breakfast and start your day off right!

  • Kick off "Defend the North" with an exciting overview of our mission and prepare for a dynamic cyber defence simulation.

  • The sun rises over Canada’s east coast—and as ODTN Mart, a national grocer and pharmacy chain, prepares to unlock its doors to early morning customers, something is off. Point-of-sale systems won’t boot. Pharmacy terminals freeze. Across the Maritimes, store managers frantically reboot systems, only to hit the same dead ends. Calls to the outsourced IT help desk flood in. The queue fills with Priority 1 tickets, but support agents are stuck. The systems look online—but nothing works. Their playbooks don’t cover this. And worse? The POS systems are managed by yet another third party—one no one seems to know how to reach. Escalations to ODTN Mart’s headquarters in Vancouver go unanswered. It’s still 5 a.m. on the West Coast and store managers are forced to keep the doors locked. The initial hours are a flurry of frantic reports and rudimentary checks. The challenge now is to move beyond simple detection of the widespread failure and begin the critical analysis: What is the root cause? Is this a technical malfunction, a systemic error, or the tell-tale signs of a malicious intrusion?

  • Recharge with a tasty snack break!

  • As the scope of the disruption becomes apparent, the initial focus shifts to containment. The priority is to prevent further spread and isolate affected systems to limit the damage. Network segments in the Maritime region may be temporarily isolated, and remote access points are scrutinized. Simultaneously, the discovery phase intensifies. Technical teams in Vancouver begin a deeper dive into system logs, network traffic, and any available diagnostic data. They are searching for anomalies, patterns, or indicators of compromise that might explain the widespread outages. The lack of direct access to the third-party POS infrastructure presents a significant obstacle to thorough discovery. Investigators must rely on indirect evidence and the limited information trickling in from the affected stores and the overwhelmed support channels. Understanding the adversary's methods and objectives, if this is indeed an attack, is paramount.

  • Refuel and re-energize with a warm lunch!

  • Once the root cause is identified and the extent of the compromise (if any) is understood, the eradication phase begins. This involves removing the threat actors, malicious software, or underlying issues from the affected systems and the wider network. Depending on the nature of the incident, this could involve patching vulnerabilities, removing malware, resetting compromised accounts, or reconfiguring systems. The challenge is amplified by the reliance on a third-party for the critical POS systems. Eradication efforts may require close coordination and cooperation with this external vendor, assuming contact can be established. Ensuring the threat is completely eliminated and that no backdoors or persistent access remains is crucial before full recovery can commence.

  • Recharge with a tasty snack break!

  • With containment and eradication underway, the response efforts broaden. Communication becomes critical – keeping stakeholders informed, managing public perception, and coordinating with any external agencies, such as law enforcement or cybersecurity firms. Recovery plans are activated, focusing on restoring critical services and bringing systems back online in a controlled and prioritized manner. Post-incident activity begins even as recovery is ongoing. This involves documenting the incident in detail, preserving evidence for potential legal or investigative purposes, and starting to formulate lessons learned. Initial assessments of the incident response process itself are conducted to identify areas for improvement.

  • Take a moment to stretch and breathe deep!

  • As systems are restored and the immediate crisis subsides, the final phase involves closing remarks and a comprehensive hotwash. Leadership provides an overview of the incident, the response efforts, and the initial impact. The hotwash is a critical debriefing session involving all key stakeholders who participated in the response. The goal is to openly and honestly discuss what went well, what could have been done better, and to identify concrete action items for improving future preparedness and response capabilities. This session ensures that the lessons learned are captured, documented, and translated into tangible improvements in ODTN Mart's security posture, incident response plans, and third-party risk management strategies.

Join us as a sponsor and position your brand at the forefront of cybersecurity innovation—gain exclusive visibility, connect with industry leaders, and make a lasting impact in the cyber community.

Air Canada Ticket Promo Code

V4CWUMJ1
  • The booking is to be made to the following city: Vancouver, YVR (CA)
  • The travel period begins Wednesday, October 15, 2025 and ends Thursday, October 30, 2025.
  • Travel is valid Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday.
  • For North America: 5% applies on standard fares, 10% on flex fares & higher.
  • For International Travel: 10% on standard fares & higher.
About the Venue

Simon Fraser University

580 W Hastings St, Vancouver, BC V6B 5K3

A beacon of academic excellence in Vancouver, British Columbia, Simon Fraser University combines innovative architecture with a breathtaking natural setting. Its modern facilities and vibrant campus culture create an inspiring environment for learning, collaboration, and growth.

Event Details
Add to Calendar

Our site uses cookies to provide necessary website functionality, improve your experience and analyze our traffic. Click here to learn more.

I Accept