–
Halifax BSides
Who Are We?
Halifax BSides is a non-profit organization run by members of the Halifax Technology and Information Security industry with a goal of running a yearly conference for experts, students, the curious and the confused not only to hear from others but also to provide them their chance to speak on topics that interest them. This year's conference will be November 13th and we look forward to sharing more with you as soon as possible.
When and Where
November 13th, Dalhousie University Faculty of Computer Science
Tickets
Sold out for 2025!
Feedback
Thanks for making BSides 2025 a huge success, please help us plan for 2026 by filling out this survey
Schedule
–
Welcome & Opening Remarks
–
Shields Up: Cyber Readiness in an Age of Constant Threats
Jenn Hutton
This talk is about how to balance creativeness and proactiveness in an ever changing threat landscape. It's no longer "if" we will get attacked, "when". Mitigation remains a top priority, but are we too busy trying to stop it, and not focusing on how to recover when it happens.
–
Quick Break
–
Security Dashboards: How To Build One That Works
Stephen Smith
The problems I experienced trying to build a security dashboard for a global medtech company, and how you can avoid them. I literally did try and build a security dashboard for a major medtech company, and after a year of effort, the entire thing got scrapped. Why? I know now what I should have known then, and I will share the fruits of my wasted year with your audience, so that they may avoid my pain. Highlights include: what do you want to know about, how you want to know about it, where data is stored, how to get it, and maintenance concerns. Due to being based on a real story, this talk will be mildly prescriptive about technology choices (Python/Terraform/AWS), but still general enough to be widely applicable.
–
Networking Break
–
Carrier Pigeon: Decentralized Communication with LoRa
Leonardo Lees
My talk is about the risks associated with trusting people, companies, or government entities with your data and messages, and how we can avoid these risks using alternative methods of communication. I will cover how "deleted" data is often only tagged and archived, why growing compute power threatens current encryption, and showcase my open source project Carrier Pigeon — firmware/web app for ESP32 using LoRa, AES-GCM and ECDH. The talk aims to inspire creative projects to mitigate future threats like quantum computing.
–
Lunch
–
Security Jeopardy
–
From Chaos to Control: Operationalizing Continuous Threat Exposure Management
Tim Dickinson
Security teams don’t fail because they lack visibility, they fail because they lack control. Every year, organizations spend millions on tools that tell them what’s wrong but not how to fix it. Continuous Threat Exposure Management (CTEM) offers a path forward, yet most programs stall after scoping and discovery. This talk explores how practitioners can operationalize exposure management using the tools they already own, with a blueprint to turn visibility into measurable risk reduction and build collaboration across security, IT, and business leaders.
–
Quick Break
–
So a Nation State Targeted Canada... Now What?
Julien Richard
This talk takes the sparse public intel about nation state attacks and turns it into practical, actionable guidance. Using real examples (e.g., Salt Typhoon attacks), the session shows how to extract useful indicators, map them to observable behavior, hunt and harden environments, find quality free intelligence, and build a repeatable routine to follow when new advisories are published. If you've read a bulletin and wondered "now what?" this session gives clear, practical next steps.
–
Networking Break
–
This Joint Will Fail Under Load: Lessons in Secure Design from the Woodshop
Evan Lowry
Using woodworking metaphors, this talk surfaces recurring design patterns in security. Explore why a well-designed joint is stronger than simply adding fasteners, how "reading the grain" maps to spotting hidden stresses in systems, and how these mental models help you move beyond checklists to solid intuition for secure system design. Not a how-to — a conceptual strengthening exercise.
–
Closing Remarks & Networking
Directors
Brad Call
Brad is a seasoned Security Professional with over 15 years of experience working in the information security industry. He has been an active member of various IT & security communities over the decades and loves talking shop with his peers. When not working (is there such a thing as that in security?), Brad enjoys spending time with his family and kicking A$ as a Black Belt Brazilian Jiu-Jitsu practitioner and instructor.
Jeff Hann
Jeff has over six years of experience in Information Security as an Application Security Engineer. He is the Engineering Lead of a Security Engagement program for a Fortune 1000 medical device manufacturer. Before entering security, Jeff worked as a developer for a decade.
Mary MacDonald
I am currently with the Province of Nova Scotia as an IT Procurement Specialist within the Cyber Security & Digital Solutions team. I have graduated from NSCC I.T. Campus specializing in the Database Administration (DBA) Stream in June 2018. My passion lies in Cyber Security, Configuration and in Database Development using Oracle and MySQL Programming and Database Management Systems (DBMS). I am married and live in the Halifax Regional Municipality.
Meaghan Shubaly
Meaghan has been working in Halifax for many years at various software companies but got into the security space a few years ago and has since become an avid security champion!
Mark Leblanc
Haligonian infosec nerd - let's talk DevSecOps, AppSec, bug bounties, CTFs, and anything Apple.Previously an IT student at NSCC.
Slinging fancy cocktails in what seems like another lifetime ago.
