SecTor 2025 | Grand Finale: Cutting Through the Cyber Noise

The SecTor 2025 Grand Finale panel wrapped up the conference by reflecting on the dominant themes that emerged over the past two days. Speakers from Quick Intelligence, Ontario’s government, and Citizen Lab highlighted how AI has become the headline topic, yet classic cyber‑risk vectors—identity theft, ransomware, and unpatched software—remain ever‑present. Key insights included the pervasiveness of AI‑driven hype, the ongoing challenges of identity and access management, and the discovery of tens of thousands of outdated government subdomains that expand the attack surface. Attendees also heard about persistent Outlook zero‑click exploits, the rise of AI‑generated deepfake resumes used for nation‑state job fraud, and the privacy implications of dashcam data. Notable moments featured Dave Mellor dismissing “sovereignty” as a buzzword, Ophy Elwazirchan praising Citizen Lab’s surveillance research, and a vivid anecdote where an AI‑engineer fabricated pen‑test findings to deceive interviewers. The panel also underscored the difficulty of asset management, with speakers noting 60,000 federal subdomains and shadow‑IT servers lingering unnoticed. The takeaway for security leaders is clear: while AI tools can accelerate detection and response, they must not distract from foundational practices. Robust asset inventories, zero‑trust architectures, and rigorous identity verification—especially in hiring—are essential to mitigate both emerging AI‑enabled threats and long‑standing vulnerabilities.