9:30am - 1.30pm SGT
Day 1 - 2 November
.jpg)
10:32 SGT
KEYNOTE PANEL: Forging comprehensive cyber protection with diligent third party information security strategies
Regardless of the number of defences raised around your data, one of the highest security risks involves high-level access of data with third-party vendors. Breaches can occur at any point in a business relationship or supply chain, so a comprehensive vendor information management system is critical to have in any industry and organisation. This discussion will focus on what CISOs can do to ensure business-as-usual, yet vigilantly guard information systems from breaches.
- Vendor security shortcomings identification and detection: knowing the security levels of your vendor’s information and access systems
- Proactive steps and the right SOPs for continuous monitoring of vendor security controls
- Determining the level of access for a third party group
- Building long-term trust along the supply chain
Speaking:
Fuller Yu
CISO, Hospital Authority (Hong Kong)
Kawin Boonyapredee
Advisory Board, Singapore CIO Network (SCION)
Steven Sim
President, ISACA Singapore Chapter
Nicholas Lim
Principal Solutions Architect, Elastic
KEYNOTE PANEL: Forging comprehensive cyber protection with diligent third party information security strategies
November 2 | 10:32 SGT - 11:14 SGT
Regardless of the number of defences raised around your data, one of the highest security risks involves high-level access of data with third-party vendors. Breaches can occur at any point in a business relationship or supply chain, so a comprehensive vendor information management system is critical to have in any industry and organisation. This discussion will focus on what CISOs can do to ensure business-as-usual, yet vigilantly guard information systems from breaches.
- Vendor security shortcomings identification and detection: knowing the security levels of your vendor’s information and access systems
- Proactive steps and the right SOPs for continuous monitoring of vendor security controls
- Determining the level of access for a third party group
- Building long-term trust along the supply chain
11:14 SGT
Trust begins with feeling secure - The State of Digital Trust and what keeps CISO up late at night
The events of 2020 have exposed just how critical trust is for consumers and businesses alike. Forward now to 2H 2021, Organisations had to trust their employees to work from home, and consumers had to trust businesses with their information.
At Okta, we wanted to know what trust looks like in this increasingly digital world, so we worked with YouGov to survey more than 1,700 office workers across Asia, in Singapore, Hong Kong, Philippines, Malaysia and Indonesia.
Speaking:
Karunanand Menon
Senior Sales Engineer, Asia, Okta
Trust begins with feeling secure - The State of Digital Trust and what keeps CISO up late at night
November 2 | 11:14 SGT - 11:36 SGT
The events of 2020 have exposed just how critical trust is for consumers and businesses alike. Forward now to 2H 2021, Organisations had to trust their employees to work from home, and consumers had to trust businesses with their information.
At Okta, we wanted to know what trust looks like in this increasingly digital world, so we worked with YouGov to survey more than 1,700 office workers across Asia, in Singapore, Hong Kong, Philippines, Malaysia and Indonesia.
11:36 SGT
PANEL: Digital transformation in the era of WFH – a new frontier for cyber security
- Work-from-anywhere cyber security risks: preventing cyber criminals from tapping in on WFH loopholes
- Transitioning from traditional to modern cyber security practices and infrastructure
- Revamping cybersecurity programmes to meet demands in the new normal i.e. Zero Trust Architecture, enhanced cloud protection and resilience
- Managing enterprise in remote access
Speaking:
Allan Tan
Group Editor-in-Chief, CXOCIETY
Mark Tan
Head Of Information Security, Tokio Marine Insurance Group (Singapore)
Vicknaeswaran Sundararaju
Head Cybersecurity, PRefChem (PETRONAS)
Bunchhoan Vann
CISO, Dai-ichi Life Insurance (Cambodia) PLC
Jude Kannabiran
Regional Director – Asia, ThycoticCentrify
PANEL: Digital transformation in the era of WFH – a new frontier for cyber security
November 2 | 11:36 SGT - 12:01 SGT
- Work-from-anywhere cyber security risks: preventing cyber criminals from tapping in on WFH loopholes
- Transitioning from traditional to modern cyber security practices and infrastructure
- Revamping cybersecurity programmes to meet demands in the new normal i.e. Zero Trust Architecture, enhanced cloud protection and resilience
- Managing enterprise in remote access
12:01 SGT
Attack Surface Reduction - Critical for Resilience and Path to Zero Trust
In the current turbulent and dynamic digital cyber world, incidents are exponentially increasing and adversaries are highly motivated for the next stages of attack.
Two different schools of thought on defense strategy are either to ‘continuously increase defense controls and resources with changing threat landscape’ or to ‘continuously reduce attack surface to be resilient’.
Overtime the latter approach was found to be effective and sustainable at lower cost.
This approach also helps in building strong foundation for a zero trust approach, which is relevant and critical in the current boundaryless digital environment.
Speaking:
Sunil Varkey
Regional CTO APJ & EMEA, Forescout
Attack Surface Reduction - Critical for Resilience and Path to Zero Trust
November 2 | 12:01 SGT - 12:23 SGT
In the current turbulent and dynamic digital cyber world, incidents are exponentially increasing and adversaries are highly motivated for the next stages of attack.
Two different schools of thought on defense strategy are either to ‘continuously increase defense controls and resources with changing threat landscape’ or to ‘continuously reduce attack surface to be resilient’.
Overtime the latter approach was found to be effective and sustainable at lower cost.
This approach also helps in building strong foundation for a zero trust approach, which is relevant and critical in the current boundaryless digital environment.
12:23 SGT
Answering the cloud question: Successful cloud security implementation and framework creation
- Migration-to-cloud strategy and execution
- Determining the shared responsibility between vendors, cloud providers and end users
- How has cloud security been successfully implemented?
- Multicloud versus hybrid strategy – selecting the best option to meet your needs
Speaking:
Parag Deodhar
Director - Information Security, Asia Pacific, VF Corporation
Answering the cloud question: Successful cloud security implementation and framework creation
November 2 | 12:23 SGT - 12:52 SGT
- Migration-to-cloud strategy and execution
- Determining the shared responsibility between vendors, cloud providers and end users
- How has cloud security been successfully implemented?
- Multicloud versus hybrid strategy – selecting the best option to meet your needs
12:52 SGT
Instilling infosec-first attitudes organisation-wide for an end-to-end culture of security
- Selecting the right language to communicate the urgency of cyber risk to employees, vendors and the board
- Managing conflict between cyber security needs and other organisational objectives
- Creating clearly defined polices to strengthen the culture of security
- Enhancing information security awareness across the entire organisation
Speaking:
Instilling infosec-first attitudes organisation-wide for an end-to-end culture of security
November 2 | 12:52 SGT - 13:10 SGT
- Selecting the right language to communicate the urgency of cyber risk to employees, vendors and the board
- Managing conflict between cyber security needs and other organisational objectives
- Creating clearly defined polices to strengthen the culture of security
- Enhancing information security awareness across the entire organisation
Speaking:
1:10 SGT
Ethical and responsible data governance to prevent becoming an easy mark for hackers, leakers and breachers
• Data security accountability: instilling enterprise-wide governance and shared responsibilities
• Creating a cyber security-centric data governance framework
• Clearly defined outlines around data access and coordinating rules around this
Speaking:
Michael Ferguson
CTO, APAC, Netskope
Ethical and responsible data governance to prevent becoming an easy mark for hackers, leakers and breachers
November 2 | 13:10 SGT - 13:30 SGT
• Data security accountability: instilling enterprise-wide governance and shared responsibilities
• Creating a cyber security-centric data governance framework
• Clearly defined outlines around data access and coordinating rules around this
1:30 SGT
CULTURE AND DIVERSITY PANEL: Talent sourcing, team building and diversity to take security towards a modern direction
Cyber security imperatives are in a constant state of flux. One moment a certain skill set will be critical, only for the threat direction to change shortly thereafter, necessitating a new scope of expertise and strategy. This session will focus on one of the long-standing issues faced by CISOs and IT security heads, which is attracting and retaining the right security professionals through more diverse and culture-driven initiatives. Key talk points are:
- Bringing your hiring strategy in line with security objectives
- Diversity in cyber security and driving talent
- Team-building initiatives and upskilling teams: making the right decisions at the right time to bolster security defences
- Building the next generation cyber security leaders
Speaking:
Abid Adam
Group Chief Risk & Compliance Officer, Axiata
Abdulla Al Attas
Head of Cyber Security, PLUS Malaysia
Michael Henry
Chief Technology Officer, Singapore Sports Hub
Sabarinathan Sampath
Chief Strategy Officer, Wire19 (a venture of ZNet Technologies)
CULTURE AND DIVERSITY PANEL: Talent sourcing, team building and diversity to take security towards a modern direction
November 2 | 13:30 SGT - 14:07 SGT
Cyber security imperatives are in a constant state of flux. One moment a certain skill set will be critical, only for the threat direction to change shortly thereafter, necessitating a new scope of expertise and strategy. This session will focus on one of the long-standing issues faced by CISOs and IT security heads, which is attracting and retaining the right security professionals through more diverse and culture-driven initiatives. Key talk points are:
- Bringing your hiring strategy in line with security objectives
- Diversity in cyber security and driving talent
- Team-building initiatives and upskilling teams: making the right decisions at the right time to bolster security defences
- Building the next generation cyber security leaders
2:07 SGT
Operational Resiliency and Business Continuity - The ability to operate amidst adversity (cyber attack)
If the increase in Ransomware attacks, SolarWinds, and the Colonial Pipeline disruption have taught us anything, the bad guys are not backing down any time soon, and we need to operate even while under attack. The key is proper planning, practice, and post-mortems. Cyber-attacks remain focused on stealing our data and our intellectual property (IP). But, more and more, we are experiencing disruption to the underlying infrastructure - oil, gas, electricity, water - that cannot be offline while we deal with a hacker.
Real-world practitioners will cover; the threat using real-world case studies to provide five practical things you can do today that could save your organisation tomorrow. You will leave with street knowledge along with a list of real-world resources and solutions that can enable you to be better prepared to take on the adversity of a cyber attack or disaster event.
Speaking:
David Siles
Global Field CTO – Security, Rubrik
Operational Resiliency and Business Continuity - The ability to operate amidst adversity (cyber attack)
November 2 | 14:07 SGT - 14:28 SGT
If the increase in Ransomware attacks, SolarWinds, and the Colonial Pipeline disruption have taught us anything, the bad guys are not backing down any time soon, and we need to operate even while under attack. The key is proper planning, practice, and post-mortems. Cyber-attacks remain focused on stealing our data and our intellectual property (IP). But, more and more, we are experiencing disruption to the underlying infrastructure - oil, gas, electricity, water - that cannot be offline while we deal with a hacker.
Real-world practitioners will cover; the threat using real-world case studies to provide five practical things you can do today that could save your organisation tomorrow. You will leave with street knowledge along with a list of real-world resources and solutions that can enable you to be better prepared to take on the adversity of a cyber attack or disaster event.
2:28 SGT
Close of Day One
Close of Day One
November 2 | 14:28 SGT
Speaking:
Day 2 - 3 November
-1.jpg)
09:31 SGT
KEYNOTE PANEL: Threat Intelligence in ASEAN: A CISO perspective
By analysing the ASEAN threat landscape and threat intelligence, this panel aims to prepare organisations for new risks to the region and what the best counter strategies are to overcome them.
- What is the current ASEAN threat landscape risk?
- How to determine the key threat objectives to your organisation
- Sourcing and analysing relevant information and intelligence from multiple platforms
- Designing and implementing a targeted threat intelligence programme
Speaking:
Suresh Ramasamy
Chief Research Officer - Center for Advanced Computing & Telecommunications
Tan Zhon Teck
Vice President, Information Security, Bursa Malaysia
Jay P. Spreitzer
Senior Vice President, APAC Region Information Security Lead, Wells Fargo
Mel Migrino
Vice President and Group Chief Information Security Officer, Meralco Chairperson and President of Women in Security Alliance Philippines
KEYNOTE PANEL: Threat Intelligence in ASEAN: A CISO perspective
November 3 | 09:31 SGT - 10:08 SGT
By analysing the ASEAN threat landscape and threat intelligence, this panel aims to prepare organisations for new risks to the region and what the best counter strategies are to overcome them.
- What is the current ASEAN threat landscape risk?
- How to determine the key threat objectives to your organisation
- Sourcing and analysing relevant information and intelligence from multiple platforms
- Designing and implementing a targeted threat intelligence programme
10:08 SGT
Securing your software supply chain: How to leverage software and drive innovation, securely
Nearly every organisation today relies on software to operate. This software is a product of a complicated, interconnected supply chain in which organisations may not have visibility of the vulnerabilities. Yet, the consequences of successful cyber attacks through the supply chain can be severe.
In this session Ken Mizota, Director, Platform at Rapid7, will cover why you should be focusing on your software sources and how to prevent, detect and respond to incidents in your supply chain.
Speaking:
Ken Mizota
Regional CTO, APAC, Rapid7
Securing your software supply chain: How to leverage software and drive innovation, securely
November 3 | 10:08 SGT - 10:24 SGT
Nearly every organisation today relies on software to operate. This software is a product of a complicated, interconnected supply chain in which organisations may not have visibility of the vulnerabilities. Yet, the consequences of successful cyber attacks through the supply chain can be severe.
In this session Ken Mizota, Director, Platform at Rapid7, will cover why you should be focusing on your software sources and how to prevent, detect and respond to incidents in your supply chain.
10:24 SGT
PANEL: How secure are you? Cyber security risk management in this day and age
-
How can you accurately measure cyber risk to determine if it is adequately managed?
-
Engaging the board: having the right conversation with the right language
-
Risk conversion at a CISO level
-
Taking your threat detection strategy to new heights: Detection best practices and solutions
-
Cyber risk management through modern security architecture
Speaking:
Ramesh Narayanaswamy
Chief Technology Officer, Aditya Birla Capital
Lim Thian Chin
Director (CII Division), Cyber Security Agency of Singapore
Joey Fontiveros
Commanding Officer at Cyber Battalion, ASR, Philippine Army
Sahir Hidayatullah
VP - Active Defense, Zscaler
Suresh Ramasamy
Chief Research Officer - Center for Advanced Computing & Telecommunications
PANEL: How secure are you? Cyber security risk management in this day and age
November 3 | 10:24 SGT - 10:59 SGT
-
How can you accurately measure cyber risk to determine if it is adequately managed?
-
Engaging the board: having the right conversation with the right language
-
Risk conversion at a CISO level
-
Taking your threat detection strategy to new heights: Detection best practices and solutions
-
Cyber risk management through modern security architecture
10:59 SGT
Defining an XDR strategy: What does it mean for your organisation?
XDR (extended detection and response) is the hot new buzzword in the security industry but so far there isn't a lot of agreement on what defines XDR. The goal makes sense. Extend your detection capabilities across your hybrid network to catch advanced threats like zero days, supply chain attacks, and insider threats, and respond quickly before damage can be done.
Join us as we explore the pros and cons of XDR such as, is it realistic that one vendor can offer you all the tools you need for detection and response or will you need to create a strategy to achieve your own extended detection and response ecosystem.
Attendees will walk away with a better understanding of:
• How to define what XDR means for your organisation
• How to create your own XDR strategy
• Why network data is an essential building block for any XDR ecosystem
Speaking:
Daniel Chu
APJ Systems Engineering Vice President, ExtraHop Networks
Defining an XDR strategy: What does it mean for your organisation?
November 3 | 10:59 SGT - 11:24 SGT
XDR (extended detection and response) is the hot new buzzword in the security industry but so far there isn't a lot of agreement on what defines XDR. The goal makes sense. Extend your detection capabilities across your hybrid network to catch advanced threats like zero days, supply chain attacks, and insider threats, and respond quickly before damage can be done.
Join us as we explore the pros and cons of XDR such as, is it realistic that one vendor can offer you all the tools you need for detection and response or will you need to create a strategy to achieve your own extended detection and response ecosystem.
Attendees will walk away with a better understanding of:
• How to define what XDR means for your organisation
• How to create your own XDR strategy
• Why network data is an essential building block for any XDR ecosystem
11:24 SGT
PANEL: Emerging technologies and threat risk potential to cyber security – just hype or a real concern?
This panel will deliberate how newer and innovative technologies are changing the cybersecurity landscape. Some technologies are new, while others have been around for a while, but all of them could play a significant role in altering an organisation’s infosec protection and defences – for better or for worse.
Tech-of-the-town: Some of the key technologies to discuss are blockchain, IoT, AI governance, machine learning, OT, quantum computing and 5G.
- An overview of the latest technologies and platforms that have potential to impact cybersecurity
- Assessing the threat and risk profile of the different technologies
- What are the future cybersecurity trends that will alter the threat landscape
Speaking:
Neha Malhotra
Attack Surface Management, Credit Suisse Singapore
Chris Fisher
Director of Security Engineering, APJ, Vectra AI
Lim May-Ann
Executive Director, Asia Cloud Computing Association (ACCA)
PANEL: Emerging technologies and threat risk potential to cyber security – just hype or a real concern?
November 3 | 11:24 SGT - 12:01 SGT
This panel will deliberate how newer and innovative technologies are changing the cybersecurity landscape. Some technologies are new, while others have been around for a while, but all of them could play a significant role in altering an organisation’s infosec protection and defences – for better or for worse.
Tech-of-the-town: Some of the key technologies to discuss are blockchain, IoT, AI governance, machine learning, OT, quantum computing and 5G.
- An overview of the latest technologies and platforms that have potential to impact cybersecurity
- Assessing the threat and risk profile of the different technologies
- What are the future cybersecurity trends that will alter the threat landscape
12:01 SGT
Leveraging the Zero Trust Model to strengthen your cyber armour
- Applying Zero Trust across the entire digital function – where do you start and where do you end?
- Grow and sustain a Zero Trust environment – thinking Zero Trust across the board
- Integrating legacy systems and the Zero Trust Architecture: hurdles and successes
Speaking:
Krishna Kasi
Vice President, IT Audit, BNP Paribas
Leveraging the Zero Trust Model to strengthen your cyber armour
November 3 | 12:01 SGT - 12:26 SGT
- Applying Zero Trust across the entire digital function – where do you start and where do you end?
- Grow and sustain a Zero Trust environment – thinking Zero Trust across the board
- Integrating legacy systems and the Zero Trust Architecture: hurdles and successes
12:26 SGT
Open Source - Your Invisible Software Supply Chain
In the last year, several high-profile attacks successfully compromised the software supply chains of organisations across the globe. And while the surrounding discussion has focused on commercial software vendors, these form only the tip of the iceberg. The average application code-bases consist of almost 300 open source components making up to 90% of the final application. Open source is the invisible supply chain behind the global digital transformation - but it poses security and legal risks that most organizations are unaware of.
Join us as we explore the complexity of open-source and related risks in your software supply chain, as well best practices for how to manage them.
Join us as we explore the complexity of open-source and related risks in your software supply chain, as well best practices for how to manage them.
Speaking:
Liu Yang
Co-founder, Scantist
Open Source - Your Invisible Software Supply Chain
November 3 | 12:26 SGT - 12:38 SGT
In the last year, several high-profile attacks successfully compromised the software supply chains of organisations across the globe. And while the surrounding discussion has focused on commercial software vendors, these form only the tip of the iceberg. The average application code-bases consist of almost 300 open source components making up to 90% of the final application. Open source is the invisible supply chain behind the global digital transformation - but it poses security and legal risks that most organizations are unaware of.
Join us as we explore the complexity of open-source and related risks in your software supply chain, as well best practices for how to manage them.
Join us as we explore the complexity of open-source and related risks in your software supply chain, as well best practices for how to manage them.
12:38 SGT
EXCLUSIVE INTERVIEW: Black hat gone white – insights into how the hackers think
During this session, delegates will get to hear the backstory directly from a former black hat. They will talk about their strategy and how they successfully hacked into a major corporation or extensive database. In this exclusive, get the low down on how to outsmart cyber attackers with the inside knowledge of a former hacker.
Speaking:
Hieu Ngo
Former hacker and cybercriminal - now Cybersecurity Specialist, National Cyber Security Center of Vietnam Co-founder, ChongLuaDao.Vn
Kunal Sehgal
Former Managing Director, Global Resilience Federation, APAC
EXCLUSIVE INTERVIEW: Black hat gone white – insights into how the hackers think
November 3 | 12:38 SGT - 13:11 SGT
During this session, delegates will get to hear the backstory directly from a former black hat. They will talk about their strategy and how they successfully hacked into a major corporation or extensive database. In this exclusive, get the low down on how to outsmart cyber attackers with the inside knowledge of a former hacker.
1:11 SGT
Close of CISO Online ASEAN 2020
Close of CISO Online ASEAN 2020
November 3 | 13:11 SGT