ismg.events
Open in
urlscan Pro
174.143.130.103
Public Scan
Submitted URL: http://links.ismgcorp.com/MDUxLVpYSS0yMzcAAAGDgaqOF4YNUGtHNmuvC9YoD8rACcDkMp4pck3qdLEEUYAm4Yyf1dwb65M23JnFz6OCK6FRvs4=
Effective URL: https://ismg.events/summit/south-east-asia-cybersecurity-summit-2022?mkt_tok=MDUxLVpYSS0yMzcAAAGDgaqOF8V1XNFib7yEA5U...
Submission: On April 01 via api from SG — Scanned from DE
Effective URL: https://ismg.events/summit/south-east-asia-cybersecurity-summit-2022?mkt_tok=MDUxLVpYSS0yMzcAAAGDgaqOF8V1XNFib7yEA5U...
Submission: On April 01 via api from SG — Scanned from DE
Form analysis
0 forms found in the DOMText Content
* Summits * Roundtables * Faculty * About * Contact Us * South East Asia Summit Virtual Summit April 12 - 13, 2022 * Overview * Speakers * Agenda * Sponsors The South East Asia region is poised for digital transformation across enterprises; it has become an easy and prime target for cyberattacks. According to a recent report, the region's digital economy can add $1 trillion to GDP over the next ten years. Security leaders say the area has become hotbeds for cyber threats due to unsecured infrastructure and smart nation hub with growing growth inter-connectedness. We observe several new initiatives in the payments and fintech industry as organizations increase in scale. The significant challenge CISOs witness is the lack of cyber readiness in building a cyber-resilient enterprise, given the shortage of skills and resources and extreme dependencies on third-party vendors. The region witnessed a rise in ransomware, phishing, BEC scams, and multifaceted extortion. The government of Singapore, Malaysia, the Philippines, and others are putting their best foot forward to build a comprehensive program for enterprises to deal with such challenges. Attend our summit to gain insights from the global and regional cybersecurity thought leaders on the critical aspects of IoT security, mobile device security, ransomware defenses, third-party supply chain risks, cloud, XDR, cryptocurrency, bitcoin, blockchain, threat intelligence, and more. ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers. Dr Haji Amirudin Abdul Wahab CyberSecurity Malaysia CEO Dr Wahab is currently the chief executive officer of cybersecurity Malaysia, a strategic agency under the Ministry of Science, Technology, and Innovation (MOSTI). He has more than 20 years of ICT working experience in the telecom and IT sectors in... Geetha Nandikotkur Managing Editor & Conference Chair, Asia & Middle East ISMG Col Joey Fontiveros Commanding Officer Cyber Battalion, ASR, Philippine Army Soumo Mukherjee Head of Security Architecture-Cybersecurity Petronas Mukherjee is the head of security architecture for cybersecurity at Petronas. He is responsible for end-user security, identity and access management, cloud security, and Microsoft 365. During his long career in information technology services, he has been a transformation leader,... Parag Deodhar Director - Information Security, APAC VF Corporation Deodhar is the director of cyber security & risk management for APAC at VF Corp and is based in Hong Kong. He has more than 20 years’ experience in enterprise risk management, specializing in operational risk, cyber security and fraud... Shane Read CISO Hex Trust Read is the CISO at Hex Trust. He is an accomplished information security executive and CISO with more than 20 years of international experience in the public and private sectors and a track record of effectively developing InfoSec maturity, managing... Phannarith Ou Director of ICT Security Ministry of Post & Communications, Combodia Nikolaos Thymianis CISO Caresocius Thymianis is the CISO at Caresocius in Greece. He is working in risk management initiatives for Pfizer. His previous work made him associate with people in the healthcare industry, while doing cybersecurity assurance and maturity assessments for organizations in the... Advisory Board Mario Demarillas CISO and Head of Software Engineering Exceture Demarillas is a member of the board of directors, CISO and head of IT consulting and software engineering at Exceture Inc., based in Manila, Philippines. He has over 20 years of professional experience in information systems and internal audit, fraud... Suparna Goswami Associate Editor ISMG Edmund Situmorang Managing Director and CTO Tech Connect Innovation Centre, Sinarmas Mining-Indonesia Situmorang is managing director and CTO of TechConnect Academy & PRODIGI (Sinarmas Group). He has worked in the U.S. for 11 years as a programmer and strategist, and enthusiastic about technology especially in the field of artificial intelligence. Romanus Prabhu Raymond Global head of technical support for endpoint management & security ManageEngine, a division of Zoho Corp Raymond is global head for technical support for endpoint management & security at ManageEngine, a division of Zoho Corp. With more than 18 years of experience spanning from the legacy client management to modern endpoint management and security solution domains,... Emil Tan Chief Operating Officer Red Alpha Cybersecurity Tan is the COO of Red Alpha Cybersecurity – a cybersecurity talent development company. He is also the Southeast Asia Regional Advocate for CREST. He has been in the cybersecurity industry for more than 10 years and has experience in... Kunal Sehgal Former Managing Director GRF, OT-ISAC Sehgal is the former managing director at GRF. He has been a cyber-evangelist for more than 15 years and is an untiring advocate of cyber threat intelligence sharing. He encourages the cyber-defenders to work together, by maintaining a strong level... Scott Flower Flower is global intelligence offier, Asia Pacific, at FS-ISAC. He has been based in Singapore over the last decade and his most recent role was leading the Asia Pacific largest cyber threat fusion analysis cell protecting the global financial sector.... Wilbertus Darmadi CIO Toyota Astra Darmadi is CIO of Toyota Astra Motor. He has more than 26 years of experience as IT professional especially in automotive industry. He has worked with multinational stakeholders, team and partners and has helped companies to boost business performance using... Advisory Board Venkatesh Subramaniam Global CISO & Privacy Head Olam International Subramanian is the global CISO and privacy head at Olam International where he is responsible for all aspects of the security and privacy program spanning over 70 countries. He has more than 27 years of experience in information security and... Brendan Laws Director. Solutions Architecture Asia Pacific & Japan Rapid7 Laws is director, solutions architecture, Asia Pacific & Japan, at Rapid7. He helps people understand challenges, define goals and mature cyber capabilities; whilst accommodating their teams’ abilities and leveraging the diverse array of technologies and your business strategy. Mel Migrino Vice President and Group CISO Meralco Migriño is the vice president and group CISO of Meralco, the largest power distribution conglomerate in the Philippines. She has more than 15 years of combined experience in cyber governance, application and infrastructure security, operational technology security, business continuity, privacy,... George Do CISO Gojek Do is chief information security officer at Gojek. He has been working in the cybersecurity field for more than 25 years concentrating on the development of cybersecurity programs. He specializes in the transformation of security programs, winning customer trust, and... James Fong Director Risk and Security Solutions – Asia ServiceNow Fong is director risk and security solutions, Asia at ServiceNow. As a solution leader, he provides leadership and coaching abilities for the team to attain set goals and targeted development to drive net new logos and drive incremental business across... Jayaraj Puthanveedu MD-Cyber and Tech. Risk, Global Head - Operational Resilience BNP Paribas Group Vaibhav Khandelwal Regional Head of Security and Fraud, ASEAN & India F5 Khandelwal works at the intersection of banking and technology. At F5, he looks after business growth for ASEAN and the South Asia region. He previously held roles in cybersecurity, digital banking transformation, fraud prevention and risk management. Conference Chair and Co-Chair Ismamuradi Abdul Kadir Acting CISO-Risk Management Division Bank Muamalat Malaysia Berhad View Agenda Welcome to ISMG's South East Asia Summit The summit's objective is to provide education and exclusive networking opportunities for the participants with peers and subject matter experts. The program has been carefully designed with the support and guidance of the 'editorial advisory board,' including senior thought leaders from the ASEAN region, to capture the regional security challenges that resonate with their current concerns. The Southeast Asia editorial advisory board includes: Conference Chair: TS Aishah Mohammed, Head of Cyber Coordination and Command Centre, National Cybersecurity Agency (Malaysia) Conference Co-Chair: Venkatesh Subramaniam, Global Chief Information Security Officer & Privacy Head, Olam International Advisory Board: Mel Migrino, Vice President and Group CISO, Meralco; Phoram Mehta, CISO – APAC, PayPal; Mario Demarillas, CISO and Head of IT Consulting & Software Engineering, Exceture; Soumo Mukherjee, Head of Cybersecurity Architecture, Petronas; Dr Amirudin Abdul Wahab, CEO, CyberSecurity Malaysia; Guy Sheppard, Head of APAC Financial Crime and Compliance, SWIFT; Kunal Sehgal, Former Managing Director, GRF; Shane Read, Chief Information Security Officer - Managing Director, Hex Trust; Parag Deodhar, Director - Information Security, APAC, VF Corporation * 09:00 AM * 09:14 AM Keynote: Building Cyber Defense Capabilities in Wartime: Role of CISOs Col Joey Fontiveros, Commanding Officer, Cyber Battalion, ASR, Philippine Army The South East Asia region is poised for digital transformation across enterprises; it has become an easy and prime target for cyberattacks. It’s no longer a matter of if, but when you’re going to be the victim of a cyberattack. Are you prepared? It’s no longer a theory about protecting your critical infrastructure. It’s a different world today, post-Solarwinds, Colonial Pipeline, Log4J, and Ukraine, and it requires a different cybersecurity strategy to fight hybrid warfare. Various regional governments have tightened their cyber defenses as attacks surge and to protect digital domains. Do you think yesterday’s cyber strategy will hold well for 2022? What needs to change in how CISOs conduct business and secure digital assets from ever-evolving, ever-automating cyber adversaries? The session will discuss: * New cyber defenses required to fight evolving threats * How much does automation help in enhancing your security posture? * CISO’s role in a war zone * 09:15 AM * 09:44 PM Plenary: Industry 4.0: Protecting Your Data in the Era of Digital Transformation Dr Haji Amirudin Abdul Wahab, CyberSecurity Malaysia, CEO With the dawn of the fourth industrial revolution ((industry 4.0), organizations have put their digital transformation at the top of their agenda. While the digital transformation will enhance competitiveness and bring agility and optimal decision-making capabilities, it brings cybersecurity risks and innovation. It is indeed driving automation, accelerating the adoption of IIoT, which is expected to contribute most of IoT’s business value potential. The plenary session discusses: * Getting ready for Industry 4.0: Sizing up the security risks * Understanding the weakest link * Protecting your data and securing the endpoints * 09:45 AM * 10:14 AM Building Threat & Risk Management Programs for Digital Transformation Brendan Laws, Director. Solutions Architecture Asia Pacific & Japan, Rapid7 We have been hearing about digital transformation for some time. Your business could be looking to reduce cost or thinking about agility and swiftly bringing your services to market. Many of us are on a similar journey! New terms, new architectures, confusing statements, and more security technologies are afoot. And, of course, we have to confront our capacity to deliver on these technologies whilst ensuring information remains secure as best as we can. Brendan will explain how teams can determine risk, build secure applications, monitor threats and evolve to automated remediation on any workload or asset, whether on-premise, hybrid or cloud-centric. * 10:15 AM * 10:29 AM * 10:30 AM * 10:59 AM TrackA Updating Your Cybersecurity Strategy in the New World It’s no longer a matter of if, but when you’re going to be the victim of a cyberattack. Are you prepared? It’s no longer a theory about protecting your critical infrastructure. It’s a different world today, post-Solarwinds, Colonial Pipeline, Log4J, and Ukraine, and it requires a different cybersecurity strategy to fight hybrid warfare. Do you think yesterday’s cyber strategy will hold well for 2022? What needs to change in how CISOs conduct business and secure digital assets from ever-evolving, ever-automating cyber adversaries? The session will discuss: * New cyber defenses required to fight evolving threats * How much does automation help in enhancing your security posture? * CISO’s role in a war zone * 10:30 AM * 10:59 AM TrackB Securing your Endpoints in the Era of Digital Transformation Romanus Prabhu Raymond, Global head of technical support for endpoint management & security , ManageEngine, a division of Zoho Corp The challenge for CISOs in their digital transformation journey is to understand the right technologies required for their business and how do you secure those endpoints that are going to expand. The question would arise on what you need to focus on endpoint security that could protect all access points which are vulnerable to cyber criminals to breach your network. The session will discuss: * Endpoint security for 2022 – How do you need to predict and protect * Knowing what’s connected to your network, despite ever expanding endpoints * Establishing sustainable security with the growth in endpoints for detection and response. * 11:00 AM * 11:29 AM TrackA Risk-Based Discussion: Are you Aligned with the Board? Jayaraj Puthanveedu, MD-Cyber and Tech. Risk, Global Head - Operational Resilience, BNP Paribas Group Building relationships with business unit leaders and driving a practical risk-based discussion with the board is critical in making informed risk decisions. The daunting task for CISOs is the uncertainty around the reporting of significant risks, including just what represents a 'significant' risk, which challenges many organizations today. Can you question the management and boards regarding how strategy affects risk and vice versa and their best approach to risk and discuss risk management in a meaningful and productive way? The session will discuss: * Criteria for integrating risk information into decision making * Educating and evaluating of board members to measure strategic decisions on a risk parameter * Use case scenario to understand risk appetite and value at risk * 11:00 AM * 11:29 AM TrackB Two-Way Street: A Cybersecurity Debate between CTO vs. CISO-Where is the Disagreement? Mario Demarillas, CISO and Head of Software Engineering, Exceture Edmund Situmorang, Managing Director and CTO, Tech Connect Innovation Centre, Sinarmas Mining-Indonesia Almost all CISOs across regions have a single most significant challenge of getting the necessary funding to support their cybersecurity programs. Are security leaders creating value for business and part of technology innovation? Is the CTO function aligned with security in driving innovation? Meeting the Expectations. Where is the Disconnect? The session discusses how to get a CTO and the CISO on a common goal to facilitate the continued success of their organization. Where is the disconnect? * 11:45 AM * 12:14 PM TrackA Are you Cloud Ready? A CISO’s Manifestations Wilbertus Darmadi, CIO, Toyota Astra Organization believe that cloud computing brings a whole new level of autonomy and functionality of organization, besides enhancing performance, agility, productivity and scalability. The pandemic has created the urgency for enterprises to move to cloud and enterprises are in a race to adopt the ‘cloud-first’ strategy to optimize the IT spend and secure their hybrid work environment. CISO are tasked with building a cloud-first security strategy and mitigating risks arising with this. The session will discuss: * Cloud migration and its bottle necks * A holistic approach to cloud security and compliance * Governance and risk * 11:45 AM * 12:14 PM TrackB Assessing the Effectiveness of Your Cyber Threat Intelligence Program: Building a Business Case Scott Flower, , The region has witnessed the most prominent organizations hitting the headlines. It is beyond doubt that organizations have a huge staff and a myriad of cybersecurity tools to secure their environment; yet, they were still breached. The current approach is insufficient, and the deployed technologies don’t provide the necessary intel to detect the blind spots. It is imperative to assess the effectiveness of the cyber threat intelligence program, and building a business case is essential in driving actionable threat intelligence. * Understanding what cyber threat intelligence gives to an organization * Reasons for taking a risk-based approach * Using technologies and integration to drive actionable threat intelligence * 12:15 PM * 12:44 PM General Session Lessons from the SolarWinds Hack: A CISOs Response The popular SolarWinds hack, the supply chain attack that implanted a backdoor in the Orion network monitoring software pushed to 18,000 of the firm's customers, is considered to be potentially the most significant intrusion in our history. The campaign's full scale, including all of the tactics, techniques and procedures being used by attackers remaining unknown, has left most enterprises across the regions in a state of shock. What are the lessons the CISOs need to learn from this attack? Do you have a process to evaluate your vendor's security policies and frameworks? The panel will discuss: * How should the risk framework of supply chain vendors evolve; * The risks posed by different kinds of vendors; * Defining security by design approach while evaluating the third-party products. * 12:15 PM * 12:44 PM TrackA Lessons from Log4j's Zero-Day Vulnerability: A Practitioner’s Defense Techniques For many security teams, it's been all hands-on deck since the Apache Log4j zero-day vulnerability recently came to light. The vulnerability, CVE-2021-44228, is part of the open-source Log4j 2 software library. Its component, used for logging events, is part of tens of thousands of deployed applications and cloud-based services affecting organizations across geographies. Experts say that the security threat posed by the bug is "about as serious as it gets," and organizations are now racing to try and identify their risks and exposure levels. The session will discuss: * The modus operandi of such vulnerabilities * Lessons for CISOs from this incident * Cybersecurity response and risk mitigation techniques * 01:00 PM * 01:29 PM TrackA Ongoing Hybrid Warfare: Are You a Target for DDoS Attacks? Nikolaos Thymianis, CISO, Caresocius As Russia and Ukraine invasions are making the headlines, organizations across the globe are facing a series of DDoS attacks. Besides, new forms of malware intrusions are surfacing that can destroy infected machines. How are organizations in the South East Asian regions responding to DDoS attacks? How vulnerable are financial institutions to DDoS attacks? The session will discuss: * How to strengthen your defenses against DDoS? * Managing your risk exposure * Attribution to the DDoS attacks * 01:00 PM * 01:29 PM TrackB Can the Zero Trust Security Approach Mitigate your Threat Challenges Soumo Mukherjee, Head of Security Architecture-Cybersecurity, Petronas Where does the journey to ‘zero trust’ begin and what are the common entry points and how can it unfold. Experts agree that ‘zero trust’ is based on the premise, ‘assume breach’, and treat every asset as breached, and all traffic as hostile. The plenary session will discuss how the way we approach security has changed dramatically as security perimeters have dissolved and assess the maturity of ‘zero trust’ state with a realistic look at security and its dependencies with other functions in securing the future work environment. * 01:30 PM * 01:59 PM General Session You Have Been Breached: Is Your Incidence Response Strategy Top Notch? George Do, CISO, Gojek Emil Tan, Chief Operating Officer, Red Alpha Cybersecurity James Fong , Director Risk and Security Solutions – Asia, ServiceNow The year 2021 stands as testimony to the large ransomware attacks witnessed globally. The South East Asia is not an exception. The Southeast Asian region will see a spike in multifaceted extortion with more public breaches, along with an increase in ransomware-as-a-service operations in 2022. the increase will be driven by "the incredible increase in cryptocurrency value and the difficulty in attributing the arrest of people associated with a specific cyber campaign, experts say. What needs to change as CISOs experience increasing hacking burnout in preventing such malware intrusions? Can they operationalize technology in their prevention and incidence response mechanism to address ransomware issues? The panel will discuss: * Building an effective incidence response and investigation mechanism * How do deal with the recovery response process in the event of an attack * Taking a tactical and strategic approach to battling ransomware and protecting backups * 01:30 PM * 01:59 PM TrackB Cyber Insurance: Response to Rising Ransomware Attacks The cyber insurance industry has been challenged by the rising costs of cyber-crime. The element of unpredictability of the cyber-crime world does not work well for the industry. New coverage and rising renewal rates are a major concern. Premiums are rising by 10 to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransomware demand exacerbate the problem of ransomware and cause more attacks. Moreover, cyber insurance companies are targets themselves. The question on everyone's mind is 'to what extent is cyber insurance fueling ransomware attacks'? The session will also discuss: * Will ransomware ultimately lead to the fall cyber insurance companies? * How cyber insurance industry must approach the problem of ransomware? * Ways to address skill shortage in the industry * 02:00 PM * 02:29 PM TrackA OT Security: Bridging the Silos Mel Migrino, Vice President and Group CISO, Meralco Most OT systems are designed with very little consideration for security. With increased cyber risk in this new digital transformation era, any approach to bridge the IT and OT divide is mission-critical for enterprise security. As a CISO, can you reduce risk, security, and risk management functions silos to bridge the security gaps? Can you deploy the suitable asset inventory methods and map the IT/OT risks? This session will discuss: * Building complete visibility and monitoring of your IT and OT assets with the right access control * Integrating OT threat monitoring into SoC for threat detection * Essential steps to establish OT security * 02:00 PM * 02:29 PM TrackB Are You SoC 2 Compliant? Assessing the Third-Party Risks Shane Read, CISO, Hex Trust With the risks from third-parties escalating at a fast pace, enterprises across Southeast Asia are leaning towards SoC2, (Systems and Organization Controls) an audit procedure that ensures services providers securely manage their data and establish privacy and controls. How should CISOs comply with this standard as organizations move to the cloud and take up the digital transformation journey. The session will discuss: * Why is SoC 2 important and how to integrate it with your ISO standard framework * Establishing third party security using SoC 2 * Essential steps for CISOs in complying with the standard Panel Discussion : Impact of the Hybrid Cyber Warfare on the Supply Chain: Sizing Up the Security Risks Parag Deodhar, Director - Information Security, APAC, VF Corporation Venkatesh Subramaniam, Global CISO & Privacy Head, Olam International Kunal Sehgal, Former Managing Director, GRF, OT-ISAC We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider that cannot be ruled out as it is a significant intrusion of the entire ecosystem. The supply chain attacks ushers in the risk: supplier vulnerabilities which the common cause of compromise. Keeping a watchful eye on suppliers' security status – always knowing the risks they bring in – is an essential part of building resilience and response. The session will discuss: * Impact of the on-going hybrid cyber warfare on the supply chain across enterprises * How to measure the risks and respond to supply chain attacks? * Security by design approach to secure software applications and evaluating the suppliers’ products * 02:30 PM * 02:59 PM OVERVIEW The South East Asia region is poised for digital transformation across enterprises; it has become an easy and prime target for cyberattacks. According to a recent report, the region's digital economy can add $1 trillion to GDP over the next ten years. Security leaders say the area has become hotbeds for cyber threats due to unsecured infrastructure and smart nation hub with growing growth inter-connectedness. We observe several new initiatives in the payments and fintech industry as organizations increase in scale. The significant challenge CISOs witness is the lack of cyber readiness in building a cyber-resilient enterprise, given the shortage of skills and resources and extreme dependencies on third-party vendors. The region witnessed a rise in ransomware, phishing, BEC scams, and multifaceted extortion. The government of Singapore, Malaysia, the Philippines, and others are putting their best foot forward to build a comprehensive program for enterprises to deal with such challenges. Attend our summit to gain insights from the global and regional cybersecurity thought leaders on the critical aspects of IoT security, mobile device security, ransomware defenses, third-party supply chain risks, cloud, XDR, cryptocurrency, bitcoin, blockchain, threat intelligence, and more. ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers. SPEAKERS Dr Haji Amirudin Abdul Wahab CyberSecurity Malaysia CEO Dr Wahab is currently the chief executive officer of cybersecurity Malaysia, a strategic agency under the Ministry of Science, Technology, and Innovation (MOSTI). He has more than 20 years of ICT working experience in the telecom and IT sectors in... Geetha Nandikotkur Managing Editor & Conference Chair, Asia & Middle East ISMG Col Joey Fontiveros Commanding Officer Cyber Battalion, ASR, Philippine Army Soumo Mukherjee Head of Security Architecture-Cybersecurity Petronas Mukherjee is the head of security architecture for cybersecurity at Petronas. He is responsible for end-user security, identity and access management, cloud security, and Microsoft 365. During his long career in information technology services, he has been a transformation leader,... Parag Deodhar Director - Information Security, APAC VF Corporation Deodhar is the director of cyber security & risk management for APAC at VF Corp and is based in Hong Kong. He has more than 20 years’ experience in enterprise risk management, specializing in operational risk, cyber security and fraud... Shane Read CISO Hex Trust Read is the CISO at Hex Trust. He is an accomplished information security executive and CISO with more than 20 years of international experience in the public and private sectors and a track record of effectively developing InfoSec maturity, managing... Phannarith Ou Director of ICT Security Ministry of Post & Communications, Combodia Nikolaos Thymianis CISO Caresocius Thymianis is the CISO at Caresocius in Greece. He is working in risk management initiatives for Pfizer. His previous work made him associate with people in the healthcare industry, while doing cybersecurity assurance and maturity assessments for organizations in the... Advisory Board Mario Demarillas CISO and Head of Software Engineering Exceture Demarillas is a member of the board of directors, CISO and head of IT consulting and software engineering at Exceture Inc., based in Manila, Philippines. He has over 20 years of professional experience in information systems and internal audit, fraud... Suparna Goswami Associate Editor ISMG Edmund Situmorang Managing Director and CTO Tech Connect Innovation Centre, Sinarmas Mining-Indonesia Situmorang is managing director and CTO of TechConnect Academy & PRODIGI (Sinarmas Group). He has worked in the U.S. for 11 years as a programmer and strategist, and enthusiastic about technology especially in the field of artificial intelligence. Romanus Prabhu Raymond Global head of technical support for endpoint management & security ManageEngine, a division of Zoho Corp Raymond is global head for technical support for endpoint management & security at ManageEngine, a division of Zoho Corp. With more than 18 years of experience spanning from the legacy client management to modern endpoint management and security solution domains,... Emil Tan Chief Operating Officer Red Alpha Cybersecurity Tan is the COO of Red Alpha Cybersecurity – a cybersecurity talent development company. He is also the Southeast Asia Regional Advocate for CREST. He has been in the cybersecurity industry for more than 10 years and has experience in... Kunal Sehgal Former Managing Director GRF, OT-ISAC Sehgal is the former managing director at GRF. He has been a cyber-evangelist for more than 15 years and is an untiring advocate of cyber threat intelligence sharing. He encourages the cyber-defenders to work together, by maintaining a strong level... Scott Flower Flower is global intelligence offier, Asia Pacific, at FS-ISAC. He has been based in Singapore over the last decade and his most recent role was leading the Asia Pacific largest cyber threat fusion analysis cell protecting the global financial sector.... Wilbertus Darmadi CIO Toyota Astra Darmadi is CIO of Toyota Astra Motor. He has more than 26 years of experience as IT professional especially in automotive industry. He has worked with multinational stakeholders, team and partners and has helped companies to boost business performance using... Advisory Board Venkatesh Subramaniam Global CISO & Privacy Head Olam International Subramanian is the global CISO and privacy head at Olam International where he is responsible for all aspects of the security and privacy program spanning over 70 countries. He has more than 27 years of experience in information security and... Brendan Laws Director. Solutions Architecture Asia Pacific & Japan Rapid7 Laws is director, solutions architecture, Asia Pacific & Japan, at Rapid7. He helps people understand challenges, define goals and mature cyber capabilities; whilst accommodating their teams’ abilities and leveraging the diverse array of technologies and your business strategy. Mel Migrino Vice President and Group CISO Meralco Migriño is the vice president and group CISO of Meralco, the largest power distribution conglomerate in the Philippines. She has more than 15 years of combined experience in cyber governance, application and infrastructure security, operational technology security, business continuity, privacy,... George Do CISO Gojek Do is chief information security officer at Gojek. He has been working in the cybersecurity field for more than 25 years concentrating on the development of cybersecurity programs. He specializes in the transformation of security programs, winning customer trust, and... James Fong Director Risk and Security Solutions – Asia ServiceNow Fong is director risk and security solutions, Asia at ServiceNow. As a solution leader, he provides leadership and coaching abilities for the team to attain set goals and targeted development to drive net new logos and drive incremental business across... Jayaraj Puthanveedu MD-Cyber and Tech. Risk, Global Head - Operational Resilience BNP Paribas Group Vaibhav Khandelwal Regional Head of Security and Fraud, ASEAN & India F5 Khandelwal works at the intersection of banking and technology. At F5, he looks after business growth for ASEAN and the South Asia region. He previously held roles in cybersecurity, digital banking transformation, fraud prevention and risk management. Conference Chair and Co-Chair Ismamuradi Abdul Kadir Acting CISO-Risk Management Division Bank Muamalat Malaysia Berhad AGENDA View Agenda Welcome to ISMG's South East Asia Summit The summit's objective is to provide education and exclusive networking opportunities for the participants with peers and subject matter experts. The program has been carefully designed with the support and guidance of the 'editorial advisory board,' including senior thought leaders from the ASEAN region, to capture the regional security challenges that resonate with their current concerns. The Southeast Asia editorial advisory board includes: Conference Chair: TS Aishah Mohammed, Head of Cyber Coordination and Command Centre, National Cybersecurity Agency (Malaysia) Conference Co-Chair: Venkatesh Subramaniam, Global Chief Information Security Officer & Privacy Head, Olam International Advisory Board: Mel Migrino, Vice President and Group CISO, Meralco; Phoram Mehta, CISO – APAC, PayPal; Mario Demarillas, CISO and Head of IT Consulting & Software Engineering, Exceture; Soumo Mukherjee, Head of Cybersecurity Architecture, Petronas; Dr Amirudin Abdul Wahab, CEO, CyberSecurity Malaysia; Guy Sheppard, Head of APAC Financial Crime and Compliance, SWIFT; Kunal Sehgal, Former Managing Director, GRF; Shane Read, Chief Information Security Officer - Managing Director, Hex Trust; Parag Deodhar, Director - Information Security, APAC, VF Corporation * 09:00 AM * 09:14 AM Keynote: Building Cyber Defense Capabilities in Wartime: Role of CISOs Col Joey Fontiveros, Commanding Officer, Cyber Battalion, ASR, Philippine Army The South East Asia region is poised for digital transformation across enterprises; it has become an easy and prime target for cyberattacks. It’s no longer a matter of if, but when you’re going to be the victim of a cyberattack. Are you prepared? It’s no longer a theory about protecting your critical infrastructure. It’s a different world today, post-Solarwinds, Colonial Pipeline, Log4J, and Ukraine, and it requires a different cybersecurity strategy to fight hybrid warfare. Various regional governments have tightened their cyber defenses as attacks surge and to protect digital domains. Do you think yesterday’s cyber strategy will hold well for 2022? What needs to change in how CISOs conduct business and secure digital assets from ever-evolving, ever-automating cyber adversaries? The session will discuss: * New cyber defenses required to fight evolving threats * How much does automation help in enhancing your security posture? * CISO’s role in a war zone * 09:15 AM * 09:44 PM Plenary: Industry 4.0: Protecting Your Data in the Era of Digital Transformation Dr Haji Amirudin Abdul Wahab, CyberSecurity Malaysia, CEO With the dawn of the fourth industrial revolution ((industry 4.0), organizations have put their digital transformation at the top of their agenda. While the digital transformation will enhance competitiveness and bring agility and optimal decision-making capabilities, it brings cybersecurity risks and innovation. It is indeed driving automation, accelerating the adoption of IIoT, which is expected to contribute most of IoT’s business value potential. The plenary session discusses: * Getting ready for Industry 4.0: Sizing up the security risks * Understanding the weakest link * Protecting your data and securing the endpoints * 09:45 AM * 10:14 AM Building Threat & Risk Management Programs for Digital Transformation Brendan Laws, Director. Solutions Architecture Asia Pacific & Japan, Rapid7 We have been hearing about digital transformation for some time. Your business could be looking to reduce cost or thinking about agility and swiftly bringing your services to market. Many of us are on a similar journey! New terms, new architectures, confusing statements, and more security technologies are afoot. And, of course, we have to confront our capacity to deliver on these technologies whilst ensuring information remains secure as best as we can. Brendan will explain how teams can determine risk, build secure applications, monitor threats and evolve to automated remediation on any workload or asset, whether on-premise, hybrid or cloud-centric. * 10:15 AM * 10:29 AM * 10:30 AM * 10:59 AM TrackA Updating Your Cybersecurity Strategy in the New World It’s no longer a matter of if, but when you’re going to be the victim of a cyberattack. Are you prepared? It’s no longer a theory about protecting your critical infrastructure. It’s a different world today, post-Solarwinds, Colonial Pipeline, Log4J, and Ukraine, and it requires a different cybersecurity strategy to fight hybrid warfare. Do you think yesterday’s cyber strategy will hold well for 2022? What needs to change in how CISOs conduct business and secure digital assets from ever-evolving, ever-automating cyber adversaries? The session will discuss: * New cyber defenses required to fight evolving threats * How much does automation help in enhancing your security posture? * CISO’s role in a war zone * 10:30 AM * 10:59 AM TrackB Securing your Endpoints in the Era of Digital Transformation Romanus Prabhu Raymond, Global head of technical support for endpoint management & security , ManageEngine, a division of Zoho Corp The challenge for CISOs in their digital transformation journey is to understand the right technologies required for their business and how do you secure those endpoints that are going to expand. The question would arise on what you need to focus on endpoint security that could protect all access points which are vulnerable to cyber criminals to breach your network. The session will discuss: * Endpoint security for 2022 – How do you need to predict and protect * Knowing what’s connected to your network, despite ever expanding endpoints * Establishing sustainable security with the growth in endpoints for detection and response. * 11:00 AM * 11:29 AM TrackA Risk-Based Discussion: Are you Aligned with the Board? Jayaraj Puthanveedu, MD-Cyber and Tech. Risk, Global Head - Operational Resilience, BNP Paribas Group Building relationships with business unit leaders and driving a practical risk-based discussion with the board is critical in making informed risk decisions. The daunting task for CISOs is the uncertainty around the reporting of significant risks, including just what represents a 'significant' risk, which challenges many organizations today. Can you question the management and boards regarding how strategy affects risk and vice versa and their best approach to risk and discuss risk management in a meaningful and productive way? The session will discuss: * Criteria for integrating risk information into decision making * Educating and evaluating of board members to measure strategic decisions on a risk parameter * Use case scenario to understand risk appetite and value at risk * 11:00 AM * 11:29 AM TrackB Two-Way Street: A Cybersecurity Debate between CTO vs. CISO-Where is the Disagreement? Mario Demarillas, CISO and Head of Software Engineering, Exceture Edmund Situmorang, Managing Director and CTO, Tech Connect Innovation Centre, Sinarmas Mining-Indonesia Almost all CISOs across regions have a single most significant challenge of getting the necessary funding to support their cybersecurity programs. Are security leaders creating value for business and part of technology innovation? Is the CTO function aligned with security in driving innovation? Meeting the Expectations. Where is the Disconnect? The session discusses how to get a CTO and the CISO on a common goal to facilitate the continued success of their organization. Where is the disconnect? * 11:45 AM * 12:14 PM TrackA Are you Cloud Ready? A CISO’s Manifestations Wilbertus Darmadi, CIO, Toyota Astra Organization believe that cloud computing brings a whole new level of autonomy and functionality of organization, besides enhancing performance, agility, productivity and scalability. The pandemic has created the urgency for enterprises to move to cloud and enterprises are in a race to adopt the ‘cloud-first’ strategy to optimize the IT spend and secure their hybrid work environment. CISO are tasked with building a cloud-first security strategy and mitigating risks arising with this. The session will discuss: * Cloud migration and its bottle necks * A holistic approach to cloud security and compliance * Governance and risk * 11:45 AM * 12:14 PM TrackB Assessing the Effectiveness of Your Cyber Threat Intelligence Program: Building a Business Case Scott Flower, , The region has witnessed the most prominent organizations hitting the headlines. It is beyond doubt that organizations have a huge staff and a myriad of cybersecurity tools to secure their environment; yet, they were still breached. The current approach is insufficient, and the deployed technologies don’t provide the necessary intel to detect the blind spots. It is imperative to assess the effectiveness of the cyber threat intelligence program, and building a business case is essential in driving actionable threat intelligence. * Understanding what cyber threat intelligence gives to an organization * Reasons for taking a risk-based approach * Using technologies and integration to drive actionable threat intelligence * 12:15 PM * 12:44 PM General Session Lessons from the SolarWinds Hack: A CISOs Response The popular SolarWinds hack, the supply chain attack that implanted a backdoor in the Orion network monitoring software pushed to 18,000 of the firm's customers, is considered to be potentially the most significant intrusion in our history. The campaign's full scale, including all of the tactics, techniques and procedures being used by attackers remaining unknown, has left most enterprises across the regions in a state of shock. What are the lessons the CISOs need to learn from this attack? Do you have a process to evaluate your vendor's security policies and frameworks? The panel will discuss: * How should the risk framework of supply chain vendors evolve; * The risks posed by different kinds of vendors; * Defining security by design approach while evaluating the third-party products. * 12:15 PM * 12:44 PM TrackA Lessons from Log4j's Zero-Day Vulnerability: A Practitioner’s Defense Techniques For many security teams, it's been all hands-on deck since the Apache Log4j zero-day vulnerability recently came to light. The vulnerability, CVE-2021-44228, is part of the open-source Log4j 2 software library. Its component, used for logging events, is part of tens of thousands of deployed applications and cloud-based services affecting organizations across geographies. Experts say that the security threat posed by the bug is "about as serious as it gets," and organizations are now racing to try and identify their risks and exposure levels. The session will discuss: * The modus operandi of such vulnerabilities * Lessons for CISOs from this incident * Cybersecurity response and risk mitigation techniques * 01:00 PM * 01:29 PM TrackA Ongoing Hybrid Warfare: Are You a Target for DDoS Attacks? Nikolaos Thymianis, CISO, Caresocius As Russia and Ukraine invasions are making the headlines, organizations across the globe are facing a series of DDoS attacks. Besides, new forms of malware intrusions are surfacing that can destroy infected machines. How are organizations in the South East Asian regions responding to DDoS attacks? How vulnerable are financial institutions to DDoS attacks? The session will discuss: * How to strengthen your defenses against DDoS? * Managing your risk exposure * Attribution to the DDoS attacks * 01:00 PM * 01:29 PM TrackB Can the Zero Trust Security Approach Mitigate your Threat Challenges Soumo Mukherjee, Head of Security Architecture-Cybersecurity, Petronas Where does the journey to ‘zero trust’ begin and what are the common entry points and how can it unfold. Experts agree that ‘zero trust’ is based on the premise, ‘assume breach’, and treat every asset as breached, and all traffic as hostile. The plenary session will discuss how the way we approach security has changed dramatically as security perimeters have dissolved and assess the maturity of ‘zero trust’ state with a realistic look at security and its dependencies with other functions in securing the future work environment. * 01:30 PM * 01:59 PM General Session You Have Been Breached: Is Your Incidence Response Strategy Top Notch? George Do, CISO, Gojek Emil Tan, Chief Operating Officer, Red Alpha Cybersecurity James Fong , Director Risk and Security Solutions – Asia, ServiceNow The year 2021 stands as testimony to the large ransomware attacks witnessed globally. The South East Asia is not an exception. The Southeast Asian region will see a spike in multifaceted extortion with more public breaches, along with an increase in ransomware-as-a-service operations in 2022. the increase will be driven by "the incredible increase in cryptocurrency value and the difficulty in attributing the arrest of people associated with a specific cyber campaign, experts say. What needs to change as CISOs experience increasing hacking burnout in preventing such malware intrusions? Can they operationalize technology in their prevention and incidence response mechanism to address ransomware issues? The panel will discuss: * Building an effective incidence response and investigation mechanism * How do deal with the recovery response process in the event of an attack * Taking a tactical and strategic approach to battling ransomware and protecting backups * 01:30 PM * 01:59 PM TrackB Cyber Insurance: Response to Rising Ransomware Attacks The cyber insurance industry has been challenged by the rising costs of cyber-crime. The element of unpredictability of the cyber-crime world does not work well for the industry. New coverage and rising renewal rates are a major concern. Premiums are rising by 10 to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransomware demand exacerbate the problem of ransomware and cause more attacks. Moreover, cyber insurance companies are targets themselves. The question on everyone's mind is 'to what extent is cyber insurance fueling ransomware attacks'? The session will also discuss: * Will ransomware ultimately lead to the fall cyber insurance companies? * How cyber insurance industry must approach the problem of ransomware? * Ways to address skill shortage in the industry * 02:00 PM * 02:29 PM TrackA OT Security: Bridging the Silos Mel Migrino, Vice President and Group CISO, Meralco Most OT systems are designed with very little consideration for security. With increased cyber risk in this new digital transformation era, any approach to bridge the IT and OT divide is mission-critical for enterprise security. As a CISO, can you reduce risk, security, and risk management functions silos to bridge the security gaps? Can you deploy the suitable asset inventory methods and map the IT/OT risks? This session will discuss: * Building complete visibility and monitoring of your IT and OT assets with the right access control * Integrating OT threat monitoring into SoC for threat detection * Essential steps to establish OT security * 02:00 PM * 02:29 PM TrackB Are You SoC 2 Compliant? Assessing the Third-Party Risks Shane Read, CISO, Hex Trust With the risks from third-parties escalating at a fast pace, enterprises across Southeast Asia are leaning towards SoC2, (Systems and Organization Controls) an audit procedure that ensures services providers securely manage their data and establish privacy and controls. How should CISOs comply with this standard as organizations move to the cloud and take up the digital transformation journey. The session will discuss: * Why is SoC 2 important and how to integrate it with your ISO standard framework * Establishing third party security using SoC 2 * Essential steps for CISOs in complying with the standard Panel Discussion : Impact of the Hybrid Cyber Warfare on the Supply Chain: Sizing Up the Security Risks Parag Deodhar, Director - Information Security, APAC, VF Corporation Venkatesh Subramaniam, Global CISO & Privacy Head, Olam International Kunal Sehgal, Former Managing Director, GRF, OT-ISAC We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider that cannot be ruled out as it is a significant intrusion of the entire ecosystem. The supply chain attacks ushers in the risk: supplier vulnerabilities which the common cause of compromise. Keeping a watchful eye on suppliers' security status – always knowing the risks they bring in – is an essential part of building resilience and response. The session will discuss: * Impact of the on-going hybrid cyber warfare on the supply chain across enterprises * How to measure the risks and respond to supply chain attacks? * Security by design approach to secure software applications and evaluating the suppliers’ products * 02:30 PM * 02:59 PM SPONSORS SPEAKER INTERVIEWS Changing Authentication for Employees - Navy Federal Credit Union’s Thomas Malta on Applying CIAM... Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains - ‘Supply Chain Security Is... The Critical Role of Dynamic Authentication - Wells Fargo's Sridhar Sidhu on Redefining IAM... NIST's Ron Ross: 'The Adversary Lives in the Cracks' - SolarWinds Breach Calls Attention... The Emerging Risks of 'Shadow Data' Cloud Data Security - Why Now? Importance of Medical Ethics in Cybersecurity - Christopher Frenz on Patient Care After a... Transforming an Organization's Security Culture - CISO Bobby Ford on Building a New Cybersecurity... Profiles in Leadership: Rob Hornbuckle, CISO, Allegiant - Beyond Security, More Than Business: Where... Profiles in Leadership: Selim Aissi, IMT (Ellie Mae) - Perspectives on the CISO Relationship... UK Cyber Security Council to Tackle Education, Standards - Dr. Claudia Natanson Describes Vision... Data Risk Governance: The BISO's Perspective - Patrick Benoit of CBRE on Necessary Ingredients... CISO Spotlight: Troels Oerting, World Economic Forum - Veteran Cybersecurity Leader on Evolution of... Driving Healthcare Innovation With a Security Mindset - ChristianaCare CISO Anahi Santiago on Securing... Touhill: What It Takes to Be Resilient - Ex-Federal CISO Starts New Role as... Art Coviello: 'It's a Roaring '20s for Technology' - RSA's Former CEO on State... Election Security: Lessons Learned from 2020 - FBI's Elvis Chan on Why This Was... CISO Spotlight: Marene Allison, Johnson & Johnson - Reflections on Seismic Change in 2020... Do You Need a Human OS Upgrade? - CISO of World Health Organization on... Ariel Weintraub Takes Charge of Cybersecurity at MassMutual - New Head of Enterprise Cybersecurity... Zero Trust': An Outdated Model? - Cyjax CISO Ian Thornton-Trump Offers a Critique John Kindervag: Reflections on 'Zero Trust' - Creator of the Strategy Assesses 11-Year-Old Model’s... Better Identity Coalition: A Project Update - Jeremy Grant, Coalition Coordinator, Discusses Identity Management... Changing Authentication for Employees - Navy Federal Credit Union’s Thomas Malta on Applying CIAM... Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains - ‘Supply Chain Security Is... The Critical Role of Dynamic Authentication - Wells Fargo's Sridhar Sidhu on Redefining IAM... NIST's Ron Ross: 'The Adversary Lives in the Cracks' - SolarWinds Breach Calls Attention... The Emerging Risks of 'Shadow Data' Cloud Data Security - Why Now? Importance of Medical Ethics in Cybersecurity - Christopher Frenz on Patient Care After a... Transforming an Organization's Security Culture - CISO Bobby Ford on Building a New Cybersecurity... April 12 - 13, 2022 South East Asia Summit Register © 2022 Information Security Media Group, Corp. Privacy & GDPR Statement | CCPA: Do Not Sell My Personal Data Summits Roundtables Faculty About Contact Us view profile