ismg.events Open in urlscan Pro
174.143.130.103  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Summits
 * Roundtables
 * Faculty
 * About
 * Contact Us
 * 

South East Asia Summit
Virtual Summit April 12 - 13, 2022

 * Overview
 * Speakers
 * Agenda
 * Sponsors

The South East Asia region is poised for digital transformation across
enterprises; it has become an easy and prime target for cyberattacks. According
to a recent report, the region's digital economy can add $1 trillion to GDP over
the next ten years. Security leaders say the area has become hotbeds for cyber
threats due to unsecured infrastructure and smart nation hub with growing growth
inter-connectedness. We observe several new initiatives in the payments and
fintech industry as organizations increase in scale. The significant challenge
CISOs witness is the lack of cyber readiness in building a cyber-resilient
enterprise, given the shortage of skills and resources and extreme dependencies
on third-party vendors. The region witnessed a rise in ransomware, phishing, BEC
scams, and multifaceted extortion. The government of Singapore, Malaysia, the
Philippines, and others are putting their best foot forward to build a
comprehensive program for enterprises to deal with such challenges. Attend our
summit to gain insights from the global and regional cybersecurity thought
leaders on the critical aspects of IoT security, mobile device security,
ransomware defenses, third-party supply chain risks, cloud, XDR, cryptocurrency,
bitcoin, blockchain, threat intelligence, and more.
ISMG's agendas provide actionable education and exclusive networking
opportunities with your peers and our subject matter expert speakers.
Dr Haji Amirudin Abdul Wahab
CyberSecurity Malaysia
CEO
Dr Wahab is currently the chief executive officer of cybersecurity Malaysia, a
strategic agency under the Ministry of Science, Technology, and Innovation
(MOSTI). He has more than 20 years of ICT working experience in the telecom and
IT sectors in...
Geetha Nandikotkur
Managing Editor & Conference Chair, Asia & Middle East
ISMG

Col Joey Fontiveros
Commanding Officer
Cyber Battalion, ASR, Philippine Army

Soumo Mukherjee
Head of Security Architecture-Cybersecurity
Petronas
Mukherjee is the head of security architecture for cybersecurity at Petronas. He
is responsible for end-user security, identity and access management, cloud
security, and Microsoft 365. During his long career in information technology
services, he has been a transformation leader,...
Parag Deodhar
Director - Information Security, APAC
VF Corporation
Deodhar is the director of cyber security & risk management for APAC at VF Corp
and is based in Hong Kong. He has more than 20 years’ experience in enterprise
risk management, specializing in operational risk, cyber security and fraud...
Shane Read
CISO
Hex Trust
Read is the CISO at Hex Trust. He is an accomplished information security
executive and CISO with more than 20 years of international experience in the
public and private sectors and a track record of effectively developing InfoSec
maturity, managing...
Phannarith Ou
Director of ICT Security
Ministry of Post & Communications, Combodia

Nikolaos Thymianis
CISO
Caresocius
Thymianis is the CISO at Caresocius in Greece. He is working in risk management
initiatives for Pfizer. His previous work made him associate with people in the
healthcare industry, while doing cybersecurity assurance and maturity
assessments for organizations in the...
Mario Demarillas
CISO and Head of Software Engineering
Exceture
Demarillas is a member of the board of directors, CISO and head of IT consulting
and software engineering at Exceture Inc., based in Manila, Philippines. He has
over 20 years of professional experience in information systems and internal
audit, fraud...
Suparna Goswami
Associate Editor
ISMG

Edmund Situmorang
Managing Director and CTO
Tech Connect Innovation Centre, Sinarmas Mining-Indonesia
Situmorang is managing director and CTO of TechConnect Academy & PRODIGI
(Sinarmas Group). He has worked in the U.S. for 11 years as a programmer and
strategist, and enthusiastic about technology especially in the field of
artificial intelligence.
Romanus Prabhu Raymond
Global head of technical support for endpoint management & security
ManageEngine, a division of Zoho Corp
Raymond is global head for technical support for endpoint management & security
at ManageEngine, a division of Zoho Corp. With more than 18 years of experience
spanning from the legacy client management to modern endpoint management and
security solution domains,...
Emil Tan
Chief Operating Officer
Red Alpha Cybersecurity
Tan is the COO of Red Alpha Cybersecurity – a cybersecurity talent development
company. He is also the Southeast Asia Regional Advocate for CREST. He has been
in the cybersecurity industry for more than 10 years and has experience in...
Kunal Sehgal
Former Managing Director
GRF, OT-ISAC
Sehgal is the former managing director at GRF. He has been a cyber-evangelist
for more than 15 years and is an untiring advocate of cyber threat intelligence
sharing. He encourages the cyber-defenders to work together, by maintaining a
strong level...
Scott Flower


Flower is global intelligence offier, Asia Pacific, at FS-ISAC. He has been
based in Singapore over the last decade and his most recent role was leading the
Asia Pacific largest cyber threat fusion analysis cell protecting the global
financial sector....
Wilbertus Darmadi
CIO
Toyota Astra
Darmadi is CIO of Toyota Astra Motor. He has more than 26 years of experience as
IT professional especially in automotive industry. He has worked with
multinational stakeholders, team and partners and has helped companies to boost
business performance using...
Advisory Board



Venkatesh Subramaniam
Global CISO & Privacy Head
Olam International
Subramanian is the global CISO and privacy head at Olam International where he
is responsible for all aspects of the security and privacy program spanning over
70 countries. He has more than 27 years of experience in information security
and...
Brendan Laws
Director. Solutions Architecture Asia Pacific & Japan
Rapid7
Laws is director, solutions architecture, Asia Pacific & Japan, at Rapid7. He
helps people understand challenges, define goals and mature cyber capabilities;
whilst accommodating their teams’ abilities and leveraging the diverse array of
technologies and your business strategy.
Mel Migrino
Vice President and Group CISO
Meralco
Migriño is the vice president and group CISO of Meralco, the largest power
distribution conglomerate in the Philippines. She has more than 15 years of
combined experience in cyber governance, application and infrastructure
security, operational technology security, business continuity, privacy,...
George Do
CISO
Gojek
Do is chief information security officer at Gojek. He has been working in the
cybersecurity field for more than 25 years concentrating on the development of
cybersecurity programs. He specializes in the transformation of security
programs, winning customer trust, and...
James Fong
Director Risk and Security Solutions – Asia
ServiceNow
Fong is director risk and security solutions, Asia at ServiceNow. As a solution
leader, he provides leadership and coaching abilities for the team to attain set
goals and targeted development to drive net new logos and drive incremental
business across...
Jayaraj Puthanveedu
MD-Cyber and Tech. Risk, Global Head - Operational Resilience
BNP Paribas Group

Vaibhav Khandelwal
Regional Head of Security and Fraud, ASEAN & India
F5
Khandelwal works at the intersection of banking and technology. At F5, he looks
after business growth for ASEAN and the South Asia region. He previously held
roles in cybersecurity, digital banking transformation, fraud prevention and
risk management.
Conference Chair and Co-Chair



Advisory Board



View Agenda

Welcome to ISMG's South East Asia Summit

The summit's objective is to provide education and exclusive networking
opportunities for the participants with peers and subject matter experts. The
program has been carefully designed with the support and guidance of the
'editorial advisory board,' including senior thought leaders from the ASEAN
region, to capture the regional security challenges that resonate with their
current concerns. The Southeast Asia editorial advisory board includes: 

Conference Chair:
TS Aishah Mohammed, Head of Cyber Coordination and Command Centre, National
Cybersecurity Agency (Malaysia)

Conference Co-Chair:
Venkatesh Subramaniam, Global Chief Information Security Officer & Privacy Head,
Olam International

Advisory Board: 
Mel Migrino, Vice President and Group CISO, Meralco;
Phoram Mehta, CISO – APAC, PayPal;
Mario Demarillas, CISO and Head of IT Consulting & Software Engineering,
Exceture;
Soumo Mukherjee, Head of Cybersecurity Architecture, Petronas;
Dr Amirudin Abdul Wahab, CEO, CyberSecurity Malaysia;
Guy Sheppard, Head of APAC Financial Crime and Compliance, SWIFT;
Kunal Sehgal, Former Managing Director, GRF;
Shane Read, Chief Information Security Officer - Managing Director, Hex Trust;
Parag Deodhar, Director - Information Security, APAC, VF Corporation


 * 09:00 AM
   
   
 * 09:14 AM

Keynote: Building Cyber Defense Capabilities in Wartime: Role of CISOs
Col Joey Fontiveros, Commanding Officer, Cyber Battalion, ASR, Philippine Army

The Southeast Asia region is poised for digital transformation across
enterprises; it has become an easy and prime target for cyberattacks.  

It’s no longer a matter of if, but when you’re going to be the victim of a
cyberattack. Are you prepared? It’s no longer a theory about protecting your
critical infrastructure. It’s a different world today, post-Solarwinds, Colonial
Pipeline, Log4J, and Ukraine, and it requires a different cybersecurity strategy
to fight hybrid warfare. Various regional governments have tightened their cyber
defenses as attacks surge and to protect digital domains. 

Do you think yesterday’s cyber strategy will hold well for 2022? What needs to
change in how CISOs conduct business and secure digital assets from
ever-evolving, ever-automating cyber adversaries?   

The session will discuss:  

 * New cyber defenses required to fight evolving threats   
 * How much does automation help in enhancing your security posture?   
 * CISO’s role in a war zone 


 * 09:15 AM
   
   
 * 09:44 PM

Plenary: Industry 4.0: Protecting Your Data in the Era of Digital Transformation
Dr Haji Amirudin Abdul Wahab, CyberSecurity Malaysia, CEO

With the dawn of the fourth industrial revolution ((industry 4.0), organizations
have put their digital transformation at the top of their agenda. While the
digital transformation will enhance competitiveness and bring agility and
optimal decision-making capabilities, it brings cybersecurity risks and
innovation. It is indeed driving automation, accelerating the adoption of IIoT,
which is expected to contribute most of IoT’s business value potential. 

The plenary session discusses: 

 * Getting ready for Industry 4.0: Sizing up the security risks 
 * Understanding the weakest link 
 * Protecting your data and securing the endpoints 


 * 09:45 AM
   
   
 * 10:14 AM

Building Threat & Risk Management Programs for Digitial Transformation
Brendan Laws, Director. Solutions Architecture Asia Pacific & Japan, Rapid7

We have been hearing about digital transformation for some time. Your business
could be looking to reduce cost or thinking about agility and swiftly bringing
your services to market.

Many of us are on a similar journey! New terms, new architectures, confusing
statements, and more security technologies are afoot. And, of course, we have to
confront our capacity to deliver on these technologies whilst ensuring
information remains secure as best as we can.

Brendan will explain how teams can determine risk, build secure applications,
monitor threats and evolve to automated remediation on any workload or asset,
whether on-premise, hybrid or cloud-centric.


 * 10:15 AM
   
   
 * 10:29 AM

 * 10:30 AM
   
   
 * 10:59 AM

TrackA

Updating Your Cybersecurity Strategy in the New World

It’s no longer a matter of if, but when you’re going to be the victim of a
cyberattack. Are you prepared? It’s no longer a theory about protecting your
critical infrastructure. It’s a different world today, post-Solarwinds, Colonial
Pipeline, Log4J, and Ukraine, and it requires a different cybersecurity strategy
to fight hybrid warfare.  

Do you think yesterday’s cyber strategy will hold well for 2022? What needs to
change in how CISOs conduct business and secure digital assets from
ever-evolving, ever-automating cyber adversaries?  

The session will discuss:  

 * New cyber defenses required to fight evolving threats 
 * How much does automation help in enhancing your security posture?  
 * CISO’s role in a war zone   

 * 10:30 AM
   
   
 * 10:59 AM

TrackB

Securing your Endpoints in the Era of Digital Transformation
Romanus Prabhu Raymond, Global head of technical support for endpoint management
& security , ManageEngine, a division of Zoho Corp

The challenge for CISOs in their digital transformation journey is to understand
the right technologies required for their business and how do you secure those
endpoints that are going to expand. The question would arise on what you need to
focus on endpoint security that could protect all access points which are
vulnerable to cyber criminals to breach your network.

The session will discuss:

 * Endpoint security for 2022 – How do you need to predict and protect
 *  Knowing what’s connected to your network, despite ever expanding endpoints
 *  Establishing sustainable security with the growth in endpoints for detection
   and response.

 * 11:00 AM
   
   
 * 11:29 AM

TrackA

Risk-Based Discussion: Are you Aligned with the Board?
Jayaraj Puthanveedu, MD-Cyber and Tech. Risk, Global Head - Operational
Resilience, BNP Paribas Group

Building relationships with business unit leaders and driving a practical
risk-based discussion with the board is critical in making informed risk
decisions.  

The daunting task for CISOs is the uncertainty around the reporting of
significant risks, including just what represents a 'significant' risk, which
challenges many organizations today. Can you question the management and boards
regarding how strategy affects risk and vice versa and their best approach to
risk and discuss risk management in a meaningful and productive way?  

The session will discuss:     

 * Criteria for integrating risk information into decision making  
 * Educating and evaluating of board members to measure strategic decisions on a
   risk parameter  
 * Use case scenario to understand risk appetite and value at risk 

 * 11:00 AM
   
   
 * 11:29 AM

TrackB

Two-Way Street: A Cybersecurity Debate between CTO vs. CISO-Where is the
Disagreement?
Mario Demarillas, CISO and Head of Software Engineering, Exceture
Edmund Situmorang, Managing Director and CTO, Tech Connect Innovation Centre,
Sinarmas Mining-Indonesia

Almost all CISOs across regions have a single most significant challenge of
getting the necessary funding to support their cybersecurity programs. Are
security leaders creating value for business and part of technology innovation?
Is the CTO function aligned with security in driving innovation? Meeting the
Expectations. Where is the Disconnect?  

The session discusses how to get a CTO and the CISO on a common goal to
facilitate the continued success of their organization. Where is the disconnect?

 * 11:45 AM
   
   
 * 12:14 PM

TrackA

Are you Cloud Ready? A CISO’s Manifestations
Wilbertus Darmadi, CIO, Toyota Astra

Organization believe that cloud computing brings a whole new level of autonomy
and functionality of organization, besides enhancing performance, agility,
productivity and scalability. The pandemic has created the urgency for
enterprises to move to cloud and enterprises are in a race to adopt the
‘cloud-first’ strategy to optimize the IT spend and secure their hybrid work
environment.   

CISO are tasked with building a cloud-first security strategy and mitigating
risks arising with this.  

The session will discuss:  

 * Cloud migration and its bottle necks 
 * A holistic approach to cloud security and compliance  
 * Governance and risk 

 * 11:45 AM
   
   
 * 12:14 PM

TrackB

Assessing the Effectiveness of Your Cyber Threat Intelligence Program: Building
a Business Case
Scott Flower, ,

The region has witnessed the most prominent organizations hitting the headlines.
It is beyond doubt that organizations have a huge staff and a myriad of
cybersecurity tools to secure their environment; yet, they were still breached.
The current approach is insufficient, and the deployed technologies don’t
provide the necessary intel to detect the blind spots. 

It is imperative to assess the effectiveness of the cyber threat intelligence
program, and building a business case is essential in driving actionable threat
intelligence. 

 * Understanding what cyber threat intelligence gives to an organization 
 * Reasons for taking a risk-based approach 
 * Using technologies and integration to drive actionable threat intelligence
   
   

 * 12:15 PM
   
   
 * 12:44 PM

TrackA

Lessons from Log4j's Zero-Day Vulnerability: A Practitioner’s Defense Techniques

For many security teams, it's been all hands-on deck since the Apache Log4j
zero-day vulnerability recently came to light. The
vulnerability, CVE-2021-44228, is part of the open-source Log4j 2 software
library. Its component, used for logging events, is part of tens of thousands of
deployed applications and cloud-based services affecting organizations across
geographies. 

Experts say that the security threat posed by the bug is "about as serious as it
gets," and organizations are now racing to try and identify their risks and
exposure levels. 

The session will discuss: 

 * The modus operandi of such vulnerabilities 
 * Lessons for CISOs from this incident 
 * Cybersecurity response and risk mitigation techniques   

 * 12:15 PM
   
   
 * 12:44 PM

TrackB

Lessons from the SolarWinds Hack: A CISOs Response

The popular SolarWinds hack, the supply chain attack that implanted a backdoor
in the Orion network monitoring software pushed to 18,000 of the firm's
customers, is considered to be potentially the most significant intrusion in our
history.  
The campaign's full scale, including all of the tactics, techniques and
procedures being used by attackers remaining unknown, has left most enterprises
across the regions in a state of shock. 
What are the lessons the CISOs need to learn from this attack? Do you have a
process to evaluate your vendor's security policies and frameworks? 

The panel will discuss:

 * How should the risk framework of supply chain vendors evolve;
 * The risks posed by different kinds of vendors;
 * Defining security by design approach while evaluating the third-party
   products.

 * 01:00 PM
   
   
 * 01:29 PM

TrackA

Ongoing Hybrid Warfare: Are You a Target for DDoS Attacks?
Nikolaos Thymianis, CISO, Caresocius

As Russia and Ukraine invasions are making the headlines, organizations across
the globe are facing a series of DDoS attacks. Besides, new forms of malware
intrusions are surfacing that can destroy infected machines. How are
organizations in the South East Asian regions responding to DDoS attacks? How
vulnerable are financial institutions to DDoS attacks? 

The session will discuss: 

 * How to strengthen your defenses against DDoS? 
 * Managing your risk exposure 
 * Attribution to the DDoS attacks 

 * 01:00 PM
   
   
 * 01:29 PM

TrackB

Can the Zero Trust Security Approach Mitigate your Threat Challenges
Soumo Mukherjee, Head of Security Architecture-Cybersecurity, Petronas

Where does the journey to ‘zero trust’ begin and what are the common entry
points and how can it unfold. Experts agree that ‘zero trust’ is based on the
premise, ‘assume breach’, and treat every asset as breached, and all traffic as
hostile.   
The plenary session will discuss how the way we approach security has changed
dramatically as security perimeters have dissolved and assess the maturity of
‘zero trust’ state with a realistic look at security and its dependencies with
other functions in securing the future work environment.  

 * 01:30 PM
   
   
 * 01:59 PM

TrackA

You Have Been Breached: Is Your Incidence Response Strategy Top Notch?
George Do, CISO, Gojek
Emil Tan, Chief Operating Officer, Red Alpha Cybersecurity
James Fong , Director Risk and Security Solutions – Asia, ServiceNow

The year 2021 stands as testimony to the large ransomware attacks witnessed
globally. The South East Asia is not an exception. The Southeast Asian region
will see a spike in multifaceted extortion with more public breaches, along with
an increase in ransomware-as-a-service operations in 2022. the increase will be
driven by "the incredible increase in cryptocurrency value and the difficulty in
attributing the arrest of people associated with a specific cyber campaign,
experts say.   

What needs to change as CISOs experience increasing hacking burnout in
preventing such malware intrusions? Can they operationalize technology in their
prevention and incidence response mechanism to address ransomware issues?   

The panel will discuss:   

 * Building an effective incidence response and investigation mechanism   
 * How do deal with the recovery response process in the event of an attack  
 * Taking a tactical and strategic approach to battling ransomware and
   protecting backups   

 * 01:30 PM
   
   
 * 01:59 PM

TrackB

Cyber Insurance: Response to Rising Ransomware Attacks

The cyber insurance industry has been challenged by the rising costs of
cyber-crime. The element of unpredictability of the cyber-crime world does not
work well for the industry. New coverage and rising renewal rates are a major
concern. Premiums are rising by 10 to 20-fold. Recent research reports show that
70% of cybersecurity professionals believe insurance payments to companies that
have paid a ransomware demand exacerbate the problem of ransomware and cause
more attacks.  Moreover, cyber insurance companies are targets themselves. The
question on everyone's mind is 'to what extent is cyber insurance fueling
ransomware attacks'?  

The session will also discuss:  

 * Will ransomware ultimately lead to the fall cyber insurance companies?     
     
 * How cyber insurance industry must approach the problem of ransomware?  
 * Ways to address skill shortage in the industry 

 * 02:00 PM
   
   
 * 02:29 PM

TrackA

OT Security: Bridging the Silos
Mel Migrino, Vice President and Group CISO, Meralco

Most OT systems are designed with very little consideration for security. With
increased cyber risk in this new digital transformation era, any approach to
bridge the IT and OT divide is mission-critical for enterprise security.  As a
CISO, can you reduce risk, security, and risk management functions silos to
bridge the security gaps?  Can you deploy the suitable asset inventory methods
and map the IT/OT risks?   

This session will discuss:   

 * Building complete visibility and monitoring of your IT and OT assets with the
   right access control   
 * Integrating OT threat monitoring into SoC for threat detection  
 * Essential steps to establish OT security 
   
   

 * 02:00 PM
   
   
 * 02:29 PM

TrackB

Are You SoC 2 Compliant? Assessing the Third-Party Risks
Shane Read, CISO, Hex Trust

With the risks from third-parties escalating at a fast pace,
enterprises across Southeast Asia are leaning towards SoC2, (Systems and
Organization Controls) an audit procedure that ensures services providers
securely manage their data and establish privacy and controls. How should CISOs
comply with this standard as organizations move to the cloud and take up the
digital transformation journey.  

The session will discuss: 

 * Why is SoC 2 important and how to integrate it with your ISO standard
   framework 
 * Establishing third party security using SoC 2 
 * Essential steps for CISOs in complying with the standard 

Panel Discussion : Impact of the Hybrid Cyber Warfare on the Supply Chain:
Sizing Up the Security Risks
Parag Deodhar, Director - Information Security, APAC, VF Corporation
Venkatesh Subramaniam, Global CISO & Privacy Head, Olam International
Kunal Sehgal, Former Managing Director, GRF, OT-ISAC

We typically think of supply chain attacks as stealthy attacks on hardware
components, such as malware on laptops and network devices. Still, the supply
chain attack was an attack on a service provider that cannot be ruled out as it
is a significant intrusion of the entire ecosystem. The supply chain attacks
ushers in the risk: supplier vulnerabilities which the common cause of
compromise. Keeping a watchful eye on suppliers' security status – always
knowing the risks they bring in – is an essential part of building resilience
and response.  

The session will discuss:  

 * Impact of the on-going hybrid cyber warfare on the supply chain across
   enterprises 
 * How to measure the risks and respond to supply chain attacks?  
 * Security by design approach to secure software applications and evaluating
   the suppliers’ products 


 * 02:30 PM
   
   
 * 02:59 PM


OVERVIEW

The South East Asia region is poised for digital transformation across
enterprises; it has become an easy and prime target for cyberattacks. According
to a recent report, the region's digital economy can add $1 trillion to GDP over
the next ten years. Security leaders say the area has become hotbeds for cyber
threats due to unsecured infrastructure and smart nation hub with growing growth
inter-connectedness. We observe several new initiatives in the payments and
fintech industry as organizations increase in scale. The significant challenge
CISOs witness is the lack of cyber readiness in building a cyber-resilient
enterprise, given the shortage of skills and resources and extreme dependencies
on third-party vendors. The region witnessed a rise in ransomware, phishing, BEC
scams, and multifaceted extortion. The government of Singapore, Malaysia, the
Philippines, and others are putting their best foot forward to build a
comprehensive program for enterprises to deal with such challenges. Attend our
summit to gain insights from the global and regional cybersecurity thought
leaders on the critical aspects of IoT security, mobile device security,
ransomware defenses, third-party supply chain risks, cloud, XDR, cryptocurrency,
bitcoin, blockchain, threat intelligence, and more.
ISMG's agendas provide actionable education and exclusive networking
opportunities with your peers and our subject matter expert speakers.
SPEAKERS

Dr Haji Amirudin Abdul Wahab
CyberSecurity Malaysia
CEO
Dr Wahab is currently the chief executive officer of cybersecurity Malaysia, a
strategic agency under the Ministry of Science, Technology, and Innovation
(MOSTI). He has more than 20 years of ICT working experience in the telecom and
IT sectors in...
Geetha Nandikotkur
Managing Editor & Conference Chair, Asia & Middle East
ISMG

Col Joey Fontiveros
Commanding Officer
Cyber Battalion, ASR, Philippine Army

Soumo Mukherjee
Head of Security Architecture-Cybersecurity
Petronas
Mukherjee is the head of security architecture for cybersecurity at Petronas. He
is responsible for end-user security, identity and access management, cloud
security, and Microsoft 365. During his long career in information technology
services, he has been a transformation leader,...
Parag Deodhar
Director - Information Security, APAC
VF Corporation
Deodhar is the director of cyber security & risk management for APAC at VF Corp
and is based in Hong Kong. He has more than 20 years’ experience in enterprise
risk management, specializing in operational risk, cyber security and fraud...
Shane Read
CISO
Hex Trust
Read is the CISO at Hex Trust. He is an accomplished information security
executive and CISO with more than 20 years of international experience in the
public and private sectors and a track record of effectively developing InfoSec
maturity, managing...
Phannarith Ou
Director of ICT Security
Ministry of Post & Communications, Combodia

Nikolaos Thymianis
CISO
Caresocius
Thymianis is the CISO at Caresocius in Greece. He is working in risk management
initiatives for Pfizer. His previous work made him associate with people in the
healthcare industry, while doing cybersecurity assurance and maturity
assessments for organizations in the...
Mario Demarillas
CISO and Head of Software Engineering
Exceture
Demarillas is a member of the board of directors, CISO and head of IT consulting
and software engineering at Exceture Inc., based in Manila, Philippines. He has
over 20 years of professional experience in information systems and internal
audit, fraud...
Suparna Goswami
Associate Editor
ISMG

Edmund Situmorang
Managing Director and CTO
Tech Connect Innovation Centre, Sinarmas Mining-Indonesia
Situmorang is managing director and CTO of TechConnect Academy & PRODIGI
(Sinarmas Group). He has worked in the U.S. for 11 years as a programmer and
strategist, and enthusiastic about technology especially in the field of
artificial intelligence.
Romanus Prabhu Raymond
Global head of technical support for endpoint management & security
ManageEngine, a division of Zoho Corp
Raymond is global head for technical support for endpoint management & security
at ManageEngine, a division of Zoho Corp. With more than 18 years of experience
spanning from the legacy client management to modern endpoint management and
security solution domains,...
Emil Tan
Chief Operating Officer
Red Alpha Cybersecurity
Tan is the COO of Red Alpha Cybersecurity – a cybersecurity talent development
company. He is also the Southeast Asia Regional Advocate for CREST. He has been
in the cybersecurity industry for more than 10 years and has experience in...
Kunal Sehgal
Former Managing Director
GRF, OT-ISAC
Sehgal is the former managing director at GRF. He has been a cyber-evangelist
for more than 15 years and is an untiring advocate of cyber threat intelligence
sharing. He encourages the cyber-defenders to work together, by maintaining a
strong level...
Scott Flower


Flower is global intelligence offier, Asia Pacific, at FS-ISAC. He has been
based in Singapore over the last decade and his most recent role was leading the
Asia Pacific largest cyber threat fusion analysis cell protecting the global
financial sector....
Wilbertus Darmadi
CIO
Toyota Astra
Darmadi is CIO of Toyota Astra Motor. He has more than 26 years of experience as
IT professional especially in automotive industry. He has worked with
multinational stakeholders, team and partners and has helped companies to boost
business performance using...
Advisory Board



Venkatesh Subramaniam
Global CISO & Privacy Head
Olam International
Subramanian is the global CISO and privacy head at Olam International where he
is responsible for all aspects of the security and privacy program spanning over
70 countries. He has more than 27 years of experience in information security
and...
Brendan Laws
Director. Solutions Architecture Asia Pacific & Japan
Rapid7
Laws is director, solutions architecture, Asia Pacific & Japan, at Rapid7. He
helps people understand challenges, define goals and mature cyber capabilities;
whilst accommodating their teams’ abilities and leveraging the diverse array of
technologies and your business strategy.
Mel Migrino
Vice President and Group CISO
Meralco
Migriño is the vice president and group CISO of Meralco, the largest power
distribution conglomerate in the Philippines. She has more than 15 years of
combined experience in cyber governance, application and infrastructure
security, operational technology security, business continuity, privacy,...
George Do
CISO
Gojek
Do is chief information security officer at Gojek. He has been working in the
cybersecurity field for more than 25 years concentrating on the development of
cybersecurity programs. He specializes in the transformation of security
programs, winning customer trust, and...
James Fong
Director Risk and Security Solutions – Asia
ServiceNow
Fong is director risk and security solutions, Asia at ServiceNow. As a solution
leader, he provides leadership and coaching abilities for the team to attain set
goals and targeted development to drive net new logos and drive incremental
business across...
Jayaraj Puthanveedu
MD-Cyber and Tech. Risk, Global Head - Operational Resilience
BNP Paribas Group

Vaibhav Khandelwal
Regional Head of Security and Fraud, ASEAN & India
F5
Khandelwal works at the intersection of banking and technology. At F5, he looks
after business growth for ASEAN and the South Asia region. He previously held
roles in cybersecurity, digital banking transformation, fraud prevention and
risk management.
Conference Chair and Co-Chair



Advisory Board



AGENDA

View Agenda

Welcome to ISMG's South East Asia Summit

The summit's objective is to provide education and exclusive networking
opportunities for the participants with peers and subject matter experts. The
program has been carefully designed with the support and guidance of the
'editorial advisory board,' including senior thought leaders from the ASEAN
region, to capture the regional security challenges that resonate with their
current concerns. The Southeast Asia editorial advisory board includes: 

Conference Chair:
TS Aishah Mohammed, Head of Cyber Coordination and Command Centre, National
Cybersecurity Agency (Malaysia)

Conference Co-Chair:
Venkatesh Subramaniam, Global Chief Information Security Officer & Privacy Head,
Olam International

Advisory Board: 
Mel Migrino, Vice President and Group CISO, Meralco;
Phoram Mehta, CISO – APAC, PayPal;
Mario Demarillas, CISO and Head of IT Consulting & Software Engineering,
Exceture;
Soumo Mukherjee, Head of Cybersecurity Architecture, Petronas;
Dr Amirudin Abdul Wahab, CEO, CyberSecurity Malaysia;
Guy Sheppard, Head of APAC Financial Crime and Compliance, SWIFT;
Kunal Sehgal, Former Managing Director, GRF;
Shane Read, Chief Information Security Officer - Managing Director, Hex Trust;
Parag Deodhar, Director - Information Security, APAC, VF Corporation


 * 09:00 AM
   
   
 * 09:14 AM

Keynote: Building Cyber Defense Capabilities in Wartime: Role of CISOs
Col Joey Fontiveros, Commanding Officer, Cyber Battalion, ASR, Philippine Army

The Southeast Asia region is poised for digital transformation across
enterprises; it has become an easy and prime target for cyberattacks.  

It’s no longer a matter of if, but when you’re going to be the victim of a
cyberattack. Are you prepared? It’s no longer a theory about protecting your
critical infrastructure. It’s a different world today, post-Solarwinds, Colonial
Pipeline, Log4J, and Ukraine, and it requires a different cybersecurity strategy
to fight hybrid warfare. Various regional governments have tightened their cyber
defenses as attacks surge and to protect digital domains. 

Do you think yesterday’s cyber strategy will hold well for 2022? What needs to
change in how CISOs conduct business and secure digital assets from
ever-evolving, ever-automating cyber adversaries?   

The session will discuss:  

 * New cyber defenses required to fight evolving threats   
 * How much does automation help in enhancing your security posture?   
 * CISO’s role in a war zone 


 * 09:15 AM
   
   
 * 09:44 PM

Plenary: Industry 4.0: Protecting Your Data in the Era of Digital Transformation
Dr Haji Amirudin Abdul Wahab, CyberSecurity Malaysia, CEO

With the dawn of the fourth industrial revolution ((industry 4.0), organizations
have put their digital transformation at the top of their agenda. While the
digital transformation will enhance competitiveness and bring agility and
optimal decision-making capabilities, it brings cybersecurity risks and
innovation. It is indeed driving automation, accelerating the adoption of IIoT,
which is expected to contribute most of IoT’s business value potential. 

The plenary session discusses: 

 * Getting ready for Industry 4.0: Sizing up the security risks 
 * Understanding the weakest link 
 * Protecting your data and securing the endpoints 


 * 09:45 AM
   
   
 * 10:14 AM

Building Threat & Risk Management Programs for Digitial Transformation
Brendan Laws, Director. Solutions Architecture Asia Pacific & Japan, Rapid7

We have been hearing about digital transformation for some time. Your business
could be looking to reduce cost or thinking about agility and swiftly bringing
your services to market.

Many of us are on a similar journey! New terms, new architectures, confusing
statements, and more security technologies are afoot. And, of course, we have to
confront our capacity to deliver on these technologies whilst ensuring
information remains secure as best as we can.

Brendan will explain how teams can determine risk, build secure applications,
monitor threats and evolve to automated remediation on any workload or asset,
whether on-premise, hybrid or cloud-centric.


 * 10:15 AM
   
   
 * 10:29 AM

 * 10:30 AM
   
   
 * 10:59 AM

TrackA

Updating Your Cybersecurity Strategy in the New World

It’s no longer a matter of if, but when you’re going to be the victim of a
cyberattack. Are you prepared? It’s no longer a theory about protecting your
critical infrastructure. It’s a different world today, post-Solarwinds, Colonial
Pipeline, Log4J, and Ukraine, and it requires a different cybersecurity strategy
to fight hybrid warfare.  

Do you think yesterday’s cyber strategy will hold well for 2022? What needs to
change in how CISOs conduct business and secure digital assets from
ever-evolving, ever-automating cyber adversaries?  

The session will discuss:  

 * New cyber defenses required to fight evolving threats 
 * How much does automation help in enhancing your security posture?  
 * CISO’s role in a war zone   

 * 10:30 AM
   
   
 * 10:59 AM

TrackB

Securing your Endpoints in the Era of Digital Transformation
Romanus Prabhu Raymond, Global head of technical support for endpoint management
& security , ManageEngine, a division of Zoho Corp

The challenge for CISOs in their digital transformation journey is to understand
the right technologies required for their business and how do you secure those
endpoints that are going to expand. The question would arise on what you need to
focus on endpoint security that could protect all access points which are
vulnerable to cyber criminals to breach your network.

The session will discuss:

 * Endpoint security for 2022 – How do you need to predict and protect
 *  Knowing what’s connected to your network, despite ever expanding endpoints
 *  Establishing sustainable security with the growth in endpoints for detection
   and response.

 * 11:00 AM
   
   
 * 11:29 AM

TrackA

Risk-Based Discussion: Are you Aligned with the Board?
Jayaraj Puthanveedu, MD-Cyber and Tech. Risk, Global Head - Operational
Resilience, BNP Paribas Group

Building relationships with business unit leaders and driving a practical
risk-based discussion with the board is critical in making informed risk
decisions.  

The daunting task for CISOs is the uncertainty around the reporting of
significant risks, including just what represents a 'significant' risk, which
challenges many organizations today. Can you question the management and boards
regarding how strategy affects risk and vice versa and their best approach to
risk and discuss risk management in a meaningful and productive way?  

The session will discuss:     

 * Criteria for integrating risk information into decision making  
 * Educating and evaluating of board members to measure strategic decisions on a
   risk parameter  
 * Use case scenario to understand risk appetite and value at risk 

 * 11:00 AM
   
   
 * 11:29 AM

TrackB

Two-Way Street: A Cybersecurity Debate between CTO vs. CISO-Where is the
Disagreement?
Mario Demarillas, CISO and Head of Software Engineering, Exceture
Edmund Situmorang, Managing Director and CTO, Tech Connect Innovation Centre,
Sinarmas Mining-Indonesia

Almost all CISOs across regions have a single most significant challenge of
getting the necessary funding to support their cybersecurity programs. Are
security leaders creating value for business and part of technology innovation?
Is the CTO function aligned with security in driving innovation? Meeting the
Expectations. Where is the Disconnect?  

The session discusses how to get a CTO and the CISO on a common goal to
facilitate the continued success of their organization. Where is the disconnect?

 * 11:45 AM
   
   
 * 12:14 PM

TrackA

Are you Cloud Ready? A CISO’s Manifestations
Wilbertus Darmadi, CIO, Toyota Astra

Organization believe that cloud computing brings a whole new level of autonomy
and functionality of organization, besides enhancing performance, agility,
productivity and scalability. The pandemic has created the urgency for
enterprises to move to cloud and enterprises are in a race to adopt the
‘cloud-first’ strategy to optimize the IT spend and secure their hybrid work
environment.   

CISO are tasked with building a cloud-first security strategy and mitigating
risks arising with this.  

The session will discuss:  

 * Cloud migration and its bottle necks 
 * A holistic approach to cloud security and compliance  
 * Governance and risk 

 * 11:45 AM
   
   
 * 12:14 PM

TrackB

Assessing the Effectiveness of Your Cyber Threat Intelligence Program: Building
a Business Case
Scott Flower, ,

The region has witnessed the most prominent organizations hitting the headlines.
It is beyond doubt that organizations have a huge staff and a myriad of
cybersecurity tools to secure their environment; yet, they were still breached.
The current approach is insufficient, and the deployed technologies don’t
provide the necessary intel to detect the blind spots. 

It is imperative to assess the effectiveness of the cyber threat intelligence
program, and building a business case is essential in driving actionable threat
intelligence. 

 * Understanding what cyber threat intelligence gives to an organization 
 * Reasons for taking a risk-based approach 
 * Using technologies and integration to drive actionable threat intelligence
   
   

 * 12:15 PM
   
   
 * 12:44 PM

TrackA

Lessons from Log4j's Zero-Day Vulnerability: A Practitioner’s Defense Techniques

For many security teams, it's been all hands-on deck since the Apache Log4j
zero-day vulnerability recently came to light. The
vulnerability, CVE-2021-44228, is part of the open-source Log4j 2 software
library. Its component, used for logging events, is part of tens of thousands of
deployed applications and cloud-based services affecting organizations across
geographies. 

Experts say that the security threat posed by the bug is "about as serious as it
gets," and organizations are now racing to try and identify their risks and
exposure levels. 

The session will discuss: 

 * The modus operandi of such vulnerabilities 
 * Lessons for CISOs from this incident 
 * Cybersecurity response and risk mitigation techniques   

 * 12:15 PM
   
   
 * 12:44 PM

TrackB

Lessons from the SolarWinds Hack: A CISOs Response

The popular SolarWinds hack, the supply chain attack that implanted a backdoor
in the Orion network monitoring software pushed to 18,000 of the firm's
customers, is considered to be potentially the most significant intrusion in our
history.  
The campaign's full scale, including all of the tactics, techniques and
procedures being used by attackers remaining unknown, has left most enterprises
across the regions in a state of shock. 
What are the lessons the CISOs need to learn from this attack? Do you have a
process to evaluate your vendor's security policies and frameworks? 

The panel will discuss:

 * How should the risk framework of supply chain vendors evolve;
 * The risks posed by different kinds of vendors;
 * Defining security by design approach while evaluating the third-party
   products.

 * 01:00 PM
   
   
 * 01:29 PM

TrackA

Ongoing Hybrid Warfare: Are You a Target for DDoS Attacks?
Nikolaos Thymianis, CISO, Caresocius

As Russia and Ukraine invasions are making the headlines, organizations across
the globe are facing a series of DDoS attacks. Besides, new forms of malware
intrusions are surfacing that can destroy infected machines. How are
organizations in the South East Asian regions responding to DDoS attacks? How
vulnerable are financial institutions to DDoS attacks? 

The session will discuss: 

 * How to strengthen your defenses against DDoS? 
 * Managing your risk exposure 
 * Attribution to the DDoS attacks 

 * 01:00 PM
   
   
 * 01:29 PM

TrackB

Can the Zero Trust Security Approach Mitigate your Threat Challenges
Soumo Mukherjee, Head of Security Architecture-Cybersecurity, Petronas

Where does the journey to ‘zero trust’ begin and what are the common entry
points and how can it unfold. Experts agree that ‘zero trust’ is based on the
premise, ‘assume breach’, and treat every asset as breached, and all traffic as
hostile.   
The plenary session will discuss how the way we approach security has changed
dramatically as security perimeters have dissolved and assess the maturity of
‘zero trust’ state with a realistic look at security and its dependencies with
other functions in securing the future work environment.  

 * 01:30 PM
   
   
 * 01:59 PM

TrackA

You Have Been Breached: Is Your Incidence Response Strategy Top Notch?
George Do, CISO, Gojek
Emil Tan, Chief Operating Officer, Red Alpha Cybersecurity
James Fong , Director Risk and Security Solutions – Asia, ServiceNow

The year 2021 stands as testimony to the large ransomware attacks witnessed
globally. The South East Asia is not an exception. The Southeast Asian region
will see a spike in multifaceted extortion with more public breaches, along with
an increase in ransomware-as-a-service operations in 2022. the increase will be
driven by "the incredible increase in cryptocurrency value and the difficulty in
attributing the arrest of people associated with a specific cyber campaign,
experts say.   

What needs to change as CISOs experience increasing hacking burnout in
preventing such malware intrusions? Can they operationalize technology in their
prevention and incidence response mechanism to address ransomware issues?   

The panel will discuss:   

 * Building an effective incidence response and investigation mechanism   
 * How do deal with the recovery response process in the event of an attack  
 * Taking a tactical and strategic approach to battling ransomware and
   protecting backups   

 * 01:30 PM
   
   
 * 01:59 PM

TrackB

Cyber Insurance: Response to Rising Ransomware Attacks

The cyber insurance industry has been challenged by the rising costs of
cyber-crime. The element of unpredictability of the cyber-crime world does not
work well for the industry. New coverage and rising renewal rates are a major
concern. Premiums are rising by 10 to 20-fold. Recent research reports show that
70% of cybersecurity professionals believe insurance payments to companies that
have paid a ransomware demand exacerbate the problem of ransomware and cause
more attacks.  Moreover, cyber insurance companies are targets themselves. The
question on everyone's mind is 'to what extent is cyber insurance fueling
ransomware attacks'?  

The session will also discuss:  

 * Will ransomware ultimately lead to the fall cyber insurance companies?     
     
 * How cyber insurance industry must approach the problem of ransomware?  
 * Ways to address skill shortage in the industry 

 * 02:00 PM
   
   
 * 02:29 PM

TrackA

OT Security: Bridging the Silos
Mel Migrino, Vice President and Group CISO, Meralco

Most OT systems are designed with very little consideration for security. With
increased cyber risk in this new digital transformation era, any approach to
bridge the IT and OT divide is mission-critical for enterprise security.  As a
CISO, can you reduce risk, security, and risk management functions silos to
bridge the security gaps?  Can you deploy the suitable asset inventory methods
and map the IT/OT risks?   

This session will discuss:   

 * Building complete visibility and monitoring of your IT and OT assets with the
   right access control   
 * Integrating OT threat monitoring into SoC for threat detection  
 * Essential steps to establish OT security 
   
   

 * 02:00 PM
   
   
 * 02:29 PM

TrackB

Are You SoC 2 Compliant? Assessing the Third-Party Risks
Shane Read, CISO, Hex Trust

With the risks from third-parties escalating at a fast pace,
enterprises across Southeast Asia are leaning towards SoC2, (Systems and
Organization Controls) an audit procedure that ensures services providers
securely manage their data and establish privacy and controls. How should CISOs
comply with this standard as organizations move to the cloud and take up the
digital transformation journey.  

The session will discuss: 

 * Why is SoC 2 important and how to integrate it with your ISO standard
   framework 
 * Establishing third party security using SoC 2 
 * Essential steps for CISOs in complying with the standard 

Panel Discussion : Impact of the Hybrid Cyber Warfare on the Supply Chain:
Sizing Up the Security Risks
Parag Deodhar, Director - Information Security, APAC, VF Corporation
Venkatesh Subramaniam, Global CISO & Privacy Head, Olam International
Kunal Sehgal, Former Managing Director, GRF, OT-ISAC

We typically think of supply chain attacks as stealthy attacks on hardware
components, such as malware on laptops and network devices. Still, the supply
chain attack was an attack on a service provider that cannot be ruled out as it
is a significant intrusion of the entire ecosystem. The supply chain attacks
ushers in the risk: supplier vulnerabilities which the common cause of
compromise. Keeping a watchful eye on suppliers' security status – always
knowing the risks they bring in – is an essential part of building resilience
and response.  

The session will discuss:  

 * Impact of the on-going hybrid cyber warfare on the supply chain across
   enterprises 
 * How to measure the risks and respond to supply chain attacks?  
 * Security by design approach to secure software applications and evaluating
   the suppliers’ products 


 * 02:30 PM
   
   
 * 02:59 PM

SPONSORS




SPEAKER INTERVIEWS

Changing Authentication for Employees - Navy Federal Credit Union’s Thomas Malta
on Applying CIAM...
Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains - ‘Supply Chain
Security Is...
The Critical Role of Dynamic Authentication - Wells Fargo's Sridhar Sidhu on
Redefining IAM...
NIST's Ron Ross: 'The Adversary Lives in the Cracks' - SolarWinds Breach Calls
Attention...
The Emerging Risks of 'Shadow Data'
Cloud Data Security - Why Now?
Importance of Medical Ethics in Cybersecurity - Christopher Frenz on Patient
Care After a...
Transforming an Organization's Security Culture - CISO Bobby Ford on Building a
New Cybersecurity...
Profiles in Leadership: Rob Hornbuckle, CISO, Allegiant - Beyond Security, More
Than Business: Where...
Profiles in Leadership: Selim Aissi, IMT (Ellie Mae) - Perspectives on the CISO
Relationship...
UK Cyber Security Council to Tackle Education, Standards - Dr. Claudia Natanson
Describes Vision...
Data Risk Governance: The BISO's Perspective - Patrick Benoit of CBRE on
Necessary Ingredients...
CISO Spotlight: Troels Oerting, World Economic Forum - Veteran Cybersecurity
Leader on Evolution of...
Driving Healthcare Innovation With a Security Mindset - ChristianaCare CISO
Anahi Santiago on Securing...
Touhill: What It Takes to Be Resilient - Ex-Federal CISO Starts New Role as...
Art Coviello: 'It's a Roaring '20s for Technology' - RSA's Former CEO on
State...
Election Security: Lessons Learned from 2020 - FBI's Elvis Chan on Why This
Was...
CISO Spotlight: Marene Allison, Johnson & Johnson - Reflections on Seismic
Change in 2020...
Do You Need a Human OS Upgrade? - CISO of World Health Organization on...
Ariel Weintraub Takes Charge of Cybersecurity at MassMutual - New Head of
Enterprise Cybersecurity...
Zero Trust': An Outdated Model? - Cyjax CISO Ian Thornton-Trump Offers a
Critique
John Kindervag: Reflections on 'Zero Trust' - Creator of the Strategy Assesses
11-Year-Old Model’s...
Better Identity Coalition: A Project Update - Jeremy Grant, Coalition
Coordinator, Discusses Identity Management...
Changing Authentication for Employees - Navy Federal Credit Union’s Thomas Malta
on Applying CIAM...
Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains - ‘Supply Chain
Security Is...
The Critical Role of Dynamic Authentication - Wells Fargo's Sridhar Sidhu on
Redefining IAM...
NIST's Ron Ross: 'The Adversary Lives in the Cracks' - SolarWinds Breach Calls
Attention...
The Emerging Risks of 'Shadow Data'
Cloud Data Security - Why Now?
Importance of Medical Ethics in Cybersecurity - Christopher Frenz on Patient
Care After a...
Transforming an Organization's Security Culture - CISO Bobby Ford on Building a
New Cybersecurity...

April 12 - 13, 2022

South East Asia Summit

Register
© 2022 Information Security Media Group, Corp.
Privacy & GDPR Statement  |  CCPA: Do Not Sell My Personal Data
Summits Roundtables Faculty About Contact Us

view profile