2:00 - 2:15 PM |
Welcome and Introductions
- Jeff Moss, Founder, Black Hat + DEF CON
- Steve Wylie, General Manager, Black Hat
-
MC: Lidia Giuliano
Security Advisor/Consultant
Financial Services
With over 15 years' experience in the Defence, Financial Services and Telecommunications, Lidia Giuliano has an extensive background in security testing, vulnerability management and prevention and detection techniques. Originally from Melbourne, Lidia spent a number of years in the USA working and researching malware evasion and obfuscation techniques. She has been a past speaker at Black Hat, SecTor, DevSecCon, and has been published in various media.
Lidia has since returned to Australia where she continues her endpoint security research and speaks at conferences both at home and internationally. She is the conference organiser for BSides Melbourne, spends a lot of her time mentoring others and is passionate about growing the information security community.
|
2:15 - 2:40 PM |
Big Investment, Big Failures in Cybersecurity
From startups with massive risk appetite, to MNC spending hundreds of millions but failing to deliver good outcomes, this talk will explore how cybersecurity funding is not strongly correlated with success.
We will highlight the impact of a security culture: CISOs behaviour and expectations, from security-terrorist to laissez-faire ; from highly engaged to desperation to ever change a company's technical sclerosis.
We will cover first-hand examples of successes and failures, and how Tokopedia's cultural exception makes it a fertile ground for security.
-
Boris Hajduk
Boris Hajduk is CISO at Tokopedia, where the security team is responsible for securing 1% of Indonesia's GDP and more than 100m monthly active users. Prior to Tokopedia, he held several CISO positions where he built, led and matured global cybersecurity programs and teams for high-growth companies in industries ranging from e-commerce to banking and social networks across ASEAN, Russia, LATAM, UAE, Australia, France and Germany. Boris helped 3 global companies prepare for their IPOs, including a unicorn and a decacorn.
|
2:40 - 3:05 PM |
Cyber War 2022: Russia-Ukraine & Its Policy Implications
Everywhere – from Ukraine to Singapore – information is key to human survival. Therefore, information warfare is an inherent part of human conflict. Nation-states run thousands of computer network operations every day. Some are designed to support democracy and human rights, while others target and terrify innocent civilians. NATO has recognized cyberspace as a domain of warfare similar to land, air, and sea. However, the Internet encompasses enormous gray zones where crime, espionage, and war are hard to differentiate. This talk examines the cyber dimension of the Russian invasion of Ukraine, including military strikes, information operations, and attacks on civilian critical infrastructure. It discusses the creation of improved law, operations, strategy, and technology to deal with cutting-edge digital threats.
-
Kenneth Geers
Dr. Kenneth Geers works at Very Good Security. He is an Atlantic Council Cyber Statecraft Initiative Senior Fellow, a NATO Cooperative Cyber Defence Centre of Excellence Ambassador, and a Digital Society Institute-Berlin Affiliate. Kenneth served for twenty years in the US Government: in the Army, National Security Agency (NSA), Naval Criminal Investigative Service (NCIS), and NATO. He is the author of "Strategic Cyber Security", editor of "Cyber War in Perspective" and "The Virtual Battlefield", and technical expert to the "Tallinn Manual".
|
3:05 - 3:25 PM |
Networking Break
|
3:25 - 3:50 PM |
Building Great Security Teams in the New Normal
The new normal (Covid and post-Covid) has made it more challenging for CISOs to recruit, train, and retain highly effective cybersecurity teams. Will a hybrid staffing model (with gig workers, contract, CISO-as-a-Service) become an attractive option for organizations? What are the trade-offs, risks, and value propositions that CISOs need to be aware of? In this session, Tobias Klingel details ways he’s navigating the new normal to build great security teams.
-
Tobias Klingel
Tobias Klingel is the head of information security at Y Combinator-backed fintech startup Aspire. He has extensive industry experience, having previously led security at Siemens Mobility for the region. Tobias specializes in security infrastructure architecture, helping organizations to understand, implement and drive regulatory driven security solutions.
|
3:50 - 4:15 PM |
How to Prevent, Detect and Respond to Cybersecurity Incidents in Our Modern Interconnected World
Adversary skills and tools have improved during the last 20 years, we have more and more data, an environment more and more complex, interconnected, and virtual. But at the same time, we have more techniques to make the life of bad guys complicated: Big Data SIEMs, EDR, Cyber Threat Intelligence, and so on. Several real-world examples will be shared in this talk with a focus on the 3 first phases of Incident Management:
- Prepare: Know your crown jewels, prioritise, how to prevent and detect intrusion, attack yourself continuously, organise for an efficient response
- Identify: Triage and do not miss something important
- Contain: Be fast without impacting business and spoiling evidence
You will hear how challenges have been overcome and common mistakes to be avoided.
-
Franck Vervial
Franck Vervial currently serves as Regional CISO at L'Oreal (Fortune 500 companies world's largest cosmetic company). Prior to that, he was Head of Cyberdefence for Lazada (Alibaba Group). He has been working in Information Security for 14 years as manager and consultant. And before, as an Infrastructure Engineer for 10 years with an expertise in Unix/Linux. He moved from France to Singapore 8 years ago. His strong technical background in Infrastructure and working in Blue and Red Teams helps him to approach Cybersecurity with a real-world practical understanding of cyber risks in different types of industry such as Retail, E-Commerce and Banking.
|
4:15 - 4:55 PM |
CISO Longevity - A Panel Session
CISOs' responsibilities go beyond just the IT problem with a firewall installation; instead, they are responsible for developing a comprehensive cybersecurity strategy and managing the firms' cyber risks. They must be excellent communicators, managers, and thought leaders, driving cybersecurity culture and building the firm's stepping stones for cyber resilience. While rewarding and game-changing, this demanding role faces challenges; from conflicting reporting lines to constant overtime, the line seems to blur more and more in conjunction with the expanding attack surface and emerging cyber threats. Furthermore, various sources have estimated the average tenure for CISOs at 18 to 26 months. In this panel, we will hear from seasoned CISOs about how they build an environment that supports their success, overcome typical recruitment hurdles, and address reporting issues. They will also discuss what makes them change organizations sometimes faster than expected.
-
Moderator: Dr. Magda Lilia Chelly
Managing Director and a Chief Information Security Officer
On Demand
-
Indrani Chandrasegaran Kermorvant
Indrani Chandrasegaran is a seasoned Cyber Security Executive with total of 20 years’ experience in delivering cyber digital transformation programs, cyber governance advisory, technology advisory, cyber defense operations and managed security services in APAC, Middle East and Europe. She is versatile cyber security professional focused on a vision to advocate cyber security culture and helping organizations globally to rethink and innovate their enterprise cyber resilience program.
Indrani has served various leadership roles in global multinational firms within the region as Managing Director, VP Managed Security Services , Regional CISO, cyber security strategist where she spearheaded their cyber security services , establish cyber partnerships alliance and help transform their client digital transformation journey.
She is also a cyber technology enthusiast, actively contributes to product innovation strategies and serves as member of customer/partner advisory board with renowned Global Cyber Technology Vendors. She is a cyber thought leader and shares her knowledge on cyber topics in both local and international forums.
With her dynamic portfolio and vast experience in the industry, Indrani was awarded as the Top 20 Women in Cyber Security In Singapore 2020, Cyber Resilience and Information Security Award, Program Leader of the Year 2020 and Top 30 Women in Cyber Security ASEAN in the Year 2021.
Tapping on her success in the cyber industry, Indrani believes in giving back to the community. She actively partners global cyber mentorship programs to co-develop future cyber warriors with the mission to close the cyber skills gap and help secure the digital world.
She holds Masters In Information Technology along with security certifications as C-CISO, CISM, CIPM, CBCP, CBCLA, PRINCE2 and ISO27001 LA and ISO27001 LI.
-
Murari Kalyanaramani
Chief Information Security Officer
UOB Singapore
Murari Kalyanaramani is the Chief Information Security Officer (CISO) for UOB Singapore has over 20 years’ experience in Information & Cyber Security, Outsourcing & Supplier Management, Business Continuity, Information Systems Auditing and IT Risk Management. Prior to joining UOB, he worked in various leadership roles in several multinational corporations across the banking, consumer and consultancy industries.
On top of his role at UOB, Murari has taken on international and regional industry leadership and advisory roles. He currently serves as a Senior Industry Advisor for CIO Academy Asia and is a member of the Singapore Institute Directors. He previously served on the International Board of Directors for the Financial Services Information Sharing and Analysis Centre (FS-ISAC), FS-ISAC Asia Pacific Strategy Committee, ISACA International Professional Standards Committee and ISACA International Professional Standards and Career Management Committee.
-
Phoram Mehta
Phoram Mehta is the CISO for PayPal's Asia-Pacific region. A seasoned professional and technical leader with over two decades in Information Security, Mr. Mehta has been instrumental in building secure technology solutions for multiple companies across a spectrum of sectors including financial services, healthcare, telecommunication, and government in North America and Asia-Pacific regions.
Mr. Mehta currently serves on the ISACA Singapore board as Immediate Past President and advises cybersecurity startups in Singapore, India and US. Mr. Mehta is an active participant in Cybersecurity forums across Asia-Pacific and North America.
|
4:55 - 5:00 PM |
Closing Remarks
|
5:00 - 6:00 PM |
Networking Reception
|