CISO Singapore schedule

This session will focus on the critical aspects of building and enhancing a modern developer security program. We will discuss the implementation, management, and scaling of security practices tailored to the unique challenges of software development. From integrating security into the DevOps pipeline to fostering a security-first culture, attendees will gain insights into the strategies and tools necessary to protect their applications and infrastructure effectively. As a CISO, navigating the landscape of vulnerabilities can be overwhelming. This session will provide insights into effectively prioritising risks within your organisation. We will discuss methods for assessing vulnerabilities based on their potential impact and likelihood of exploitation, helping you allocate resources where they are most needed. By implementing a risk-based approach to vulnerability management, you can strengthen your organisation's security posture and protect against the most pressing threats.

In this leadership session, Principal Security Solutions Architect at AWS, Alejandra Artiguez, will walk you through key mechanisms AWS leverages and discuss recommendations to foster a proactive, resilient security mindset and to up-level your own security strategy. She will share key cloud security trends observed across industries and actionable takeaways so you can leave this session equipped to reinforce your security culture and securely adopt emerging trends and technologies like Generative AI.

• What is the first order of business for a new CISO?
• How would you lay out the framework for the first three months?
• What challenges and change will you anticipate and how would you manage the team’s expectations and needs?

Moderator:

Fabian Hoo Executive Director EC-Council Global Services

Panel:

Baz Bosman Chief Information Security Officer Sephora Asia

Aslyn Koh Director, Technology & Digital Transformation Thomson Medical

Jimmy Hor Head IT Security, NUHS Synapxe

Kok Yew Toh VP, Audit and Regulatory Nomura

Why do many of us fall for dirty tricks even after we understand how they work?

From the slight-of-hand used by magicians, to the sleight-of-tongue used by politicians and pundits, to the sleight-of-mind that accompanies cognitive bias, we are all wired to deceive and to be deceived.

Join Caroline Soo, VP Customer Success APJ for KnowBe4 for an engaging exploration into the dark world of deception. After laying the groundwork for a basic understanding into our own inclinations and predispositions, Caroline will provide interactive examples of how human nature can be used against us.

Key topics will include understanding perception vs reality, how to make people believe anything in 3 easy steps, and what it all implies.

Learning Objectives:

• Recognise the psychology behind why we fall for scams and schemes
• List two easy-to-use models for why/ how we make decisions
• Define practical examples of how cybercriminals exploit our decision-making processes in this Digital Age
• Explain where and how we can ethically leverage the foundational principles of what we've covered

• Aligning the different perspectives between tech and non-tech leaders to establish common goals
• Fostering a growth-focused relationship with the board
• Presentation is key: What makes a good board presentation and how do you drive board-supported cybersecurity initiatives?

Moderator:

Bernard Tan ISACA Director - Industry Outreach ISACA Singapore

Panel:

Jenny Tan, President, ISACA SG Chapter

Justin Ong APAC CISO Panasonic

Yaron Slutzky CISO Agoda

Leonard Sim Head of Sales Engineering, ASEAN Sophos

Caroline Soo Vice President, Customer Success, APAC & Japan KnowBe4

Hosted by Tanium

As your IT environment expands your team’s left with the inevitable and challenging task to reconcile and understand what exists and what doesn’t. It’s not an easy puzzle to solve.

But, it’s possible. With clear business and technical risk context the job is far easier. And to get that you need a clear Risk Based Vulnerability Management strategy.

Join me and understand how it truly is possible for your team to solve the risk-based vulnerability puzzle.

During this session, we’ll explore how we can integrate modern technologies into business and security planning with minimal disruption. Join our session and get invaluable insights that will help you drive change, and build a cybersecurity driven culture.

In today’s digital landscape, the paradigm shift towards cloud computing has revolutionised the way organisations manage and secure their data. Amidst growing concerns about environmental sustainability, the focus on green data centers has become paramount. Cloudflare, a leading connectivity cloud company, presents a ground breaking approach to modernising cloud security for green data centres.

This presentation explores the journey from risk to resilience in cloud security, emphasising the adoption of sustainable practices for data centers. By leveraging Cloudflare’s Everywhere Security platform, organisations can implement modernisation principles that not only enhance security but also contribute to environmental sustainability.

• Understanding the Evolving Threat Landscape: Delve into the current cyber security threats facing by Singapore organisations, along with the unique challenges posed by traditional data security infrastructure. Discover their impact on cybersecurity priorities in Singapore
• Cloud Security Modernisation Principles: Why organisations in Singapore need to move beyond legacy security solutions and embrace a future-proof architecture like SASE to stay ahead of cyber threats. Explore Cloudflare’s innovative strategies for modernising cloud security, featuring zero trust architecture, edge computing, and sustainable scale-out infrastructure
• Benefits of Everywhere Security: Explore the advantages of Cloudflare’s Everywhere Security, designed to provide comprehensive protection for distributed, multi-cloud, multi-location environment. Learn about its unified, composable security platform, supported by mass scale threat intelligence, tailored for scalability and adaptability    

• How cyber hygiene supports our cyber responses to attacks and threats
• How can we improve our security measures as end-users?
• How do you manage cyber hygiene from a conglomerate perspective?

In the dynamic world of cloud-native applications, Artificial Intelligence (AI) has emerged as a game-changer. It’s not just a component, but a pivotal force that is redefining the security landscape of these applications.

At Aqua, we are at the forefront of this exciting intersection of AI and security. We are pioneering innovative solutions that leverage the power of AI to enhance security throughout the lifecycle of cloud-native applications.

The Zero Trust model continues to be the critical framework for protecting organizational assets, reducing risks and achieving regulatory compliance. This session will demystify Zero Trust common myths, provide clear, actionable insights and catalysts to get started. We will explore real-world use cases that highlight the tangible benefits and outcomes of adopting a Zero Trust approach and how if not already, it should be at the heart of your governance practices.

• What are the current challenges around preparing future cybersecurity talent for an ever-changing future?
• Exploring initiatives to close the talent gap: Can AI support the current talent shortage?
• Anticipating the right skills: What skills should a successful future team possess?

After Solarwinds and Log4j, governments are pressing CEOs for secure software development. Regulations like EU Cyber Resilience Act, Korea KISA, NIS2, BSI, DORA, ISO 21434 demand action for better software security. This talk examines these regulations, compliance, and their effect on open source development in worldwide and APJ.

• What are the current security challenges of IAM?
• How can the cybersecurity teams contribute to identity and access management?
• Navigate the complexities of IAM with your security processes and protocols
• Restrictions and allowances, where do we draw the line in the name of safety?

In the dynamic realm of digital transformation, organisations face the challenge of harmonising swift software delivery, transformative AI technologies, and robust security protocols. This session delves into the symbiotic relationship among DevSecOps, AI, and Value Stream Management (VSM) to navigate this intricate balance. Explore the integration of VSM and AI to elevate DevSecOps methodologies, empowering organisations to fortify their security stance adeptly. Join us to unlock a seamless delivery pipeline, fortified security, and enhanced business value amidst the ever-evolving threat landscape.

(Private invite only)

• Modern strategies in cybersecurity: How can we manage new threats that are emerging?
• Risk and threat management in 2024, how has this changed and what has stayed the same?
• How can we anticipate changes that 2025 will bring?

Moderator:

Stephen Gillies Technology Evangelist Fastly

Panellists:

Steven Sim Chair OT-ISAC Executive Committee 

Huang Shao Fei Group Chief Information Security Officer SMRT Corporation

Fenil Pathak Senior Manager, Information Security Officer – APAC Disney

Everyone understands the risks and challenges that passwords pose today. However, eliminating them completely may not be as easy as one might think, especially if you have to support a lot of legacy applications or different user populations that do not all have smart devices. Come join Kailashyar Kumar, Regional Director, from Ping Identity to learn how you can still get started on a journey to passwordless with practical examples.

• How to design and implement a robust cloud security auditing strategy that covers all critical components of your cloud infrastructure.
• What are the best practices for conducting comprehensive auditing on cloud accounts to ensure thorough coverage.
• What strategies can be implemented to take a proactive approach in identifying and eliminating security vulnerabilities, rather than reacting to breaches after they occur.

• How should we approach AI guardrail management within our organisation?
• Compartmentalising AI by risk: Identifying and addressing high risk AI
• Will we see the EU Artificial Intelligence act impact cybersecurity in Singapore and other parts of the world and how will this change materialise?

The past twelve months have been marked by continued global conflicts, financial instability and technological developments. These have all combined to create a feverish business environment characterised by high customer turnover, fiscal challenges and declining profits. Cybersecurity plays a major role in keeping a business’ operations online, and the negative impacts from a security breach go far beyond mere system downtime.

Join us for this session as we explore the long-term effects of cyber breaches, their effects on businesses, and how businesses can optimise their cybersecurity strategies to protect themselves from future attacks.

With the software supply chain becoming more complex due to developments like the rise of AI and increasing regulatory pressure, many organisations are struggling to keep pace. 

In this session, learn how to remove complexity and ease the resource strain associated with securing modern software through consolidation initiatives.

• Key trends and core challenges associated with security tool proliferation
• Blueprints for taking a consolidation initiative beyond TCO to improving overall risk management
• Addressing the all-important need for culture and empowerment
• Key learnings from actual customer consolidation journeys

Organisations are accelerating their pace of digital transformation, and this warrants strategic security planning amid the dynamic landscape of cyber threats. Frontier technologies such as AI are also re-shaping digital transformation. This session will discuss the strategies and frameworks for organisations to manage their cybersecurity and AI risks.

As APIs become the backbone of digital transformation, they also introduce new vulnerabilities that can be exploited by attackers, leading to severe financial, reputational, and regulatory consequences. In this talk, we will explore the critical importance of API security in today’s interconnected world, the common challenges organisations face, and why securing APIs should be a top priority. Join us to discover how proactive API security strategies can safeguard your enterprise and ensure long-term success in the digital age.

• Offensive versus defensive approaches to AI: How should AI be applied to each of the disciplines?
• Embracing the power of AI and newer technologies: How much is too much?
• The value-add that AI can bring to information security and where do we look for it?

Moderator:

Aaron Engel Chief Information Security Officer ExpressVPN

Panellists:

Christopher Lek Director, Cyber Security, Centre for IT Services Nanyang Technological University

Estelle Wang Head of Product Cybersecurity & Privacy Office Singapore Continental

Picklu Paul Senior Engineering Manager, Cybersecurity Grab

• Business fundamentals: What do you care about as an organisation? What would happen if a security breach meant those assets were no longer available?
• Phrasing this to the board
• Put in place an incident response plan
• What are you doing now and what would you change?

Moderator:

Neha Agarwal, Vice-President, IT Audit, Citibank

Panel:

Nan Maguire Head of Technology, Security Resilience & Third Party APAC abrdn

Bernard Tan ISACA Director - Industry Outreach ISACA Singapore

Darren Grayson Chng Regional Data Protection Director, APAC, Middle East & Africa Electrolux

Bruce Leong Director, Technology and Strategy Mt. Alvernia Hospital