CISO Singapore schedule

This session will focus on the critical aspects of building and enhancing a modern developer security program. We will discuss the implementation, management, and scaling of security practices tailored to the unique challenges of software development. From integrating security into the DevOps pipeline to fostering a security-first culture, attendees will gain insights into the strategies and tools necessary to protect their applications and infrastructure effectively. As a CISO, navigating the landscape of vulnerabilities can be overwhelming. This session will provide insights into effectively prioritising risks within your organisation. We will discuss methods for assessing vulnerabilities based on their potential impact and likelihood of exploitation, helping you allocate resources where they are most needed. By implementing a risk-based approach to vulnerability management, you can strengthen your organisation's security posture and protect against the most pressing threats.

• Examine the ethical scope of responsibility for CISOs in the implementation of AI-driven cybersecurity solutions – what should CISOs be responsible for?
• Assess the balance between AI innovation and safeguarding privacy, security, and compliance frameworks
• Explore strategies for CISOs to ensure transparency, accountability, and fairness in AI security systems
• Discuss the evolving role of the CISO in addressing AI-related cybersecurity risks and ethical dilemmas

Moderator:

Jason Lau Chief Information Security Officer Crypto.com

Panellists:

Tan Too Ping CISO Changi Airport

Kamran Rafiq Senior Assistant Director, Cyber Security MOH Office for Healthcare Transformation (MOHT)

Aniket Kulkarni Global Group CISO Circles

Leonard Ong Director, Cyber Defense Group & Chief Risk Office Synapxe

• Identify which cyber security metrics offer clear, actionable insights for senior management and boards
• Aligning cyber security performance with business goals and risk appetite
• Highlighting the importance of presenting cyber security data in a way that drives decision-making and strategic direction

• Outsmarting Emerging Threats: Implementing cutting-edge strategies and adaptive risk frameworks to stay one step ahead
• Engaging employees through continuous training and fostering a culture of transparent communication
• Syncing cyber security with business growth by aligning risk management with budgets, and cross-department collaboration to drive success without compromising security

Moderator:

Tobias Klingel Director of Information Security Aspire

Panellists:

Thuy Dinh Coordinator, Asia South Pacific Joint Operations Against Cybercrime Interpol

Steven Sim Chair OT-ISAC Executive Committee

Frankie Shuai APAC CISO Financial Services Sector

• Reviewing how the nature of modern software supply chains have changed, demonstrated using real-world case studies
• Preventative Measures: Highlighting proactive measures organisations can take in identifying and countering risks in the digital supply chain
• Exploring strategies to enhance transparency, accountability, and collaboration across the supply chain to mitigate vulnerabilities and ensure continuity

• Explore cutting-edge strategies to detect deepfake content and protect communication channels
• Harness multi-factor authentication (MFA), real-time identity verification, and employee training to defend against virtual impersonations
• Assess the role of biometric and behavioural recognition technologies in strengthening remote access security and safeguarding sensitive data
• Update cyber security training programs to foster a culture of scepticism and reduce vulnerability to digital threats

The Zero Trust model continues to be the critical framework for protecting organizational assets, reducing risks and achieving regulatory compliance. This session will demystify Zero Trust common myths, provide clear, actionable insights and catalysts to get started. We will explore real-world use cases that highlight the tangible benefits and outcomes of adopting a Zero Trust approach and how if not already, it should be at the heart of your governance practices.

• What are the current challenges around preparing future cybersecurity talent for an ever-changing future?
• Exploring initiatives to close the talent gap: Can AI support the current talent shortage?
• Anticipating the right skills: What skills should a successful future team possess?

• How can boards and senior leadership effectively align cybersecurity priorities with overall business objectives?
• What are the biggest communication gaps between cybersecurity teams, executives, and boards, and how can they be bridged?
• How can organisations break down departmental silos to create a more integrated approach to cybersecurity risk management?
• What governance frameworks and reporting structures best support collaboration between technical teams and executive decision-makers?

Panellists:

Scott Flower Co-Founder CI-ISAC International

Anil K Appayanna Chief Information Security Officer India International Insurance (III) Singapore

• Effectively Integrating AI into the Enterprise

- Navigating governance and transparency in AI adoption

• Managing Insider Threat in a complex environment

- Balancing trust, transparency, and detection without creating fear

- Leveraging cross-functional insights from HR, legal, and cyber teams

• Secure by Design

- Shifting to a security-first culture

- Insights and reflections

• Discover how a Risk Operations Centre (ROC) enhances cyber risk management through real-time monitoring and proactive decision-making
• Unpack key concepts like Value at Risk (VAR) and Enterprise True Risk Management (ETM) to prioritise threats effectively
• Incorporate the “language of risk” in comms for clearer communication of cyber threats to senior leadership and stakeholders
• Gain insights into building or optimising a ROC to align risk management with organisational objectives

• Using identity lifecycle management to reduce human error and enhance compliance with cybersecurity frameworks
• Leveraging identity data to detect, respond to, and mitigate breaches faster in your cyber security processes
• Privileged Access Under Attack: Implementing secure privileged access management (PAM) to protect critical systems from insider threats and advanced persistent threats (APTs)

Confidential Computing is an emerging technology to protect sensitive code while it is being processed. Its underlying technology, hardware-based Trusted Execution Environment (TEE), prevents unauthorized access or modification of applications and data while in use regardless of infrastructure access privileges. Additionally, an attestation process can assure that the isolated environment is secure and only the expected application can be executed. As one of the privacy-enhancing technologies, Confidential Computing plays an important role in TikTok's innovation in privacy and security. In this talk, we will give an overview of this technology - its past, present and future. Then, we will introduce our privacy innovation with Confidential Computing and potential use cases for data collaboration, data protection and software transparency.

• Navigating Singapore’s evolving regulatory landscape, including the Personal Data Protection Act (PDPA), to drive innovation responsibly
• Managing the privacy and cybersecurity implications of AI, IoT, and data-driven technologies amidst increasing cyber risks in a hyperconnected business environment
• Embedding privacy-first principles into digital transformation efforts to meet regulatory requirements and build consumer trust
• Ensuring robust cybersecurity measures in alignment with Singapore’s Cybersecurity Act and sector-specific guidelines, such as for financial services and critical infrastructure

• Explore strategies to integrate cyber security initiatives with broader business goals to strengthen organisational resilience and drive sustainable growth
• Unpack approaches to involve executives in cyber security strategies, ensuring it remains a top priority within the organisation
• Highlight the potential of cyber security as a strategic asset to deliver business value, enhance resilience, and establish a competitive edge
• How can organisations shift from reactive to proactive risk management, anticipating threats and building a robust security posture?

Moderator:

Joey Chua Director of Digital and IT Transformation Gulf Marine

Panellists:

Deepak Anand Maharaj CISO AirAsia

Lyle Sudheeran Madhavan Head, Program Management & Governance Sentosa Development Corp

Jenny Tan President ISACA SG Chapter

Christopher Lek Director, Cyber Security, Centre for IT Services Nanyang Technological University

Laura Lees Head of Cybersecurity for Client Citibank

• Discover how AI governance can address vulnerabilities exploited by increasingly sophisticated cyber fraud techniques
• Learn to implement secure, compliant AI systems that enhance fraud detection while safeguarding sensitive data
• Gain insights into balancing innovation and cyber security to build trust and resilience against digital threats
• Dealing with advance phishing and digital scam tactics as a business

Panellists:

Perry Young CISO Kyndryl

Jon Lau Director A*STAR - Agency for Science, Technology and Research

Anil K Appayanna Chief Information Security Officer India International Insurance (III) Singapore

• Prioritising critical risk areas to effectively allocate security resources
• Implementing automation and AI tools to streamline threat detection and response
• Enhancing collaboration across teams to align security efforts with organisational goals, all aimed at advancing your cyber security maturity despite reduced IT security budgets

• Techniques to influence lasting behavioural change in employees
• How can you effectively measure the success of training programs?
• Planning gamified phishing campaigns and immersive attack simulations for C-suite executives and non-technical teams
• Training approaches fand techniques for managing insider threats and supply chain vulnerabilities