Day One: 14 July 2020
Chairman´s Opening Remarks
Always Be Testing, Always Be Assessing, Always Be Prepared
Parag Deodhar, Director - Information Security, Asia Pacific, VF Corporation
No matter the level of detail for a corporate enterprise BCP- a global pandemic affecting the entire globe was not included. That said, we are now all working with the assumption that this current pandemic will not be the last- and that we should expect further- even more regular- complete and total global disruption moving forward. Cyber Security executives are of course acting accordingly. To that end and per the session title- VF’s Parag Deodhar explains his philosophy moving forward.
Parag outlines three concepts to his new mantra:
- Know the who, what, where, when and why of your assets to get a better understanding of the attack surface to define your strategy accordingly
- Continuously review your assumptions which were true and valid to ensure they remain true and valid
- Truly understand your indicators of and controls for current and future security risks
Those concepts of the mantra find themselves in three key pieces to managing the unknown:
- Realizing that even if you’re ‘best in class,’ you are never doing enough testing
- Staying ahead of emerging new threats
- Continuously doing risk assessments with new partners, new tech, new processes and new controls
- Zeroing in on resources, management and technology as opportunities
- Updating/scaling current or sourcing new tech
- Understanding your people paradigm and plotting a path forward for your talent
- Unpacking your processes and optimizing for a secure enterprise
10:00 – 10:45am SGT
Adopting a Zero Trust Security Model
Sami Laine, Director of Technology Strategy, Okta
When companies moved their workforces to home offices in response to COVID-19, the IT security environment changed overnight. No longer could organisations maintain a network perimeter-centric view of security. At the same time, savvy hackers saw the change as an opportunity to target employees with phishing attacks.
Learn how you can enable employees and other users to access sensitive data and networks regardless of their location, device or network while still maintaining the highest levels of security.
This session discusses:
- How a Zero Trust approach ensures the right people have the right level of access, to the right resources, in the right context, and that access is assessed continuously — all without adding friction for the user
- Steps you can take to begin implementing a Zero Trust architecture today
11:00 – 11:45am SGT
The Evolving Role Of The CISO And Rise Of Digital Risk
Nick Savvides, Strategic Business Director, APAC, Forcepoint
The role of the CISO has changed considerably over time, from the old days of being the niche executive, fulfilling a key but often maligned part of the business, to more recently as a critical business leader.
The last few years have elevated the CISO to be part of the business and a business enabler but that is no longer enough in a Digitally Transformed enterprise. Every aspect of our businesses have been touched by Digital Transformation including cyber-security. It has giving rise to all new cyber-security problems, but also to new business risks. Digital Risk as an adjacency to traditional enterprise risk has developed as practice.
Tomorrow’s CISO’s must understand not just enterprise risk, but digital risk, blending both cyber-security and business priorities, all while effectively integrating into the leadership and operations of the digital business. It is no longer enough to be a business enabler, but a business partner and accelerator of change.
This session examines this change, the future outlook and how to prepare for it.
Defending Holman Webb with Cyber AI
1:00 - 1:45pm SGT
Putting the ‘Sec’ into DevOps
Matt Rose, Global Director of Strategy, Checkmarx
Automation and DevOps have changed the way organizations deliver products. The shift towards DevOps made it pretty clear that companies are adopting this organizational model in order to facilitate a practice of automated software deployment. While the traditional idea of a “software release” dissolves away into a continuous cycle of service and delivery improvements, organizations find that their traditional application security solutions are having a hard time to adapt to the new process and security becomes an inhibitor to the complete process.
In this session, you’ll learn how different organizations adopted security into their DevOps processes. What obstacles need to be addressed when introducing AppSec to DevOps and when should Sec be added to DevOps?
Join us to:
- Discover which obstacles should be expected and how to overcome them
- Understand what functionality is key to enable real automation of your AppSec program
- Explore the benefits of having security as part of your DevOps automation (what’s in it for me)?
2:00 - 2:45pm SGT
Your New Reality Of Remote Work is Not Secure
Dovid Clarke, CISO, Head of Cyber Security & Risk, MMG Limited
Dovid Clarke's time in the military taught him to trust but verify. He's verified the situation, your new reality of remote work for your enterprise is not secure. The threat landscape has simply become too vast for cyber security executives to think otherwise. We discuss the answers to five key questions to ensure that your new reality of remote work is more secure by the end of the day, week, month and year respectively:
- Do you know your risk appetite?
- Are you aligned with your enterprise risk process?
- What’s your mix of protect (identify) and detect(respond and recover)?
- How have you changed your communication patterns?
- Is your team the innovation team?
Day Two: 15 July 2020
Chairman´s Opening Remarks
09:00 – 09:45am SGT
Discovering A Brief History Of Cyber Security & Our Latest Inflection Point
Jay Spreitzer, SVP, APAC Information Security Lead, Wells Fargo
Jay Spreitzer has been in the cyber security industry since it's infancy. He understands how not only the industry, but- like him- most initial talent came from the military. The Target breach changed everything as did DDoS attacks in the Financial Services industry. He provides his thoughts on these initial tent-pole events as well as the steady and systematic rise of malware and automated attacks. Finally Jay shares how our collective move to remote work has provided an inflection point from which we'll still be learning from into the future.
- An industry and initial group of executives born in the Military
- The Target breach which changed everything
- DDoS attacks in Financial Services
- The steady and systemic rise of Malware
- A realization of the shortage of personnel vs. increase in automated attacks
- The iterative remote worker evolution and eventual remote worker revolution
10:00 – 10:45am SGT
Comparing CASB Technologies for Cloud Security: What’s the Difference?
Jonathan Andresen, Senior Director Marketing, Bitglass
Enterprises are embracing cloud computing but few have fully considered the risks associated with device-to-cloud transformation from security breaches to data loss issues. Cloud access security brokers (CASBs) are often described as the firewall for the cloud and are the go-to solution to secure cloud services for many organizations. CASBs provide a breadth and depth of functionality that is indispensable for securing your data across applications, devices and networks. Yet not all CASBs are created equal, and it can be a challenge to identify which solution to deploy. From capabilities to the security of underlying architectures, there is much to consider.
In this exclusive session we will cover:
- The major differences between CASB architectures
- CASB deployment modes and how they provide different data protection
- Key items you need to consider to secure any app or device
- Practical use cloud security use cases that can apply to your organization
11:00 – 11:45am SGT
Mobile-centric Zero Trust Security Framework
Alex Mosher, Global VP Solutions, MobileIron
How should organizations reinvent themselves to drive digital transformation in the post-COVID-19 world? Infrastructure and operations leaders should implement an Everywhere Enterprise Zero Trust strategy focused on enabling dispersed workers and distributed infrastructure to serve customers everywhere.
Passwords are no longer sufficient protection against breaches because users are accessing information from a variety of untrusted devices, apps, networks, locations and services. So, in the reality of today's security world how does an organization protect itself? One answer is with a Zero Trust approach and framework to security. But with numerous theories about Zero Trust, how do you ensure that you've taken the right approach? in this session, discover how to:
- Drive business innovation with mobile productivity by giving employees the ability to use mobile, cloud and endpoints
- Enforce corporate security without impacting the user experience
- Redefine enterprise security strategies to address a perimeter-less environment
A New World Order needs a New GRC Approach!
Blair Hasforth, Account Executive, OneTrust
The world is different and will be different after this global pandemic. We are all more digital. Whether intentional or not we are collecting more data, both organisational and personal. The speed of change has found two extra gears, maybe three. Our network perimeter is wider, more diverse, more susceptible to attack. Our applications are more diverse, increasingly cloud based. We can now imagine many more types of crisis than before.
To meet these challenges our GRC needs to be Agile, so that we can be AntiFragile, in order to face this rapidly changing world. OneTrust’s dynamic platform is built to be part of the process, to manage; risk, compliance, security, privacy, vendors to prepare us for whatever our futures bring. It’s time for a new GRC Approach.
Visibility: A Foundation To Effective Security
Vladamir Yordanov, Sr. Dir. Solution Engineering, APAC, Gigamon
In this session we will cover how to build an effective and resilient cyber security solution with holistic visibility and information collection from all points of the IT infrastructure - physical, cloud and hybrid. We'll speak to how organizations can eliminate blind spots across the network, detect encrypted and hidden command-and-control channels, malware activities, unauthorized data exfiltration and more, quicker, while leveraging existing security investments. We'll discover how to eliminate blind cyber-defence spots and ensure maximum efficiency of the detection and protection security systems by providing the right information to the right tools. And we'll discuss how to build flexible and adaptable cyber defence architecture while maintaining or lowering cost of ownership.
2:00 - 2:45pm
Engaging In A Paradigm Shift On The Definition Of Secure
Jeff Campbell, CISO, Horizon Power
Jeff isn't satisfied with the fact that the migration to our current reality went smoothly. As that reality evolves, his focus remains steadfast on what matters most- a secure enterprise. Lessons have been learned in dynamic shifting of resources. As we move from cloud migration to cloud evolution, Jeff has everyone in the organization focused on a constantly forward thinking cyber security mindset.
- Enabling a zero trust model
- A must with a decentralized workforce
- Engaging in step-change thinking for BYOD/CYOD mentality
- Moving on from cloud migration to cloud evolution
- Truly honing in on critical assets and rich data sources
- Divining your next cyber security mindset- test, iterate, find a fit
End of Online Summit