Singtel | Trustwave Cybersecurity Forum 2021

Day 1 - Physical Forum - 22 October 2021, Friday • 08:30 - 13:00 (HKT) | CORDIS Hotel Hong Kong
Day 2 - Virtual Forum - 28 October 2021, Thursday • 09:00 - 13:00 (HKT)

Event Highlights

68% of businesses in APAC experienced an online breach in 2020. Cyberattacks will only increase and evolve as workplaces digitalise and employees continue to work remotely. How can enterprises stay ahead of these cybercriminals and avoid financial and reputational loss?

To be able to detect and respond swiftly to lurking threats, security leaders must consistently review their cybersecurity strategies and keep updated on the latest threat intelligence and hunting techniques.

Trustwave, a Singtel company, provides a comprehensive portfolio of managed security services to protect businesses and accelerate responses against cyber threats. A named MSS leader by analysts, Trustwave serves multiple segments and verticals by developing custom and mature security programmes to prevent, detect, respond and remediate threats and breaches.

Into its 8th year, Singtel | Trustwave Cybersecurity Forum 2021 will focus on how enterprise can protect their assets with up-to-date security architectures, advanced defence strategies and threat intelligence. In this 2-day hybrid event, this forum brings together 300 key security professionals and C-suite executives from various industries including the financial services, government, manufacturing, media, and retail industries.

Day 1 - Physical Forum Agenda

08:30 - 09:00	Registration & Showcase Visit

09:00 - 09:15	Opening Remarks Job Lam Director, Cybersecurity, Trustwave, a Singtel Company

09:15 - 09:45	Opening Keynote: Cybersecurity 2022: What to Expect Post-COVID 19? Read more Since the start of the pandemic, many organisations have transition to new business models and adjusted to hybrid work settings. We saw the rise of the remote workforce, cloud computing, and witnessed how organisations that embraced digital transformation thrived. While businesses and employees all over the world continue to embrace remote working, IT leaders are facing a plethora of new cybersecurity challenges – a distributed office setup also creates new opportunities for cyber threats. A Zero Trust approach is now vital to keep your organisation safe. What cyber security challengers will we expect in a post-pandemic world? What should businesses do to stay vigilant? Paul Jackson Regional Managing Director, APAC Head of Cyber Security & Investigations, Kroll

09:45 - 10:15	Keynote 1: Trustwave and Microsoft: Securing The Future Of Work Read more Bad actors are increasingly sophisticated, and now is a crucial time to tighten your security controls and strengthen protocols to mitigate your cloud and cyber risks. Tune in for insights on how to fully leverage the integrated solution from two worlds leading Technology and MSSP providers to deliver 24/7/365 in real-time Detection, Protection, and Mitigation of any cyber threat. Hear from Trustwave and Microsoft experts: • Achieving visibility • Identifying inefficient or slow security processes • How to perfect your detection and response capabilities • Evaluating integration standards Amy Lo Cloud Endpoint Technical Specialist, Specialist Technology Unit, Microsoft Daniel Ho Associate Director, Sales Engineering, Trustwave, a Singtel Company

10:15 - 10:45	Keynote 2: The Secure Enterprise Starts with Zero Read more Traditional security approaches can’t keep up with today’s cloud-first world. From an expanded attack surface to higher costs, they introduce more risk than reward. Build a secure foundation for successful transformation with a zero trust architecture instead. In this session you’ll learn precisely how zero trust compares to perimeter-based security and why it is critical in today’s environment, including: - How zero trust outperforms castle-and-moat - The latest data on the state of cloud security - Side-by-side comparison of network access, attack surface, and passthrough connections - Reducing risk requires reimagining your security. Michael Lam Senior Systems Engineer, Zscaler

10:45 - 11:15	Networking Tea Break and Showcase Visit

11:15 - 11:45	Keynote 3: Boundary-less - What’s Next for us in this new Cybersecurity Era? Read more The Covid era has greatly accelerated the pace of technological and organizational change. Beyond the shift to cloud-based solutions, the software supply chain has expanded in scale and complexity. And keeping up has led to the rapid roll-out of tools for connectivity, collaboration, and productivity – often without a thorough vetting process. In this presentation, Disney will share on: - How to improve visibility in boundary-less infrastructure - Effective approaches for better protecting an increasing complex attack surface - Best-practice for cyber security risk mitigation Disney Cheng Principal Security Engineer, Tenable

11:45 - 12:15	Keynote 4: Delivering Successful Network and Security Transformation with SD-WAN and SASE Read more The shift to a work-from-anywhere environment has created the urgent need for agile and secure network capabilities that can support the edge, including remote working, distributed clouds, and IoT. Security is heavily fragmented across multiple domains of physical locations, cloud resources, edge devices, and mobile users, and conventional data center MPLS networks and perimeter-based security models are no longer viable. Find out how you can build a future proof network environment with a holistic Zero Trust and SASE architecture – one that ensures security and compliance is addressed from the edge to the cloud, and: • Deliver the promise of SASE and protect users connecting to SaaS and public cloud platforms • Dramatically simplify network administration and management with comprehensive visibility and unmatched application intelligence through a single pane of glass • Construct a business case for rearchitecting your corporate network Edmund Tsoi Technical Manager of Hong Kong & Macau, Aruba, a Hewlett Packard Enterprise company

12:15 - 13:00	Panel Discussion: Is your cybersecurity ABC ready? – AI, Big Data, CloudRead more In an ever-escalating barrage of cyberattacks, enterprises are looking to deploy variety cyber defense tools that improve their cybersecurity posture. However, cybersecurity is more than just about technology. Failing to deploy intelligent and effective security measures may lead to cybersecurity gaps which will eventually put enterprises at risk. In this panel discussion, thought leaders and experts will discuss the importance of AI, Big Data and Cloud (ABC) security, provide insights on enhancing cyber intelligence and resilience, and demonstrate how to implement a proactive and effective cybersecurity strategies with world-class cyber defenders. Panel Chair: Harry Pun, Deputy Chairman, Cloud Security Alliance - Hong Kong and Macau Chapter Executive Panelists: Samuel Ng, Director, Cybersecurity & Analytics, Hong Kong Applied Science and Technology Research Institute (ASTRI) Dirk Engeler, CISO, The Hong Kong Jockey Club Fuller Yu, CISO, Hospital Authority Hong Kong Job Lam, Director, Cybersecurity, Trustwave, a Singtel Company

13:00 - 14:15	Executive Networking Luncheon (by invitation only), Lucky Draw and Showcase Visit

Day 2 - Virtual Forum Agenda

09:30 - 10:00	Opening Keynote: Building Cyber Resilience with Supply Chain Risk Management Read more In a pandemic, the resilience of every organisation and their supply chains will be tested. Supply chain attacks are now a focus for cyber attackers, disrupting businesses all over the world. As we move towards a digital, cloud-first economy, organisations must rethink their approach to cybersecurity and business continuity. This session dives deep into cybersecurity insights from the on-going pandemic and how businesses should enhance their security strategy for speed and resilience. Our experts will also share best practices in supply chain risk management that enable organisations to connect securely and transform digitally. Sukhdev Singh Director, Consulting & Professional Services(CPS), Trustwave, a Singtel Company

10:00 - 10:30	Keynote 1: 5 Ways to Mature Your Third-Party Risk Management Program Read more The expansion of the extended enterprise has reached a tipping point, fueled by cloud-based technology and outsourcing. In parallel, third-party data breaches are at an all-time high. There is a growing awareness that third-party cyber risk must be managed. Current approaches to managing third-party cyber risk are helpful but only provide a brief snapshot. To proactively mitigate risk, organizations need automated tools that continuously measure and monitor the security performance of vendors. During the session, David Hawkins will share how you can quickly launch, grow, or optimize the cyber risk elements of a third-party risk management program. Come join us to learn 5 ways to mature your current Vendor Risk Management program. David Hawkins Senior Consulting Engineer, BitSight

10:30 - 11:00	Keynote 2: Delivering Successful Network and Security Transformation with SD-WAN and SASE Read more The proliferation of remote workers and IoT devices at the edge has brought unique challenges for the digital enterprise. Cloud migration of applications also changed the way we approach network planning and related security requirements as legacy networks were not designed for the cloud-first world. Find out how you can build a future proof network environment with a holistic Zero Trust and SASE architecture – one that ensures security and compliance is addressed from the edge to the cloud, and to: - Deliver a best-of-breed WAN technology and cloud-delivered security solution, without compromise - Dramatically simplify network management with comprehensive visibility and unmatched application intelligence through a single pane of glass - Construct a business case for rearchitecting your corporate network Dean Vaughan WAN and Service Provider Business Unit Lead, Asia Pacific Aruba, a Hewlett Packard Enterprise company

11:00 - 11:30	Keynote 3: Delivering Zero Trust Frameworks with the Netskope SASE Architecture Read more What does Zero Trust mean? Why is it relevant now more than ever with today Digital Transformation? How can we achieve this goal with a Secure Access Service Edge Architecture! Michael Ferguson APAC CTO, Netskope

11:30 - 11:45	Networking Break and Showcase Visit

11:45 - 12:15	Keynote 4: The Truth about Machine Learning and What It Means for The Enterprise’s SOC Read more There are always two sides of a coin. The rise of machines and bots creates impact of cyber attacks as well as disruption. Yet if we make it right, AI and Machine Learning could be enabler in modernizing Security Operations. In this session, we will share some insights how AI/ML may refine security tools by accelerating incident responses once the malicious activities are identified in enterprise environment. We will also take a look how to use AI-driven cybersecurity technology to better recognize and address potential risks in your organization. Harry Pun Cybersecurity Executive, Greater China, Cybersecurity Solutions Group, Microsoft

12:15 - 13:00	Panel Discussion: Evolution of Cyber Threats: Malware And Zero-Day Attacks Are Not The Only RisksRead more No organisation is immune to cyber risks. Ransomware attacks surged by 150% in 2021, with high profile attacks against governments, companies and critical infrastructure. NWhile enterprises focus on protection against malware and zero-day attacks, it is the known vulnerability – N-day vulnerabilities – that may pose greater risks for enterprises. Hackers look for active exploits that may already exists, gaining remote access and total control of the enterprise network. To keep your business safe from N-day attacks, it is essential to take a proactive cybersecurity approach and keep your security architecture up to date. This session will provide insight to the current threat landscape, the evolution of cyber threats and how actionable cyber threat intelligence safeguards your business. Panel Chair: Chadi Hantouche, Partner, Wavestone Executive Panelists: Gabriel Chan, Head of Global IT, GAW Capital Partners Parag Deodhar, CISO, Director, Information Security, VF Asia Ltd Michael Lam, Senior Systems Engineer, Zscaler

13:00	Lucky Draw and Showcase Visit

Speakers

	Dean Vaughan WAN and Service Provider Business Unit Lead, Asia Pacific Aruba, a Hewlett Packard Enterprise company Dean Vaughan is responsible for enterprise and service provider business for Auba WAN business across Asia Pacific, including go-to-market and channel strategies to drive partner engagement and customer acquisition. Previously, Vaughan served in various enterprise technology sales leadership positions at Oracle Cloud Platform Solutions (ASEAN), Oracle Virtualization and Linux business unit (AN/Z), Oracle Cloud Infrastructure business unit (APJ) and NCR Corporation’s Cisco Systems Network Integration business (Asia Pacific).

	Edmund Tsoi Technical Manager of Hong Kong & Macau Aruba, a Hewlett Packard Enterprise Company Edmund Tsoi is the Technical Manager of Hong Kong & Macau at Aruba, a Hewlett Packard Enterprise Company. With over 18 years of experience in Information Technology and Telecommunications, Edmund has extensive technical knowledge with unique insights. Edmund has joined Aruba for more than 13 years. He has been focusing on researching new technologies and solutions to assist clients’ business needs and to accelerate the digital transformation and business development. His clients mainly come from Casinos, Medical Associations, Public Utilities, Education Organizations and the Government Departments. He leads the consulting team and provides the best and professional services to his clients. Edmund is certified as Aruba Mobile First Expert which is the highest recognition in Aruba. He has excellent capabilities of handling network design, ClearPass and WLAN mobile communication.

	David Hawkins Senior Consulting Engineer BitSight David Hawkins has been in the security industry for approximately 20 years, having worked with organizations like CA, RSA Security, and Symantec, and has been primarily focused on identity and Access Management, as well as physical security. David also held the responsibility of managing internal business processes to include Proposal Management, Security Assessments, and validating compliance via attestation processes for RSA Security and a number of smaller companies since 2012. David has conducted approximately 100 Vendor Risk Management workshops for BitSight in the past three years, helping organizations to grow and improve their Vendor Risk Management programs.

	Gabriel Chan Head of Global IT GAW Capital Partners Gabriel has 20 years' experience in cyber security and technology risk management, specialising in the banking and financial industry. As the Head of Global IT in Gaw Capital, he is responsible for the technology development, IT operation and cyber security strategy across the international group. Prior to his current role, Gabriel served as the Regional Head of Information Security (Asia) for ABN AMRO Bank. Before that, he was the cyber forensic investigator for Bank of America Merrill Lynch. Back in 2005, he worked in JP Morgan as the regional lead of the ethical hacking team. And Gabriel first started his career as a system and network specialist in Bank of China (HK).

	Samuel Ng Director, Cybersecurity & Analytics Hong Kong Applied Science and Technology Research Institute (ASTRI) Passion fuelled cybersecurity professional with leadership trained by armed forces, Samuel has extensive experience in all cybersecurity domains from both technical and management perspectives. He brought value to organisations by balancing governance, controls, and business strategies ultimately upholding the CIA Triad (Confidentiality, Integrity, Availability) at highest standards. As a 14-years Malaysian army veteran with a master’s degree and multiple infosec-recognised certifications, he progressed his career to Hong Kong, contributed to various sectors including: banking, telecommunication, cloud, IT infrastructures, start-ups etc. Currently exercising his expertise in Hong Kong Applied Science and Technology Research Institute (ASTRI), responsible for strategic planning and leading research directions of cybersecurity and data analytics.

	Dirk Engeler CISO The Hong Kong Jockey Club Dirk has over 29 years of Information Security experience starting his career in Melbourne, Australia with Fujitsu. He began working with federal government and defence along with retail, local and state government industries. He has worked in global cyber security teams across various financial services organisations including Commonwealth Bank of Australia, ANZ Bank, National Australia Bank, AIG. Dirk joined the Hong Kong Jockey Club as the Chief Information Security Officer and Head of Technology Risk in 2019 and is driving a transformation and move to automate cyber security capabilities. Prior to joining the Hong Kong Jockey Club, Dirk worked as the Global Head of Cyber Security for Australia’s latest Bank helping to build one of the first digital banks in South Africa, Tyme Digital. He is a transformation leader of cyber security delivery and risk methodologies with a strong focus on digital banking and development of cloud strategy for financial services, government, and critical infrastructure services. Dirk studied Computer Science & Technology at La Trobe University, and has numerous industry qualifications. He was appointed Chair of Cyber Committee for Fintech Association Hong Kong in 2018, and Co-Chair of the Cyber and Cloud Committee in 2020.

	Fuller Yu CISO Hospital Authority Hong Kong Fuller has more than 20 years of experience in technology risk management and information security for global financial service industry. He is now Chief Information Security Officer (CISO) of Hospital Authority Hong Kong. Prior to joining Hospital Authority, Fuller held various management roles including Director of Technology Risk Management of Credit Suisse, Head of Technology Risk Management and Cybersecurity of AIA Group, and Vice President of IT Risk Management of JPMorgan. He received his MBA and Master in Information Systems Management from Hong Kong University of Science and Technology. He is also a Certified Information Security Manager (CISM) and Certified Information Systems Security Professional (CISSP).

	Paul Jackson Regional Managing Director, APAC Head of Cyber Security & Investigations Kroll Paul Jackson is a Managing Director and Asia-Pacific Leader for Kroll’s Cyber Security and Investigations Practice, based in the Hong Kong office. Over a career spanning more than 25 years of service in some of the region’s highest levels of law enforcement and corporate enterprise, Paul has earned a stellar record of achievement as a cyber security practitioner, strategist, and thought leader. In addition to possessing deep knowledge regarding the region’s diverse geopolitical and cultural complexities, Paul has developed a highly nuanced view of global cyber security challenges from working with organizations such as Interpol, the U.S. Secret Service’s Electronic Task Force, and Microsoft’s Digital Crimes Consortium. Prior to joining Kroll, Paul was APAC Managing Director for Stroz Friedberg. In this role, Paul developed several of the firm’s products and services with an APAC focus, and personally led client engagements in cyber security assessments, C-level cyber incident table-top exercises, and data breach investigations. He also served as a thought leader and represented the firm in numerous venues, forums, and major public events.

	Amy Lo Cloud Endpoint Technical Specialist, Specialist Technology Unit, Microsoft Amy is the Cloud Endpoint Technical Specialist that focuses on Endpoint Security, Endpoint Management & VDI. She helps customers realize the full benefits of Microsoft’s Cloud for Business, and works with technical teams on solution designs, implementation and proof of concepts. She graduated from Hong Kong University of Science & Technology with major in Information Systems. She currently holds EC-Council Certified Ethical Hacker (CEH) and is the associate member of Cloud Security Alliance and Hong Kong Computer Society.

	Harry Pun Cybersecurity Executive, Greater China, Cybersecurity Solutions Group Microsoft Deputy Chairman Cloud Security Alliance - Hong Kong and Macau Chapter Harry serves as Cybersecurity Executive in Microsoft for Greater China Region. Harry brings with him more than 20 years of experience in IT and Information Security including solution selling and consultancy in the Greater China region. Prior to his current role, Harry was Director, Cyber Security of Singtel. He was responsible for managing overall Cyber Security business in Hong Kong. Harry also held several key positions with a variety of IT vendors including Dimension Data, NTT Security, Verizon Terremark and Symantec. Harry holds Master degree and Bachelor Degree in Engineering from the Chinese University of Hong Kong. He is also a Certified Information System Security Professional (CISSP). In security community, Harry is Deputy-Chairman (Hong Kong) of Cloud Security Alliance (Hong Kong & Macau Chapter).

	Michael Ferguson APAC CTO Netskope Michael ‘Fergo’ Ferguson is APAC CTO. Netskope. He is a highly customer-focused security professional, having worked in the cyber security industry for over 15 years across the Asia Pacific Region. Michael has been CISSP certified for over 6 years, speaking at various industry events (e.g. Gartner, AISA), whilst also working on large Data Loss Prevention and Cloud Security projects with some of Australia's most recognizable organizations such as Westpac Bank, CCA and Macquarie Bank. Michael has extensive web, email and cloud security experience, specializing in running DLP and Insider Threat programs. Michael is English by birth but migrated to Sydney, Australia twelve years ago.

	Disney Cheng Principal Security Engineer Tenable Disney Cheng is Tenable’s Principal Security Engineer for the Asia Pacific Region. He evangelizes the criticality of Cyber Exposure, importance of vulnerability assessment and how to move ahead to vulnerability management. Disney also help different organization to address fundamental needs of Cyber Security – inventory assets, identify vulnerabilities and device is secure configured. And ultimately organization can enhanced security posture by automate the process, analyze the outcome and adjust their security planning and policy accordingly. Disney has more than 20 years of experience in the information technology industry, with expertise in information security. He has led and participated in a wide array of IT security projects and solutions such as remote penetration tests, security assessments, network security and content security solutions across various counties in APAC, including Hong Kong, Singapore, China, Taiwan, Japan and Australia.

	Daniel Ho Associate Director, Sales Engineering Trustwave, a Singtel Company Daniel Ho has over 18 years’ experience as an IT professional with strong expertise in IT security management, and IT enterprise architecture, managing a team of experienced consultants and working with companies to protect them from cyber-attacks. Currently he is an Associate Director, Sales Engineering at Trustwave. Daniel has extensive experience from emerging technology areas such as ATP, SIEM, WAF,EDR as well as consulting services like PCI QSA, ISO 27001, Pen Test, Red Teaming and Incident Response. He holds multiple information security designations, including CISSP, CEH, CISA, CDPSE and ISO 27001 LA.

	Job Lam Director, Cybersecurity Trustwave, a Singtel Company Job has a rich experience on Cybersecurity Framework (NIST & Mitre), Security Operation, and Red Teaming, and is focused on enabling the FSI and critical infrastructure sectors in Hong Kong. Prior to Trustwave, Job led the Greater China business in IBM Security. His skills span across DLP, SIEM, SOC, incident response platform, managed security service, cloud security, and products and service management.

	Sukhdev Singh Director Consulting & Professional Services(CPS) CISSP, CCSP, CDPSE, CISM, CEA Trustwave, a Singtel Company Sukhdev is currently the Director for CPS (APJ) leading a team of trusted advisors. He brings with him more than two decades of leadership and hands-on experience in the different domains of cyber security. He has international experience in a foreign public service ,working with large technology MNCs and startups, building and leading diverse teams across Central Eastern Europe, Latin America, Middle East & Africa and APAC. Sukhdev started his cyber certifications about 20 years ago (BS7799 Lead Auditor, PCI QSA and CISSP) when cyber security was very new to the industry. Sukhdev graduated from NTU with a Bachelor of Engineering and has attended leadership training with institutions such as Boston University and Wharton-SMU.

	Parag Deodhar CISO, Director, Information Security VF Asia Ltd Parag is the Director - Information Security for Asia-Pac at VF Corporation. In his earlier role, he was the Asia CISO for AXA Group. Parag is a Chartered Accountant, Certified Information Systems Auditor from ISACA, US and Certified Fraud Examiner from ACFE, US. Parag has over 20 years’ experience in Enterprise Risk Management, specialising in Operational Risk, Information Security, Business Continuity and Fraud Risk Management. He has worked in Cyber Security, Audit, Consulting and Program Management functions with multinational companies like AXA Group, KPMG and Tech Mahindra.

	Chadi Hantouche Head of Cybersecurity and Digital Trust Asia-Pacific Wavestone Chadi leads the Asia-Pacific Cybersecurity and Digital Trust practice of Wavestone, a global advisory company. For over a decade, he has helped companies assessing their risk and maturity levels, and designing associated solutions. He has a focus on security to support innovative technologies (Big Data, Internet of Things, Cloud computing…) as well as prevention and reaction against cyberattacks (Incident Response, Red Team approaches…). Chadi is a regular speaker on international TV channels, newspapers and conferences, lecturer in several computer science universities, and cybersecurity trainer through the Hong Kong Institute of Bankers (HKIB).

	Michael Lam Senior Systems Engineer Zscaler As the Senior Systems Engineer in Zscaler covering the Greater China Region, Michael Lam carried out security consultancy, defining security strategies and best practices in his territory. He has over 15 years of work experience in top security companies with broad knowledge on cybersecurity in various areas. He is also an active speaker in various events, workshops in the region.