Cybersecurity Summit: Mumbai
Hybrid Summit November 9 - 11, 2022
As organizations are returning to the earlier trend of working from the office, the challenge for security teams in stopping cyberattacks and breaches in 2022 continues, providing no respite for the weary. The recent directives from India's Computer Emergency Response Team (CERT-In) to the organizations to report breaches or any incident within six hours of discovery have put more pressure on the enterprises to reset their cybersecurity strategy.

As we progress into 2023, which is just a quarter away, CISOs from the region have the daunting task of building a cyber-resilient enterprise against the backdrop of the continuously changing threat landscape. The race now is against complexity, time, intelligence, speed and accuracy. India's policymakers and regulatory bodies articulate that we live in an AAJA world - Asthirata, which means volatility or a high rate of change; Anishchita, which means uncertainty and lack of clarity about the present and the future; Jatilata, which means complexity concerning multiple factors that impact critical decisions; and Aspashtata, which means ambiguity about the unprecedented and challenging times in the industry. Against growing chaos, what conversations do the security teams need to have, and what priorities and initiatives need to be established to tackle the threat challenges in 2023?

To gain insights into how to address the present challenges and use the right technology and frameworks, attend ISMG's cybersecurity summit as the global and regional cybersecurity thought leaders discuss critical aspects of cloud security, C-suite debate on the state of cybersecurity, data security and privacy, cryptocurrency, risk management, digital payments security, quantum threat to security, IoT, identity and access management, supply chain threats, and more. ISMG's events provide actionable education and exclusive networking opportunities with peers and subject matter experts. CPE credits are also available to all summit attendees.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
The Westin Mumbai Powai Lake
Name :
The Westin Mumbai Powai Lake
Address :
The Westin Mumbai Powai Lake, near Chinmayanand Ashram, Kailash Nagar, Mayur Nagar, Morarji Nagar, Powai, Mumbai, Maharashtra, India
Mathan Babu Kasilingam
CISO & DPO
Vodafone Idea Ltd.
Uday Despande (Conference Co-Chair)
CISO
Larsen & Toubro Group of companies
Vaishali Bhagwat (Conference Co-Chair)
Cyberlaw practitioner
VP Shintre & Associates Practicing Lawyer
Dr N Rajendran
Chief Digital Officer
Multi Commodity Exchange of India Ltd.
Shivkumar Pandey
Group CISO
BSE Ltd.
Anuprita Daga (Conference Chair)
President, CISO
YES BANK
Murli Menon
Director & CSO GDC and Adviser- Mentor CSR Atos (India)
Atos Global IT Solutions and Services Pvt Ltd
Amit Ghodekar
Vice President - Information Security
Axis Bank
Nikhil Chawla
Head - Global Information & Cyber Security
Colgate Global Business Services Private Limited
Justice B.N. Srikrishna
Former Judge
Supreme Court of India & Chairman - Data Protection Committee
Anand Venkatanarayanan
Co-Founder and Cybersecurity Researcher
DeepStrat
Anuprita Daga (Conference Chair)
President, CISO
YES BANK
Raghunandan Koushik
Regional Sales Director- India & SAARC
Helpsystems
Prof. D. Janakiram
Director
Institute for Development and Research in Banking Technology (IDRBT)
Hitesh Raul
Senior Enterprise Account Manager
Sophos
Manish Sinha
Director Sales Engineering
Trellix
Lt General (Dr) Rajesh Pant
Prime Minister’s Office,
Government of India
Lt General (Dr) Rajesh Pant is an internationally recognised Cybersecurity mentor, who is presently tenanting the prestigious appointment of National Cyber Security Coordinator in the National Security Council Secretariat of India. In this capacity he is responsible for coordinating all...
Terence Gomes
Country Head - Security
Microsoft India
Vaishali Bhagwat (Conference Co-Chair)
Cyberlaw practitioner
VP Shintre & Associates Practicing Lawyer
Uday Despande (Conference Co-Chair)
CISO
Larsen & Toubro Group of companies
Rajat Sen
Regional Director, India
FS-ISAC
Satyavathi Divadari
Chapter Chair
Cloud Security Alliance Bangalore Chapter (CSA)
Sameer Ratolikar
Senior Executive Vice President & CISO
HDFC Bank
Dr. Sourav Dutta
Executive Director IT
IDBI Bank
Maheswaran Shanmugasundaram
Country Manager for South Asia
Varonis
Vats Srivatsan
COO
SentinelOne
Brijesh Singh
Additional Director General of Police
Maharashtra Police
Singh is inspector general of police (cyber) in Maharashtra. He successfully implemented a criminal tracking and networking systems project in Maharashtra. He is also a designated special inspector general of police for women atrocity prevention, a special authority created by...
Milind G. Mungale
Managing Director & CEO
Protean InfoSec Services Ltd.
Mungale is the executive VP and CISO of Protean eGov Technologies Ltd. He is heading the information security, cybersecurity, network security, IT infrastructure, and data center functions of the organization. He has been given the charter to establish sustainability principles...
Sudip Banerjee
Field CTO, APJ
Zscaler
Banerjee is the field CTO for APJ at Zscaler. He has expertise in the banking and finance industry, with experience in driving digital transformation programs, public cloud SaaS adoption, and re-architecting network infrastructure for enhanced user productivity.
Sunil Muduli
Sr Sales Engineer
Trellix
Nischay Kandpal
Program Manager Evangelism , Product Specialist-Commercial
Microsoft
Mathan Babu Kasilingam
CISO & DPO
Vodafone Idea Ltd.
Kasilingam is the chief information security officer of Vodafone Idea Ltd. With over two decades of experience in information and cybersecurity, he was instrumental in building a robust cybersecurity defense and response mechanism for NPCI. He is also a member...
Amol Raina
Sr. ASE
GitHub
S N Panda
Cybersecurity Researcher and former Chief General Manager
Reserve Bank of India (RBI), Mumbai
Radhachran Shakya
Deputy Director General (Project Management), Department of Telecommunications (DoT)
Ministry of Communications, Government of India
Tanveer Shaikh
Manager – Sales Engineering (West)
Sophos
Gaurav Batra
Founder & CEO
CyberFrat
Jasbir Singh Solanki
CEO-Homeland and Cybersecurity
Mahindra Defense Systems Ltd.
Scott Leach
Vice President, Asia-Pacific
Varonis
Najm W. Bilgrami
Senior Vice President & National Head - Financial Lines
TATA AIG General Insurance Company Limited
He is currently heading the Financial Lines underwriting for Tata AIG General Insurance Co Ltd addition to being the National Head for Financial Lines Practice. Currently managing some of the largest Cyber and Directors & Officers Liability insurance programs in...
Bharat Panchal
Chief Industry Relations & Regulatory Officer – India
Discover Financial Services
Dinesh Krishna Pillai
Managing Director
De-Rix Pvt Ltd
Nitin Varma
Managing Director - India & SAARC
CrowdStrike
Diwakar Dayal
Managing Director, India & SAARC
SentinelOne
Dayal is regional director and country manager for SentinelOne’s business across India & SAARC, responsible for developing and executing EDR leader’s growth strategy for the region. He is a cyber security industry veteran with more than 23 years of experience...
Shivkumar Pandey
Group CISO
BSE Ltd.
Shikha Srivastava
Director & Board Member
Centre for Development of Telematics (C-DOT), Government of India
Khushbu Jain
Advocate
Supreme Court of India
Gurunandan Savnal
Lead Tutor and implementation expert in Risk Management, Member and Faculty for CISA course
ISACA Mumbai
Geetha Nandikotkur
Managing Editor & Conference Chair, Asia & Middle East
ISMG
Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs...
View Agenda
Welcome to ISMG's Cybersecurity Summit: Mumbai
Anuprita Daga (Conference Chair), President, CISO, YES BANK
Vaishali Bhagwat (Conference Co-Chair), Cyberlaw practitioner , VP Shintre & Associates Practicing Lawyer
Geetha Nandikotkur, Managing Editor & Conference Chair, Asia & Middle East, ISMG

The summit's objective is to provide education and exclusive networking opportunities to the participants with peers and subject matter experts. The program has been carefully designed with the support and guidance of the 'editorial advisory board,' including senior thought leaders from the region, to capture the regional security challenges that resonate with their current concerns. The summit editorial advisory board includes:

Conference Chair: Anuprita Daga, President, Chief Information Security Officer, Yes Bank

Conference Co-Chair:

  • Uday Deshpande, CISO, Larsen & Toubro Group of companies
  • Vaishali Bhagwat, Cyberlaw practitioner, V P Shintre & Associates Practicing Lawyer

Advisory Members:

  • Amit Ghodekar, Vice President - Information Security, Axis Bank
  • Dr. N. Rajendran, Chief Digital Officer, Multi Commodity Exchange of India Ltd.
  • Mathan Babu Kasilingam, CISO & DPO, Vodafone Idea Ltd
  • Murli Menon, Director & CSO GDC and Adviser- Mentor CSR Atos (India), Atos Global IT Solutions and Services Pvt Ltd
  • Nikhil Chawla, Head - Global Information and Cybersecurity, Colgate Global Business Services Private Limited
  • Shivkumar Pandey, Group CISO, BSE India
Anuprita Daga (Conference Chair)
Vaishali Bhagwat (Conference Co-Chair)
Geetha Nandikotkur
  • 09:15 AM
  • 09:29 AM
Keynote: The State of Cybersecurity in 2023: Can Enterprises Defend Themselves Against Rising Threat?
Lt General (Dr) Rajesh Pant, Prime Minister’s Office, , Government of India

The state of security is challenged with enterprises fighting the most unprecedented battles in 2022 after witnessing a surge in attacks and breaches. While Indian enterprises and governments have put their best foot forward to build a technology-driven future - making India one of the fastest-growing markets for digital technologies - it has also increased the vulnerability to cyber risk.   

Cybersecurity professionals and CISOs, in particular, have the daunting task of safeguarding their organizations and defending against attackers to deliver business value.  

The session will cover:    

  • The lessons learned from the past and how enterprises can reset their cybersecurity plans 
  • Cybersecurity vision for enterprises in 2023 
  • Best defense techniques for enterprise security to defend against rising threats
Lt General (Dr) Rajesh Pant
  • 09:30 AM
  • 09:39 AM
Keynote: Future of Banking: Security Innovations to Establish Cyber Resilience
Prof. D. Janakiram, Director, Institute for Development and Research in Banking Technology (IDRBT)

Despite being a traditional industry, banking and financial services are constantly evolving. Technological innovations redefine how banks operate in this world of digital transformation. Contactless, bots, blockchain, biometrics, AI, and cloud are some digital innovations in the financial services industry. 

This keynote session will deep dive into the changing nature of banking, including the risks and the security innovations, to support organizations in protecting the transactions ecosystem and establishing digital business and cyber resilience.

Prof. D.  Janakiram
  • 09:45 AM
  • 10:14 AM
Spotlight Session: Digital Transformation: CISOs as Transformation Leaders
Sameer Ratolikar, Senior Executive Vice President & CISO, HDFC Bank

All organizations across verticals have embarked on their digital transformation journey, and the banking sector has always been way ahead in the game, which is only getting intense. As most security leaders argue, this digital transformation is facilitated by the emergence of easy-to-use cloud-native technologies. As they do this, security is constantly raised as a key concern but needs to be dealt with as a critical enabler. 

One of the most exciting aspects is that in top banks, CISOs are spearheading the digital transformation initiative, going by the rule of thumb of "security by design" and evolving as transformation leaders. 

The session will cover: 

  • What are the hiccups and opportunities for CISOs spearheading the digital transformation journey and evolving as leaders? 
  • CISOs' priorities in driving this massive project in establishing a competitive business edge 
  • Balancing security and digital innovation by establishing "security by design" 
Sameer Ratolikar
  • 10:20 AM
  • 10:49 AM
  • 11:10 AM
  • 11:39 AM
Track A
Vats Srivatsan
Diwakar Dayal
Future of XDR : Myths and Reality
Vats Srivatsan, COO, SentinelOne
Diwakar Dayal, Managing Director, India & SAARC, SentinelOne

As organizations struggle to bridge the threat detection and response gap with enhanced budgets and innovative security technology solutions, CISOs are finding ways to embed extended detection and response (XDR) - the next evolution in threat detection solutions - into their existing frameworks.  

Unfortunately, practitioners need help finding a single definition widely accepted by analysts and vendors purporting to be knowledgeable on the subject.  

It is imperative to understand what XDR is about, how it can benefit your organization, why I should consider the technology in my enterprise security stack, and what I should expect from vendors who claim to have built the perfect mousetrap. how to make a long-term XDR architecture to enhance threat detection capabilities and are CISOs seeing value. 

  • 11:10 AM
  • 11:39 AM
Track B
Maheswaran  Shanmugasundaram
Scott Leach
Architecting Zero Trust With a Data First Approach
Maheswaran Shanmugasundaram, Country Manager for South Asia, Varonis
Scott Leach, Vice President, Asia-Pacific, Varonis

Cybersecurity providers must constantly adapt and evolve with the variety of ways in which the blast radius of attacks has been expanding. Organizations have built their security strategy around the concept of 'zero trust,' which departs from the conventional perimeter and asset-centric protection models. Where does the journey to 'zero trust' begin, what are the typical entry points, and how can it unfold? Truly reaping the benefits of a 'zero trust' strategy requires a complete and robust understanding of an organization's data landscape and establishing a practical data access governance framework. Without this, many of the benefits of 'zero trust' are lost, rendering it more of a diluted version of conventional models.   

The session will discuss:     

  • How to architect a data-first approach towards 'zero trust' involving its core elements  
  • Assess the maturing of 'zero trust' state with a realistic look at security  
  • Using 'zero trust' to secure the future work environment 
  • 11:10 AM
  • 11:39 AM
Track C
Nitin  Varma
Defending Against Ransomware: You Are Not Alone
Nitin Varma, Managing Director - India & SAARC, CrowdStrike

As ransomware attacks continue to hold businesses hostage and prevent organizations from operating to the desired extent, the industry demands an innovative solution that uses advanced AI to detect unknown attacks. 

The daunting task for CISOs is to be cognizant of the fact that it is only a matter of time before they get attacked and to decide whether to pay or not pay to gain their data or lose everything. 

The session will cover: 

  • A practical approach for early detection of ransomware and identity thefts 
  • Build a robust architecture to minimize the impact of compromises on business operations 
  • A well-orchestrated strategy to spot the gaps and weaknesses and build a strong security posture 

  • 11:45 AM
  • 12:14 PM
Track A
Najm W.  Bilgrami
Cyber Insurance’s Response to Rising Ransomware Attacks: The Latest Hurdles
Najm W. Bilgrami, Senior Vice President & National Head - Financial Lines , TATA AIG General Insurance Company Limited

The cyber insurance industry has been challenged by the rising costs of cybercrime. The element of the unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are major concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks.  Moreover, cyber insurance companies are targets themselves. The question on everyone's mind is, ‘to what extent is cyber insurance fueling ransomware attacks?' What kind of questions do the CISOs need to be prepared for?  

The session will also cover:    

  • Will ransomware ultimately lead to the fall of cyber insurance companies?    

  • How the cyber insurance industry must approach the problem of ransomware    

  • Ways to address skill shortage in the industry and way forward for CISOs 

  • 11:45 AM
  • 12:14 PM
Track B
Anand Venkatanarayanan
Financial Fraud: Understanding Hacker’s Modus Operandi
Anand Venkatanarayanan, Co-Founder and Cybersecurity Researcher, DeepStrat

Organized cybercrime syndicates are using extremely sophisticated methods to target financial institutions, payment firms and e-commerce merchants. 

With the rise in organized financial crime, security and fraud teams are challenged with tackling cyber-enabled financial fraud and managing a growing strategic risk to their brand reputation.   

It is imperative to understand the hacker’s modus operandi, the attack components being used, and how to take control and build defenses to prevent fraud. It is also critical to know how to read into the fraudster’s mind to understand motivated attacks from every angle, limiting the effectiveness of the best one-dimensional defenses. 

The session will cover:   

  • Ways to understand the architecture of financial fraud and attack components 

  • New authentication methods to prevent fraud 

  • Best defenses to fight fraud and scale

  • 11:45 AM
  • 12:14 PM
Track C
Dr. Sourav Dutta
Blockchain Security in Action: Effective Implementation Steps
Dr. Sourav Dutta, Executive Director IT, IDBI Bank

A recent report states that the worldwide blockchain market is estimated to reach $20 billion in 2024. Sixty-nine percent of banks are exploring different avenues regarding blockchain technology to make their services safer. The adoption of blockchain has brought many advantages. In recent years, blockchain security has become a crucial part of organizations’ processes to prevent devices from cyberattacks and malicious hacking attempts. 

The session will cover:    

  • Enhancing blockchain forensic capabilities for fraud detection  

  • Challenges of implementing blockchain technology   

  • A security strategy for blockchain

  • 12:20 PM
  • 12:49 PM
Track A
Manish Sinha
Sunil Muduli
XDR: Game Changer for Modern SecOps
Manish Sinha, Director Sales Engineering, Trellix
Sunil Muduli, Sr Sales Engineer, Trellix

In the current threat environment, SOC teams continue to face the pressure of detecting an intrusion as quickly as possible before it becomes a significant security incident. With so many point products in use in a typical organization, it is often time-consuming and challenging for the SOC team to search through the noise to find important alerts that may indicate the presence of a threat in the environment. 

SecOps is more difficult today vs. two years ago. Improvements are ongoing as teams adopt future-forward practices, including deploying XDR.  

However, it is critical to understand what XDR is, what it is not, and how it’s increasing SecOps efficiency and enabling the SOC team to detect, respond and remediate threats across all attack channels in real time.  

 The session will cover: 

  • SecOps challenge in tackling phased malware attacks 

  • Advanced persistent threats and MITRE ATT&CK framework 

  • Creating better SOC operating models in the attack kill chain process 

  • 12:20 PM
  • 12:49 PM
Track B
Sudip Banerjee
A Practical Approach to Implementing a Zero Trust Security Model
Sudip Banerjee, Field CTO, APJ, Zscaler

Post the pandemic, along with protecting the organization from ever-changing cyberthreats, organizations are grappling with the newer challenges of hybrid workforce, rapid digital transformation and public cloud momentum.

While it is always desirable to grow the operations at speed and scale along with agility, it is equally important to balance the risks with the proper mitigation techniques. Most agree that, if implemented effectively, "zero trust" helps achieve this balance.

The session will cover:

  • The right approach to establishing a "zero trust" model in a phased manner with Zscaler's platform
  • How to achieve your tactical and operational goals with "zero trust"
  • How has the approach toward security changed as security perimeters disappear
  • 12:20 PM
  • 12:49 PM
Track C
Terence Gomes
Applying Smart Cybersecurity Strategies to Maximize Returns
Terence Gomes, Country Head - Security, Microsoft India

CISOs are under constant pressure from the board to curb security costs, although a bigger budget isn’t always a solution. The aspect of doing more with less isn’t restricted to IT tasks alone; it also extends to security, particularly with rising security costs and amplified threats.

The questions that arise among CISOs are how to simplify the organization’s security landscape to reduce cost? What are the effective ways to consolidate vendor licensing costs? Can automation help to enhance and modernize security operations?


The session will cover:

  • How CISOs could use cyber investments effectively to apply governance and processes that can reduce the TCO?
  • Practical steps to implement automation to improve operational efficiency, reduce incident response times and streamline processes
  • How to improve the bottom line with practical tools, and what can determine your investment strategies
  • 12:55 PM
  • 01:09 PM
Track A
Hitesh  Raul
Tanveer  Shaikh
Cybersecurity-As-a-Service: Is It the Future?
Hitesh Raul, Senior Enterprise Account Manager, Sophos
Tanveer Shaikh , Manager – Sales Engineering (West) , Sophos

Cybersecurity is too complex, too complicated, and changes too fast to be effectively managed by most organizations. The rise of ransomware brokers and the continued talent shortage mean defenders increasingly need security technology driven on their behalf. Automation is becoming the game's name as it holds the key to responding to incidents faster and possibly requiring fewer staff members on the security team. Most professionals say this is fuelling the phenomenon of 'Cybersecurity as a Service,' arguably going to be the future. The growth in MSSPs drives the trend by embedding technology into the overall fabric of enterprise technology and security architecture.   

The session will discuss:   

  • How Sophos will help build cyber resiliency with the cybersecurity-as-a-service?   

  • How are CISOs embracing this service to contend with the threat actors?    

  • Bridging the skill gap with the service 

  • 12:55 PM
  • 01:09 PM
Track B
Nischay  Kandpal
How Windows 11 Enables Zero Trust Protection
Nischay Kandpal, Program Manager Evangelism , Product Specialist-Commercial, Microsoft

The drive toward digital transformation and cloud is putting immense pressure on CISOs to secure the cloud, identities, applications, operations system and hardware chip against rising malware intrusions.

As businesses are getting agile and moving Windows 11 operating systems, security practitioners raise concerns about risks associated with the new OS. Experts agree that the OS comes with new security features and includes "zero trust" capability, hardware-based isolation, encryption and malware prevention turned on by default. It is also designed to make it easier for users to have the option to go passwordless.

It’s time to dive deep into some areas to analyze how the principles of the "zero trust" security model help protect all the layers of the cloud embedded in Windows 11.


The session will cover:

  • Ways to secure the chip to cloud
  • Applying the principles of "zero trust" in securing your hardware
  • Establishing a passwordless environment through OS
  • 02:00 PM
  • 02:29 PM
Track A
Rajat Sen
S N  Panda
Gurunandan Savnal
Satyavathi Divadari
Panel Discussion: State of Digital Payments Security: Response to Risks
Rajat Sen, Regional Director, India , FS-ISAC
S N Panda, Cybersecurity Researcher and former Chief General Manager, Reserve Bank of India (RBI), Mumbai
Gurunandan Savnal, Lead Tutor and implementation expert in Risk Management, Member and Faculty for CISA course, ISACA Mumbai
Satyavathi Divadari, Chapter Chair, Cloud Security Alliance Bangalore Chapter (CSA)

The Parliament informed that 2.9 lakh digital banking and payments-related cyber security incidents happened in the recent past were driven by phishing, ransomware attacks, cyber espionage, DDoS, viruses, spoofing, website hacking, among others. Organizations need to ramp up their authentication efforts in light of a 70% increase in cashless transactions, which has led to increases in attempted fraud. 

The movement to cashless transactions and the surge in e-commerce have led to new fraud patterns, including growth in digital skimming of payment information from online checkout functions and an increase in fraud perpetrated through creating fake UPI real-time payment IDs. 

The session will discuss: 

  • State of digital payments and security risks 

  • New authentication standards 

  • New tools and technologies used to mitigate and responding to risks  

  • 02:00 PM
  • 02:29 PM
Track B
Milind G. Mungale
Dinesh Krishna  Pillai
Shivkumar Pandey
Vaishali Bhagwat (Conference Co-Chair)
Panel Discussion: Complying With CERT-In's Directives of Breach Reporting and Log Retention: Where Are the Hiccups?
Milind G. Mungale, Managing Director & CEO , Protean InfoSec Services Ltd.
Dinesh Krishna Pillai, Managing Director , De-Rix Pvt Ltd
Shivkumar Pandey, Group CISO, BSE Ltd.
Vaishali Bhagwat (Conference Co-Chair), Cyberlaw practitioner , VP Shintre & Associates Practicing Lawyer

The Indian Computer Emergency Response Team (CERT-In) has issued directives under section 70B of the IT Act, 2000, that both government and private organizations in the country must inform the agency within six hours of discovering a cybersecurity incident. In case of non-compliance, the company is liable to pay a maximum penalty of about INR 1 lakh.

While the new guidelines are designed to tackle cybercrime effectively, they are likely to pose challenges to companies in terms of adhering to the six-hour rule. In addition, it has directed all service providers, intermediaries, data centers, corporate bodies and government organizations to retain the logs securely for a period of 180 days within the Indian jurisdiction. 

What does this directive mean to the security practitioners, and what are the ways to comply with this? How are CISOs complying with this directive and where are the bottlenecks? 

The session will cover:  

  • The practical challenges of complying with these directives  
  • How can practitioners reset their internal structure? 
  • Consequences of retaining logs for the specified time period
  • 02:00 PM
  • 02:29 PM
Track C
Mathan  Babu Kasilingam
Shikha  Srivastava
Radhachran Shakya
Panel Discussion: Riding the 5G Security Wave: Sizing Up the Risks
Mathan Babu Kasilingam, CISO & DPO, Vodafone Idea Ltd.
Shikha Srivastava, Director & Board Member , Centre for Development of Telematics (C-DOT), Government of India
Radhachran Shakya, Deputy Director General (Project Management), Department of Telecommunications (DoT), Ministry of Communications, Government of India

With the evolution of IoT, enterprises are now riding on 5G security to achieve incredible speed, bringing in greater complexity. Experts say the high-bandwidth and low-latency 5G networks connect everything from health systems to self-driving vehicles and critical infrastructure. It is argued that the structure of 5G networks will be more complex than 2G, 3G or 4G, with the increased use of virtualization and software-defined networking. This will result in rising concerns around privacy and security challenges.  

The session will cover:   

  • What security challenges will 5G bring?   

  • How to introduce 5G into security standards   

  • How to protect the supply chain and establish third-party assurance of 5G network devices     

  • 02:35 PM
  • 03:04 PM
Track A
Raghunandan  Koushik
Risks With FTP: Ways to Modernize and Secure Your File Transfers
Raghunandan Koushik , Regional Sales Director- India & SAARC, Helpsystems

Most organizations still use custom scripts, manual processes or legacy solutions to exchange information with customers, partners or other recipients. They do it despite the extra time, cost and challenges associated with maintaining these outdated methods, given the lack of flexibility and security it brings in. 

Besides, the existing file transfer processes are rigid in accommodating your growing file transfer challenges. 

The session will cover: 

  • How to securely transfer files to and from cloud applications 

  • Establishing centralized control, automation or security to accommodate multiple file servers 

  • New encryption methods to comply with MAS/PCI DSS standards 

  • 02:35 PM
  • 03:04 PM
Track B
Amol  Raina
Efficient Ways to Integrate DevOps and DevSecOps to Establish a Secure Software Development Life Cycle
Amol Raina, Sr. ASE , GitHub

As businesses scale up with agile development processes, cloud and DevOps, traditional security can no longer be the showstopper. Security must integrate with the DevOps process to ensure responsibility is shared and security is in-built. 

Most agree that DevSecOps is about security enablement at every stage within the organization: the people, process and technology. To get started with the DevSecOps journey, it is important to enable and empower the technology teams to start thinking about secure design first.  

While DevSecOps enables application security testing by the developer and by the tester into pre-production in a more automated fashion, experts argue that integrating DevOps and DevSecOps becomes crucial in establishing the secure development process.  

The session will cover: 

  • A "shift-left" strategy in DevSecOps to protect enterprises against attacks  

  • Complying with regulatory mandates around secure coding  

  • Applying automation to the application security testing process using DevSecOps 

Fireside Chat - Using AI to Build Cyber Defenses: Hype or Reality?
Jasbir Singh Solanki, CEO-Homeland and Cybersecurity, Mahindra Defense Systems Ltd.
Gaurav Batra, Founder & CEO, CyberFrat

The average business often receives 10,000 alerts from various software tools used to monitor threats and malware intrusions. The stakes are indeed high. This trend has prompted security leaders to focus on artificial intelligence (AI) to find patterns in vast volume of data. 

It’s critical to understand how technology vendors develop innovative AI approaches to detect malware, phishing campaigns, and other intrusions and how much CISOs align with this.      

While CISOs are writing AI-based algorithms to detect attack patterns, they sometimes overlook that the AI tool itself can become a new attack vector.    

The session will cover:    

  • Use case for deploying AI to build a cyber defense plan 

  • Using automation to bridge supply and demand gaps    

  • Integrating AI with people, processes and technologies for better detection 

Jasbir Singh 	 Solanki
Gaurav Batra
  • 03:25 PM
  • 03:44 PM
Plenary Session: Demystifying the Data Protection and Privacy Bill: What's Next for Security?
Justice B.N. Srikrishna, Former Judge, Supreme Court of India & Chairman - Data Protection Committee

The Indian government revoked the data protection and privacy bill years after it drew scrutiny from the tech industry over proposed governmental powers in accessing and managing personal data.

The government assured to propose a "comprehensive framework" for tech regulation that includes privacy.

Minister of State for Electronics and Information Technology Rajeev Chandrashekar said that the proposal grew in scope beyond data protection “and was creating degrees of complexity and increasing the burden of compliance on the small business.”

The bill, which would require most data about Indians to be stored domestically, was drafted by a 10-member committee of experts headed by Justice B.N. Srikrishna and released in 2019.

The two pertinent questions that arise are: What is next for security and privacy professionals now? What new regulations need to be embedded into the new framework?

This plenary session by Justice B.N. Srikrishna will provide insights on the way forward for security practitioners in protecting their data.

Justice B.N. 	 Srikrishna
  • 03:50 PM
  • 04:19 PM
Panel Discussion: Cybersecurity Outlook 2023: The Novel C-Suite Approach
Brijesh Singh, Additional Director General of Police, Maharashtra Police
Bharat Panchal, Chief Industry Relations & Regulatory Officer – India, Discover Financial Services
Anuprita Daga (Conference Chair), President, CISO, YES BANK
Uday Despande (Conference Co-Chair), CISO, Larsen & Toubro Group of companies
Khushbu Jain, Advocate, Supreme Court of India

The enterprises across India are encouraged to invest in the infrastructure needed to build a secure and robust platform for business transformation and support the digital economy.
Are they able to align their strategy with the business priorities and rise to the expectations in 2023? What needs to change both tactically and strategically to build a cyber-resilient organization?  
The C-suite panel comprising the CEO, CFO, CRO and CISO sets the goals for security in leveraging the right technologies, establishing the security culture and a collaborative strategy in accomplishing the task for 2023. 

Brijesh  Singh
Bharat  Panchal
Anuprita Daga (Conference Chair)
Uday Despande (Conference Co-Chair)
Khushbu  Jain
  • 04:25 PM
  • 05:04 PM

As organizations are returning to the earlier trend of working from the office, the challenge for security teams in stopping cyberattacks and breaches in 2022 continues, providing no respite for the weary. The recent directives from India's Computer Emergency Response Team (CERT-In) to the organizations to report breaches or any incident within six hours of discovery have put more pressure on the enterprises to reset their cybersecurity strategy.

As we progress into 2023, which is just a quarter away, CISOs from the region have the daunting task of building a cyber-resilient enterprise against the backdrop of the continuously changing threat landscape. The race now is against complexity, time, intelligence, speed and accuracy. India's policymakers and regulatory bodies articulate that we live in an AAJA world - Asthirata, which means volatility or a high rate of change; Anishchita, which means uncertainty and lack of clarity about the present and the future; Jatilata, which means complexity concerning multiple factors that impact critical decisions; and Aspashtata, which means ambiguity about the unprecedented and challenging times in the industry. Against growing chaos, what conversations do the security teams need to have, and what priorities and initiatives need to be established to tackle the threat challenges in 2023?

To gain insights into how to address the present challenges and use the right technology and frameworks, attend ISMG's cybersecurity summit as the global and regional cybersecurity thought leaders discuss critical aspects of cloud security, C-suite debate on the state of cybersecurity, data security and privacy, cryptocurrency, risk management, digital payments security, quantum threat to security, IoT, identity and access management, supply chain threats, and more. ISMG's events provide actionable education and exclusive networking opportunities with peers and subject matter experts. CPE credits are also available to all summit attendees.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

The Westin Mumbai Powai Lake
Name :
The Westin Mumbai Powai Lake
Address :
The Westin Mumbai Powai Lake, near Chinmayanand Ashram, Kailash Nagar, Mayur Nagar, Morarji Nagar, Powai, Mumbai, Maharashtra, India

Mathan Babu Kasilingam
CISO & DPO
Vodafone Idea Ltd.
Uday Despande (Conference Co-Chair)
CISO
Larsen & Toubro Group of companies
Vaishali Bhagwat (Conference Co-Chair)
Cyberlaw practitioner
VP Shintre & Associates Practicing Lawyer
Dr N Rajendran
Chief Digital Officer
Multi Commodity Exchange of India Ltd.
Shivkumar Pandey
Group CISO
BSE Ltd.
Anuprita Daga (Conference Chair)
President, CISO
YES BANK
Murli Menon
Director & CSO GDC and Adviser- Mentor CSR Atos (India)
Atos Global IT Solutions and Services Pvt Ltd
Amit Ghodekar
Vice President - Information Security
Axis Bank
Nikhil Chawla
Head - Global Information & Cyber Security
Colgate Global Business Services Private Limited

Justice B.N. Srikrishna
Former Judge
Supreme Court of India & Chairman - Data Protection Committee
Anand Venkatanarayanan
Co-Founder and Cybersecurity Researcher
DeepStrat
Anuprita Daga (Conference Chair)
President, CISO
YES BANK
Raghunandan Koushik
Regional Sales Director- India & SAARC
Helpsystems
Prof. D. Janakiram
Director
Institute for Development and Research in Banking Technology (IDRBT)
Hitesh Raul
Senior Enterprise Account Manager
Sophos
Manish Sinha
Director Sales Engineering
Trellix
Lt General (Dr) Rajesh Pant
Prime Minister’s Office,
Government of India
Lt General (Dr) Rajesh Pant is an internationally recognised Cybersecurity mentor, who is presently tenanting the prestigious appointment of National Cyber Security Coordinator in the National Security Council Secretariat of India. In this capacity he is responsible for coordinating all...
Terence Gomes
Country Head - Security
Microsoft India
Vaishali Bhagwat (Conference Co-Chair)
Cyberlaw practitioner
VP Shintre & Associates Practicing Lawyer
Uday Despande (Conference Co-Chair)
CISO
Larsen & Toubro Group of companies
Rajat Sen
Regional Director, India
FS-ISAC
Satyavathi Divadari
Chapter Chair
Cloud Security Alliance Bangalore Chapter (CSA)
Sameer Ratolikar
Senior Executive Vice President & CISO
HDFC Bank
Dr. Sourav Dutta
Executive Director IT
IDBI Bank
Maheswaran Shanmugasundaram
Country Manager for South Asia
Varonis
Vats Srivatsan
COO
SentinelOne
Brijesh Singh
Additional Director General of Police
Maharashtra Police
Singh is inspector general of police (cyber) in Maharashtra. He successfully implemented a criminal tracking and networking systems project in Maharashtra. He is also a designated special inspector general of police for women atrocity prevention, a special authority created by...
Milind G. Mungale
Managing Director & CEO
Protean InfoSec Services Ltd.
Mungale is the executive VP and CISO of Protean eGov Technologies Ltd. He is heading the information security, cybersecurity, network security, IT infrastructure, and data center functions of the organization. He has been given the charter to establish sustainability principles...
Sudip Banerjee
Field CTO, APJ
Zscaler
Banerjee is the field CTO for APJ at Zscaler. He has expertise in the banking and finance industry, with experience in driving digital transformation programs, public cloud SaaS adoption, and re-architecting network infrastructure for enhanced user productivity.
Sunil Muduli
Sr Sales Engineer
Trellix
Nischay Kandpal
Program Manager Evangelism , Product Specialist-Commercial
Microsoft
Mathan Babu Kasilingam
CISO & DPO
Vodafone Idea Ltd.
Kasilingam is the chief information security officer of Vodafone Idea Ltd. With over two decades of experience in information and cybersecurity, he was instrumental in building a robust cybersecurity defense and response mechanism for NPCI. He is also a member...
Amol Raina
Sr. ASE
GitHub
S N Panda
Cybersecurity Researcher and former Chief General Manager
Reserve Bank of India (RBI), Mumbai
Radhachran Shakya
Deputy Director General (Project Management), Department of Telecommunications (DoT)
Ministry of Communications, Government of India
Tanveer Shaikh
Manager – Sales Engineering (West)
Sophos
Gaurav Batra
Founder & CEO
CyberFrat
Jasbir Singh Solanki
CEO-Homeland and Cybersecurity
Mahindra Defense Systems Ltd.
Scott Leach
Vice President, Asia-Pacific
Varonis
Najm W. Bilgrami
Senior Vice President & National Head - Financial Lines
TATA AIG General Insurance Company Limited
He is currently heading the Financial Lines underwriting for Tata AIG General Insurance Co Ltd addition to being the National Head for Financial Lines Practice. Currently managing some of the largest Cyber and Directors & Officers Liability insurance programs in...
Bharat Panchal
Chief Industry Relations & Regulatory Officer – India
Discover Financial Services
Dinesh Krishna Pillai
Managing Director
De-Rix Pvt Ltd
Nitin Varma
Managing Director - India & SAARC
CrowdStrike
Diwakar Dayal
Managing Director, India & SAARC
SentinelOne
Dayal is regional director and country manager for SentinelOne’s business across India & SAARC, responsible for developing and executing EDR leader’s growth strategy for the region. He is a cyber security industry veteran with more than 23 years of experience...
Shivkumar Pandey
Group CISO
BSE Ltd.
Shikha Srivastava
Director & Board Member
Centre for Development of Telematics (C-DOT), Government of India
Khushbu Jain
Advocate
Supreme Court of India
Gurunandan Savnal
Lead Tutor and implementation expert in Risk Management, Member and Faculty for CISA course
ISACA Mumbai
Geetha Nandikotkur
Managing Editor & Conference Chair, Asia & Middle East
ISMG
Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs...

View Agenda
Welcome to ISMG's Cybersecurity Summit: Mumbai
Anuprita Daga (Conference Chair), President, CISO, YES BANK
Vaishali Bhagwat (Conference Co-Chair), Cyberlaw practitioner , VP Shintre & Associates Practicing Lawyer
Geetha Nandikotkur, Managing Editor & Conference Chair, Asia & Middle East, ISMG

The summit's objective is to provide education and exclusive networking opportunities to the participants with peers and subject matter experts. The program has been carefully designed with the support and guidance of the 'editorial advisory board,' including senior thought leaders from the region, to capture the regional security challenges that resonate with their current concerns. The summit editorial advisory board includes:

Conference Chair: Anuprita Daga, President, Chief Information Security Officer, Yes Bank

Conference Co-Chair:

  • Uday Deshpande, CISO, Larsen & Toubro Group of companies
  • Vaishali Bhagwat, Cyberlaw practitioner, V P Shintre & Associates Practicing Lawyer

Advisory Members:

  • Amit Ghodekar, Vice President - Information Security, Axis Bank
  • Dr. N. Rajendran, Chief Digital Officer, Multi Commodity Exchange of India Ltd.
  • Mathan Babu Kasilingam, CISO & DPO, Vodafone Idea Ltd
  • Murli Menon, Director & CSO GDC and Adviser- Mentor CSR Atos (India), Atos Global IT Solutions and Services Pvt Ltd
  • Nikhil Chawla, Head - Global Information and Cybersecurity, Colgate Global Business Services Private Limited
  • Shivkumar Pandey, Group CISO, BSE India
Anuprita Daga (Conference Chair)
Vaishali Bhagwat (Conference Co-Chair)
Geetha Nandikotkur
  • 09:15 AM
  • 09:29 AM
Keynote: The State of Cybersecurity in 2023: Can Enterprises Defend Themselves Against Rising Threat?
Lt General (Dr) Rajesh Pant, Prime Minister’s Office, , Government of India

The state of security is challenged with enterprises fighting the most unprecedented battles in 2022 after witnessing a surge in attacks and breaches. While Indian enterprises and governments have put their best foot forward to build a technology-driven future - making India one of the fastest-growing markets for digital technologies - it has also increased the vulnerability to cyber risk.   

Cybersecurity professionals and CISOs, in particular, have the daunting task of safeguarding their organizations and defending against attackers to deliver business value.  

The session will cover:    

  • The lessons learned from the past and how enterprises can reset their cybersecurity plans 
  • Cybersecurity vision for enterprises in 2023 
  • Best defense techniques for enterprise security to defend against rising threats
Lt General (Dr) Rajesh Pant
  • 09:30 AM
  • 09:39 AM
Keynote: Future of Banking: Security Innovations to Establish Cyber Resilience
Prof. D. Janakiram, Director, Institute for Development and Research in Banking Technology (IDRBT)

Despite being a traditional industry, banking and financial services are constantly evolving. Technological innovations redefine how banks operate in this world of digital transformation. Contactless, bots, blockchain, biometrics, AI, and cloud are some digital innovations in the financial services industry. 

This keynote session will deep dive into the changing nature of banking, including the risks and the security innovations, to support organizations in protecting the transactions ecosystem and establishing digital business and cyber resilience.

Prof. D.  Janakiram
  • 09:45 AM
  • 10:14 AM
Spotlight Session: Digital Transformation: CISOs as Transformation Leaders
Sameer Ratolikar, Senior Executive Vice President & CISO, HDFC Bank

All organizations across verticals have embarked on their digital transformation journey, and the banking sector has always been way ahead in the game, which is only getting intense. As most security leaders argue, this digital transformation is facilitated by the emergence of easy-to-use cloud-native technologies. As they do this, security is constantly raised as a key concern but needs to be dealt with as a critical enabler. 

One of the most exciting aspects is that in top banks, CISOs are spearheading the digital transformation initiative, going by the rule of thumb of "security by design" and evolving as transformation leaders. 

The session will cover: 

  • What are the hiccups and opportunities for CISOs spearheading the digital transformation journey and evolving as leaders? 
  • CISOs' priorities in driving this massive project in establishing a competitive business edge 
  • Balancing security and digital innovation by establishing "security by design" 
Sameer Ratolikar
  • 10:20 AM
  • 10:49 AM
  • 11:10 AM
  • 11:39 AM
Track A
Vats Srivatsan
Diwakar Dayal
Future of XDR : Myths and Reality
Vats Srivatsan, COO, SentinelOne
Diwakar Dayal, Managing Director, India & SAARC, SentinelOne

As organizations struggle to bridge the threat detection and response gap with enhanced budgets and innovative security technology solutions, CISOs are finding ways to embed extended detection and response (XDR) - the next evolution in threat detection solutions - into their existing frameworks.  

Unfortunately, practitioners need help finding a single definition widely accepted by analysts and vendors purporting to be knowledgeable on the subject.  

It is imperative to understand what XDR is about, how it can benefit your organization, why I should consider the technology in my enterprise security stack, and what I should expect from vendors who claim to have built the perfect mousetrap. how to make a long-term XDR architecture to enhance threat detection capabilities and are CISOs seeing value. 

  • 11:10 AM
  • 11:39 AM
Track B
Maheswaran  Shanmugasundaram
Scott Leach
Architecting Zero Trust With a Data First Approach
Maheswaran Shanmugasundaram, Country Manager for South Asia, Varonis
Scott Leach, Vice President, Asia-Pacific, Varonis

Cybersecurity providers must constantly adapt and evolve with the variety of ways in which the blast radius of attacks has been expanding. Organizations have built their security strategy around the concept of 'zero trust,' which departs from the conventional perimeter and asset-centric protection models. Where does the journey to 'zero trust' begin, what are the typical entry points, and how can it unfold? Truly reaping the benefits of a 'zero trust' strategy requires a complete and robust understanding of an organization's data landscape and establishing a practical data access governance framework. Without this, many of the benefits of 'zero trust' are lost, rendering it more of a diluted version of conventional models.   

The session will discuss:     

  • How to architect a data-first approach towards 'zero trust' involving its core elements  
  • Assess the maturing of 'zero trust' state with a realistic look at security  
  • Using 'zero trust' to secure the future work environment 
  • 11:10 AM
  • 11:39 AM
Track C
Nitin  Varma
Defending Against Ransomware: You Are Not Alone
Nitin Varma, Managing Director - India & SAARC, CrowdStrike

As ransomware attacks continue to hold businesses hostage and prevent organizations from operating to the desired extent, the industry demands an innovative solution that uses advanced AI to detect unknown attacks. 

The daunting task for CISOs is to be cognizant of the fact that it is only a matter of time before they get attacked and to decide whether to pay or not pay to gain their data or lose everything. 

The session will cover: 

  • A practical approach for early detection of ransomware and identity thefts 
  • Build a robust architecture to minimize the impact of compromises on business operations 
  • A well-orchestrated strategy to spot the gaps and weaknesses and build a strong security posture 

  • 11:45 AM
  • 12:14 PM
Track A
Najm W.  Bilgrami
Cyber Insurance’s Response to Rising Ransomware Attacks: The Latest Hurdles
Najm W. Bilgrami, Senior Vice President & National Head - Financial Lines , TATA AIG General Insurance Company Limited

The cyber insurance industry has been challenged by the rising costs of cybercrime. The element of the unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are major concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks.  Moreover, cyber insurance companies are targets themselves. The question on everyone's mind is, ‘to what extent is cyber insurance fueling ransomware attacks?' What kind of questions do the CISOs need to be prepared for?  

The session will also cover:    

  • Will ransomware ultimately lead to the fall of cyber insurance companies?    

  • How the cyber insurance industry must approach the problem of ransomware    

  • Ways to address skill shortage in the industry and way forward for CISOs 

  • 11:45 AM
  • 12:14 PM
Track B
Anand Venkatanarayanan
Financial Fraud: Understanding Hacker’s Modus Operandi
Anand Venkatanarayanan, Co-Founder and Cybersecurity Researcher, DeepStrat

Organized cybercrime syndicates are using extremely sophisticated methods to target financial institutions, payment firms and e-commerce merchants. 

With the rise in organized financial crime, security and fraud teams are challenged with tackling cyber-enabled financial fraud and managing a growing strategic risk to their brand reputation.   

It is imperative to understand the hacker’s modus operandi, the attack components being used, and how to take control and build defenses to prevent fraud. It is also critical to know how to read into the fraudster’s mind to understand motivated attacks from every angle, limiting the effectiveness of the best one-dimensional defenses. 

The session will cover:   

  • Ways to understand the architecture of financial fraud and attack components 

  • New authentication methods to prevent fraud 

  • Best defenses to fight fraud and scale

  • 11:45 AM
  • 12:14 PM
Track C
Dr. Sourav Dutta
Blockchain Security in Action: Effective Implementation Steps
Dr. Sourav Dutta, Executive Director IT, IDBI Bank

A recent report states that the worldwide blockchain market is estimated to reach $20 billion in 2024. Sixty-nine percent of banks are exploring different avenues regarding blockchain technology to make their services safer. The adoption of blockchain has brought many advantages. In recent years, blockchain security has become a crucial part of organizations’ processes to prevent devices from cyberattacks and malicious hacking attempts. 

The session will cover:    

  • Enhancing blockchain forensic capabilities for fraud detection  

  • Challenges of implementing blockchain technology   

  • A security strategy for blockchain

  • 12:20 PM
  • 12:49 PM
Track A
Manish Sinha
Sunil Muduli
XDR: Game Changer for Modern SecOps
Manish Sinha, Director Sales Engineering, Trellix
Sunil Muduli, Sr Sales Engineer, Trellix

In the current threat environment, SOC teams continue to face the pressure of detecting an intrusion as quickly as possible before it becomes a significant security incident. With so many point products in use in a typical organization, it is often time-consuming and challenging for the SOC team to search through the noise to find important alerts that may indicate the presence of a threat in the environment. 

SecOps is more difficult today vs. two years ago. Improvements are ongoing as teams adopt future-forward practices, including deploying XDR.  

However, it is critical to understand what XDR is, what it is not, and how it’s increasing SecOps efficiency and enabling the SOC team to detect, respond and remediate threats across all attack channels in real time.  

 The session will cover: 

  • SecOps challenge in tackling phased malware attacks 

  • Advanced persistent threats and MITRE ATT&CK framework 

  • Creating better SOC operating models in the attack kill chain process 

  • 12:20 PM
  • 12:49 PM
Track B
Sudip Banerjee
A Practical Approach to Implementing a Zero Trust Security Model
Sudip Banerjee, Field CTO, APJ, Zscaler

Post the pandemic, along with protecting the organization from ever-changing cyberthreats, organizations are grappling with the newer challenges of hybrid workforce, rapid digital transformation and public cloud momentum.

While it is always desirable to grow the operations at speed and scale along with agility, it is equally important to balance the risks with the proper mitigation techniques. Most agree that, if implemented effectively, "zero trust" helps achieve this balance.

The session will cover:

  • The right approach to establishing a "zero trust" model in a phased manner with Zscaler's platform
  • How to achieve your tactical and operational goals with "zero trust"
  • How has the approach toward security changed as security perimeters disappear
  • 12:20 PM
  • 12:49 PM
Track C
Terence Gomes
Applying Smart Cybersecurity Strategies to Maximize Returns
Terence Gomes, Country Head - Security, Microsoft India

CISOs are under constant pressure from the board to curb security costs, although a bigger budget isn’t always a solution. The aspect of doing more with less isn’t restricted to IT tasks alone; it also extends to security, particularly with rising security costs and amplified threats.

The questions that arise among CISOs are how to simplify the organization’s security landscape to reduce cost? What are the effective ways to consolidate vendor licensing costs? Can automation help to enhance and modernize security operations?


The session will cover:

  • How CISOs could use cyber investments effectively to apply governance and processes that can reduce the TCO?
  • Practical steps to implement automation to improve operational efficiency, reduce incident response times and streamline processes
  • How to improve the bottom line with practical tools, and what can determine your investment strategies
  • 12:55 PM
  • 01:09 PM
Track A
Hitesh  Raul
Tanveer  Shaikh
Cybersecurity-As-a-Service: Is It the Future?
Hitesh Raul, Senior Enterprise Account Manager, Sophos
Tanveer Shaikh , Manager – Sales Engineering (West) , Sophos

Cybersecurity is too complex, too complicated, and changes too fast to be effectively managed by most organizations. The rise of ransomware brokers and the continued talent shortage mean defenders increasingly need security technology driven on their behalf. Automation is becoming the game's name as it holds the key to responding to incidents faster and possibly requiring fewer staff members on the security team. Most professionals say this is fuelling the phenomenon of 'Cybersecurity as a Service,' arguably going to be the future. The growth in MSSPs drives the trend by embedding technology into the overall fabric of enterprise technology and security architecture.   

The session will discuss:   

  • How Sophos will help build cyber resiliency with the cybersecurity-as-a-service?   

  • How are CISOs embracing this service to contend with the threat actors?    

  • Bridging the skill gap with the service 

  • 12:55 PM
  • 01:09 PM
Track B
Nischay  Kandpal
How Windows 11 Enables Zero Trust Protection
Nischay Kandpal, Program Manager Evangelism , Product Specialist-Commercial, Microsoft

The drive toward digital transformation and cloud is putting immense pressure on CISOs to secure the cloud, identities, applications, operations system and hardware chip against rising malware intrusions.

As businesses are getting agile and moving Windows 11 operating systems, security practitioners raise concerns about risks associated with the new OS. Experts agree that the OS comes with new security features and includes "zero trust" capability, hardware-based isolation, encryption and malware prevention turned on by default. It is also designed to make it easier for users to have the option to go passwordless.

It’s time to dive deep into some areas to analyze how the principles of the "zero trust" security model help protect all the layers of the cloud embedded in Windows 11.


The session will cover:

  • Ways to secure the chip to cloud
  • Applying the principles of "zero trust" in securing your hardware
  • Establishing a passwordless environment through OS
  • 02:00 PM
  • 02:29 PM
Track A
Rajat Sen
S N  Panda
Gurunandan Savnal
Satyavathi Divadari
Panel Discussion: State of Digital Payments Security: Response to Risks
Rajat Sen, Regional Director, India , FS-ISAC
S N Panda, Cybersecurity Researcher and former Chief General Manager, Reserve Bank of India (RBI), Mumbai
Gurunandan Savnal, Lead Tutor and implementation expert in Risk Management, Member and Faculty for CISA course, ISACA Mumbai
Satyavathi Divadari, Chapter Chair, Cloud Security Alliance Bangalore Chapter (CSA)

The Parliament informed that 2.9 lakh digital banking and payments-related cyber security incidents happened in the recent past were driven by phishing, ransomware attacks, cyber espionage, DDoS, viruses, spoofing, website hacking, among others. Organizations need to ramp up their authentication efforts in light of a 70% increase in cashless transactions, which has led to increases in attempted fraud. 

The movement to cashless transactions and the surge in e-commerce have led to new fraud patterns, including growth in digital skimming of payment information from online checkout functions and an increase in fraud perpetrated through creating fake UPI real-time payment IDs. 

The session will discuss: 

  • State of digital payments and security risks 

  • New authentication standards 

  • New tools and technologies used to mitigate and responding to risks  

  • 02:00 PM
  • 02:29 PM
Track B
Milind G. Mungale
Dinesh Krishna  Pillai
Shivkumar Pandey
Vaishali Bhagwat (Conference Co-Chair)
Panel Discussion: Complying With CERT-In's Directives of Breach Reporting and Log Retention: Where Are the Hiccups?
Milind G. Mungale, Managing Director & CEO , Protean InfoSec Services Ltd.
Dinesh Krishna Pillai, Managing Director , De-Rix Pvt Ltd
Shivkumar Pandey, Group CISO, BSE Ltd.
Vaishali Bhagwat (Conference Co-Chair), Cyberlaw practitioner , VP Shintre & Associates Practicing Lawyer

The Indian Computer Emergency Response Team (CERT-In) has issued directives under section 70B of the IT Act, 2000, that both government and private organizations in the country must inform the agency within six hours of discovering a cybersecurity incident. In case of non-compliance, the company is liable to pay a maximum penalty of about INR 1 lakh.

While the new guidelines are designed to tackle cybercrime effectively, they are likely to pose challenges to companies in terms of adhering to the six-hour rule. In addition, it has directed all service providers, intermediaries, data centers, corporate bodies and government organizations to retain the logs securely for a period of 180 days within the Indian jurisdiction. 

What does this directive mean to the security practitioners, and what are the ways to comply with this? How are CISOs complying with this directive and where are the bottlenecks? 

The session will cover:  

  • The practical challenges of complying with these directives  
  • How can practitioners reset their internal structure? 
  • Consequences of retaining logs for the specified time period
  • 02:00 PM
  • 02:29 PM
Track C
Mathan  Babu Kasilingam
Shikha  Srivastava
Radhachran Shakya
Panel Discussion: Riding the 5G Security Wave: Sizing Up the Risks
Mathan Babu Kasilingam, CISO & DPO, Vodafone Idea Ltd.
Shikha Srivastava, Director & Board Member , Centre for Development of Telematics (C-DOT), Government of India
Radhachran Shakya, Deputy Director General (Project Management), Department of Telecommunications (DoT), Ministry of Communications, Government of India

With the evolution of IoT, enterprises are now riding on 5G security to achieve incredible speed, bringing in greater complexity. Experts say the high-bandwidth and low-latency 5G networks connect everything from health systems to self-driving vehicles and critical infrastructure. It is argued that the structure of 5G networks will be more complex than 2G, 3G or 4G, with the increased use of virtualization and software-defined networking. This will result in rising concerns around privacy and security challenges.  

The session will cover:   

  • What security challenges will 5G bring?   

  • How to introduce 5G into security standards   

  • How to protect the supply chain and establish third-party assurance of 5G network devices     

  • 02:35 PM
  • 03:04 PM
Track A
Raghunandan  Koushik
Risks With FTP: Ways to Modernize and Secure Your File Transfers
Raghunandan Koushik , Regional Sales Director- India & SAARC, Helpsystems

Most organizations still use custom scripts, manual processes or legacy solutions to exchange information with customers, partners or other recipients. They do it despite the extra time, cost and challenges associated with maintaining these outdated methods, given the lack of flexibility and security it brings in. 

Besides, the existing file transfer processes are rigid in accommodating your growing file transfer challenges. 

The session will cover: 

  • How to securely transfer files to and from cloud applications 

  • Establishing centralized control, automation or security to accommodate multiple file servers 

  • New encryption methods to comply with MAS/PCI DSS standards 

  • 02:35 PM
  • 03:04 PM
Track B
Amol  Raina
Efficient Ways to Integrate DevOps and DevSecOps to Establish a Secure Software Development Life Cycle
Amol Raina, Sr. ASE , GitHub

As businesses scale up with agile development processes, cloud and DevOps, traditional security can no longer be the showstopper. Security must integrate with the DevOps process to ensure responsibility is shared and security is in-built. 

Most agree that DevSecOps is about security enablement at every stage within the organization: the people, process and technology. To get started with the DevSecOps journey, it is important to enable and empower the technology teams to start thinking about secure design first.  

While DevSecOps enables application security testing by the developer and by the tester into pre-production in a more automated fashion, experts argue that integrating DevOps and DevSecOps becomes crucial in establishing the secure development process.  

The session will cover: 

  • A "shift-left" strategy in DevSecOps to protect enterprises against attacks  

  • Complying with regulatory mandates around secure coding  

  • Applying automation to the application security testing process using DevSecOps 

Fireside Chat - Using AI to Build Cyber Defenses: Hype or Reality?
Jasbir Singh Solanki, CEO-Homeland and Cybersecurity, Mahindra Defense Systems Ltd.
Gaurav Batra, Founder & CEO, CyberFrat

The average business often receives 10,000 alerts from various software tools used to monitor threats and malware intrusions. The stakes are indeed high. This trend has prompted security leaders to focus on artificial intelligence (AI) to find patterns in vast volume of data. 

It’s critical to understand how technology vendors develop innovative AI approaches to detect malware, phishing campaigns, and other intrusions and how much CISOs align with this.      

While CISOs are writing AI-based algorithms to detect attack patterns, they sometimes overlook that the AI tool itself can become a new attack vector.    

The session will cover:    

  • Use case for deploying AI to build a cyber defense plan 

  • Using automation to bridge supply and demand gaps    

  • Integrating AI with people, processes and technologies for better detection 

Jasbir Singh 	 Solanki
Gaurav Batra
  • 03:25 PM
  • 03:44 PM
Plenary Session: Demystifying the Data Protection and Privacy Bill: What's Next for Security?
Justice B.N. Srikrishna, Former Judge, Supreme Court of India & Chairman - Data Protection Committee

The Indian government revoked the data protection and privacy bill years after it drew scrutiny from the tech industry over proposed governmental powers in accessing and managing personal data.

The government assured to propose a "comprehensive framework" for tech regulation that includes privacy.

Minister of State for Electronics and Information Technology Rajeev Chandrashekar said that the proposal grew in scope beyond data protection “and was creating degrees of complexity and increasing the burden of compliance on the small business.”

The bill, which would require most data about Indians to be stored domestically, was drafted by a 10-member committee of experts headed by Justice B.N. Srikrishna and released in 2019.

The two pertinent questions that arise are: What is next for security and privacy professionals now? What new regulations need to be embedded into the new framework?

This plenary session by Justice B.N. Srikrishna will provide insights on the way forward for security practitioners in protecting their data.

Justice B.N. 	 Srikrishna
  • 03:50 PM
  • 04:19 PM
Panel Discussion: Cybersecurity Outlook 2023: The Novel C-Suite Approach
Brijesh Singh, Additional Director General of Police, Maharashtra Police
Bharat Panchal, Chief Industry Relations & Regulatory Officer – India, Discover Financial Services
Anuprita Daga (Conference Chair), President, CISO, YES BANK
Uday Despande (Conference Co-Chair), CISO, Larsen & Toubro Group of companies
Khushbu Jain, Advocate, Supreme Court of India

The enterprises across India are encouraged to invest in the infrastructure needed to build a secure and robust platform for business transformation and support the digital economy.
Are they able to align their strategy with the business priorities and rise to the expectations in 2023? What needs to change both tactically and strategically to build a cyber-resilient organization?  
The C-suite panel comprising the CEO, CFO, CRO and CISO sets the goals for security in leveraging the right technologies, establishing the security culture and a collaborative strategy in accomplishing the task for 2023. 

Brijesh  Singh
Bharat  Panchal
Anuprita Daga (Conference Chair)
Uday Despande (Conference Co-Chair)
Khushbu  Jain
  • 04:25 PM
  • 05:04 PM

Speaker Interviews

November 9 - 11, 2022

Cybersecurity Summit: Mumbai