Cybersecurity Summit: New Delhi
Hybrid Summit August 24 - 25, 2022
The region is most vulnerable to cyberattacks in the country as attackers continue to target critical infrastructure sectors, including energy, telecom, utility, defense, and other government sectors. The changing nature of global cyberspace is impacting these sectors as the industry is witnessing a surge in ransomware attacks, quasi-kinetic cyberwar, agitation in the darkweb resulting in a hacker war, phishing, financial cybercrime, and more. CISOs have the daunting task of unlocking new strategies to fight emerging threats and constantly understand the hacker's moves. Besides, the challenges of the inter-connected world have kept security leaders on their toes to establish a frictionless secure ecosystem. The enterprise's success will depend on its endurance to balance offense and defense to mitigate these threats with the right tools, technologies, and best practices. It's important to revisit their security strategies and fortify security preparedness in this ever-evolving world and uncertain times. To gain insights into how to establish a secure ecosystem in this dynamic world, attend ISMG's Cybersecurity Summit as security thought leaders discuss critical aspects of cloud security, XDR, cyber insurance, supply chain risk, IAM, IoT, ICS risk, enhancing the security posture through automation, crypto challenges, and more. ISMG’s agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Pullman New Delhi Aerocity
Name :
Pullman New Delhi Aerocity
Address :
Asset No 02 Gmr Hospitality District, Igi Airport, New Delhi, Delhi 110037
Dr. Yask (Conference Chair)
CISO
Indian Oil Corporation 
Ashish Khanna
CISO
Evalueserve
Dr. Pavan Duggal (Conference Co-Chair)
Advocate
Supreme Court of India
Amandeep Singh
CISO
Amazon Pay
Lt General Rajesh Pant (Retd)
National Cyber Security Coordinator
National Security Council Secretariat
Pant is presently holding the prestigious appointment of National Cyber Security Coordinator in the National Security Council Secretariat of India. He is responsible for coordinating all activities across multiple sectors to ensure secure and resilient cyberspace within the nation.
Ashish Khanna
CISO
Evalueserve
Dr. Pavan Duggal (Conference Co-Chair)
Advocate
Supreme Court of India
Vijay Devnath
General Manager (Infrastructure & Security) and CISO
Center for Railway Information Systems
Kapil Madaan
Global Head-Information Security, Risk and Compliance
Max Healthcare
Debashish J
VP-ASIA
Qualys
Prashant Chugh
Group Leader
C-DOT (Centre for Development of Telematics)
Sujit Nair
Cloud Security Architect - APAC
Palo Alto Networks
Dr. Deepak Kumar (D3)
Sr. Cyber Intelligence and Digital Forensics Expert, India
Indian CyberCrime Coordination Center (I4C), Ministry of Home Affairs
Kumar is a senior digital forensic and cyber intelligence professional in India. He is currently engaged with projects related to cyberthreat intelligence, security operations center, and capacity building for cybercrime and digital forensics domains. He is an active member of...
Vivin Sathyan
Senior Technical Evangelist
ManageEngine
Saikrishna BVS
Director and CEO
Saptang Labs Pvt Ltd
Dr. Oakley Cox
PhD, Analyst Technical Director, APAC
Darktrace
Vikas Malhotra
Country Manager
LastPass
Malhotra is the country manager at LastPass, where he is responsible for building and leading the business in India and SAARC. He has over 20 years of IT industry experience and also held leadership positions at Wipro, Symantec, Oracle, and...
Dr. Sanjay Bahl
Director General
CERT-In
Geetha Nandikotkur
Managing Editor-Asia & Middle East
Information Security Media Group
Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs...
Ashok Kumar
Director
Indian CyberCrime Coordination Center (I4C), Ministry of Home Affairs
Ankit Sofet
Regional Sales Manager
Forcepoint
Sofet is part of the channel team at Forcepoint, leading mid-market business. He is a passionate salesperson with rich industry experience spanning telecom, networks and steel industry. He has also worked with Airtel and successfully led the alliances function for...
Dr. Yask (Conference Chair)
CISO
Indian Oil Corporation 
As CISO, Sharma is responsible for the maintenance of cybersecurity operations, infrastructure, and governance at a national critical infrastructure organization. He has more than two decades of experience and holds a master's degree in cyber law and cybersecurity from NLU,...
Sridhar Sidhu
Senior Vice President and Head of Information Security Services Group
Wells Fargo
Ravinder Arora
Group CISO and Global Data Protection Officer
Infogain
Sanjeev Singh
CISO
Birlasoft
Diktesh Singh Puri
Global IT & Cloud Operations Head
Reckitt Benckiser Inc.
Bharath Wajan
Regional Manager - Presales, AD and IT security solutions
ManageEngine
Deepak Prasad
Customer Engineer, Security Specialist
Google Cloud
Ajay Kumar Dubey
Channel Director
Forcepoint
Dubey is the channel director at Forcepoint, where he is responsible for managing the mid-market business in India and the channels for India and SAARC. He is a cybersecurity expert with over 24 years of experience in the IT industry....
View Agenda
Welcome to ISMG's Cybersecurity Summit: New Delhi

The summit's objective is to provide education and exclusive networking opportunities to the participants with peers and subject matter experts. The program has been carefully designed with the support and guidance of the 'editorial advisory board,' including senior thought leaders from the region, to capture the regional security challenges that resonate with their current concerns. The summit editorial advisory board includes:

Conference Chair: Dr. Yask, CISO, IOCL 

Conference Co-Chair: Dr. Pavan Duggal, Advocate, Supreme Court of India

Advisory Members: 

  • Ashish Khanna, CISO, Evalueserve
  • Amandeep Singh, CISO, Amazon Pay
  • Kapil Madaan, Global Head-Information Security, Risk and Compliance, Max Healthcare
  • Bithal Bhardwaj, Group CISO, GMR Group
  • 08:30 AM
  • 08:59 AM
Opening Remarks: An Insight Into the Summit Sessions
Geetha Nandikotkur, Managing Editor-Asia & Middle East, Information Security Media Group
Dr. Yask (Conference Chair), CISO, Indian Oil Corporation 
Geetha Nandikotkur
Dr.  Yask (Conference Chair)
  • 09:15 AM
  • 09:29 AM
Plenary Session: Updating Your Cybersecurity Strategy in the New World: Are CISOs Tuned In?
Dr. Sanjay Bahl, Director General, CERT-In

It’s no longer a matter of if, but when you’re going to be the victim of a cyberattack. Are the organizations prepared? With the increasing attacks on critical infrastructure, securing it is no longer a theory. Post SolarWinds, Colonial Pipeline, Log4j and Ukraine, it’s a different world today. Hence, a different cybersecurity strategy is needed to fight hybrid warfare.   

Do you think yesterday’s cyber strategy will apply and work well for 2022? What needs to change in how CISOs conduct business and secure digital assets from ever-evolving, ever-automating cyber adversaries?   

The plenary session will cover:   

  • What are the new cyber defenses required to fight evolving threats?   
  • How much does automation help in enhancing your security posture?
  • What is the CISO’s role in a war zone?
Dr. Sanjay Bahl
  • 09:30 AM
  • 09:59 AM
A Strategic Approach to Cloud Security With 'Zero Trust'
Sujit Nair, Cloud Security Architect - APAC, Palo Alto Networks
Deepak Prasad, Customer Engineer, Security Specialist, Google Cloud

It has been predicted that public cloud services will grow and reach a record $420 billion by 2022. The massive increase in cloud adoption has motivated cybercriminals to target the cloud environments where most data resides now. Around mid-last year, IDC surveyed 200 CISOs and reported that nearly 98% of the companies had experienced at least one cloud security breach. What is the best way to secure your cloud without disrupting the user experience? 

The session will also discuss: 

  • The state of cloud security in 2022.
  • Does zero trust in the cloud need a different approach?
  • The roadmap for the zero trust journey.
Sujit Nair
Deepak Prasad
  • 10:05 AM
  • 10:34 AM
Keynote: Enterprise Cybersecurity Resilience in 2022 and Beyond: Resetting Your Cyber Plans
Lt General Rajesh Pant (Retd), National Cyber Security Coordinator, National Security Council Secretariat

With the ongoing hybrid cyberwar, cyberattacks are at an all-time high and have become a permanent and persistent threat for cybersecurity teams. Cybersecurity leaders are under constant fear of how to fend off an attack by a well-equipped nation-state.  

Given the situation is “not if a cyberattack will happen, but when” anymore, the security leaders need to revisit their strategy and revise their action plans to build a resilient and agile digital organization and maximize resilience. There is a constant need to adopt new technologies to combat the inevitable threats. 

The keynote will cover: 

  • How to maintain cyber resilience in wartime 
  • Understanding potential risks and enterprise preparedness as wartime CISOs 
  • Accelerating response to growing threat activity
Lt General Rajesh  Pant (Retd)
  • 10:40 AM
  • 11:09 AM
Continuous AI Loop: Turning the Tables on Cyberattackers
Dr. Oakley Cox, PhD, Analyst Technical Director, APAC, Darktrace

In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Still, hardening systems is essential to a proactive approach to preventing threats. Darktrace presents an ambitious new security vision with a Self-Learning feedback ‘loop’ enabled by AI technology to prevent, detect, respond and heal from threats. Beyond this, enhancing the security posture with the right technology and tools is crucial in turning the tables on cyberattackers. 

The session covers:  

  • How self-learning AI helps to protect against the full range of cyberthreats
  • How the cyber AI Loop delivers autonomous, always-on cybersecurity in a continuous feedback cycle
  • Real-world case studies and attack scenarios
Dr. Oakley  Cox
  • 11:15 AM
  • 11:29 AM
Quantum Threat to Security and the Need for Post-Quantum Cryptography
Prashant Chugh, Group Leader, C-DOT (Centre for Development of Telematics)

The capabilities of quantum computers are advancing rapidly. Quantum algorithms running on quantum computers are likely to be beneficial in enhancing R&D in several technology domains. However, they are a potential threat to security systems since they increase the probability of classical cryptography algorithms getting broken.

What cyberthreat does quantum computing pose, and why is there a need for new cryptography techniques based on the paradigm of post-quantum cryptography?

The session will cover:

  • How potential threats to cryptography from quantum computers are real
  • Why there is a need to plan quantum-safe migration of the existing security applications and networks
  • Why is it good to have a quantum risk management approach and planning than regret the loss of sensitive data
 Prashant Chugh
  • 11:35 AM
  • 11:54 PM
Password Management: Strengthening the First Line of Defense
Vikas Malhotra, Country Manager, LastPass

How do you go from password to passwordless in today's business when 80% of breaches are due to passwords? 

People's password practices remain the weakest point in a company's security and may put sensitive data at risk. While employees want to work efficiently from anywhere, businesses must ensure security controls are in place. Passwords allow employees, partners and customers to access a broad range of tools and systems that enable them to work, collaborate and transact. However, they are also notoriously weak as a security tool, and their problems remain at an all-time high unless proper steps are taken to manage and protect them adequately. 

The session covers: 

  • How organizations manage passwords and reduce human behavior risk, given that humans are the weakest link.
  • Practical steps to deal with the human element of digital access at home and at work.
  • How password management solution can fit seamlessly into your cybersecurity strategy without complicating the current systems or compromising what is at stake.
  • Going beyond SSO and MFA to help enhance your cybersecurity posture.
Vikas  Malhotra
  • 12:05 PM
  • 12:34 PM
Navigating Through the Complex Attack Surface: Controlling the Chaos
Debashish J, VP-ASIA, Qualys

The digital attack surface continues to expand, leaving the entire organization or systems susceptible to hacking. This results in an increased risk for the organization, which cannot be mitigated by just identifying threats or having preventative tools in place.   

The complexity further increases with the advent of many devices, web applications and network nodes to usher in more threats. While enhancing the security posture, it is also critical to control the chaos that the complex attack surface creates for security teams.  

The session covers:  

  • Need for establishing visibility and control across the systems  
  • Bridging the silos to building a single pane of glass  
  • A practical approach to effective integration and consolidation of tools
Debashish  J
  • 12:40 PM
  • 01:09 PM
Fireside Chat: Uncovering the Darkweb: Security and Law Enforcement Challenges
Sridhar Sidhu, Senior Vice President and Head of Information Security Services Group, Wells Fargo
Saikrishna BVS, Director and CEO, Saptang Labs Pvt Ltd

The darkweb has become a well-traveled marketplace for data exfiltration from breached organizations, and organizations must understand the myths and realities about it. 

Through the use of the darkweb and cryptocurrencies, cybercriminals have been able to successfully run the “crime-as-a-service" model. The enterprises and the security agencies have been able to make little, if any, impact.   

How can enterprises become cyber-resilient, and how can law enforcement play a crucial role in incident response?    

The fireside chat between a CISO and a law enforcement professional will demystify: 

  • How new techniques and approaches are being used to combat security threats from the “darkweb”
  • How is law enforcement responding to the investigation process and adapting to online technologies
  • How to determine and enforce access control to minimize potential security risk
Sridhar Sidhu
Saikrishna  BVS
  • 01:15 PM
  • 01:34 PM
Fireside Chat: Are Detection Technologies Playing Harder on Privacy? The Balancing Act
Sanjeev Singh, CISO, Birlasoft
Dr. Pavan Duggal (Conference Co-Chair), Advocate, Supreme Court of India

Some experts say technology can promote accountability and anonymity. The computer systems and applications require ‘proof’ of identity  for every function within an organization— before allowing access to the user. The question it raises is whether the newly deployed technologies for threat detection in an enterprise will play hard on privacy? 

The session will cover: 

  • Defining privacy and technology landscape in 2022 
  • Impact of increasing detection tools on privacy 
  • A collaborative approach to fuel privacy and tech innovation 
Sanjeev  Singh
Dr. Pavan Duggal (Conference Co-Chair)
  • 02:20 PM
  • 02:39 PM
An IAM Approach to Cybersecurity: Building on Zero Trust  
Vivin Sathyan , Senior Technical Evangelist, ManageEngine

The critical components of an IAM strategy, experts say, are to capture the data domains, engage using MFA, manage by providing user attributions and administer managing identities from unauthorized sources.   

Some say implementing an IAM framework is complex, and integrating with security is a big task and expensive too. Enforcing centralized granular password policies across active directory and cloud applications is a Herculean task.   

The session covers:  

  • Building a framework for managing identity that supports ‘zero trust’ and writing actionable playbooks  
  • Applying adaptive MFA to elevate trust in identities and mitigate user impersonation   
  • Using automation to eliminate redundancy and human errors in enhancing business processes
Vivin Sathyan
  • 02:45 PM
  • 03:14 PM
Panel Discussion: Privacy by Design: A Reality Check
Ravinder Arora, Group CISO and Global Data Protection Officer, Infogain
Kapil Madaan, Global Head-Information Security, Risk and Compliance, Max Healthcare
Dr. Pavan Duggal (Conference Co-Chair), Advocate, Supreme Court of India

Most security leaders believe that they are not protecting technology but people. The fundamental questions that arise are: Is privacy a CISO’s problem, and how to operationalize privacy in the context of security and data protection issues?   

Some experts say anything new that gets integrated into the organization  any new system, technology, or vendor onboarding  must go through a review process to check for any risks. This will ensure the risks are identified at the initial design phase so that the finished product has all the mechanisms built in by default to comply with GDPR.  

Many organizations fail to understand the intersection between security and privacy. How are privacy-by-design strategies meeting the legal mandates while promoting a free flow of data that powers digital business models? 

Against this, how are organizations trying to apply privacy principles by design in its true sense? How is security and privacy being built in and not bolted on, and what should be the standard operating procedure?  

The session will cover:   

  • Implementing the privacy policy at the design stage
  • Essential steps to rebuild the architecture or the platform
  • Use-case scenario in how privacy is embedded into the design of products or solutions
Ravinder Arora
Kapil Madaan
Dr. Pavan Duggal (Conference Co-Chair)
  • 03:20 PM
  • 03:49 PM
Simplified Approach to Solving Modern Security Complexities
Ankit Sofet, Regional Sales Manager, Forcepoint
Ajay Kumar Dubey, Channel Director, Forcepoint

Organizations that depended upon traditional, centralized networks and designated offices found themselves suddenly in a highly distributed world, with employees working from anywhere. Application migration to the cloud in the form of SaaS from third-party providers or as a private cloud with AWS or Azure became the new norm — with data traversing extensively. The primitive way of managing information by IT and security in this perimeter-less environment has fallen short of the expected results.    

Against the growing complexities, the new approach will help solve the challenges of securing your remote workforce and overcome the shortcomings of a traditional method.  

The session will cover:   

  • How to protect remote workers on the web and cloud with continuous monitoring  
  • How to control access to cloud and private apps without VPNs  
  • How to implement “zero trust” content delivery to establish a 100% malware-free environment and protect distributed data
Ankit Sofet
Ajay  Kumar Dubey
  • 03:55 PM
  • 04:09 PM
Cyber Insurance’s Response to Rising Ransomware Attacks: The Latest Hurdles
Diktesh Singh Puri, Global IT & Cloud Operations Head, Reckitt Benckiser Inc.

The cyber insurance industry has been challenged by the rising costs of cybercrime. The element of unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are major concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks.  Moreover, cyber insurance companies are targets themselves. The question on everyone's mind is “to what extent is cyber insurance fueling ransomware attacks”?  

The session will also cover:  

  • Will ransomware ultimately lead to the fall of cyber insurance companies? 
  • How the cyber insurance industry must approach the problem of ransomware 
  • The growing influence of insurers on the security programs for enterprises
Diktesh Singh Puri
  • 04:25 PM
  • 04:54 PM
Panel Discussion: Breach Reporting Within Six Hours After Detection: What Next?
Ashish Khanna, CISO, Evalueserve
Vijay Devnath, General Manager (Infrastructure & Security) and CISO, Center for Railway Information Systems
Dr. Yask (Conference Chair), CISO, Indian Oil Corporation 
Dr. Deepak Kumar (D3), Sr. Cyber Intelligence and Digital Forensics Expert, India, Indian CyberCrime Coordination Center (I4C), Ministry of Home Affairs

As per CERT-In's mandates, Indian enterprises must inform the agency within six hours of discovering a cybersecurity incident. In case of non-compliance, the company is liable to pay a maximum penalty of about $1,324. 

However, there is certain ambiguity surrounding the mandate as security practitioners seek more details about what happens once an organization reports a breach. Are enterprises in a state of readiness to report a breach?  

The panel discussion will cover: 

  • The mandate for third-party breach incident reporting 
  • Implications of breach reporting   
  • CERT-In's support for breached entity and remedial measures
Ashish Khanna
Vijay Devnath
Dr.  Yask (Conference Chair)
Dr. Deepak  Kumar (D3)
  • 05:00 PM
  • 05:29 PM

The region is most vulnerable to cyberattacks in the country as attackers continue to target critical infrastructure sectors, including energy, telecom, utility, defense, and other government sectors. The changing nature of global cyberspace is impacting these sectors as the industry is witnessing a surge in ransomware attacks, quasi-kinetic cyberwar, agitation in the darkweb resulting in a hacker war, phishing, financial cybercrime, and more. CISOs have the daunting task of unlocking new strategies to fight emerging threats and constantly understand the hacker's moves. Besides, the challenges of the inter-connected world have kept security leaders on their toes to establish a frictionless secure ecosystem. The enterprise's success will depend on its endurance to balance offense and defense to mitigate these threats with the right tools, technologies, and best practices. It's important to revisit their security strategies and fortify security preparedness in this ever-evolving world and uncertain times. To gain insights into how to establish a secure ecosystem in this dynamic world, attend ISMG's Cybersecurity Summit as security thought leaders discuss critical aspects of cloud security, XDR, cyber insurance, supply chain risk, IAM, IoT, ICS risk, enhancing the security posture through automation, crypto challenges, and more. ISMG’s agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Pullman New Delhi Aerocity
Name :
Pullman New Delhi Aerocity
Address :
Asset No 02 Gmr Hospitality District, Igi Airport, New Delhi, Delhi 110037

Dr. Yask (Conference Chair)
CISO
Indian Oil Corporation 
Ashish Khanna
CISO
Evalueserve
Dr. Pavan Duggal (Conference Co-Chair)
Advocate
Supreme Court of India
Amandeep Singh
CISO
Amazon Pay

Lt General Rajesh Pant (Retd)
National Cyber Security Coordinator
National Security Council Secretariat
Pant is presently holding the prestigious appointment of National Cyber Security Coordinator in the National Security Council Secretariat of India. He is responsible for coordinating all activities across multiple sectors to ensure secure and resilient cyberspace within the nation.
Ashish Khanna
CISO
Evalueserve
Dr. Pavan Duggal (Conference Co-Chair)
Advocate
Supreme Court of India
Vijay Devnath
General Manager (Infrastructure & Security) and CISO
Center for Railway Information Systems
Kapil Madaan
Global Head-Information Security, Risk and Compliance
Max Healthcare
Debashish J
VP-ASIA
Qualys
Prashant Chugh
Group Leader
C-DOT (Centre for Development of Telematics)
Sujit Nair
Cloud Security Architect - APAC
Palo Alto Networks
Dr. Deepak Kumar (D3)
Sr. Cyber Intelligence and Digital Forensics Expert, India
Indian CyberCrime Coordination Center (I4C), Ministry of Home Affairs
Kumar is a senior digital forensic and cyber intelligence professional in India. He is currently engaged with projects related to cyberthreat intelligence, security operations center, and capacity building for cybercrime and digital forensics domains. He is an active member of...
Vivin Sathyan
Senior Technical Evangelist
ManageEngine
Saikrishna BVS
Director and CEO
Saptang Labs Pvt Ltd
Dr. Oakley Cox
PhD, Analyst Technical Director, APAC
Darktrace
Vikas Malhotra
Country Manager
LastPass
Malhotra is the country manager at LastPass, where he is responsible for building and leading the business in India and SAARC. He has over 20 years of IT industry experience and also held leadership positions at Wipro, Symantec, Oracle, and...
Dr. Sanjay Bahl
Director General
CERT-In
Geetha Nandikotkur
Managing Editor-Asia & Middle East
Information Security Media Group
Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs...
Ashok Kumar
Director
Indian CyberCrime Coordination Center (I4C), Ministry of Home Affairs
Ankit Sofet
Regional Sales Manager
Forcepoint
Sofet is part of the channel team at Forcepoint, leading mid-market business. He is a passionate salesperson with rich industry experience spanning telecom, networks and steel industry. He has also worked with Airtel and successfully led the alliances function for...
Dr. Yask (Conference Chair)
CISO
Indian Oil Corporation 
As CISO, Sharma is responsible for the maintenance of cybersecurity operations, infrastructure, and governance at a national critical infrastructure organization. He has more than two decades of experience and holds a master's degree in cyber law and cybersecurity from NLU,...
Sridhar Sidhu
Senior Vice President and Head of Information Security Services Group
Wells Fargo
Ravinder Arora
Group CISO and Global Data Protection Officer
Infogain
Sanjeev Singh
CISO
Birlasoft
Diktesh Singh Puri
Global IT & Cloud Operations Head
Reckitt Benckiser Inc.
Bharath Wajan
Regional Manager - Presales, AD and IT security solutions
ManageEngine
Deepak Prasad
Customer Engineer, Security Specialist
Google Cloud
Ajay Kumar Dubey
Channel Director
Forcepoint
Dubey is the channel director at Forcepoint, where he is responsible for managing the mid-market business in India and the channels for India and SAARC. He is a cybersecurity expert with over 24 years of experience in the IT industry....

View Agenda
Welcome to ISMG's Cybersecurity Summit: New Delhi

The summit's objective is to provide education and exclusive networking opportunities to the participants with peers and subject matter experts. The program has been carefully designed with the support and guidance of the 'editorial advisory board,' including senior thought leaders from the region, to capture the regional security challenges that resonate with their current concerns. The summit editorial advisory board includes:

Conference Chair: Dr. Yask, CISO, IOCL 

Conference Co-Chair: Dr. Pavan Duggal, Advocate, Supreme Court of India

Advisory Members: 

  • Ashish Khanna, CISO, Evalueserve
  • Amandeep Singh, CISO, Amazon Pay
  • Kapil Madaan, Global Head-Information Security, Risk and Compliance, Max Healthcare
  • Bithal Bhardwaj, Group CISO, GMR Group
  • 08:30 AM
  • 08:59 AM
Opening Remarks: An Insight Into the Summit Sessions
Geetha Nandikotkur, Managing Editor-Asia & Middle East, Information Security Media Group
Dr. Yask (Conference Chair), CISO, Indian Oil Corporation 
Geetha Nandikotkur
Dr.  Yask (Conference Chair)
  • 09:15 AM
  • 09:29 AM
Plenary Session: Updating Your Cybersecurity Strategy in the New World: Are CISOs Tuned In?
Dr. Sanjay Bahl, Director General, CERT-In

It’s no longer a matter of if, but when you’re going to be the victim of a cyberattack. Are the organizations prepared? With the increasing attacks on critical infrastructure, securing it is no longer a theory. Post SolarWinds, Colonial Pipeline, Log4j and Ukraine, it’s a different world today. Hence, a different cybersecurity strategy is needed to fight hybrid warfare.   

Do you think yesterday’s cyber strategy will apply and work well for 2022? What needs to change in how CISOs conduct business and secure digital assets from ever-evolving, ever-automating cyber adversaries?   

The plenary session will cover:   

  • What are the new cyber defenses required to fight evolving threats?   
  • How much does automation help in enhancing your security posture?
  • What is the CISO’s role in a war zone?
Dr. Sanjay Bahl
  • 09:30 AM
  • 09:59 AM
A Strategic Approach to Cloud Security With 'Zero Trust'
Sujit Nair, Cloud Security Architect - APAC, Palo Alto Networks
Deepak Prasad, Customer Engineer, Security Specialist, Google Cloud

It has been predicted that public cloud services will grow and reach a record $420 billion by 2022. The massive increase in cloud adoption has motivated cybercriminals to target the cloud environments where most data resides now. Around mid-last year, IDC surveyed 200 CISOs and reported that nearly 98% of the companies had experienced at least one cloud security breach. What is the best way to secure your cloud without disrupting the user experience? 

The session will also discuss: 

  • The state of cloud security in 2022.
  • Does zero trust in the cloud need a different approach?
  • The roadmap for the zero trust journey.
Sujit Nair
Deepak Prasad
  • 10:05 AM
  • 10:34 AM
Keynote: Enterprise Cybersecurity Resilience in 2022 and Beyond: Resetting Your Cyber Plans
Lt General Rajesh Pant (Retd), National Cyber Security Coordinator, National Security Council Secretariat

With the ongoing hybrid cyberwar, cyberattacks are at an all-time high and have become a permanent and persistent threat for cybersecurity teams. Cybersecurity leaders are under constant fear of how to fend off an attack by a well-equipped nation-state.  

Given the situation is “not if a cyberattack will happen, but when” anymore, the security leaders need to revisit their strategy and revise their action plans to build a resilient and agile digital organization and maximize resilience. There is a constant need to adopt new technologies to combat the inevitable threats. 

The keynote will cover: 

  • How to maintain cyber resilience in wartime 
  • Understanding potential risks and enterprise preparedness as wartime CISOs 
  • Accelerating response to growing threat activity
Lt General Rajesh  Pant (Retd)
  • 10:40 AM
  • 11:09 AM
Continuous AI Loop: Turning the Tables on Cyberattackers
Dr. Oakley Cox, PhD, Analyst Technical Director, APAC, Darktrace

In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Still, hardening systems is essential to a proactive approach to preventing threats. Darktrace presents an ambitious new security vision with a Self-Learning feedback ‘loop’ enabled by AI technology to prevent, detect, respond and heal from threats. Beyond this, enhancing the security posture with the right technology and tools is crucial in turning the tables on cyberattackers. 

The session covers:  

  • How self-learning AI helps to protect against the full range of cyberthreats
  • How the cyber AI Loop delivers autonomous, always-on cybersecurity in a continuous feedback cycle
  • Real-world case studies and attack scenarios
Dr. Oakley  Cox
  • 11:15 AM
  • 11:29 AM
Quantum Threat to Security and the Need for Post-Quantum Cryptography
Prashant Chugh, Group Leader, C-DOT (Centre for Development of Telematics)

The capabilities of quantum computers are advancing rapidly. Quantum algorithms running on quantum computers are likely to be beneficial in enhancing R&D in several technology domains. However, they are a potential threat to security systems since they increase the probability of classical cryptography algorithms getting broken.

What cyberthreat does quantum computing pose, and why is there a need for new cryptography techniques based on the paradigm of post-quantum cryptography?

The session will cover:

  • How potential threats to cryptography from quantum computers are real
  • Why there is a need to plan quantum-safe migration of the existing security applications and networks
  • Why is it good to have a quantum risk management approach and planning than regret the loss of sensitive data
 Prashant Chugh
  • 11:35 AM
  • 11:54 PM
Password Management: Strengthening the First Line of Defense
Vikas Malhotra, Country Manager, LastPass

How do you go from password to passwordless in today's business when 80% of breaches are due to passwords? 

People's password practices remain the weakest point in a company's security and may put sensitive data at risk. While employees want to work efficiently from anywhere, businesses must ensure security controls are in place. Passwords allow employees, partners and customers to access a broad range of tools and systems that enable them to work, collaborate and transact. However, they are also notoriously weak as a security tool, and their problems remain at an all-time high unless proper steps are taken to manage and protect them adequately. 

The session covers: 

  • How organizations manage passwords and reduce human behavior risk, given that humans are the weakest link.
  • Practical steps to deal with the human element of digital access at home and at work.
  • How password management solution can fit seamlessly into your cybersecurity strategy without complicating the current systems or compromising what is at stake.
  • Going beyond SSO and MFA to help enhance your cybersecurity posture.
Vikas  Malhotra
  • 12:05 PM
  • 12:34 PM
Navigating Through the Complex Attack Surface: Controlling the Chaos
Debashish J, VP-ASIA, Qualys

The digital attack surface continues to expand, leaving the entire organization or systems susceptible to hacking. This results in an increased risk for the organization, which cannot be mitigated by just identifying threats or having preventative tools in place.   

The complexity further increases with the advent of many devices, web applications and network nodes to usher in more threats. While enhancing the security posture, it is also critical to control the chaos that the complex attack surface creates for security teams.  

The session covers:  

  • Need for establishing visibility and control across the systems  
  • Bridging the silos to building a single pane of glass  
  • A practical approach to effective integration and consolidation of tools
Debashish  J
  • 12:40 PM
  • 01:09 PM
Fireside Chat: Uncovering the Darkweb: Security and Law Enforcement Challenges
Sridhar Sidhu, Senior Vice President and Head of Information Security Services Group, Wells Fargo
Saikrishna BVS, Director and CEO, Saptang Labs Pvt Ltd

The darkweb has become a well-traveled marketplace for data exfiltration from breached organizations, and organizations must understand the myths and realities about it. 

Through the use of the darkweb and cryptocurrencies, cybercriminals have been able to successfully run the “crime-as-a-service" model. The enterprises and the security agencies have been able to make little, if any, impact.   

How can enterprises become cyber-resilient, and how can law enforcement play a crucial role in incident response?    

The fireside chat between a CISO and a law enforcement professional will demystify: 

  • How new techniques and approaches are being used to combat security threats from the “darkweb”
  • How is law enforcement responding to the investigation process and adapting to online technologies
  • How to determine and enforce access control to minimize potential security risk
Sridhar Sidhu
Saikrishna  BVS
  • 01:15 PM
  • 01:34 PM
Fireside Chat: Are Detection Technologies Playing Harder on Privacy? The Balancing Act
Sanjeev Singh, CISO, Birlasoft
Dr. Pavan Duggal (Conference Co-Chair), Advocate, Supreme Court of India

Some experts say technology can promote accountability and anonymity. The computer systems and applications require ‘proof’ of identity  for every function within an organization— before allowing access to the user. The question it raises is whether the newly deployed technologies for threat detection in an enterprise will play hard on privacy? 

The session will cover: 

  • Defining privacy and technology landscape in 2022 
  • Impact of increasing detection tools on privacy 
  • A collaborative approach to fuel privacy and tech innovation 
Sanjeev  Singh
Dr. Pavan Duggal (Conference Co-Chair)
  • 02:20 PM
  • 02:39 PM
An IAM Approach to Cybersecurity: Building on Zero Trust  
Vivin Sathyan , Senior Technical Evangelist, ManageEngine

The critical components of an IAM strategy, experts say, are to capture the data domains, engage using MFA, manage by providing user attributions and administer managing identities from unauthorized sources.   

Some say implementing an IAM framework is complex, and integrating with security is a big task and expensive too. Enforcing centralized granular password policies across active directory and cloud applications is a Herculean task.   

The session covers:  

  • Building a framework for managing identity that supports ‘zero trust’ and writing actionable playbooks  
  • Applying adaptive MFA to elevate trust in identities and mitigate user impersonation   
  • Using automation to eliminate redundancy and human errors in enhancing business processes
Vivin Sathyan
  • 02:45 PM
  • 03:14 PM
Panel Discussion: Privacy by Design: A Reality Check
Ravinder Arora, Group CISO and Global Data Protection Officer, Infogain
Kapil Madaan, Global Head-Information Security, Risk and Compliance, Max Healthcare
Dr. Pavan Duggal (Conference Co-Chair), Advocate, Supreme Court of India

Most security leaders believe that they are not protecting technology but people. The fundamental questions that arise are: Is privacy a CISO’s problem, and how to operationalize privacy in the context of security and data protection issues?   

Some experts say anything new that gets integrated into the organization  any new system, technology, or vendor onboarding  must go through a review process to check for any risks. This will ensure the risks are identified at the initial design phase so that the finished product has all the mechanisms built in by default to comply with GDPR.  

Many organizations fail to understand the intersection between security and privacy. How are privacy-by-design strategies meeting the legal mandates while promoting a free flow of data that powers digital business models? 

Against this, how are organizations trying to apply privacy principles by design in its true sense? How is security and privacy being built in and not bolted on, and what should be the standard operating procedure?  

The session will cover:   

  • Implementing the privacy policy at the design stage
  • Essential steps to rebuild the architecture or the platform
  • Use-case scenario in how privacy is embedded into the design of products or solutions
Ravinder Arora
Kapil Madaan
Dr. Pavan Duggal (Conference Co-Chair)
  • 03:20 PM
  • 03:49 PM
Simplified Approach to Solving Modern Security Complexities
Ankit Sofet, Regional Sales Manager, Forcepoint
Ajay Kumar Dubey, Channel Director, Forcepoint

Organizations that depended upon traditional, centralized networks and designated offices found themselves suddenly in a highly distributed world, with employees working from anywhere. Application migration to the cloud in the form of SaaS from third-party providers or as a private cloud with AWS or Azure became the new norm — with data traversing extensively. The primitive way of managing information by IT and security in this perimeter-less environment has fallen short of the expected results.    

Against the growing complexities, the new approach will help solve the challenges of securing your remote workforce and overcome the shortcomings of a traditional method.  

The session will cover:   

  • How to protect remote workers on the web and cloud with continuous monitoring  
  • How to control access to cloud and private apps without VPNs  
  • How to implement “zero trust” content delivery to establish a 100% malware-free environment and protect distributed data
Ankit Sofet
Ajay  Kumar Dubey
  • 03:55 PM
  • 04:09 PM
Cyber Insurance’s Response to Rising Ransomware Attacks: The Latest Hurdles
Diktesh Singh Puri, Global IT & Cloud Operations Head, Reckitt Benckiser Inc.

The cyber insurance industry has been challenged by the rising costs of cybercrime. The element of unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are major concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks.  Moreover, cyber insurance companies are targets themselves. The question on everyone's mind is “to what extent is cyber insurance fueling ransomware attacks”?  

The session will also cover:  

  • Will ransomware ultimately lead to the fall of cyber insurance companies? 
  • How the cyber insurance industry must approach the problem of ransomware 
  • The growing influence of insurers on the security programs for enterprises
Diktesh Singh Puri
  • 04:25 PM
  • 04:54 PM
Panel Discussion: Breach Reporting Within Six Hours After Detection: What Next?
Ashish Khanna, CISO, Evalueserve
Vijay Devnath, General Manager (Infrastructure & Security) and CISO, Center for Railway Information Systems
Dr. Yask (Conference Chair), CISO, Indian Oil Corporation 
Dr. Deepak Kumar (D3), Sr. Cyber Intelligence and Digital Forensics Expert, India, Indian CyberCrime Coordination Center (I4C), Ministry of Home Affairs

As per CERT-In's mandates, Indian enterprises must inform the agency within six hours of discovering a cybersecurity incident. In case of non-compliance, the company is liable to pay a maximum penalty of about $1,324. 

However, there is certain ambiguity surrounding the mandate as security practitioners seek more details about what happens once an organization reports a breach. Are enterprises in a state of readiness to report a breach?  

The panel discussion will cover: 

  • The mandate for third-party breach incident reporting 
  • Implications of breach reporting   
  • CERT-In's support for breached entity and remedial measures
Ashish Khanna
Vijay Devnath
Dr.  Yask (Conference Chair)
Dr. Deepak  Kumar (D3)
  • 05:00 PM
  • 05:29 PM

Speaker Interviews

August 24 - 25, 2022

Cybersecurity Summit: New Delhi