Cybersecurity Summit: Singapore
Virtual Summit October 6 - 7, 2022
Cybersecurity leaders say Southeast Asia has become a hotbed for cybercrime activities. In 2022, the region has experienced an increase in DDoS attacks, ransomware attacks, attacks against industrial control systems (ICS), business email compromises, and phishing attacks — the list is endless. The region must take a collaborative defense approach to respond to this new threat environment. The challenge for enterprises has been to ascertain how much risk they are willing to accept to accomplish their mission. In the hybrid and interconnected world, the noticeable change has been changing consumption patterns of security technologies, which require new ways to deploy frameworks. The enterprise’s success will depend on its endurance to balance offense and defense to mitigate these threats using the right tools, technologies, and best practices. To gain insights into how to establish a secure ecosystem in this dynamic world, attend ISMG's cybersecurity summit and explore diverse cybersecurity trends from ransomware to supply chain attacks, infrastructure security to automotive cybersecurity, endpoint security featuring AI, connected devices’ challenges, critical infrastructure vulnerabilities, ICS risk, crypto challenges, extended detection and response, cyber insurance, and more. You can also earn your CPE credits by attending the summit. ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Leonard Ong
Senior Director | Regional Information Security Officer, Intercontinental & China
GE HealthCare
Mel Migrino
Group CISO
Manila Electric Company (MERALCO)
Anthony M. Bargar
CISO and Head of Technology Risk
SCBX Financial Technology Group
Mex Martinot (Conference Chair)
VP & Global Head of Growth - Industrial Cybersecurity
Siemens Energy
Charmaine Valmonte
CISO
Aboitiz Equity Ventures
Abid Adam (Conference Co-Chair)
Group Chief Risk and Compliance Officer
Axiata
Abid Adam
Group CISO & Group Head of Privacy
Axiata, Malaysia
Mel Migrino
Group CISO
Manila Electric Company (MERALCO)
Migriño is the vice president and group CISO of Meralco, the largest power distribution conglomerate in the Philippines. She has more than 15 years of combined experience in cyber governance, application and infrastructure security, operational technology security, business continuity, privacy,...
Steven Sim Kok Leong
President
ISACA Singapore
Justin Ong
APAC CISO
Panasonic Asia Pacific Pte. Ltd
Abid Adam (Conference Co-Chair)
Group Chief Risk and Compliance Officer
Axiata
Micky Lo
Former Managing Director and CRO
BNY Mellon
Leonard Ong
Senior Director | Regional Information Security Officer, Intercontinental & China
GE HealthCare
Ong is senior director, regional security officer, APAC at GE Healthcare. He has more than 20 years of experience in Information, Cyber and Corporate Security gained in telecommunication, enterprise, banking, pharmaceutical and healthcare industries.
John Kindervag
Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow
ON2IT Cybersecurity
John Kindervag is the "Father of Zero Trust," who as an analyst at Forrester invented the term and defined the reference architecture for a network whose five basic principles defined the notion of Zero Trust. He is also the co-founder...
Mex Martinot (Conference Chair)
VP & Global Head of Growth - Industrial Cybersecurity
Siemens Energy
Joey Fontiveros
Commanding Officer
Cyber Battalion, ASR, Philippine Army
Anthony M. Bargar
CISO and Head of Technology Risk
SCBX Financial Technology Group
Edmund Situmorang
Managing Director and CTO
TechConnect Academy & PRODIGI (Sinarmas Group)
Situmorang is managing director and CTO of TechConnect Academy & PRODIGI (Sinarmas Group). He has worked in the U.S. for 11 years as a programmer and strategist, and enthusiastic about technology especially in the field of artificial intelligence.
View Agenda
Plenary: Role of Zero Trust in Establishing Cyber Resilience: A CISO’s Pragmatic Approach
John Kindervag, Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow, ON2IT Cybersecurity

Where does the journey to “zero trust begin and what are the common entry points for accessing data? Experts agree that zero trust is based on the assume breach premise that treats every asset as breached and all traffic as hostile.    

The question that arises is: Are CISOs using the “zero trust” concept to establish cyber resiliency to improve their defenses in fighting threats? 
The session will cover: 

  • How has the approach toward security changed as security perimeters disappear?
  • How to assess the maturity of the “zero trust” state with a realistic look at security and its dependencies on other functions in securing the future work environment?
John Kindervag
  • 09:15 AM
  • 09:34 AM
Keynote: Enterprise Security Preparedness in 2022 and Beyond: Tactical and Strategic Lessons for CISOs
Abid Adam (Conference Co-Chair), Group Chief Risk and Compliance Officer, Axiata

Southeast Asia has become a hotbed for cybercrime activities in 2022. Besides, the region has experienced an increase in DDoS attacks, ransomware attacks, attacks against industrial control systems (ICS), business email compromises and phishing attacks — the list is endless. Despite substantial annual spending on cybersecurity, breaches are still being reported at an alarming rate. 

Enterprises have been trying to put their best foot forward to mitigate the threats and attacks. In addition, they initiate ransomware planning and response with the adoption of concepts such as “zero trust,” layered security approach and multifactor authentication. While these have helped address a few tactical requirements, CISOs have been grappling with the challenge of implementing a long-term strategy to fight threats. 

The keynote session will cover how enterprises need to bolster their defenses in fighting threats in 2022 and beyond, and the lessons learned. 

Abid Adam (Conference Co-Chair)
  • 09:30 AM
  • 09:59 AM
Two-Way Street: A Cybersecurity Debate Between CTO and CISO — Where Is the Disagreement?
Edmund Situmorang, Managing Director and CTO, TechConnect Academy & PRODIGI (Sinarmas Group)

The majority of CISOs across regions face the single-most significant challenge of procuring necessary funding to support their cybersecurity programs. Are security leaders creating value for business as part of technology innovation? Are the functions of the CFO and CISO aligned in driving innovation and establishing a cyber-resilient enterprise? 
The session discusses how to align the CFO and CISO to a common goal to facilitate the continued success of their organization. Where is the disconnect?  

Edmund Situmorang
  • 10:30 AM
  • 10:49 AM
ESG Frameworks: A Cybersecurity Dimension for Improved Defenses

As organizations witness an increase in business risks, there is a trend to adopt environmental, social and governance (ESG) frameworks - a tangible means of evaluating corporate behavior - by incorporating cybersecurity to provide insights into cyber behaviors and risks. 
As mandates for ESG reporting intensify across industries, security leaders have the daunting task of providing transparency into how organizations use and protect the confidentiality and integrity of personal and customer data, and build trust between the organization and its key stakeholders. 
The session will cover: 

  • Deploying ESG framework in the context of cybersecurity 
  • Building secure and resilient operations
  • Integrating ESG and cybersecurity for threat mitigation 
  • 10:55 AM
  • 11:24 AM
Protecting the Critical Infrastructure in Uncertain Times: Updating Your Cybersecurity Plans

Operating and protecting critical infrastructure has gained considerable attention during this quasi-kinetic cyberwar. It’s evident that cyberattacks on critical infrastructure across Southeast Asia severely impact the global economy and the ability to execute modern, network-centric warfare. The effort to secure the enterprises against cyberattacks has led to much debate about the question: Is cyber deterrence possible given the sophistication of the attacks and the extensive offensive nature of the adversary groups? How to establish digital security for the critical infrastructure.  

The countries have witnessed a cyber spillover from the Ukraine and Russia conflict — DDoS, ransomware, wiper malware, and other attacks against critical infrastructure.  

  • 11:25 AM
  • 11:54 AM
Panel Discussion: Protecting Your Legacy Applications in Cloud and Building a Risk Management Program
Leonard Ong, Senior Director | Regional Information Security Officer, Intercontinental & China, GE HealthCare

Cloud computing brings a whole new level of autonomy and functionality to an organization, besides enhancing performance, agility, productivity and scalability. The pandemic has created the urgency for enterprises to move to cloud, and enterprises are in a race to adopt the “cloud-first” strategy to optimize the IT spend and secure their hybrid work environment. However, the major challenge is to tackle the risk associated with moving legacy applications to the cloud and find ways to build a risk management program to protect these applications. 

 
The session will cover:  

  • Risks of moving legacy applications to the cloud
  • Building an effective risk management program 
  • A holistic approach to protect cloud applications 

Leonard  Ong
  • 11:55 AM
  • 12:24 PM
OT and IT Convergence: Measuring the Security Risks
Mel Migrino, Group CISO, Manila Electric Company (MERALCO)
Mex Martinot (Conference Chair), VP & Global Head of Growth - Industrial Cybersecurity, Siemens Energy

Most OT systems are designed with little consideration for security. With increased cyber risk in this new digital transformation era, any approach to bridge the IT and OT divide is mission-critical for enterprise security.    

As a CISO, can you reduce risk, security and risk management function silos to bridge the security gaps?  Can you deploy suitable asset inventory methods and map the IT/OT risks?   

This session will cover:   

  • Building complete visibility and monitoring your IT and OT assets with the right access control
  • Integrating OT threat monitoring into SoC for threat detection
  • Implementing essential steps to establish OT security 
Mel  Migrino
Mex  Martinot (Conference Chair)
  • 12:35 PM
  • 12:54 PM
IoT Security: The Good, the Bad and the Ugly
Justin Ong, APAC CISO, Panasonic Asia Pacific Pte. Ltd

Organizations have been incorporating new tech and smart devices over the years.  These become the weakest link for cybercriminals to get and stay inside an organization.   

You’re securing more endpoints than ever across the most significant attack surface. Enter: IoT devices and the risks they bring. But they also get new business benefits. The threat is real for operators and manufacturers of connected devices.  

The session will discuss:   

  • IoT risks and who is impacted by them  
  • A reality check of security by design in IoT  
  • How do malware developers and hackers plan an attack against IoT devices  
Justin Ong
  • 12:55 PM
  • 01:24 PM
Panel: Building a Cyber-Resilient Enterprise: Bringing the C-Suite and Board Along
Micky Lo, Former Managing Director and CRO, BNY Mellon
Steven Sim Kok Leong, President, ISACA Singapore
Joey Fontiveros, Commanding Officer, Cyber Battalion, ASR, Philippine Army

Enterprises across the region are encouraged to invest in the infrastructure needed to build a secure and robust platform for business transformation and to support the digital economy.    
 
Can they align their strategy with the business priorities and rise to the expectations? What does digital innovation mean to security, and where is the disconnect? How to address the skill challenge? What needs to change, both tactically and strategically, to build a cyber-resilient organization?    

Micky Lo
Steven Sim  Kok Leong
Joey Fontiveros
  • 01:30 PM
  • 01:59 PM

Cybersecurity leaders say Southeast Asia has become a hotbed for cybercrime activities. In 2022, the region has experienced an increase in DDoS attacks, ransomware attacks, attacks against industrial control systems (ICS), business email compromises, and phishing attacks — the list is endless. The region must take a collaborative defense approach to respond to this new threat environment. The challenge for enterprises has been to ascertain how much risk they are willing to accept to accomplish their mission. In the hybrid and interconnected world, the noticeable change has been changing consumption patterns of security technologies, which require new ways to deploy frameworks. The enterprise’s success will depend on its endurance to balance offense and defense to mitigate these threats using the right tools, technologies, and best practices. To gain insights into how to establish a secure ecosystem in this dynamic world, attend ISMG's cybersecurity summit and explore diverse cybersecurity trends from ransomware to supply chain attacks, infrastructure security to automotive cybersecurity, endpoint security featuring AI, connected devices’ challenges, critical infrastructure vulnerabilities, ICS risk, crypto challenges, extended detection and response, cyber insurance, and more. You can also earn your CPE credits by attending the summit. ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Leonard Ong
Senior Director | Regional Information Security Officer, Intercontinental & China
GE HealthCare
Mel Migrino
Group CISO
Manila Electric Company (MERALCO)
Anthony M. Bargar
CISO and Head of Technology Risk
SCBX Financial Technology Group
Mex Martinot (Conference Chair)
VP & Global Head of Growth - Industrial Cybersecurity
Siemens Energy
Charmaine Valmonte
CISO
Aboitiz Equity Ventures
Abid Adam (Conference Co-Chair)
Group Chief Risk and Compliance Officer
Axiata

Abid Adam
Group CISO & Group Head of Privacy
Axiata, Malaysia
Mel Migrino
Group CISO
Manila Electric Company (MERALCO)
Migriño is the vice president and group CISO of Meralco, the largest power distribution conglomerate in the Philippines. She has more than 15 years of combined experience in cyber governance, application and infrastructure security, operational technology security, business continuity, privacy,...
Steven Sim Kok Leong
President
ISACA Singapore
Justin Ong
APAC CISO
Panasonic Asia Pacific Pte. Ltd
Abid Adam (Conference Co-Chair)
Group Chief Risk and Compliance Officer
Axiata
Micky Lo
Former Managing Director and CRO
BNY Mellon
Leonard Ong
Senior Director | Regional Information Security Officer, Intercontinental & China
GE HealthCare
Ong is senior director, regional security officer, APAC at GE Healthcare. He has more than 20 years of experience in Information, Cyber and Corporate Security gained in telecommunication, enterprise, banking, pharmaceutical and healthcare industries.
John Kindervag
Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow
ON2IT Cybersecurity
John Kindervag is the "Father of Zero Trust," who as an analyst at Forrester invented the term and defined the reference architecture for a network whose five basic principles defined the notion of Zero Trust. He is also the co-founder...
Mex Martinot (Conference Chair)
VP & Global Head of Growth - Industrial Cybersecurity
Siemens Energy
Joey Fontiveros
Commanding Officer
Cyber Battalion, ASR, Philippine Army
Anthony M. Bargar
CISO and Head of Technology Risk
SCBX Financial Technology Group
Edmund Situmorang
Managing Director and CTO
TechConnect Academy & PRODIGI (Sinarmas Group)
Situmorang is managing director and CTO of TechConnect Academy & PRODIGI (Sinarmas Group). He has worked in the U.S. for 11 years as a programmer and strategist, and enthusiastic about technology especially in the field of artificial intelligence.

View Agenda
Plenary: Role of Zero Trust in Establishing Cyber Resilience: A CISO’s Pragmatic Approach
John Kindervag, Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow, ON2IT Cybersecurity

Where does the journey to “zero trust begin and what are the common entry points for accessing data? Experts agree that zero trust is based on the assume breach premise that treats every asset as breached and all traffic as hostile.    

The question that arises is: Are CISOs using the “zero trust” concept to establish cyber resiliency to improve their defenses in fighting threats? 
The session will cover: 

  • How has the approach toward security changed as security perimeters disappear?
  • How to assess the maturity of the “zero trust” state with a realistic look at security and its dependencies on other functions in securing the future work environment?
John Kindervag
  • 09:15 AM
  • 09:34 AM
Keynote: Enterprise Security Preparedness in 2022 and Beyond: Tactical and Strategic Lessons for CISOs
Abid Adam (Conference Co-Chair), Group Chief Risk and Compliance Officer, Axiata

Southeast Asia has become a hotbed for cybercrime activities in 2022. Besides, the region has experienced an increase in DDoS attacks, ransomware attacks, attacks against industrial control systems (ICS), business email compromises and phishing attacks — the list is endless. Despite substantial annual spending on cybersecurity, breaches are still being reported at an alarming rate. 

Enterprises have been trying to put their best foot forward to mitigate the threats and attacks. In addition, they initiate ransomware planning and response with the adoption of concepts such as “zero trust,” layered security approach and multifactor authentication. While these have helped address a few tactical requirements, CISOs have been grappling with the challenge of implementing a long-term strategy to fight threats. 

The keynote session will cover how enterprises need to bolster their defenses in fighting threats in 2022 and beyond, and the lessons learned. 

Abid Adam (Conference Co-Chair)
  • 09:30 AM
  • 09:59 AM
Two-Way Street: A Cybersecurity Debate Between CTO and CISO — Where Is the Disagreement?
Edmund Situmorang, Managing Director and CTO, TechConnect Academy & PRODIGI (Sinarmas Group)

The majority of CISOs across regions face the single-most significant challenge of procuring necessary funding to support their cybersecurity programs. Are security leaders creating value for business as part of technology innovation? Are the functions of the CFO and CISO aligned in driving innovation and establishing a cyber-resilient enterprise? 
The session discusses how to align the CFO and CISO to a common goal to facilitate the continued success of their organization. Where is the disconnect?  

Edmund Situmorang
  • 10:30 AM
  • 10:49 AM
ESG Frameworks: A Cybersecurity Dimension for Improved Defenses

As organizations witness an increase in business risks, there is a trend to adopt environmental, social and governance (ESG) frameworks - a tangible means of evaluating corporate behavior - by incorporating cybersecurity to provide insights into cyber behaviors and risks. 
As mandates for ESG reporting intensify across industries, security leaders have the daunting task of providing transparency into how organizations use and protect the confidentiality and integrity of personal and customer data, and build trust between the organization and its key stakeholders. 
The session will cover: 

  • Deploying ESG framework in the context of cybersecurity 
  • Building secure and resilient operations
  • Integrating ESG and cybersecurity for threat mitigation 
  • 10:55 AM
  • 11:24 AM
Protecting the Critical Infrastructure in Uncertain Times: Updating Your Cybersecurity Plans

Operating and protecting critical infrastructure has gained considerable attention during this quasi-kinetic cyberwar. It’s evident that cyberattacks on critical infrastructure across Southeast Asia severely impact the global economy and the ability to execute modern, network-centric warfare. The effort to secure the enterprises against cyberattacks has led to much debate about the question: Is cyber deterrence possible given the sophistication of the attacks and the extensive offensive nature of the adversary groups? How to establish digital security for the critical infrastructure.  

The countries have witnessed a cyber spillover from the Ukraine and Russia conflict — DDoS, ransomware, wiper malware, and other attacks against critical infrastructure.  

  • 11:25 AM
  • 11:54 AM
Panel Discussion: Protecting Your Legacy Applications in Cloud and Building a Risk Management Program
Leonard Ong, Senior Director | Regional Information Security Officer, Intercontinental & China, GE HealthCare

Cloud computing brings a whole new level of autonomy and functionality to an organization, besides enhancing performance, agility, productivity and scalability. The pandemic has created the urgency for enterprises to move to cloud, and enterprises are in a race to adopt the “cloud-first” strategy to optimize the IT spend and secure their hybrid work environment. However, the major challenge is to tackle the risk associated with moving legacy applications to the cloud and find ways to build a risk management program to protect these applications. 

 
The session will cover:  

  • Risks of moving legacy applications to the cloud
  • Building an effective risk management program 
  • A holistic approach to protect cloud applications 

Leonard  Ong
  • 11:55 AM
  • 12:24 PM
OT and IT Convergence: Measuring the Security Risks
Mel Migrino, Group CISO, Manila Electric Company (MERALCO)
Mex Martinot (Conference Chair), VP & Global Head of Growth - Industrial Cybersecurity, Siemens Energy

Most OT systems are designed with little consideration for security. With increased cyber risk in this new digital transformation era, any approach to bridge the IT and OT divide is mission-critical for enterprise security.    

As a CISO, can you reduce risk, security and risk management function silos to bridge the security gaps?  Can you deploy suitable asset inventory methods and map the IT/OT risks?   

This session will cover:   

  • Building complete visibility and monitoring your IT and OT assets with the right access control
  • Integrating OT threat monitoring into SoC for threat detection
  • Implementing essential steps to establish OT security 
Mel  Migrino
Mex  Martinot (Conference Chair)
  • 12:35 PM
  • 12:54 PM
IoT Security: The Good, the Bad and the Ugly
Justin Ong, APAC CISO, Panasonic Asia Pacific Pte. Ltd

Organizations have been incorporating new tech and smart devices over the years.  These become the weakest link for cybercriminals to get and stay inside an organization.   

You’re securing more endpoints than ever across the most significant attack surface. Enter: IoT devices and the risks they bring. But they also get new business benefits. The threat is real for operators and manufacturers of connected devices.  

The session will discuss:   

  • IoT risks and who is impacted by them  
  • A reality check of security by design in IoT  
  • How do malware developers and hackers plan an attack against IoT devices  
Justin Ong
  • 12:55 PM
  • 01:24 PM
Panel: Building a Cyber-Resilient Enterprise: Bringing the C-Suite and Board Along
Micky Lo, Former Managing Director and CRO, BNY Mellon
Steven Sim Kok Leong, President, ISACA Singapore
Joey Fontiveros, Commanding Officer, Cyber Battalion, ASR, Philippine Army

Enterprises across the region are encouraged to invest in the infrastructure needed to build a secure and robust platform for business transformation and to support the digital economy.    
 
Can they align their strategy with the business priorities and rise to the expectations? What does digital innovation mean to security, and where is the disconnect? How to address the skill challenge? What needs to change, both tactically and strategically, to build a cyber-resilient organization?    

Micky Lo
Steven Sim  Kok Leong
Joey Fontiveros
  • 01:30 PM
  • 01:59 PM

Speaker Interviews

October 6 - 7, 2022

Cybersecurity Summit: Singapore