DynamicCISO Excellence Awards and Conference, 9th Edition
In-person Summit March 10 - 11, 2023
Building Cyber-Resilient Enterprises: Respond, Remediate and Recover

As we move into 2023, cybersecurity leaders continue to grapple with the daunting task of building a cyber-resilient enterprise against the backdrop of a continuously evolving global threat landscape.

We are witnessing malware operators implementing anti-analysis techniques to frustrate defenders, threat actors disguising attacks by obfuscating code, an unprecedented surge in ransomware and cryptojacking, and the hazards of adversarial AI and other multi-faceted social engineering attacks.

The task ahead requires that security practitioners stay vigilant. To not just understand TTPs and attack methodologies and improve mean time to detect; but also to swiftly respond, remediate and recover from incidents, thus helping create resilient enterprise information infrastructures.

Against this increasing complexity and the unrelenting pressure on an organization's limited cybersecurity resources, security teams have continued to do an incredible job, prevailing against the most adverse scenarios thrown at them.

We believe these efforts and stories are distinctly worthy of recognition, and we honor these cyber-warriors for their contributions toward establishing a cyber-secure ecosystem.

The DynamicCISO Excellence Awards and Conference, 9th Edition, will provide actionable insight, takeaways and recognition to top cybersecurity professionals. The themes discussed will include the challenges around the emerging threat landscape, the evolving regulatory guidance, improving ROI from cybersecurity investments, sustainable innovation and the future of cybersecurity.

The conference is designed to empower practitioners toward becoming business enablers for their organizations and will be followed by a gala awards function to honor excellence in cybersecurity.

Some key themes for the conference include:
  • Data protection and privacy
  • IT and IoT
  • Compliance and risk management
  • 5G security
  • DevSecOps
  • Identity and access management
  • Cryptocurrency
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
The Westin Mumbai Garden City
Name :
The Westin Mumbai Garden City
Address :
The Westin Mumbai Garden City, Oberoi Garden City, Yashodham, Goregaon, Mumbai, Maharashtra, India
SV Sunder Krishnan
Chief Risk Officer
Reliance Nippon Life Insurance Company Ltd.
Nandkumar Sarvade (Conference Chair)
Mentor on Security, Technology, Entrepreneurship and Governance, Former CEO
ReBIT (Reserve Bank Information Technology Pvt Ltd.)
Mathan Babu Kasilingam
CISO & DPO
Vodafone Idea Ltd
Dr. Pavan Duggal (Conference Co-chair)
Advocate
Supreme Court of India
Dr. Durgaprasad Dube (Conference Co-chair)
Executive Vice President
Reliance Industries Ltd.
Jacxine Fernandez
Vice President - Information Security
Bangalore International Airport Ltd.
Shivangi Nadkarni
Co-founder & CEO
Arrka
Mathan Babu Kasilingam
CISO & DPO
Vodafone Idea Ltd
Kasilingam is the chief information security officer of Vodafone Idea Ltd. With over two decades of experience in information and cybersecurity, he was instrumental in building a robust cybersecurity defense and response mechanism for NPCI. He is also a member...
Rajesh Hemrajani
Chief Information Security Officer
Paytm Payments Bank
Girish Dixit
Head-Cyber Defense
HDFC Bank
Dr. Pavan Duggal (Conference Co-chair)
Advocate
Supreme Court of India
Poorav Sheth
Chief Digital Officer
Godrej & Boyce Mfg. Co. Ltd.
Uday Deshpande
Group CISO
Larsen & Toubro Group of companies
Sridhar Sidhu
Senior Vice President and Head of Information Security Services Group
Wells Fargo
Sidhu is the senior vice president and head of Information and Cyber Security Services Group at Wells Fargo India. Prior to joining Wells Fargo, he served as a risk management fellow (Banking and Securities) at Deloitte, and also led global...
agnelo dsouza
Senior Executive Vice President and Chief Information Security Officer
Kotak Mahindra Bank
Justice B.N. Srikrishna
Former Judge
Supreme Court of India & Chairman - Data Protection Committee
Nandkumar Sarvade (Conference Chair)
Mentor on Security, Technology, Entrepreneurship and Governance, Former CEO
ReBIT (Reserve Bank Information Technology Pvt Ltd.)
Saravade is the former founding CEO of Reserve Bank Information Technology Pvt Ltd (ReBIT), set up for RBI’s systems and the Indian banking sector. He has more than three decades of experience in the government and private sector, advising governance,...
Vasanth Pai
Chief DPO, Chief Privacy Officer
Tech Mahindra
Kishan Kendre
Global Head- Information Security
Sun Pharmaceutical Industries Ltd.
Dilip Panjwani
Global Head - Cybersecurity Practice and CoE
LTIMindtree
Pradipta Patro
Head IT and Cyber security (CISO)
RPG Group(KEC international Limited )
Patro is the head of IT and cybersecurity at RPG Group (KEC International Ltd.). He has 21 years of experience in various domains, including digital transformation, IT service delivery management, enterprise cybersecurity governance, partner management and people management.
Dr. Durgaprasad Dube (Conference Co-chair)
Executive Vice President
Reliance Industries Ltd.
Kiran Belsekar
SVP - CISO & IT Governance
Aegon Life Insurance Co. Ltd.
Srinivas Poosaria
Sr VP and Group Chief Privacy Officer
Infosys Ltd.
Jitendra Jadhwani
Head Business Transformation & CISO
Tata Motors Finance (TMF) Ltd.
View Agenda
Welcome and Opening remarks - ISMG
Nandkumar Sarvade (Conference Chair), Mentor on Security, Technology, Entrepreneurship and Governance, Former CEO , ReBIT (Reserve Bank Information Technology Pvt Ltd.)
Dr. Durgaprasad Dube (Conference Co-chair), Executive Vice President, Reliance Industries Ltd.
Dr. Pavan Duggal (Conference Co-chair), Advocate, Supreme Court of India
Nandkumar Sarvade (Conference Chair)
Dr. Durgaprasad Dube (Conference Co-chair)
Dr. Pavan Duggal (Conference Co-chair)
  • 09:45 AM
  • 09:59 AM
Keynote: Global Security Challenges and Opportunities in 2023

Among other things, 2022 will be remembered for the Russian invasion of Ukraine and the cyberwarfare that transpired between the two nations. There has also been a significant increase in ransomware attacks on critical infrastructures globally in 2022, including AIIMS, one of India’s leading medical institutes. Following cyberattacks on its critical infrastructure, the Costa Rican government had to declare a national emergency.  

Given the sophistication of the threat landscape, how must India be prepared? What are the new security challenges and opportunities in 2023? 

 The keynote will cover: 

  • What global partnerships can we form to strengthen our cybersecurity policies?  
  • What plans does the government have for securing critical infrastructure?  
  • What are the key takeaways CISOs need to learn to respond to the challenges?  
  • Consolidation/rationalization of regulation  
  • 10:05 AM
  • 10:34 AM
CBDC - New Kid on the Block: Security Risks and Response

With the RBI announcing its central bank digital currency (CBDC) pilot project, steps need to be taken not only to scale the infrastructure but also to secure it. However, there still are many unanswered questions. Do we have to build everything from the scratch or can existing security infrastructure be leveraged? How are CBDCs different from UPI? How will the government build trust for mass adoption of this project and what are some of the bottlenecks?  

This session will deep dive into the changing nature of banking, including the risks and the security innovations, to support organizations in protecting the transactions ecosystem and establishing digital business. 

 The session will cover:  

  • CBDCs as a conditional secure payment service 
  • Using blockchain in securing the digital payments system 
  • Security-by-design approach to secure CBDC 
  • 10:40 AM
  • 11:09 AM
Operationalizing Zero Trust: A CISO’s Journey

To get the zero trust strategy right, it is important to know what exactly to protect, identify your crown jewels, understand what zero trust means to CISOs and security, and evaluate how to implement it faster without disrupting the business. However, unless you deal with the reality of a compromise, you do not know what is of value to you. It is important to know what your assets are and, among them, which is the most important asset.  

 

The session will cover: 

  • A case study on building a zero trust strategy 
  • Understanding the core components of a zero trust architecture 
  • Increased visibility options and implementing them quickly and efficiently
  • 11:15 AM
  • 11:34 AM
Networking Break
  • 11:35 AM
  • 11:49 AM
Moving Beyond SIEM: Readying Yourself to SOAR

As automation and cloud adoption become priorities, security teams are modernizing their security operations center. Legacy and outdated technologies like SIEM are being replaced with security orchestration, automation and response or SOAR. 

The two technologies share some common components but serve different purposes. What are the key things to consider before adopting SOAR? 

The session will cover: 

  • Has SIEM lost its relevance? 
  • Can SIEM and SOAR coexist in a hybrid cloud environment? 
  • How can cloud adoption help in better SOAR adoption? 
  • 11:50 AM
  • 12:09 PM
Is Your Identity Management Comprehensive Enough? Are You Just Tipping Your Toes?
Sridhar Sidhu , Senior Vice President and Head of Information Security Services Group, Wells Fargo

The critical components of an identity strategy, experts say, are to capture the data domains, engage using MFA, manage by providing user attributions, and administer managing identities from unauthorized sources. But are they adequate? Are you taking a piecemeal approach that does not help in compliance? Any written IM policy that can’t be enforced becomes ineffective. 

 

The session will cover: 

  • Components of a comprehensive identity management program  
  • How to balance between authentication and user experience 
  • How to manage the identity of your vendor partners 
Sridhar Sidhu
  • 12:15 PM
  • 12:44 PM
Blueprint for Next-Gen SOC: Juxtaposed With XDR

In the current threat environment, SOC teams continue to face the pressure of detecting intrusion as quickly as possible before it becomes a significant security incident. With so many point products in use in a typical organization, it is often time-consuming and challenging for the SOC team to search through the noise to find important alerts that may indicate the presence of a threat in the environment. 

SecOps is more difficult today than it was two years ago. Improvements are ongoing as teams adopt future-forward practices, including XDR deployment.  

However, it is critical to understand what XDR is, what it is not, and how it’s increasing SecOps efficiency and enabling the SOC team to detect, respond, and remediate threats across all attack channels in real time. 

The session will cover: 

  • Popular myths and realities about XDR  
  • How to embed XDR into the existing threat detection framework to enhance SOC capabilities 
  • Understanding the critical pieces of the XDR puzzle 
  • 12:50 PM
  • 01:19 PM
Lunch
  • 01:20 PM
  • 01:59 PM
Fireside Chat: Two-Way Street: CEO and CISO Conversation on InfoSec From a Business Lens
Uday Deshpande, Group CISO, Larsen & Toubro Group of companies

When it comes to cybersecurity, the CEO matters. Today, CEOs are recognizing the CISO’s role because it includes revenue protection, brand resilience and employee security. Cyber is an operational and existential risk for a business. How senior management provides support can impact how well an organization is protected from pervasive cyberthreats. The goal is to make sure the CEO understands the threat well enough to be able to mitigate it. It is imperative to use business language and shift the conversation away from technology and cyber language. But 2023 will be the year for CEOs to ask their CISO "what more can we get from what we already have?" Maximizing the coverage and protection of your existing tools and team and not letting your guard down must be the focus in 2023. 

The session will cover: 

  • Experience sharing 
  •  Criminal liability 
  •  Bridging the gap of cost and investment in cybersecurity 
Uday Deshpande
  • 02:00 PM
  • 02:29 PM
Panel: Cloud Security Lessons Learned: The Good, the Bad and the Ugly
Dilip Panjwani, Global Head - Cybersecurity Practice and CoE, LTIMindtree
Rajesh Hemrajani, Chief Information Security Officer, Paytm Payments Bank
Nandkumar Sarvade (Conference Chair), Mentor on Security, Technology, Entrepreneurship and Governance, Former CEO , ReBIT (Reserve Bank Information Technology Pvt Ltd.)

According to a recent report on cloud security, 27% of organizations have experienced a security incident in their public cloud infrastructure within the last 12 months. Of these, nearly a quarter (23%) were caused by security misconfigurations in cloud infrastructure. As organizations shift to the cloud, achieving, maintaining and demonstrating regulatory compliance in this different IT environment is a significant challenge. Regulations on data localization and data sovereignty are being formalized. However, designing and implementing compliance policies for cloud environments is different from those of on-premises systems.  

The session will cover:  

  • How to deal with cloud misconfigurations 
  • How to automate cloud security around deployment, monitoring and recovery 
  • Lessons learned on cloud security 
Dilip Panjwani
Rajesh Hemrajani
Nandkumar Sarvade (Conference Chair)
  • 02:35 PM
  • 02:54 PM
Ransomware Recovery: Moving Beyond Backups

Ransomware attacks are becoming inevitable as bad actors exploit the weakest link of cyber defense - humans. The goal of cyber resilience is to transform business expectations and guarantee that businesses face a less-than-significant impact from a cyberattack. NIST defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and attacks by cyber resources. The recovery process needs to ensure not only a quick recovery but also a quicker return to business. What is your current cyber recovery strategy? What challenges are you facing under recovery? 

The session will cover: 

  • How much to rely on backups 
  • Practicality of creating an alternate environment 
  • Leveraging cloud for better resilience 
  • 03:00 PM
  • 03:29 PM
Networking
  • 03:30 PM
  • 03:44 PM
Impact of Technology Deployments on Privacy: Striking the Right Balance

Experts say technology can promote accountability as well as anonymity. The computer systems and applications require proof of identity of the user before allowing them access to every function in an organization. Detection technologies, including XDR, could pose a challenge to privacy and security. Enterprises, thus, will have to strike a balance to protect data.  

The session will cover: 

  • Defining privacy and technology landscape in 2022 
  • The impact of increasing detection tools on privacy 
  • A collaborative approach to fuel privacy and tech innovation 
  • 03:50 PM
  • 04:19 PM
Panel: Data Protection Bill: What CISOs Can Expect?
Justice B.N. Srikrishna, Former Judge, Supreme Court of India & Chairman - Data Protection Committee
Vasanth Pai, Chief DPO, Chief Privacy Officer, Tech Mahindra
Poorav Sheth, Chief Digital Officer, Godrej & Boyce Mfg. Co. Ltd.

India has released its fourth draft bill on data protection. Although hailed as straightforward by the industry, many privacy proponents claim the Digital Personal Data Protection Bill 2022 is a lighter version of the original and takes away the focus from putting users’ or data principals' privacy rights at the center. With many things still vague, how can the bill ensure proper privacy rights without compromising the ease of doing business?  

The panel will cover: 

  • What can CISOs expect from the revised draft bill? 
  • Data localization conundrum 
  • What to protect
Justice B.N. 	 Srikrishna
Vasanth Pai
Poorav Sheth
  • 04:25 PM
  • 04:54 PM
Awards Reception
  • 07:00 PM
  • 08:59 PM
Opening Remarks: An Insight Into the Summit Sessions
  • 09:45 AM
  • 09:59 AM
Updating Your Cybersecurity Strategy in the New World
  • 10:05 AM
  • 10:34 AM
Secure Banking in 2023: The Next Big Innovation
agnelo dsouza, Senior Executive Vice President and Chief Information Security Officer, Kotak Mahindra Bank
Girish Dixit, Head-Cyber Defense, HDFC Bank

The demand for innovative financial services has never been stronger, with consumers testing new solutions from traditional banks, fintech firms, technology companies and other non-traditional players. Contactless, bots, blockchain, biometrics, AI and cloud are some of the digital innovations in the financial services industry. 

agnelo dsouza
Girish  Dixit
  • 10:35 AM
  • 11:04 AM
Panel: Third-Party Risk Management: How to Evolve a Program
Mathan Babu Kasilingam, CISO & DPO, Vodafone Idea Ltd
Kishan Kendre, Global Head- Information Security, Sun Pharmaceutical Industries Ltd.

With third-party-sourced breaches regularly making the headlines, most companies have become aware of the risks created by this extended attack surface - often because they have been victims themselves. By following the right path, security and risk leaders can feel confident in their approach to managing the cyber risk posed by third parties.  

The session will cover: 

  • How third-party risk environment has evolved 
  • What is needed for an effective risk management program 
  • The challenges of implementing third-party risk program 
Mathan Babu Kasilingam
Kishan Kendre
  • 11:10 AM
  • 11:39 AM
Fireside Chat: Policing the Shadows: Uncovering the Darkweb

Darkweb is a lifeline for many living under oppressive regimes. However, the anonymity of cryptocurrencies has led to a boom in cybercrime, and in turn, led darkweb to flourish.  

The darkweb is a marketplace for exfiltrated data from breached organizations, and it is critical for organizations to understand the myths and realities about it.  

Criminals have been able to successfully operate the "crime-as-a-service" model using darkweb and cryptocurrencies. However, businesses and the security agencies have been able to make very little, if any, impact.   

How can enterprises become cyber resilient, and how should law enforcement respond to this menace?     

The session will cover:    

  • New techniques and approaches used to combat security threats from the darkweb 
  • How is law enforcement responding to the investigation process and adapting to online technologies? 
  • Establishing access: venturing behind enemy lines 
  • 11:45 AM
  • 12:14 PM
Networking Session
  • 12:15 PM
  • 12:29 PM
An Integrated View of Various Compliance Requirements for CISOs

Compliance and regulations are often seen as a necessary evil in the world of cybersecurity. While too many regulations can make a CISO's life tough, not complying with them is not an option anymore. Moreover, with IT Act getting changed to Digital India Act, what are the new aspects that CISOs need to consider? What are the various legal requirements under Data Protection Bill? 

  • 12:30 PM
  • 12:59 PM
Cyber Insurance: Is It the Best Defense Against Fighting Ransomware?

The cyber insurance industry has been concerned with the rising costs of cybercrime. The element of the unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are significant concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks. Moreover, cyber insurance companies are targets themselves.   

The question on everyone's mind is - to what extent is cyber insurance fueling ransomware attacks, or is it the best defense against fighting ransomware?    

The session will cover:   

  • Changes in the cyber insurance sector   
  • Questions to ask before seeking insurance   
  • The role of MDR/XDR in making companies more attractive to insurers
  • 01:00 PM
  • 01:29 PM
Lunch
  • 01:30 PM
  • 02:14 PM
Tired of Siloed Security? Establish a Collaborative Approach Using Cybersecurity Mesh Architecture

The rapid evolution and sophistication of cyberattacks, and the migration of assets to hybrid multi-cloud, is creating a complete storm. It’s time to move past siloed security to a more collaborative and flexible approach to security. Organizations are trying their hands at cybersecurity mesh architecture designed to make security more composable and scalable by modularizing security functions and enabling them to interoperate through a set of supportive layers. Like zero trust, the cybersecurity web is focused on reimagining the boundaries of the identity layer and bringing together disparate security tools into a single, interoperable ecosystem.  

The session will cover: 

  • How to secure more with less 
  • Establishing intelligent security by design 
  • Enhancing security collaboration and integration 
  • 02:15 PM
  • 02:44 PM
Passwordless Authentication: What Needs to Change in 2023

Passwordless has become the holy grail for user authentication. But there are different interpretations of what passwordless is and is not. Passwords are less common than ever, but they are still used around the world.  With weak passwords often being the primary reason behind cyberattacks, companies are increasingly investing in biometrics and adaptive authentication.   

The session will cover: 

  • How open identity management is evolving 
  • How identity can cater to various risk profiles 
  • What needs to change in 2023? 
  • 02:45 PM
  • 03:04 PM
Panel: Skill Gap in Cybersecurity: Innovative Methods CISOs Are Deploying
Pradipta Patro, Head IT and Cyber security (CISO), RPG Group(KEC international Limited )
Jitendra Jadhwani, Head Business Transformation & CISO, Tata Motors Finance (TMF) Ltd.

As the threat landscape continues to deteriorate, criminals learn and use new techniques, and devastating attacks such as ransomware surge, security leaders struggle to fill a critical shortage of skilled talent. With the lack of sufficiently skilled security professionals to meet the needs to protect organizations, industry leaders must look for new ways to recruit and retain talent - who leverage next-generation technologies like automation - to close gaps before it's too late. 

 

The panel will discuss: 

  • How smart CISOs are closing the cybersecurity skill gap 
  • Initiatives to retain top-notch employees during the current cybersecurity workforce shortage 
  • Reskilling and upskilling of existing workforce versus hiring 
Pradipta Patro
Jitendra Jadhwani
  • 03:05 PM
  • 03:34 PM
The Year 2023: CISOs’ Tactical and Strategic Focus

Ransomware, insider threat, phishing, supply chain attacks, cryptojacking and social engineering attacks have seen an unprecedented surge. The CISOs have a list of issues to tackle. It would not be a surprise to say that the enterprises are experiencing a vendor sprawl. How do they strategize their plans and what tools are they betting on to take on the adversaries head-on? They have a daunting task of building a cyber-resilient enterprise against the backdrop of a continuously evolving global threat landscape.  

The panel will discuss:     

  • CISO technology priorities in 2023   
  • Key tactical and strategic approaches to tackle threats in 2023   
  • Essential components to building a cyber-resilient enterprise 
  • 04:05 PM
  • 04:34 PM
Closing Remarks
  • 04:35 PM
  • 04:59 PM

Building Cyber-Resilient Enterprises: Respond, Remediate and Recover

As we move into 2023, cybersecurity leaders continue to grapple with the daunting task of building a cyber-resilient enterprise against the backdrop of a continuously evolving global threat landscape.

We are witnessing malware operators implementing anti-analysis techniques to frustrate defenders, threat actors disguising attacks by obfuscating code, an unprecedented surge in ransomware and cryptojacking, and the hazards of adversarial AI and other multi-faceted social engineering attacks.

The task ahead requires that security practitioners stay vigilant. To not just understand TTPs and attack methodologies and improve mean time to detect; but also to swiftly respond, remediate and recover from incidents, thus helping create resilient enterprise information infrastructures.

Against this increasing complexity and the unrelenting pressure on an organization's limited cybersecurity resources, security teams have continued to do an incredible job, prevailing against the most adverse scenarios thrown at them.

We believe these efforts and stories are distinctly worthy of recognition, and we honor these cyber-warriors for their contributions toward establishing a cyber-secure ecosystem.

The DynamicCISO Excellence Awards and Conference, 9th Edition, will provide actionable insight, takeaways and recognition to top cybersecurity professionals. The themes discussed will include the challenges around the emerging threat landscape, the evolving regulatory guidance, improving ROI from cybersecurity investments, sustainable innovation and the future of cybersecurity.

The conference is designed to empower practitioners toward becoming business enablers for their organizations and will be followed by a gala awards function to honor excellence in cybersecurity.

Some key themes for the conference include:
  • Data protection and privacy
  • IT and IoT
  • Compliance and risk management
  • 5G security
  • DevSecOps
  • Identity and access management
  • Cryptocurrency
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

The Westin Mumbai Garden City
Name :
The Westin Mumbai Garden City
Address :
The Westin Mumbai Garden City, Oberoi Garden City, Yashodham, Goregaon, Mumbai, Maharashtra, India

SV Sunder Krishnan
Chief Risk Officer
Reliance Nippon Life Insurance Company Ltd.
Nandkumar Sarvade (Conference Chair)
Mentor on Security, Technology, Entrepreneurship and Governance, Former CEO
ReBIT (Reserve Bank Information Technology Pvt Ltd.)
Mathan Babu Kasilingam
CISO & DPO
Vodafone Idea Ltd
Dr. Pavan Duggal (Conference Co-chair)
Advocate
Supreme Court of India
Dr. Durgaprasad Dube (Conference Co-chair)
Executive Vice President
Reliance Industries Ltd.
Jacxine Fernandez
Vice President - Information Security
Bangalore International Airport Ltd.
Shivangi Nadkarni
Co-founder & CEO
Arrka

Mathan Babu Kasilingam
CISO & DPO
Vodafone Idea Ltd
Kasilingam is the chief information security officer of Vodafone Idea Ltd. With over two decades of experience in information and cybersecurity, he was instrumental in building a robust cybersecurity defense and response mechanism for NPCI. He is also a member...
Rajesh Hemrajani
Chief Information Security Officer
Paytm Payments Bank
Girish Dixit
Head-Cyber Defense
HDFC Bank
Dr. Pavan Duggal (Conference Co-chair)
Advocate
Supreme Court of India
Poorav Sheth
Chief Digital Officer
Godrej & Boyce Mfg. Co. Ltd.
Uday Deshpande
Group CISO
Larsen & Toubro Group of companies
Sridhar Sidhu
Senior Vice President and Head of Information Security Services Group
Wells Fargo
Sidhu is the senior vice president and head of Information and Cyber Security Services Group at Wells Fargo India. Prior to joining Wells Fargo, he served as a risk management fellow (Banking and Securities) at Deloitte, and also led global...
agnelo dsouza
Senior Executive Vice President and Chief Information Security Officer
Kotak Mahindra Bank
Justice B.N. Srikrishna
Former Judge
Supreme Court of India & Chairman - Data Protection Committee
Nandkumar Sarvade (Conference Chair)
Mentor on Security, Technology, Entrepreneurship and Governance, Former CEO
ReBIT (Reserve Bank Information Technology Pvt Ltd.)
Saravade is the former founding CEO of Reserve Bank Information Technology Pvt Ltd (ReBIT), set up for RBI’s systems and the Indian banking sector. He has more than three decades of experience in the government and private sector, advising governance,...
Vasanth Pai
Chief DPO, Chief Privacy Officer
Tech Mahindra
Kishan Kendre
Global Head- Information Security
Sun Pharmaceutical Industries Ltd.
Dilip Panjwani
Global Head - Cybersecurity Practice and CoE
LTIMindtree
Pradipta Patro
Head IT and Cyber security (CISO)
RPG Group(KEC international Limited )
Patro is the head of IT and cybersecurity at RPG Group (KEC International Ltd.). He has 21 years of experience in various domains, including digital transformation, IT service delivery management, enterprise cybersecurity governance, partner management and people management.
Dr. Durgaprasad Dube (Conference Co-chair)
Executive Vice President
Reliance Industries Ltd.
Kiran Belsekar
SVP - CISO & IT Governance
Aegon Life Insurance Co. Ltd.
Srinivas Poosaria
Sr VP and Group Chief Privacy Officer
Infosys Ltd.
Jitendra Jadhwani
Head Business Transformation & CISO
Tata Motors Finance (TMF) Ltd.

View Agenda
Welcome and Opening remarks - ISMG
Nandkumar Sarvade (Conference Chair), Mentor on Security, Technology, Entrepreneurship and Governance, Former CEO , ReBIT (Reserve Bank Information Technology Pvt Ltd.)
Dr. Durgaprasad Dube (Conference Co-chair), Executive Vice President, Reliance Industries Ltd.
Dr. Pavan Duggal (Conference Co-chair), Advocate, Supreme Court of India
Nandkumar Sarvade (Conference Chair)
Dr. Durgaprasad Dube (Conference Co-chair)
Dr. Pavan Duggal (Conference Co-chair)
  • 09:45 AM
  • 09:59 AM
Keynote: Global Security Challenges and Opportunities in 2023

Among other things, 2022 will be remembered for the Russian invasion of Ukraine and the cyberwarfare that transpired between the two nations. There has also been a significant increase in ransomware attacks on critical infrastructures globally in 2022, including AIIMS, one of India’s leading medical institutes. Following cyberattacks on its critical infrastructure, the Costa Rican government had to declare a national emergency.  

Given the sophistication of the threat landscape, how must India be prepared? What are the new security challenges and opportunities in 2023? 

 The keynote will cover: 

  • What global partnerships can we form to strengthen our cybersecurity policies?  
  • What plans does the government have for securing critical infrastructure?  
  • What are the key takeaways CISOs need to learn to respond to the challenges?  
  • Consolidation/rationalization of regulation  
  • 10:05 AM
  • 10:34 AM
CBDC - New Kid on the Block: Security Risks and Response

With the RBI announcing its central bank digital currency (CBDC) pilot project, steps need to be taken not only to scale the infrastructure but also to secure it. However, there still are many unanswered questions. Do we have to build everything from the scratch or can existing security infrastructure be leveraged? How are CBDCs different from UPI? How will the government build trust for mass adoption of this project and what are some of the bottlenecks?  

This session will deep dive into the changing nature of banking, including the risks and the security innovations, to support organizations in protecting the transactions ecosystem and establishing digital business. 

 The session will cover:  

  • CBDCs as a conditional secure payment service 
  • Using blockchain in securing the digital payments system 
  • Security-by-design approach to secure CBDC 
  • 10:40 AM
  • 11:09 AM
Operationalizing Zero Trust: A CISO’s Journey

To get the zero trust strategy right, it is important to know what exactly to protect, identify your crown jewels, understand what zero trust means to CISOs and security, and evaluate how to implement it faster without disrupting the business. However, unless you deal with the reality of a compromise, you do not know what is of value to you. It is important to know what your assets are and, among them, which is the most important asset.  

 

The session will cover: 

  • A case study on building a zero trust strategy 
  • Understanding the core components of a zero trust architecture 
  • Increased visibility options and implementing them quickly and efficiently
  • 11:15 AM
  • 11:34 AM
Networking Break
  • 11:35 AM
  • 11:49 AM
Moving Beyond SIEM: Readying Yourself to SOAR

As automation and cloud adoption become priorities, security teams are modernizing their security operations center. Legacy and outdated technologies like SIEM are being replaced with security orchestration, automation and response or SOAR. 

The two technologies share some common components but serve different purposes. What are the key things to consider before adopting SOAR? 

The session will cover: 

  • Has SIEM lost its relevance? 
  • Can SIEM and SOAR coexist in a hybrid cloud environment? 
  • How can cloud adoption help in better SOAR adoption? 
  • 11:50 AM
  • 12:09 PM
Is Your Identity Management Comprehensive Enough? Are You Just Tipping Your Toes?
Sridhar Sidhu , Senior Vice President and Head of Information Security Services Group, Wells Fargo

The critical components of an identity strategy, experts say, are to capture the data domains, engage using MFA, manage by providing user attributions, and administer managing identities from unauthorized sources. But are they adequate? Are you taking a piecemeal approach that does not help in compliance? Any written IM policy that can’t be enforced becomes ineffective. 

 

The session will cover: 

  • Components of a comprehensive identity management program  
  • How to balance between authentication and user experience 
  • How to manage the identity of your vendor partners 
Sridhar Sidhu
  • 12:15 PM
  • 12:44 PM
Blueprint for Next-Gen SOC: Juxtaposed With XDR

In the current threat environment, SOC teams continue to face the pressure of detecting intrusion as quickly as possible before it becomes a significant security incident. With so many point products in use in a typical organization, it is often time-consuming and challenging for the SOC team to search through the noise to find important alerts that may indicate the presence of a threat in the environment. 

SecOps is more difficult today than it was two years ago. Improvements are ongoing as teams adopt future-forward practices, including XDR deployment.  

However, it is critical to understand what XDR is, what it is not, and how it’s increasing SecOps efficiency and enabling the SOC team to detect, respond, and remediate threats across all attack channels in real time. 

The session will cover: 

  • Popular myths and realities about XDR  
  • How to embed XDR into the existing threat detection framework to enhance SOC capabilities 
  • Understanding the critical pieces of the XDR puzzle 
  • 12:50 PM
  • 01:19 PM
Lunch
  • 01:20 PM
  • 01:59 PM
Fireside Chat: Two-Way Street: CEO and CISO Conversation on InfoSec From a Business Lens
Uday Deshpande, Group CISO, Larsen & Toubro Group of companies

When it comes to cybersecurity, the CEO matters. Today, CEOs are recognizing the CISO’s role because it includes revenue protection, brand resilience and employee security. Cyber is an operational and existential risk for a business. How senior management provides support can impact how well an organization is protected from pervasive cyberthreats. The goal is to make sure the CEO understands the threat well enough to be able to mitigate it. It is imperative to use business language and shift the conversation away from technology and cyber language. But 2023 will be the year for CEOs to ask their CISO "what more can we get from what we already have?" Maximizing the coverage and protection of your existing tools and team and not letting your guard down must be the focus in 2023. 

The session will cover: 

  • Experience sharing 
  •  Criminal liability 
  •  Bridging the gap of cost and investment in cybersecurity 
Uday Deshpande
  • 02:00 PM
  • 02:29 PM
Panel: Cloud Security Lessons Learned: The Good, the Bad and the Ugly
Dilip Panjwani, Global Head - Cybersecurity Practice and CoE, LTIMindtree
Rajesh Hemrajani, Chief Information Security Officer, Paytm Payments Bank
Nandkumar Sarvade (Conference Chair), Mentor on Security, Technology, Entrepreneurship and Governance, Former CEO , ReBIT (Reserve Bank Information Technology Pvt Ltd.)

According to a recent report on cloud security, 27% of organizations have experienced a security incident in their public cloud infrastructure within the last 12 months. Of these, nearly a quarter (23%) were caused by security misconfigurations in cloud infrastructure. As organizations shift to the cloud, achieving, maintaining and demonstrating regulatory compliance in this different IT environment is a significant challenge. Regulations on data localization and data sovereignty are being formalized. However, designing and implementing compliance policies for cloud environments is different from those of on-premises systems.  

The session will cover:  

  • How to deal with cloud misconfigurations 
  • How to automate cloud security around deployment, monitoring and recovery 
  • Lessons learned on cloud security 
Dilip Panjwani
Rajesh Hemrajani
Nandkumar Sarvade (Conference Chair)
  • 02:35 PM
  • 02:54 PM
Ransomware Recovery: Moving Beyond Backups

Ransomware attacks are becoming inevitable as bad actors exploit the weakest link of cyber defense - humans. The goal of cyber resilience is to transform business expectations and guarantee that businesses face a less-than-significant impact from a cyberattack. NIST defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and attacks by cyber resources. The recovery process needs to ensure not only a quick recovery but also a quicker return to business. What is your current cyber recovery strategy? What challenges are you facing under recovery? 

The session will cover: 

  • How much to rely on backups 
  • Practicality of creating an alternate environment 
  • Leveraging cloud for better resilience 
  • 03:00 PM
  • 03:29 PM
Networking
  • 03:30 PM
  • 03:44 PM
Impact of Technology Deployments on Privacy: Striking the Right Balance

Experts say technology can promote accountability as well as anonymity. The computer systems and applications require proof of identity of the user before allowing them access to every function in an organization. Detection technologies, including XDR, could pose a challenge to privacy and security. Enterprises, thus, will have to strike a balance to protect data.  

The session will cover: 

  • Defining privacy and technology landscape in 2022 
  • The impact of increasing detection tools on privacy 
  • A collaborative approach to fuel privacy and tech innovation 
  • 03:50 PM
  • 04:19 PM
Panel: Data Protection Bill: What CISOs Can Expect?
Justice B.N. Srikrishna, Former Judge, Supreme Court of India & Chairman - Data Protection Committee
Vasanth Pai, Chief DPO, Chief Privacy Officer, Tech Mahindra
Poorav Sheth, Chief Digital Officer, Godrej & Boyce Mfg. Co. Ltd.

India has released its fourth draft bill on data protection. Although hailed as straightforward by the industry, many privacy proponents claim the Digital Personal Data Protection Bill 2022 is a lighter version of the original and takes away the focus from putting users’ or data principals' privacy rights at the center. With many things still vague, how can the bill ensure proper privacy rights without compromising the ease of doing business?  

The panel will cover: 

  • What can CISOs expect from the revised draft bill? 
  • Data localization conundrum 
  • What to protect
Justice B.N. 	 Srikrishna
Vasanth Pai
Poorav Sheth
  • 04:25 PM
  • 04:54 PM
Awards Reception
  • 07:00 PM
  • 08:59 PM
Opening Remarks: An Insight Into the Summit Sessions
  • 09:45 AM
  • 09:59 AM
Updating Your Cybersecurity Strategy in the New World
  • 10:05 AM
  • 10:34 AM
Secure Banking in 2023: The Next Big Innovation
agnelo dsouza, Senior Executive Vice President and Chief Information Security Officer, Kotak Mahindra Bank
Girish Dixit, Head-Cyber Defense, HDFC Bank

The demand for innovative financial services has never been stronger, with consumers testing new solutions from traditional banks, fintech firms, technology companies and other non-traditional players. Contactless, bots, blockchain, biometrics, AI and cloud are some of the digital innovations in the financial services industry. 

agnelo dsouza
Girish  Dixit
  • 10:35 AM
  • 11:04 AM
Panel: Third-Party Risk Management: How to Evolve a Program
Mathan Babu Kasilingam, CISO & DPO, Vodafone Idea Ltd
Kishan Kendre, Global Head- Information Security, Sun Pharmaceutical Industries Ltd.

With third-party-sourced breaches regularly making the headlines, most companies have become aware of the risks created by this extended attack surface - often because they have been victims themselves. By following the right path, security and risk leaders can feel confident in their approach to managing the cyber risk posed by third parties.  

The session will cover: 

  • How third-party risk environment has evolved 
  • What is needed for an effective risk management program 
  • The challenges of implementing third-party risk program 
Mathan Babu Kasilingam
Kishan Kendre
  • 11:10 AM
  • 11:39 AM
Fireside Chat: Policing the Shadows: Uncovering the Darkweb

Darkweb is a lifeline for many living under oppressive regimes. However, the anonymity of cryptocurrencies has led to a boom in cybercrime, and in turn, led darkweb to flourish.  

The darkweb is a marketplace for exfiltrated data from breached organizations, and it is critical for organizations to understand the myths and realities about it.  

Criminals have been able to successfully operate the "crime-as-a-service" model using darkweb and cryptocurrencies. However, businesses and the security agencies have been able to make very little, if any, impact.   

How can enterprises become cyber resilient, and how should law enforcement respond to this menace?     

The session will cover:    

  • New techniques and approaches used to combat security threats from the darkweb 
  • How is law enforcement responding to the investigation process and adapting to online technologies? 
  • Establishing access: venturing behind enemy lines 
  • 11:45 AM
  • 12:14 PM
Networking Session
  • 12:15 PM
  • 12:29 PM
An Integrated View of Various Compliance Requirements for CISOs

Compliance and regulations are often seen as a necessary evil in the world of cybersecurity. While too many regulations can make a CISO's life tough, not complying with them is not an option anymore. Moreover, with IT Act getting changed to Digital India Act, what are the new aspects that CISOs need to consider? What are the various legal requirements under Data Protection Bill? 

  • 12:30 PM
  • 12:59 PM
Cyber Insurance: Is It the Best Defense Against Fighting Ransomware?

The cyber insurance industry has been concerned with the rising costs of cybercrime. The element of the unpredictability of the cybercrime world does not work well for the industry. New coverage and rising renewal rates are significant concerns. Premiums are rising by 10- to 20-fold. Recent research reports show that 70% of cybersecurity professionals believe insurance payments to companies that have paid a ransom exacerbate the problem and cause more attacks. Moreover, cyber insurance companies are targets themselves.   

The question on everyone's mind is - to what extent is cyber insurance fueling ransomware attacks, or is it the best defense against fighting ransomware?    

The session will cover:   

  • Changes in the cyber insurance sector   
  • Questions to ask before seeking insurance   
  • The role of MDR/XDR in making companies more attractive to insurers
  • 01:00 PM
  • 01:29 PM
Lunch
  • 01:30 PM
  • 02:14 PM
Tired of Siloed Security? Establish a Collaborative Approach Using Cybersecurity Mesh Architecture

The rapid evolution and sophistication of cyberattacks, and the migration of assets to hybrid multi-cloud, is creating a complete storm. It’s time to move past siloed security to a more collaborative and flexible approach to security. Organizations are trying their hands at cybersecurity mesh architecture designed to make security more composable and scalable by modularizing security functions and enabling them to interoperate through a set of supportive layers. Like zero trust, the cybersecurity web is focused on reimagining the boundaries of the identity layer and bringing together disparate security tools into a single, interoperable ecosystem.  

The session will cover: 

  • How to secure more with less 
  • Establishing intelligent security by design 
  • Enhancing security collaboration and integration 
  • 02:15 PM
  • 02:44 PM
Passwordless Authentication: What Needs to Change in 2023

Passwordless has become the holy grail for user authentication. But there are different interpretations of what passwordless is and is not. Passwords are less common than ever, but they are still used around the world.  With weak passwords often being the primary reason behind cyberattacks, companies are increasingly investing in biometrics and adaptive authentication.   

The session will cover: 

  • How open identity management is evolving 
  • How identity can cater to various risk profiles 
  • What needs to change in 2023? 
  • 02:45 PM
  • 03:04 PM
Panel: Skill Gap in Cybersecurity: Innovative Methods CISOs Are Deploying
Pradipta Patro, Head IT and Cyber security (CISO), RPG Group(KEC international Limited )
Jitendra Jadhwani, Head Business Transformation & CISO, Tata Motors Finance (TMF) Ltd.

As the threat landscape continues to deteriorate, criminals learn and use new techniques, and devastating attacks such as ransomware surge, security leaders struggle to fill a critical shortage of skilled talent. With the lack of sufficiently skilled security professionals to meet the needs to protect organizations, industry leaders must look for new ways to recruit and retain talent - who leverage next-generation technologies like automation - to close gaps before it's too late. 

 

The panel will discuss: 

  • How smart CISOs are closing the cybersecurity skill gap 
  • Initiatives to retain top-notch employees during the current cybersecurity workforce shortage 
  • Reskilling and upskilling of existing workforce versus hiring 
Pradipta Patro
Jitendra Jadhwani
  • 03:05 PM
  • 03:34 PM
The Year 2023: CISOs’ Tactical and Strategic Focus

Ransomware, insider threat, phishing, supply chain attacks, cryptojacking and social engineering attacks have seen an unprecedented surge. The CISOs have a list of issues to tackle. It would not be a surprise to say that the enterprises are experiencing a vendor sprawl. How do they strategize their plans and what tools are they betting on to take on the adversaries head-on? They have a daunting task of building a cyber-resilient enterprise against the backdrop of a continuously evolving global threat landscape.  

The panel will discuss:     

  • CISO technology priorities in 2023   
  • Key tactical and strategic approaches to tackle threats in 2023   
  • Essential components to building a cyber-resilient enterprise 
  • 04:05 PM
  • 04:34 PM
Closing Remarks
  • 04:35 PM
  • 04:59 PM

Speaker Interviews

March 10 - 11, 2023

DynamicCISO Excellence Awards and Conference, 9th Edition