Agenda Highlights
- Identity and Access Management
- AI-Driven Threat Intelligence
- Post-Quantum Cryptography
- Cybersecurity for Autonomous Systems
- SASE enabled
- DPDP Act
- Cloud Security
Menu
ISMG’s Cybersecurity Summit: Mumbai Empowers the Security Community Through Insightful Keynotes and Interactive solutions
India, as one of the world’s leading digital economies, has made significant investments in cybersecurity to safeguard its critical infrastructure, businesses, and citizen data. The country’s cybersecurity landscape, characterized by rapid technological advancements, has faced digital disruptions and increasing exposure to cyberthreats and vulnerabilities.
At the ISMG Cybersecurity Summit: Mumbai 2023, CISOs and security leaders explored innovative ways to defend against these digital disruptions by focusing on three key principles: refreshing, redefining, and reimagining cybersecurity strategies. The event provided a platform for leaders to share insights on fostering change, driving innovation, and reinforcing security across their organizations.
The summit brought together top cybersecurity experts and thought leaders to discuss crucial topics such as IoT risk, India’s cybersecurity initiatives, the Digital Personal Data Protection Act, and critical infrastructure vulnerabilities. Security experts from partner organizations shared their best practices for business transformation and defending against emerging threats.
Attendees also had the opportunity to earn CPE credits for their participation.
Mumbai, Maharashtra, IN
ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats
ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.
They are addressing the most pressing security challenges while also driving innovation and positively impacting the business. It is imperative to understand how CISOs, as leaders, serve as role models by demonstrating inclusive leadership skills and embodying qualities that go beyond being a guiding beacon in a VUCA (volatile, uncertain, complex and ambiguous) world to becoming a beacon themselves.
How are CISOs redefining their leadership and making their presence felt across the organization, deploying the right technology, innovating effectively, enhancing communication, and minimizing attack surfaces while responding to market opportunities?
The session will address the CISOs’ role as leaders in shaping a better future. It will also cover:
Sameer Ratolikar, Senior Executive Vice President & CISO, HDFC Bank Ltd.
It is beyond doubt that Digital India has created vast opportunities for innovation across various sectors, significantly boosting the country’s economic growth. The progress in the financial sector serves as evidence of its substantial strides in facilitating transactions across the country. The flip side of it is that innovation has introduced major risks and CISOs face the daunting task of safeguarding their digital innovations. The industry has witnessed frequent incidents of government systems and large private sector organizations becoming victims of serious cyberattacks and data breaches with the growing digitization.
We are at the cusp of the next wave of computing – quantum computing, representing a remarkable leap in computing power. It promises enhanced encryption capabilities, leading to more secure systems.
Amid the growing opportunities and challenges driven by the Digital India momentum, the keynote session will address the following objectives:
Dr. Yoginder Talwar, Sr.GM/HoD-Tender and CISO, National Informatics Centre Services Incorporated
The cybersecurity industry is more skewed toward predicting breaches, making it imperative for CISOs to evolve a predictive security-based framework that can enable them to assess and calculate risks for their organization.
The question often arises whether the security practitioners are able to develop a predictive security model that will empower them to truly manage cyber risk, detect indicators of compromises, estimate the probability of an attack using appropriate threat intel, or identify and mitigate security risks and vulnerabilities.
The session will cover:
Satheesh Kalyanasundaram, Regional Sales Manager, CrowdStrike
But the bigger question is are these leaders effectively discussing cybersecurity with the board and establishing the need for resiliency to gain the board’s attention?
The task of the security team is to be the beacon of change in influencing the board’s attitude toward cybersecurity to enable them to support with appropriate resources.
Are CISO-board disconnects exacerbated due to a lack of personal familiarity between them? Are security leaders communicating efficiently in the business language about the risk, reputation and resilience adorning their leadership roles?
What should the new-age boardroom’s approach be to understand cybersecurity and how can they eliminate obstacles that prevent organizations from developing a proactive security culture?
The session will cover:
Dr. Bhimaraya Metri, Director, Indian Institute of Management Nagpur
Track A
A proactive and strategic approach is needed to effectively mitigate cyber risk.
Organizations must stay one step ahead of adversaries by establishing continuous monitoring, ongoing assessment, and a comprehensive understanding of the threat landscape by leveraging threat intelligence and prioritization and remediation of vulnerabilities.
The session will cover:
D. Parthasarathy, Director of Technical Account Management, Qualys
Track B
This new approach is geared towards expediting software delivery, elevating quality, reinforcing security, and enhancing customer experiences.
The business environment has evolved from tightly controlled, centralized and internalized models to open models with multiple external dependencies. It is crucial to unveil a new era of software supply chain management committed to elevating your end-user experience.
The session will cover:
Prasanna Raghavendra, Sr. Director R&D, JFrog, India
Track A
How can organizations prepare for incident reporting requirements?
Cyberthreat information exchange is crucial for maintaining situational awareness and safeguarding the community against cyberattacks.
How can organizations, the private sector, governments and nations build trust and enhance near-real-time information sharing to build a cyber-resilient community? What are the key steps for security leaders to prepare for the CERT-In proposed rule for cybersecurity risk management, strategy, governance and incident disclosure?
The session will cover:
Dilip Panjwani, (Moderator), Global Head – Cybersecurity Practice and CoE, LTIMindtree
Shivkumar Pandey, CISO, BSE Ltd
Sambasivan G, CFO, Tata Play Ltd
Track B
However, assigning a monetary value to cyber risk has always been a challenge for CISOs.
Cyber risk quantification transcends technology and automation. It is a way for organizations to drive alignment between security strategy and business objectives.
The session will cover:
Sreeji Gopinathan, Global CIO, Lupin
Sammit Potdar, Global CISO, Lupin
Track A
As zero trust architecture relies on identity as one of its foundational pillars, it is critical to ensure that the right people have the appropriate level of access to the necessary resources, on the right devices, and in the relevant context.
Moving beyond the hype and the criticism of repeated messages that lack a clear direction, we will discuss the practical and actionable steps for implementing zero trust and realizing its value for the organization.
The session will cover:
Ganesh Narasimhadevara, Principal Solutions Engineer, Okta
Track B
This challenge underscores an imperative need to continuously assess data security using appropriate controls, ensuring the scope and compliance regulations are in place.
There is a need to simplify and enhance the zero trust capabilities to build appropriate security controls by navigating through the SASE platform. This can help identify various types of sensitive data stored across the organization and data in transition, along with understanding the data access and behavior pattern.
To enable the data-first approach to security, the session will cover:
Aman Thareja, Managing Director, Forcepoint India
Track A
As a result, in this digital era, simplifying cybersecurity becomes a crucial endeavor for security leaders, as protecting digital assets can be quite a complex and daunting task.
To combat the growing complexity, it is essential to focus on key strategies and approaches that simplify cybersecurity operations, enhance efficiency, optimize costs, and effectively protect your organization from the ever-evolving landscape of cyberthreats.
The session will cover:
Vishal Salvi, CEO, Quick Heal Technologies
Track B
As organizations undergo transformation with an imperative need to establish business resiliency and sustainability to stay ahead of adversaries, it becomes critical for security practitioners to take a proactive approach to security.
Can security leaders effectively communicate with the board to address their unanswered questions about security and risks in a language that the board can easily understand?
The session will cover:
Kunal Dixit, AVP Enterprise Sales, ETEK
Track A
However, this approach is not effective against zero-day attacks.
Behavior-based threat detection aims to address this limitation by focusing on the actions and behaviors of software or the users. Industries globally are relying on behavior-based threat detection to proactively mitigate potential threats.
The session will cover:
Dr. Durga Prasad Dube, Executive Vice President & Global CISO, Reliance Industries Ltd.
Track B
One domain where AI could be applied is IT operations. Modern enterprise applications have numerous dependencies, making the manual triaging of events to identify and troubleshoot system errors a humongous task. An intelligent AI-enabled system could determine the root cause of an anomaly and even suggest how to resolve it.
The session will cover:
Sachin Seth, CEO and MD BSE Ebix Insurance Broking Pvt. Ltd. (BSE Ebix)
Track A
Understanding the API attack techniques that hackers use to achieve their targets is critical, experts agree.
If the tactical goal is credential access, the attackers may use brute force attacks or man-in-the-middle attacks as their techniques. As organizations are modernizing their applications and infrastructure as part of their cloud strategy, the use of third-party software and APIs helps integrate with older applications and data stores. Protecting your APIs against vulnerabilities and malicious actors looking to gain access to your valuable data is crucial. There is a need to repurpose part of the budget from other layers of the technology stack to API security.
The session will cover:
Dr. N Rajendran, Chief Digital Officer, Multi Commodity Exchange of India Ltd.
Kiran Belsekar, Senior Vice President – CISO & IT Governance, Aegon Life
Rajat Sen, Regional Director, FS-ISAC
Apurva Dalal, Chief Information Officer, Adani Green Energy Ltd.
Track B
By cultivating a culture of security ownership, businesses can become more resilient to attacks.
This requires fostering a security culture that prioritizes robust defense mechanisms and ethical considerations, as well as the organization’s values. Merely relying on leadership directives is not enough. It is equally important to foster an environment of continuous learning and awareness at all levels.
The session will explore the synergies between robust defense strategies, ethical considerations, and organizational values, and how to integrate them into the decision-making process. It will further delve into the strategies to initiate and sustain this cultural transformation that embraces responsible defense practices and the role of leadership, communication and employee engagement in this context.
The session will cover:
Pooja Shimpi, Founder & CEO, SyberNow
Suresh A Shan, Chairman, Computer Society of India, Mumbai Chapter
Krishnamurthy Rajesh, Director – Information Technology (Global), GreyOrange
Basil Dange, CISO, Aditya Birla Sun Life Mutual Fund
Track A
But are they adequate? Are you taking a fragmented approach that does not contribute to compliance to frameworks such as access certification and governance, separation of duties, the right access for the right people, etc.?
Any written IAM policy that can’t be enforced becomes ineffective.
This session will cover:
Girish Dixit, CISO – Executive Vice President, Kotak Securities
S V Sunder Krishnan, EVP & CRO, Reliance Life Insurance
Track B
Cyber insurance has emerged as a vital tool for mitigating financial losses resulting from data breaches, cyberattacks and other digital vulnerabilities. The session will delve into the intricate realm of cyber insurance, and provide attendees with a comprehensive understanding of its role, benefits and challenges.
The session will cover:
Amol Deshpande, Group Chief Digital Officer and Head of Innovation, RPG Group
Bharat Panchal, Chief Industry Relations & Regulatory Officer, Discover Financial Services
Track A
However, this also exposes more risks from entities in the supply chain, such as suppliers, vendors, partners, contractors, open-source developers, etc.
It is crucial to analyze the intricate nature of modern software supply chains along with the business implications of a potential supply chain breach, resulting in data exposure, operational disruptions and reputational loss.
With more than 90% of software components in enterprise apps being open source, the risks of malicious packages from the open-source ecosystem are higher than ever.
The session will cover:
Venkatesh Vanjaku, Security Consultant, CloudSEK
Track B
As both public and private organizations increasingly rely on mobile applications, ensuring that they are protected from vulnerabilities and defects is imperative.
Mobile apps continue to provide unprecedented support for facilitating organizational objectives. However, despite their utility, these apps can pose serious security risks to an organization and its users due to vulnerabilities that may exist within their software. IT and security leaders must build a modern AppSec strategy designed to support demanding development cycles while also ensuring application security.
The session will cover:
Govindraj Basatwar, Managing Director, AppSealing
Track A
Some experts argue that paying the ransom can expose an organization to reputational risk, causing their risk assessments to go awry. Additionally, extortion payment may encourage continued criminal activity.
The session will cover:
Vijay Kumar Verma, SVP & Head, Cyber Security Engineering (CSE), Jio Platforms
Pradipta Patro, Head of Cyber Security & IT Platform, KEC International Ltd. (An RPG Group Company)
Shailendra Kothavale, Chief Compliance and Risk Officer, Aditya Birla Sun Life Insurance
Steve D’Souza, Vice President – Enterprise Risk Management & CISO, ICICI Lombard
Track B
This was met with support from security leaders who agreed that data sovereignty was essential for the nation’s growth and for safeguarding data within the country securely.
However, the current DPDP 2023 Bill, which has been passed by both houses of Parliament, contradicts its former guidelines. The bill now allows the transfer of personal data outside India, except to countries restricted by the central government through notification.
Against this backdrop, there have been several questions raised by data privacy and security proponents around the adequate protection provisions for the data residing outside the country.
The session will cover:
Puneet Bhasin, Cyber Law Expert – Proprietor/Founder Cyberjure Legal Consulting
Kalpesh Doshi, Group CISO, HDFC Life
Shiju Rawther, Head – Information Technology, SBI Mutual Fund
Anil V. Lole, CISO India GDC, Fujitsu India
Track A
Since the Windows OS is predominantly used in endpoints and servers in an enterprise, it is critical to build deep visibility. Security teams must be aware of the Windows processes to enable them to identify threats on a system even without using expensive enterprise endpoint security solutions.
A proactive threat hunting built around an “assume breach” principle is crucial for CISOs to harness their knowledge and resources to outthink attackers.
The session will cover:
Rohit Shrivastava, VP – Cyber Defensive Operations, Barclays
Track B
Different industries are struggling to implement the diverse technologies associated with zero trust. The deployment of microsegmentation and access management, in particular, poses several challenges. What proves effective in one industry may not necessarily apply to another as zero trust is not a monolithic approach.
In light of such complexities in zero trust implementation, how well are CISOs prepared? Are CISOs just tipping their toes? How can they get more granular in their approach?
This session will cover:
Satyavrat Mishra, VP & Head Corporate IT, Godrej Industries Ltd.
Rohit Rane, CISO, HDFC Pension Management Company Ltd.
Urvish Acharya, Head – IT, Governance & Risk, CISO, Aditya Birla Group
Prashant Deshpande, President, ISACA Mumbai Chapter
As a result, security leaders need to rethink cybersecurity to establish secure and frictionless banking. As banks continue to face a surge in cyberthreats, security leaders need to redefine banking to enable quicker response time for querying, efficient dashboarding and alerting, and streamlined customer onboarding processes.
The evolving banking landscape, along with the risks and innovations in security, is actively disrupting the banking security ecosystem in a major way. This disruption is creating the need to integrate real-time controls to modernize banking operations with effective risk management and resilient techniques.
The Spotlight session will cover:
Prof. D Janakiram, Director, IDRBT
Gartner predicts that by 2024, at least 50% of organizations will use AI-driven security operations centers to detect cyberattacks more quickly than traditional methods. As attackers have been increasingly using AI techniques to disrupt enterprises’ security ecosystem, CISOs must stay ahead of them and invest in advanced technologies to understand the attackers’ mindset. India’s Digital Personal Data Protection Act 2023 has made CISOs and organizations accountable for breach incidents.
Hence, it is essential to take a 360 view of security by spotting the top technologies and trends that can shape the enterprise in 2024 and help in establishing a cybersecure ecosystem.
Brijesh Singh, Principal Secretary to Hon. Chief Minister, Maharashtra, Government of Maharashtra
Mathan Babu K., CTSO & DPO, Vodafone
Atul Singh, Regional Director, Sales for Western Region, CrowdStrike
Deven Parulekar, CEO, SaffronStays
Kavita Viswanath, Vice President & General Manager, JFrog, APAC
@ISMG_News
#ISMGSummits
Engage offers Continuing Education Credits. Learn informative and engaging content created specifically for security professionals.
RSVP here to attend our events. You can select for multiple or individual tickets.
Upcoming ISMG Events
@ISMG_News