Virtual Cybersecurity Summit: South East Asia
Virtual Summit April 12 - 13, 2022
The South East Asia region is poised for digital transformation across enterprises; it has become an easy and prime target for cyberattacks. According to a recent report, the region's digital economy can add $1 trillion to GDP over the next ten years. Security leaders say the area has become hotbeds for cyber threats due to unsecured infrastructure and smart nation hub with growing growth inter-connectedness. We observe several new initiatives in the payments and fintech industry as organizations increase in scale. The significant challenge CISOs witness is the lack of cyber readiness in building a cyber-resilient enterprise, given the shortage of skills and resources and extreme dependencies on third-party vendors. The region witnessed a rise in ransomware, phishing, BEC scams, and multifaceted extortion. The government of Singapore, Malaysia, the Philippines, and others are putting their best foot forward to build a comprehensive program for enterprises to deal with such challenges. Attend our summit to gain insights from the global and regional cybersecurity thought leaders on the critical aspects of IoT security, mobile device security, ransomware defenses, third-party supply chain risks, cloud, XDR, cryptocurrency, bitcoin, blockchain, threat intelligence, and more.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Dr Haji Amirudin Abdul Wahab
CEO
CyberSecurity Malaysia
Dr Wahab is currently the chief executive officer of cybersecurity Malaysia, a strategic agency under the Ministry of Science, Technology, and Innovation (MOSTI). He has more than 20 years of ICT working experience in the telecom and IT sectors in...
Geetha Nandikotkur
Managing Editor & Conference Chair, Asia & Middle East
ISMG
Col Joey Fontiveros
Commanding Officer
Cyber Battalion, ASR, Philippine Army
Soumo Mukherjee
Head of Security Architecture-Cybersecurity
Petronas
Mukherjee is the head of security architecture for cybersecurity at Petronas. He is responsible for end-user security, identity and access management, cloud security, and Microsoft 365. During his long career in information technology services, he has been a transformation leader,...
Parag Deodhar
Director - Information Security, APAC
VF Corporation
Deodhar is the director of cyber security & risk management for APAC at VF Corp and is based in Hong Kong. He has more than 20 years’ experience in enterprise risk management, specializing in operational risk, cyber security and fraud...
Shane Read
CISO
Hex Trust
Read is the CISO at Hex Trust. He is an accomplished information security executive and CISO with more than 20 years of international experience in the public and private sectors and a track record of effectively developing InfoSec maturity, managing...
Scott Flower
Associate Professor
University of Western Australia
Flower is global intelligence offier, Asia Pacific, at FS-ISAC. He has been based in Singapore over the last decade and his most recent role was leading the Asia Pacific largest cyber threat fusion analysis cell protecting the global financial sector....
Wilbertus Darmadi
CIO
Toyota Astra
Darmadi is CIO of Toyota Astra Motor. He has more than 26 years of experience as IT professional especially in automotive industry. He has worked with multinational stakeholders, team and partners and has helped companies to boost business performance using...
Advisory Board
Mario Demarillas
CISO and Head of Software Engineering
Exceture
Demarillas is a member of the board of directors, CISO and head of IT consulting and software engineering at Exceture Inc., based in Manila, Philippines. He has over 20 years of professional experience in information systems and internal audit, fraud...
Suparna Goswami
Associate Editor
ISMG
Edmund Situmorang
Managing Director and CTO
TechConnect Academy & PRODIGI (Sinarmas Group)
Situmorang is managing director and CTO of TechConnect Academy & PRODIGI (Sinarmas Group). He has worked in the U.S. for 11 years as a programmer and strategist, and enthusiastic about technology especially in the field of artificial intelligence.
Romanus Prabhu Raymond
Global Head of Technical Support for Endpoint Management & Security
ManageEngine
Raymond is global head for technical support for endpoint management & security at ManageEngine, a division of Zoho Corp. With more than 18 years of experience spanning from the legacy client management to modern endpoint management and security solution domains,...
Emil Tan
Chief Operating Officer
Red Alpha Cybersecurity
Tan is the COO of Red Alpha Cybersecurity – a cybersecurity talent development company. He is also the Southeast Asia Regional Advocate for CREST. He has been in the cybersecurity industry for more than 10 years and has experience in...
Kunal Sehgal
Former Managing Director
GRF, OT-ISAC
Sehgal is the former managing director at GRF. He has been a cyber-evangelist for more than 15 years and is an untiring advocate of cyber threat intelligence sharing. He encourages the cyber-defenders to work together, by maintaining a strong level...
Vaibhav Khandelwal
Regional Head of Security and Fraud, ASEAN & India
F5
Khandelwal works at the intersection of banking and technology. At F5, he looks after business growth for ASEAN and the South Asia region. He previously held roles in cybersecurity, digital banking transformation, fraud prevention and risk management.
Conference Chair and Co-Chair
Ismamuradi Abdul Kadir
Acting CISO-Risk Management Division
Bank Muamalat Malaysia Berhad
Venkatesh Subramaniam
Global Chief Information Security Officer & Privacy Head at Olam International
Olam International
Brendan Laws
Director Solutions Architecture APJ
Rapid7
Laws is director, solutions architecture, Asia Pacific & Japan, at Rapid7. He helps people understand challenges, define goals and mature cyber capabilities; whilst accommodating their teams’ abilities and leveraging the diverse array of technologies and your business strategy.
Mel Migrino
Vice President and Group CISO
Meralco
Migriño is the vice president and group CISO of Meralco, the largest power distribution conglomerate in the Philippines. She has more than 15 years of combined experience in cyber governance, application and infrastructure security, operational technology security, business continuity, privacy,...
George Do
CISO
Gojek
Do is chief information security officer at Gojek. He has been working in the cybersecurity field for more than 25 years concentrating on the development of cybersecurity programs. He specializes in the transformation of security programs, winning customer trust, and...
James Fong
Director Risk and Security Solutions – Asia
ServiceNow
Fong is director risk and security solutions, Asia at ServiceNow. As a solution leader, he provides leadership and coaching abilities for the team to attain set goals and targeted development to drive net new logos and drive incremental business across...
Jayaraj Puthanveedu
MD-Cyber and Tech. Risk, Global Head - Operational Resilience
BNP Paribas Group
Nikolaos Thymianis
CISO
Caresocius
Thymianis is the CISO at Caresocius in Greece. He is working in risk management initiatives for Pfizer. His previous work made him associate with people in the healthcare industry, while doing cybersecurity assurance and maturity assessments for organizations in the...
Advisory Board
Christopher Kruegel
VP of Security Services
VMware
View Agenda
Welcome to ISMG's South East Asia Summit

The summit has been carefully designed with the support and guidance of the 'editorial advisory board', including senior thought leaders from the ASEAN region, to capture the regional security challenges that resonate with current concerns.

Click here to see the list of advisory board members. 

  • 09:00 AM
  • 09:14 AM
Keynote: Building Cyber Defense Capabilities in Wartime: Role of CISO's
Col Joey Fontiveros, Commanding Officer, Cyber Battalion, ASR, Philippine Army

The South East Asia region is poised for digital transformation across enterprises; it has become an easy and prime target for cyberattacks.  

It’s no longer a matter of if, but when you’re going to be the victim of a cyberattack. Are you prepared? It’s no longer a theory about protecting your critical infrastructure. It’s a different world today, post-Solarwinds, Colonial Pipeline, Log4J, and Ukraine, and it requires a different cybersecurity strategy to fight hybrid warfare. Various regional governments have tightened their cyber defenses as attacks surge and to protect digital domains. 

Do you think yesterday’s cyber strategy will hold well for 2022? What needs to change in how CISOs conduct business and secure digital assets from ever-evolving, ever-automating cyber adversaries?   

The session will cover:  

  • New cyber defenses required to fight evolving threats   
  • How much does automation help in enhancing your security posture?   
  • CISO’s role in a war zone 
Col Joey Fontiveros
  • 09:15 AM
  • 09:45 AM
Plenary Session: Industry 4.0: Protecting Your Data in the Era of Digital Transformation
Dr Haji Amirudin Abdul Wahab, CEO, CyberSecurity Malaysia

With the dawn of the fourth industrial revolution (industry 4.0), organizations have put their digital transformation at the top of their agenda. While the digital transformation will enhance competitiveness and bring agility and optimal decision-making capabilities, it brings cybersecurity risks and innovation. It is indeed driving automation, accelerating the adoption of IIoT, which is expected to contribute most of IoT’s business value potential. 

The plenary session cover: 

  • Getting ready for Industry 4.0: Sizing up the security risks 
  • Understanding the weakest link 
  • Protecting your data and securing the endpoints 
Dr Haji Amirudin Abdul Wahab
  • 09:45 AM
  • 10:16 AM
  • 10:15 AM
  • 10:30 AM
TrackA
Brendan Laws
Track A: Building Threat & Risk Management Programs for Digital Transformation
Brendan Laws, Director Solutions Architecture APJ, Rapid7

We have been hearing about digital transformation for some time. Your business could be looking to reduce the cost or thinking about agility and swiftly bringing your services to market.

Many of us are on a similar journey! New terms, new architectures, confusing statements, and more security technologies are afoot. And, of course, we have to confront our capacity to deliver on these technologies whilst ensuring information remains secure as best as we can.

Brendan will explain how we can help your team determine risk, build secure applications, monitor threats and evolve to automated remediation on any workload or asset, whether on-premise, hybrid or cloud-centric. 

  • 10:15 AM
  • 10:30 AM
TrackB
Christopher Kruegel
Track B: The Next Evolution in XDR: The Security Promise
Christopher Kruegel, VP of Security Services, VMware

The daunting task for CISOs today is to turn today’s threats into tomorrow’s advantage. The tool that most security leaders are leaning on is the XDR to build resilient, dynamic, and living security.  You could argue that true XDR can bring material benefit, but only if it combines different detection capabilities directly at the data source (network and endpoint)? However, the security promise of XDR would ensure detection, response, and adaptive prevention.   

The session will cover:  

  • How XDR will drive enhanced detection and response with improved security operations  
  • Improved network and endpoint visibility and remediation capabilities  
  • Understand the critical components of the XDR puzzle and integration with the technologies 
  • 10:30 AM
  • 11:00 AM
TrackA
Vaibhav  Khandelwal
Track A: Using AI & Behavioural Biometrics to Mitigate Social Engineering Banking Fraud
Vaibhav Khandelwal, Regional Head of Security and Fraud, ASEAN & India, F5

Banks in the ASEAN have seen their customers targeted by social engineering frauds. New fraudulent methods are bypassing Web application firewalls and multi-factor authentication security controls. 

This session will cover:

  • How are fraudsters leveraging automated bots, MFA bypass toolkits, and social engineering methods to evade traditional banking controls?
  • How with F5's AI and behavior telemetry an ASEAN Bank could protect customers whose credentials & OTP were stolen via social engineering and smishing.
  • Pitfalls in the use of AI with the network and security convergence
  • 10:30 AM
  • 11:00 AM
TrackB
Romanus Prabhu Raymond
Track B: Securing your Endpoints in the Era of Digital Transformation
Romanus Prabhu Raymond, Global Head of Technical Support for Endpoint Management & Security, ManageEngine

The challenge for CISOs in their digital transformation journey is to understand the right technologies required for their business and how do you secure those endpoints that are going to expand. The question would arise on what you need to focus on endpoint security that could protect all access points which are vulnerable to cyber criminals to breach your network.

The session will cover:

  • Endpoint security for 2022 – How do you need to predict and protect
  •  Knowing what’s connected to your network, despite ever expanding endpoints
  •  Establishing sustainable security with the growth in endpoints for detection and response.
Two-Way Street: A Cybersecurity Debate between CTO vs. CISO-Where is the Disagreement?
Mario Demarillas, CISO and Head of Software Engineering, Exceture
Edmund Situmorang, Managing Director and CTO, TechConnect Academy & PRODIGI (Sinarmas Group)

Almost all CISOs across regions have a single most significant challenge of getting the necessary funding to support their cybersecurity programs. Are security leaders creating value for business and part of technology innovation? Is the CTO function aligned with security in driving innovation? Meeting the Expectations.   

The session discusses how to get a CTO and the CISO on a common goal to facilitate the continued success of their organization. Where is the disconnect?

Mario Demarillas
Edmund Situmorang
  • 11:00 AM
  • 11:29 AM
  • 11:45 AM
  • 12:15 PM
TrackA
Wilbertus Darmadi
Track A: Are you Cloud Ready? A CISO’s Manifestations
Wilbertus Darmadi, CIO, Toyota Astra

Organizations believe that cloud computing brings a whole new level of autonomy and functionality, besides enhancing performance, agility, productivity and scalability. The pandemic has created the urgency for enterprises to move to cloud and enterprises are in a race to adopt the ‘cloud-first’ strategy to optimize the IT spend and secure their hybrid work environment.   

CISO are tasked with building a cloud-first security strategy and mitigating risks arising with this.  

The session will cover:  

  • Cloud migration and its bottle necks 
  • A holistic approach to cloud security and compliance  
  • Governance and risk 
  • 11:45 AM
  • 12:15 PM
TrackB
Scott Flower
Track B: Assessing the Effectiveness of Your Cyber Threat Intelligence Program: Building a Business Case
Scott Flower, Associate Professor, University of Western Australia

The region has witnessed the most prominent organizations hitting the headlines. It is beyond doubt that organizations have a huge staff and a myriad of cybersecurity tools to secure their environment; yet, they were still breached. The current approach is insufficient, and the deployed technologies don’t provide the necessary intel to detect the blind spots. 

It is imperative to assess the effectiveness of the cyber threat intelligence program, and building a business case is essential in driving actionable threat intelligence. 

  • Understanding what cyber threat intelligence gives to an organization 
  • Reasons for taking a risk-based approach 
  • Using technologies and integration to drive actionable threat intelligence
  • 12:15 PM
  • 12:42 PM
TrackA
Jayaraj Puthanveedu
Track A: Risk-Based Discussion: Are you Aligned with the Board?
Jayaraj Puthanveedu, MD-Cyber and Tech. Risk, Global Head - Operational Resilience, BNP Paribas Group

Building relationships with business unit leaders and driving a practical risk-based discussion with the board is critical in making informed risk decisions.  
The daunting task for CISOs is the uncertainty around the reporting of significant risks, including just what represents a 'significant' risk, which challenges many organizations today. Can you question the management and boards regarding how strategy affects risk and vice versa and their best approach to risk and discuss risk management in a meaningful and productive way?  

The session will cover:     

  • Criteria for integrating risk information into decision making  
  • Educating and evaluating of board members to measure strategic decisions on a risk parameter  
  • Use case scenario to understand risk appetite and value at risk 
  • 12:15 PM
  • 12:42 PM
TrackB
Ismamuradi Abdul Kadir
Track B: Lessons from the SolarWinds Hack: A CISO's Response
Ismamuradi Abdul Kadir, Acting CISO-Risk Management Division, Bank Muamalat Malaysia Berhad

The popular SolarWinds hack, the supply chain attack that implanted a backdoor in the Orion network monitoring software pushed to 18,000 of the firm's customers, is considered to be potentially the most significant intrusion in our history.  
The campaign's full scale, including all of the tactics, techniques and procedures being used by attackers remaining unknown, has left most enterprises across the regions in a state of shock. 
What are the lessons the CISOs need to learn from this attack? Do you have a process to evaluate your vendor's security policies and frameworks? 

The session will cover:

  • How should the risk framework of supply chain vendors evolve;
  • The risks posed by different kinds of vendors;
  • Defining security by design approach while evaluating the third-party products.
  • 01:00 PM
  • 01:29 PM
TrackA
Nikolaos Thymianis
Track A: Ongoing Hybrid Warfare: Are You a Target for DDoS Attacks?
Nikolaos Thymianis, CISO, Caresocius

As Russia and Ukraine invasions are making the headlines, organizations across the globe are facing a series of DDoS attacks. Besides, new forms of malware intrusions are surfacing that can destroy infected machines. How are organizations in the South East Asian regions responding to DDoS attacks? How vulnerable are financial institutions to DDoS attacks? 

The session will cover: 

  • How to strengthen your defenses against DDoS? 
  • Managing your risk exposure 
  • Attribution to the DDoS attacks 
  • 01:00 PM
  • 01:29 PM
TrackB
Soumo Mukherjee
Track B: Can the Zero Trust Security Approach Mitigate your Threat Challenges
Soumo Mukherjee, Head of Security Architecture-Cybersecurity, Petronas

Where does the journey to ‘zero trust’ begin and what are the common entry points and how can it unfold. Experts agree that ‘zero trust’ is based on the premise, ‘assume breach’, and treat every asset as breached, and all traffic as hostile.   
The plenary session will discuss how the way we approach security has changed dramatically as security perimeters have dissolved and assess the maturity of ‘zero trust’ state with a realistic look at security and its dependencies with other functions in securing the future work environment.  

Panel Discussion: You Have Been Breached: Is Your Incidence Response Strategy Top Notch?
George Do, CISO, Gojek
Emil Tan, Chief Operating Officer, Red Alpha Cybersecurity
James Fong, Director Risk and Security Solutions – Asia, ServiceNow

The year 2021 stands as testimony to the large ransomware attacks witnessed globally. The South East Asia is not an exception. The Southeast Asian region will see a spike in multifaceted extortion with more public breaches, along with an increase in ransomware-as-a-service operations in 2022. the increase will be driven by the rise in cryptocurrency value and the difficulty in attributing the arrest of people associated with a specific cyber campaign, experts say.   

What needs to change as CISOs experience increasing hacking burnout in preventing such malware intrusions? Can they operationalize technology in their prevention and incidence response mechanism to address ransomware issues?   

The panel will cover:   

  • Building an effective incidence response and investigation mechanism   
  • How do deal with the recovery response process in the event of an attack  
  • Taking a tactical and strategic approach to battling ransomware and protecting backups   
George Do
Emil Tan
James Fong
  • 01:30 PM
  • 02:02 PM
  • 02:00 PM
  • 02:33 PM
TrackA
Mel Migrino
Track A: OT Security: Bridging the Silos
Mel Migrino, Vice President and Group CISO, Meralco

Most OT systems are designed with very little consideration for security. With increased cyber risk in this new digital transformation era, any approach to bridge the IT and OT divide is mission-critical for enterprise security.  As a CISO, can you reduce risk, security, and risk management functions silos to bridge the security gaps?  Can you deploy the suitable asset inventory methods and map the IT/OT risks?   

This session will cover:   

  • Building complete visibility and monitoring of your IT and OT assets with the right access control   
  • Integrating OT threat monitoring into SoC for threat detection  
  • Essential steps to establish OT security 
  • 02:00 PM
  • 02:33 PM
TrackB
Shane Read
Track B: Are You SOC 2 Compliant? Assessing the Third-Party Risks
Shane Read, CISO, Hex Trust

With the risks from third-parties escalating at a fast pace, enterprises across Southeast Asia are leaning towards SOC2, (Systems and Organization Controls) an audit procedure that ensures services providers securely manage their data and establish privacy and controls. How should CISOs comply with this standard as organizations move to the cloud and take up the digital transformation journey?

The session will cover: 

  • Why is SOC 2 important and how to integrate it with your ISO standard framework 
  • Establishing third party security using SOC 2 
  • Essential steps for CISOs in complying with the standard 
Panel Discussion : Impact of the Hybrid Cyber Warfare on the Supply Chain: Sizing Up the Security Risks
Parag Deodhar, Director - Information Security, APAC, VF Corporation
Venkatesh Subramaniam, Global Chief Information Security Officer & Privacy Head at Olam International, Olam International
Kunal Sehgal, Former Managing Director, GRF, OT-ISAC

We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider that cannot be ruled out as it is a significant intrusion of the entire ecosystem. The supply chain attacks ushers in the risk: supplier vulnerabilities which are the common cause of compromise. Keeping a watchful eye on suppliers' security status – always knowing the risks they bring in – is an essential part of building resilience and response.  

The session will cover:  

  • Impact of the on-going hybrid cyber warfare on the supply chain across enterprises 
  • How to measure the risks and respond to supply chain attacks?  
  • Security by design approach to secure software applications and evaluating the suppliers’ products 
Parag Deodhar
Venkatesh Subramaniam
Kunal Sehgal
  • 02:30 PM
  • 03:06 PM

The South East Asia region is poised for digital transformation across enterprises; it has become an easy and prime target for cyberattacks. According to a recent report, the region's digital economy can add $1 trillion to GDP over the next ten years. Security leaders say the area has become hotbeds for cyber threats due to unsecured infrastructure and smart nation hub with growing growth inter-connectedness. We observe several new initiatives in the payments and fintech industry as organizations increase in scale. The significant challenge CISOs witness is the lack of cyber readiness in building a cyber-resilient enterprise, given the shortage of skills and resources and extreme dependencies on third-party vendors. The region witnessed a rise in ransomware, phishing, BEC scams, and multifaceted extortion. The government of Singapore, Malaysia, the Philippines, and others are putting their best foot forward to build a comprehensive program for enterprises to deal with such challenges. Attend our summit to gain insights from the global and regional cybersecurity thought leaders on the critical aspects of IoT security, mobile device security, ransomware defenses, third-party supply chain risks, cloud, XDR, cryptocurrency, bitcoin, blockchain, threat intelligence, and more.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Dr Haji Amirudin Abdul Wahab
CEO
CyberSecurity Malaysia
Dr Wahab is currently the chief executive officer of cybersecurity Malaysia, a strategic agency under the Ministry of Science, Technology, and Innovation (MOSTI). He has more than 20 years of ICT working experience in the telecom and IT sectors in...
Geetha Nandikotkur
Managing Editor & Conference Chair, Asia & Middle East
ISMG
Col Joey Fontiveros
Commanding Officer
Cyber Battalion, ASR, Philippine Army
Soumo Mukherjee
Head of Security Architecture-Cybersecurity
Petronas
Mukherjee is the head of security architecture for cybersecurity at Petronas. He is responsible for end-user security, identity and access management, cloud security, and Microsoft 365. During his long career in information technology services, he has been a transformation leader,...
Parag Deodhar
Director - Information Security, APAC
VF Corporation
Deodhar is the director of cyber security & risk management for APAC at VF Corp and is based in Hong Kong. He has more than 20 years’ experience in enterprise risk management, specializing in operational risk, cyber security and fraud...
Shane Read
CISO
Hex Trust
Read is the CISO at Hex Trust. He is an accomplished information security executive and CISO with more than 20 years of international experience in the public and private sectors and a track record of effectively developing InfoSec maturity, managing...
Scott Flower
Associate Professor
University of Western Australia
Flower is global intelligence offier, Asia Pacific, at FS-ISAC. He has been based in Singapore over the last decade and his most recent role was leading the Asia Pacific largest cyber threat fusion analysis cell protecting the global financial sector....
Wilbertus Darmadi
CIO
Toyota Astra
Darmadi is CIO of Toyota Astra Motor. He has more than 26 years of experience as IT professional especially in automotive industry. He has worked with multinational stakeholders, team and partners and has helped companies to boost business performance using...
Advisory Board
Mario Demarillas
CISO and Head of Software Engineering
Exceture
Demarillas is a member of the board of directors, CISO and head of IT consulting and software engineering at Exceture Inc., based in Manila, Philippines. He has over 20 years of professional experience in information systems and internal audit, fraud...
Suparna Goswami
Associate Editor
ISMG
Edmund Situmorang
Managing Director and CTO
TechConnect Academy & PRODIGI (Sinarmas Group)
Situmorang is managing director and CTO of TechConnect Academy & PRODIGI (Sinarmas Group). He has worked in the U.S. for 11 years as a programmer and strategist, and enthusiastic about technology especially in the field of artificial intelligence.
Romanus Prabhu Raymond
Global Head of Technical Support for Endpoint Management & Security
ManageEngine
Raymond is global head for technical support for endpoint management & security at ManageEngine, a division of Zoho Corp. With more than 18 years of experience spanning from the legacy client management to modern endpoint management and security solution domains,...
Emil Tan
Chief Operating Officer
Red Alpha Cybersecurity
Tan is the COO of Red Alpha Cybersecurity – a cybersecurity talent development company. He is also the Southeast Asia Regional Advocate for CREST. He has been in the cybersecurity industry for more than 10 years and has experience in...
Kunal Sehgal
Former Managing Director
GRF, OT-ISAC
Sehgal is the former managing director at GRF. He has been a cyber-evangelist for more than 15 years and is an untiring advocate of cyber threat intelligence sharing. He encourages the cyber-defenders to work together, by maintaining a strong level...
Vaibhav Khandelwal
Regional Head of Security and Fraud, ASEAN & India
F5
Khandelwal works at the intersection of banking and technology. At F5, he looks after business growth for ASEAN and the South Asia region. He previously held roles in cybersecurity, digital banking transformation, fraud prevention and risk management.
Conference Chair and Co-Chair
Ismamuradi Abdul Kadir
Acting CISO-Risk Management Division
Bank Muamalat Malaysia Berhad
Venkatesh Subramaniam
Global Chief Information Security Officer & Privacy Head at Olam International
Olam International
Brendan Laws
Director Solutions Architecture APJ
Rapid7
Laws is director, solutions architecture, Asia Pacific & Japan, at Rapid7. He helps people understand challenges, define goals and mature cyber capabilities; whilst accommodating their teams’ abilities and leveraging the diverse array of technologies and your business strategy.
Mel Migrino
Vice President and Group CISO
Meralco
Migriño is the vice president and group CISO of Meralco, the largest power distribution conglomerate in the Philippines. She has more than 15 years of combined experience in cyber governance, application and infrastructure security, operational technology security, business continuity, privacy,...
George Do
CISO
Gojek
Do is chief information security officer at Gojek. He has been working in the cybersecurity field for more than 25 years concentrating on the development of cybersecurity programs. He specializes in the transformation of security programs, winning customer trust, and...
James Fong
Director Risk and Security Solutions – Asia
ServiceNow
Fong is director risk and security solutions, Asia at ServiceNow. As a solution leader, he provides leadership and coaching abilities for the team to attain set goals and targeted development to drive net new logos and drive incremental business across...
Jayaraj Puthanveedu
MD-Cyber and Tech. Risk, Global Head - Operational Resilience
BNP Paribas Group
Nikolaos Thymianis
CISO
Caresocius
Thymianis is the CISO at Caresocius in Greece. He is working in risk management initiatives for Pfizer. His previous work made him associate with people in the healthcare industry, while doing cybersecurity assurance and maturity assessments for organizations in the...
Advisory Board
Christopher Kruegel
VP of Security Services
VMware

View Agenda
Welcome to ISMG's South East Asia Summit

The summit has been carefully designed with the support and guidance of the 'editorial advisory board', including senior thought leaders from the ASEAN region, to capture the regional security challenges that resonate with current concerns.

Click here to see the list of advisory board members. 

  • 09:00 AM
  • 09:14 AM
Keynote: Building Cyber Defense Capabilities in Wartime: Role of CISO's
Col Joey Fontiveros, Commanding Officer, Cyber Battalion, ASR, Philippine Army

The South East Asia region is poised for digital transformation across enterprises; it has become an easy and prime target for cyberattacks.  

It’s no longer a matter of if, but when you’re going to be the victim of a cyberattack. Are you prepared? It’s no longer a theory about protecting your critical infrastructure. It’s a different world today, post-Solarwinds, Colonial Pipeline, Log4J, and Ukraine, and it requires a different cybersecurity strategy to fight hybrid warfare. Various regional governments have tightened their cyber defenses as attacks surge and to protect digital domains. 

Do you think yesterday’s cyber strategy will hold well for 2022? What needs to change in how CISOs conduct business and secure digital assets from ever-evolving, ever-automating cyber adversaries?   

The session will cover:  

  • New cyber defenses required to fight evolving threats   
  • How much does automation help in enhancing your security posture?   
  • CISO’s role in a war zone 
Col Joey Fontiveros
  • 09:15 AM
  • 09:45 AM
Plenary Session: Industry 4.0: Protecting Your Data in the Era of Digital Transformation
Dr Haji Amirudin Abdul Wahab, CEO, CyberSecurity Malaysia

With the dawn of the fourth industrial revolution (industry 4.0), organizations have put their digital transformation at the top of their agenda. While the digital transformation will enhance competitiveness and bring agility and optimal decision-making capabilities, it brings cybersecurity risks and innovation. It is indeed driving automation, accelerating the adoption of IIoT, which is expected to contribute most of IoT’s business value potential. 

The plenary session cover: 

  • Getting ready for Industry 4.0: Sizing up the security risks 
  • Understanding the weakest link 
  • Protecting your data and securing the endpoints 
Dr Haji Amirudin Abdul Wahab
  • 09:45 AM
  • 10:16 AM
  • 10:15 AM
  • 10:30 AM
TrackA
Brendan Laws
Track A: Building Threat & Risk Management Programs for Digital Transformation
Brendan Laws, Director Solutions Architecture APJ, Rapid7

We have been hearing about digital transformation for some time. Your business could be looking to reduce the cost or thinking about agility and swiftly bringing your services to market.

Many of us are on a similar journey! New terms, new architectures, confusing statements, and more security technologies are afoot. And, of course, we have to confront our capacity to deliver on these technologies whilst ensuring information remains secure as best as we can.

Brendan will explain how we can help your team determine risk, build secure applications, monitor threats and evolve to automated remediation on any workload or asset, whether on-premise, hybrid or cloud-centric. 

  • 10:15 AM
  • 10:30 AM
TrackB
Christopher Kruegel
Track B: The Next Evolution in XDR: The Security Promise
Christopher Kruegel, VP of Security Services, VMware

The daunting task for CISOs today is to turn today’s threats into tomorrow’s advantage. The tool that most security leaders are leaning on is the XDR to build resilient, dynamic, and living security.  You could argue that true XDR can bring material benefit, but only if it combines different detection capabilities directly at the data source (network and endpoint)? However, the security promise of XDR would ensure detection, response, and adaptive prevention.   

The session will cover:  

  • How XDR will drive enhanced detection and response with improved security operations  
  • Improved network and endpoint visibility and remediation capabilities  
  • Understand the critical components of the XDR puzzle and integration with the technologies 
  • 10:30 AM
  • 11:00 AM
TrackA
Vaibhav  Khandelwal
Track A: Using AI & Behavioural Biometrics to Mitigate Social Engineering Banking Fraud
Vaibhav Khandelwal, Regional Head of Security and Fraud, ASEAN & India, F5

Banks in the ASEAN have seen their customers targeted by social engineering frauds. New fraudulent methods are bypassing Web application firewalls and multi-factor authentication security controls. 

This session will cover:

  • How are fraudsters leveraging automated bots, MFA bypass toolkits, and social engineering methods to evade traditional banking controls?
  • How with F5's AI and behavior telemetry an ASEAN Bank could protect customers whose credentials & OTP were stolen via social engineering and smishing.
  • Pitfalls in the use of AI with the network and security convergence
  • 10:30 AM
  • 11:00 AM
TrackB
Romanus Prabhu Raymond
Track B: Securing your Endpoints in the Era of Digital Transformation
Romanus Prabhu Raymond, Global Head of Technical Support for Endpoint Management & Security, ManageEngine

The challenge for CISOs in their digital transformation journey is to understand the right technologies required for their business and how do you secure those endpoints that are going to expand. The question would arise on what you need to focus on endpoint security that could protect all access points which are vulnerable to cyber criminals to breach your network.

The session will cover:

  • Endpoint security for 2022 – How do you need to predict and protect
  •  Knowing what’s connected to your network, despite ever expanding endpoints
  •  Establishing sustainable security with the growth in endpoints for detection and response.
Two-Way Street: A Cybersecurity Debate between CTO vs. CISO-Where is the Disagreement?
Mario Demarillas, CISO and Head of Software Engineering, Exceture
Edmund Situmorang, Managing Director and CTO, TechConnect Academy & PRODIGI (Sinarmas Group)

Almost all CISOs across regions have a single most significant challenge of getting the necessary funding to support their cybersecurity programs. Are security leaders creating value for business and part of technology innovation? Is the CTO function aligned with security in driving innovation? Meeting the Expectations.   

The session discusses how to get a CTO and the CISO on a common goal to facilitate the continued success of their organization. Where is the disconnect?

Mario Demarillas
Edmund Situmorang
  • 11:00 AM
  • 11:29 AM
  • 11:45 AM
  • 12:15 PM
TrackA
Wilbertus Darmadi
Track A: Are you Cloud Ready? A CISO’s Manifestations
Wilbertus Darmadi, CIO, Toyota Astra

Organizations believe that cloud computing brings a whole new level of autonomy and functionality, besides enhancing performance, agility, productivity and scalability. The pandemic has created the urgency for enterprises to move to cloud and enterprises are in a race to adopt the ‘cloud-first’ strategy to optimize the IT spend and secure their hybrid work environment.   

CISO are tasked with building a cloud-first security strategy and mitigating risks arising with this.  

The session will cover:  

  • Cloud migration and its bottle necks 
  • A holistic approach to cloud security and compliance  
  • Governance and risk 
  • 11:45 AM
  • 12:15 PM
TrackB
Scott Flower
Track B: Assessing the Effectiveness of Your Cyber Threat Intelligence Program: Building a Business Case
Scott Flower, Associate Professor, University of Western Australia

The region has witnessed the most prominent organizations hitting the headlines. It is beyond doubt that organizations have a huge staff and a myriad of cybersecurity tools to secure their environment; yet, they were still breached. The current approach is insufficient, and the deployed technologies don’t provide the necessary intel to detect the blind spots. 

It is imperative to assess the effectiveness of the cyber threat intelligence program, and building a business case is essential in driving actionable threat intelligence. 

  • Understanding what cyber threat intelligence gives to an organization 
  • Reasons for taking a risk-based approach 
  • Using technologies and integration to drive actionable threat intelligence
  • 12:15 PM
  • 12:42 PM
TrackA
Jayaraj Puthanveedu
Track A: Risk-Based Discussion: Are you Aligned with the Board?
Jayaraj Puthanveedu, MD-Cyber and Tech. Risk, Global Head - Operational Resilience, BNP Paribas Group

Building relationships with business unit leaders and driving a practical risk-based discussion with the board is critical in making informed risk decisions.  
The daunting task for CISOs is the uncertainty around the reporting of significant risks, including just what represents a 'significant' risk, which challenges many organizations today. Can you question the management and boards regarding how strategy affects risk and vice versa and their best approach to risk and discuss risk management in a meaningful and productive way?  

The session will cover:     

  • Criteria for integrating risk information into decision making  
  • Educating and evaluating of board members to measure strategic decisions on a risk parameter  
  • Use case scenario to understand risk appetite and value at risk 
  • 12:15 PM
  • 12:42 PM
TrackB
Ismamuradi Abdul Kadir
Track B: Lessons from the SolarWinds Hack: A CISO's Response
Ismamuradi Abdul Kadir, Acting CISO-Risk Management Division, Bank Muamalat Malaysia Berhad

The popular SolarWinds hack, the supply chain attack that implanted a backdoor in the Orion network monitoring software pushed to 18,000 of the firm's customers, is considered to be potentially the most significant intrusion in our history.  
The campaign's full scale, including all of the tactics, techniques and procedures being used by attackers remaining unknown, has left most enterprises across the regions in a state of shock. 
What are the lessons the CISOs need to learn from this attack? Do you have a process to evaluate your vendor's security policies and frameworks? 

The session will cover:

  • How should the risk framework of supply chain vendors evolve;
  • The risks posed by different kinds of vendors;
  • Defining security by design approach while evaluating the third-party products.
  • 01:00 PM
  • 01:29 PM
TrackA
Nikolaos Thymianis
Track A: Ongoing Hybrid Warfare: Are You a Target for DDoS Attacks?
Nikolaos Thymianis, CISO, Caresocius

As Russia and Ukraine invasions are making the headlines, organizations across the globe are facing a series of DDoS attacks. Besides, new forms of malware intrusions are surfacing that can destroy infected machines. How are organizations in the South East Asian regions responding to DDoS attacks? How vulnerable are financial institutions to DDoS attacks? 

The session will cover: 

  • How to strengthen your defenses against DDoS? 
  • Managing your risk exposure 
  • Attribution to the DDoS attacks 
  • 01:00 PM
  • 01:29 PM
TrackB
Soumo Mukherjee
Track B: Can the Zero Trust Security Approach Mitigate your Threat Challenges
Soumo Mukherjee, Head of Security Architecture-Cybersecurity, Petronas

Where does the journey to ‘zero trust’ begin and what are the common entry points and how can it unfold. Experts agree that ‘zero trust’ is based on the premise, ‘assume breach’, and treat every asset as breached, and all traffic as hostile.   
The plenary session will discuss how the way we approach security has changed dramatically as security perimeters have dissolved and assess the maturity of ‘zero trust’ state with a realistic look at security and its dependencies with other functions in securing the future work environment.  

Panel Discussion: You Have Been Breached: Is Your Incidence Response Strategy Top Notch?
George Do, CISO, Gojek
Emil Tan, Chief Operating Officer, Red Alpha Cybersecurity
James Fong, Director Risk and Security Solutions – Asia, ServiceNow

The year 2021 stands as testimony to the large ransomware attacks witnessed globally. The South East Asia is not an exception. The Southeast Asian region will see a spike in multifaceted extortion with more public breaches, along with an increase in ransomware-as-a-service operations in 2022. the increase will be driven by the rise in cryptocurrency value and the difficulty in attributing the arrest of people associated with a specific cyber campaign, experts say.   

What needs to change as CISOs experience increasing hacking burnout in preventing such malware intrusions? Can they operationalize technology in their prevention and incidence response mechanism to address ransomware issues?   

The panel will cover:   

  • Building an effective incidence response and investigation mechanism   
  • How do deal with the recovery response process in the event of an attack  
  • Taking a tactical and strategic approach to battling ransomware and protecting backups   
George Do
Emil Tan
James Fong
  • 01:30 PM
  • 02:02 PM
  • 02:00 PM
  • 02:33 PM
TrackA
Mel Migrino
Track A: OT Security: Bridging the Silos
Mel Migrino, Vice President and Group CISO, Meralco

Most OT systems are designed with very little consideration for security. With increased cyber risk in this new digital transformation era, any approach to bridge the IT and OT divide is mission-critical for enterprise security.  As a CISO, can you reduce risk, security, and risk management functions silos to bridge the security gaps?  Can you deploy the suitable asset inventory methods and map the IT/OT risks?   

This session will cover:   

  • Building complete visibility and monitoring of your IT and OT assets with the right access control   
  • Integrating OT threat monitoring into SoC for threat detection  
  • Essential steps to establish OT security 
  • 02:00 PM
  • 02:33 PM
TrackB
Shane Read
Track B: Are You SOC 2 Compliant? Assessing the Third-Party Risks
Shane Read, CISO, Hex Trust

With the risks from third-parties escalating at a fast pace, enterprises across Southeast Asia are leaning towards SOC2, (Systems and Organization Controls) an audit procedure that ensures services providers securely manage their data and establish privacy and controls. How should CISOs comply with this standard as organizations move to the cloud and take up the digital transformation journey?

The session will cover: 

  • Why is SOC 2 important and how to integrate it with your ISO standard framework 
  • Establishing third party security using SOC 2 
  • Essential steps for CISOs in complying with the standard 
Panel Discussion : Impact of the Hybrid Cyber Warfare on the Supply Chain: Sizing Up the Security Risks
Parag Deodhar, Director - Information Security, APAC, VF Corporation
Venkatesh Subramaniam, Global Chief Information Security Officer & Privacy Head at Olam International, Olam International
Kunal Sehgal, Former Managing Director, GRF, OT-ISAC

We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider that cannot be ruled out as it is a significant intrusion of the entire ecosystem. The supply chain attacks ushers in the risk: supplier vulnerabilities which are the common cause of compromise. Keeping a watchful eye on suppliers' security status – always knowing the risks they bring in – is an essential part of building resilience and response.  

The session will cover:  

  • Impact of the on-going hybrid cyber warfare on the supply chain across enterprises 
  • How to measure the risks and respond to supply chain attacks?  
  • Security by design approach to secure software applications and evaluating the suppliers’ products 
Parag Deodhar
Venkatesh Subramaniam
Kunal Sehgal
  • 02:30 PM
  • 03:06 PM

Speaker Interviews

April 12 - 13, 2022

Virtual Cybersecurity Summit: South East Asia