08:00 - 09:00 SGT


09:00 - 09:10 SGT

Chairman's Welcome 

09:10 - 09:30 SGT

►There Ain't No Party Like a Compromised Third Party

Steve Brown, Director, Cybersecurity, MasterCard 

  • Safeguarding an evolving ecosystem goes way beyond protecting the transaction
  • Identification, automation, prioritisation, mitigation
  • Cyber resilience superseding cyber security 


09:30 - 09:50 SGT

► How to Disrupt Adversaries With Security Intelligence

Yeo Chien Jen, Director Systems Engineering, Asia Pacific, Recorded Future

  • How organisations can detect and mitigate cyberattacks at scale
  • How to stay ahead of adversaries who are constantly improving their techniques and evading defences
  • How access to security intelligence empowers organisations to learn about attacks proactively and take action
09:50 - 10:10 SGT

► From Firefighting to a New Normal: A journey into the Passwordless World

Karunanand Menon, Senior Sales Engineer, Asia, OKTA Inc

  • Accelerate digital transformation plans to enable remote collaboration, provide corporate access to data and applications from anywhere, and enable seamless digital sales and customer experience
  • Reimagine critical cloud infrastructure and security teams to manage this shift at speed, without compromising business continuity and enabling resiliency, whilst mitigating and in many cases anticipating cyber threats before they take effect
  • What does the new normal look like and how we do we mitigate the rising cyber threats
  • Opportunity to double-down on security awareness efforts: the need to migrate from traditional passwords as the risks they pose continues to grow
16:10 - 16:30

► Cybersecurity isn't Just Doom and Gloom

Jerome Walter, CISO, Digital Venture, Standard Chartered Bank 

  • Over the last 10 years, the transformation brought about by Agile development, Cloud technologies and DevOps has created a number of opportunities for security to rethink and implement new cyber hygiene strategies without slowing down the enterprise
  • See how the IDEAS architecture framework helps reconcile security and innovation
  • Exploring key metrics that help drive better organisational outcomes
  • How new practices are emerging to enable continuous verification and collective learnings
10:30 - 11:00 SGT

►Education Seminars 1

Delegates will be able to choose from a range of topics: 

  • Preventing the Next SolarWinds Breach: What *You* Need to Know About SASE, Jonathan Andresen, Senior Director, Marketing & Products, Asia Pacific & Japan, Bitglass
  • Threat Intelligence Without Context Is Just Noise, Vicente Diaz, Threat Intelligence Strategist, Google Cloud Security 
11:00 - 11:30 SGT

Break and Networking 

11:30 - 11:50 SGT

►Operational Resilience in the Financial Services 

The Financial Services have a more sophisticated attitude towards cyber risk given the level of regulation that binds the sector and the relentless level of attacks they face from criminals. Security leaders from banks, insurers, fintechs and investment managers understand that resilience is the key to a strong security posture. Join this executive panel discussion to find out how leaders in APAC financial institutions are addressing resilience

  • Frankie Shuai, Director of Cyber &Technology Risk, UBS
  • Kok Yew Toh, Director and Business Information Security Officer, FWD Insurance
  • Billy Chu, Head of Technology and Operational Risk, Airstar Bank
11:50 - 12:10 SGT

► Why Integrated Endpoint-to-Cloud Security is Essential

Aaron Cockerill, Chief Strategy Officer, Lookout 

  • From data centers to the cloud, organisations own a complex collection of apps to support work from anywhere
  • VPNs enable access but undermine security
  • Employees are using devices, software and networks you don’t control
  • Employees also now expect their personal privacy to be respected
  • Integrated endpoint-to-cloud security is essential to safeguard data and users, while complying with regulations and respecting personal privacy
12:10 - 12:30 SGT

► An Overdue Shift to People-Centric Security

Adrian Covich, Senior Director, Systems Engineering, Proofpoint APJ

  • Why is a new people-based threat intelligence model needed for cybersecurity strategy to evolve
  • How do you identify and protect your most attacked people
  • How can you mitigate behavioural vulnerabilities and problems with access privileges
  • How can you get more information from threat-intel data
12:30 - 13:00 SGT

► Education Seminars 2 

Delegates will be able to choose from a range of topics: 

  • Unified Policy Management Playbook Story of Visibility, Automation & Integration, Shikwang Jang, Regional Director, Firemon
  • Warning: Cyber Attacks Ahead, What's Your Cybersecurity Strategy? Harish Sekar, Senior Technical Evangelist, ManageEngine
13:00 - 14:00 SGT

Lunch and Networking 

14:00 - 14:20 SGT

► Security in the Midst of IT/OT Convergence. 

Mel Migriño, Group CISO, Meralco

  • Understanding the road blocks in integrating IT & OT
  • Application of AI in strengthening IT & OT convergence
  • Continuous assurance to better identify and mitigate risks 
14:20 - 14:40 SGT

► Lock Your Doors First: Prioritizing a Zero Trust Approach 

Andrew Kay, Regional Sales Engineer, Illumio 

  • Why end-to-end segmentation as a base for Zero Trust is the easiest win for security teams
  • Proactively prevent any malicious attack from spreading across endpoint or datacenter without network architecture change
  • How to gain real-time visibility across environments and create policies to stop unauthorized traffic 
14:40 - 15:00 SGT

► Selling Breaches: The Transfer of Network Access on Criminal Forums

Paul Prudhomme, Head of Threat Intelligence Advisory, IntSights

  • Many breaches of enterprise networks begin with one actor or a group of actors initiating a breach but later transferring that unauthorized access to buyers on criminal forums. This transfer of access can create discontinuity in tools, infrastructure, and TTPs that network security teams can observe. Delays in transferring access may also create opportunities for network defenders to detect the breach and stop the intrusion before it progresses further
  • Understand means by which criminals transfer network access to criminal buyers, such as VPNs, web shells, or RDP credentials
  • Typical use cases for transferring network access to other criminals, particularly the deployment of ransomware and examples of targets of and prices for network access on sale on criminal forums
  • Discussion of why criminals often sell their access to third parties, rather than monetizing it themselves
15:00 - 15:30 SGT

► Education Seminars 3

Delegates will be able to choose from a range of topics

  • Supercharge your Security Telemetry with Chronicle, Alvin Lung, Customer Engineer, Google Cloud Security
  • File Upload Security, Raymond Lim, Regional Manager, ASEAN & South Asia, OPSWAT & Laxman Gite, VP Solutions, Altisec India
15:30 - 16:00 SGT

Break and Networking 

16:00 - 16:20 SGT

►12 Months of 'New Normals': Tips for Post-Pandemic Security

COVID 19 changed the way we worked, organised and spent our leisure time. Some of these changes will be permanent, some will not. What unites these changes is that the majority of them have led to greater levels of digital infrastructure in work and everyday life. And as security teams know, this means a wider attack surface and a greater level of risk. What can CISOs do to prevent the next big disruption? 

  • Anthony Dayrit, CISO, Allianz Insurance Singapore
  • Capt. Samuel Ng, Ex-Military and Cybersecurity Manager, Major Virtual Bank
  • Izzat Aziz, AVP Technology Risk Management, CIMB
  • Antonius Ruslan, Head of IT & Technology Risk Management, AIA Financial Indonesia 


16:20 - 16:40 SGT

► Good Instinct, Plain English: The New Paradigm for the CISO

Jane Corr, CISO, Great West Life Europe

  • How do you communicate in plain English to people with little understanding of cyber-risk?
  • It's not about communicating zero risk; it's about being realistic with risk
  • Reorienting security - communication and collaboration


16:40 - 17:00 SGT

► Delegates will be able to choose from a range of topics:

Cybersecurity and Data Protection in Asia -  Legal Update 2021

Bryan Tan, Partner, Pinsent Masons LLP 

  • There has been no outbreak of cybersecurity nor any malware vaccine in 2021. Instead, the instances of breaches and cybercrime have continued their relentless march
  • How have laws evolved in Asia?
  • How are regulators responding? 
  • What does it mean for companies in Asia?
  • Get updated for this fast evolving area in APAC


Stories from the Front lines: Negotiating with a Ransomware Criminal 

Moty Cristal, CEO, NEST, and Gal Messinger, Global Head of Security, Signify

  • Mistakes are an essential element in managing any human crisis, let alone in ransomware and cyber extortion incidents
  • Based on years of operational experience in cyber crises, and using a variety of real life examples, this session will present the common mistakes made during ransomware crises and how to prevent them
  • Hear first hand experiences in successfully negotiating with ransomware criminals 
17:00 - 17:30 SGT

Closing Remarks and Networking Break 

17:30 SGT

Conference Close 

Education seminars

Warning: Cyber Attacks Ahead, What's Your Cybersecurity Strategy?

Harish Sekar, Senior Technical Evangelist, ManageEngine

The job of IT admins and IT security analysts are, some of the most important jobs in any company. They are expected to know everything; get little praise when things run well and are first in the firing line when things go wrong. Most of them are self-taught and have learned on-the-job. Experience has battle-hardened them but the pressure to ensure the security of a rapidly evolving IT and OT infrastructure remains high. In this session you will learn tips and tricks on how to bolster your cybersecurity and how to enable virtual cameras through effective log management techniques

  • Understanding the attack surface – how ML and AI can detect internal and external attacks
  • How to secure your infrastructure and the need for SOAR
  • Importance of data security and the need for DLP​ 

Preventing the Next SolarWinds Breach: What *You*Need to Know About SASE

Jonathan Andresen, Senior Director, Marketing & Products, Asia Pacific & Japan, Bitglass

Cyberattacks such as the recent SolarWinds breach demonstrate how cybercrime is shifting focus to cloud services. At the same time, Gartner predicts that almost half of companies will shift their cloud and network security to a SASE architecture (Secure Access Service Edge) in the next few years.  But is this the right approach? How does it improve privacy, compliance and data protection?

While there is no single industry standard view on SASE or how to protect sensitive data, there are foundational elements that every security leader should consider when planning for 2H 2021 and beyond. 

Join this exclusive talk to learn how you can get started with SASE, including: 

  • The three major pillars of SASE architecture and why they matter
  • The economics of data breaches vs. SASE
  • Common SASE industry use cases
  • Practical advice for implementing SASE in your organization.

Threat intelligence without context is just noise

Vicente Diaz, Threat Intelligence Strategist, Google Cloud Security 

Threat intelligence is widely adopted as part of any security strategy. Unfortunately, many times it does not provide the expected results. Join this session to learn from VirusTotal experts about common use cases, mistakes to avoid, and important factors to consider when building out your threat intelligence capabilities.  

  • Alert prioritization and addressing alert fatigue
  • Incident response and forensic analysis
  • APT investigation and research

Supercharge your security telemetry with Chronicle

Alvin Lung, Customer Engineer, Google Cloud Security

Organizations are rapidly shifting their business models and corresponding technology environments to quickly respond to this new digital transformation era. Some of these challenges include data collection, analysis, and decisioning, all while the attack surface continues to grow. With an expanding attack surface, a shortage of security talent, and an overwhelming amount of  alerts, security teams need tools and strategies to modernize their SOC. Chronicle helps make enterprise security data - like EDR, firewall, VPN, DNS, and web proxy telemetry - useful right away for threat detection, response, and hunting. Join this session to learn about the unique components of the Chronicle security analytics platform that enable security teams to supercharge their security telemetry.

  • Retain all your security telemetry at Google scale, and interrogate it at Google speed.
  • Enhance your detection & response techniques with global visibility and automated best in class ML/AI.
  • Quickly adapt to major emerging threats

File Upload Security

Raymond Lim, Regional Manager, ASEAN & South Asia, OPSWAT & Laxman Gite, VP Solutions, Altisec India

File uploads are essential for the effective functioning of an organization and are needed for collaboration between an organization’s workforce and for user productivity. They are a critical ingredient of most web applications and services. However, they represent a significant security risk since cybercriminals can compromise your servers or your entire system by uploading malicious files.

In this session, you will learn about the different technologies you can deploy to secure your organizations resources from such malicious file uploads.

  • Deep CDR
  • Multiscanning
  • Proactive DLP

Unified Policy Management Playbook - Story of Visibility, Automation & Integration

Shikwang Jang, Regional Director, Firemon

Due to increased and consistent technological development, the 'Complexity Gap' that exists in network security continues to expand with no end in sight. Join Firemon for this technical education session, in which the key problems related to managing your security policies will be explored: 

  • The costliest threat to IT and business continuity is not 'breach' but 'Approved Changes'
  • Visibility gap - you can't protect what you can't EASILY see
  • How can 'unified policy management' help close enterprise's process automation circle