Agenda

08:00 - 08:55

Login and networking

08:55 - 09:00

Chairman’s welcome

09:00 - 09:20

► The changing role of the CISO: risks and rewards

Illyas Kooliyankal, Chief Information Security Officer, Abu Dhabi Islamic Bank

  • It has never been more important for security teams to understand and support the business, how should CISOs adapt?
  • Digital transformation has increased the risk appetite of many organisations, what does this mean for your security strategy
  • Empowering your security teams: How to equip your team for the rise of AI and Big Data
  • Monitoring and access management for data-centric security
09:20 - 09:40

► Reducing time to containment: THE security priority

Jan Tietze, Director Security Strategy EMEA, SentinelOne

With limited resources, an ever-growing skills gap and an escalating volume of security alerts, organisations are left vulnerable to what is perceived to be unavoidable risk. 

This environment is demanding more of already resource-constrained CISOs. In this keynote we will be discussing how automation can help to:

  • Drastically reduce the amount of uninvestigated and unresolved alerts
  • Automate time-consuming investigations and remediate well-known threats
  • Act as a force multiplier for resource-constrained security teams
09:40 - 10:00

► UPM: Empowering a remote workforce and improving your security posture with Universal Privilege Management 

Karl Lankford, Director Solutions Engineering, BeyondTrust

  • The new normal of a remote workforce has changed the threat model of the organisation overnight. 
  • Join this session and learn: 
    • Considerations for a secure remote working environment 
    • How to balance remote workers security and productivity 
    • Recommendations to support a remote workforce with a PAM solution

 

10:00 - 10:20

► Cybersecurity Governance in the New Normal

Majed Alshodari, CISO, Allied Cooperative Insurance Group

  • The COVID-19 pandemic has changed the risk tolerance of many businesses: how to adapt the cybersecurity policies and procedures to suit changing business norms
  • Onboarding new technologies and minimising the security risks of the virtual collaboration tools
  • Developing an effective communication strategy with the board to embed cybersecurity into the business
  • Optimizing and embedding the Information Security into the New era of emerging technologies and Digital Business Transformation. 
10:20 - 10:50

► Education Seminars Session 1

Delegates will be able to choose from the following education seminars:

  • You get what you pay for – Cybercriminal operations in the Middle East underground economy, Abdelkader Cornelius, Threat Intelligence Analyst, Recorded Future

  • Transition to Offensive Security Testing with Crowdsourcing, Ron Peeters, Vice President Middle East and Emerging Markets, Synack

  • Case studies in integrity: Why small changes keep causing big breaches, and how to stop it, Dave Meltzer, CTO, Tripwire

10:50 - 11:20

Networking break

11:20 - 11:40

► Security for the truly digital business

Shahab Siddiqui, Global Head of Cyber Security, Petrofac

  • The acceleration of digitalisation has changed the threat landscape: threat actors are on the rise in the Middle East and attackers are exploiting new attack vectors, how can organisations defend against these changing threats? 
  • Managing insider threats and access management in the remote digital workplace 
  • Cloud vs. on-premise: finding the right balance for your business and addressing the security challenges.
11:40 - 12:00

► Going Beyond Malware – Stopping “Living Off the Land” attackers in their tracks

Roland Daccache, Team Leader – Sales Engineering, Crowdstrike

In this session, learn about:

  • Evolution of sophisticated attacks to evade detection
  • The behavioral indicators of an advanced intrusion
  • Analysis of well-crafted Hands-on-Keyboard Attacks
  • Technology advancements and the use of AI in detecting and stopping “Living-Off-The-Land” Intrusions
12:00 - 12:20

► The Changing Face of Global Cybercrime: Insights & Solutions

Dan Holmes, Solutions Director EMEA, Lexis Nexis Risk Solutions

  • A deep dive into cybercrime trends and how fraudsters have continued to adapt, evolve and pivot attacks in a fast-evolving global landscape.
  • The impact of COVID-19 on both digital events and behaviour, as well as fraud.
  • Hear insights on how seemingly unrelated fraud networks can be connected together using Digital Identity.
12:20 - 12:40

►Offensive AI vs. Defensive AI: Battle of the Algorithms

Romit Gupta, Cyber Security Account Director, Darktrace

  • Paradigm shifts in the cyber landscape: The emergence of AI-enhanced malware is making cyber-attacks exponentially more dangerous and harder to identify.  In the near future, we will begin to see supercharged, AI-powered cyber-attacks leveraged at scale. 
  • To protect against Offensive AI attacks, organizations are turning to defensive cyber AI, which can identify and neutralize emerging malicious activity, no matter when, or where, it strikes.
  • Learn about the Immune System Approach to cyber security and defensive, and Autonomous Response capabilities 
  • We will explore real-world examples of emerging threats that were stopped with Cyber AI
12:40 - 13:10

► Education Seminars Session 2

Delegates will be able to choose from the following education seminars:

  • Calculating ROI for Security: Why This Is So Difficult? Do You Need It? Ilia Sotnikov Vice President of Product Management, Netwrix Corporation

  • Manual File Carving for DFIR Practitioners,Tomas Evans, Technical Security Specialist and Trainer, Protection Group International

  • Design Thinking and Zero Trust Architecture: Key to Strong Cybersecurity PostureAnil Bhandari, Chief Mentor & Thought Leader, ARCON
13:10 - 14:10

Lunch and networking break

14:10 - 14:30

► A new vision: NEOM as a cybersecurity utopia 

Mike Loginov, CISO & CPO Executive Director, NEOM

  • Managing the complex ecosystems of smart megacities: increased connectivity = increased risks
  • Developing operational technologies with security built-in to thwart attacks 
  • Mobilizing cybersecurity skills to ensure security teams adapt and keep up with the changing security landscape
  • How NEOM is developing an intelligent and reliable security system from the ground-up 
14:30 - 14:50

► Stack Rationalization – Gaining the Decisive Advantage

Craig Harber, Chief Operating Officer, Fidelis Cybersecurity

  • Ensuring continuous real time visibility of managed and unmanaged assets
  • Building threat driven operations
  • Shaping the adversary experience to build your advantage
  • Building proactive, protective, predictive, retrospective and reactive defense capabilities
14:50 - 15:10

► From On-prem to The Cloud, Securing Email System is Still a Top Priority

Hani Abdul Qader, Systems Engineer, TrendMicro

  • Traditional Email System Security challenges migrated with it to the Cloud.
  • New challenges/tweaks are on the rise.
  • Adapting comprehensive multilayered protection, detection, and response is the solution​
15:10 - 15:30

► Executive Panel Discussion: A New Beginning: Cybersecurity and the Acceleration of Digital transformation

Many organisations in the Middle East are making significant in-roads into their digital transformation journey. In recent years, big data analytics, IoT, AI and Cloud have been readily welcomed as organisations come to terms with the long-term value of digital initiatives. For many organisations, the recent COVID-19 crisis has changed digital transformation priorities as businesses have been forced to operate entirely online and this rapid, unplanned digitalisation has increased the risk and impact of cyberattacks. So as digitalisation accelerates, how should cybersecurity adapt?

  • Mohamad Mahjoub, CISO Middle East, Veolia 
  • Abubakar Latif, Director of Cyber Security, BNET - Bahrain Network
  • Ahmed Nabil, Regional Senior Information Security and Risk Manager, Leading International Financial Institution
15:30 - 16:00

Networking break

16:00 - 16:20

► 2020 Strategies for Effective Security Team Management

Ed Sleiman, Head of Information Security, King Abdullah University of Science and Technology (KAUST)

  • Addressing the cybersecurity talent shortage - what methods should we be implementing to hire and maintain talent within security teams? 
  • How to strike the balance between your people and technology/automation to address security risks – can they be successfully combined?
  • Information security teams need unfettered remote access to the most sensitive systems and information - are they the weakest link? How to ensure they're not hacked when operating remotely.
16:20 - 16:40

► The effects of COVID-19 on cybercrime and online fraud 

Hossam Nabil Elshenraki, Associate Professor, Dubai Police Academy

  • The new wave of cyber scams and new criminal methods during COVID-19 
  • How cybercriminals have adapted to a changing world: targeting online schooling and remote workers
  • Case studies from police operations
16:40 - 17:00

►Incorporating cybersecurity into digital innovation projects from the get-go

Saqib Chaudhry, Head of Digital Innovation and Development, Cleveland Clinic Abu Dhabi

  • Medical innovation at CCAD: how innovation is transforming the healthcare industry
  • Ensuring digital innovation and cybersecurity are partners in developing projects from the beginning 
  • Implementing effective risk management into digital innovation projects 
  • Actioning a cybersecurity strategy that supports and enables the business’ transformation goals
17:00 - 17:30

Networking break

17:30

Conference Close

Education seminars


Transition to Offensive Security Testing with Crowdsourcing


Ron Peeters, Vice President Middle East and Emerging Markets, Synack

Although you might have a sense of security that you are well protected, increasingly sophisticated cyber attacks can easily breach your most important web and mobile applications and networks, demonstrating that vulnerability scanners and traditional pen testing are no longer good enough to find many of these exploitable breach points. 

In this session you’ll learn:

  • About a next generation security testing platform incorporating advanced, offensive and adversarial security testing with artificial intelligence
  • How one of the world’s most elite hacking teams of over 1,500 international, top-class security researchers can be virtually deployed at short notice
  • Why deploying teams of top security experts on your IT Assets will typically lead to finding serious exploits in a matter of hours or days
  • Of use cases and POCs performed at customers in the Middle East (UAE/Saudi Arabia).​

You get what you pay for – Cybercriminal operations in the Middle East underground economy


Abdelkader Cornelius, Threat Intelligence Analyst, Recorded Future

In our digital age, companies that transact business online find their data targeted by various forms of cyber fraud.  These cyber-fraud products and access broker services can be bought and rented freely on the Dark Web with ease.  This is fuelling sophisticated payment systems on the underground economy in the Middle East.

During this session, we will cover: 

  • Exclusive access to live threat intelligence feeds from the region
  • A detailed review of some of the methods being used in the underground economy 
  • How to use Security Intelligence to defend your organisation

Calculating ROI for Security: Why This Is So Difficult? Do You Need It?


Ilia Sotnikov Vice President of Product Management, Netwrix Corporation

The ongoing stream of data leaks and other breaches of consumer trust is a top concern for executives at organisations around the world. To make sound decisions about cybersecurity strategy, especially during challenging times like these, when budgets are tight, they need accurate assessments of the effectiveness of proposed security investments. However, providing those estimates of ROI can be extremely difficult for CISOs, who often struggle to quantify the expected impact of security measures.

Join us for this educational session and learn:

  • What are the 4 key benefits of a security investment 
  • How to effectively communicate the value of cybersecurity investment to senior decision makers 
  • How to convince executives to make data security investments right now

Case studies in integrity: Why small changes keep causing big breaches, and how to stop it


Dave Meltzer, CTO, Tripwire

Misconfigurations and inadequate change control are consistently cited as a top cause of breaches – whether its within traditional IT data centers, in the cloud, or on factory floors.  This is not the inevitable result of the increasing pace of change and sprawl of infrastructure, but it is an indication that for many organizations, changes are outpacing the security team’s ability to monitor and respond to risks they pose.  During this session, you will hear Tripwire’s CTO share his experience working with leading companies around the world and learn:

  • Case studies in how integrity is being managed in security programs from leading companies in financial services, telecommunications, and energy sectors around the world
  • Attributes of effective integrity assurance programs
  • How to evaluate the maturity of your existing program
  • How to get started with a new integrity program, or take your current one to the next level of maturity
  • The benefits for security, IT operations, and compliance from running an effective integrity program

Manual File Carving for DFIR Practitioners.


Tomas Evans, Technical Security Specialist and Trainer, Protection Group International

This is a technical cybersecurity skills module from PGI's 5 day UK Government Certified Digital Forensics and Incident Response Practitioner course which can be taken as preparation for the CREST Registered Intrusion Analyst certification. The module is designed to explain how the Wireshark extraction tool works and how to deal with tool failures by performing the same task manually. PGI’s technical skills training is designed to ensure that UK government certified cyber professionals understand how and when to use tools, and also know what the tools are doing for them, and how to deal with tool failures by reverting to first principles. This is especially important in the unpredictable and complex field of DFIR where the unexpected is expected.

In this session you will learn:

  • When and how to use Wireshark to perform extraction of image files from a packet capture file using the automated capabilities of the tool
  • How to extract the transferred assets manually;
  • How to save out the raw conversation
  • How to edit the transfer with a hex editor.

Design Thinking and Zero Trust Architecture


Anil Bhandari, Chief Mentor & Thought Leader, ARCON

Absence or poor privileged access control policy and user authorization mechanism results in employees accessing resources, applications or critical systems that they are not supposed to access. This is a major and serious loophole organizations leave in the remote IT infrastructure where the malicious actors misuse it by compromising privileged accounts and siphoning off confidential information. ARCON Mentor Anil Bhandari breaks down Design Thinking and Zero Trust Architecture framework. 

  • Spectrum of Cybersecurity
  • Principles of Design Thinking
  • Identity Management
  • Remote Access Management 
  • Maintaining Low Friction High Security and much more