 |
|
19 May 2017, Friday • 8:30am - 3:10pm
Conrad Hotel, Hong Kong |
 |
|
|
|
|
Agenda |
| |
|
08:30 - 09:00 |
Registration & Showcase Visit |
|
|
09:00 - 09:10 |
Opening Remarks
Carrie Leung
CEO, The Hong Kong Institute of Bankers |
|
|
09:10 - 09:20 |
Opening Keynote
Dr. Henry Chang
Senior Manager, Fintech Facilitation Office, Hong Kong Monetary Authority |
|
|
09:20 - 09:45 |
Keynote One
Ace Your Cyber Defence with Expertise, Intelligence and Technology
The pace of digitisation and mobilisation is accelerating. As governments and enterprises seek new ways to serve their citizens and customers, they are transforming their business models for greater efficiency and better customer experiences. This not only creates new and exciting business opportunities, but also spawns new threat landscapes in the cyber security space.
The new generation of cyber threats requires a fundamentally new approach to cyber defence. There is a need to have a comprehensive strategy which includes expertise, intelligence and technology to boost cyber protection. In this session, David will share the latest cyber security war stories and tips on how to ace your cyber defence strategy.
David Mclinton
Head, Asia Pacific Operations, Cyber Security, Group Enterprise, Singtel |
|
|
09:45 - 10:10 |
Keynote Two
BitSight Security Ratings
Serene Siow
Regional Director, Asia Pacific & Japan, BitSight Technologies
|
|
|
10:10 - 10:35 |
Keynote Three
Stay Ahead Of Growing Security Risks and Compliance Missteps
The Cybersecurity Fortification Initiative (CFI) by HKMA will require banks to assess and improve their resiliency to cyber attacks, and already, banks are feeling the pressure to quickly assess their risk exposure and maturity level. In this presentation, Michael will share how banks can complete the Cyber Resilience Assessment Framework (C-RAF) and address the immediate needs for Intelligence-led Cyber Attack Simulation Testing (iCAST), including simulating real-life cyber attacks, and understanding how your people, processes and technology can respond.
Michael Gianarakis
Director, SpiderLabs, Asia-Pacific, Trustwave
|
|
|
10:35 - 10:55 |
Networking Coffee Break & Showcase Visit |
|
|
10:55 - 11:20 |
Keynote Four
Understanding Current Cyber Threats and What to be Done in Next Generation Landscapes
Even though new threats can be detected in security operations centres, the current digital landscape is changing faster than one can imagine. The matter is not just about cyber defence. It is shifting from how enterprises can prevent cyber attacks to how attackers can be located so as to prevent cyber terrorism.
In this session, Michael will share the latest cyber security breaches and how next-generation security platforms can help your enterprise to gain victory in a cyber security war.
Michael Lam
Systems Engineer, Palo Alto Networks
|
|
|
11:20 - 12:00 |
Panel Discussion One
New Security Risks and Challenges for Banks: Gear Up and Be Cyber Ready with C-RAF
Panel Chair:
Paul Jackson
Managing Director, Stroz Friedberg, an AON Company
Executive Panelists:
Gabriel Chan
Head of Information Security, Greater China, ABN AMRO Bank
Ken Baylor
Regional Vice-President, Attivo Networks Inc
Michael Leung
Chief Information & Operations Officer, China CITIC Bank International
David Ong
Regional Director – Asia Pacific Japan, CounterTack
Peter Bullock
Partner, King & Wood Mallesons
|
|
|
12:00 - 13:00 |
Networking Luncheon & Showcase Visit
|
|
|
13:00 - 13:40 |
Panel Discussion Two
New Security Risks and Challenges for Banks: How a Cyber Intelligence Sharing Platform (CISP) Works in Cyber Defence
Panel Chair:
Kenneth Wong
Partner, Risk Assurance - Cybersecurity & Privacy Lead, PwC China and Hong Kong / Asia Pacific
Executive Panelists:
Michael Smith
Chief Technology Officer, Security, APJ, Akamai Technologies
Micky Lo
Chief Technology Risk Officer APAC
Technology Risk Management & Technology Compliance
BNY Mellon
Josiah Lam
Senior Manager, Financial Infrastructure Development, Hong Kong Monetary Authority
Anna Gamvros
Partner & Co-head of Technology & Innovation, Asia, Norton Rose Fulbright, Hong Kong
|
|
|
13:40 - 14:05 |
Keynote Five
Cyber Resiliency: Taking Back Control of the Endpoint
Ivan Lee
Senior Advisory Sales Engineer, Asia, CounterTack
|
|
|
14:05 - 14:20 |
Networking Coffee Break & Showcase Visit
|
|
|
14:20 - 14:45 |
Keynote Six
Hong Kong Web Attack Threat Brief
The Internet of Things and Operational Technology is called the 4th Industrial Revolution by the World Economic Forum and is the pathway to the future. IoT/OT is expected to deliver huge productivity gains and fundamentally change the economy over the next 5 years. And yet, for the past 6 months it seems like all we hear about is devices that have “gone rogue”—such as the Mirai botnet—and started attacking things. As a platform for security and delivery, Akamai enables IoT/OT, helps to secure devices, and protects infrastructure from attacking devices. During this talk, we’ll take a balanced approach to the strange confusion of expectations, responsibilities, and failures around IoT/OT.
- Device connectivity models
- Responsibilities for device manufacturers, consumers, and ISPs
- How the basics of security still apply but at a different scale
- Dealing with devices gone bad
Michael Smith
Chief Technology Officer, Security, APJ, Akamai Technologies
|
|
|
14:45 - 15:10 |
Keynote Seven
ASTRI Security Lab and Cyber Intelligence Sharing Platform (CISP)
Due to a rising number of cyber attacks, the Hong Kong Monetary Authority (HKMA) has launched the “Cybersecurity Fortification Initiative”, which is aimed at enhancing the cyber resilience of the banking sector in Hong Kong. Cyber Intelligence Sharing Platform (CISP) – one of the spotlights for CFI, is currently facing several challenges that limits on how banking sectors can better prepare for this initiative and leverage the platform in cyber defence.
In this session, Scottie will share the latest moves of ASTRI, updates on the current development of CISP, and give you a live demonstration on CISP.
Scottie Tse
Principal Engineer, ASTRI Security Lab
Hong Kong Applied Science and Technology Research Institute Company Limited (ASTRI)
|
|
Move to top  |
|
|
|
|
|
Speaker's Profile |
|
|
 |
Carrie Leung
CEO
The Hong Kong Institute of Bankers
|
|
|
 |
Gabriel Chan
Head of Information Security, Greater China
ABN AMRO Bank
Gabriel has over 15 years’ experience in cyber security and technology risk management, specialising in the banking and financial industry. His current responsibility in ABN AMRO is to manage the information security risk exposure in the Greater China region, including the security control governance, risk assessment, information security risk management and cyber threat response. Prior to his current role, Gabriel served as the cyber forensic investigator for Bank of America Merrill Lynch and before that he was the regional lead of the ethical hacking team for JP Morgan. Gabriel first started his career as a system and network specialist in Bank of China (HK).
Gabriel received a Master of Computer Science from University of Hong Kong. He is a Certified Information System Security Professional (CISSP) since 2001, and is also certified in other security area such as computer hacking, digital forensic and information security management. |
|
|
 |
Michael Smith
Chief Technology Officer, Security, APJ
Akamai Technologies
Michael Smith is Akamai’s Chief Technology Officer for Security in APJ and is responsible for supporting sales, professional services, operations, product management, and marketing across Akamai’s security solutions portfolio.
Previously, Michael was the Founder and Director of Akamai’s Customer Security Incident Response Team, responsible for leading a team of web security incident responders and researchers that study the tactics, techniques, and procedures of web attackers and apply that knowledge to help protect Akamai customers during events such as site defacements, data breaches, and distributed denial of service.
Prior to CSIRT, Michael served as Akamai's Security Evangelist and as the customer-facing ambassador for the Information Security Team, helping customers to understand both the internal security program and the unique security features and capabilities of the Akamai product portfolio and cloud-based solutions.
|
|
|
 |
Scottie Tse
Principal Engineer, ASTRI Security Lab
Hong Kong Applied Science and Technology Research Institute Company Limited (ASTRI)
Mr. Tse is the person in charge of ASTRI Security Lab (ASL) and responsible for the Cyber Intelligence Sharing Platform that built for all licensed member banks in Hong Kong. To inherit the innovation spirit of ASL, he continued to establish the environment to incubate security talents focusing on malware analysis, exploit development, and cryptanalysis. He has been serving the industry as a fulltime security consultant and researcher for 7 years before joining ASTRI.
He was a technical geek who enjoy conducting security assessment against enterprise networks. Manipulate with a wide range of system from application to OS layer as well as those “Next Generation” technologies.
Before being a security consultants, Mr. Tse had been a mphil student focusing on state-of-the-art attack and defence on web application and data mining. During his research, he discovered various 0 day attacks in a widely adopted open source webmail platform which enabled an attacker to inject malicious scripts through URL on the webmail page. He had also developed a Trusted Notification System aimed to alleviate the impact on client side attacks against banking system.
He also worked as a teaching assistant and guest speaker for universities and security conferences during his spare time. He holds tutorials and demonstrations on secure programming best practice, penetration testing methodology, practical wireless hacking techniques, and etc.
|
|
|
 |
Ken Baylor
Regional Vice-President
Attivo Networks Inc
Dr. Ken Baylor is Regional VP for Attivo Networks and president of the Vendor Security Alliance, an alliance of leading global companies to simplify and expedite selection of vendors with strong cybersecurity practices. He has more than 20 years of leadership experience in security, compliance and privacy. He has led security and privacy teams at Symantec, McAfee, Uber, Pivotal and Wells Fargo. He is a certified data protection officer and security professional. He possesses a Law degree, MBA and Ph.D.
|
|
|
 |
Serene Siow
Regional Director, Asia Pacific & Japan,
BitSight Technologies
Serene Siow has close to 20 years experience in the Asia Pacific IT Industry. As current Regional Director of BitSight, she is responsible for driving sales, establishing channel relationships and growing Asia Pacific and Japan’s customer base.
Prior to her current role, Serene held leadership positions including Managing Director, Singapore, at established global Value-added distributor – Exclusive Networks. During her tenure at Exclusive Networks, Serene was responsible for partnering with market leading and emerging vendors that provide cybersecurity, networking and infrastructure technologies through a channel of resellers in Singapore. She established, managed and evolved strategic partnerships with reputable System Integrators and resellers, to ensure exponential growth in sales.
|
|
|
 |
Micky Lo
Chief Technology Risk Officer APAC
Technology Risk Management & Technology Compliance
BNY Mellon
Over 20 years of IT experience in Financial Service Industry that spans across a diversified IT management disciplines including regional and location management, IT and security architecture, distributed computing engineering, technology infrastructure operation, outsourcing/in-sourcing management, IT risk management and technology audit.
Specialties: Information and resilience risk management skills, technical architecture, IT service delivery, Data Center Operation Management, IT products engineering, people management, IT regulation, six sigma project management, negotiation and influence skills, IT process re-engineering.
|
|
|
 |
Michael Leung
Chief Information & Operations Officer
China CITIC Bank International
Michael Leung was appointed Chief Information & Operations Officer of China CITIC Bank International in December 2013. In this capacity, he manages the Bank’s information technology, operations and innovative banking teams towards enhancing service quality and operational efficiency, and at the same time serves as a key member of the Bank's Management Committee looking after a wide range of functions.
Michael studied at the Chinese University of HK, and obtained his Master’s degree in Electronic Engineering from The Netherlands, all on scholarships. Throughout his over 30 years careers he had attended many executive training in London Business School, Sloan School of Management, among others, and gained a Graduate Diploma in Bank Management from the University of Virginia.
Michael is a Fellow and President of the HK Computer Society, Vice Chair of the CIO Board, a Fellow of the HK Institute of Directors, an Exco Member of the HK Institute of Bankers, Chair of the IS Departmental Advisory Committee of CityU, Chairman of the HK Down Syndrome Association and head of its Finance Committee. Separately, Michael has chaired many QF accreditation panels for the HKCAAVQ in the past years.
|
|
|
 |
Ivan Lee
Senior Advisory Sales Engineer, Asia
CounterTack
Ivan Lee has significant experience in Cyber Security and Forensics over 25 years. He is an extraordinary cyber security advisory who has garnered respect from customers, colleagues and partners in Cyber Security sectors. He is always providing excellent security advisories to the people that is simply, logically and easy to understand. He is currently responsible for leading CounterTack Sales Engineer Team in Asia.
Prior to joining CounterTack, Ivan was working in RSA for 9 years as Advisory Technology Consultant and based in Singapore. His role was to cover Advanced Security Operation Centre Products and drives Threat Detection Response line of business across Asia and Japan.
Before joining RSA, Ivan was a Senior Manager with CSC, managing a Security Consultancy team 10 years. The Security Consultancy Team was focus on security services outsourcing, covering north Asia.
|
|
|
 |
David Ong
Regional Director – Asia Pacific Japan
CounterTack
David Ong is responsible for driving CounterTack’s Asia Pacific Japan sales and revenue growth; and channel development. With more than 20 years of consultative sales, presales and delivery experience in Security, David brings a track record of success in sales management, business development and professional services leadership.
David has held advisory and leadership positions in all customer facing roles from early start-up environments through Fortune 500 companies such as Verizon Business; Hewlett Packard Enterprise Services and RSA – The Security Division of EMC (acquired by Dell).
He began his career as an engineer, acquired his CCIE from Cisco San Jose and earned his Master in IT Management from University of Wollongong.
|
|
|
 |
Dr. Henry Chang
Senior Manager, Fintech Facilitation Office
Hong Kong Monetary Authority
Dr. Henry Chang is a Senior Manager at the Fintech Facilitation Office of the Hong Kong Monetary Authority helping to facilitate the healthy development of the fintech ecosystem in Hong Kong and to promote Hong Kong as a fintech hub in Asia.
Before joining the HKMA, Henry was the IT Advisor at the Office of the Privacy Commissioner for Personal Data advising the Privacy Commissioner and his office on technological developments and their impacts on privacy.
Henry’s past experience also includes being the head of spam regulation in Hong Kong’s telecommunications authority helping the drafting of the Unsolicited Electronic Messages Ordinance, and the establishment of the Hong Kong Do Not Call registers.
Henry is a fellow of the British Computer Society and a Chartered Engineer. He is also an adjunct associate professor at the Law and Technology Centre at the University of Hong Kong.
|
|
|
 |
Josiah Lam
Senior Manager, Financial Infrastructure Development
Hong Kong Monetary Authority
Josiah’s major responsibility is to promote cyber resilience and new financial technology development in the banking sector.
Prior to the HKMA, Josiah has worked in JPMorgan Chase. He was the AP Regional Lead of the Technical Risk Management and the subject matter expert in the Identity & Access Management and cryptography. During his tenure, he received the HK IT Excellence Award in 2001 and two US Patents.
Josiah is a Fellow of Certified Public Accountant (FCPA) of HKICPA and a Fellow of Association of Chartered Certified Accountants UK (FCCA), a Certified Information System Manager (CISM) and a Certified Information Systems Security Architecture Professional (CISSP-ISSAP).
He has a Master of Business Administration degree and Master of Science degree in Financial Analysis from the HK University of Science and Technology.
|
|
|
 |
Peter Bullock
Partner
King & Wood Mallesons
Peter Bullock is a partner in the Hong Kong office of King & Wood Mallesons working in the Dispute Resolution team. He advises on regulatory areas such as cyber risks, data law, FinTech and the digital economy, as well as employment and competition law matters. Peter handles sourcing, licensing and IP exploitation and enforcement assignments.
Peter’s background is in risk management and litigation, for clients in the IT and telecommunications sectors. He acts for major information technology and telecommunications brands and for investors in and users of TMT systems and services.
He has conducted various arbitrations, litigation, public inquiries and mediation in relation to some of the largest information systems and telecommunications projects in Hong Kong and overseas.
Peter has been recognised as a leading lawyer in Technology, Media and Telecommunications in Asia Pacific Legal 500 since 2002 and in Chambers since 1996.
|
|
|
 |
Anna Gamvros
Partner & Co-head of Technology & Innovation, Asia
Norton Rose Fulbright, Hong Kong
Anna Gamvros is a technology and data protection partner based in Hong Kong.
Anna is co-author to Internet Law in Hong Kong published by Sweet & Maxwell and is recognised in the Legal 500 and Chambers Asia as a leading individual for her expertise in the area of technology and data protection, in particular for her "extensive IT transactional work" and experience across a number of industries, notably with retail and luxury brands.
Anna's practice focuses primarily on technology and communications related issues. She advises clients on licensing and technology agreements, outsourcing, privacy and data protection, and telecommunications and Internet regulatory issues. She has been located in Hong Kong for the last 15 years and has assisted clients with Hong Kong and China based projects, as well as having a wealth of experience in multi-jurisdictional projects, particularly in implementing e-commerce and data management projects in Asia.
Anna is the Chair of the International Association of Privacy Professionals (IAPP) KnowledgeNet Chapter in Hong Kong and sits on the IAPP Asia Advisory Board. She is a Fellow of Information Privacy with the IAPP and holds the CIPT and CIPP/Asia certifications. She is admitted as a solicitor in Queensland, Australia and Hong Kong.
|
|
|
 |
Michael Lam
Systems Engineer
Palo Alto Networks
As the Systems Engineer in Palo Alto Networks for over 3 years, Michael Lam carried out solutions consultancy and best practice on cybersecurity in his territory. Michael Lam has over 19 years of work experience in network security, endpoint security, e-mail security, data loss prevention, SIEM and MSSP. Michael Lam is also an active speaker in various events and workshops.
|
|
|
 |
Kenneth Wong
Partner, Risk Assurance - Cybersecurity & Privacy Lead
PwC China and Hong Kong / Asia Pacific
Kenneth is a Partner in PwC’s Cybersecurity & Privacy practice and our China/Hong Kong and Asia Pacific Risk Assurance Cybersecurity & Privacy practice leader. Kenneth has over 20 years of experience working in Australia, Hong Kong and mainland China in providing a wide range of assurance and advisory services ranging from Cyber and IT security, IT strategy and governance, IT and operational risk management, regulatory advisory services to a wide range of multi-national, local and public sector organisations.
Kenneth is also actively involved in professional organisations. He is currently Secretary and Vice President of the Information Systems Audit & Control Association (China Hong Kong Chapter), a member of the IT Interest Group of the Hong Kong Institute of Certified Public Accountants and a committee member of the HKPKI Forum. Kenneth has designations in Certified Public Accountants (CPA), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and Certified Information Systems Security Professional (CISSP).
|
|
|
 |
David Mclinton
Head, Asia Pacific Operations, Cyber Security, Group Enterprise
Singtel
As a financial and telecommunications services technology risk, regulatory and security leader, David provides thought leadership and policy perspectives on a myriad of information security issues affecting global organisations. David has over 25 years of experience spanning Information risk management, security engineering and operations, customer security and telecommunications consulting in companies such as Standard Chartered, MCI WorldCom and Cable & Wireless.
David joined Singtel from JP Morgan Chase, where he was the Chief Information Security Officer for Asia Pacific and Latin America. He was principally responsible for managing large virtual teams, fostering close relationships with key clients, business partners and regulatory bodies across Asia Pacific, and evolving the firm’s cyber security agenda and risk and control environment.
David has a proven and successful track record in developing, managing and overseeing firm-wide security programmes, budgets and strategies, establishing a security operations centre from ground up to provide robust security monitoring and management services, and fostering and strengthening relationships with clients, business partners and regulatory bodies.
|
|
|
 |
Paul Jackson
Managing Director, Stroz Friedberg, an AON Company
Paul Jackson is a Hong Kong-based Managing Director for Stroz Friedberg. With over 25 years experience working in the financial and cyber security industries, law enforcement and the legal community within Asia, Mr. Jackson has built a global reputation as a leader in digital forensics, breach investigations, crimes against financial institutions, online fraud, insider threat and investigative eDiscovery.
Prior to joining Stroz Friedberg, Mr. Jackson spent five years at JPMorgan Chase where he held two key roles. Initially hired as the Asia Pacific head of investigations based in Hong Kong, he relocated to the New York area in 2012 to head the global high tech investigations team where he was responsible for rebuilding the forensic infrastructure, hiring a large team of experts and designing the policies and procedures as well as the evidence management systems. He was also instrumental in developing the internal capacity to combat online fraud and organised crime activities against the firm and customers as well as working on the insider threat program.
Before joining JPMorgan, Mr. Jackson held a senior position in the Hong Kong Police Force for nearly 22 years. He worked in technology related policing from 1996 and was instrumental in the founding of the Technology Crime Division in 2001. Mr. Jackson pioneered many of the techniques used in law enforcement for digital forensics and cyber investigation/intelligence, and also developed forensic lab standards which have been used by law enforcement throughout the world. He also individually authored and facilitated four 2-week training programs for the HK Police College in digital forensics, network forensics, online intelligence and cybercrime investigation. He was engaged by Interpol as the Training Director for courses and capacity building around the Asia Pacific Region and Europe and has personally facilitated training for over 50 different Police Forces.
|
|
|
 |
Michael Gianarakis
Director of SpiderLabs, Asia-Pacific
Trustwave
Michael Gianarakis is the Director of SpiderLabs at Trustwave in the Asia-Pacific region. He oversees the delivery of penetration tests, red team engagements, source code reviews, forensic investigations across the region. Michael has presented at many industry events in the region including Black Hat Asia, Hack In the Box GSEC, OWASP, WHACKon and CrikeyCon. He also runs a chapter of the SecTalks meet up in Queensland, Australia.
|
|
| Move to top |
|
|
 |
|