Singtel Cyber Security Forum 2016


15 November 2016, Tuesday • 8:30am - 4:30pm Hong Kong Convention and Exhibition Centre

	Agenda

	08:30 - 09:00	Registration & Showcase Visit

	09:00 - 09:15	Opening Speech Teddy Ko Country Director, Hong Kong, Global Enterprise Business, Singtel

	09:15 - 09:45	Opening Keynote Can We Outsmart the Hackers? The short answer is YES, but the journey is not an easy one! First, there is a need to understand gaps and vulnerabilities. Next, there has to be awareness of the changing threat landscape as well as practices that other similar enterprises are adopting. Finally, security needs to be made a part of an organisation’s DNA. Gain deeper insights on the threat landscape in Asia; some of the solutions in the region such as regulations, data privacy and information sharing utilities across sectors; and how to prioritise assets for differentiated protection. Harrison Lung Associate Partner, Business Technology Office, McKinsey & Company

	09:45 - 10:15	Keynote One Ace Your Cyber Defence with Expertise, Intelligence and Technology The pace of digitisation and mobilisation is accelerating. As governments and enterprises seek to find new ways to serve their citizens and customers, they are transforming their business models for greater efficiency and better customer experience. This not only creates new and exciting business opportunities, but also spawns new threat landscapes in the cyber security space. The new generation of cyber threats requires a fundamentally new approach to cyber defence. There is a need to have a comprehensive strategy which includes expertise, intelligence and technology to boost cyber security protection. In this session, the speaker will share the latest cyber security war stories and how to ace your cyber defence with a comprehensive strategy. David Mclinton Head, Asia Pacific Operations, Cyber Security, Group Enterprise, Singtel

	10:15 - 10:45	Keynote Two Drive Business Decisions with Security Ratings A recent survey from consulting firm BDO International found that 54% of board directors are more involved in cyber security today than one year ago. As companies continue to face new threats to their information assets, it becomes increasingly important for organisations to answer the fundamental question: Is my organisation secure? While it is impossible to guarantee absolute security, benchmarking performance against peers and industry averages can provide visibility to an organisation’s performance relative to others. This intelligence can be leveraged across the enterprise, from making tactical decisions within the security team to strategic C-level decisions on investments, initiatives and hiring for cyber security. Join us as we share how your business can: • Benchmark security performance: Measure and compare your security performance against your competitors and use it to communicate objectively with your board. • Manage third-party risk: Stay alert to risks across your entire network ecosystem including business partners, vendors and M&A targets. • Underwrite cyber insurance: Assess the security performance of insured companies to reduce underwriting risks and negotiate your own policy. Royston Chng Regional Director, Asia Pacific & Japan, BitSight Technologies

	10:45 - 11:10	Networking Coffee Break & Showcase Visit

	11:10 - 11:40	Keynote Three Stay Ahead of Cyber Threats Every day, a new headline, tweet, or alert appears suddenly, and more often than not, enterprises are forced to be reactive to unforeseen threats. By 2019, the cost of cyber breaches is projected to reach over US$2 Trillion; over 3 Trillion records have been lost since 2013; the consolidated total cost of a data breach is US$4 Million; and the cost per record of a data breach is US$158. Vulnerabilities in applications, databases and networks introduce security weaknesses that can increase your data breach risk. But keeping track of the systems-throughout their lifecycle and evolution-and their associated vulnerabilities can be a monumental challenge. Michael Gianarakis, Director of SpiderLabs, Trustwave will discuss the changing paradigm to keep your organization up to speed, rapidly identify and address security weaknesses. Michael Gianarakis Director of SpiderLabs, Asia-Pacific, Trustwave

	11:40 - 12:10	Keynote Four A Thin Line Between Malicious Insiders and External Attackers Protection from external attackers fails with the weakest point in security, the endpoint, and once the adversary is in, it is a game of resilience and patience. What is the average time an organisation takes to detect that it has been attacked? Too long. According to a number of industry sources, it is well over 200 days. What if we adopted a shift in mindset, from one end of the spectrum where we think something “will happen”, to the other end of the spectrum where we assume that something “has already happened”? Security may also yield better results if we treat all attackers as insiders. Think about this: If you assume that attackers already know our networks’ topology and where our servers and valuable data are, then they may have even obtained the credentials needed to access the data. To make matters worse, once the attackers gain a foothold in the organisation, they have a variety of Windows operating system tools at their disposal that can help them do the rest of the job. Alternatively, they can download some of the publicly available tools (such as psexec). In short, the external attacker is now behaving like a malicious insider. And how do we counter that threat? What information do we need? Where do we look for contextual data? How do we distinguish between malicious and benign activity? This requires a major shift in how you approach security. In this session, we will discuss the impact that malicious insiders can have on an organisation, and how organisational negligence can lead to bad outcomes. Additionally, we will outline five critical signs that you have an insider problem, the role behavioural analysis has in helping you define this threat and how to apply practical steps to better construct your defences. Michael Davis Chief Technology Officer, CounterTack

	12:10 - 12:50	Panel Discussion Actionable Cyber Threat Intelligence to Plan, Respond and Conquer The growing number of hackers is always the hot issue of cyber security. Despite a variety of cybercriminal types, the strategic tactics to prevent and detect these threats are critical to curb any cyber threats. This session will provide actionable cyber threat intelligence, with effective defensive and containment strategies, enterprises can gain deeper insights on how to conquer security threats and challenges, as well as how organisations can improve security posture, at the same time, proactively reduce and avoid exposure to the latest threats. Review the evolving threat landscape and high profile hacks of 2016, how they happened and what you can do to make sure it doesn't happen to your organisation Assess different sources of threat intelligence and discover how to build a threat intelligence capability Determine how to align defences to the threat profile of your organisation Recommend actionable defensive and containment strategies that enhance the cyber resilience of an enterprise Panel Chair: Paul Jackson Managing Director, Stroz Friedberg Executive Panelists: Duncan Wong Vice President, Financial Technologies, ASTRI Paolo Sbuttoni Partner, Baker & McKenzie Michael Lamb Chief Executive Officer, CCW Global Limited Ken Chiu Regional Head of Corporate Security, DuPont Stephen Langley Deputy CIO, Securities and Futures Commission David Mclinton Head, Asia Pacific Operations, Cyber Security, Group Enterprise, Singtel

	12:50 - 13:50	Networking Luncheon & Showcase Visit

	14:00 - 14:30	Keynote Five Securing Your Enterprising Messaging in the Digital World In this fast-paced age of IT, how can we make effective and real-time decision-making in all our business communications? How can we be assured of the integrity and security of all sensitive and confidential work discussions? Boost your enterprise security with NCS OneChat™, a chat application that addresses the importance of security, compliance and ease of integration to the enterprise system. Ng See Sing Head, Portal City Business Application Services , NCS Pte Ltd

	14:30 - 15:00	Keynote Six Joining Forces in Cyber Threat Prevention In today’s increasingly connected digital society, cybersecurity plays a critical role in assuring delivery of mission critical applications and services. However, successfully thwarting today’s sophisticated attacks requires security professionals to leverage technology and processes that deliver automated and prevention-focused outcomes. This session will focus on the role of automation in cybersecurity and how it enables security professionals to regain the advantage in the fight against cyberattacks. During this presentation we will review how cybersecurity strategy has evolved towards automation and prevention, along with demonstrating the technology and processes in action with the perspective of the attacker, end-user, and service provider. Armando Dacal Vice President, Service Providers - Asia Pacific, Palo Alto Networks

	15:00 - 15:15	Networking Coffee Break & Showcase Visit

	15:15 - 15:45	Keynote Seven Debunking Mobile Security Myths Protecting mission-critical data accessed by mobile devices is crucial to businesses both large and small. Yet many organisations struggle to adequately secure their mobile deployments because of a number of misconceptions. This presentation on the most common mobile security myths will provide you facts about mobile security and how best to prevent advanced mobile threats. Dan Tan Mobility Channel Manager, Check Point

	15:45 - 16:15	Keynote Eight Maximise Your Security Investments: Moving to Intel-Led Security Operations The CISO is the general in the war against cyber threats, ultimately responsible for putting together the human and technical resources to protect the enterprise and for placing them on the field of battle. Just as good military intelligence helps generals explain their actions and retain the confidence of their superiors, cyber threat intelligence can help CISOs and other senior IT executives communicate with the CEO and board about the threats facing their enterprise and how the IT organisation is responding. Get the most out of your existing security technology and people investments, by understanding how intelligence can help better detect, investigate and respond to threats. You will also learn how to prioritise security spend, make alerts actionable and identify the business impact. Charles Ho Business Development Manager, Global Solution Providers, APAC, FireEye

	16:15 - 16:30	Lucky Draw

Move to top


	Speaker's Profile

		Harrison Lung Associate Partner, Business Technology Office McKinsey & Company Harrison Lung is an Associate Partner in the Hong Kong Office of McKinsey and Company. Harrison works with C level executives in Asia, particularly CIOs and CTOs, in the areas of IT and network. His recent McKinsey experience mainly focuses on the telecom sector in Asian emerging markets, particularly in the operations and technology domains, leading projects in areas like IT strategy and organization, architecture, application development and maintenance to infrastructure, including cyber and network security. Prior to joining McKinsey, Mr. Lung worked in New York City at the global management and technology consulting firm Accenture, where he advised numerous Fortune 500 and Global 2000 clients in a broad range of industries, with engagements ranging from telecommunications and media, pharmaceuticals, utilities, chemical products and public service, particularly pertaining to mobile technology strategy and solution execution. Before Accenture, Harrison held several assignments in Toronto, Canada. He was an IT architect at Bell Mobility (Canada) and Sprint Canada (now part of Rogers Communications). Mr. Lung received his MBA degree from Cornell University and is a graduate of the University of Waterloo's Bachelor of Applied Science program (Computer Engineering, minor in Management Science). He is also a licensed Professional Engineer (P. Eng.) in the Province of Ontario (Canada).

		Paul Jackson Managing Director, Stroz Friedberg Paul Jackson is a Hong Kong-based Managing Director for Stroz Friedberg. With over 25 years experience working in the financial and cyber security industries, law enforcement and the legal community within Asia, Mr. Jackson has built a global reputation as a leader in digital forensics, breach investigations, crimes against financial institutions, online fraud, insider threat and investigative eDiscovery. Prior to joining Stroz Friedberg, Mr. Jackson spent five years at JPMorgan Chase where he held two key roles. Initially hired as the Asia Pacific head of investigations based in Hong Kong, he relocated to the New York area in 2012 to head the global high tech investigations team where he was responsible for rebuilding the forensic infrastructure, hiring a large team of experts and designing the policies and procedures as well as the evidence management systems. He was also instrumental in developing the internal capacity to combat online fraud and organised crime activities against the firm and customers as well as working on the insider threat program. Before joining JPMorgan, Mr. Jackson held a senior position in the Hong Kong Police Force for nearly 22 years. He worked in technology related policing from 1996 and was instrumental in the founding of the Technology Crime Division in 2001. Mr. Jackson pioneered many of the techniques used in law enforcement for digital forensics and cyber investigation/intelligence, and also developed forensic lab standards which have been used by law enforcement throughout the world. He also individually authored and facilitated four 2-week training programs for the HK Police College in digital forensics, network forensics, online intelligence and cybercrime investigation. He was engaged by Interpol as the Training Director for courses and capacity building around the Asia Pacific Region and Europe and has personally facilitated training for over 50 different Police Forces.

		Dr. Duncan Wong Vice President, Financial Technologies ASTRI Dr Duncan Wong is in charge of the Financial Technologies (FinTech) Initiative of the Hong Kong Applied Science and Technology Research Institute (ASTRI) and leading the Security and Data Sciences technology division of ASTRI through developing strategic plans, engaging industrial and governmental partners, and leading R&D activities with the mission of establishing Hong Kong as a FinTech Hub in the Asia Pacific Region. ASTRI's FinTech initiative focuses on Cyber-Security, Blockchain or Distributed Ledger Technology (DLT), Artificial Intelligence, Big Data Analytics, and Mobile Computing including Authentication technologies. ASTRI's FinTech R&D groups are working closely with regulatory bodies such as Hong Kong Monetary Authority (HKMA), the banking industry, and other financial services sectors on building platform technologies such as Blockchain and cyber-security intelligence sharing platform, developing cyber-security training and certification programs, and nurturing FinTech talents.

		Paolo Sbuttoni Partner, Baker & McKenzie Mr. Sbuttoni advises clients in a broad range of industry sectors on IT contracts/outsourcing, privacy/data protection, e-commerce, and telecommunications/internet regulatory issues. He has recently advised a number of companies on establishing comprehensive data governance frameworks across the region. Other recent experience includes assisting clients with the establishment of e-commerce platforms in Asia and related technology agreements and privacy compliance. He also has extensive experience in general commercial issues and agreements and regularly assists clients with licensing, franchise, supply, agency and distribution agreements and on compliance with consumer laws.

		Michael Lamb Chief Executive Officer CCW Global Limited Michael joined CCW Global from Pacific Prime Insurance Brokers - Kwiksure where he managed the Information Technology and Digital Marketing departments from 2006. A consummate technophile with a background in philosophy, Michael joined CCW Global as Marketing Director with a mandate to expand the company's footprint on digital channels. Michael stepped into the Chief Executive Officer role at CCW Global in May 2014, following the departure of company Co-Founder Christopher Claridge-Ware. Today he is committed to ensuring comprehensive risk management is available to all businesses in Hong Kong, and has positioned CCW Global as a leader in Cyber and Digital risk insurance. Michael has long been focused on exploring the opportunities presented by the internet and as a prolific writer, has been featured in periodicals including HR Magazine, Escape Artist, Expat Marketing, and Wealth Asia. Michael has been working on the leading edge of SEO/SEM systems and practices for over a decade and is constantly exploring the possibilities presented by an ever changing digital ecosystem.

		Ken Chiu Regional Head of Corporate Security DuPont Ken is an ex-HK Police officer who joined ExxonMobil as the Regional Security Advisor for APAC region in 2002. He left ExxonMobil for DuPont in 2007 to set up a Regional Corporate Security Office based in Hong Kong. Ken’s primary role is to lead the Corporate Security and Crisis Response for the Company. He also works in partnership with both internal and external IT experts to develop the trade secret and IP protection program across the region. He holds a MBA, MA in Security Management, CPP, ACF and CRISC. He has a keen interest in exploring the necessary convergence between Corporate Security and Cyber Security to defense against insider and external threat. Ken married with two kids and lives in Hong Kong.

		Stephen Langley Deputy CIO Securities and Futures Commission Stephen is currently Deputy CIO for the Securities and Futures Commission where he focuses on Strategy and Operations. He has many years of experience of developing and implementing strategy and managing teams at regional and global levels for companies such as IBM, PwC and PwC Consulting. He has been in Hong Kong on and off since 1995.

		David Mclinton Head, Asia Pacific Operations, Cyber Security, Group Enterprise Singtel As a financial and telecommunications services technology risk, regulatory and security leader, David provides thought leadership and policy perspectives on a myriad of information security issues affecting global organisations. David has over 25 years of experience spanning Information risk management, security engineering and operations, customer security and telecommunications consulting in companies such as Standard Chartered, MCI WorldCom and Cable & Wireless. David joined Singtel from JP Morgan Chase, where he was the Chief Information Security Officer for Asia Pacific and Latin America. He was principally responsible for managing large virtual teams, fostering close relationships with key clients, business partners and regulatory bodies across Asia Pacific, and evolving the firm’s cyber security agenda and risk and control environment. David has a proven and successful track record in developing, managing and overseeing firm-wide security programmes, budgets and strategies, establishing a security operations centre from ground up to provide robust security monitoring and management services, and fostering and strengthening relationships with clients, business partners and regulatory bodies.

		Royston Chng Regional Director, Asia Pacific & Japan, BitSight Technologies Royston Chng has 13 years of experience in Asia Pacific‘s IT Industry. Royston possesses diverse experience having been in the end user, system integration, distribution and principal organizations covering systems development & engineering, security architectural design & consultancy roles. Prior to BitSight Technologies, Royston worked with Barracuda Networks, Inc. for a over than a year. As Regional Director, Southeast Asia and Korea, he was the lead managing the regional Sales, Marketing and Engineering teams. The team successfully delivered 180% quota within 18 Days in 2015. Past Experience • Regional Sales Manager for South East Asia at Imperva, Inc. where he consulted with key customers from executive committees and senior management teams to gain understanding of their needs and advocate IT Security Best-Practices and strategies internally and externally. The region was named top in 2014. • Account Director at BT Global Services where he managed all strategic account planning in the Public Sector and Financial Services Industry. He was responsible for identifying new clients and business opportunities, meeting with key stakeholders to explore the latest technologies as part of solution integration offerings, contributing to 65% of the Business Unit’s total revenue.

		Michael Gianarakis Director of SpiderLabs, Asia-Pacific Trustwave Michael Gianarakis is the Director of SpiderLabs at Trustwave in the Asia-Pacific region. He oversees the delivery of penetration tests, red team engagements, source code reviews, forensic investigations across the region. Michael has presented at many industry events in the region including Black Hat Asia, Hack In the Box GSEC, OWASP, WHACKon and CrikeyCon. He also runs a chapter of the SecTalks meet up in Queensland, Australia.

		Michael Davis Chief Technology Officer CounterTack As CounterTack's CTO, Michael Davis is responsible for driving the advancement of CounterTack's revolutionary endpoint security platform, as well as leveraging his visionary approach to push defenders ahead of attackers. Davis has earned a reputation as one of the nation's leading authorities on information technology. The list of organizations that rely on his council includes AT&T, Sears, Exelon, and the US Department of Defense. Prior to CounterTack, Davis was President of External IT, a national managed IT services and cloud services provider that focuses on unifying the business IT experience. In 2005, he founded Savid Technologies, an IT security consulting firm. He led Savid to be the 23rd fastest growing company in Chicago as measured by Inc. magazine, and by 2010, Savid was ranked 611 on the Inc. 5000 list of fastest growing companies in America. Prior to Savid, he served as senior manager of global threats at McAfee, where he led a team of researchers investigating confidential and cutting-edge security analysis. As an entrepreneur he was voted one of the “Top 25 under 25” by BusinessWeek, semi-finalist of the Ernst and Young “Entrepreneur of the Year” award, and a “Web 2.0 Wonderkid” for his online marketing capabilities. Davis is a contributing author to the top selling computer security book, Hacking Exposed, as well as Hacking Exposed: Malware and Rootkits, and he is a frequent contributor to industry and business publications including InformationWeek and Dark Reading. He regularly speaks at noted industry conferences including Black Hat, Interop, SuperStrategies, and InfoSecWorld.

		Ng See Sing Head, Portal City Business Application Services NCS Pte Ltd Mr. Ng See Sing is Head of Portal City, a one-stop end-to-end portal development and digital engagement unit of NCS. He has more than 20 years of experience in IT and infrastructure engineering arena. He has spearheaded the launch of numerous consumer and enterprise mobile applications for the public and private sectors in the areas of mobility, enterprise social networking and other emerging technologies. He is also active in pursuing Smart Nation initiatives and driving adoptions in security framework. Under him, the team has won numerous industry awards and customer accolades for their portal and mobile apps and services. Major portal projects that Portal City & Catalyst Group supports include NS Portal, One Motoring Portal, My Transport Portal, Public Transport Portal, Your Singapore Portal, Team Singapore and SME Portal.sg for our customers such as Land Transport Authority, Singapore Tourism Board, Singapore Sports Council, Spring Singapore and Infocomm Development Authority of Singapore amongst others. Prior to his current portfolio, he has served in senior leadership positions to lead in national level projects such as the Singapore National NRIC Project, Automated Passport System, and Immigration Auto-Clearance Smartcard System and Security Services. He also started and managed autonomous service based business entities that focus primarily in smartcard technology, loyalty and lifestyle program, payment gateway services, e-commerce and m-commerce.

		Armando Dacal Vice President, Service Providers - Asia Pacific Palo Alto Networks Armando has more than 15 years of experience in leading customer and partner facing organisations for startup and leading cybersecurity vendors. As Vice President of Service Providers for Asia Pacific, Armando is responsible for leading joint go-to-market for cloud and managed offerings with strategic partners across the theatre. Prior to this role, Armando served as Regional Vice President and Managing Director for Australia and New Zealand, he joined the company in April 2013. Armando has also held global and regional sales leadership positions at Melbourne IT, Lotaris, Symantec, and VeriSign. Dacal holds a B.A. In International Economics from San Diego State University.

		Dan Tan Mobility Channel Manager Check Point Dan Tan has over 16 years of experiences in Information Technology & Cyber Security. He is also well-versed in mobile technology and mobile security. For the past 6 years, Dan has advised and assisted numerous enterprises and government organizations to adopt and incorporate mobile as part of their core business. Dan is graduated from Royal Melbourne Institute of Technology in Information Technology. He is a Certified Information System Security Professional (CISSP) since 2009, and holds an advanced diploma in IT Security from Nanyang Polytechnic. In his free time, Dan loves to go diving with his friends.

		Charles Ho Business Development Manager – Global Solution Providers, APAC FireEye Charles Ho is the Business Development Manager for Global Solution Providers Globally. Charles has over 9 years experience in managed security services and is responsible for creating unique market offerings with managed providers that’s tightly integrated into the service portfolio. Prior to joining Charles was responsible for Symantec MSS services across APJ leading the sales practice and engaging regularly with customers in region to better understand the threat landscape, service operations and each customer’s unique security posture. Charles has extensive experience in SOC build and operations via several roles as MSS sales engineer, SIEM consultant and SOC architect. Charles began his career at a regional SI, now owned by KDDI, where he built and managed their MSS services. Charles held several security certifications including CISSP, GCIH and CIFI and holds a Bachelors of Science degree in Computer Science from Simon Fraser University.

Move to top