CISO Malaysia schedule

During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

• Exploring the development of collaborative frameworks that bring together government agencies and private industry players to enhance national cybersecurity
• Discussing how governments and industries can work together to ensure that regulations are both comprehensive and flexible enough to address the dynamic nature of cyber threats, while also encouraging innovation and growth in the digital economy.
• Examining how partnerships between government and industry can facilitate capacity building through training programs, resource sharing, and the development of cybersecurity skills.
•  

• Focusing on the critical aspects of building and enhancing a modern developer security program.
• Implementating security practices tailored to the unique challenges of software development
• Discussing the different methods for assessing vulnerabilities based on their potential impact and likelihood of exploitation

• Adapting to evolving threat landscape – exploring different strategies and risk assessment framework for CISO
• Building a strong cybersecurity culture within an organisation by engaging employees through training and open communication
• Aligning cybersecurity initiatives with broader business objectives – risk management, budget, and cross-department collaboration

Moderator

• Datuk Alan See Co-Founder & CEO Firmus

Panellists

• Amir Abdul Samad Head, Cyber Security (CISO) PETRONAS
• Wan Roshaimi Wan Abdullah CTO CyberSecurity Malaysia
• Chee Lung Yuen CISO Technology Risk Management & BCM, AIA
• Thomas Lim Group CISO Affin Bank

• Identifying critical asset and its vulnerability through assessment and utilising threat modelling techniques to anticipate potential attack vectors
• Adopting a zero-trust architecture and emphasising the importance of continuous authentication and real-time monitoring
• Embracing emerging technologies for enhanced security – AI and ML, blockchain, security automation

• Understanding how integrating security from the start can reduce risks, improve resilience, and save costs
• Tailoring security architectures to fit the unique needs of the business, industry, and risk profile
• Addressing the challenges to implement secure-by-design architecture – investment justification, organizational silos, and aligning security

Panellists

• Norsyahrim Abdul Tahar Head of Enterprise Architecture & Governance Alliance Bank
• Yusfarizal Yusoff Head of Security Architecture PETRONAS Digital
• Thayaalakumar Pakerysamy Associate Director, Digital Security - IAM Systems AIA Digital+
• Mohammed Hashim Security Architect Cloud Security Alliance Malaysia Chapter

• What are the current challenges around preparing future cybersecurity talent for an ever-changing future?
• Exploring initiatives to close the talent gap: Can AI support the current talent shortage?
• Anticipating the right skills: What skills should a successful future team possess?

• Aligning the different perspectives between tech and non-tech leaders to establish common goals
• Fostering a growth-focused relationship with the board
• Presentation is key: What makes a good board presentation and how do you drive board-supported cybersecurity initiatives?

• Exploring how AI is transforming traditional security operations by automating repetitive and time-consuming tasks,
• Examining how cybercriminals are increasingly using AI to automate and scale their attacks
• Leveraging AI in defensive strategies – latest advancements in AI-based threat intelligence and anomaly detection

• Integratingf ESG Principles into Cybersecurity Strategy – exploring the evolving landscape ESG principles intersect with cybersecurity risk management
• Discussing how organizations can integrate ESG considerations into their cybersecurity strategies, aligning security practices with broader corporate responsibility
• Exploring the potential benefits, such as enhanced brand reputation and stakeholder trust, and examining the challenges and opportunities in this integration

• Exploring how AI is being used to enhance authentication processes – MFA systems, biometric, and continuous authentication methods
• Understanding the critical role AI plays in monitoring and analysing user behaviour to detect anomalies
• Addressing the growing threat of AI-driven attacks on IAM systems, including the potential for AI to exploit biometric vulnerabilities or manipulate identity verification processes

• Integrating security early in the development process enhances agility without compromising on data protection
• Examining the vulnerabilities AI applications may introduce and explore strategies to embed security measures throughout the AI development lifecycle
• Optimising value stream management for end-to-end AI development process while aligning development and security

Speakers:

• Gaurav Sharma, Group CIO, MMC Ports
• Thavaselvi Munusamy, Director – GRC (IT/OT), ITT
• Soumo Mukherjee, Head of Cybersecurity, PRefChem

• Exploring how cybercriminals are leveraging AI to enhance the effectiveness of phishing attacks
• Delving into the countermeasures that organizations can implement to defend against AI-augmented phishing attacks
• Discussing the importance of integrating AI-driven tools with employee training programs to create a multi-layered defence against phishing attacks

• Exploring how AI is transforming traditional security operations by automating repetitive and time-consuming tasks,
• Examining how cybercriminals are increasingly using AI to automate and scale their attacks
• Leveraging AI in defensive strategies – latest advancements in AI-based threat intelligence and anomaly detection

• Exploring some of the security tools to mitigate the risk in digitalisation
• Understanding how technology can create security loophole
• Addressing some of the challenges in implementing preventative care and putting in place a business continuity plan

• Exploring how automation and orchestration can streamline and optimise incident response processes
• Discussing the tools and techniques for automating tasks like alert triage, threat hunting, and incident containment
• Demonstrating the benefits of incident response automation in reducing response times and improving overall effectiveness

• Exploring the factors that make cyberwar seemingly inevitable and discussing the urgency for robust defence mechanism
• Drawing parallels between the need for automation in cyber defence today and the significance of the production line
• Reflecting on the historical intertwining of technology, markets, and war, and how this connection persists in 2024

Speakers

• Thomas Lim Group CISO Affin Bank
• Naveen Chantiran Head of Cyber Security Air Liquide

• Emphasising the value of leveraging threat intelligence to proactively identify and mitigate potential incidents.
• Collecting, analysing, and applying threat data to enhance an organisation's security posture and incident response capabilities.
• Showcasing real-world examples of how threat intelligence has helped organisations detect and respond to threats more effectively

• Discussing how to create a security architecture that evolves with the latest threats
• Exploring the importance of security layers, segmentation, and zero-trust models
• Highlighting real-world case studies from enterprises that have implemented highly resilient security architectures

• Exploring how government agencies can design and implement a security-first architecture tailored to the needs of the organisation
• Discussing the importance of continuous monitoring, threat intelligence, and proactive defense strategies, such as penetration testing and red teaming, to counter APTs
• Examining how government agencies can ensure their cybersecurity practices align with regulatory standards, while also integrating those into broader defense strategies

• Explore how AI and automation can enhance security architecture by improving threat detection, response times, and vulnerability management.
• Discuss the potential for AI to identify patterns that traditional methods may miss.
• Showcase successful AI implementations in security architecture frameworks.
  
  

• Dive into the principles of Zero Trust and how they can be applied to a hybrid cloud environment.
• Examine how to implement Zero Trust for seamless security across on-premises, cloud, and multi-cloud ecosystems.
• Discuss challenges and best practices for securing dynamic cloud workloads while ensuring user access control and data protection.

Speakers

• Prasad Jayabalan Head of Cybersecurity Strategy & Architecture Axiata
• Ashish Vohra ED, Head - Information Security Risk Officer, SC Ventures Standard Chartered Bank

• Discussing how cloud-native security architecture can enable scalable defenses, adapting quickly to evolving threats.
• Embedding security into DevOps processes and adopting the ‘shift-left’ approach in cloud application development.
• Exploring the role of security automation, compliance monitoring, and Infrastructure-as-Code (IaC) in cloud-native environments.

• As APIs become the backbone of digital transformation, they also introduce new vulnerabilities that can be exploited by attackers, leading to severe financial, reputational, and regulatory consequences
• Exploring the critical importance of API security in today’s interconnected world, the common challenges organisations face, and why securing APIs should be a top priority
• Discovering how proactive API security strategies can safeguard your enterprise and ensure long-term success in the digital age

Speakers:

• Jaiz Anuar Yeop Johari VP Information & Cyber Security Permodalan Nasional Berhad (PNB)
• Charles Solomon Director of Information Technology & Cybersecurity Senior Aerospace Upeca

• Exploring how we can integrate modern technologies into business
• Planning for security with minimal disruption
• Driving change and building a cybersecurity driven culture cross-department in an organisation

• Modern strategies in cybersecurity: How can we manage new threats that are emerging?
• Risk and threat management in 2024, how has this changed and what has stayed the same?
• How can we anticipate changes that 2025 will bring?

Speakers:

• Manickam Nadesan Head of Information Security & Governance Merchantrade Asia
• Sathis Kumar Batumalai Group Head of IT Security RHB Banking Group