CISO Malaysia schedule

During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

• Explore the imminent impact of quantum computing on current cryptographic standards and data protection practices
• Discuss how organizations can prepare for quantum-resilient encryption and the emerging risks quantum computing poses to sensitive data
• Examine how the rapid deployment of 5G and the growing adoption of AI are transforming both the speed and complexity of cyber threats

• Adapting to evolving threat landscape – exploring different strategies and risk assessment framework for CISO
• Building a strong cybersecurity culture within an organisation by engaging employees through training and open communication
• Aligning cybersecurity initiatives with broader business objectives – risk management, budget, and cross-department collaboration

Moderator

• Datuk Alan See Co-Founder & CEO Firmus

Panellists

• Amir Abdul Samad Head, Cyber Security (CISO) PETRONAS
• Wan Roshaimi Wan Abdullah CTO CyberSecurity Malaysia
• Chee Lung Yuen CISO Technology Risk Management & BCM, AIA
• Ashish Vohra ED, Head - Information Security Risk Officer, SC Ventures Standard Chartered Bank
  

• Understanding how integrating security from the start can reduce risks, improve resilience, and save costs
• Tailoring security architectures to fit the unique needs of the business, industry, and risk profile
• Addressing the challenges to implement secure-by-design architecture – investment justification, organizational silos, and aligning security

Moderator

• Dr Peter Leong Director MyCIO Services

Panellists

• Norsyahrim Abdul Tahar Head of Enterprise Architecture & Governance Alliance Bank
• Yusfarizal Yusoff Head of Security Architecture PETRONAS Digital
• Thayaalakumar Pakerysamy Associate Director, Digital Security - IAM Systems AIA Digital+
• Mohammed Hashim Security Architect Cloud Security Alliance Malaysia Chapter
• Prasad Jayabalan Head of Cybersecurity Strategy & Architecture Axiata
• Brian Chang Solutions Architect and Advisory Fortinet Malaysia
  

• Introduction to AI in Identity Security: Discuss the integration of artificial intelligence and machine learning in identity governance and administration, highlighting how these technologies enhance threat detection and response.
• Overview of Saviynt's Intelligence Suite: Present Saviynt's latest AI-powered Intelligence Suite, emphasizing its capabilities in providing intelligent recommendations and analytics for identity security.
• Addressing Third-Party Access with a Converged Identity Platform: Explore how Saviynt's converged identity platform secures third-party access, mitigating risks associated with external users, contractors, and partners. Highlight features that streamline provisioning, enforce least-privilege access, and monitor third-party activities in real time.
• Case Studies and Real-World Applications: Share success stories and practical examples of organizations that have implemented AI-driven identity security solutions to strengthen their cyber resilience.
• Future Trends in Identity Security: Explore the evolving landscape of identity security, including the management of machine identities and the challenges posed by emerging technologies.

• Exploring how government agencies can design and implement a security-first architecture tailored to the needs of the organisation
• Discussing the importance of continuous monitoring, threat intelligence, and proactive defence strategies, such as penetration testing and red teaming, to counter APTs
• Examining how government agencies can ensure their cybersecurity practices align with regulatory standards, while also integrating those into broader defence strategies

Navigating the Cybersecurity Act 2024: How to Avoid Costly Compliance Failures

The Malaysia Cybersecurity Act 2024 introduces a new era of regulatory requirements, aimed at strengthening the country’s cyber defences and resilience against evolving threats. With the Act now in force, organizations—especially those in the National Critical Information Infrastructure (NCII) sectors—must adhere to stringent cybersecurity standards, effectively manage risks, and ensure timely incident reporting to maintain compliance.

Join us for an insightful roundtable discussion where Clarence Chan, Partner, Digital Trust and Cybersecurity leader from PwC Malaysia will provide a landscape overview of the Malaysia Cybersecurity Act 2024, highlighting key compliance obligations and potential challenges organizations may face. Yuri Pinheiro, Director, Partner Solution Architecture from Tanium will then share how organizations can leverage technology to meet regulatory requirements efficiently, mitigate compliance risks, and enhance their cybersecurity posture.

Key Discussion Points:

1. Malaysia's Cybersecurity Act 2024: What Organizations Need to Know
   • New compliance requirements for NCII sectors to strengthen cybersecurity, manage risks, and report incidents.
   • Legal and financial implications of non-compliance.
   • Challenges organizations face, including higher compliance costs and increased workload for IT, security, risk, and compliance teams.
2. Navigating Compliance: Best Practices & Case Studies
   • Insights from PwC Malaysia on how organizations can align with the Act’s requirements.
   • Real-world examples of how Tanium’s endpoint security and compliance solutions enable organizations to achieve compliance, mitigate cyber risks, and strengthen their security posture.

This interactive session will offer valuable insights into how businesses can proactively address compliance challenges and ensure they remain resilient in an evolving regulatory landscape.

Speakers: 

• Yuri Pinheiro Director, Partner Solution Architecture Tanium
• Clarence Chan Partner, Digital Trust and Cybersecurity leader PwC Malaysia

Applications have become the central hub for both professional and personal interactions, but this increased reliance on technology brings significant security challenges. The ever-expanding application attack surface, coupled with the massive amounts of data generated during user interactions, creates a complex landscape for cybersecurity. Key challenges include:

• Limited skillsets to effectively manage and analyze vast volumes of data
• Sophisticated application attacks that leave less time for response
• Rapid technological adoption, which often results in security blind spots

In this session, we will explore how AI can be harnessed to enhance application security and tackle these challenges head-on. We’ll cover:

• AI in Application Security: How AI can bolster security by preventing attacks, automating incident response, and providing real-time insights to improve threat detection and mitigation.
• Security of AI: Addressing the unique risks of AI systems themselves, including protecting the integrity and confidentiality of AI models and preventing manipulation or tampering.
• Security Against AI: Leveraging AI-powered tools to detect and prevent cyberattacks, and utilizing AI-driven threat intelligence to stay ahead of emerging threats.

By integrating AI into both application security and threat response strategies, we can create a more resilient and efficient security environment, safeguarding individuals and organizations alike from evolving cyber risks.

Join us to learn how AI is not just a tool for defense, but a game changer in the ongoing battle against cyber threats.

• Exploring how AI is transforming the cybersecurity landscape in Malaysia what opportunities AI offers for detecting and mitigating threats, and the potential risks posed by AI-driven cyberattacks
• Discussing the evolving regulatory environment for AI and cybersecurity in Malaysia, including how organisations can stay compliant with emerging data protection laws while adopting cutting-edge AI technologies
• Examining the ethical implications of AI in cybersecurity and governance and ensuring AI systems are transparent, secure, and aligned with regulatory standards

Moderator

• Abdul Hakim Razip Chief Risk Officer Generali Insurance

Speakers:

• Jeya Ganesh CIO Taylor’s Schools
• Anthony Jonathan Luistro Head of Cyber Security Malaysia Aviation Group

This trackside panel explores the current state of OT cybersecurity in Malaysia. Key topics include strategic steps to enhance OT cyber resilience, the impact of the Cybersecurity Act 2024, governance challenges, and the role of AI in securing critical infrastructures. The session will offer actionable insights on strengthening OT security in Malaysia as digitalization accelerates.

Moderator

• Narsi Ragu Regional OT Cybersecurity Lead, APAC Siemens Energy

Panellists

• Amir Abdul Samad Head, Cyber Security (CISO) PETRONAS
• Mohd Rizal Mohd Ramly Head Digital & Data TNB Genco

The foundational component of a modern security architecture is a secure identity system. And though most organizations are thinking "cloud first", identity doesn't start in the cloud - it starts on premises. And overwhelmingly that on-premises identity system is Microsoft’s Active Directory (AD).​

AD is involved in more than 90% of all cyberattacks today because when it's compromised it gives attackers near-total control over your IT systems. And once crippled by a cyberattack, it requires an average of two weeks to rebuild and regain trust manually - while your business is down.​

 ​

In this session, Karthik and Santhosh will review:

• Why AD is such a target​
• How you can increase operational resilience of this mission-critical identity system by​ mitigating attacks against your AD ​
• Significantly reducing its recovery time objective (RTO)​

Ransomware remains a severe cyberthreat with significant impacts. The average cost to remediate an attack surged to $2.73 million — a 50% increase from the previous year.

Prolonged recovery times highlight the need for comprehensive response strategies. Sophisticated attacks strain security teams, with 95% reporting challenges in essential operations. These findings stress the importance of reinforcing ransomware defenses and recovery plans.

Robust endpoint protection is key. Sophos Managed Detection and Response (MDR) offers 24/7 support to strengthen security. Enhanced defenses help reduce costs, minimize recovery time, and support business continuity against this formidable threat.

• Exploring some of the security tools to mitigate the risk in digitalisation
• Understanding how technology can create security loophole
• Addressing some of the challenges in implementing preventative care and putting in place a business continuity plan

• Emphasising the value of leveraging threat intelligence to proactively identify and mitigate potential incidents.
• Collecting, analysing, and applying threat data to enhance an organisation's security posture and incident response capabilities.
• Showcasing real-world examples of how threat intelligence has helped organisations detect and respond to threats more effectively

• Exploring the factors that make cyberwar seemingly inevitable and discussing the urgency for robust defence mechanism
• Drawing parallels between the need for automation in cyber defence today and the significance of the production line
• Reflecting on the historical intertwining of technology, markets, and war, and how this connection persists in 2024

Speakers

• Naveen Chantiran Head of Cyber Security Air Liquide
• Johary Mustapha Council Member PIKOM, The National ICT Association of Malaysia

In today’s digital landscape, security professionals often face the challenge of balancing robust protection with the need for seamless information sharing. Traditionally, security measures can be perceived as barriers—where the instinct is to clamp down and restrict access. However, with the adoption of Zero Trust and Data-Centric Security, security mechanisms can shift from being obstacles to enablers of secure collaboration and information exchange.

This presentation will highlight how Zero Trust and Data-Centric Security not only enhance security but also support greater information sharing and collaboration amongst teams. Join us as we share examples and demonstrate how organisations can create a secure foundation for information exchange, empowering teams while mitigating risks and ensuring compliance with regulatory standards.

Data has grown exponentially and today it lives everywhere – cloud, on-prem and SaaS. Organisations rely on data to stay in business and attackers know that. Today’s bad actors don’t just break in. They bypass traditional cybersecurity defenses and exfiltrate sensitive data. Moreover, they know to target and encrypt data backups to cripple business operations.

Learn why traditional backups ≠ cyber resiliency, and hear from a healthcare provider on how an effective data security strategy keeps the lights on.

Moderator

• Dr Manmeet Mahinderjit Singh Associate Professor Universiti Sains Malaysia

Panellists

• Sathis Kumar Batumalai Group Head of IT Security RHB Banking Group
• Ruban Bala Head of Infrastructure & Application Security Risk Ryt Bank
• Charles Solomon Director of Information Technology & Cybersecurity Senior Aerospace Upeca