CISO Malaysia schedule

During this 5-minute networking session, the aim of the game is to go and meet three people you don't already know. Have fun!

As Malaysia enters a new era of cyber governance, this session unpacks what the Cyber Security Act 2024 really means for CISOs, especially those responsible for critical infrastructure and high-risk sectors.

• Understanding the evolving role of the CISO under the Act: compliance, accountability, and strategic alignment
• Readiness strategies for NCII sectors: threat modelling, incident reporting, and collaboration with NACSA
• Bridging the gap between regulatory intent and operational execution through governance, tooling, and workforce enablement

• Unpacking how attackers are using AI to automate, personalise, and scale cyberattacks—from deepfakes to intelligent phishing
• Exploring defensive applications of AI in threat detection, anomaly analysis, and response orchestration
• Addressing the governance, ethical, and operational risks of embedding AI into your cybersecurity stack

• With the Cyber Security Act 2024 and Malaysia's national push for digital resilience, the CISO role is evolving from technical enforcer to strategic business leader
• Boards and regulators increasingly expect CISOs to articulate risk, trust, and resilience in business terms—beyond compliance
• Balancing real-time threat response with long-term transformation, regulatory alignment, and enterprise value creation

Moderator

Datuk Alan See Co-Founder & CEO Firmus

Panellists

Amir Abdul Samad Head, Cyber Security (CISO) PETRONAS

Suresh Sankaran Srinivasan Group Head – Cyber Security & Privacy Axiata

Nantha Kumar Krishnan Head of Information Technology Operation – APMEA Kerry

Norman Leong Head of Cybersecurity Governance, Risk, and Assurance AirAsia

Chee Lung Yuen CISO AIA Malaysia

• How digital transformation, remote work, and cloud sprawl have redefined the enterprise attack surface
• Tools and tactics for continuous visibility, risk prioritisation, and response at scale
• Why traditional perimeter thinking no longer works—and how leading CISOs are adapting

• Key principles for architecting secure, scalable environments across cloud, hybrid, and edge
• How to embed resilience and agility without compromising speed or user experience
• Real-world approaches to modernising legacy infrastructure while preparing for future threats

Moderator

Abdul Hakim Razip Chief Risk Officer Generali Insurance

Panellists

Naveen Chantiran Head of Cyber Security Air Liquide

Yusfarizal Yusoff Head of Security Architecture PETRONAS Digital

Prasad Jayabalan Head of Cybersecurity Strategy & Architecture Axiata

Sivanathan Subramaniam Group Chief Cybersecurity & Risk Officer CTOS Digital

• Analysing real-world ransomware attacks that exploited AD and disrupted critical systems
• Implementing foundational controls to detect lateral movement and privilege escalation
• Strengthening recovery, segmentation, and monitoring strategies to harden AD environments

• Identifying and managing risks in hybrid IT-OT environments
• Implementing Zero Trust principles in OT networks
• Governance, compliance, and workforce training in OT security

• How leading teams coordinate across security, legal, comms, and business during an active breach
• What real-world playbooks reveal about decision-making, escalation, and containment
• Turning crisis into resilience through post-incident learning and tabletop exercises

• Showcasing how AI-driven cybersecurity enhances business resilience, operational efficiency, and customer trust
• Translating AI-powered security insights and threat intelligence into business-relevant outcomes for executive stakeholders
• Aligning AI-led security investments with enterprise-wide digital transformation and innovation strategies

• Showcasing how AI-driven cybersecurity enhances business resilience, operational efficiency, and customer trust
• Translating AI-powered security insights and threat intelligence into business-relevant outcomes for executive stakeholders
• Aligning AI-led security investments with enterprise-wide digital transformation and innovation strategies

• Turning policy into practice through behaviour, incentives, and leadership modelling
• How to embed security ownership across departments, not just in IT
• Lessons from leaders driving organisation-wide change in mindset and accountability

• How to measure security program maturity in ways that resonate with executives
• Linking metrics to risk reduction, operational performance, and business outcomes
• Using data to justify investments, guide strategy, and benchmark progress

• How do OT and IT leaders collaborate to prepare for cyber incidents that can halt physical operations?
• Can automation and AI-driven analytics improve visibility and reduce response time in critical environments?
• How can industry, government, and technology providers work together to safeguard Malaysia’s critical infrastructure ecosystem?

Speakers:

Edd Barber CISO WEL Networks

• Establishing a proactive incident response culture across functions
• Integrating threat intelligence and automation into the IR lifecycle
• Lessons learned from real-world cyber incident exercises

• Showcasing how AI-driven cybersecurity enhances business resilience, operational efficiency, and customer trust
• Translating AI-powered security insights and threat intelligence into business-relevant outcomes for executive stakeholders
• Aligning AI-led security investments with enterprise-wide digital transformation and innovation strategies

• Showcasing how AI-driven cybersecurity enhances business resilience, operational efficiency, and customer trust
• Translating AI-powered security insights and threat intelligence into business-relevant outcomes for executive stakeholders
• Aligning AI-led security investments with enterprise-wide digital transformation and innovation strategies

Modern security architecture must go beyond technical defenses—it must also reflect an organisation’s governance, risk, and compliance (GRC) posture. This session explores how CISOs and architects can embed compliance and risk management into their designs, ensuring systems are secure, scalable, and aligned with regulatory and business requirements.

This session will discuss:

• Designing security architectures that account for compliance from the ground up
• Mapping risk appetite to architecture decisions for better resilience
• Avoiding “bolt-on compliance” by embedding controls directly into systems and workflows
• Balancing employee and customer experience with regulatory requirements in architecture choices
• Case studies: how organisations align security-by-design with Cyber Security Act 2024 compliance

• Understanding unique risks at the intersection of IT, OT, and IoT
• Building unified frameworks for asset discovery, segmentation, and response
• Addressing governance, safety, and uptime in critical infrastructure

• Evaluating current adoption trends and technology maturity
• Understanding usability, privacy, and implementation challenges
• Balancing security needs with user experience across diverse environments

• How leading organisations are implementing Zero Trust across hybrid and multi-cloud environments
• Breaking down real-world playbooks: identity, segmentation, continuous verification
• Overcoming resistance, complexity, and legacy system limitations on the path to Zero Trust

• Anticipating the next generation of ransomware, APTs, and AI-powered attacks
• Understanding how geopolitical shifts and AI misuse could destabilise security ecosystems
• Rethinking playbooks, tooling, and collaboration for the threat landscape of tomorrow

 
Moderator

Sivanathan Subramaniam Group Chief Cybersecurity & Risk Officer CTOS Digital

Panellists

Ebenezer Godomon Deputy Director II (Cyber Security) Sabah State Computer Services Department

Jeya Ganesh CIO Taylor’s Schools

Mohammed Hashim Security Architect Cloud Security Alliance Malaysia Chapter