CISO Malaysia schedule

During this 5-minute networking session, the aim of the game is to go and meet three people you don't already know. Have fun!

As Malaysia enters a new era of cyber governance, this session unpacks what the Cyber Security Act 2024 really means for CISOs, especially those responsible for critical infrastructure and high-risk sectors.

• Understanding the evolving role of the CISO under the Act: compliance, accountability, and strategic alignment
• Readiness strategies for NCII sectors: threat modelling, incident reporting, and collaboration with NACSA
• Bridging the gap between regulatory intent and operational execution through governance, tooling, and workforce enablement

Despite advancements in cyber security tools, human error remains the leading cause of breaches, with phishing attacks, insider threats, and credential misuse continuing to dominate the threat landscape. Independent research highlight 68% of cyber incidents stem from human error, reinforcing Mimecast’s human-risk research revealing that almost 10% of employees account for 80% of security incidents.

This session will explore the factors contributing to user vulnerabilities that lead to certain individuals being classed as high-risk.

You will gain insights into measuring user risk effectively and implementing tailored strategies to enhance cyber security across their organisations. My session will also highlight how a personalised and adaptive security approach can provide customised security measures for each user. By focusing on these high-risk individuals, organisations can safeguard their workforce while maintaining operational productivity.

• With the Cyber Security Act 2024 and Malaysia's national push for digital resilience, the CISO role is evolving from technical enforcer to strategic business leader
• Boards and regulators increasingly expect CISOs to articulate risk, trust, and resilience in business terms—beyond compliance
• Balancing real-time threat response with long-term transformation, regulatory alignment, and enterprise value creation

Moderator

 Vikneswaran Kunasegaran SVP – Security Assessments Firmus

Panellists

Amir Abdul Samad Head, Cyber Security (CISO) PETRONAS

Suresh Sankaran Srinivasan Group Head – Cyber Security & Privacy Axiata

Nantha Kumar Krishnan Head of Information Technology Operation – APMEA Kerry

Norman Leong Head of Cybersecurity Governance, Risk, and Assurance AirAsia

Every organization has well-documented endpoint security standards – yet the challenge is to make these work in the real world. Endpoint controls that were “compliant” on paper fail in practice due to inconsistent enforcement and outdated measurement methods. Organizations resort to reactionary measures rather than proactive ones. To make matters worse, 90% of successful cyberattacks originate at the endpoint.
In this session you will gain insights on

• Key challenges in the endpoint governance and compliance lifecycle
• Adopting a more Proactive Security Posture.
• Consistently enforce endpoint controls and measure security posture in real time.

• Key principles for architecting secure, scalable environments across cloud, hybrid, and edge
• How to embed resilience and agility without compromising speed or user experience
• Real-world approaches to modernising legacy infrastructure while preparing for future threats

Moderator

Abdul Hakim Razip Chief Risk Officer Generali Insurance

Panellists

Naveen Chantiran Head of Cyber Security Air Liquide

Yusfarizal Yusoff Head of Security Architecture PETRONAS Digital

Prasad Jayabalan Head of Cybersecurity Strategy & Architecture Axiata

Sivanathan Subramaniam Group Chief Cybersecurity & Risk Officer CTOS Digital

Norsyahrim Abdul Tahar Head of Group Information Technology Alliance Bank 

• Identifying and managing risks in hybrid IT-OT environments
• Implementing Zero Trust principles in OT networks
• Governance, compliance, and workforce training in OT security

Data security has been around for decades, and yet, it still feels like an unsolvable puzzle. Legacy technologies are typically resource-intensive, find just a small portion of companies’ sensitive data, and produce a ton of false positives. The impact to operations is often so significant that businesses never move their DLP out of monitoring mode.

Attend our session to learn:

• Why traditional approaches to data security have failed
• How AI and context are revolutionizing data security
• Where to maximize the value of your existing security investments
• What you can do to secure your Gen AI rollouts

With the right strategy and technology, you can transform your data from a liability to a well-managed asset.

• Showcasing how AI-driven cybersecurity enhances business resilience, operational efficiency, and customer trust
• Translating AI-powered security insights and threat intelligence into business-relevant outcomes for executive stakeholders
• Aligning AI-led security investments with enterprise-wide digital transformation and innovation strategies

As Malaysia’s National Cloud Computing Policy (NCCP) accelerates digital adoption, identity has shifted from a perimeter to a strategic core. In this session, we explore how Okta AI transforms identity from a static gatekeeper into a dynamic defense engine. Learn to secure the surge of "non-human" identities and AI agents with continuous, risk-based authentication. We’ll discuss how a modern Identity Security Fabric reduces TCO while ensuring zero-trust resilience. Join us to discover how to align with national mandates, eliminate security gaps, and leverage AI to build a scalable, inclusive, and future-proof digital enterprise.

• Turning policy into practice through behaviour, incentives, and leadership modelling
• How to embed security ownership across departments, not just in IT
• Lessons from leaders driving organisation-wide change in mindset and accountability

As organizations rapidly adopt Generative AI, they face a critical choice: embrace innovation or manage the "shadow AI" and data exposure risks that follow. This session explores Tenable’s journey in securing the AI revolution, moving beyond the hype to provide a practical framework for AI Security Posture Management (AISPM).

In this session, you will uncover:

• ⁠Uncover shadow AI usage and data exposure
• ⁠Identify misconfigurations in AI platforms
• ⁠Detect unsafe third-party tools and integrations
• Pinpoint and mitigate prompt injection and jailbreak attempts

• Understanding the unique cyber risk profile of critical infrastructure – why IT/OT convergence, legacy systems, and national dependency make these environments high-impact targets
• Building operational resilience where safety, uptime, and security intersect – rethinking incident response, recovery, and decision-making when cyber incidents can disrupt essential services
• Strengthening ecosystem collaboration – how operators, regulators, and technology partners can work together to uplift resilience across Malaysia’s critical infrastructure landscape

Speakers:

Edd Barber CISO WEL Networks

Dr Peter Leong Director MyCIO Services 

The stakes for enterprises have never been higher when it comes to building resilient security architectures. This session provides practical insight into what it takes to break down the mechanics of Zero Trust through consolidation, automation, and adaptive security controls that follow the user wherever they may be. Learn how Netskope’s platform approach simplifies the complexity of compliance, ensuring your defense is as agile as the threats it faces.

Key highlights:

• Fraud in Southeast Asia has shifted from isolated scammers to organized syndicates, operating with supply chains, specialization, and commercial incentives that resemble a modern industry.
• As criminal gangs increasingly weaponize AI, automation, and industrial-scale infrastructure, businesses must prepare for adversaries that move faster, adapt continuously, and operate with economic efficiency.
• This keynote explores how organizations can respond—by rethinking fraud as a system-level challenge and adopting layered, resilient approaches designed to withstand AI-powered fraud at scale.

It's hard to believe that invoice fraud is even possible in this era of online payment, sophisticated accounts-payable systems and our heightened awareness of cybercrime. Yet, Australian businesses lost $152m to payment redirection scams last year - a 67% increase on 2023.

In this talk, I'll explore real world examples of cleverly crafted socially engineered attacks - taken directly from the emails sent by threat actors to Australian businesses. Some were acted upon and the unbelievable conversation with threat-actors will be revealed. We'll also take a look through the security analyst's lens and uncover ways you can identify these amazingly real-looking emails, as fraudulent.

Generative AI and GPTs feature heavily in the threat actor's toolkit to create very real and convincing attack emails, so we'll review examples of how ChatGPT is being so easily used to not only create the socially engineered email but also perform extensive profiling on the target to ensure the attack is contextually relevant, personal and believable.

How do you transform to evolve your defences against this type of attack, especially when your supplier accounts could be compromised or look-alike domains are used? Is it worth pursuing a takedown? I'll cover the reality of these techniques along with other methods such as EFT payment verification and behavioural AI.

Modern security architecture must go beyond technical defenses—it must also reflect an organisation’s governance, risk, and compliance (GRC) posture. This session explores how CISOs and architects can embed compliance and risk management into their designs, ensuring systems are secure, scalable, and aligned with regulatory and business requirements.

This session will discuss:

• Designing security architectures that account for compliance from the ground up
• Mapping risk appetite to architecture decisions for better resilience
• Avoiding “bolt-on compliance” by embedding controls directly into systems and workflows
• Balancing employee and customer experience with regulatory requirements in architecture choices
• Case studies: how organisations align security-by-design with Cyber Security Act 2024 compliance

AI security is not a one-time deployment - it is a continuous, evolving cycle. This session explores how organizations can move beyond isolated AI security features to adopt a holistic, closed-loop security strategy. We will examine how adversarial testing through AI Red Teaming, runtime enforcement with AI Guardrails, and continuous observability and governance via the Application Delivery and Security Platform (ADSP) work together to secure AI systems end to end.

The session will introduce practical governance frameworks to manage model risk and support regulatory compliance, while demonstrating how AI governance can be integrated into IT operations for cost-efficient, scalable model deployment. Attendees will also gain a deeper understanding of AI threat models, including risks to ML systems, data integrity, and adversarial resilience, enabling organizations to build AI solutions that are secure, compliant, and resilient over time.

• How leading organisations are implementing Zero Trust across hybrid and multi-cloud environments
• Breaking down real-world playbooks: identity, segmentation, continuous verification
• Overcoming resistance, complexity, and legacy system limitations on the path to Zero Trust

Speakers

Hanapi Bisri Head of Group ICT Petra Energy

Dr Manmeet Mahinderjit Singh Associate Professor Universiti Sains Malaysia

Exploring how cyberwarfare-style threats are reshaping cloud security, and what CISOs must do to build resilient, threat-informed cloud environments using CSA-aligned frameworks.

Moderator

Mohammed Hashim Security Architect Cloud Security Alliance Malaysia Chapter

Panellist
Ts. Mohamed Kheirulnaim bin Mohamed Danial Cybersecurity Practitioner CSA Selangor Chapter

Dr. Noor Zaman Professor and Director for Research Centre Taylor's University

• Anticipating the next generation of ransomware, APTs, and AI-powered attacks
• Understanding how geopolitical shifts and AI misuse could destabilise security ecosystems
• Rethinking playbooks, tooling, and collaboration for the threat landscape of tomorrow

 
Moderator

Sivanathan Subramaniam Group Chief Cybersecurity & Risk Officer CTOS Digital

Panellists

Ebenezer Godomon Deputy Director II (Cyber Security) Sabah State Computer Services Department

G Saravanan CIO National Cancer Society Malaysia

Mohammed Hashim Security Architect Cloud Security Alliance Malaysia Chapter