-
Summary
-
Speakers
-
Schedule
-
Contact Us
<
>
Cloud Security in Post-MCO Era
The COVID-19 pandemic created an instant demand for cloud-based solutions requiring the majority of organizations to accelerate their journey to the cloud. The CSA Malaysia Virtual Summit will focus on educating stakeholders on the key issues and trends facing cloud and cybersecurity today. The event will deliver the education, tools and knowledge you need to make this easier, faster pivot to the cloud.
This one-day program co-organised by CSA APAC & Protem Committee, CSA Malaysia Chapter will provide insight and provide a perspective on critical strategic cloud and cybersecurity concerns. Join the leading experts with domain proficiency and expertise to discuss the key issues and trends facing cloud security and cybersecurity today at this Virtual Summit on 15 June 2022.
The event is free to attend. To register for the sessions, log in using your BrightTalk account. If you do not have an existing account, please sign up here https://www.brighttalk.com/login/. Once the account is created visit https://www.csaapac.org/csamalaysiavsummit2022.html and register for sessions you would want to attend under the 'schedule' tab.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
This one-day program co-organised by CSA APAC & Protem Committee, CSA Malaysia Chapter will provide insight and provide a perspective on critical strategic cloud and cybersecurity concerns. Join the leading experts with domain proficiency and expertise to discuss the key issues and trends facing cloud security and cybersecurity today at this Virtual Summit on 15 June 2022.
The event is free to attend. To register for the sessions, log in using your BrightTalk account. If you do not have an existing account, please sign up here https://www.brighttalk.com/login/. Once the account is created visit https://www.csaapac.org/csamalaysiavsummit2022.html and register for sessions you would want to attend under the 'schedule' tab.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
Co - Organized by
Supporting Organizations
Speakers & Panelists
John DIMARIA
Assurance Investigatory Fellow & Research Fellow, CSA
|
John DIMARIA CSSBB, HISP, MHISP, AMBCI, CERP, is Assurance Investigatory Fellow and Research Fellow with CSA. He has 30 years of successful experience in standards and management system development, including information systems, business continuity, and quality. John was one of the innovators and co-founders of the CSA STAR Program for CSPs, a contributing author of the American Bar Association’s Cybersecurity Handbook, a working group member, and a key contributor to the NIST Cybersecurity Framework. He currently manages all facets of the CSA STAR Program which includes security, privacy, continuous monitoring, and development of new solutions.
|
FONG Choong Fook
Executive Chairman, LGMS Berhad, Malaysia
|
FONG Choong Fook is a 20-year veteran in the specialized and highly-demanding area of information security. He was the first Malaysian certified by the International Register of Certificated Auditors (IRCA) as ISO 27001:2005 Provisional Auditor, and also the first batch of Malaysians who obtained CISSP international certification. In addition, since 2004 he was appointed by ISC2 to administer and proctor the CISSP/SSCP examinations in Malaysia and other Southeast Asian countries. He co-founded ISC2 Malaysia Chapter. Fong had also won the ASEAN Chief Security Officer Of The Year award from IDG in 2013 as well as the Cyber Security Professional Of The Year award from Cyber Security Malaysia in 2016.
When it comes to the topics about Cyber Security, FONG is a sought-after international speaker known for his enthusiasm, humor, dedication and passion with experience, and coverage in national television programs, magazines, radio broadcasts, conferences and webinars. He has also consulted with, and trained multiple government and multinational clients in the Asia Pacific, Eastern Europe and Africa regions on information system security, enterprise risk matrix design, policy review, policy implementation assurance, penetration testing, technical configuration evaluation, security procedures and disaster recovery/business continuity planning. FONG has strong working relationships with various law enforcement agencies worldwide, as a trusted figure in information security; he is also the distinguished guest speaker for The Federal Bureau of Investigation INFRAGARD event, Polis Diraja Malaysia Info Security trainings and various industry associations, governments and law enforcement agencies on Cyber Security Topics. Fong is the author of the “ Certified Lead Forensic Examiner ” (CLFE) courseware for Professional Evaluation and Certification Board (PECB www.pecb.org, USA). The CLFE course is currently distributed worldwide by PECB in training information technology professionals in conducting computer crime investigations and digital forensics. Fong also has had experience to be called as an Expert Witness to study, assess, evaluate and testify in the court of law. |
Ferdinand FONG
Cyber Security Practitioner at wizlynx Pte Ltd & Chair, Protem Committee, CSA Sarawak Chapter
|
Ferdinand graduated from the University of Auckland with a degree in Bachelor of Science (Physics). He brings with him over 20 years of global experience in Engineering, Manufacturing, Project Management and Global Business Development. Leveraging on his experience, he made a move to the Fintech industry in 2019, managing the migration of payment platform for a client in Hong Kong.
He is a Cyber Security Practitioner with a Swiss cyber security company, wizlynx Pte Ltd ; he has cloud security and cybersecurity as part of his portfolio of expertise. He has also been operating and managing local non-for-profit community servers for almost a decade. He is an authorized CSA CCSK instructor as well as a holder of CCSK, CISSP, CCSP and CISA. |
Alexander Stone GETSIN
CISO, RiseUp & Co-chair, Top Threats WG, CSA
|
Alexander S. GETSIN is a financial technologies security leader with particular expertise and interest in cloud security, secure application design and security governance. Alex is lead author of industry security best practices, particularly with the CSA, Top Threats research group, which he helps champion as a co-chairman. Alex leverages a decade of experience in finance, military, technology and cyber intelligence sectors, currently responsible for cyber security at RiseUp. Alex is an alumnus of the IDF technical academic program, having served in the prestigious cyber and computing MAMRAM unit. He is a certified CISSP and PMP.
|
GOH Ser Yoong
CIO, Jewel Paymentech
|
Ser Yoong is CIO of Jewel Paymentech where he leads the cloud-first technology solutions, operations and management within the company. Jewel specializes in providing AI-driven end to end solutions in managing customers risk management particularly from the financial services industry. These include eKYB solutions as well as financial transactions monitoring that are critical in today’s digitalized landscape. Prior to Jewel, he has held positions in aviation, financial services as well as Big4 consultancy companies within the areas of cybersecurity, risk and compliance. He also has experience in operationalizing technology solutions in both SME and MNC environments, including securing high volume periodic sales campaigns.
Having the privilege to be recognized as one of the top security leaders within the ASEAN region, Ser Yoong actively gives back to the community through volunteering. He currently serves on the Board of Directors for ISACA Malaysia Chapter. Being an active proponent of secure technology enablement through participation in conferences, mentoring and local task forces, he also holds an MBA degree with professional certifications that include CISA, CISM, CGEIT, CISSP and CDPSE. |
Dr. Hing-Yan LEE
EVP, Government Affairs, CSA
|
Dr. Hing-Yan LEE is Executive Vice President (Government Affairs) at Cloud Security Alliance (CSA). He has 30+ years of ICT working experience in both the public and private sectors. He was previously Executive Vice President for APAC and global director of the CSA STAR program. Before that, he was Director of National Cloud Computing Office at the Infocomm Development Authority, where he was responsible for developing the cloud ecosystem, promoting cloud adoption by government agencies and private sector enterprises, and building a trusted environment (including developing Multi-Tier Cloud Security standards and Cloud Outage Incident Response guidelines).
He was Deputy Director of National Grid Office at Agency for Science, Technology & Research, Principal Scientist at the Institute for Infocomm Research, Director of Knowledge Lab and Deputy Director of Japan-Singapore Artificial Intelligence Centre and Deputy Director at Information Technology Institute (the applied R&D arm of National Computer Board). He supervised industry collaborations and applied R&D in machine language translation, spoken language dialogue, expert systems, knowledge discovery, data mining, data visualization, and other knowledge-driven efforts at the Kent Ridge Digital Labs. Hing-Yan is a Fellow of Singapore Computer Society. He graduated from University of Illinois at Urbana-Champaign with PhD and MS degrees in Computer Science. He studied Computing and Management Science at Imperial College. |
Soon Tein LIM
Co-Chair, CIR Working Group, CSA
|
Soon Tein LIM started his career with Republic of Singapore Navy (RSN) and was awarded the Public Administration Medal (Military) in 2003. He left RSN in 2005 after his last appointment in Navy as Dy Commander, Naval Logistics Command.
Currently, he is head cybersecurity at ST Engineering – DPS (Defence & Public Security). Prior to this appointment, he was Vice President, Corporate Development in ST Engineering Electronics, involving in ST Engineering’s digital transformation programme after he led the implementation of private cloud for a major client as a programme director. From 2015 to 2018, he was head of IT for ST Electronics and concurrently in 2017 as head of IT service delivery for ST Engineering Group where he implemented a standardised “IT fault reporting and service requests” cloud platform. Before he moved into his IT role, he was a business unit head in ST Electronics (InfoSoftware System) for maritime & enterprise sectors for about 7 years. During his tenure as BU Head, he grew the BU workforce from about 200 staff to 300+ staff to deliver projects and service supports to local and international customers. Soon Tein is the advisor of SGTech’s Cloud & Data Chapter (CDC). He was the Chapter’s chairman from 2018 to 2020. During his tenure as chairman, he had organised many cloud activities, including the 1st two CloudAsia conferences events in partnership with Cloud Expo Asia 2018 & 2019. He is active in supporting IMDA GoCloud programme with his CDC’s cloud appreciation series. Under his chairmanship, the “Singapore Cloud & Data Driving Smart Nation” publication of Cloud & Data Canters Companies in Singapore was printed and distributed. He also contributed as member of COIR (Cloud Outage Incident Response), IMDA-ITSC and as co-chaired CIR working group at CSA. |
Shamsul Izhan Bin Abdul MAJID
Chief Technology & Innovation Officer, Malaysian Communications & Multimedia Commission
|
Recognised for his track record in Digital Transformation for business growth, Sam is a Business Technology leader with vast international experience in driving innovative growth across a diverse range of landscape including transportation, utilities, logistics, telecommunications and Government. At the Malaysian Communications and Multimedia Commission (MCMC), Sam is responsible as the Chief Technology and Innovation Officer (CTIO) over the Commission's technology, innovation vision and strategies execution for growth while focusing on improving technological advancement. He has bootstrapped start-ups and drives corporate innovation. He is a regular public speaker and has gained recognition with innovation awards of IDC, APICTA and iAwards. He holds a Research Masters and Engineering degree from University of Melbourne, Australia.
|
Ts. Saiful Bakhtiar OSMAN
Head of IT, APAC, ASCENT Fund Services
|
Ts. Saiful is Head of IT – APAC, for The ASCENT Group Ltd., a Singapore-based, global independent fund administrator company. He is responsible for providing technology, solutions, security, and support for all ASCENT Fund Services offices in Asia Pacific.
He was listed in the World CIO 200, by the Global CIO Forum, for the years 2020 and 2021, as a recognition of his achievement in the industry. He was also ranked as Top 75 CIO for ASEAN (CIO75) in 2021 by the International Data Group (IDG), as well as CIO50 ASEAN for the years 2019 and 2020. As an IT professional with an MBA, he has broad experience in IT management, strategic planning, IT security, digital transformation, project management, risk management and business continuity. He holds the ISACA’s CISM and CRISC certifications, PRINCE2 Project Management, SCRUM Master (Agile Project Management), ITIL Practitioner and Intermediate (v2 & v3), Microsoft’s MCSA, IATA’s Aviation Cyber Security and IBM’s Lotus Notes Specialist. |
Khadijah Ab RAHMAN
Chairman, CSA Malaysia Chapter
|
Khadijah has 19 years of working experience in the IT industry, where she focuses on cloud computing solutions and product development for the last 10 years. She leads the technical cloud product team, servicing local and international customers from various industries. In getting the public and private cloud infrastructure secured, she coordinates relevant security measures and compliance standards. She has obtained a Certificate of Cloud Security Knowledge (CCSK).
She has been continuously delivering technical seminars at a local public university and Technical and Vocational Education and Training (TVET) students since 2018 on Cloud Computing. She has been appointed an Industry Advisor at Politeknik Sultan Mizan Zainal Abidin for the 4th year. She holds a MSc in Computer Networking from the Universiti Teknologi Mara (UiTM) Malaysia, having her research dissertation work in Cloud Security complimented and published as a second author in an academic publication. The research paper won the Best Paper Award in PEOCO2019. She previously graduated from University Putra Malaysia, having obtained a Bachelor of Engineering in Computer and Communications. |
Jim REAVIS
Co-Founder & CEO, CSA
|
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.
Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as Cloud, Mobility, Internet of Things and how to take advantage of them. Jim founded SecurityPortal, the Internet’s largest website devoted to information security in 1998, and guided it until a successful exit in 2000. Jim has been an advisor on the launch of many industry ventures that have achieved a successful M&A exit or IPO. Jim is widely quoted in the press and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim has a background in networking technologies, marketing, product management and systems integration. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and formerly served on WWU’s alumni board. Jim was recognized as a WWU Distinguished Alumnus in 2015. In 2016, Jim was inducted into the Information Systems Security Association (ISSA) Hall of Fame. |
Lefteris SKOUTARIS
Program Manager, CSA
|
Lefteris Skoutaris has been working as a security analyst for Cloud Security Alliance in the past 4 years and is currently the program manager of the Cloud Controls Matrix (CCM) Working Group (WG) and CCMv4.0 development activities.
Mr. Skoutaris has worked in the past at the European Space Agency (ESA) and European organization for Network and Information Security (ENISA), substantially contributing to cyber and cloud security projects on research, architecture and frameworks development. |
Ts. TAN Zhon Teck
VP, Information Security, Bursa Malaysia
|
Zhon Teck TAN ('Zhon'), P.Tech (Cyber Security) is a visionary Cybersecurity & Cyber Risk leader, cloud security practitioner, keynote speaker, author, ethical hacker and ISACA Engage Topic Leader. He possesses professional certifications including but not limited to ISC² CISSP, CCSP, ISACA CISM, CRISC & CDPSE, CompTIA CASP+, CSA CCSK, AWS SCS, AWS SAA, Microsoft Certified Azure Fundamentals, CheckPoint CCSE, CISCO CCNP certified professional, and holds Premier Certification on Cybersecurity Managing Risk in the Information Age from Harvard University and Master of Business Administration from Arcadia University.
He is Vice President, Information Security, under Group Technology at Bursa Malaysia. He is experienced in Information/Cybersecurity training programs, IT Governance, Risk and Compliance, Cybersecurity strategic, Security Operations (SecOps), Incident Response and Offensive Security in multiple industries such as banking, insurance, manufacturing and government; who has led and formed new cybersecurity functions in different companies with transformation from traditional IT security to dynamic cybersecurity teams/department. Last but not least, he is vocal in "technical security" to facilitate senior management to make effective risk-based decisions. |
Philip
VICTOR Managing Director, Welchman Keen
|
An award-winning cybersecurity advocate with over 29 years in information technology, Philip VICTOR has served more than a decade in the cybersecurity domain. A recipient of the Senior Information Security Leadership Award from (ISC)2 for outstanding contribution in enhancing public-private partnerships globally, his role includes, spearheading Cyber Risk for Critical Infrastructure practice and engagement with the International Telecommunication Union (ITU) and governments.
In working with the UN specialized agency, ITU, Philip was instrumental in assisting governments globally in enhancing their cybersecurity posture through various initiatives and projects including National Cybersecurity Strategy, Child Online Protection, National Computer Emergency Response Team, Capacity Building and International Cooperation. He is a regular speaker at numerous international conferences, forums and seminars in cybersecurity and has published articles for publications both locally and internationally. He has also been featured and interviewed in international media as a cybersecurity expert and advocate on global issues. Philip was a former board member of Cloud Security Alliance Malaysia Chapter and sits on the Taylor’s University Industry Advisory Panel. He also serves on the Board of Study for the International Business School at University Technology Malaysia. |
Time |
Activity |
Session Link |
9:00 am |
Introduction & Welcome Remarks Dr. Hing-Yan LEE (EVP, Government Affairs, CSA) Welcome Address Khadijah Ab RAHMAN (Chairman, CSA Malaysia Chapter) Opening Address Jim REAVIS (Co-Founder & CEO, CSA) |
|
9:45 am |
Keynote : Digital Transformation in Public Sector through Cloud Adoption Shamsul Izhan Bin Abdul MAJID (Chief Technology & Innovation Officer, Malaysian Communications & Multimedia Commission) The largest employer of the country cannot afford to be left behind on the rapidly increasing pace of the Digital Transformation journey. For this reason, the Government of Malaysia introduced MyDigital, a national blueprint for public sector Digital Transformation covering 6 main pillars including adoption of cloud and 100% adoption of Digital Signature, expansion of telecommunication coverage and manpower digital upskilling. In this presentation, MCMC will share our ongoing efforts as part of driving Digital Transformation in the Public Sector through Cloud Adoption. |
|
10:30 am |
Can there be Digital Trust on the Cloud? GOH Ser Yoong (CIO, Jewel Paymentech) Within the past 2 years, the rate of new digital transformation projects has been phenomenal. Traditional organizations have quickly pivoted to the cloud as part of their digital transformation initiatives and now interaction with customers happens over this new digital context. As per any form of interaction, be it physical or digital, it takes trust for a customer to engage over such a new digital context. Without trust, customers would not have confidence in providing their personal information and data, or the quality of the service that would be offered by the service provider. This presentation will share what it takes to build digital trust with customers as well as suppliers / providers in the cloud when there is no face to face engagement but chatbots or virtual assistants, no shaking hands with a customer provider but instead digital signatures and virtual identity verification. |
|
11:15 am |
How Cloud Security Defense Secures Your Cloud Infrastructure? Ts. TAN Zhon Teck (VP, Information Security, Bursa Malaysia) In a traditional data centre, you create one perimeter, secure it by installing firewall, WAF, SIEMS etc. and you should have confidence level to ensure your data centre is secure. However, when you migrate to cloud (whether it is SaaS, PaaS or IaaS), you may not know how to secure it. Whether to consider its native security or out-of-the box cloud security solutions. Since it is a public cloud you have to be more cautious no matter how secure your crown jewel or meet regulatory compliance. Secure workload, data and source code are extremely important when you are moving to the cloud. |
|
12:00 pm |
Cloud Adoption : Musings of a CIO Ts. Saiful Bakhtiar OSMAN (Head of IT, APAC, ASCENT Fund Services) The speaker will share the story of how the ASCENT Group Ltd embarked on the cloud journey and is currently running 100% on cloud. He will speak about the journey, the challenges and the benefits realized, as well as the wisdom behind this big leap and the anticipated ROI to be achieved. |
|
12:30 pm |
Lunch Break |
- |
1:00 pm |
Cloud Incident Response Framework Soon-Tein LIM (Co-Chair, CIR Working Group, CSA) In cloud incidents, it is necessary to coordinate and share information with stakeholders and other organizations which will be discussed. This presentation is for all cloud customers as well as cloud service providers who need a clear framework for sharing incident response practices with customers. |
|
1:45 pm |
Introduction to the Cloud Controls Matrix v4.0 Lefteris SKOUTARIS (Program Manager, CSA) The presentation aims to provide a synopsis about the latest release of the Cloud Control Matrix version 4.0, a greater insight into its development and new components, the current activities of the CCM working group (ongoing works, published and future works) and finally an update on CSA’s STAR program and transition policy from CCMv3.0.1 to CCMv4.0. |
|
2:30 pm |
Cloud Threat Modeling Alexander Stone GETSIN (CISO, RiseUp & Co-chair, Top Threats WG, CSA) Threat modeling serves to identify threats and preventive measures for a system or application. However, threat modeling is one security methodology that has not matched the general rate of cloud adoption, due to a gap in guidance, expertise, and applicability of the practice. Threat modeling for cloud systems expands on standard threat modeling to account for unique cloud services. It allows organizations to further security discussions and assess their security controls and mitigation decisions. The CSA Cloud Threat Modeling best practice attempts to bridge the gap between threat modeling and the cloud. To that end, this publication provides crucial guidance to help identify threat modeling security objectives, set the scope of assessments, decompose systems, identify threats, identify design vulnerabilities, develop mitigations and controls, and communicate a call-to-action. Central lessons include the benefits of threat modeling, the unique knowledge and considerations required when threat modeling in the cloud, and how to create a cloud threat model. Example threat modeling cards are provided and can be used by your team for a more gamified approach. |
|
3:15 pm |
CSA STAR Program – Turning your Scars into STARS John DIMARIA (Assurance Investigatory Fellow & Research Fellow, CSA) Cloud adoption has been growing rapidly over the years due to business benefits such as cost savings, scalability, increased security, ease of deployment. In 2020 the world experienced an even bigger upsurge due to the COVID pandemic. This massive growth in cloud adoption also brings about a unique set of challenges when it comes to data privacy and security. The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies that submit to the STAR Registry indicate best practices and validate the security posture of their cloud offerings. They increase the level of assurance by turning their scars into STARs. It’s about reducing complexity, which equals reduced cost, decreased risk and increased security. Join us on this must-attend as CSA provides you with an insight into the global growing mandate for organizational certification and details behind CSA STAR. During this session you will learn how it has evolved into a framework that provides a flexible, incremental, and multi-layered cloud provider system that is being recognized as the international certifiable harmonized GRC solution, starting with development, implementation and the three levels of the Open Certification Framework that constitute up the STAR Program. |
|
4:00 pm |
Panel Discussion : Standards, Standards Everywhere, Which One Should I Adopt? In the light of the many cloud security related standards (e.g. ISO27017, STAR) that CSPs claim to comply with, how does an enterprise make sense of this plethora of seemingly different or similar frameworks? How does one reconcile these with respect to those specified by the regulators? This panel of experts will help us to clear the air and clarify the confusion as well as bring to light how programs like CSA STAR help provide a "Implement Once Comply Many" approach. MODERATOR : John DIMARIA (Assurance Investigatory Fellow & Research Fellow, CSA) PANELISTS:
|