-
Summary
-
Speakers
-
Schedule
-
Contact Us
<
>
Cloud Security for Digital Transformation
This one-day program co-organised by CSA APAC & CSA Philippines Chapter will provide insight and provide a perspective on critical strategic cloud and cybersecurity concerns. Join the leading experts with domain proficiency and expertise to discuss the key issues and trends facing cloud security and cybersecurity today at this virtual Summit on 11 November 2021.
The event is free to attend. To register for the sessions, log in using your BrightTalk account. If you do not have an existing account, please sign up here https://www.brighttalk.com/login/. Once the account is created visit https://www.csaapac.org/csaphilippinessummit2021.html and register for sessions you would want to attend under the 'schedule' tab.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
The event is free to attend. To register for the sessions, log in using your BrightTalk account. If you do not have an existing account, please sign up here https://www.brighttalk.com/login/. Once the account is created visit https://www.csaapac.org/csaphilippinessummit2021.html and register for sessions you would want to attend under the 'schedule' tab.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
Co - Organized by
Platinum Partners
Gold Partners
Speakers & Panelists
Jason BRASILENO
VP - Head for Business & Enterprise Risk (Philippines), Lazada
|
Jason is experienced risk management professional with a demonstrated history of working in the manufacturing, chemical industry, food, holdings, banking, utilities and corporate services. Skilled in business continuity, crisis management, ISO 14001, enterprise risk management, disaster management, business planning, and internal audit.
|
Welland CHU
Director, Business Development, APAC, Thales
|
Welland Chu is the Business Development Director, APAC at Thales. Over his 28 years in the security industry, Welland has been leading teams of security professionals in implementing security solutions for providing independent security assessments on Cybersecurity at enterprises, cloud migration, fintech & traditional payment, personal data privacy. In parallel of his role at Thales, Welland serves as the VP (certification) and Secretary at the China Hong Kong Chapter of ISACA, a global non-profit organisation focusing on IT Governance and Cyber Security.
|
Mark FROGOSO
CISO, GCash, Mynt
|
Frogoso is the Group Chief Information Security Officer of Mynt (Globe Fintech Innovations, Inc.), the holding company of the largest and top e-wallet in the Philippines, GCash. In this role, he oversees all Information & Cyber Security and Data Privacy Groups within the company and its subsidiaries. He is responsible for establishing and maintaining the information security vision, strategy, and programs to ensure the organization's assets and data are adequately protected and enable the organization to achieve its business objectives.
|
Gonz GONZALES
VP, Governance, CSA Philippines Chapter
|
Gonz Gonzales is the VP for Governance of the CSA Philippines Chapter. He has more than two decades in the field of IT and has been in cybersecurity since 2003. Gonz's professional focus is on information risk management and security architecture. He possesses several certifications in information security and data privacy and is a member of various related professional organizations. Gonz is currently Chief Information Security Officer of a Philippine conglomerate.
|
Debashish
JYOTIPRAKASH VP Asia, Qualys
|
With over 17 years of multi-industry experience, Deb is a cybersecurity evangelist. In his current role as a CTSO at Qualys Inc, he is an avid customer advocate, SME and Security Solution Architect of the Qualys Cloud based security platform and enables Qualys customers globally to make the best out of their CyberSecurity investments and prepare them to combat the next level of Cyber threats that emerge.
|
Prof. Ryan KO
Chair & Director, UQ Cyber Security, University of Queensland, Australia
|
Professor Ryan Ko is Chair and Director of UQ Cyber Security at the University of Queensland, Australia. He is also Discipline Leader of the Cyber Security and Software Engineering Discipline at the School of ITEE at UQ. He is also Fellow at the CSA and recipient of the CSA Ron Knode Service Award. His applied research in cyber security focuses on returning control of data to cloud computing users. His research reduces users' reliance on trusting third-parties and focusses on (1) provenance logging and reconstruction, traceability and (2) privacy-preserving data processing. Both his research foci are recognised nationally and internationally, receiving conference Best Paper Awards (2011, 2015, 2017), and technology transfers locally and internationally. Prior to UQ, he held scientific leadership positions at Hewlett Packard Labs and the University of Waikato, New Zealand. He holds a BEng(Comp Eng)(Hons) and PhD from Nanyang Technological University, Singapore.
|
Drexx LAGGUI
Principal Consultant, Laggui & Associates, Inc.
|
Drexx Laggui is the Principal Consultant of Laggui & Associates, Inc. – an Information Security Consulting firm offering forensics, litigation support, penetration testing, PCI-DSS Audit and compliance services.
He conducts deep-dive investigations and analysis of cyber security incidents, through utilizing state of the art incident response approaches, cyber forensic methodologies and reverse engineering techniques. Platforms include include MS Windows operating systems, Solaris, HP UX, IBM AIX, various distributions of Linux, MacOS, QNX, Blackberry OS, Android, and iOS. Additionally, Drexx Laggui also works with clients in the growing area of cybersecurity incident response management, with a focus on preparing clients to effectively handle cybersecurity incidents as well as occasionally providing advisory services to clients experiencing incidents. He helps clients prepare for incidents by developing and evaluating response capabilities and plan documentation, delivering training, and conducting exercises to test response capabilities. He has extensive experience in developing, managing, and operating incident response capabilities, conducting training, exercises and workshops, and is very familiar with tactics, techniques, and procedures commonly employed by and used to thwart threat actors. With regards to experience in Digital Forensics and PH Rules of Court On Electronic Evidence, his case types have included: intellectual property theft, labor disputes, forgery of electronic documents and identification papers, criminal hacking incidents involving financial transactions, tampering of the database of academic records, rape scandal involving high-profile celebrities, assassination of a politician, homicide involving foreign military serviceman, vandalism of corporate websites, electoral fraud, and even libel. A proud accomplishment was when he was contracted by the DOJ as lead developer for the PH Cybercrime Investigation Manual, as well as for PH Information Security Incident Response Management Manual for National Cyber Security Office by the DOST ICTO (now DICT). He has also given expert witness testimony for the Singapore International Arbitration Centre, the Philippine Dispute Resolution Center, the Philippine Senate, the Philippine House of Representatives, and in various Metro Manila trial courts. |
Dr. Hing-Yan LEE
EVP APAC, CSA
|
Hing Yan Lee is Executive Vice President, APAC at the CSA. He has over 30 years of ICT working experience in both the public and private sectors. He was global director of the CSA STAR program for 6 months in 2017. Prior to that, he was Director of National Cloud Computing Office at the Infocomm Development Authority (IDA) for 9+ years, where he was responsible for the national program for, inter alia, developing the cloud ecosystem, promoting cloud adoption by government agencies and private enterprises, and building a trusted environment (which included developing the Multi-Tier Cloud Security (MTCS) standards and Cloud Outage Incident Response guidelines).
He was previously Deputy Director of National Grid Office at the Agency for Science, Technology & Research (A*STAR), Principal Scientist at the Institute for Infocomm Research, Director of Knowledge Lab and Deputy Director of Japan-Singapore Artificial Intelligence Centre at the Kent Ridge Digital Labs as well as Deputy Director at Information Technology Institute (the applied R&D arm of the National Computer Board). He oversaw and managed industry collaborations and applied R&D in machine language translation, spoken language dialogue, expert systems, knowledge discovery, data mining, data visualisation, and other knowledge-driven efforts. Hing Yan is a Fellow and former VP of the Cloud Chapter in Singapore Computer Society. He is active in the ITSC working group on MTCS revision, and SingAREN Lightwave Internet Exchange (SLIX 2.0) Steering Committee. He has also undertaken consultancy and research reviews for the governments of Finland, Israel, Malaysia and Singapore as well as cloud service providers. He graduated from the University of Illinois at Urbana-Champaign with PhD and MS degrees in Computer Science. He previously studied at Imperial College London in the UK where he obtained a BSc (Eng.) with 1st Class Honours in Computing and MSc in Management Science. |
Donald Patrick L. Lim
COO , DITO CME & CIO, Udenna Corp
|
Donald is DITO CME’s Chief Operating Officer and serves as Chief Innovation Officer of parent company Udenna Corp in a concurrent capacity. He is one of the pioneers and founding fathers of digital marketing in the Philippines and was responsible for the growth of trailblazing companies ABS-CBN Digital and MWG’s MRM. He was a past national president of the Philippine Marketing Association as well as Founding President of the Internet and Mobile Marketing Association of The Philippines. Donald has been awarded the TOYM in Community Building and a Young Global Leader conferred by the World Economic Forum. Donald has been on the Board of Governors of the Management Association of the Philippines and was part of the Board of Directors of the Manila Junior Chamber and Board of Trustees of WWF Philippines and Operation Smile.
|
Ian LIM
Field Chief Security Officer, Palo Alto Networks
|
Ian Lim is field chief security officer for Asia Pacific at Palo Alto Networks. In his role, Ian helps to develop innovative solutions, threat prevention strategies, and risk management frameworks for business executives as well as the wider cybersecurity community.
With over 20 years of dedicated cybersecurity experience, Ian has led global security departments for Fortune 100 companies, deploying defense-in-depth capabilities to thwart advanced attacks. He has cross-industry cybersecurity expertise in the financial, real estate, and healthcare verticals, and has done on-the-ground work in the US, EMEA and APAC. He is also instrumental in developing governance policies and risk frameworks to meet regulatory compliance requirements. Ian graduated from University of California Irvine with a Computer Science and English degree, and is currently an Executive Committee member at his alma mater’s Cyber Research Policy Institute. On the publishing front, Ian is the principal author of "Information Security Cost Management" and "Securing Cloud and Mobility", and a guest author in Auerbach's Information Security Management Handbook (required reading for CISSP). In his free-time, Ian enjoys filmmaking and has participated in short film competitions. |
Mel T. MIGRINO
VP and Group CISO, Meralco
|
Mel is the VP and Group CISO of Meralco, the largest power distribution conglomerate in the Philippines and former cyber security leader of Deloitte PH and GCash in the Philippines. She is also the Chairman and President of the Women in Security Alliance Philippines (WiSAP) which focuses on empowering and inspiring women in Security.
She has more than 15 years of combined experience in cyber and IT governance, business process review and automation, application and infrastructure security, operational technology security, business continuity, privacy, IT audit, project management across multiple industries. She made it to the list of Women to Watch | Risky Women on February 2021 and was awarded as IFSEC Global Influencer for Security and Fire Top 20 in September 2020 and made it to the Top 5 on August 2021 under the Security Executives category. She was awarded as one of the Top 30 Women in Security ASEAN 2021. She is also shortlisted candidate for the CISO of the Year 2021 by Women in GRC. |
Ekta MISHRA
Country Manager India, CSA
|
Ekta has been with CSA for over seven years. As APAC Membership Director, she is responsible for customer relations with APAC corporate members, assuring that members understand and utilize their membership benefits. As India Country Manager, she is responsible for managing CSA’s business within India. She also looks after the engagement with members, partners, chapters and other strategic alliances in country. She strengthens CSA influence and presence in APAC through managing over 30 Chapters in the region primarily focusing on providing the various support system and tools for strengthing the Chapters engagement. Ekta also manages the CCSK Training in the APAC region and has been actively leading various regional events in India.
Ekta has completed her MBA in marketing from S.P Jain School of Global Management- Singapore and Dubai. |
Roleen Del PRADO
Head, Cyber & Information Security, DITO Telecommunity Corp
|
Col. Roleen Del Prado (Ret.) is a graduate of the Philippine Military Academy Class of 1992. He joined the Philippine Army and spent the first six (6) years of his career in the army infantry. He was reassigned to the Army Management Information Center in 1998 and transitioned into the position of Director for Systems Management and Operations, managing the Network Operations of the Philippine Army (PA).
He became the Commander of Information Systems Group, Armed Forces of the Philippines (AFP) in 2007. He served as G6 of the 8th Infantry Division, PA, in 2010-2011. He took up his battalion command as the Commander, 7th Signal Bn, Army Signal Regiment from 2012 to 2015. He then assumed as the Chief of Staff of the Army Signal Regiment from 2015-2017. His last position in the AFP before he retired in 2020 was the Chief of Network and Information Management Division of the OJ6, AFP. Col Del Prado (Ret.) is a well-rounded officer. He was posted as the Operations and Communications Officer of the United Nations Military Observer contingent in Ivory Coast in West Africa from September 2009 to September 2010. In 2019, Col. Del Prado (Ret.) also served as the corporate board member of the Multinational Communications Interoperability Program (MCIP) hosted by the US Indo-Pacific Command with its participating allies and partners in the Indo-Pacific area. Col. Del Prado (Ret.) is a graduate of several military and civilian specialization and graduate courses. He took the Information Systems Operations Course and the Information Systems Management Course in 2005 at the US Army School of Information Technology (presently the US Army Cyber School) in Fort Gordon, Georgia, USA. Col. Del Prado (Ret.) is also a graduate of the Command and General Staff Course (CGSC) from the AFP Command and General Staff College in 2012. He holds a Master in Business Administration (MBA) degree from the Ateneo Graduate School of Business in 2011 and a Master in Public Management (MPM) – Major in Development and Security from the Development Academy of the Philippines in 2012. He achieved his third graduate degree, the Master in National Security Administration (MNSA), from the National Defense College in the Philippines in October 2018. Col. Del Prado (Ret.) is presently the Head, Cyber & Information Security of DITO Telecommunity Corporation, Philippines. |
Ricson Singson QUE
VP, Education, CSA Philippines Chapter
|
Ricson Singson Que is the VP for Education of Cloud Security Alliance - Philippines Chapter. He spent his twenty-three years in various IT capabilities from different industries. He is currently occupied in projects involving transformation, analytics & mobile platform, and IT security. His consultancy engagements focuses on digital transformation, culture hacks, data privacy, and cybersecurity.
He is also a dedicated educator who teaches in the RVR-College of Business in De La Salle University and College of Saint Benilde-School of Professional and Continuing Education (SPaCE). Ricson serves as a board member for a coaching & mentoring organization and a social enterprise while being an active member of Cloud Security Alliance (CSA), Information Systems Audit and Control Association (ISACA), Information Security Officers Group (ISOG), National Association of Data Protection Officers of the Philippines (NADPOP), and Philippine eLearning Society (PeLS). |
Jim REAVIS
Co-Founder & CEO, CSA
|
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.
Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as cloud, mobility, internet of things and how to take advantage of them. Jim founded SecurityPortal, the Internet’s largest website devoted to information security in 1998, and guided it until a successful exit in 2000. Jim has been an advisor on the launch of many industry ventures that have achieved a successful M&A exit or IPO. Jim is widely quoted in the press and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim has a background in networking technologies, marketing, product management and systems integration. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and formerly served on WWU’s alumni board. Jim was recognized as a WWU Distinguished Alumnus in 2015. In 2016, Jim was inducted into the Information Systems Security Association Hall of Fame. |
Narudom
ROONGSIRIWONG SVP, Senior Cloud Architect, Digital Innovation and Data Group, Bank of Ayudhya PCL
|
Narudom Roongsiriwong is certified information security professional with more than 20 years experience. His primary areas of information security are in solution designing, data analytic and application security. Narudom is also proficient in enterprise architecture especially in application, security and technology architecture.
Narudom is a co-chair of Hybrid Cloud Security Working Group at Cloud Security Alliance (CSA), APAC Research Advisory Council Member at Cloud Security Alliance Asia Pacific, consultant to the Open Web Application Security Project (OWASP) Thailand Chapter. He is also the Security and Risk Committee at Thailand’s National Digital ID. |
Lefteris SKOUTARIS
Program Manager, CSA
|
Lefteris Skoutaris has been working as a security analyst for CSA in the past 4 years and is currently the Program Manager of the Cloud Controls Matrix Working Group and CCMv4.0 development activities.
Mr. Skoutaris has worked in the past at the European Space Agency and European organization for Network and Information Security, substantially contributing to cyber and cloud security projects on research, architecture and frameworks development. |
Josiah WINSTON
Regional Solution Architect, ASEAN, CyberArk
|
Josiah has over 10 years in the IT Industry, specialising in Infrastructure and Security Domains. He was instrumental in several critical national and large-scale projects, covering both design and implementation across ASEAN region. Currently holding a position as Regional Solution Architect, ASEAN, at CyberArk, he assists organisations in addressing their Identity Security and Access Management concerns to protect against targeted cyber threats and insider attacks.
|
Feng ZOU
Director, Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG, CSA
|
Feng Zou (CISSP-ISSAP, CISA) has been working in IT for 20+ years with strong technical background and broad experience in heterogeneous system and multi-culture environment. Starting as Communication Engineer in ICBC, Feng had taken different roles including Support Supervisor, Regional Network Manager, Senior Security Manager in different industry.
His main responsibilities are including designing, engineering, and implementing security technologies, providing security strategic input, design and vision for board and so on. Since 2017, Feng has been working with Huawei Cloud to provide management oversight for the all the aspects of maintain cloud service security and continuously evaluate cloud security capability to cope with the new emerging threat. Feng’s specialty: cloud security design, operation and troubleshooting; develop information security policy, standard and procedure; information security audit; network, remote Access, web and email security; security incident investigation and forensics and risk management. |
Time |
Activity |
Session Link |
9:00 am |
Welcome Remarks Dr. Hing-Yan LEE (EVP APAC, CSA) Welcome Address Don SACAMOS (President, CSA Philippines Chapter) Opening Address Jim REAVIS (Co-Founder & CEO, CSA) |
|
9:30 pm |
Keynote : Data Provenance and Cloud Security: Challenges & Opportunities Prof. Ryan KO (Chair & Director, UQ Cyber Security, University of Queensland, Australia) At the heart of all cyber and cloud security attribution challenges is the problem of data provenance tracking and its reconstruction. In this talk, I will cover past, present and developing provenance research in computer science, and cover its relation and usefulness to accountability, traceability, trust, forensics and proactive cloud and cyber security. It will feature some of the cloud data provenance research I have conducted in the past decade, discussed unsolved (or seemingly unsolvable) problems, and will discuss some of the recent developments in academia, industry, and international standards. |
|
10:15 am |
Keynote : Securing the Cloud: It All Starts with Identities Josiah WINSTON (Regional Solution Architect, ASEAN, CyberArk) As organizations increasingly pursue cloud or multi-cloud strategies, they face the challenge of achieving consistent security controls across each cloud platform’s distinct entitlements paradigm. Additionally, the rapid increase in the number and complexity of identities organizations must manage as they expand in the cloud lends extra urgency to securing access. In this session, we will dive into cloud identities and how securing them can help organizations achieve cloud security. |
|
11:00 am |
Why We Need to Secure the Cloud & the Enterprise Donald Patrick L. LIM (COO, DITO CME & CIO, Udenna Corp) Cloud continues to be embraced by organizations across the globe as the most convenient and cost-effective way of managing extensive data. With Cloud growth, so does the cloud security concerns for privacy and security of its data storage. Organizations continue to embrace new practices to optimize cloud security to maintain trust and reputation from their users. To achieve that, organizations need to understand cloud security, how cloud works, the advantages or critical aspects it offers to the organizations, the vulnerabilities, and threats and develop solutions to optimize security measures. |
|
11:45 am |
Myths and Best Practices of Security by Design Mel T. MIGRINO (VP and Group CISO, Meralco) With the new normal continuously shaping, organizations are moving rapidly to migrate to the cloud to achieve business agility and resilience. However, cloud migration and cybersecurity are efforts taken separately. Thus, a shift left approach to secure applications is crucial to implement security measures during the entire development lifecycle. Shifting security to be left aims to adopt the principles of security by design with security best practices built in, and to detect and address security issues and vulnerabilities as early as the initial stages of the development cycle. |
|
12:30 pm |
Panel Discussion: Let's talk about ABC: Assume Nothing, Believe Nobody, Check Everything For many people, Zero Trust spells the end of an era – the end of the perimeter defence. McKinnon said: "It’s a failure of the paradigm that you can have a gate and castle wall and everything on the inside is fine". MODERATOR: Gonz GONZALES (VP, Governance, CSA Philippines Chapter) PANELISTS:
|
|
1.15 pm |
BREAK |
- |
1:30 pm |
Keynote: The Future of Cloud & Cybersecurity in 2040 Debashish JYOTIPRAKASH (VP Asia, Qualys) Self-healing is already happening, so we are talking about self-thinking, sentient and even self-coding systems in Cyber by 2040. Days will continue to be 24hrs long but productivity and efficiency from that 24hrs will have grown multi-fold. You will be able to do more with less. Today it’s Industry v4.0 and we are marching to 5.0 by 2030 and 6.0 by early next decade. Industry 5.0 refers to people working alongside robots and smart machines. It’s about robots helping humans work better and faster by leveraging advanced technologies. While the cloud will make all this revolution possible, highly integrated systems will become vulnerable to systemic risks such as total collapse. Hyper-connectivity creates new social and political structures. If left unchecked, they might lead to authoritarian governance too. CyberSecurity will evolve at a similar scale to tackle things like FireSale in Cyber. |
|
2:15 pm |
Securing the Cloud via CCSK Ekta MISHRA (Country Manager India, CSA) As organizations migrate to the cloud, they need information security professionals who are cloud-savvy. The Certificate of Cloud Security Knowledge (CCSK) is widely recognized as the standard of expertise and provides an individual with the foundation they need to secure data in the cloud. Learn how CCSK can bridge the gap and provide an important first step in establishing baseline knowledge for individuals in cloud security. |
|
2:45 pm |
Introduction to the Cloud Controls Matrix v4.0 Lefteris SKOUTARIS (Program Manager, CSA) The presentation aims to provide a synopsis about the latest release of the Cloud Control Matrix version 4.0, a greater insight into its development and new components, the current activities of the CCM working group (ongoing works, published and future works) and finally an update on CSA’s STAR program and transition policy from CCMv3.0.1 to CCMv4.0. |
|
3:30 pm |
Mitigation Measures for Risks, Threats, and Vulnerabilities in Hybrid Cloud Environment Feng ZOU (Director, Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG, CSA) Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its Hybrid Clouds and Its Associated Risks white paper. However, after this review of risks, threats, and vulnerabilities, it’s critical to identify adequate mitigation controls. This presentation will cover countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices. |
|
4:15 pm |
Panel Discussion: Hybrid Cloud Security: Risks & Mitigation Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? What are the risks in a hybrid cloud environment compared to on-prem and how does one go about mitigating each of these risks. How does one assess the effectiveness of these mitigation measures? And finally how would these mitigation measures benefit organizations/businesses? MODERATOR: Ricson Singson QUE (VP, Education, CSA Philippines Chapter) PANELISTS:
|
Disclaimer : The ordering & timing is subject to change