CONFERENCE SPEAKERS

  • Serkan Cetin
    Regional Manager, Technology & Strategy
    One Identity
    Date: 1 October 2019
    Time: 1610 – 1650 hrs
    Venue: Auditorium, Hall 406, Level 4
    Biography

    Serkan Cetin, the Regional Manager of Technology & Strategy for One Identity APJ, has been with One Identity for over 6 years. During this time, Serkan has been involved in various functions across One Identity, including sales, marketing, professional services, and R&D. Serkan has been assisting clients across a wide range of industries across APJ in solving their complex IAM challenges.

    Prior to One Identity, Serkan was a senior consultant at a specialist consulting practice in Australia. Serkan was involved in the sales, consulting, architecture and implementation of projects across varying complexities and sizes, focused mainly on identity management and security, using technologies from Novell, Microsoft and Sun Microsystems.

    Track

    Leveraging Machine Learning, Automation and AI in Next Gen Cyber Security

    Presentation Title

    Using Machine Learning to Uncover Threats and Risk in Privileged Access

    Abstract

    In conventional IT operating models, it’s assumed that those inside the firewall are safe, and the threat is always on the outside. The reality is that one of the biggest threats is already inside the network. The internal threat has always existed; it’s just that it has not been at the forefront for many organisations’ IT security agendas until recently. Privileged accounts are always a prime target for any attacker. As technology continues to evolve, new attack vectors are employed, where traditional processes and static rules-based approaches are no longer sufficient in securing privileged access. Differentiating between normal behaviour versus suspicious or a potential breach is getting harder in new attack methods. This is where machine learning can help to protect your environment against breaches. Attend this session to learn more of the challenges with privileged access, and how to overcome those with new methods, technologies & machine learning to protect your environments.

  • Kok Leong Chan
    Vice President, Solution Architect Office & Competency Towers
    Ensign InfoSecurity
    Date: 3 October 2019
    Time: 1405 – 1440 hrs
    Venue: MR302, Level 3
    Biography

    To be advised

    Track

    Security by Design: Risk Assessment, Avoidance and Mitigation

    Presentation Title

    Solution Architect Service

    Abstract

    Security-by-design is the commonly held cyber axiom. But reality is that cybersecurity is often built over time, and cyber teams very often have to deal with legacy systems and devices. The challenge in surfacing, evaluating and mitigating the cyber risk factors of implementing more effective cybersecurity devices is not just in integration, but in designing and enhancing the entire cybersecurity architecture. Interpreting and translating business requirements into a detailed cyber solution requires a solution architect’s strong domain expertise across the various IT and OT systems, as well as indepth knowledge and experience in cyber policies and capabilities.

  • Brian Chappell
    Global Director for Product Management
    BeyondTrust
    Date: 2 October 2019
    Time: 1120 - 1200 hrs
    Venue: MR302, Level 3
    Biography

    Mr Chappell has more than 25 years of senior level IT enterprise experience in a career that has spanned high-tech multi-nationals, including Amstrad plc, BBC Television and GlaxoSmithKline. He has held senior roles in most IT disciplines across the whole IT delivery chain.

    Based in the United Kingdom, Mr Chappell leads the customer architecture service for BeyondTrust. His role ensures the delivery of world-class solutions built around BeyondTrust’s leading vulnerability management and privilege management platform. He is a regular speaker at industry conferences as well as a regular contributor for the press, he focuses on guidance and opinion pieces helping organisations on their journey toward best practice.

    Track

    Vulnerability and Exploit Management in An Age of Increasing Zero Day Attacks

    Presentation Title

    Is Your Tuesday Patched Enough? An Analysis of Microsoft Security Updates in 2018

    Abstract

    On the second Tuesday of every month, commonly referred to as “Patch Tuesday,” Microsoft releases fixes for any vulnerabilities affecting Microsoft products. Every year, BeyondTrust generates a report comprehensive report compiling all releases into a year-long overview, providing a more holistic view of whether vulnerabilities are increasing, and how many Microsoft vulnerabilities could be mitigated if admin rights were secured across organizations. This session will cover the key findings of the comprehensive annual analysis, which is in its sixth annual edition, including:

    • Trend comparison based on several years of data and viewpoints from a number of security experts
    • Results from analysis on 499 vulnerabilies reported across Windows OS versions
    • Why there’s been 78% increase in vulnerabilities since 2013 in Windows Servers
    • How you can fix 100% of critical vulnerabilities in Microsoft Office by removing admin rights

  • Apichet Chayabejara
    Solutions Architect, Asia Pacific & Japan
    CyberArk
    Date: 3 October 2019
    Time: 1515 – 1550 hrs
    Venue: MR302, Level 3
    Biography

    Apichet Chayabejara is CyberArk’s Solutions Architect for Asia Pacific and Japan markets with a charter to help enterprises plan and develop privileged accounts security program to secure their organizations from insider and external cyber threats. Apichet has over 10 years of experiences working on diverse cybersecurity and mission critical projects across the region. He developed his expertise in privileged access security, identity management, data encryption, and security operation center.

    Prior to joining CyberArk, Apichet held various presales and consulting positions at RSA, Cisco and Trend Micro. Apichet holds a master’s degree in Information Sciences from Tohoku University and a bachelor’s degree in Computer Engineering from Chulalongkorn University.

    Track

    Security by Design: Risk Assessment, Avoidance and Mitigation

    Presentation Title

    Secretless – A New Approach to Application Credentials

    Abstract

    Many organizations have started shifting workloads to the cloud and migrating applications into container platforms. These applications still need to connect with other resources and require credentials for secure access. We all know that hard-coded credentials in applications are bad and must be eliminated. A solution to this is to have credentials secured in the Vault and leverage on API to retrieve them in the programming code or inject into the environment variables. This approach requires the developer to implement the API, manage those credentials for authentication and keeping them secured within the applications.

    In this session, we will introduce a new approach - Secretless Broker - which enables applications running on Kubernetes or OpenShift to simply connect to target resources without credentials (or secrets). With Secretless Broker, the developer no longer needs to modify the programming code and the applications do not need to know the secrets. This eliminates the risk of credentials theft from applications and transparently handles any runtime changes to secrets value.

  • Clarence Cheah
    Director of Solution Engineering, Asia Pacific
    Okta
    Date: 2 October 2019
    Time: 1500 - 1540 hrs
    Venue: Auditorium, Hall 406, Level 4
    Biography

    Clarence Cheah is the Director of Sales Engineering at Okta. With over 17 years of experience in identity management Clarence had led teams in organisations such as Oracle, Coca-cola, Novell and IBM.

    Clarence has helped many of the world's largest enterprises, financial institutions and public sector organisations protect against threats and data breaches. Now at Okta, Clarence helps companies embrace identity as the new security perimeter.

    Track

    Advanced Identity Management and the Zero Trust Environment in Perimeter Security and Access Management

    Presentation Title

    Building Trust, in the Age of Deceit.

    Abstract

    In the digital enterprise, Trust is a priceless currency. Bad-actors exploit security vulnerabilities to cause disruption, steal information or money, which impacts trust in the company brand and the bottom line in a variety of ways.

    To maximise the efficiency of a digital enterprise and in turn its productivity and profitability, organisations must establish trust with both internal and external stakeholders and its systems to mitigate the risk of a breach and safeguard brand protection.

    The Zero Trust model can serve as a valuable framework, but each organisation may implement it differently. In this session you will learn why organisations are choosing to move to a zero - trust strategy and how regardless of your approach, putting modern identity-driven security at the core of your Zero Trust strategy will set you up for success.

  • Brian Contos
    Chief Information Security Officer & Vice President, Technology Innovation
    Verodin
    Date: 3 October 2019
    Time: 1230 – 1305 hrs
    Venue: MR302, Level 3
    Biography

    Brian is a seasoned executive with over two decades of experience in the cybersecurity industry as well as a board advisor, entrepreneur, and author. After getting his start in cybersecurity with the Defense Information Systems Agency (DISA) and later Bell Labs, he began the process of building cybersecurity startups and taking multiple companies through successful IPOs and acquisitions, including Riptech, ArcSight, Imperva, McAfee, Solera Networks, and Verodin.

    Brian has worked in over 50 countries across six continents. He is a board advisor for Cylance, JASK, Appdome, and the University of South Florida. He has authored several books, his latest with the former Deputy Director of the NSA, spoken at leading security events globally such as Black Hat, RSA, Interop, SOURCE, and BSides, and has been on C-SPAN, Fox, CNBC, CBS News, Bloomberg, and many others. Brian was recently featured in a cyberwar documentary alongside General Michael Hayden (former Director NSA and CIA).

    Track

    Incident Response, Investigations, Forensics and Recovery

    Presentation Title

    The Industrialization of Red and Blue Teaming

    Abstract

    The industrial revolution was brought on by purpose-built machinery and automation. A similar revolution has occurred in security, leading to the industrialization of red and blue teaming. In large part, this industrialization has been realized through security instrumentation platforms.

    By leveraging security instrumentation platforms, you are bringing together red and blue teaming initiatives with greater symbiotic mutualism across three major areas. First, you can validate the efficacy of security controls such as firewalls, WAFs, DLPs, EDRs, and SIEMs. If those controls aren’t working as needed, you can leverage perspective analytics to instrument them. Second, you can apply configuration assurance to verify that a change that has been made actually does what’s desired. You can also determine if that change negatively impacts other facets of security. Third, you can utilize automated, ongoing checks to ensure that what was working continues working in perpetuity. Should something stop functioning, blocking, detecting, correlating, etc., as needed, alerts will be generated in response to the environmental drift.

    The money you spend on security plus the level of effort isn’t resulting in security effectiveness. You hire security professionals, deploy security controls, and build processes. You make this investment of time, money, and resources so when an attack occurs, you can fight and be able to prevent the attack--or at least detect and respond. Two groups are critical in this fight. They include: security penetration testers (red teams that are tasked with offensive actions to evaluate defenses) and security operations (blue teams that focus on operating these security defenses).

    Yes, red teams can add tremendous value. But the legacy, manual, and expensive process of scanning, penetrating, reporting, and hoping the blue team will act on the findings largely isn’t resulting in value or reduced risk. For the blue team, you invest millions in endpoint, network, email, and cloud security controls, but organizationally you are probably spending painfully few cycles to determine if this complex mix of solutions is actually working.

    We need to readjust so that we are focusing on security effectiveness and the efficacy of our security controls. We need to industrialize our approach to red and blue teaming with security instrumentation through automation, environmental drift detection, prescriptive actions, and analytics that enable us to finally and empirically manage, measure, and improve security effectiveness.