• John Nai
    Vice President, Chief Information Security Officer
    Date: 2 October 2019
    Time: 1500 – 1540 hrs
    Venue: MR302, Level 3

    John Nai joined PayPal in 2012 as Chief Information Security Officer and is responsible for oversight of Information Security across all PayPal business units. John’s primary areas of focus include security strategy, risk management, security assurance, threat intelligence, critical incident management, and M&A.
    John collaborates across PayPal in broad-based efforts to improve the design and build of products, ensure industry-leading performance, and push the boundaries of innovation through new and emerging technologies.
    John’s experience in security and finance includes 20 years at Charles Schwab building and managing highly available and secure trading systems and platforms.


    Navigating Cybersecurity From End-User Perspective

    Presentation Title

    Building a User-centric Research Program


    As the cyber threat landscape continues to evolve, organizations must go beyond establishing and maintaining a strong security baseline to support compliance and basic hygiene expectations. As a global leader in digital payments PayPal treats security as top priority and has established a research program focused on user experience, trust, and safety. From protecting identities, financial transactions, customer data, and improving the ecosystem PayPal has helped create frameworks and protocols such as FIDO, HSTS, and DMARC. In this session, we will share recent research efforts aimed at improving user security without compromising experience. From advanced cryptographic techniques to anti-phishing efforts, our experience in building applied research programs will illustrate both the importance of participants of the broader ecosystem  coming together to partner and re-emphasize PayPal’s commitment to  making the internet a safer place for all consumers to pay and get paid.

  • Jonathan Nguyen-Duy
    Vice President, Strategy & Analytics
    Date: 2 October 2019
    Time: 1500 – 1540 hrs
    Venue: MR303 - 304, Level 3

    Named one of the industry's top 75 thought leaders for 2019, Jonathan is a well-known cybersecurity expert with more than 20 years of experience helping organizations of all sizes, face security and resilience challenges. As Vice President of Strategy and Analytics at Fortinet, he is focused on applying data analytics, artificial intelligence and machine learning to secure digital transformation.

    Prior to joining Fortinet, Jonathan served as Verizon Enterprise’s Security CTO and Head of Managed Security Services where he led the well-known Verizon Data Breach Investigations Report (DBIR) - widely considered to be the gold standard for threat research. His research experience covers insights from more than 10,000 data breaches and dozens of published reports.

    Jonathan is a widely published security expert and a frequent speaker at industry events. He also serves on several advisory boards for technology companies and public policy non-profits.
    A former Foreign Service Officer, Jonathan is tri-lingual and holds an MBA and BA from the George Washington University.


    Cybersecurity Ops Centre: Methodologies & Operations

    Presentation Title

    Securing the Connected Citizen and Public Sector Digital Transformation


    The risk management methodology is based on measuring cybersecurity effectiveness based on the reasonable care standard. The reasonable care standard is embodied in nearly all best practices and compliance frameworks including NIST CSF, ISO, GDPR etc. The presenter will outline elements of a reasonable level of effort and an updated approach based on Continuous Adaptive Risk and Trust assessment (CARTA) which addresses the root causes of data breaches and destructive cyber attacks. The approach uses updated traditional network segmentation, Zero Trust and Continuity-of-Operations strategies to ensure continuous identification, protection, detection, response and recovery based on adaptive trust for need-know access. The strategy aims to ensure:

    1. identification of all things connected to network/ecosystem
    2. verification of device state
    3. authentication of user
    4. validation of access request
    5. logging and monitoring of all traffic for behavior-based detection
    6. encryption based on criticality