Kevin O’Leary is a senior IT Security professional with over 20 years of experience working for public institutions, private companies and large multinationals across Asia Pacific and Europe in a variety of management, engineering and advisory roles. He has worked both as a Chief Security Officer and Principal Security Architect across a range of business verticals (ICT, Pharma, Finance, Aviation and Manufacturing in particular).
Kevin has extensive experience within Asia Pacific region, prior to joining Palo Alto networks as their Field Chief Security Officer, APAC Kevin served as the VP and Chief Information Security Officer, GE Regions and Greater China. In this role Kevin advised the global and local leadership on Security and Risk aligned to business strategy within China and other grown regions globally. Prior to this role Kevin was the APJ CISO for HP Delivery based in Singapore, where he is still based.
Industrial Control Systems (ICS): Vulnerabilities & Resiliency
The Unique Risks of Industrial Control Systems
For many years the development of Information Technology (IT) and Operational Technology (OT) have developed along parallel tracks with IT becoming ever more connected and cloud based and OT remaining designed for managing large scale but isolated and segregated industrial installations. The continued development of Industrial Control Systems (ICS) using proprietary OT particular to an indivdual company or installation meant there was no unified global approach to patching for vulnerabilities. With advances in cloud, automation, AI and machine learning it seems obvious that OT and IT should converge to create an Industrial Internet of Things (IIOT) - however, the very nature of OT led to a culture of complacency around cyber risks. This paper aims to examine the pitfalls of retrofitting ICSs to develop IIOT with some real world examples of recent attacks and a suggested approach to managing the ensuing risks.
Mark Orsi is the president of Global Resilience Federation (www.grfederation.org), a non-profit with the mission to develop and support threat intelligence and information sharing communities including operations technology, financial services, retail and hospitality, legal services, energy, health, and oil and natural gas. Mr Orsi led strategic efforts for several prominent Fortune 100 companies, working directly with CIOs and CISOs to develop, deploy, and improve security controls protecting the confidentiality, integrity, and availability of sensitive information. Mark joined the company from JPMorgan Chase where he served as executive director and product owner for cybersecurity and technology controls. Prior to JPMorgan, Mr Orsi served KPMG as director of cybersecurity, and Goldman Sachs as vice president of technology risk. Mark holds an MBA from Columbia Business School, an MS in computer science from Johns Hopkins University, and a BS in Aerospace Engineering from the University of Maryland.
Navigating Cybersecurity From End-User Perspective
Going Beyond Defence in Depth… Become Proactive!
Cyber threats are ever evolving. A typical organization is never short on the number of threats they face and end up playing a resource intensive catch-up game that is never ending. This reactive approach gives the threat actors an edge. They only need to find one gap to bypass the defences and compromise the victim organization.
How could the security operations be re-aligned to be proactive? How could intelligence be used to forecast and mitigate threats, even before they become a concern to the organization? This session will discuss the role information sharing plays in enterprise risk management. Specifically, the speakers will discuss the importance of government/private sector partnerships and how industry specific and cross-sector information sharing complements vendor feeds in protecting a company’s IT infrastructure.