2 September 2021
President, ISACA SG Chapter
Steven Sim has worked for 24 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven security governance and management initiatives and headed incident response, security architecture, technology and operations at local, regional and global levels.
He currently leads Global OT Security Governance, Technology Management and Cybersecurity Masterplan Project Management Office. He also leads the Global Cybersecurity Incident Response and oversees CSIRTs in business units. He also leads the Group IT Security Centre of Expertise to franchise best practices to business units and has also driven cyber initiatives, developed standards, managed threats, researched vulnerabilities and promoted awareness.
He also volunteers at the ISACA Singapore Chapter as the President, chairs the OT-ISAC Executive Committee and holds a Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA. He is an APMG-accredited trainer for ISACA’s core certifications and a member of both the Microsoft APAC CISO Council, Fortinet Executive Cyber Exchange (ECE), CyberEdBoard and SANS Offensive Operations Community.
Gregory J. Touhill,
Director Gregory J. Touhill, CISM, CISSP, Brigadier General (ret), is president of the AppGate Federal Group (USA). Also a professor of Cybersecurity at Carnegie Mellon University’s Heinz College, he has extensive experience as the director of profit and loss corporations and non-profit organizations, including serving on the Splunk, Intel and Symantec Federal Advisory Boards. Prior to entering the private sector, General Touhill concluded a distinguished career of public service culminating in his selection by the President of the United States as the US government’s first Chief Information Security Officer. His other civilian government service includes duties as the Deputy Assistant Secretary, Cybersecurity and Communications at the United States Department of Homeland Security; and as Director of the National Cybersecurity and Communications Integration Center, where he led national programs to protect the United States and its critical infrastructure. He is a retired Air Force general officer, a highly decorated combat leader, an accomplished author and public speaker, and a former American diplomat.
Dr Janil Puthucheary,
Senior Minister of State, Ministry of Communications and Information & Ministry of Health
Janil Puthucheary worked as a Paediatrician and Paediatric Intensivist. He graduated from the Faculty of Medicine of the Queen's University of Belfast and received post graduate training in Belfast (Northern Ireland), London (UK) and Sydney (Australia). He completed his training at KK Women's and Children's Hospital, Singapore and continued to work there in the Children's Intensive Care Unit.
He went on to join the Duke-NUS Medical School, teaching first year medical students. Prior to entering politics, he held the following posts:
Senior Consultant – Children’s Intensive Care Unit, Department of Paediatric Medicine, KK Women’s and Children’s Hospital
Head, Department of Paediatric Subspecialties KK Women’s and Children’s Hospital
Associate Professor Duke-NUS Graduate Medical School
Dan Yock Hau, Assistant Chief Executive, Cyber Security Agency of Singapore
Mr Dan Yock Hau is Assistant Chief Executive for National Cyber Resilence at the Cyber Security Agency of Singapore. He is also concurrently Director (National Cyber Incident Response Centre) for the last 5 years. Prior to CSA, Mr Dan was an Army Officer for 25 years,. His last appointment in MINDEF was Deputy Head of the Joint Communications and Information Systems Department.
As part of the management team, Mr Dan supports the agency’s effort to provide dedicated and centralised oversight of the national cyber security’s functions, including cyber security operations, strategy, policy development, industry development and outreach. As ACE (NCR), he leads the Operations Group in overseeing the operational readiness, resilience and protection of the Critical Information Infrastructure (CIIs). This includes governance over CII operators, threat monitoring of the cyberspace, incident response to cyber incidents, and working with other government agencies to ensure coordinated efforts against cyber threats in Singapore. He also leads the Safer Cyberspace group to develop policy levers and engagement programmes to support enterprises and individuals to strengthen their cybersecurity preparedness.
Mr Dan graduated from the National University of Singapore with a Bachelor of Engineering (Electrical and Electronics Engineering). He holds a Master’s of Science in Defence Technology from Cranfield University, UK, and a Master’s of Arts in Defence Studies from King’s College London. He attended the Lee Kuan Yew Senior Fellowship in Public Service in LKY School of Public Policy.
Albert Pichlmaier, Senior Cybersecurity Engineer, Drew & Napier LLC
Albert is currently working at Drew & Napier LLC as Senior Cybersecurity Engineer, where he supports the TMT and Data Protection Practice Groups in their legal work. In addition, he is also the Course Director for the Cybersecurity Modules at Drew Data Protection & Cybersecurity Academy.
Before, he was an Executive Manager with the Personal Data Protection Commission (PDPC), where he was involved in technology assessments for data breach investigations, research into trending/disruptive technologies, and was advising on technical aspects of various PDPC guidelines and publications (amongst other matters). Prior to his role with the PDPC, Albert worked in a number of technology-related roles with IDA and various companies in Germany, Spain and Singapore including as VP of research and development, lead Testware developer, and soft/firmware engineer. He was also a technopreneur, having set up a company to provide testing tools for embedded systems and smartcard applications.
Albert holds a degree in Computer Science from Germany. He is a Certified Information Systems Security Professional (CISSP), a Certified Data Privacy Solutions Engineer (CDPSE), and a Certified Blockchain Developer. He has a strong interest in a variety of topics like Artificial Intelligence/Machine Learning, Data Analytics, Big Data and Data Visualisation, and Quantum Computing.
In this session we will look at some high level anchor points in terms of Blockchain and Personal Data, which need to be well-thought-out when considering use of such technology in the context of a specific regulation. There is no simple answer, whether ‘matching them up’ would lead to a ‘happy ever after’ or a more shaky, troubled symbiosis. The points discussed, therefore, are more about aspects one might want to include in a risk management consideration (e.g. as part of a DPIA [Data Protection Impact Assessment]) than any kind of easy to follow recipe (or marketing hype talk).
Bernard Tan, Director/Cybersecurity Group, GOVTECH
Bernard is a Director in GovTech leading the GovTech Cybersecurity consultancy team to provide risk based consultancy services to architect the cybersecurity of Nationwide and Governmentwide strategic projects. Through his 15 years in the public sector, he has undertaken various cybersecurity roles and projects in areas of Homeland security. He held key roles such as Ministry Chief Information Security Officer (MCISO) and Head of Information security in MHA.
In his role as MCISO, he was also appointed as security advisor in audit and risk committee to provide security guidance to the home team's audit steering committee. Prior to joining GovTech, he was a security product developer and solution architect.
The current state of meeting compliance requirements subscribes a “good enough” security principle. This state of mind stands to be challenged with the rapid change in business needs such as the COVID-influenced working new norms that stretch the security compliance boundaries. The threat landscape has also continued to evolve and reminds us about the “cyber chase”, where our trust boundaries have to be redefined in the realms of people, processes and technology domains.
“Where we are now” will need a rethink and we should move towards a “where we should be” state. In this presentation, I will share some of the key sensible cybersecurity principles that help us not only maintain our compliance posture, but also inject agility which acts as tailwind to move us ahead with a pragmatic and sustainable cybersecurity undertaking.
Damian Teoh, Head of Innovation and Technology Audit, Macquarie Group
Damian joined Macquarie in June 2019 to head up the global Innovation and Technology Audit team based in Sydney, Australia. In the previous four years, he was the Asia-Pacific Head of Technology, Change and Third Parties audit for Citibank based in Singapore. Before joining Citibank, Damian spent the prior 16 years at Credit Suisse where he held several regional leadership positions in the Internal Audit and Technology Risk Management functions, based in Singapore and Tokyo. He was previously a senior consultant at Arthur Andersen.
Damian holds a Bachelor of Commerce (Accounting and Finance) from Macquarie University and a Master of Business and Technology from the University of NSW. He is also a Chartered Accountant and Certified Information Systems Auditor.
Daniel Ehrenreich, Consultant and Workshop Lecturer, SCCE SCADA Cyber Security (Israel)
Daniel Ehrenreich, BSc. is a consultant and lecturer acting at Secure Communications and Control Experts, periodically lecturing at industry conferences cyber defense for industrial control systems; Daniel has over 30 years’ experience with ICS systems for: electricity, water, gas and power plants as part of his activities at Tadiran, Motorola, Siemens and Waterfall Security. Reselected 6th time as the Chairman for ICS Cybersec 2021 taking place on 27-10-2021 in Israel
CS-OT Security – Industrial Control Systems (ICS), also known as Operation Technology (OT), are broadly used in a wide range of industrial and utility applications. These ICS-OT systems include an Automation Server (AS) integrated with the Human Machine Interface (HMI) and use serial, ethernet or wireless media for connecting with Programable Logic Controllers (PLC) and a broad range of sensors and actuators.
While the majority of ICS-OT systems can be structured according to the Purdue Model (Layer 0 – sensors and actuators, Layer 1 – PLCs/RTUs and Layer 2 – the AS and the HMI), the architecture and cyber security solution for each ICS-OT must be defined and designed according to the criticality of the control process. In some cases, the cyber security requirements may be lighter and in other projects for a similar application the specification can be tougher and more complex. The ICS-OT expansion with Industrial Internet of Things (IIoT) ecosystems enhances the business performance and the productivity, but also increases the cyber-attack surface and the risk of attack against the organization. The system architect will have to deal with factors such as operation safety, reliability, productivity, data confidentiality, data integrity, operation convenience and lastly, but most importantly, with cyber security. This presentation will clearly elaborate on the risks and the consequences caused by a cyber-attack.
Dr Ong Chen Hui, OT Cybersecurity Expert Panel, OTCEP
Biography: With 20 years of experience in cybersecurity and technology innovation, I have proven capabilities in leading diverse teams towards impactful outcomes in deep tech. Today, I am the Cluster Director (Biztech Group) at Infocomm and Media Development Authority of Singapore, where I will be spurring the research and adoption of emergent technologies, e.g. 5G, AI/Data, Trust Technologies, in the industry and IHL. As the co-chair of SG Women in Tech, I work with like-minded industry leaders to encourage a diverse workforce in tech. I am a member of Cybersecurity Agency of Singapore's OT Cybersecurity Experts Panel (OTCEP) and a mentor in the AiSP's Ladies in Cyber programme. Am an agile learner with the ability to translate technology advances into business opportunities and, in turn, to translate desired business outcomes into technology requirements. I have successfully built teams from scratch as well as managed inherited diverse teams from business stakeholders, academic researchers etc in order to lead technology innovations from concept to execution. I am an invited speaker at various conferences and I have published papers in leading academic conferences.
National Cybersecurity Officer – ASEAN
CISSP, CCSP, GCIH, GMON, GISCP, GSEC
Cisco Systems, Inc.
Joshua McCloud is the lead for cybersecurity strategic country engagement and consulting in Cisco's Security & Trust Organization (STO) for ASEAN. STO is responsible for protecting Cisco’s enterprise business operations, ensuring the security and integrity of Cisco’s products and services, and collaborating with governments, industry, and standards bodies to strengthen national cybersecurity posture. Joshua works with government cybersecurity agencies, critical industry sectors, and large enterprise organizations to improve cybersecurity effectiveness in alignment with organizational and business goals.
Joshua has worked for over 20 years in the public and private sector environment supporting customers in Asia, the US, Europe, Middle East, and Africa. Joshua has deep expertise in the areas of cybersecurity, architectural methodologies and frameworks, and software defined networking. He is a speaker at industry events, has published numerous articles, and co-authored the book ‘SAP on the Cloud’.
Joyce Chua, First Vice President, UOB Group (UOB)
Ms. Joyce Chua has 20+ years of experience in information privacy and security, IT governance, audit, risk and compliance. As part of ISACA Privacy Advisory Group Member, IAPP Asia advisory board member and associated task forces/review team for years, she keeps herself abreast of emerging trends and participates in the standard, publication and article reviews as subject matter expert.
She just joined UOB Group in mid April this year as the First Vice President, Data Management Office and takes lead in data protection and privacy governance and initiatives. Prior to that she was previously the Asia Pacific Privacy Officer for Sony Electronics (excluding Japan, China and Hong Kong; including Middle East and Africa).
The presentation “Privacy Journey: Through the eye of a Privacy Professional” by Joyce Chua is targeted to share her experience and journey from a typical IT to operational privacy professional, and what helped/help her in this journey. She would also share key takeaways/lessons learnt from her story and how aspired ISACA members can join this high-demand job roles.
Kenny Yeo, Associate Director and Head of Asia Pacific Cyber Security Practice, Frost & Sullivan
Kenny Yeo is an analyst with the ICT team and leads the cyber security practice across Asia Pacific. He is currently researching on how technologies like cyber security, IoT, cloud and analytics impact different industries. With 18 years of research, consulting, team management and business development experience, he has expertise in segments like cyber security, IoT, smart retail, industrial and e-government.
Kenny has participated in multiple consulting engagements helping companies with digital transformation, and shared his thoughts in the media with CNBC Asia and Channel NewsAsia, and publications with South China Morning Post, ComputerWeekly, Enterprise Innovation and Logistics Insight Asia among others.
Managing Director, Cybersecurity Asia Pacific, Japan And China
Kerry Singleton is Managing Director of Cybersecurity for Asia Pacific, Japan and China (APJC) at Cisco. He is responsible for the strategy and growth of Cisco’s security business in the region, and driving Cisco as the No. 1 security partner and advisor to customers and partners.
With two decades of expertise in the Security and IT industry, both within and outside of Cisco, Kerry’s role is focused on developing and positioning cybersecurity as an integral foundation for all businesses. Prior to his current role, Kerry was Director of Cybersecurity for ASEAN, and before that, Regional Director for Advanced Threat Solutions in APJC at Cisco, where he worked on interfacing new technologies into Sales and Technical Teams, Business Unit, Marketing, Sales and Channel to grow the business within the region.
Kerry joined Cisco following the acquisition of Lancope in 2015, where he was the Director for MEAR and APJC managing the Sales and Systems Engineering teams for the region. Before joining Cisco, Kerry worked as an SE Manager for DDI company Infobox. Prior to that, he held various roles on the customer side at the Royal Bank of Scotland, Lloyds Banking Group and British Airports Authority (BAA). Kerry holds a Master’s Degree from The University of Strathclyde, Scotland and a Bachelors in Science from Massey University, New Zealand. He is married and has a two-year old son, Ethan.
Users are connecting to applications and data residing on premises and in the cloud from any location and device today. With accelerated adoption of multicloud solutions and a distributed workforce, organizations are struggling to protect against evolving cyber threats, ensuring they have end-to-end visibility across their architecture and isolating and resolving performance issues across the internet, cloud and SaaS. Addressing this new multicloud, distributed work environment requires a new approach to networking, security and monitoring. This is when Secure Access Service Edge (SASE) which combines networking and security functions in the cloud comes into play, to deliver secure access to applications and users, regardless of where and when they are connecting from. Kerry will share how SASE can help organizations consolidate various functions which were traditionally delivered in silos, and how businesses can start on their SASE journey.
Lim Thian Chin
Director CII Division, Cyber Security Agency of Singapore (CSA)
Thian Chin is leading the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). The division is responsible for building the cyber resilience of the Nation’s essential services across 11 CII sectors covering government, utilities, transport and services clusters. His team works with sectoral regulators to strengthen the cyber resilience of CIIs, to promote confidence building measures and to deepen the public-private partnership between the government and CII stakeholders. Thian Chin also represents Singapore in International and regional cybersecurity forums where he shares his knowledge on CII protection and cybersecurity capability building.
Thian Chin has over 17 years of experience in Information & Technology governance, risk management, resilience and compliance, and Operational Technology cybersecurity. Prior to joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC from 2008 – 2013. In his earlier years, he was a Manager and had led a team of auditors in Information Technology in Ernst & Young.
Thian Chin holds a Bachelor’s Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is certified as a CGEIT, CRISC, CISM, CISSP, CISA and SABSA practitioner.
Cyber 360, Israel Chapter
Cybersecurity & Privacy Researcher, Expert and Adviser for security & governmental offices, financial institutions, corporations and various enterprises.
Serving as head of the Cyber and Information Security Manager at the Ministry of Transport and Road Safety in Israel, and leading the sectarian Cyber regulative strategy, policy and governance.
Lead adviser on Cyber, Information Security & Privacy in several banks & financial enterprises, Insurance companies, Health organizations, Education institutes and other Fortune 500 companies.
Research Associate at the International Institute for Counter-Terrorism in The Interdisciplinary Center in Herzliya.
Holds multiple various certifications: CISO, CISM, CRISC, CISA, CISSP, CEH, PCIP, EnCE and many others.
Director, SpiderLabs Asia. Trustwave, a Singtel company
Saeid is a cyber attack specialist who helps organisations improve their security by simulating Advanced Persistent Threat (APT) groups and building internal red team capabilities. He has extensive experience in directing advanced stealth operations and combating defences in a highly-secure environment. Before joining Trustwave, he had successfully built and operationalised a leading Financial Institution's (FI) Red Team and conducted various red team exercises in the South East Asia region. Saeid has presented in various international conferences, holds a B.Sc. in Information Systems Security and has obtained several valuable industry certifications.
We hear about new breaches happening to organisations despite their enormous cybersecurity spends: databases are leaked online for sale; systems are locked down by ransomware; patents and confidential information are stolen; and operations are disrupted.
What could be the issue?
In this session, we share our insights and observations surrounding the common “mistakes” organisations might make when it comes to planning, budgeting and executing security exercises, either done incorrectly or inadequately, which could be “a waste of money”.
We will also introduce an innovative approach to attack simulations including a cyber resilience programme that will help organisations to improve their cyber defence in the long run.
Principal Strategic Consulting, Trustwave, a Singtel company (CISSP, CCSP, CDPSE, CISM, and CEA)
Sukhdev Singh (CISSP, CCSP, CISM. CEA,CDPSE, ACLP) is currently Trustwave’s Director Consulting & Professional Services. He helps client’s benefit from the expertise Trustwave offers to succeed in improving their security posture. For the past two decades, Sukhdev’s roles in Security have been instrumental in the design, deployment and optimization of security solutions architecture for clients across different verticals. His experience has helped him develop a multitude of skills best demonstrated by his achievement of awards for dedication to work, excellence in People Management and client accolades.
Sukhdev has international experience in a foreign public service as well as being an entrepreneur of a security boutique. Prior to joining Trustwave, he was the AP Technical Executive with IBM Security Systems Division. Being a pioneer during the formation of the IBM Security Business Unit in AP, he was involved in the successfull integration of 7 security acquisitions and also lead the team across Central Eastern Europe, Latin America, Middle East & Africa and APAC. Prior to IBM, Sukhdev served as the X Force spokesman for Internet Security Systems and Director of X Force Education AP.
Sze Toh Kai Siang
Assistant Director, Data Tech, Personal Data Protection Commission (PDPC)
Senior Vice-President, Strategy, Imperva Inc
Terry Ray is the SVP Strategy for Finance and Healthcare and an Imperva Fellow for Imperva Inc. Uniquely, Finance and Healthcare have very strict regulations, steep fines, complex environments and highly valued data that attracts bad behavior. Terry applies his decades of security experience to these industries and their cyber security challenges. As a technology fellow, Terry supports all of Imperva’s business functions with his more than 2 decades of security industry experience and expertise. Previously he served as Imperva’s Chief Technology Officer where he was responsible for developing and articulating the company’s technical vision and strategy, as well as, maintaining a deep knowledge of the Application and Data Security Solution and Threats Landscape. Earlier in his tenure at Imperva, he held the role of Chief Product Strategist where he consulted directly with Imperva’s strategic global customers on industry best practices, threat landscape, application and data security implementation and industry regulations.
He continues to operate as an executive sponsor to strategic customers who benefit from having a bridge between both company’s executive teams. He was the first U.S.-based employee, and during his 17 years at Imperva, he has worked hundreds of data security projects to meet the security requirements of customers and regulators from every industry.
Terry is a frequent speaker for RSA, Gartner, ISSA, OWASP, ISACA, IANS, CDM, NLIT, The American Petroleum Institute and other professional security and audit organizations in the Americas and abroad. Terry also provides expert commentary to the media and has been quoted in Security Week, SC Magazine, Forbes, CBS News, the BBC and others.
Using and storing private data is a necessary part of doing business for most organizations and it remains both a highly targeted asset by attackers, as well as, a highly governed asset for regulators. For years, organizations have tried to meet demands around data with limited successes and numerous failures. In this presentation we will explore the modern demands on data from pro-active security, post-breach incident response, industry regulatory requirements to the more recent consumer privacy requirements, all while highlighting the questions organizational functions should be asking to determine how effective their program may be.
Head of Group Technology Information & Cyber Risk (TICR), OCBC
Thomas has more than 28 years of experience in IT, and is currently the Head of Group Technology Information & Cyber Risk (TICR) for the OCBC Group, where he is responsible for driving group-wide risk governance and risk management activities relating to technology, information and cyber risk. Prior to his current role, he has served in leadership positions in DBS Group, Credit Suisse AG, UOB Group and Citibank relating to the professions of IT Risk Management, Information Security, BCM and IT Management. In 2018, he was recognised by the industry organisation (Institute of Banking & Finance) as IBF Fellow (Risk Management).
Thomas contributes to the development of cross-sectoral professionalism by participating in various committees and working groups. He often shares his insights at conferences and seminars to help elevate the competencies of professionals. He holds an MBA from NUS Business School, an honours degree in computer science, and industry certifications include CISM, CRISC and CITBCM.
Wu Choy Peng
Chief Technology Officer, GIC Pte Limited
Wu Choy Peng was appointed Chief Technology Officer in August 2017. She oversees the development, delivery, and operations of application systems, data and technology platforms, and core infrastructure to drive operational efficiencies and to enable strategic business outcomes. Before joining GIC, she was Group Chief Information Officer of Singapore Telecommunications Limited and held the same role in Neptune Orient Lines Group from 2006 to 2012. Ms Wu joined the National Computer Board upon graduation, and held various senior appointments including the Singapore Government’s Chief Information Officer, Deputy Chief Executive (Industry) of the Infocomm Development Authority and Chief Information Officer of the Ministry of Education. Ms Wu is on the board and executive committee of the National University Health System, and chairs its Board IT Committee. She is also on the board of Info-communications Media Development Authority Integrated Health Information Systems.
Ms Wu holds a Bachelor of Science (Honours) degree in Computer/Communication Science/Mathematics and a Master of Science in Computer Science/Engineering, from the University of Michigan, Ann Arbor.