Category: Blog

Ian Gibson, Chief Information Officer for SuperChoice discusses ‘Securing the cloud: it’s security Jim but not as we know it’.

Chief Information Officer for SuperChoice, Ian Gibson, discussed in his keynote presentation at the 2017 CISO Leaders Summit about ‘Securing the cloud: it’s security Jim but not as we know it’. This presentation covered:

• Changing nature of infrastructure security and its implications
• Cloud automation and its implications for security
• What the increasing security requirements mean for business and what they need to do about it
• Security as a business opportunity and how to communicate that to the Board

Ian Gibson is the Chief Information Officer and Responsible Officer for SuperChoice Services Pty Limited where he has been completely transforming the technology business. Prior to joining SuperChoice, Ian worked in senior executive and CIO roles including at Adaptra, CitiStreet, Link Market Services and the National Australia Bank.  He also co-founded a boutique consulting firm and has worked with several technology start-ups. Ian was a Partner in Accenture’s Strategy practice where he focused on business and IT-enabled strategic and operational planning.  His consulting work ranged across several industries, both locally and internationally, and for some of the largest clients in their respective industry. Ian is also a Non-Executive Director and Company Secretary focusing on technology start-ups and NFPs. Ian has a BSc (Computer Science & Mathematics) and an MBA from Melbourne Business School and is a Fellow of the Australian Institute of Company Directors.  He is a regular speaker and has authored more than 43 publications including twice nominated for Thought Leadership awards.

#CISOLeadersSummit #MediaCorpInternational

Meena Wahi, Director of Cyber Data-Risk Managers talks about ‘Managing Risk: Is Cyber Risk Different?’

In her roundtable discussion at the 2017 CISO Leaders Summit, Meena Wahi – Director of Cyber Data-Risk Managers talked about how CISOs are dealing with cyber risk. Are standard practices of managing risk serving them well? Is the eliminate, mitigate, accept and transfer the way to go? If not, are CISOs being challenged to devise new strategies to address the reputational, operational, compliance and financial impact of cyber incidents. As strategic partners in their businesses – what learnings do CISOs have to share?

Meena steered this interesting discussion on how CISOs are dealing with cyber risk. Meena is a specialist insurance broker for cyber risk who advocates that insurance must form part of total enterprise risk management strategy.

Cyber Data-Risk Managers are specialist insurance brokers for cyber insurance/data breach Insurance. Meena has been interacting with stakeholders in the evolving cyber risk/data privacy space in Australia and overseas since 2011. Contributing to the dialogue as a key player in the market, she advocates that cyber insurance must constitute a part of enterprise risk management strategy. Meena holds an MBA from Monash University and a Tier 1 (Insurance Broking) from ANZIIF.

#CISOLeadersSummit #MediaCorpInternational

Michael Klieman, Vice President Product Management at Symantec addresses the delegates at the 2017 CISO Leaders Summit on ‘Website security and key management’.

Vice President Product Management at Symantec, Michael Klieman, presented ‘Website security and key management’ as his roundtable discussion to delegates. In this session, he discussed perspectives on the increasing use of encryption within the enterprise, the associated management requirements, and importantly, how CISO policies are implemented and enforced.

This was a lively and informative session with topics ranging from:

• SSL/TLS, Code Signing, SMIME, PGP, and other encryption applications
• Key management & policy enforcement
• Meeting browser, PCI, and other compliance requirements
• Choosing public or private trust anchors for devices and IOT
• Inventorying and managing keys in hybrid environments
• Deploying automation
• Integrating with visibility, DLP, and other security applications
• Key-related vulnerability reporting and remediation
• Cloud-based HSMs vs. on-premise

Michael is a senior executive and entrepreneur experienced in building successful businesses in the consumer, small business and enterprise technology markets. He is a high-energy, results focused leader with a track record of shepherding large-scale projects from ideation to implementation, both in Fortune 500 and de novo start-up settings.

#CISOLeadersSummit #MediaCorpInternational

Asia Pacific Director for Cloud Security Alliance, Anthony Lim speaks about ‘Mobile application and security testing’.

Anthony Lim, Director Asia Pacific for Cloud Security Alliance has over 20 years’ professional experience as a cyber-security pioneering professional and he spoke to the 2017 CISO Leaders Summit on ‘Mobile application and security testing’. His workshop explained how mobile applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing, which in turn imparts tremendous agility to the enterprise. Accompanying such convenience are risk management challenges due to a lack of transparency, leading to security concerns that include applications.

He explained how Cloud Security Alliance aims to create a safer cloud eco system for mobile applications by creating systematic approaches to application testing and vetting that helps integrate and introduce quality control and compliance to mobile application development and management. Many people can write mobile apps today but with the focus on functions, features, visuals and user experience, the security aspect of coding is often lagging and hackers are looking for such gaps to exploit.

#CISOLeadersSummit #MediaCorpInternational

Jonathan Jackson, Head of Technical Solutions APAC and Japan at BlackBerry speaks to delegates on ‘Cyber security and innovation: protecting business IoT, cloud and mobile systems’.

Jonathan Jackson, Head of Technical Solutions APAC and Japan for BlackBerry spoke to the 2017 CISO Leaders Summit in Melbourne about how businesses today need to embrace innovative technology such as Enterprise of Things, cloud and enterprise mobility to remain competitive. He also raised several questions such as:

• What is the price of this innovation?
• In a world when cyberattacks are increasing in frequency and severity, how do you ensure your innovation is protected?
• How can businesses and Government ensure that in today’s ubiquitously connected world your networks are safe and secure?
• What is the role of cloud, mobile or IoT technology providers to ensure the systems are secure?
• Does employee risk to cyber security increase with an increasingly mobile workforce? How best to manage this?
• How can customer-facing enterprises balance great technological innovation for customers with the need to protect their data and that of corporate IP?

BlackBerry is a security company, specialising in securing mobile workplaces. Jonathan showed delegates how to protect their corporate sensitive data and multiple endpoints with BlackBerry Secure.

Jonathan brings over two decades of tactical experience in the development and management of secure, scalable systems. He has been with BlackBerry for 4 years and was the Head of Security Advisory for ANZ before assuming his current role. Jonathan advises customers navigating the world of enterprise mobility and cyber threats, working with them to develop a mobile strategy that satisfies both the demands of IT and end users now and in the future.

#CISOLeadersSummit #MediaCorpInternational

Kobi Ben-Naim – Senior Director of Cyber Research at Cyber Ark discusses ‘Cyber security nightmares: lessons for Australian businesses’. 

Kobi Ben-Naim of Cyber Ark talked to the audience today about privileged accounts that are often referred to as the “keys to the IT kingdom” because of the powerful access they provide to servers, databases and applications, and the sensitive data housed within. Therefore, it is not surprising that these powerful credentials have been exploited in nearly 100% of advanced attacks in the past years, i.e. the Bangladesh Bank Heist, the Ukraine Blackout, the ATM attacks in Taiwan, and the number of ransomware cases targeting healthcare providers across the globe. Reality is, in all cases, the determined attackers manage to break through the target’s perimeter security defences and exploit unprotected privileged credentials to masquerade themselves as an insider and roam around the network undetected, disable security controls, steal confidential information, commit financial fraud and/or disrupt operations.

So how do cyber-attackers use stolen, unprotected or misused privileged credentials to take full control of an organization’s IT infrastructure? This session examined real-life case studies that explained how attackers exploit privileged IT credentials to successfully gain access and move about the targeted network. The session also analysed the role privileged account security plays in meeting Australian compliance laws – the “Top 4 mitigation strategies” recommended by Australian Signals Directorate.

Kobi is an accomplished information security professional, well-known for his pioneering work in the field of Advanced Persistent Threats (APTs) and Zero-Day Attacks. Before leading the Cyber Research for CyberArk, Kobi was co-founder of Cybertinel, an Israeli successful start-up, acquired by CyberArk in 2015. Prior to Cybertinel, Kobi served as an Information Security Specialist with the Israeli Ministry of Foreign Affairs, where he led the ministry’s anti-hacking team.

#CISOLeadersSummit #MediaCorpInternational

The first panel discussion focused on cloud security governance and was moderated by General Manager for Cyber Security Brian Hay who was joined by Syed Asghar of Vodafone, Ian Gibson of SuperChoice and Craig Pitts of Mondelez International. 

This robust panel discussion attracted much interest from the audience of senior executives and covered issues related to cloud security governance such as how to keep up the pace, security policies, controls, regulations and awareness, KPIs for KRIs, the importance and benefits of an EXIT strategy and what have we learnt from the past?

Moderator:      

Brian Hay, General Manager, Cyber Security

Panellists:          

Syed Asghar, Information Security and Governance Manager, Vodafone Australia

Ian Gibson, Chief Information Officer, SuperChoice

Craig Pitts, Global Information Security Architect Lead, Mondelez International

Syed is a senior information security professional with proven track record of success in technology and Telecommunications sectors. A pragmatist that is approachable, with a passion for aligning the information security function to business goals. With over 19 years of experience in design, implementation and governance of complex security solutions in dynamic, fast-paced environments which hold vast amounts of customer information including Cloud, Telco networks and Data centers.

Ian is the Chief Information Officer and Responsible Officer for SuperChoice Services Pty Limited where he has been completely transforming the technology business. Prior to joining SuperChoice, Ian worked in senior executive and CIO roles including at Adaptra, CitiStreet, Link Market Services and the National Australia Bank.  He also co-founded a boutique consulting firm and has worked with several technology start-ups. Ian was a Partner in Accenture’s Strategy practice where he focused on business and IT-enabled strategic and operational planning.  His consulting work ranged across several industries, both locally and internationally, and for some of the largest clients in their respective industry. Ian is also a Non-Executive Director and Company Secretary focusing on technology start-ups and NFPs. Ian has a BSc (Computer Science & Mathematics) and an MBA from Melbourne Business School and is a Fellow of the Australian Institute of Company Directors.  He is a regular speaker and has authored more than 43 publications including twice nominated for Thought Leadership awards.

Craig is an IT leader with over 18 years’ experience and brings together disparate, global and virtual teams to deliver secured outcomes for operational, M&A and efficiency programs. Additional to this, he is in his 6th year as Director and Executive Member for a 3000-home resort management company.

Working at Mondelēz International as the Global Information Security Solutions Architect Lead, he is responsible for ensuring the global business can be agile with critical information whilst data is safely protected and the multitude of cross-border laws and legislations are considered.

Current key focus areas are:

• Strategic cross-company communication
• Critical and confidential data handling in a inside/outside world
• Managing data and system exposure in ‘cloud’ environments

Recently, he has been leading the charge to secure supply chain environments, systems and data at over 150 manufacturing sites globally while dealing with shadow IT organisations.

#CISOLeadersSummit #MediaCorpInternational

Our first keynote presentation for the 2017 CISO Leaders Summit in Melbourne today was ‘Strategy unabridged’ by Stuart Mort –  Cyber Security Director at Optus. 

Stuart discussed how we operate in an environment where it’s more a case of “when” not “if” an organisation will experience a security breach. The prevailing mindset of spending on security for good security will ultimately lead to a company being splashed across the media for all the wrong reasons if there is not a structured plan supporting the investment. Many Cyber Security strategies today read more like tactical plays and miss key details and fundamental perspectives on how to adequately prepare and plan for the security challenges faced today and tomorrow. Stuart explored some of these fundamentals, and provided recommendations on how these may be addressed within an organisation and that would allow attendees to evaluate how prepared and mature the security approach is within the organisation they encounter.

Stuart is a highly experienced Information Security and Cyber Security professional with global CISO experience and a portfolio of skills across all areas. Responsible for designing and delivering security strategies for multinationals, and ensuring President-level executives are aware of the risk landscape and directly sponsor security initiatives.

He has extensive knowledge of regulatory requirements, mergers and acquisition security, supplier security, risk management, ISO27001, security metrics, security assessments, and has led many complex Incident Response, Investigations and Forensic cases, including presenting evidence in Court as an Expert Witness.

With strong management experience in leading international teams of highly skilled professionals across multiple disciplines, Stuart can balance business objectives with strategic and technical security requirements. Stuart has presented at global and national conferences as a Keynote speaker, and has valuable experience of customer-focused liaison.

#CISOLeadersSummit #MediaCorpInternational

The 2017 CISO Leaders Summit Australia has kicked off and we are pleased to present our MC for the day – General Manager of Cyber Security Brian Hay. The CISO Leaders Summit brings together the top IT security executives from around Australia to discuss and debate the current trends, challenges and solutions facing the IT security industry within Australia. We are set for a great day today with lots of robust discussions and stellar presentations from our keynote speakers. Follow our blog for updates on each of the keynote presentations and panel discussions.

www.cisoleaders.com www.focusnetwork.co

#CISOLeadersSummit #MediaCorpInternational