Agenda

The Asia-Pacific region is the most targeted cyber frontier globally, facing threats from sophisticated nation-state actors and organised cybercrime. The confluence of rapid digitisation, critical infrastructure attacks, and the cyber skills shortage demands a robust, collaborative defence.
This panel will critically examine the shift from prevention to resilience, debating the efficacy of current regional strategies and the imperative for improved public-private information sharing and capacity building.
.
• How has AI been reshaping threat actors’ activity on the one hand, and defence mechanisms on the other?
• How can we urgently address the critical regional cyber talent deficit?
• How important is public-private collaboration in fighting cybercrime?
.
– Moderator: Jen Yan Loy, Head of Resilience Risk & DPO, HSBC
– Anirban Chakraborty, Director of Security, TriNet
– Jason Lau, CISO, Crypto.com & Board of Directors, ISACA
– Allan Tay, Director, IT Security, Singapore Pools
– Trisha Ventura, IT Director; Head of Information Security, QIMA
.

In this forward-looking session, we examine how AI is moving from a theoretical safeguard to a critical component of cyber defence in 2026. This presentation will analyse the evolving landscape where both threat actors and defenders are leveraging machine speed. We’ll explore the sophisticated new risks, from AI-powered malware to deepfakes in social engineering, and reveal the practical strategies and essential human-AI collaboration needed for robust, next-generation security. Discover the shift from reactive defence to proactive, predictive security operations.
.
• AI Security Today; Real Threats and Practical examples to help your teams
• Cutting through the hype: Separating AI Security Fact from Fiction
• AI as your Security Co-Pilot; But only if you learn these InfoSec Skills
.
– Jason Lau, CISO, Crypto.com & Board of Directors, ISACA
.

Despite massive investment, 23% of breaches still begin with human-targeted social engineering. Generative AI has revolutionised the attacker’s playbook, with AI-driven phishing now bypassing traditional gateways through automated, highly personalised campaigns.
Join Petri Kuivala, former Nokia CISO, for a deep dive into these modern tactics. Moving beyond simple compliance, Petri explores how to achieve genuine behavioural change. Discover how global leaders like Qualcomm transformed high-risk employees into proactive security sensors, drastically reducing breach likelihood. Learn to turn your workforce into a reliable line of defence—and if you want us to hack you, find out more during the session.
.
• The AI Playbook: How attackers leverage GenAI to craft irresistible, automated social engineering campaigns at scale
• Behavioural Transformation: Strategies for moving beyond “tick-box” awareness training towards measurable, long-term cultural change
• Employees as Sensors: Lessons from Qualcomm on empowering staff to act as an active, early-warning system against threats
.
Petri Kuivala, CISO Advisor & Former Fortune 100 CISO Hoxhunt
.

Emerging technologies, including sophisticated Cloud services, AI, and distributed architectures, offer immense opportunities but simultaneously introduce profound security and compliance challenges. In this session, we address how to embed security early and proactively manage these risks. Learn how security teams can collaborate with innovation units to safeguard emerging environments, ensuring regulatory adherence is built into your enterprise architecture from the outset, turning technological evolution into a competitive advantage rather than an unmanaged liability.
.
• Creating future-proof security governance frameworks that adapt to new technology
• Discover practical methods for safeguarding large-scale public Cloud and AI/ML adoption
• Integrate compliance and security into the innovation and development lifecycle
.
– Allan Tay, Director, IT Security, Singapore Pools

.

The rapid convergence of technologies like AI and cloud is challenging conventional cyber security frameworks. This presentation moves beyond traditional ‘detect and respond’ models, exploring a proactive, resilience-by-design approach essential for modern digital infrastructure. We will analyse the specific security vulnerabilities introduced by this shift: the expanded attack surface of billions of connected IoT devices, the risks of adversarial AI, and how we can utilise popular security frameworks to ensure security around this technology.
.
• Learn how to adapt existing models (like NIST CSF or ISO 27001) to govern decentralised and autonomous systems
• Understand the practical implementation of Zero Trust Architecture principles across sprawling information ecosystems
• Explore how AI can be leveraged for dynamic threat hunting, anomaly detection, and automated incident response in real-time environments
.
Shilpa Sawant, Vice President – Cyber Security, Sumitomo Mitsui Banking Corporation

In the race for APAC industrial efficiency, the “Air Gap” has vanished, replaced by a digital bridge that has become the primary vector for global cyber-risk. This session deconstructs how legacy remote access—VPNs and Jumphosts—transforms connectivity into a “blast radius” for state-sponsored actors targeting IT/OT spillover. We move beyond product pitches to a strategic framework for Converged Security, exploring how integrated defense unifies IT and Operations. Learn to architect an “Identity Air Gap” that ensures physical resilience without sacrificing digital transformation. Stop building bridges for attackers; start securing the mission.
.
– Hubert Heng, Managing Director, APAC, Zeroport
.

Organisations face escalating compliance risks due to poor visibility over sensitive data processed by third-party vendors and SaaS tools. This fundamental lack of control directly stalls progress toward AI maturity. In this session, our speaker presents a compelling case study on how a major enterprise successfully transitioned from static vendor assessments to continuous, real-time data risk visibility. We detail the practical steps and architectural decisions used to map external data flows, identify shadow processing, and accurately quantify partner risk.
.
• Understand the AI-Risk paradox
• Generate a proven blueprint for integrating data risk intelligence
• Implement automated controls for policy enforcement
.
– Manjunath Pasupuleti, Global Head IT-Security, OT-Security, GRC, AI Governance (CISO), ENNOVI
.

What Do We Do When Tech Fails?
Sanjeev Gathani, Compliance Officer, RV Group
.

The increasing reliance on external vendors and OEMs necessitates a robust, compliant approach to remote access within OT networks. In this session, we focus on the practical lessons learned from deploying a unified secure remote access (SRA) framework designed to manage hundreds of third-party connections across disparate industrial control systems. We will detail the architectural and procedural strategies required to move beyond fragmented vendor-specific solutions toward a single, auditable platform.
.
• Hear strategies for consolidating third-party access solutions into a unified SRA platform
• Learn best practices for integrating PAM and SRA to enforce ‘just-in-time’ and ‘least-privilege’ access policies in OT
• Discover techniques for building a continuous auditing and compliance reporting structure to satisfy internal and regulatory mandates
.
– Ronald Chan, Head of OT Security – Cyber & Information Security, Aboitiz Power Corporation
.

In an era of escalating cyber threats, the security of our critical infrastructure has never been more vital. In this session, our expert speaker offers a focused and practical guide for protecting the foundational systems that power our world. We will move beyond high-level theory to provide a clear roadmap for securing SCADA and Industrial Control Systems from both common and sophisticated cyberattacks.
.
• Set up the foundational security measures, including robust asset inventory, network segmentation, and the principle of least privilege, tailored specifically for SCADA and ICS
• Establish a monitoring programme that can detect subtle anomalies and malicious activity within OT networks
• Develop plans that prioritise operational continuity and safety while addressing the cyber threat
.
Abdul Aziz Patail, Head of Grid OT Management and Chief SCADA Engineer,Energy Industry

Governments across the APAC region are rapidly deploying new, stringent cyber regulations concerning critical infrastructure, data protection, and cross-border transfers. The challenge for security leaders is converting complex legal obligations into tangible, defensible security programmes.
This expert discussion will address the divergence in regional mandates and provide practical strategies for effective compliance. We examine how to align security spending, conduct risk-based assessments, and manage the complexity of multi-jurisdictional compliance without sacrificing operational agility or effective cyber defence.
.
• How should security leaders prioritise investment against the varying national compliance deadlines?
• What frameworks best translate regulatory text into actionable technical security controls?
• How can we standardise cross-border data transfer compliance across disparate APAC judgements?
.
– Moderator: Dr Jenny Tan, Immediate Past President, ISACA SG
– Jayapalan K V, Director – Cyber Security, Kenvue
– Dominic Boh, Group Internal Audit , IT Audit Director, MOH Holdings Pte Ltd (Singapore)
– Sekhar Pidathala, CISO, Tradu
.

Most AI governance sessions focus on either theory or technical deep dives. This session bridges that gap, addressing the reality that while 94% of APAC financial institutions have policies, 90% still harbor critical security vulnerabilities. Participants will bridge the divide between documented policy and production reality using a 3-tier governance model and a 6-category risk taxonomy that pairs regulatory definitions with real exploit paths.
.
• Gain a testable 3-tier model and a 90-day action plan to move from quick wins to structural security
• Access a translation table connecting high-level governance to technical controls and monitoring
• Identify five observable signs of effective governance using composite incident scenarios and practitioner-led findings
.
– Sekhar Pidathala, CISO, Tradu
.

Effective internal control relies on people, processes, and systems working together. Communication and education guide stakeholders toward desired control behaviours. Following the five “I”s—Inform, Introduce, Implement, Instil, Internalise—supports disciplined and sustainable control adoption. Understanding risks and the consequences of inaction enables informed decisions, while indicators help measure control effectiveness. Discipline through audits, monitoring, and coaching maintains compliance. Controls must be balanced: too many hinder innovation, too few expose risks. Clear rules, agility, and continuous improvement ensure controls adapt to evolving cyber security needs. Closing control gaps quickly is essential to sustaining a secure cyber security ecosystem.
.
– Shee Yan Ho, Director of Internal Audit, Supreme Court of Singapore
.

SSecurity awareness and training are essential. But they don’t reflect the full weight of human risk management. In this session we explore the next frontier of human risk management by designing environments where secure behavior becomes the easiest and most natural choice.
We will examine real-world examples of reducing risk at scale by reshaping operational conditions alongside awareness and training, demonstrating how small design adjustments can lead to sustainable behavioral shifts across organizations.
Awareness informs. Training guides. But human decisions, shaped by their environment, decide everything.
.
In this session, you will gain:

• • A perspective on the largest, most predictable human attack surfaces and how operational environments shape them
  • Insights into how processes and system design can make secure behavior the easiest and most natural choice through real-world examples
  • A strategic view of combining awareness, training, and environment design to drive measurable human risk reduction at scale

– Elodie Bridoux , Director of Critical Communications & Cyber Human Risk Management, Schneider Electric
.

Quantum computing is set to revolutionise technology, but it also poses significant risks to current cryptographic systems. This panel will explore how security leaders can prepare for the quantum era, focusing on transitioning to post-quantum cryptography, mitigating quantum-backed threats, and aligning with emerging standards like NIST PQC.
.

• • How soon will quantum computing impact cyber security?
  • What steps should organisations take to adopt quantum-safe cryptography?
  • How can hybrid solutions ensure a smooth transition to PQC?

  .
  – Moderator: Naveen Kukreja, Senior Risk Manager, Information and Cyber Security Risk Management, Standard Chartered Bank
  – Jon Lau, CISO, A*STAR – Agency for Science, Technology and Research
  – Dr. Hao Qin, Quantum Communication Technologist, National University of Singapore
  .

The disconnect between IT Operations (uptime) and Security (risk) often creates friction, delays, and critical vulnerabilities. In this session, our speaker offers a practical blueprint for transforming security into an integrated, shared responsibility across your organisation. We explore how to dismantle silos and implement a true SecOps culture.
.
• Establish unified communication and collaborative workflows, and align KPIs so both teams own cyber risk and efficiency
• Integrate security testing and response directly into IT deployment pipelines
• Train IT staff on security principles and SecOps staff on operational constraints
.
– Trisha Ventura, IT Director; Head of Information Security, QIMA
.

Step into the high-pressure world of digital defence in this immersive, gamified simulation. As an elite member of the Cyber-Response Team, you’ll navigate a series of rapid-fire scenarios—from suspicious network intrusions to sophisticated social engineering attempts.
The clock is ticking, and your organisation’s integrity depends on your digital hygiene and quick decision-making. Through interactive challenges and team-based problem-solving, you will learn to identify vulnerabilities before they escalate into full-scale breaches. Can you neutralise the threats, patch the gaps, and ensure the system remains resilient under fire?
.
• Master the ability to spot subtle indicators of compromise within complex digital environments
• Practice the “Stop, Analyse, Report” protocol to contain breaches effectively under time pressure
• Understand how individual cyber-vigilance safeguards the continuity and reputation of the entire business
.
– Sanjeev Gathani, Compliance Officer, RV Group
.

In the automotive industry, as with others, the traditional security perimeter has vanished. As vehicles evolve into hyper-connected nodes, the “castle-and-moat” approach is no longer fit for purpose. In this session, we explore the transition to an identity-centric security model, specifically tailored for the high-stakes automotive ecosystem. We will examine how to implement robust IAM and Zero Trust frameworks to ensuring safety and data integrity across the entire vehicle lifecycle.
.
• Transition from network-based security to granular, identity-based authentication
• Implement “never trust, always verify” principles to prevent lateral movement within the network
• Map Zero Trust strategies to ISO/SAE 21434 and UN R155 compliance requirements
.
– Kulsharest Jain, Manager/Cyber Architect, Mercedes-Benz Singapore
.

Join this interactive group discussion session with the whole audience with our expert moderator as we consider these questions.
.
• Why is burnout so prevalent in cyber security roles and what impact can it have on both the individual and the organisation?
• What practical strategies can help to reduce burnout in cyber security?
• How do we prioritise sustainability as much as resilience in our cyber security teams?
• What does a burnout-resistant cyber security culture look like?
.
– David Poh, Manager – OT Cyber Policy and Governance, SMRT Corporation Ltd
.