Keynote Speech – The past is prologue; Trends in Information Security (Cyber Risk report 2015)

In this talk, I will be summarizing our findings related to trends in Information Security Landscape.

As suggested in the latest edition of HP Cyber Risk Report, well known attacks are still commonplace, with vulnerabilities that allowed access to unnecessary files and directories being dominant issues. The report showed that in addition to code based vulnerabilities that liabilities related to application deployment must also be considered to implement effective application security programs.

Even with the dearth of high profile and persistent application vulnerabilities, there is some good news. Results reveal that organizations who repeat security testing significantly lessen their security risk. It’s key in catching vulnerabilities that arise from new configurations, patches, and other application elements that don’t stay static.

Date: March 26, 2015
Time: 9:00 - 4:30 pm
Event: HP Protect Asia Pacific & Japan 2015, Taiwan
Topic: The past is prologue; Trends in Information Security
Sponsor: Hewlett Packard
Venue: Taipei New Horizons
Location: No. 88 Tobacco Road
Xinyi District, Taipei City
Taiwan
Public: Public

Speaking at  – HP Protect Asia Pacific & Japan 2015, Hongkong

The cost of cybercrime for an organization has escalated to $12.7 million a year compared to $3.8 million in 2010. And recovering from a data breach has increased from 14 days in 2010 to 48 days in 2014. While the security industry remains over-invested in products and technology, and under-investment in people and processes, hackers are spending more money and sharing information. Cybercriminals are hard at work in changing and improving their skills to win.

Find out how to safeguard your business by changing the way you invest in and think about security – from the perspective of the criminals targeting you.

Date: March 24, 2015
Time: 09:00-05:00 a.m.
Event: HP Protect Asia Pacific & Japan 2015
Topic: Cyber Defense Centre – Agility for Attack Scenarios
Sponsor: Hewlett Packard
Venue: Langham Place Hotel
Location: 555 Shanghai Street
Mongkok, Kowloon
Hong Kong‎
Public: Public
Registration: Click here to register.

Speaking at ISACA Singapore – Achieving PCI Compliance through Strategic Application Security Program

Not long ago the Payment Card Industry released version 3 of PCI DSS. This new version compared to its predecessor introduces a number of changes, PCI states that these changes are intended to address the maturity of the industry since 2006.  Lack of education and awareness coupled with poor implementation and maintenance are leading causes of breaches today; this update is intended to target these challenges by providing guidance and clarification on the intent of requirements and how to meet them. In this talk we will focus on Requirement 6 – ‘Develop and Maintain Secure Systems and Applications’ of version 3.

In HP’s Fortify Solution Consulting Group, we refer to our SSA (Software Security Assurance) framework to design application security programmes or secure development lifecycle for our customers and hence I often get asked if programmes built upon the SSA framework can help in fulfilling the PCI DSS Requirement 6.

If you have the similar questions, this is the session to attend. In this session, we will cover:

  • How to build a “compliant” secure development lifecycle for development teams using modern software development methodologies
  • Challenges of enforcing secure development lifecycle at an enterprise scale
  • Reasons why most application security programmes fail and how we can collaborate with development teams for easier enterprise adoption while meeting regulatory requirements
Date: January 23, 2015
Time: 06:00 p.m. - 09:00 pm
Event: ISACA Singapore
Topic: Achieving PCI Compliance through Strategic Application Security Program
Sponsor: ISACA Singapore
Venue: National Library Board Building
Location: Possibility Room, Level 5, NLB Building
100 Victoria Street
Singapore
Public: Public

Speaking at OWASP Malaysia – Introducing Application Security In Your Organization? Think Like a Developer

To protect your enterprise from application layer attacks, your application security program needs to be goal-oriented and should be supported by a central team of professionals enabled with the best of the breed technologies; following effective processes. If you are wondering, how you can build such an application security program that effectively leverages secure development methodologies while being scalable and effective for a complex organization, this is the session to attend. In this session Speaker will cover:

1. How to build secure development lifecycle for development teams using modern software development methodologies
2. Challenges of enforcing secure development lifecycle at an enterprise scale
3. Reasons why most application security programmes fail and how we can collaborate with development teams for easier enterprise adoption

Date: January 19, 2015
Time: 9:00 A.M. - 12:30 P.M.
Event: OWASP Malaysia
Topic: Introducing Application Security In Your Organization? Think Like a Developer
Sponsor: OWASP Malaysia
Location: Dewan Seminar, Menara Razak, UTM Jalan Semarak
Kuala Lumpur
Malaysia
Public: Public
Registration: Click here to register.

Speaking at OWASP Singapore – Introducing Application Security In Your Organization? Think Like a Developer

To protect your enterprise from application layer attacks, your application security program needs to be goal-oriented and should be supported by a central team of professionals enabled with the best of the breed technologies; following effective processes. If you are wondering, how you can build such an application security program that effectively leverages secure development methodologies while being scalable and effective for a complex organization, this is the session to attend. In this session Speaker will cover:

1. How to build secure development lifecycle for development teams using modern software development methodologies
2. Challenges of enforcing secure development lifecycle at an enterprise scale
3. Reasons why most application security programmes fail and how we can collaborate with development teams for easier enterprise adoption

Date: January 22, 2015
Time: 6:00 PM - 8:00 PM
Event: OWASP Singapore
Topic: Introducing Application Security In Your Organization? Think Like a Developer
Sponsor: OWASP Singapore
Venue: National University of Singapore
Location: SR10 (Seminar room 10), COM1 Building #02-10, 13 Computing Drive
National University of Singapore
Singapore
Public: Public