Hi [[ session.user.profile.firstName ]]

How Can We Grow the Pool of Cloud Security Professionals

Panel Discussion

According to one source, there are about 3 million cybersecurity professionals worldwide. And there we need an additional 4 million cybersecurity professionals. The question for the panelists today is what we can do to address the shortfall in such expertise in Malaysia. With the greater cloud usage and increased cloud adoption during the pandemic period, many enterprises have pivoted to the cloud, creating a dire demand for cloud security professionals. The job is definitely cut out for our panelists.


- Victor LO (Head of Cyber Security, Malaysia Digital Economy Corporation (MDEC))
- Philip VICTOR (MD, Welchman Keen)
- Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)
Recorded Jun 30 2021 43 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dr. Hing-Yan LEE, Victor LO, Philip VICTOR, Ferdinand FONG
Presentation preview: How Can We Grow the Pool of Cloud Security Professionals
  • Channel
  • Channel profile
  • What happens when ransomware targets your cloud infrastructure? Sep 8 2021 5:00 pm UTC 60 mins
    Kat Traxler Senior Security Researcher and Joe Malenfant, VP of Product Marketing, Vectra AI
    The rapid shift to remote work in 2020 saw adoption of public cloud skyrocket. Organizations quickly saw the benefits of public cloud from SaaS based applications, to the agility that PaaS provides. While the pandemic dominated the headlines last year, 2021 will likely go down as the year of ransomware. The question now is: What happens when ransomware targets your cloud infrastructure?

    Join senior security researcher Kat Traxler and Vectra AI VP of Product Marketing Joe Malenfant, as they dive into ransomware, and predict where it’s going. You’ll learn:

    -How ransomware has evolved and become big business
    -How to detect ransomware behavior before encryption
    -How ransomware is different in cloud environments (PaaS/IaaS) and what you can do stop it
    -Open source tools you can use to test against exposure
  • So A Cloud Security Expert Walks Into a CISO Role... Aug 31 2021 5:00 pm UTC 60 mins
    Nathan Burke, CMO, Axonius and Ashish Rajan, CISO, Cloud Security Podcast
    Join Ashish Rajan, CISO and host of the popular Cloud Security Podcast and Nathan Burke, CMO at Axonius as they discuss the cloud security challenges facing a CISO in a new role, how to prioritize the fundamentals, and how to optimize and foster a symbiotic relationship with vendors (or at the very minimum how to tolerate them).

    We’ll cover:

    - Ashish’s background in cloud security, his world-famous podcast, being a fashion model, and a lion-tamer (only one of these is false).
    - Nate’s background and promise that this won’t just be a full-on product infomercial.
    - The big challenge: controlling cloud complexity and the confidence to grow.
    - How to prioritize cloud security initiatives when joining as the new CISO.
    - What are the fundamentals when getting started?
    - Cloud security vs. Multi-cloud security - one of these is a fictional character.
    - How to set cloud security goals and measure progress.
    - The one and only slide about Axonius.
  • How to Take a User-First Approach to Identity Management Aug 24 2021 5:00 pm UTC 60 mins
    Nabeel Saeed, Senior Product Marketing, Security and Ian Hassard, Senior Manager, Product Management, Auth0
    The burden of proving a customer’s identity today rests mostly on the end user. Companies and services do not trust end users by default, and those end users--their customers--do not trust a service with their information. This leads to unnecessary friction that hurts conversions, harms UX, and can have a lasting impact on your brand and growth.

    In this session we’ll go over best practices to:
    - Shift the burden of proof away from the customer
    - Leverage identity solutions to establish customer trust
    - Build login systems that use intelligence and contextual signals to remove friction
  • Foresight is 20/20: How to Use Cyber Threat Intelligence for Proactive SecOps Aug 19 2021 6:00 pm UTC 60 mins
    Alexei Rubinstein, Vice President of Sales Engineering at IntSights
    The rapid-fire of cybersecurity threats hitting today’s businesses cause many security teams to “live in the moment.” It’s equally important, however, to receive and understand the early indicators cyber threat intelligence (CTI) provides. With these indicators in hand, your team can remediate issues before they become full-blown incidents.

    For example, consider what your team could do if it learned that a bot was installed on a single corporate machine, and it was exfiltrating credentials from that machine including those for Citrix and Slack. This is a real-world story of a compromised UK company whose network access was for sale for just $8 USD.

    In this session, we will explore the current dark web activity that reveals network compromises and sets the stage for future cyberattacks:

    • How CTI provides clues about your company’s vulnerabilities
    • What can be done when CTI shows that access to your network is up for sale
    • Techniques for integrating CTI into your SecOps processes
  • How Unity Uses Continuous Risk Assessment to Empower its Google Cloud Estate Aug 18 2021 5:00 pm UTC 60 mins
    Justin Somaini, Unity, Dr. Anton Chuvakin, Google, and Patrick Pushor, Orca Security
    Meet Justin Somaini, Chief Security Officer at Unity. Somaini is an expert in securing large environments having done stints as the CISO of Yahoo! and SAP. The scale of operations at Unity is even bigger as their games and experiences reach billions of devices a year, powered in large part by a massive Google Cloud Platform estate as well as multi-cloud.

    Upon arriving at Unity, Somaini had a decision to make. Should he focus his initial efforts on preventative controls or on deep asset management with continuous risk assessments?

    Somaini will be joined by Google’s Dr. Anton Chuvakin and Orca Security’s Patrick Pushor as they invite you into a lively discussion on:

    - How to reduce time-to-remediation by coupling continuous cloud risk assessments with automation
    - How deep cloud asset inventory and configuration management can unlock rich enterprise-wide capabilities
    - How to eliminate friction between Security and DevOps teams and empower DevOps with ownership of and accountability for security issues
    - Selection criteria for choosing a cloud security vendor, including the pros and cons of agent-based tools and scanners, CSPM (cloud security posture management), as well as a new category Gartner is calling Cloud-Native Application Protection Platform (CNAPP)
  • Data Sovereignty - What’s the Big Fuss About? Aug 18 2021 8:15 am UTC 45 mins
    Dr. LEE Hing-Yan, Stephanie King-Chung HUNG, May-Ann LIM, Ian LIM
    Panel Discussion

    The term “data sovereignty” has often been used by stakeholders (including cloud service consumers, cloud service providers, sectoral regulators) to mean different things. Just like the term "cloud computing" in the initial years, there are no widely agreed definitions; so the question "What do you understand by this term ?" naturally arises. Is it about: (a) data residency; (b) data localization; (c) data protection; (d) ... etc. What do these other terms mean anyway? Some parties commented that the above measures are too prescriptive and hide the real motivations, there are indeed innovative solutions to address those motivations. The panel discussion will identify the real motivations for data sovereignty. Some regulated sectors (e.g., finance, healthcare & healthcare) seem most paranoid about data sovereignty; they must have good reasons. Join us as the panelists endeavour to help us to understand the downsides and upsides to data sovereignty.

    Moderator: Dr. LEE Hing-Yan (EVP APAC, CSA)

    - Stephanie King-Chung HUNG (SVP Cloud Business, Mission Software and Services, Digital Systems, ST Engineering)
    - May-Ann LIM (ED, Asia Cloud Computing Association)
    - Ian LIM (Field Chief Security Officer, Palo Alto Networks)
  • Cloud Native Security Guidelines from Singapore TR 82:2020, NIST and CSA Aug 18 2021 7:30 am UTC 30 mins
    WONG Onn Chee (Co-chair, CSA APAC Research Advisory Council & CTO, Resolvo)
    Cloud native computing is a new software development approach, not an infrastructure approach as commonly miscontrued. Come and hear what constitutes cloud native and learn more about the various security guidelines from Singapore, NIST and CSA, which can guide you to adopt cloud native computing in a secure manner.
  • MTCS: The New Edition (SS584:2020): What's New Aug 18 2021 6:45 am UTC 30 mins
    Sanjeev GUPTA (Director, Certification Partners Global)
    The Multi-Tier Cloud Security (MTCS) Singapore Standard was revised in 2020, and some changes have been made to reflect user concerns and changing technology. We look at what is new, and what is unchanged, and what (in the speaker's biased view) remains undone.
  • CCM Addendum - Mapping of ABS Cloud Computing Implementation Guide 2.0 to CCM Aug 18 2021 6:00 am UTC 30 mins
    Arun Vivek IYER
    Presented by - Arun Vivek IYER (​Head of Cloud & Container Security – Cyber Security Services, Standard Chartered Bank & Co-chair, CCM ABS Mapping WG, CSA)

    In the technology space, there are also multiple frameworks and guidelines available, such as the above-mentioned TRM, ISO/IEC 27001 & 27002 and ISACA COBIT. There are also ISO/IEC 27018, the recently published ISO/IEC 21878, FedRAMP and the Cloud Computing Implementation Guide (CCIG) v2.0 issued by the Association of Banks in Singapore (ABS) that are specific to cloud computing and its related technologies. Because of this complex landscape, cross-mapping of frameworks is a useful and popular tool for FIs looking to seek compliance to multiple standards and best practices. This presentation will cover the mapping exercise the CSA WG did to evaluate the similarities and gaps between CCIG and the numerous frameworks mapped in the Cloud Controls Matrix (CCM). Singapore FIs who are already in line with CCIG will benefit through being able to easily identify and fulfill additional controls (gaps) on top of the CCIG to achieve adherence to another targeted framework within CCM, which is useful when expanding to other markets.
  • Hybrid Cloud Security: Risks & Mitigation Aug 18 2021 4:45 am UTC 45 mins
    Ferdinand FONG, Brendan LAWS, Narudom ROONGSIRIWONG, Faisal YAHYA
    Panel Discussion

    Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? What are the risks in a hybrid cloud environment compared to on-prem and how does one go about mitigating each of these risks. How does one assess the effectiveness of these mitigation measures? And finally how would these mitigation measures benefit organizations/businesses?

    Moderator: Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)

    - Brendan LAWS (Director, Solutions Architecture, Rapid7)
    - Narudom ROONGSIRIWONG (Head of Information Security, Thai Union Group PCL & Co-chair, Hybrid Cloud Security WG, CSA)
    - Faisal YAHYA (Chair, CSA Indonesia Chapter)
  • COVID 19 : Challenging the OT-IT Convergent Aug 18 2021 4:00 am UTC 30 mins
    William HO (Co-chair, Industrial Control System Security WG, CSA)
    Operational Technology (OT) systems, especially Industrial Control Systems (ICS), are an increasingly attractive target for highly-sophisticate cyber actors around the world. A more worrying trend has developed with the increased connectivity between IT and ICS (IT-OT convergent). This creates a potential opportunity for adversaries who are now able to compromise IT systems connected to the Internet, secure their footholds, and move to the ICS to disrupt industrial processes if not enough attention directed to secure the IT-OT convergent endeavor.

    The COVID-19 situation further challenged the convergent journey, just to name a few emerging challenges such as resources contention, supply chain cyber breaches, prevalent remote connections, etc are things seems to become the new normal. Leveraging Cloud Computing may be one of the strategies to help alleviate the challenges ahead.
  • Cloud Incident Response Framework Aug 18 2021 3:15 am UTC 30 mins
    Prof Alex SIOW (Co-chair, Cloud Incident Response WG, CSA) & LIM Soon Tein (Co-chair, Cloud Incident Response WG, CSA)
    In cloud incidents, it is necessary to coordinate and share information with stakeholders and other organizations which will be discussed. This presentation is for all cloud customers as well as cloud service providers who need a clear framework for sharing incident response practices with customers.
  • The Remote Workforce Cyber Problem – Resistance to Adoption Aug 18 2021 2:30 am UTC 30 mins
    Debashish JYOTIPRAKASH (CTSO - APAC Managing Director – India & SAARC, Qualys, Inc.)
    Keynote Address

    As we celebrate the Workers aren’t going to be returning to the office in 2021. Work from home is going to be in place until there is a full vaccine rollout, and maybe even longer. That means whatever cybersecurity systems that are incorporated now are going to have to stay in effect or be modified for workers who are in a hybrid model of home/office work weeks. Cybercriminals know this, so they will target remote workers with phishing and other targeted attacks. This topic will also cover devices that went home permanently and challenges now and when they begin to come back to office again.
  • Zero Trust – Your Way to the Cloud for post-COVID Recovery Aug 18 2021 1:45 am UTC 30 mins
    YUM Shoen Yih (Director, Cyber Security Programme Centre, Cybersecurity Agency, Singapore)
    Keynote Address

    The recent economic situation showed that companies that used cloud technologies to serve the customers anywhere anytime thrived better than companies whose businesses rely on customers visiting their shops physically. Companies that used cloud technologies also allowed their staff to work from home effectively and safely. Thus, the Cloud will definitely be a factor in your post-Covid recovery plan since the Covid virus will not be disappearing anytime soon. How can you fulfil your side of the ‘shared responsibility’ of using Cloud platforms and services when attackers have made Cloud one of their favourite hunting-grounds? Cyber Security Agency of Singapore is implementing a “Zero Trust” solution to help you especially the small and medium enterprises which have many constrains due to the Covid pandemic.
  • Introduction, Welcome Remarks & Opening Address Aug 18 2021 1:00 am UTC 30 mins
    Dr. Hing-Yan LEE, Prof Alex SIOW & Jim Reavis
    CSA Singapore Summit 2021

    Introduction & Welcome Remarks
    ​Dr. Hing-Yan LEE (EVP APAC, CSA)

    Opening Remarks
    Prof Alex SIOW (Chair, CSA Singapore Chapter​)

    Opening Address
    Jim REAVIS (Co-Founder & CEO, CSA)
  • Defending your Cloud with MITRE D3FEND Aug 12 2021 6:00 pm UTC 60 mins
    Dr. Neil Daswani, Co-Director of the Stanford Advanced Cybersecurity Program and Dr. Saumitra Das, CTO Founder, Blue Hexagon
    Modern cloud threats with complex, multi-stage kill chains cannot be mitigated simply by compliance and configuration checks. The MITRE ATT&CK framework for Cloud provides a structure for security teams to reason about attacker tactics in their cloud. The newly announced MITRE D3FEND framework provides a standard vocabulary for countermeasures against attackers.

    In this live session, we will provide an overview of D3FEND and how it maps to cloud security. We discuss the countermeasures security teams should consider that are specific to cloud attack tactics. We also discuss how ATT&CK maps to the technical root causes of breach that have impacted over 9,000 reported breaches to date.

    Security experts and cloud DevOps/DevSecOps attendees will learn about:
    - MITRE ATT&CK and differences between Cloud and On-premises
    - How MITRE ATT&CK maps to the technical root causes of breaches
    - MITRE D3FEND and how to apply and extend it for your cloud
    - How to prioritize and deploy countermeasures based on D3FEND

    Hear from Dr. Neil Daswani (former CISO of LifeLock and co-author of Big Breaches and Foundations of Security) and Dr. Saumitra Das (founder and inventor in AI security) about these frameworks and countermeasures and reason about where to direct your efforts to minimize risk.
  • Leveraging the CAIQ to Prepare for the Next Supply Chain Attack Aug 5 2021 4:00 pm UTC 60 mins
    Demi Ben-Ari, Co-Founder and CTO, and Dov Goldman, Director of Risk & Compliance, Panorays
    Not much time has passed since the last supply chain cyberattacks: SolarWinds, Accellion, Codecov, and now Kaseya. Do you think Kaseya will be the last one? We don’t. While you’re probably wondering what can be done to predict or prevent an incident like this in the future, we think the better question is: What can you do to prepare for the next one?

    The CAIQ (Consensus Assessment Initiative Questionnaire) created by the CSA (Cloud Security Alliance) covers all of the possible security controls (CCM - Cloud Controls Matrix) that a company can have as a SaaS provider. By mapping all of the possible mitigation options, companies can reduce the risk of using these cloud and SaaS providers.

    In this webinar, we’ll discuss the usage of the CAIQ to be able to better prepare your organization for the next supply chain attack that happens—and it will. We’ll also provide some actionable steps you can take to respond to it when it happens and to mitigate compromising your data and your customers' data.

    Participants will learn:

    1. What actually happened in the recent Kaseya breach and how it compares to SolarWinds and the rest of the latest supply chain breaches
    2. How to map your supply chain and know who your third parties are, as well as understand their possible impact
    3. How to monitor the digital supply chain and your third parties’ cyber posture
    4. How to conduct proper security risk management and remediation
    5. How the CAIQ fits in this whole picture and how you can leverage it to be better prepared

    We’ll share our experience and expertise as security practitioners who have implemented our own mitigation strategies and helped our clients understand the impact of third-party security incidents.
  • Securing Cloud with CyberArk Identity Security and AWS Best Practices Aug 3 2021 4:00 pm UTC 60 mins
    Roy Rodan, Partner Solutions Architect, AWS and Yonatan Klein, Director of Product Management, Cloud Security, CyberArk
    90% of enterprises today have a footprint in the cloud. But is security top of mind?

    As organizations are rapidly adopting the cloud, there has been increased diversity with a proliferation of identities, accounts, credentials & permissions. Securing identity in the cloud is more important than ever.

    Join Roy Rodan, Partner Solutions Architect at AWS, and Yonatan Klein, Director of Product Management, Cloud Security, at CyberArk, as we discuss the importance of identity security in the cloud and foundational best practices.

    We’ll share our recommendations on how to:
    - Approach the AWS shared responsibility model
    - Secure the highest privilege identities that have the potential to control an entire environment
    - Build identity security into the fabric of your enterprise cloud strategy & application pipelines
    - Leverage best practices to secure access to cloud assets including cloud management console, instances, native apps and secrets

    Prioritize identity security without ever putting productivity second. Register Now.
  • Let's talk about ABC: Assume nothing, Believe nobody. Check everything Recorded: Jul 30 2021 54 mins
    Panel Discussion

    For many people, Zero Trust spells the end of an era – the end of the perimeter defence. McKinnon said: "It’s a failure of the paradigm that you can have a gate and castle wall and everything on the inside is fine".
  • Digital Identity: A Component of Security as a Service Recorded: Jul 30 2021 31 mins
    Narudom ROONGSIRIWONG (Head of Information Security, Thai Union Group PCL)
    Identity and Access Management includes people, processes, and systems that are used to manage access to enterprise resources by assuring that the identity of an entity is verified, then granting the correct level of access based on the protected resource, this assured identity, and other context information.

    This presentation will focus only the identity management services in three levels. The first is a high-level overview of Identity Management as it is applied to Cloud Computing development and implementation. The second is the considerations and concerns that should be part of the decision making. And the last is a technical discussion of the architecture and implementation will be made.​
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How Can We Grow the Pool of Cloud Security Professionals
  • Live at: Jun 30 2021 7:30 am
  • Presented by: Dr. Hing-Yan LEE, Victor LO, Philip VICTOR, Ferdinand FONG
  • From:
Your email has been sent.
or close