• Vitaly Kamluk
    Director of Asia Pacific Research Team
    Kaspersky Lab
    Date: 19 September 2017
    Time: 1530 - 1610 hrs
    Venue: MR 310-311, Level 3

    Vitaly has been involved in malware research at Kaspersky Lab since 2005. In 2008, he was appointed Senior Antivirus Expert, before going on to become Director of the EEMEA Research Center in 2009. He spent a year in Japan focusing on major local threats affecting the region. In 2014, he was seconded to the INTERPOL Global Complex for Innovation in Singapore, where he worked in the INTERPOL Digital Crime Center for 2 years specializing in malware reverse engineering, digital forensics and cybercrime investigation.

    Vitaly has presented at many public international security conferences including previous GovWare conferences, Blackhat USA, Blackhat Asia, Defcon, Hitcon, BSides LasVegas, PHDays, ZeroNights, FIRST, Source Boston as well as multiple closed door invite-only security industy events and security meetups including those in Singapore.

    Presentation Title

    Tales From The Battlefield


    Discovering new cyberattacks and threat actors now has become a routine and it's hard to surprise anyone with news of yet another APT campaign. However, many of those attacks remain undiscovered because researchers' resources and sensors coverage is limited especially when it comes to government and other isolated networks. Still the attackers know how to make their way into those secure facilities. To reveal and interrupt those attacks highly qualified staff is required. This presentation is an attempt to openly share some of techniques and methods used by security researchers to discover and identify malicious activity. It will include examples of real case investigations of certain major cyberattacks which we investigated, including some that happened in South East Asian countries. We hope that it can help raise awareness of tools, methods and techniques used by researchers and improve state of security in organizations of the attendees.

  • Christian Karam
    Director, Global Head of Cyber Threat Intelligence
    UBS AG
    Date: 19 September 2017
    Time: 1400 – 1430 hrs
    Venue: MR 310-311, Level 3

    Mr Karam is the Global Head of Cyber Threat Intelligence at UBS where he oversees the bank's threat intelligence service that enables the delivery, consumption, analysis and actioning of cyber threat intelligence from various sources to provide the bank with risk awareness and the operations teams with valuable intelligence to identify threat indicators, tactics, techniques and procedures that inform and enable the timely mitigation and response to threats. Also in his role, Mr Karam conducts security research and excellence activities in thought leadership specifically in the area of security and cybercrime.

    Prior to joining UBS, Mr Karam was the head of the cyber research laboratory and the lead cyber threat researcher at INTERPOL. Mr Karam developed the activities in the fields of global cyber threat research, future trends analysis, cyber intelligence and R&D within the INTERPOL Global Complex for Innovation (IGCI). Prior to joining INTERPOL, Mr Karam was an independent security researcher, penetration tester, and security consultant for several private sector firms.

    Mr Karam is a member of the INTERPOL Global Cybercrime Experts Group, a member of the BlackHat Review Board and an accomplished public speaker covering highly rated security conferences, governmental events and think tank forums.


    A step away from marketing and vendor talks in the threat intelligence space, this session will highlight recent trends detected in the criminal space in several areas of the threat landscape taxonomy. The presentation will also share a few expected evolutions in the threat actor space that are seen globally and in APAC specifically in the coming months.

    The session will also address the importance of building a resilient threat intelligence structure that is effective for every organization and how to operationalize this to focus more in defending and deterring the attacker rather than just the attack.

  • Lucas Kauffman
    Senior Information Security Consultant
    Ernst & Young Advisory
    Date: 21 September 2017
    Time: 1400 - 1440 hrs
    Venue: MR 324, Level 4

    Lucas Kauffman is a cyber-security consultant at EY. He has been a pen tester for over 5 years. He joined EY Singapore from EY Belgium in December 2015 and has been focusing on testing IoT solutions and is part of EY’s OT Team, which focusses on security in exotic, complex systems and operational technology. Lucas is also an active member of and has released several guest blog posts on their website.


    Smart Cities

    Secure by Design Security aspects should be considered from the very beginning of the project to be effective - this offering enforces "security by design" approach. This ensures that security concerns are properly identified and addressed during design/deployment of Smart City and during its lifecycle. Because of it, Smart City is less vulnerable to attacks.

    What is the purpose of security by design for Smart Cities?

    Offering ensures the design addresses 4R's of Accountable Systems: Resistance (ability to repeal attack), Recognition (ability to detect attack), Recovery (essential services during attack and services restoration after attack), Redress (intruder accountability) by structured, and standards-based security assurance engineering.

    Why is it important?

    Security should be a part of the design, as is impacts usability and availability of system. It is commonly understood, that only controlled approach to security, from requirements to architecture and operations, ensures fulfilment. The first step is defining step is security requirements collection and analysis. Typical approach: NIST "Framework for Cyber-Physical Systems" as Smart City analysis methodology is used for development of Smart City security requirements. Protection of user privacy and compliance requirements are key decision factors. Typical advantages of doing security by design are Smart City Security Architecture as Accountable System, addressing services risks through intelligent infrastructure 4R fulfilment

  • Stephen Kho
    Managing Principal, Cyber Security Services
    Micro Focus
    Date: 21 September 2017
    Time: 1100 - 1140 hrs
    Venue: Auditorium, Hall 406, Level 4

    Stephen is currently the Managing Principal within Hewlett Packard Enterprise (HPE) Consulting Services for the Australia, New Zealand and SE Asia regions where his team delivers professional services across several technologies and security capabilities including SIEM, data encryption, application security and Security Intelligence Operations (people & process).

    Prior to joining HPE, he was CISO Program Manager and Researcher at KPN in Netherlands.  He assisted the CISO in the creation of the Chief Information Security Office at KPN. Acts as deputy to the CISO to create, lead and motivate a 35 person team to address cyber security and business continuity issues at KPN, comprising of strategy and policy, ethical hacking, Computer Emergency Response Team (CERT), and business security representatives.

    He is a security professional with over 15 years of security industry experience across multiple business sectors including the financial and telecommunications.


    A second may not be a long time but in the new high data velocity world of Internet of Things (IoT) & Smart world, 1 second can represent hundreds of thousands of events flying past your security analyst.

    A highly scalable & intelligent routing capability is key to ingesting high velocity data in today’s SOC.  Real-time events correlation integrated with advanced analytics is a must in order to detect today’s advanced, multi-stage attacks that may only appear as a single event and harmless. 

    In this presentation, we will provide information on industry trend towards a flexible N:M architecture for the intelligent SOC. We will also provide examples of IoT threat detection use cases to show how cyber hunting, analytics & visualizations is used to detect previously “unknown” attacks and how this is reshaping the composition & skill sets required in an effective enterprise SOC.

  • Jennifer Koo
    Lead Attorney
    Date: 19 September 2017
    Time: 1530 - 1610 hrs
    Venue: MR 308 - 309, Level 3

    Jennifer Koo is currently the lead attorney for Microsoft Singapore. In this role, Jennifer is responsible for the company’s corporate, external and legal affairs in Singapore. This includes supporting commercial transactions and providing regulatory counsel to business groups on public policy issues such as intellectual property rights, privacy and internet security and safety. Before joining Microsoft, Jennifer was with eBay as its legal counsel responsible for Southeast Asia. Jennifer started her career in Rajah & Tann, one of the largest law firm in Singapore, focusing on intellectual property technology, entertainment and communications law. Jennifer is a co-founder of womenLEAP, a group for legal, executive and advisory professionals to connect, collaborate and network and is passionate about women in leadership.


    The presentation will provide an overview of emerging technology trends, such as blockchain and artificial intelligence, and address them in the context of cybersecurity. However as not everything is black and white, the emerging trends would be explored both from the perspective of increasing security, as well as looking at the challenges they bring with them. Furthermore, the presentation would seek to paint the picture of what lies beyond the immediate horizon – what can we expect in the future, what roles governments play in enabling this innovation, and what role will Asia Pacific play in that world.

  • Csaba Krasznay
    Security Evangelist
    Date: 20 September 2017
    Time: 1450 – 1520 hrs
    Venue: MR 310-311, Level 3

    Csaba Krasznay is Balabit's Security Evangelist. He is responsible for the vision and strategy of Balabit's Privileged Access Management solutions. He is a member of board at the Hungarian E-government Association and Voluntary Cyberdefence Coalition. He received his MSc in 2003 in Electrical Engineering at Budapest University of Technology and Economics, and his PhD at National University of Public Service, where he’s an Assistant Professor, and conducts research on the security of e-government systems. He was elected to the “Most Influential IT Security Expert of the Year 2011”.


    Following an incident, the simple question “Who did what?” is one of the most critical, yet most difficult, questions to answer. Investigating incidents related to privileged accounts can be more challenging because a malicious insider, or a skilful attacker, often cover their tracks by deleting log files. In this presentation, we will provide an overview of incident investigation best practices. We'll present a real-life incident investigation scenario and how advanced privileged access management tools can help analysts in the forensics process.