Paul Pang is the Principal Security Strategist, APAC and Japan of Splunk with more than 20 years’ expertise in IT security and networking technology.
Paul has extensive experiences on Big Data and SIEM technology and has led more than 20 SOC (Security Operation Center) and MSSP (Managed Security Service Provider) customer projects in Asia, ranging from Nationwide CERT, sectorial SOCs, Honeynet, and even using Big Data as security research project. Prior to Splunk, Paul was the Director of Sales Engineering of Arcsight Asia Pacific and Japan.
Paul was a Certified Information System Security Professional (CISSP) from 2000, and an ISO27001 instructor.
Paul holds a Bachelor Degree in Computer Science from City University of Hong Kong and a Master Degree in Computer Science and Engineering from Chinese University of Hong Kong.
After discovering a significant incident, 49% of the SOC in organisations could not initiate an investigation within 1 hour. This is due to lack of access to proper security data, lack of effective SIEM and inability to use threat intelligence effectively. Business users open 30% of phishing emails leading to advanced malware attacks such as Ransomware. 52% are not satisfied with the actionable intelligence they receive from their SIEM and 70% want their SIEM to generate alerts that are more accurate, prioritized, and meaningful.
This session will discuss the red flags of continuing with legacy SIEMs and provide approaches adopted by companies globally and regionally for rapid response detection, incident investigation and coordination of breach response scenarios across their entire ecosystem - security and IT
Myla leads security research communications at TrendlLabs, Trend Micro’s R&D center. She heads the division of the company that monitors the security threat landscape and oversees the communication management of critical incidents.
Myla is a strategic communications expert with over 10 years of experience as a security spokesperson. She has since handled numerous public and media engagements in Europe, Asia Pacific & the Middle East, where she shares awareness and insights on digital threats and its real-world impact, along with countermeasure strategies for the computing public.
Myla is also an active supporter and advocate on the protection of children online and international movements of stopping the online commercial distribution of inappropriate images of children.
Myla holds a Master’s Degree in Business Administration from the National University in Singapore. She earned her Bachelor’s Degree in Arts and Letters, major in Communication Arts, from the University of Santo Tomas.
When people think of online attacks, what comes to mind is usually some massive attack worthy of a movie plot. The truth is a bit more prosaic: attackers care more about money than any grandiose plots. However, in the recent months there is a growing trend on "Fake News” this concept can come in different forms — disinformation campaigns, cyber propaganda, cognitive hacking, and information warfare—but there is only one central motive of campaign, the manipulation of public opinion to affect the real world. Governments, companies, and users are all waking up to how serious and damaging public opinion manipulation—as manifested in “fake news”—can be. Learn more about the techniques and methods used by actors to spread fake news and manipulate public opinion and more importantly how we can counter and deter these attacks
Andy is Chief Security Officer for Huawei Technologies USA overseeing Huawei USA's cyber security assurance program, and supporting Huawei’s global assurance program.
Andy is the Huawei global lead for the East-West Institute Global Cooperation in Cyberspace Initiative and serves as the Vice Chair of the Open Group Trusted Technology Forum, which developed the Open Trusted Technology Provider Standard (O-TTPS), recognized as ISO/IEC 20243.
Andy was the senior cyber security official of the U.S. Government from 2004-2006. Prior to joining the Department of Homeland Security, Andy was a member of the White House staff where he helped to draft the U.S. National Strategy to Secure Cyberspace (2003), after which he went to the Department of Homeland Security (DHS) where he helped to form and then led the National Cyber Security Division (NCSD) and the U.S. Computer Emergency Readiness Team (US-CERT).
Responsible organizations are beginning to manage their cyber security risk, but few address supply chain risk. This session will help organizations understand the risk they face from the global ICT supply chain – specifically, the risk of malicious taint and counterfeit products and components throughout the product life cycle: from technology development, through manufacturing and delivery, during deployment and operational life, and to end of life.
The session will highlight one of the most under-utilized ways to increase the availability of security products and services; that is, the power of buyers to influence providers and suppliers through the use of risk-informed security requirements in procurements. A tool to help buyers begin conversations with their providers – and with like-minded buyers – is the EastWest Institute (EWI) publication, "Purchasing Secure ICT Products and Services: A Buyers Guide."
The session will summarize the guide’s recommended approaches, and discuss the implications for buyers, suppliers, and government.