Sharing from Industry Practitioners & Leaders

Distinguished Speakers

A sharing of “Managing Information Security at Cisco” by Dr. Kang Meng Chow (PhD, CISSP, CISA), Director, Information Security, China and APJ regions, Cisco Systems Inc., Convener, ISO/IEC JTC1 SC27 WG4 – Security Controls & Services, Board Member, SCIPP (International Advisory Board), Board Member, (ISC)2 Asia Advisory Board, Co-chair, Regional Asia Information Security Exchange (RAISE) Forum

Dr. Kang Meng Chow, Director, Information Security, China and APJ regions, Cisco Systems, Inc., shared his life-long career in InfoSecurity arena, a journey started from MINDEF to many different industries - and currently at Cisco, with 15th intake participants on 1st Oct 2010 at SIT. He set the stage with a unreserved knowledge sharing on how security governance, operations and people at Cisco systems Inc. ensure their internal - as well as external (ie: the entire Internet) systems are more secured.

He emphasized on the importance of human factor in any security design, implementation and operations “In any incident, you will find a person associate with it at the end”. He also shared the selection, training and education process in Cisco as well as ISO27000 certification process that he is currently leading. Participants were elated by Meng Chow's elegant - yet simple and clear delivery. Questions flowed out non-stop until the end of refreshment break – there were so much to learn. We thank Meng Chow for his time and sharing with us - and hope to have more with him in the future.

Professor Corey Schou, CSSLP, Fellow of (ISC)², Member of the Board of Directors, (ISC)² and Co-Chair of (ISC)² Asian Advisory Board on Sharing of "Effective Security Education and Training"

Effective security training is the cornerstone of every corporate security initiative. Mr. W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, Executive Director, (ISC)², and Former CIO, U.S. Department of the Interior, U.S.A and Professor Prof. Corey Schou, CSSLP, Fellow of (ISC)² Member, Board of Directors, (ISC)² and Co-Chair of (ISC)² Asian Advisory Board dropped by to shared their lifelong passions in security education and training with 16th intake participants.

Professor Schou shared his experience in designing and building a security programme for United Stated Department of Defense (US DOD), design of ISC2 certification programmes and how accreditations work and contribute in ever changing security landscape. Lively interactions among participants and both speakers stretched to refreshment break. Participants enjoyed opportunities to network and learn these prominent thought leaders’ global experience.

Dr Bradley Jensen, Academic Relationship Manager, Microsoft Corporation, USA, Sharing the topic of "The Importance of a Secure Development Lifecycle"

According to the recent researches, it was evident that close to 90 percent of software attacks are aimed at the application layer. Many applications remain, in large part, vulnerable. As network-based attacks are brought under control through now-mature technologies such as firewalls, intrusion prevention and other network-based control mechanisms, attacks through applications are becoming more prevalent because it's easier than through the network layer.

Dr Bradley Jensen shared how leading organizations such as Microsoft embrace Secure Development techniques and how organizations can apply these practices to improve security at the application layer including the topics on history of the Secure Development Lifecycle (SDL) at Microsoft, techniques in threat modeling & code testing, cost and efforts required to setup and practice SDL in an organization and others on 22nd Oct 08 with 12th intake participants. This sharing reinforce the IT security topics learnt in the course, such as threat modeling, as a practical and important scurity tool.

Dr Bradley Jensen is an Academic Relationship Manager with Microsoft Corporation. He brings a wealth of extensive relationship, teaching, research, product marketing, sales, and domestic/international executive experience. Dr Jensen's proven accomplishments are in Information Security, Software Development, Project Management, Strategic Alliances, E-Commerce, Strategic Marketing, P& L Management, Team Building and Consultative Selling.

Mr Abdul Hamid, Audit Director, Auditor-General’s Office, sharing the topic of "Information Security Audit - Dos and Don'ts"

Information is arguably among an enterprise's most valuable assets. Protection from predators from both within and outside has taken center stage as an IT priority for today organizations. Information security audit helps to establish the fact that the organization's information assets are classified; protection mechanisms are in place, practiced and measured.

Mr Hamid shared the key practices in information security audit based on his two decades of experience on 15th Oct 2008 with 12th intake participants. He has also cited examples of previous audit successes and failure to reinforce the Dos and Don’ts practices, drawing from his decades of experience in auditing government ministries, statutory boards and government-linked companies. There were interesting discussions and exchange among speaker, participants and teaching staff.

Mr Abdul Hamid is an audit director in the Auditor-General’s Office, Singapore, with 28 years of experience in public sector auditing. His audits of government ministries, statutory boards and certain government-linked companies over the years include financial statements audits, IT audits, information security audits and value-for-money or performance audits. He was Vice-President of Information Systems Audit and Control Association (ISACA) International Board of Directors and also Vice-President of the IT Governance Institute (ITGI) from 2002 to 2006. Prior to 2002, he served on ISACA Research Board (1999 – 2001) and was President of ISACA Singapore Chapter from 1996 to 1998. He is also a past Governor of the Institute of Internal Auditors, Singapore, and currently Treasurer of the Association of Information Security Professionals (AISP).

Mr Grant Murphy, Director, Web Gateway Security Products, Secure Computing sharing the topic of “Malware: The State of Play”

Malware continues to challenge the security community in its breadth and complexity. Mr Grant Murphy from Secure Computing shared the challenges that malware poses in areas such as MySpace and FaceBook vulnerabilities, Infected Lifestyle and RSS Feed, Multimedia Malware, MacOS X, DNS Change Router , Zero Day Exploits -Active X , and File Format Tunneling. As the Director of Web Gateway Security Products at Secure Computing, Mr Murphy holds responsibility for Secure Computing’s Web Filtering products, inclusive of the SmartFilter and Webwasher product lines.

The sharing on 6th October 2008 to 12th intake participants was peppered with Grant’s past experiences in various security products, transformation and sophistication of attack landscape from past to present and some interesting cases in United States and elsewhere.

Mr Andrew Wong, Head of Information Security, Group Risk Management, OCBC Bank

Andrew, head of Information Security, Group Risk Management, OCBC Bank, is a colourful speaker with more than 20 years of experience in developing security policies and solutions. He has implemented numerous security measures for major banking channels and internet banking systems. A well known figure in local Info Security community, Andrew is also a council member of Association for Information Security practitioners. The topic of the sharing is “Information Security, Cyber Threats and Defence”.

Andrew shared the participants with latest trends in personal security space, threats of identity theft by using real life case studies and examples. He also shared escalating cyber threats, including phishing, pharming, skimming attacks targeted at financial institutions. He concluded the session with detail case studies on various fraud attempts to ATM machines and the Internet banking systems in Singapore. Participants enjoyed this high octane knowledge sharing, which took almost two hours.

Mr Freddy Tan, Chief Security Advisor, Microsoft Asia

As a key InfoSecurity authority at Microsoft Asia and his 25 years of experience with MINDEF involving many aspects of in InfoSecurity, ranging from security policy formulation to security monitoring and incident response, Mr Tan shared the topic of "Enterprise Security - Challenges, Trends and Strategies" with participants of 11th intake. The sharing covers how current state of cyber threats moving into a new stage with criminal activities, industry trends in InfoSecurity products & services followed by local and global security initiatives. He concluded the session with some of his experiences in handling various security controls and implementations, IT Security education and certifications followed by a Q&A session. It was very educating, informative session peppered with humours enjoyed by both participants and teaching staff. Mr Tan is also a member of (ISC)2 Asia Advisory Board, Vice-President of Association of Information Security Professionals and member of National Infocomm Competency Framework (NICF) Expert Panel.

Mr Yu Chien Siang, IT Security Consultant from MHA shared his thoughts and views in IT Security with a talk titled "Securing the Intelligent Nation"

Mr Yu Chien Siang shared his insights, thoughts and ground breaking DORIS devices which aims to provide trusted eco system with participants. It was an energetic and enthusiastic sharing, which was well received by attendees – both staff and participants of the 8th intake. Mr Yu and his team demonstrated the concepts and capabilities of DORIS after fielding for Q&A – which was stretched to the refreshment break.

Mr Eddie Chau, Chairman, Firmus Security Pte Ltd

Mr Chau gave a talk on implementation of BS7799/ ISO17799 Information Security Management System Standard, 24x7 information security surveillance and integrated security logs analysis.

He shared with participants on hacking activities in the Asia-Pacific region. He walked through steps required to implement information security management system. Participants learnt how integrated security logs analysis can help administrators and IT managers to correlate a number of security logs to detect intrusion attempts.

Mr Mark Colan, IBM Technology Evangelist and Mr Jeff Miller, Senior e-Business Architect

Mark & Jeff, experts resided in United States, gave a talk on the topic of Web Services Security. During the session, they shared on the various Web Services security standards as well as their implementation in IBM's Websphere. This was followed by a lively discussion on security in web services between the speakers and participants.

Mr Joshua Feek, Senior Technology Specialist at Microsoft Singapore Pte Ltd

Mr Feek gave a talk on the security aspects of Microsoft Active Directory. He covered on both the security features provided by the AD infrastructure, as well as the new features provided with AD offered by Windows 2003. This talk provide insider view of security of Active Directory and provide participants with best practices in securing Active Directory.

Click here for Applications & Enquiries