(ISC)2 Singapore LearningNeverStops Virtual Sharing #06 on 14 July 2021:
Webinar Topic: Infrastructure is the New Code – Is Your DevSecOps Ready?
Speaker: Mr. Ori Bendet, Mr. Edwin Lee
We welcome back one of our returning speakers, Mr Edwin Lee who has just joined Checkmarx as ASEAN director, provide us a brief overview on his company's profile, customer base as well as highlighting the importance of 35% of the breaches are attributed to web applications. With the ever increasing of SaaS security solutions and BYOD trend adopted by organizations, it's imperative that application security has a role to play as part of the cybersecurity eco-system.
Mr. Ori Bendet, Director of Product Management set the stage by introducing the agenda to provide a glimpse of what are the key takeways for today's webinar:
- What is Infrastructure-as-code (IaC)?
- What is KICS ?
- Live Demo
- KICS 2021 Roadmap
With the raise of cloud native technologies and the speed of DevOps, we now have new technologies to support the cloud-native infrastructure. Infrastructure-as-Code (IaC) is one of those technologies. IaC allows you to manage your infrastructure as code and manage it at the speed of DevOps. However, IaC security is a concern and can possess a real risk to your system. In this session, we discussed what are the security risks of IaC and how you can mitigate those risks using KICS, an open source project which scans and finds misconfigurations and security issues in your infrastructure code.
During the Q&A sessions, there were some interesting exchanges between attendees and Mr. Ori.
Mr Ori responded with ease and shared his experiences and point of views on how Checkmarx is able to handle such challenges.
Before we wrapped up our session, the audience were treated to a fun and entertaining Kahoot Quiz Challenge. Congratulations to all quiz winners!
We would like to thank our sponsor, Checkmarx, guest speakers; Mr. Ori Bendet & Mr. Edwin Lee and fellow members for the participation. Do join us for the next “Learning Never Stops” event brought to you by (ISC)² Singapore Chapter!
(ISC)2 Singapore LearningNeverStops Virtual Sharing #05 on 17 June 2021:
Webinar Topic: Algorithmic Weaknesses - Is the Cybersecurity workforce ready for the future
Speaker: Mr. Gerry Chng
We are delighted to able to invite one of the most renowned speakers in the industry and always able to simplify complicated topic for audience to understand.
The increased interest and adoption of Artificial Intelligence has been made possible by the perfect combination of a few important factors. Ubiquitous access to mobile devices in most developed countries, increasing compute capabilities, improved algorithms, and the ever-growing base of data has all played an important role.
The promise of such emerging technology is undoubtedly exciting, and the webinar began by highlight some of the innovative solutions deployed to solve today's challenges. As with any technology systems, we need to ensure that these are designed, built, deployed, and operated with digital trust in mind.
However, some key differences between the deterministic nature of software as we are used to, versus the probabilistic nature of AI algorithms poses challenges in simply adapting tried and tested methods to test and secure today's AI systems. In fact, there are more known issues that actual technical solutions that could solve some of these adversarial attacks on the platforms.
This talk then went on to provide several frames of references to categories attacks on AI systems. Two methods were discussed where they adopted a typical Machine Learning workflow to identify the attack surface area exposed.
But it is not just about the Cybersecurity aspects of AI.
Such technology can also be used by hackers as offensive capabilities, or by Cybersecurity professionals to augment their ability to detect and respond to such threats. A few possible use cases involving graph network analysis for anomaly detection and containment was discussed, along with the use of language models to aid in the consumption of OSINT information.
The talk concluded by highlighting a few key areas in which Cybersecurity professionals should adapt their skills to be future-ready.
01 - Cognitive Skills
02 - Diversity
03 - Technical Capabilities
04 - Data Proficiency
05 - System Thinking
06 - Community Building
The future holds a great promise - provided we engineer it right with trust and respect for humans at the center.
Through the survey feedback, many participants has expressed their appreciation to Mr. Gerry & wish he could be invited back to provide a more in-depth session especially for AI for Cybersecurity used cases.
Thank you to our guest speaker and fellow members for the participation. Join us for the next “Learning Never Stops” event brought to you by (ISC)² Singapore Chapter!
(ISC)2 Singapore Chapter LearningNeverStops Virtual Sharing #04 on 18 May 2021:
Webinar Topic: Creating value from data—secure, and PDPA-compliant
Speaker: Dr. Maximilian Tschochohei
Despite few days into Phase 2 (Heightened Alert), it has not deprived us from continuous learning. The webinar begins by Dr. Max giving us a German lesson on how to pronounce his last name as per requested by audience. This also led to our topic of the day where many didnt realise how valuable & important data is. As data volume explodes & numbers of use cases grow, many businesses have capitalized on the opportunity and reaped benefits by improving efficiency, enabling new services as well as creating new business models.
However, there are always 2 sides of the coin - data can unlock big benefits but carries big risk too. Dr Max asked "What do we learn from these data breaches?" is Tech and business out of sync? do we collect and store data we do not need? Has data privacy become an after-thought?
Data leaks are a real and significant threat and can often irreparably damage a business. To safely and effectively utilize data, organizations need to implement a data operating model. That would mean establish roles and responsibilities for managing and utilizing data around the three key data processes: Data access management, data classification, and data storage and retention.
The process of data collection must be restricted to the requirement of use cases that arises from the business goal with measurable outcomes. Organisation that require personal data must ensure written and valid customer consent is in place. for instance: if a use case requires personal data, the organization must seek and document consent from customers in line with the prevailing regulation (e.g., PDPA in Singapore)
Lastly, the building blocks for your Data architectures should be built around data protection, with data privacy-by-design.
It's a great turnout and we have received raving feedbacks from audience. Dr. Max's presentation deck can be found on our members portal. Through the survey feedback, many participants appreciate the practicality of use cases over what has taken place, what was carried out, how and why did it happened. I believed its a good learning lesson for me as it is for all of you.
Thank you to our guest speaker, Dr. Max and fellow members for the participation. Join us for the next “Learning Never Stops” event brought to you by (ISC)² Singapore Chapter!
(ISC)2 Singapore Chapter MOU Signing with AISG on 28 April March 2021:
(ISC)² Singapore Chapter has signed an MoU with AISG to plus-skill our cybersecurity professionals in AI literacy and proficiency. This partnership will see us offering a series of AI webinars/seminars and clinics to help both members. We hope to build up a pool of AI savvy cyber professionals who will make a mark in the industry. Let us join our hands to combat cyber threats with game-changing innovation.
Special appreciation to our President Victor Yeo and AI SG Mr Laurence Liew for gracing the occasion and our Event Lead Louis Sin who has orchestrated the event setup. Our heartfelt thanks to the host AI Singapore for providing the nice venue and facilities. Finally, to all those who have helped in one way or another to make this a successful start of our journey. Stay tuned for more upcoming activities.
(ISC)2 Singapore Chapter LearningNeverStops Virtual Sharing #03 on 18 March 2021:
Webinar Topic: Demystifying Digital Forensic Incident Response (DFIR) Service During COVID-19 Pandemic
Speaker: Chua Zong Fu
Data breaches happen every day and Adversary will not be resting on their laurels during COVID-19 period.
The webinar begins by introducing 6 phases of incident response and its variations across different international recognised standards such as NIST, SANS & ISO.
Zongfu echoed similar sentiments and challenges of fellow DFIR industry partners that COVID-19 have been consistently push the envelope of Incident Responders' reactions and force their business to revolutionise new ways of engagement delivery especially onsite evidence gathering and preservation may not be possible due to restriction of safe management measures
As an alternative measure, Zongfu describes the importance of exploring remote DFIR services and what organizations need to do prepare their environments for remote digital forensics and virtual incident response coupled with proper runbook or playbook so that security operations staff will be able to carry out tasks at ease during immerse pressure moment. Hence, checklist and automation are the key to the success!
Even in a non-COVID-19 era, Incident Responders are already facing many challenges due to the wide range of security vendors (ie. EDRs, SIEMs) procured by their clients. All the logs must parsed into a common event format in order to facilitate investigation and detailed analysis.
In his presentation, Zongfu has illustrated several real-life use cases and application of forensic & analysis tools (ie. SIFT, KAPE, Encase, ELK, Azure Sentinel & etc) which are utilised heavily by his team members. All presented examples and incidents described have been anonymised to maintain & protect privacy.
Through the survey feedback, many participants appreciate the practicality of use cases over what has taken place, what was carried out, how and why did it happened. I believed its a good learning lesson for me as it is for all of you.
Thank you to our guest speaker, Mr Chua Zongfu and fellow members for the participation. Join us for the next “Learning Never Stops” event brought to you by (ISC)² Singapore Chapter!
(ISC)2 Singapore Chapter LearningNeverStops Virtual Sharing #02 on 24 Feb 2021:
Webinar Topic :Democratizing External Cyber Threat Intelligence
Speaker: Alon Arvatz
What an incredible couple of days into Year of OX as we usher our first ever "Ox-spicious webinar" with Mr. Alon Arvatz, Co-Founder and Chief Products & Strategy Officer of Intsights, hosted by Mr. Anthony Lim, Director Advocate, ExCo 2020 – 2021 of (ISC)² Singapore Chapter. Arvatz shared his thought leadership in External Cyber Threat Intelligence on market trends and complications in the marketplace, challenges organizations face today, and key considerations and recommendations for organizations to adopt an effective External Cyber Threat Intelligence.
According to Arvatz, there are misconceptions about the usage, adoption and understanding of Threat Intelligence. He spoke about the "confusing marketplace" as many information security vendors featuring the term “Threat Intelligence” on their websites. He addressed several common misunderstandings such as equating Indicators of Compromise (IoCs) with Threat Intelligence. It’s paramount to have a different mindset by gaining perspectives from an attacker’s point-of-view.
Like most users, the Internet is what we experience through social media, news channels, mobile applications, emails and web browsers every day. However, there are a large number of expansive services which operates in the background and the “web” as most users know it, is just one part of a much bigger ecosystem. Differences between Clear Web vs. Deep Web vs. Dark Web were clearly articulated.
He advised that organizations and cyber security professionals need to have a clear distinction between “Data”, “Information” and “Intelligence”; that we should strive to deliver “Intelligence” which provides more relevancy, instead of "Data" and "Information". Rather than just providing actionable intelligence, we should also be looking at providing remediation and response, by performing “take downs”. These take downs can be categorized into 2 approaches.
- External e.g. taking down malicious contents - phishing sites, fake mobile apps, GitHub codes etc.
- Internal e.g. connecting to security devices to remove threats - resetting passwords etc.
Arvatz ended his presentation by underlining the importance visualization and UX design to provide instant understanding of threats, maximize investment value, reduce overheads on security operations teams, as well as a live demo on several use cases.
Lots of questions from webinar attendees during Q&A and Alon Arvatz responded with ease and shared his experiences and point of views on how Intsights had revolutionized the cybersecurity operations with its external threat protection platform, collaborating with cyber security vendors, registrars etc.
Before we wrapped up our session, we re-visited some key takeaway messages with a fun and entertaining Kahoot Quiz Challenge.
Congratulations to all quiz winners! We will be in touch with the prizes sponsored by Intsights.
Thank you to our special guest speaker, Alon Arvatz of Intsights, sponsors, members and friends for your continuous support and making our first cyber security conference of the year 2021 an unforgettable and memorable event.
Join us for the next “Learning Never Stops” event brought to you by (ISC)² Singapore Chapter!
(ISC)2 Singapore Chapter LearningNeverStops Virtual Sharing #01 on 20 Jan 2021:
Webinar Topic :Adopting a Zero-Trust Approach in your Security Organisation in the midst of COVID-19 and SoloriGate
Speaker: Aloysius Cheang
