Vandana Verma is a multi-award winning Cybersecurity leader, a Hands-on Senior Solution Architect at Snyk, Podcast host with ITSP, Diversity and Inclusion Advocate and an International speaker and influencer on a range of themes in Information Security, including Application Security, DevSecOps, Cloud Security and Security Careers. From being the Chair of the OWASP Global Board of Directors to running various groups promoting security to organising conferences to even delivering keynote addresses at several of them, she is engaged continuously and proactively in making the global application security community a better place for individuals, organizations and societies.
Narudom Roongsiriwong, SVP, Head of Digital Architecture, Bank of Ayudhya PCL. Narudom Roongsiriwong has been an information security professional for over twenty years with solid technical experience in architecture, data analytics, application development and cloud computing. Narudom has worked on large complex projects such as Thailand’s blockchain based National Digital ID Infrastructure. He was the technical team lead and still holds the Security and Risk Committee position at National Digital ID Co.,Ltd. He was a pioneer in setting up Thailand Banking Sector CERT. Narudom currently helps some research for Cloud Security Alliance (CSA) as APAC Research Advisory Council Member and Co-Chair of Hybrid Cloud Security Working Group. He also has a significant contribution in OWASP Thailand Chapter.
Talk: Architecting Secure Enterprise Applications
Abstract:Software implementation in medium and large enterprise environments requires well defined architecture especially in security requirements. Most of the time, the main scope of secure enterprise application architecture is in two layers, application infrastructure and application design. This presentation will first discover the components of secure application infrastructure to be used among enterprise applications. Then it will focus on secure application design such as threat modeling, security pattern and other architectural designs.
As the CISO for Bupa Asia Pacific, I have the privilege of leading a team of talented people to secure the data and systems of Bupa, its customers, and employees to become the most trusted and digitally integrated Health Services organisation in the Asia Pacific. Throughout my career of more than 26 years, I have been helping organisations achieve their security objectives by designing, implementing, and operating various information security and technology risk management projects. This broad exposure has provided me with an in-depth understanding of security, strategy, risk, and business. I was fortunate to have lived in Asia for 14 years, where I developed a keen interest in how 'cyberspace' plays an increasingly important role in geopolitics and foreign policy. This interest led me to study and achieve my Masters of Cybersecurity, Strategy, and Diplomacy from the University of New South Wales at the Australian Defence Force Academy (UNSW Canberra). Diversity and inclusion are powerful tools in solving our complex security challenges. As a father of three daughters, I want to play a leading role in shaping the world where we are defined by our acts and not the colour of our skin, gender, or nationality.
Bernard is a Director in GovTech leading the GovTech Cybersecurity consultancy team to provide risk-based consultancy services to architect the cybersecurity of Nationwide and Governmentwide strategic projects that have application services span across on-premise, hybrid and commercial cloud environment. Through his 15 years in the public sector, he has undertaken various cybersecurity roles and projects in areas of Homeland security. He held key roles such as Chief Information Security Officer (CISO) and advised on various Home Teams wide projects, established common ICT Security Governance and Security Architecture. He was also appointed as security advisor in audit and risk committee to provide security guidance to the home team's audit steering committee. Prior to joining GovTech, he has led a R&D team in the development of Security Endpoint Solution and co-authored a set of Secure Coding Practices. He was also a Solution Architect in F5 Networks and Security Lead for Government and Defence Sector to bring on security suite through application delivery platforms. He is certified ISC2 (CISSP, ISSMP, ISSEP, ISSAP, CCSP), ISACA (CISA, CDSPE), ECCouncil (CEH, CHFI), AWS(SAP, SAA, Security Speciality), Azure (Security Engineer), Scrum Alliance(CSM, CSPO), API Academy (Security Architect, Product manager)
Talk: Sustainable Application Cybersecurity approach in Agile Landscape
Abstract:The current state of meeting compliance requirements for application subscribes a “good enough” security principle. This state of mind stands to be challenged with the rapid change in business needs such as new COVID-influenced working norms that stretches the security compliance boundaries. The threat landscape has also continued to evolve and remind us about the ongoing “cyber chase”, where our trust boundaries have to be redefined in the realms of people, processes and technology domains. “Where we are now” will need a rethink. We should define the right “where we should be” security state. In this presentation, I will share some of the key sensible cybersecurity principles that help us not only maintain our security posture for our application(s), but also inject agility which acts as a tailwind to move us ahead with a pragmatic and sustainable cybersecurity undertaking.