Black Hat Asia Executive Summit

Wednesday, March 27, 2019

Junior Orchid 4211

Marina Bay Sands, Singapore

Application Portal Closed

Black Hat is pleased to announce the new Executive Summit at Black Hat Asia Singapore. In 2019, cybersecurity executives are entering a new era of business influence that requires a next-generation approach to how they plan, purchase, implement, and manage data-protection technology. The Black Hat Executive Summit offers CISOs and other cybersecurity executives an opportunity to hear from a variety of industry experts who are helping to shape this next generation of information security strategy.

*Please note: In order to create an open and candid environment that promotes the sharing of ideas, thoughts, and discussion, the Executive Summit will follow Chatham House Rule; neither media nor event coverage is permitted. This program was designed for executive security practitioners; solution providers and vendor attendees are limited to event sponsors.

Advisory Board

Glen Francis
Chief Technology Officer
Singapore Press Holdings
Lidia Giuliano
Senior Security Advisor
REA Group
Tobias Gondrom
Managing Director at United Overseas Bank Limited (UOB)
Theo Nassiokas
Director, APAC Cyber & Information Security (CISO)


Jeff Moss
Black Hat & DEF CON

A career spent at the intersection of hacking, professional cybersecurity and Internet governance gives Jeff Moss a unique perspective on information security. Mr. Moss is the founder and CEO of the DEF CON hacker conference and the founder of Black Hat Briefings, two of the world's most influential information security events. Mr. Moss also served as the CSO/VP of ICANN (the Internet Corporation for Assigned Names and Numbers). His corporate experience includes work with Ernst & Young. LLC and a directorship at Secure Computing. Mr. Moss serves on the Board of Directors for Compagnie Financière Richemont SA and is an angel investor to startups in the security space. Mr. Moss actively seeks out opportunities to help shape the infosec conversation. He is currently a member of the US Homeland Security Advisory Council and the Global Council on the Stability of Cyberspace. He is a Nonresident Senior Fellow at the Atlantic Council, a lifetime member of the Council on Foreign Relations and a member of the World Economic Forum's Global Agenda Council on Cyber Security.


Click/press a title below to learn more.

Time Session
13:00 – 16:00 Registration
14:00 - 14:15 Opening Remarks
  • Jeff Moss, Founder, Black Hat, DEF CON
14:15 - 14:55 Session 1
  • Tobias Gondrom, CISO, Managing Director at United Overseas Bank Limited (UOB)
14:55 - 15:20
Endpoint Protection - Navigating Your Way Through the Maze
  • Lidia Giuliano, Senior Security Advisor, REA Group

Before you go out and buy an expensive endpoint product, do you actually know what problem you are trying solve? Do you have visibility into your network and a good understanding of what needs protecting? Many companies feel that they must invest in a next generation anti-virus (NGAV) or endpoint detect and response (EDR) product without understanding their threats.

This presentation will identify key considerations that your teams should plan for when building your business case. Testing for malware is important, but it should not be your only criteria. It is critical to know how these products work with legacy systems, ease of installation, UI, other controls and to have a sense where you are in your security maturity. You will leave knowing where to start and how to plan, based on identifying your needs vs. market hype.

15:20 - 15:40 Networking Break
15:40 - 16:05
Future-Proofing Supply Chain Against Emerging Cyber-Physical Threats
  • Steven Sim, VP, ISACA Singapore Chapter

With the advent of industrialization 4.0, the lines between cyber and physical continue to blur- this has become unavoidable. Against the gloomy backdrop of an increasingly sophisticated threat landscape, re-alignment of security posture maturity is imperative. Threats, especially the more recent NotPetya, are a rude shout-out that cyber resilience is even more key to ensuring business continuity. This session aims to share governance strategies that can be applied holistically against such threats.

16:05 - 16:30
DevSecOps: What, Why and How
  • Anant Shrivastava, Regional Director - Asia Pacific, NotSoSecure

Security is often added towards the end of a typical DevOps cycle, through manual/automated review. In DevSecOps, security can be injected at every stage of a DevOps pipeline in an automated fashion. Having a DevSecOps pipeline enables an organisation to:

  • Create a security culture amongst the already integrated "DevOps" team
  • Find and fix security bugs as early as possible in the SDLC
  • Promote the philosophy "security is everyone's problem" by creating security champions within the organisation
  • Integrate all security software centrally and utilize the results more effectively
  • Measure and shrink the attack surface

In this talk, we focus on how a DevOps pipeline can easily be metamorphosed into DevSecOps, and we will identify the accompanying benefits. The talk will discuss a number of open source tools and also the cultural changes needed to implement DevSecOps. The talk will also present various case studies on how critical bugs and security breaches affecting popular software and applications could have been prevented using a simple DevSecOps approach.

16:30 - 16:55
How Exactly Can Security Executives Mitigate Cyber Risk?
  • Theo Nassiokas, Director, APAC Cyber & Information Security (CISO), Barclays

In a world where cyber threats are becoming more complex and prolific, this presentation aims to remove the technical jargon and explain what cyber threats truly entail. Theo will use real-world examples and offer a glimpse of the biggest challenges executives are up against. This talk will connect cyber events to real actors and geopolitical events reported in the press, and identify alleged state-sponsored cyber threat actors and the alleged crimes they committed. Theo will then, in a defensible manner, explain how to quantify cyber threats.

This presentation will cover:

  • Defining cyber risk
  • Determining cyber risk profiles
  • Threats, delivery methods and actors
  • Disruption by alleged state threat actors
  • Data used to measure cyber risks
  • Quantifying cyber risk to business
  • Cyber insurance considerations
16:55 Closing Remarks
17:00 - 18:00 Networking Reception, Junior Orchid 4211 Foyer


ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out. Our breakthrough approach analyses all network interactions and applies advanced machine learning for complete visibility, real-time detection, and guided investigation. With this approach, we help the world's leading enterprises including Hasbro, Credit Suisse, Caesars Entertainment, and British Airways to rise above the noise of alerts, organisational silos, and runaway technology.

Whether you're investigating threats, ensuring delivery of critical applications, or securing your investment in cloud, ExtraHop helps you protect and accelerate your business. Learn more at

Lockpath is an enterprise software company that helps organizations understand and manage their risk. The company’s line of integrated risk management solutions provide companies with the means to efficiently and effectively identify, manage, and monitor risks, for a more agile and resilient business. Lockpath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises in more than 15 industries. The company is headquartered in Overland Park, Kansas. For more information on Lockpath, visit

Please direct inquiries to