Guest-of-Honor speech at AVAR 2022

Mr Dias, Chairman and Kesavardhanan, CEO AVAR Asia and Founder & President of K7 Computing, distinguished guests and fellow cybersecurity practitioners, thank you for having me at this conference and welcome to Singapore.

 I understand through chats at pre-conference drinks yesterday with Kesavardhanan that there are close to 150 registered overseas delegates across 23 countries from all over the world, out of close to 350 registrations. I was also speaking to some of our overseas delegates yesterday, many are first-time visitors to Singapore. This is amazing. Congratulations to Kesavardhanan and his team for such a great turn-out.

ISACA , a non-profit thought leader, based out of the US, in the area of governance, risk, cybersecurity, cyber maturity audit, privacy and the curator of globally recognized certifications such as CISA for audit, CISM for security management, CRISC for risk and CGEIT for governance around its COBIT and CMMI frameworks has more than 165,000 members worldwide across 255 chapters in 188 countries. By the way, you don’t require a certification to be a member. Side note, did any of you also realise that it is National Computer Security Day in the US today?

Through my lenses as the President of the ISACA Singapore Chapter and Chair of OT-ISAC Executive Committee, Singapore has a very vibrant cybersecurity ecosystem. Many associations here have developed strong chapters and there is very strong public-private cybersecurity partnership among government agencies such as the Cybersecurity Agency of Singapore, GovTech, and vendors, enterprises, SMEs, educational institutions, unions and trade associations.

For instance, the ISACA Singapore Chapter, winner of the Global ISACA outstanding chapter achievement award this year, has been growing steadily with close to 3,300 members in Singapore and both our members and public have benefited through not just our near-weekly curated events but also our collaboration with many partners to level up our cybersecurity ecosystem not just locally within Singapore but also regionally and globally.

Singapore prides itself as a leading cybersecurity hub where cybersecurity leaders, trend setters and professionals like many of you out here choose to come together to cross-pollinate ideas, thought leadership and even take residence on a more permanent basis. Congratulations to Dias and Kesavardhanan for setting up the AVAR HQ in Singapore.

Opportunities are abound for cybersecurity related job roles and startups and talent is always welcome. Alike the rest of the world, Singapore is similarly short of cybersecurity talent. Yet, what’s promising is that it has a very nurturing cybersecurity ecosystem and this is through its good and reliable physical and digital infrastructure, incubation schemes, well-defined Skills Framework and progressive regulatory frameworks such as the CCoP or Cybersecurity Agency’s Cybersecurity Code of Practice, in its 2nd version, as well as PDPA or Personal Data and Privacy Act, plus the many other initiatives including trust marks, cybersecurity labelling scheme and cybersecurity licensing schemes that support our many enterprises, SMEs and startups that are too much for me to name. In fact, just yesterday, CSA released an inter-agency Blueprint to Protect Singapore from Ransomware Attacks, keeping pace with the threat landscape. To sum it up, Singapore is both a hub and village where you can realise both your career as well as personal goals and business opportunities.

Now, as cyber defenders, we are all up against an increasingly sophisticated threat landscape with growing enterprise business damage, as shared by Dr Pavan earlier. Just look at the number of APT groups out there, the number keeps growing, and how the MITRE ATT&CK Framework has also grown over the years. The ATT&CK Matrix for Enterprise has now more than 193 techniques and 401 sub-techniques across the 14 tactics groupings. And we are not just looking at Enterprise, there is also MITRE ATT&CK for ICS matrix, etc. And all these extend to the supply chain as attackers shift gears in their modus operandi. And coupling this with accelerated digital transformation, industrialization 4.0, greater interconnectivity with cloud adoption, IT/OT convergence and IoT integration, emerging tech with AI, block chain, web3 and quantum, and not forgetting geo-political tensions, there is an ever more pressing need for the community to flip the asymmetry of attacks.

And I believe we can do this, by coming together as one community, practise active cyber defense, align digital risk to business risk, as what Kesavardhanan puts it, bridge the gap to enable the business, establish trust and resilience, share threat intelligence and best practices, and therefore give the adversaries a shorter run-way with any newly created techniques and exploits. And that is also the reason why I think the AVAR conference and platform is well poised and pivotal in levelling up our cybersecurity knowledge, to avoid pitfalls and to share and apply best practices back in our separate communities at our different localities.

Once again, congratulations to Kesavardhanan and his AVAR team for a great turn out even though this is the first time AVAR is being hosted in Singapore. And also being a Judge in the Jury for the AVAR CISO awards, I also congratulate the winners amidst the many nominations. This conference has many great, diverse and wide-ranging topics of interest and I wish all of you not just a rewarding conference with many useful take-aways, but also success in establishing new connections, to learn and share with one another, and not least an enjoyable stay in Singapore. Remember, we are only as strong as our ecosystem. And I look forward to catching up with many of you at the conference and award ceremony tonight. Thank you.