CSA HKM Knowledge Sharing Event – November 2020

In last month’s knowledge sharing event, we focused in the methodology to develop and secure our PaaS environment. Do we still need to secure the cloud stem? Do we still need to secure the cloud architecture? How to secure that environment?

The common security challenges faced in the cloud stem from misconfiguration, compliance, and an exploding set of cloud infrastructure services. This session will cover how to combat these challenges and gain visibility into security, compliance, and governance vulnerabilities on your public cloud infrastructure.

We will go over the latest security offering that helps teams build a better cloud architecture. You can also look forward to hundreds of out-of-the-box, step-by-step remediation guides, enabling DevSecOps teams and cloud architects to quickly resolve vulnerabilities.

This upcoming knowledge sharing event, we invited Tony Lee, Head of Consulting of Trend Micro will lead us to the “Cloud operational excellence – Guardrails to build exceptional architecture & avoid misconfigurations“.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: November 05, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Tony Lee, Head of Consulting of Trend Micro

TOPIC: Cloud operational excellence – Guardrails to build exceptional architecture & avoid misconfigurations

THE SPEAKER:

Tony Lee is the Head of Consulting at Trend Micro – a global leader in cyber security solutions. He is responsible for the provision of security advice and solution consultation for large scale IT users and key channel partners in Hong Kong.

Tony has more than 13 years experiences in strategic planning and requirements analysis, with special focus on cloud security deployment, cyber threats response and emerging technologies analysis. As a technology evangelist for Trend Micro, he has been acting as a high profile speaker for major industry events in the region, specialized in evolving cyber threats such as ransomware and APT attacks.

Tony is a graduate of the Hong Kong Baptist University, where he received a Bachelor of Science degree in computer science.

REGISTATION: https://csakse2011.eventbrite.hk

CSA HKM Knowledge Sharing Event – October 2020

Container environment is a hot topic in cloud environment especially cloud security area. So after previous two rounds of cloud usage and SaaS cloud security talk, we now start another interesting series of cloud security talk – Cloud Container security talk. We will start our talk from OpenShift and DevSecOps. That are two hot topics in Cloud Computing and Cloud Security Area.

This month we invited William Lok, CTO and Co-founder of TechNet HK to lead us through “Transforming DevOps to DevSecOps with Redhat OpenShift“.

Today, DevOps is an inevitable way to transform the enterprise into digital era and innovate into software company. William will prepare a demo on how a container application governed by series of tool chains and deploy on RedHat OpenShift.

On top of tool chains, William will share how the security perspectives can be fulfilled by transforming DevOps to DevSecOps Journey.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: October 08, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: William Lok, CTO and Co-founder of TechNet HK

TOPIC: Transforming DevOps to DevSecOps with Redhat OpenShift

THE SPEAKER:

William Lok, CTO and co-founder of TechNet HK (http://www.technet-asia.com). He leads the company technology visions and directions. He is a frequent speaker on DevOps seminars. He plays an active role in evangelizing opensource, multi-cloud and DevSecOps adoption for Hong Kong, Macau and Taiwan enterprises.

WATCH NOW: https://vimeo.com/466411506

CSA HKM Knowledge Sharing Event – September 2020

Our knowledge-sharing session resumed since August 2020, more events will be coming. When we think about security, many of us would like to know how we train up our attack and defense skills through practice. One of the best methods is to perform a pre-defined exercise through CyberRange. But how can we ensure CyberRange is secure? So we can start to learn from one of the best CyberRange SaaS service providers – CyberBit.

This month we invited Mr. Ralph WU, Security Architect of Cyberbit – North East Asia to cover the topic: “Are you ready for Cyber War? – Training on Cloud Range Simulation platform”.

During the talk, Ralph to talk about:

  1. How Hacker make the damage ?
    1. Understand MITRE ATT&CK, why it is important to Cybersecurity Training
  2. Where is the skill gap?
    1. Leverage NICE framework as guideline of training objectives
  3. Cyberbit Cloud Range Platform
    1. Architecture
    2. Differences between Legacy Training and Range-based Training?
    3. Doing Drill Test on Cybersecurity Scenario

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: September 03, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER:

Ralph Wu, Security Architect of Cyberbit – North East Asia

TOPIC:

Are you ready for Cyber War? – Training on Cloud Range Simulation platform [Recorded Presentation]

THE SPEAKER:

Ralph Wu is the Security Architect of Cyberbit – North East Asia. He is helping different Enterprises to embraces Cyber Range platform to gear up Cyber Security Warriors get prepare for different potential outbreaks.   Ralph has more than 20 years in Infrastructure and Cybersecurity domain. Prior joining Cyberbit, he is Pre-Sales of another Israel security vendor – CyberArk which focused on Privileged Account Security on On-Prem and Cloud environment. Ralph has taken team manager role in HKT and lead a team of network and security professional to design network and security architecture for various enterprise customers in HK.

 

 

CSA HKM Knowledge Sharing Event -August 2020

In the past few months or more, the Cloud Security Alliance Hong Kong & Macau Chapter has not gathered together for any events and knowledge sharing. But at the same time, we should have adopted to the “new normal” of the event. One of the changes, definitely, is more usage of cloud services and a virtual environment.

Is Virtual Bank one of the services you would like to try? But is that secure enough?  How to use that securely? This month we invited Captain (Rtd) Samuel NG of Welab Bank to give an interesting and technical topic on “Secure your virtual banking on the Cloud”.

Exciting times for Hong Kong in the realm of Fintech. With 8 bold challengers given the honor of virtual bank licenses, innovative digital banking services are coming real soon and definitely here to stay in the pearl of oriental. Virtual banks are expected to bring new dynamics to the traditional bricks-and-mortar banking sector and enable the city to align with the world’s market in Fintech development.

Upcoming debut of Virtual Banking services packaged with innovative and creativity by riding the cloud computing to the bank of the future, this excitement, however, leads to a higher controversially dynamic cybersecurity risks. VBs offering data-centric banking services with operations heavily rely on the cloud & internet are vulnerable to malicious attacks with various intentions.

Arguably virtual banks come with less physical and legacy trails offers better security, a new sets of challenges arise in cloud security. Fuel with “Go Big or Go Home” and “Do 10x better” mindset, Welab Bank’s Cybersecurity Team always walk the extra mile out of the comfort zone enforcing trust and security while deliver customer-centric services, aiming high to be the winner in Fintech Era.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: August 06, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER:

Samuel Ng Chen Ying, Captain (Rtd) and Head of Cybersecurity Department of Welab Bank in Hong Kong.

TOPIC:

Secure your virtual banking on the Cloud [Recorded Presentation] [Presentation file]

THE SPEAKER:

Samuel graduated with a Master’s degree in Information Assurance from the National Technology University of Malaysia (UTM), and a Bachelor’s degree in Computer Science from the National Defense University of Malaysia (NDUM).

He joined Royal Malaysian Army in 2004 and subsequently commissioned as an Army officer serving Royal Signals Corps (Radio Communications and ICT) with various appointments, from Radio Troop Commander, 2nd in Command of a Signal Squadron to Aide De Camp (Special Officer) of The Director-General of Royal Signals Regiment of the Malaysian Army.

He was frequently invited as speakers on cybersecurity topics among the Armed Forces and Universities. Samuel holds multiple industry-recognized certifications including CREST, Offensive Security, and ISC(2). Upon his retirement from the army, Samuel continued to pursue his passion in cybersecurity and held various positions including lecturer, red team, penetration tester, cyber incident responder, and IT security auditor.

[Introductory Slides – CSAHKM – 200806]

CSA HK&M Event Resume on 6 Aug 2020

Dear members and fellow colleagues,

We have not met or arrange knowledge sharing last year. The Covid-19 virus created a long social distance for us to group together. But as we all know Cloud Environment is changing so fast, if we don’t keep up our knowledge together, we will be left behind.

In the past 6 months, I participated in a number of CCSP and CCSK training and coaching in Hong Kong and Asia Pacific region. We can see that more and more people are using cloud computing environment. Usually, security specialists will ask the following questions – How can we secure our applications and infrastructure in our cloud environment? How can we support the multi-cloud environment? How can we make use of container environment to build up a secure and portable application? Any standard that can we use in cloud security assessment and audit?

Definitely, as we get together we will have more and more questions, idea, and knowledge that we can share.

So CSA HK&M chapter after the formation of our new council and committee for 2020, we would like to bring our knowledge sharing to another new platform for the new normal environment.

In this series of coming activities, CSA HK&M knowledge sharing session will become monthly regular lunch time webinar mode. The first event will be on “Securing your Virtual Bank in the Cloud” by the Security team of Welab. They definitely will be able to share their experience and idea about the virtual bank.

Stay tune for new updates.

Ricci IEONG, Vice Chairman Professional Development
Kelvin WONG, Education Director (Hong Kong)
Kevin LAM, Education Director (Macau)

Cloud Security Workshop in IS Summit 2018 (Sep 18 – 19)

Cloud Security Alliance (HK & Macau Chapter) Council member – Ricci IEONG has organised a Cloud Security Workshop – Implementing your infrastructure securely in public cloud on 18 – 19 Sep 2018. This workshop is part of the event within IS Summit 2018.

During the workshop, we will talk about how to secure the infrastructure within a public cloud environment from IaaS (and may be PaaS) cloud user perspective. Participants will experience the way to secure the cloud environment through practical lab exercise.

The workshop content has been re-written based on previous content conducted in IS Summit 2016. So it is not just a re-fresh but a brand new experience in learning practical cloud security in both Azure and AWS environment.

This workshop will be able to enrich the knowledge and practical skill of participants on top of cloud security concept and theory from CCSK and CCSP training.

Any one interested in the workshop, please check the link: https://www.issummit.org/show_session.asp?nav=2&code=ws7

Other available workshops can be found in https://www.issummit.org/workshops.asp?nav=2

CSA HKM Education Director Talks at Cloud Asia Expo 2018

Cloud Expo Asia is an unrivalled, multi-awarding winning event platform. For technology professionals it is a place to learn from world leading experts and source best-of-breed cloud technology and services. For technology vendors it offers 2 unmissable days of networking, lead and business generation. It is held in 16 – 17 May 2018 in HKCEC, Hong Kong.

Cloud Security Alliance is a supporting organisation of this event.

This year, our newly elected Education Director – Kelvin Wong will be giving a speech during the expo. https://www.cloudexpoasiahk.com/2018-conference-programme/get-ready-for-your-cloud-security-certificates

Please feel free to come and discuss about the “hot” Cloud Security certificate.

https://www.cloudexpoasiahk.com/

CSA HKM supports PISA Security Jam 2018

PISA JAM 2018 is a full day information security conference to provide a platform to InfoSec practitioners and students to chat and exchanges their ideas.

CSA (HK & Macau Chapter) jointly organise and support the PISA JAM 2018. CSA Professional Development team worked with PISA JAM 2018 OC to organise and align a Cloud Application Security Broker (CASB) – Symantec and a Docker Security company – Aqua to send their representatives to conduct half day demo workshop on 26 May 2018 (Sat) afternoon.

During the workshop, audience and participants will be able to participate in the lab and demo exercise in the afternoon for 3 hours. Please feel free to join. CSA (HK & Macau Chapter) members can join as supporting organization member without charge.

Please feel free to go to this link to get more details and register. https://www.pisa.org.hk/upcoming-events/531-pisa-security-jam-2018-pisajam2018-26-may-2018

Date:  26 May 2018 (Sat)
Target Audience:  PISA members, members of supporting organizations, full-time students in InfoSec relevant course
Venue:  HK PolyU, Hung Hom
Language:  Cantonese, with English terminology
Registration: https://bit.ly/2wuv4kO
Admission Fee:  FREE

Official CCSP Training resume in Hong Kong

Certified Cloud Security Professional (CCSP) is named to be one of the top security certificate in cybersecurity industry. Many practitioners look for official training in Hong Kong and Macau. However, as previous official training institution terminated the arrangement with ISC2, no official CCSP training has been organised for over 6 months.

Hong Kong Productivity Council (HKPC) has been recently appointed as the official training institution for ISC2 related training. So HKPC put their efforts together to re-initiate their first CCSP training on 19 – 22, 26 Mar 2018.

As training material was updated last year, audience will be able to get the updated official training materials from official instructors on CCSP training.

Besides, CSA HK&Macau chapter members will be able to get discount from HKPC as well. Please feel free to contact Ms. Tracy Choy at (852) 2788 5884 or tracyc@hkpc.org for enquiry. You can also find the information from their leaflet.

First CCSK v4 training in Hong Kong

Cloud Security Alliance has published their latest version of Certificate of Cloud Security Knowledge (CCSK) in 2017. The CCSK v4 examination started in December 2017. Afterwards, no CCSK training has been conducted in Hong Kong for  2 months already.

Now Hewlett Packard Enterprise (HPE) will organise its first CCSK v4 training in Hong Kong. It will be the first official training conducted in Hong Kong or even Asia Pacific Region. It will be organised and conducted on 12 – 14 Mar 2018.

Course code: H8P76s

Course name: Cloud Computing Security Knowledge – CCSK Plus (with exam voucher valid for 2 attempts)

Duration: 3 days

Course fee: HK$15,500 per seat

Schedule: 12-14 Mar, 2018

To be the first batch to understand and learn about CCSK v4 content, don’t miss the chance. As CSA (HK&M) Chapter, you can also enjoy more discount to the course (Membership discount till 6 Mar 2018). Please contact HPE team (chun-wah.lau@hpe.com) for more updates.

Full list of Upcoming Training Opportunities can be found in the CCSK training lists from Cloud Security Alliance web site.

If you are interested in knowing about CCSK training and examination, please check the FAQ from Cloud Security Alliance web site.