CSA HKM Knowledge Sharing Event – December 2021

It is coming to the end of 2021 and it is time for CSA HKM to organise the last knowledge sharing event for this year. Instead of technical hardcore topics, CSA HKM would like to hold a legal and compliance event hosted by our Macau Chapter.

The Macau Cyber Security Law was legislated since December 2019. In the past 2 years, how is this law affecting the security posture of Macau? How are the related organizations reacted to this law? In this seminar, Terry Cheung, Deputy Chairman – Macau of CSA HKM, will highlight the requirements of the law and the related guideline and review the work that the related organizations, the governing bodies have been contributed for compliance and the reduction of security risks and the privacy requirements will also be discussed. 

Participants will claim 1 CPE.

DATE: December 17, 2021 (Friday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Mr. Terry CHEUNG, President of the ISACA Macao Chapter, the Deputy Chairman of Macau of CSA HKM Chapter and Managing Director of TopSOC Information Security Limited

TOPIC: Macau CyberSecurity in Action

LANGUAGE: Cantonese

THE SPEAKER:

Terry has been in IT and Information Security sectors for over 25 years. He has been working in various industries including banking, government, telecommunications, hospitality and gaming and cyber security consultancy. He has experiences in security policy development, forming new security team, design and deploy various security systems including two tiers DDoS protection service, central logging system and SIEM, ISO27001 implementation, etc. Heparticipated in the development and implementation of many systems including core banking systems, converged billing systems, ERP, HR, CRM, Call Center system, gaming and hospitality systems, etc. In the past few years, he has provided security professional services related to the Macau Cyber Security Law.

Apart from work, Terry is also the founder of the Information Systems Audit and Control Association (ISACA) Macao Chapter and the Cloud Security Alliance (CSA) Hong Kong & Macau Chapter. Currently, he is serving as the President of the ISACA Macao Chapter and the Deputy Chain of Macau of CSA HKM. He is working as the Managing Director of TopSOC Information Security Limited.

Terry holds professional qualifications such as CISP CISI CISSP CCSP CISM CISA CDPSE CITP CEng ACA MVP.

Register here for this event: https://csahkmkse2112.eventbrite.hk

CSA HKM Knowledge Sharing Event – August 2021

DevOps, DevSecOps, CI/CD Pipeline are definitely hot topics within the Cloud Computing industry. In the forthcoming knowledge sharing session, we will address issues on DevOps and CI/CD security protection, this time from the perspective of a security vendor.

In our August event, Cloud Security Alliance Hong Kong & Macau Chapter has invited Kev Hau from CheckPoint Software Technologies Ltd to talk about Modern Cloud Application Security.

Protecting applications has always been challenging. As applications grow in number, size and complexity. Cloud application are made up of multiple layers – from the cloud infrastructure, to the DevOps pipelines, the microservices (containers, serverless functions and virtual machines), the application layer and the APIs.

Today, application developers are directly provisioning applications to the cloud by using cloud platforms like AWS, Google and Azure without any additional assistance from IT or platform teams. Developers release and update software on demand in the cloud using continuous integration and continuous deployment (CI/CD) for rapid software releases and updates. In addition, modern applications are more open and connected with an increased number of APIs, which further expands the attack surface where legacy application security approach is ineffective.

To protection the modern cloud application, we need a new approach – shifting security responsibilities to those creating software, the developers, and it shifts it to the beginning of the process when the developers are provisioning infrastructure.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: 19 Aug, 2021 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Kev Hau, Head of Security Engineering, Hong Kong and Taiwan, Check Point Software Technologies

TOPIC: Modern Cloud Application Security

THE SPEAKER:

Kev Hau is the Head of Security Engineering, Hong Kong and Taiwan at Check Point Software Technologies and the Cyber Security Evangelist, a member of the CTO office. Kev has over 10 years of experience in cyber security industry. 

In Check Point, he works closely with all the Check Point partners and customers through his team of security experts by providing consultation and advice on how to deal with the cyber threat. He is also the leadership point of contact between partners, strategic customers and channels, as well as
Check Point’s product research and development team.

Kev holds a Bachelor of Science in Computer Science from Brunel University.

View the Presentation: https://youtu.be/aPU4yeME8O8

Presentation File: https://bit.ly/37Wk28b

CSA HKM Knowledge Sharing Event – June 2021

Cloud Computing is already considered to be part of the “New Normal” solution. In our last event, our speaker from Cloud Product Vendor Palo Alto Networks introduced the concept on automate multi-cloud and container security environments. If you missed the previous event, you can go back to our previous event recordings and listen to the talk as well.

In the next Knowledge Sharing Event, we will look into another direction of Cloud aspects – Cloud Transformation.

The world has moved into a new paradigm, especially since COVID-19. In a post‑pandemic world, people are the new perimeter. Transformation is everywhere : Workspaces, Clouds, Threats and networks. How can we take advantage of the IT changes and new usages to improve security and cost efficiency? And how to find the right approach to build long‑term security strategies for change?

To help you better understand the topic, Cloud Security Alliance Hong Kong & Macau Chapter invited Security Solution Director of Orange Cyberdefense – Mr. Kevin Liu to bring us to the Intelligence-led security for Cloud Transformation. In this session, Kevin will share Orange Cyberdefense’s intelligence-led approach to help our customer to face the new reality of users and applications to the cloud, in the cloud and for the cloud..

Participants will claim 1 CPE.

DATE: 17 June, 2021 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar (in Cantonese)

SPEAKER: Kevin Liu, Security Solution Director, Orange Cyberdefense

TOPIC: Intelligence-led security for Cloud Transformation

THE SPEAKER:

Kevin Liu is a Security Solution Director for Orange Cyberdefense, a security business unit for Orange Group. He has more than 20 years’ experience in providing advisory and solution consultation in cybersecurity, infrastructure and cloud for large companies across Asia Pacific region. He is a speaker and demonstrator for major industry events in the region including HK ISS, APAC O2O digital resilience workshop and RSA Conference APAC. Kevin worked for many different major IT vendors including Microsoft, RSA Security, Symantec and Hewlett-Packard. Kevin is CISSP, CEH and ITIL certified.

VIEW THE PRESENTATION: https://youtu.be/pDz8WKkWpNs

PRESENTATION FILE: https://bit.ly/3h51kPz

CSA HKM Knowledge Sharing Event – May 2021

In April, we covered the Data Security in Cloud at our Knowledge Sharing Event. In the coming Knowledge Sharing Event in May, we will come back to cloud and container security again.

Developers and DevOps teams are building and deploying code at an increasing pace. Containers and other cloud native technologies enable digital transformation. In order to secure these growing cloud native environments, enterprises need to integrate security into the software development lifecycle and protect running applications

This time we invited Palo Alto Networks cloud security architect – Felix Cheng to bring us to their Prisma Cloud solution through in-depth technical knowledge sharing. He will look into the container solution from a technical view covering how to configure, implement necessary rules and analyze incidents through collected logs.

He will share:

  1. The best practices for container security to protect running containers in production as well as secure containers across the full application life
  2. Provide unified visibility & secure Cloud Native Workload
  3. Deliver an integrated set of capabilities to respond to threats and protect cloud-native applications.
  4. Automate the remediation of vulnerabilities and misconfigurations consistently across the entire build-deploy-run lifecycle.
  5. Demo 

Participants will claim 1 CPE.

DATE: 20 May, 2021 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar (in Cantonese)

SPEAKER: Felix CHENG, Cloud Security Architect of Palo Alto Networks

TOPIC: Automate your multi-cloud and container security environments with Prisma Cloud

THE SPEAKER:

Felix Cheng is the Cloud Security Architect for Hong Kong and Taiwan at Palo Alto Networks. He designed and deployed mission critical infrastructure for service providers, airports and casinos.  Over the last few years, he focused on software solutions such as application performance monitoring and analytics, cloud services and cyber security solutions.  In his spare time, he developed a simple mobile app that helped Wi-Fi engineers to perform quick site surveys.

VIEW THE PRESENTATION: https://youtu.be/iybIcVl0OHM

CSA HKM Knowledge Sharing Event – April 2021

In April the Cloud Security Alliance Hong Kong & Macau Chapter will bring you another critical topic on cloud security – Data Security in Cloud.

When we think about data security, we will definitely focus on data encryption in the cloud.  Nowadays, data encryption and protection in the cloud is no longer just focus on one platform, but to multi-cloud and hybrid cloud environment.

Recent surveys reveal that over 80% organizations are using two or more cloud service providers. These organizations have to maintain a high operational efficiency in a hybrid and multi-cloud environment, while ensuring sound security and attaining compliance effectively, all done at the same time.  

Our April seminar will demonstrate an industry-proven way of managing encryption keys in multi-clouds to secure your cloud asset.  We have invited Wood Lam from Thales Group to lead us through this topic.  At the session you will learn:

  • What are the major concerns in migrating workloads to cloud
  • How to leverage the latest security guidelines from CSA and the Hong Kong Government
  • How to achieve “Security by Design” in a multi-cloud environment

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: 15 April, 2021 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar (in Cantonese)

SPEAKER: Wood Lam, Sales Engineer at Thales

TOPIC: Accelerating security and compliance in a multi-cloud environment

THE SPEAKER:

Wood is a security consultant who advises and provides solutions to customers to facilitate their digital transformation journey like cloud migration, data protection and key management.

Drawing from his experience in serving government, FSI and large enterprise sectors, Wood will explain how to comply with local and worldwide regulations, while helping the managements and security conscious customers in meeting their business goals.

View the Presentation: https://youtu.be/Wy_b74Md3pk

The Presentation File: CSA HKM Knowledge Sharing Event – April 2021

New updates about AWS Security events this week

This week is definitely an AWS Security Knowledge Sharing week. Just notice that there are actually 3 instead of just 2 knowledge sharing events as I mentioned in an earlier post.

There is another Cloud Security Series talk with AWS on 25 Mar 2021 at 5 – 6:30pm. The topic is Well-Architected for Security. You can register in this link.

Don’t miss that.

Two AWS Security Knowledge Sharing in a week

As updated in our previous post, CSA HKM chapter is going to organize our March Knowledge Sharing with AWS team on AWS Cloud Security Tips. If you have not register yet, remember to go to register that.

Besides, just knowing that CSA APAC is also going to organize a Cloud Security Series talk with AWS on 22 Mar 2021 at 5 – 7pm. The topic is Continuous Auditing and Compliance with AWS. You can register in this link.

Really fruitful AWS security week.

March Event Updates

Knowledge Sharing Event for Mar 2021 is on its way. AWS team will talk about tips in AWS security. It should be interesting. If you wish to listen to the AWS speakers’ previous talk, you can go to the TechConnect Series – Cloud Security. More cloud security talk can be found in the link. So don’t miss our technical in-depth talk by AWS.

Another important updates are the recent documents available for Peer-Review. CCM v4.0 has been published. That is just the first updates from CCM working group. In fact, some more useful and down to earth guidelines are on their way – Such as the CCM v4.0 Implementation Guidelines, CAIQ v4.0. These Guidelines are all available for Peer Review. Peer review will be opened until 14 Apr 2021. If you are interested, remember to start your review.

Other than that, there are more open peer reviews articles available from the link, your participations would definitely help.

Certificate of Cloud Auditing Knowledge (CCAK) Updates

Many of you may have heard that CCAK – a certificate on Cloud Auditing that jointly developed by Cloud Security Alliance (CSA) and ISACA are readily available now and the examination will be available on 22 March 2021.

Study guide are already available in ISACA bookstore.

Live events about CCAK were conducted in LinkedIn Live by Daniele Catteddu, CTO at Cloud Security Alliance and Paul Philips, Technical Research Manager, ISACA.

For more details about CCAK, please check here in the link. You can also get more information from CSA’s Circle, in the CCAK community after you register to the CSA’s Circle.

Later CCAK Training will be conducted in Hong Kong and Macau Chapter too. Stay Tune.

CSA HKM Knowledge Sharing Event – March 2021

Another great event is happening at the Cloud Security Alliance Hong Kong & Macau Chapter in March. Last month, we talked about securing cloud environment using SASE and Zero Trust. This month, we switched to secure the cloud environment from a Cloud Service Provider (CSP) perspective. This round, we invited Ken Zhang, Practice Manager of Amazon Web Services (AWS) to tell us the Top Ten AWS Security Tips.

In this session, you will hear fundamental recommendations for simple to implement, low or no cost AWS security solutions that offer potentially high impact. AWS services, including Amazon GuardDuty, AWS Security Hub and AWS CloudTrail enable better detection and response capabilities – making intrusion detection and incident response simpler and less costly than typical on-premises IT environments. It time allows, there would potentially be some AWS Console demo too. This will definitely be a resourceful session for you.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: 25 March, 2021 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar (in English)

SPEAKER: Ken Zhang, Practice Manager, Amazon Web Services (AWS)

TOPIC: Top Ten AWS Security Tips

THE SPEAKER:

Ken Zhang, Practice Manager of Amazon Web Services (AWS). Ken specializes in cloud, strategy, security, transformation, architecture and change management. He has experience helping organizations with their transformation journeys in banking, insurance, retail, health service and manufacturing. He also holds a variety of widely-recognized tech certificates and an MBA from a global top 30 business school. He is passionate about helping organizations to capture value and provide better experience to their customers.

View the Presentation: https://youtu.be/WyZv99TG5Dg