Author: ricciieong

CSA HKM Knowledge Sharing Event – May 2023

The Knowledge Sharing Event in May will be focused on another hot topic – AI and Cloud computing again.

In the Knowledge Sharing Event on ChatGPT in March, our R&D Vice Chairman – Samuel NG mentioned that Cloud Security Alliance has published a document on Cybersecurity implications of ChatGPT and further publish that into a new research publication. This topic is still hot in the IT industry.

In the forthcoming event, we invited Kevin Liu, representative from Microsoft, to talk about another hot topic how to use AI to enhance our cybersecurity posture – Microsoft’s AI-Powered Copilot. Kevin Liu is also our Education Director. He will bring us to the Multicloud Security world.

Participants will claim 1 CPE

DATE: May 11, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar (in Cantonese)
TOPIC: AI-Powered Copilot and Multicloud Security by Microsoft
LANGUAGE: Cantonese
SPEAKER: Kevin Liu, Security Technical Specialist, Microsoft and Education Director of Cloud Security Alliance (HK & Macau) Chapter

ABSTRACT:

Microsoft Security delivers new multicloud capabilities to help customers strengthen visibility and control across multiple cloud providers, workloads, devices, and digital identities. Microsoft Security Copilot, it is an AI-powered security analysis tool that enables analysts to respond to threats quickly, process signals at machine speed, and assess risk. Microsoft’s Cloud Infrastructure Entitlement Management (CIEM) solution helps organizations manage permissions and identities in the cloud. Microsoft’s Zero Trust approach to security helps organizations protect their data and resources by verifying every access request and enforcing least-privilege access principles. This sharing session will give you an overview on how Microsoft empowering Defenders with AI on security.

THE SPEAKER:

Kevin Liu is a Security, Compliance and Modern Work Technical Specialist in Microsoft. He has more than 20 years’ experience in providing advisory and solution consultation in CyberSecurity, Infrastructure and cloud for large companies across Asia Pacific region.

He is a speaker and demonstrator for major industry events in the APAC region including HKISS, APAC O2O digital resilience workshop and RSA Conference APAC.

Kevin worked for many different major IT vendors and solution provider including Microsoft, RSA Security, Symantec, Hewlett-Packard Enterprise and Orange Cyberdefense. Kevin is a CISSP, CEH and ITIL certified.

VIEW THE PRESENTATION: https://youtu.be/vZkS9IRv7z4

CSA HKM Knowledge Sharing Event – March 2023

In our second CSA HKM Knowledge Sharing Event in March, our expert speaker will talk about the ever changing DevOps, DevSecOps in the Cloud Computing environment.

Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.Developer led organizations are innovating more rapidly, cheaply, and independently than ever before as they build new products and services to keep up with ever increasing competitive market conditions. 

Open source software typically accounts for 70% to 90% of code in Web and cloud applications. There is some findings from Open Source Security and Risk Analysis report states that 98% of applications used open source and that open source libraries and components made up more than 75% of the code in the average software application. Most applications, 84%, had at least one vulnerability — the typical application had 158 vulnerabilities — and 60% of applications had at least one high-severity issue.

Organization needs to look into Application Lifecycle Security to identify misconfigurations as early as possible in the Infrastructure-as-code (IaC) development process. This means identifying code vulnerabilities and CI/CD vulnerabilities to ensure faster remediation of code misconfigurations.

In this session, the speaker will provide lifehack tips on how organizations can adopt DevSecOps with low friction and how DevSecOps benefits organization by simplifying developer experience and accelerating application development with security guardrails.

Participants will claim 1 CPE.

DATE: March 30, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Pain Points and Tips in DevSecOps
LANGUAGE: Cantonese
SPEAKER: Bill Ho – Regional Cloud Solution Architect, Palo Alto 

AGENDA:

  1. Pain points in dealing with cyber threads in DevOps cycle
  2. DevSecOps – something more than just technology change 
  3. 5 Steps to simplify DevSecOps

THE SPEAKER:

Bill Ho is a seasoned Cloud Solution Architect with more than 15 years of cloud architecture experience.  He is holding the position of Regional Cloud Solution Architect in Palo Alto Networks.  Prior to this, he worked in a few cloud related solutions providers such as Microsoft, VMWare and IBM to help customers in embarking the cloud journey.  He has lots of hand-ons experience of those solutions from those technology vendors and accredited with relevant certifications.

VIEW THE PRESENTATION: https://youtu.be/SY_h9MZsovs

CSA HKM Knowledge Sharing Event – March 2023

Cybersecurity in Cloud Computing is always changing. In this ever-changing world we have a lot of things happening. Our Council member – Samuel NG is a definitely a pioneer in this industry. He would like to bring in a hot topic in IT world – ChatGPT.

The rise of cyber threats in recent years has made cybersecurity an increasingly critical concern for individuals and organizations alike especially organization utilizing cloud infrastructures.

To combat these threats, there is a growing need for advanced technologies that can help identify and mitigate risks in real-time. One such technology is ChatGPT, a large language model trained by OpenAI, that can be utilized in the field of cybersecurity to provide a range of benefits in both defensive & offensive operations.

ChatGPT has the capability to analyze and understand natural language, enabling it to identify potential threats and vulnerabilities in complex data sets, including network traffic, email communications, and social media posts.

Additionally, ChatGPT can assist in developing more effective security policies and protocols, as well as provide real-time threat intelligence and incident response. As a result, ChatGPT has the potential to greatly enhance the cybersecurity landscape and improve the overall safety and security of individuals and organizations.

Participants will claim 1 CPE.

DATE: March 2, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: ChatGPT/OpenAI for Cybersecurity and Cloud
LANGUAGE: Cantonese
SPEAKER: Samuel NG, Vice Chairman of Cloud Security Alliance (HK & Macau Chapter)

AGENDA:

  • Explain about the functions of ChatGPT with demonstration
  • Explain about its relationship with Cloud Computing and CyberSecurity area
  • Explore how ChatGPT can help our CyberSecurity industry.

THE SPEAKER:

Passion fuelled cybersecurity professional with leadership trained by armed forces, Capt. (R) Samuel has extensive experience in all cybersecurity domains from both technical and management perspectives balancing “getting-hands dirty” with technological matters & executive presence working with senior management in various corporate industries, government & military sectors.

He brought value to organisations by orientating governance, controls, risks and business strategies ultimately upholding the CIA Triad (Confidentiality, Integrity, Availability) at highest standards to risk appetite accordingly. As a 14-years Malaysian army veteran with master’s degree and multiple infosec-recognised certifications, he progressed his career to Hong Kong, contributing to various sectors including: banking, telecommunication, cloud, IT infrastructures, start-ups, Cybersecurity R&D etc.

Samuel is an active member of Cloud Security Alliance Hong Kong & Macau Chapter as Vice Chairman of Programs & Research, actively participating in various cybersecurity events as speaker, panelist and moderator. Besides, he is also a guest lecturer in Hong Kong University Space, teaching subjects such as network attacks & digital forensics. Currently exercising his expertise in the Hong Kong cybersecurity commercial community, making efforts to create value in every way possible with a never-stop-learning attitude.

VIEW THE PRESENTATION: https://youtu.be/u0hNrMacDno

Post event updates:

OrganizationDescriptionsURL Link
Cloud Security AllianceCybersecurity Implications of ChatGPThttps://bit.ly/3kQtFP8
Cloud Security AllianceChatGPT discussionhttps://circle.cloudsecurityalliance.org/discussion/chatgpt-research
HKCERTAdopt Good Cyber Security Practices to Make AI Your Friends not Foeshttps://www.hkcert.org/blog/adopt-good-cyber-security-practices-to-make-ai-your-friends-not-foes
HKCERTVerify from Various Sources to Ensure Security When Searching for Answers with AIhttps://www.hkcert.org/blog/verify-from-various-sources-to-ensure-security-when-searching-for-answers-with-ai
OGCIO of HKSAR GovernmentEthical Artificial Intelligence Frameworkhttps://www.ogcio.gov.hk/en/our_work/infrastructure/methodology/ethical_ai_framework/
PCPD of HKSARGuidance on Ethical Development and Use of AIhttps://www.pcpd.org.hk/english/news_events/media_statements/press_20210818.html

Followup after January 2023 Knowledge Sharing Event

After our January 2023 Knowledge Sharing Event, we mentioned that we have totally 15 sample questions from CCSK, CCSP and CCAK examinations for participants, members and any interested parties to explore.

As part of the requirement for “Special discount” to participants, you can click to the link and answer the questions here.

You will have to answer the questions with valid email account. After we collect your attempts and email account and preference in which certificate/certification training, we will select lucky winner(s) and contact you directly. You can only perform one attempt the questions.

We will complete the challenge by 15 Feb 2023. Happy attempt.

CSA HKM Knowledge Sharing Event – January 2023

Chinese New Year is coming and it is a good time to plan your learning process and schedule.

In this year the Cloud Security Alliance Hong Kong & Macau Chapter will continue to lead and conduct more cloud security and audit training. In February and March 2023, CSA HKM and Hatter Company Limited jointly organized two RTTP supported Cloud Security Training courses.

How to prepare, understand and get the best training that drives your career plan. In this Knowledge Sharing Event, Ricci Ieong, Vice-Chairman of Cloud Security Alliance (HK & Macau) chapter will share different context and direction of different cloud security trainings (such as CCSK, CCAK, CCSP).

Participants will claim 1 CPE.

DATE: January 31, 2023 (Tuesday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Plan your Cloud Security Training for this year
LANGUAGE: Cantonese
SPEAKER: Ricci IEONG, Vice Chairman of Cloud Security Alliance (HK & Macau Chapter)

AGENDA:

  • Comparison of different cloud security certificate/certification courses
  • Highlights about the different certificate examinations and preparation for examinations
  • Understand other Cloud Computing Training by Cloud Security Alliance
  • Special discount will be given to (selected) participants.

THE SPEAKER:

Dr. Ricci Ieong is one of the course developers and one of the four pioneer trainers of the CCAK course worldwide. Dr. Ieong is a qualified Certificate of Cloud Security Knowledge (CCSK) instructor and grandfathered to teach the Certificate of Cloud Auditing Knowledge (CCAK). He is also an authorized ISC2 Certified Cloud Security Professional (CCSP).

Apart from running his consulting business, Dr. Ieong delivers lectures in local universities. He is both an Adjunct Assistant Professor teaching Cybersecurity courses and an authorized trainer in AWS Academy in Hong Kong University of Science and Technology (HKUST). He teaches Applied Blockchain and Cryptocurrencies course at Chinese University of Hong Kong (CUHK).

Dr. Ieong is the Vice Chairman of professional development of Cloud Security Alliance (HK & Macau Chapter) and has served on CSA Cloud Incident Response Working Group and Certificate of Cloud Auditing Knowledge (CCAK) Working Group. He is an active speaker at numerous security events, including CSA summits, in Hong Kong and throughout APAC. He is one of the recipients of 2021 Ron Knode Service Award awarded by CSA.

REGISTRATION: https://csahkmkse2301.eventbrite.hk

Followup links to 15 sample questions from CCSK, CCSP and CCAK exam.

Christmas Gift for CSA HKM Members

World cup 2022 is completed and Christmas time is coming. Merry Christmas to all of you. We will have our knowledge sharing talk on 22 Dec 2022 (Thursday) as usual in lunch time. Don’t miss the opportunity to learn something from our China based Service Provider.

Other than knowledge sharing session, we would also like to announce some more Christmas gifts for all of you, our members, the CCAK and CCSK class discounts.

We will organize our second round CCAK training. Our CCAK 2 days training class will be conducted before end of this year on 28 – 29 Dec 2022. As a Christmas gift to our members, you can get 40% off Special Christmas discount for non-RTTP applicants.

There will be another CCAK 3 days training to be held on 3 – 5 Jan 2023 for more hands on training for Cloud Audit.

Besides, CSA (HK and Macau Chapter) together with Hatter Company Limited also achieved to get RTTP funding support for CCSK Training (with examination token). If you plan to take CCSK exam in the coming year, the actual amount you need to pay cover the examination token, course material and course lecture that you can learn more together. The CCSK training will be held on 20 – 21 Feb 2023 for CCSK Basic training (2 days) or 20 – 22 Feb 2023 CCSK Plus training (3 days).

You can always register through RTTP web site or contact the training vendor here.

CSA HKM Knowledge Sharing Event – December 2022

It is coming to the end of 2022. In this year, the Cloud Security Alliance Hong Kong & Macau Chapter has organized a number of knowledge sharing events on various topics and in December, we will discuss how to enhance the security posture of cloud nature environment.

In the December event, we will hear from China based software security vendor Beijing Anpro Information Technology Co., Ltd. (北京安普諾資訊技術有限公司) on how they look at CyberSecurity and how they develop their products. Their co-founder 李浩 will share with us about how to secure Cloud Native Environment through DevSecOps environment. This will be our first event conducted in Putonghua.

DATE: December 22, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: 雲原生場景下軟體供應鏈風險治理技術淺談
LANGUAGE: Putonghua
SPEAKER: 李浩,懸鏡安全技術合夥人

Participants will claim 1 CPE.

AGENDA:

隨著容器、微服務等新技術的快速反覆運算,開源軟體已成為業界主流形態,開源和雲原生時代的到來導致軟體供應鏈越來越趨於複雜化和多樣化,網路攻擊者開始採用軟體供應鏈攻擊作為擊破關鍵基礎設施的的重要突破口,從而導致軟體供應鏈的安全風險日益增加。本次分享將包含如下內容:雲原生時代面臨的應用安全風險、軟體供應鏈源頭開源風險治理實踐、新一代代碼疫苗技術進化之路及 DevSecOps 敏捷安全技術演進趨勢。

THE SPEAKER:

李浩,懸鏡安全技術合夥人,擁有 10 年多的網路安全應用全棧技術開發、應用逆向、安全開發諮詢及安全培訓經驗。已獲得 CISP 註冊資訊安全工程師、等保建設專業人員等資質,並擁有多項原創發明專利授權,曾獲得「2020 安在網安強中強大賽」冠軍榮譽。長期深度參與懸鏡 DevSecOps 智適應威脅管理解決方案的研究工作。目前,主要負責懸鏡安全華南區全線產品解決方案諮詢、售前支援、產品交付及專案管理等工作。

VIEW THE PRESENTATION: https://youtu.be/UwdYvXSMqAU

CSA HKM Knowledge Sharing Event – November 2022

After the successful staging of the Cloud Security Alliance Hong Kong & Macau Summit on October 12, it is time to go back to the regular CSA Knowledge Sharing Event in November.

This month we will look into cloud security from an attacker’s viewpoint. As we mentioned before, despite the fact that cloud environment is quite secure after many years of enhancement, attacks still happen.

In our next Knowledge Sharing Event, we invited Boris So, a technical professional, to bring us into the cloud security from the “dark side”. Boris is a technical expert and has in-depth knowledge in hacking and security attack. He will be showing us more information about common attack to cloud workloads with demonstration.

Participants will claim 1 CPE.

DATE: November 24, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Attacks on Cloud Workloads
Media of Language: Cantonese
SPEAKER: Boris So, OWASP HK Chapter Lead,  Cloud Service Provider Technical Expert

AGENDA:

  • Address common attacks targeting cloud workloads, with demonstration simulating a major incident hitting the global news headline as well as other complicated attack vectors discovered in red team exercises.
  • From the attack paths identified in these scenarios we are able to draw an abstract pattern of how attackers find a way in and escalate privilege.
  • Finally we will try to go back to answer the fundamental question: is the cloud secure?

THE SPEAKER: 

Boris is a software security specialist specializing in software design and architecture, threat modeling, secure programming and static code analysis, penetration and simulation test, code obfuscation, steganography, as well as rootkit research.

Currently Boris is working in a major cloud service provider, where he joined from one of the world’s leading US financial services institutes.

He is also the OWASP HK chapter lead, and he holds 2 US patents, 2 bachelor degrees in computing and surveying, and 2 master degrees in computer forensics and applied psychology.

Boris is an enthusiast in aviation and he holds a private pilot license. During his free time, he is probably spending his time flying while not hacking.

VIEW THE PRESENTATION: https://youtu.be/W8-Ssmy_8lk

More Trainings about Cloud Security in the Cloud Security Alliance

Last week, when I taught the CCSP class by ISC2 in Hong Kong Productivity Council, I discussed with the participants in our cloud journey about the upcoming trend in Cloud Security which are Cloud Data Security, Zero Trust and Cloud Audit.

Almost at the same time, Cloud Security Alliance published the new document about Cloud Data Security and Zero Trust Training.

Cloud Data Security is one of the most important elements within Cloud Security. So CSA published the Understanding Cloud Data Security and Priorities. This summarises what should be the priorities in defining cloud data security aspects. More details can be found in this link.

Zero Trust Technology is considered as one of the hot topics in this year. Many companies mentioned about their solutions related to Zero Trust. In fact, Zero Trust Technology is not just a specific product but a philosophy and mindset. CSA CTO Daniele Catteddu mentioned about this in both the ISSummit 2022 event and also in CSA HK & Macau Chapter Summit 2022 event that held this month. In the presentation, Daniele also mentioned that CSA is going to develop a micro training series which is open and free for everyone. So it is definitely a good time for us to learn online together.

In the event, Daniele also mentioned about Cloud Audit Training which is CCAK training. After some time, we (CSA and Hatter Company Limited) successfully get the CCAK and hopefully CCSK (another flagship training by Cloud Security Alliance) to be officially endorsed by VTC under the RTTP program. Our first public class will be held on 7 – 9 Nov, 2022 (virtually through zoom). Seats are still available for registration.

Lastly, CSA also prepared some Cloud Security for Financial Services webinar. So anyone can check in and join the webinar.

Happy Learning.

Certificate of Cloud Auditing Knowledge (CCAK) – More classes in Hong Kong and Macau

After announcing our first local class on Certificate of Cloud Auditing Knowledge (CCAK) class in Hong Kong, we received more official supports from VTC that more of our CCAK class are now officially accepted RTTP approved training programs (That is, 66% off from the listed price of the course).

In the coming 2 months, we will have 4 available CCAK classes that available for interested parties at different pace. 2 days, 3 days and weekly evening classes are available for different participants to take the class online.

In order to catch this training opportunity for yourself or your company offered by Cloud Security Alliance (HK & Macau) chapter and Hatter Company Limited, you can check the list of courses within the schedule CCAK class schedule.

If you are interested in registering the class, you can register in the RTTP web site or in Hatter Company CCAK class site.

More cloud security and audit class will be available soon.

Happy Learning.