Category: Events

CSA HKM Knowledge Sharing Event – December 2023


In the last CSA HKM Knowledge Sharing Event of the year, our expert speaker will share his experience on how to infiltrate US DoD.

During the Covid-19 pandemic meant that most of us were confined indoors. During the lockdown period, our speaker Sheikh Rizan had a brief stint with Bug Bounties. He started hacking for hackerone, bugcrowd and yeswehack. One of his targets was the US Department of Defense public Cloud hosted servers & NASA VPNs.

In the session he will tell his story of how he found several critical vulnerabilities that allowed him to exfiltrate PII (personal identifiable information) data belonging to new army recruits, reset accounts belonging to US Military personnels. All his findings were responsibly disclosed via their respective BBP and VDP programmes back in 2020. The reports had been made public at his hackerone profile.

Participants will claim 1 CPE.

DATE: December 15, 2023 (Friday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Infiltrating US DoD – The Journey & Experience
LANGUAGE: English
SPEAKER: Sheikh Rizan, Security Researcher

THE SPEAKER:
Rizan is a passionate Cybersecurity professional with more than 20 years of experience. He holds several industry relevant certifications including CISSP, CISA, OSCP, OSCE & OSWE. He had published 9 public CVEs and had reported security bugs to various Bug Bounty and VDP programmes. Rizan was also part of a Cyber security surveillance group supporting law enforcement agencies globally in lawful interception. He is currently leading a group of talented security testers for consulting firm based out of Kuala Lumpur, Malaysia. He is also a certified Trainer and had presented technical talks at several Cyber Security conferences in the region.

VIEW THE PRESENTATION: https://youtu.be/CeQXGBget2o

CSA HKM Supports the ICT Conference 2023

The Cloud Security Alliance Hong Kong & Macau Chapter is pleased to support the ICT Conference 2023, with a theme of “Embrace AI for your Digital Life”.

In order to converge the emerging technologies and create platforms integrating these edge technologies for ICT professionals, ICT conference provides a forum for the government officials, key industry professionals, and university researchers to share on the government policy, the opportunities and threats in the ICT era, as well as the latest development and applications which will help Hong Kong be constructed as a competitive smart city.

Event: ICT Conference 2023
Date: November 3, 2023  (Friday)
Time: 09:45 to 17:00
Venue: Louis Koo Cinema @ The Hong Kong Arts Centre (located at 2 Harbour Road, Wan Chai, HK)
Platform: Physical
Website: https://ictconference.hk/

CSA HKM Supports Hong Kong Cyber Security New Generation Capture the Flag Challenge 2023

The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) and the Hong Kong Productivity Council (HKPC) will jointly organise the “Hong Kong Cyber Security New Generation Capture the Flag (CTF) Challenge 2023” (The Contest) to strengthen the cyber security skills and awareness of the industry and students and encourage problem solving through teamwork, creative thinking and cyber security skills.

The Cloud Security Alliance Hong Kong & Macau Chapter is a proud supporter of the event.

The Award Presentation Ceremony will be held on December 19, 2023. Apart from presenting the awards to the winners, cyber security experts will also be on hand to share their views on cyber security and how to leverage vulnerability management solutions to improve security and security risk management. Besides, there will be two panel discussions on attack and defense techniques.​

Date:19 December 2023 (Tuesday)
Time:AM Session: 09:15 – 12:35 (Registration will start at 09:00)
PM Session: 14:30 – 17:00 (Registration will start at 14:00)
Venue:Conference Hall, 4/F, HKPC Building, 78 Tat Chee Avenue, Kowloon Tong, Kowloon
Audience:General Public, Education Sectors and SMEs
Language:Cantonese
Fee:Free (Pre-registration is required)
Event Link:https://www.hkcert.org/event_en_20231219
Online Registration:https://alt.jotfor.ms/hkcert/capture-the-flag-2023-seminar231219

CSA HKM Supports CS Summit 2023

The Cloud Security Alliance Hong Kong & Macau Chapter continues to collaborate with the Hong Kong Productivity Council and other prominent information security organizations in Hong Kong to organize the Cyber Security Summit Hong Kong 2023, which is one of the largest local cybersecurity events in the region. Previously known as the IS Summit, the event has been renamed the CS Summit to reflect a sharper focus on cyber security.

The summit’s main goal remains unchanged: to provide participants with the latest insights into information security trends and developments. Theme of this year is “Securing Enterprises to Prepare for the Pos Quantum & AI World“.

Attendees can expect a more concentrated program that delves deeper into various aspects of cyber security, addressing emerging threats, industry best practices, and innovative solutions especially related to Post Quantum and AI related topics.

Details:

Date:11 – 12 September 2023
Time:09:00 – 18:00
Venue:Room N201-N212, 2/F, New Wing, HKCEC, 1 Expo Drive, Wanchai, Hong Kong
Fee:Free (Registration is required)
Registration: https://www.cssummit.hk/registration/
Details:https://www.cssummit.hk/
Home

CSA HKM Knowledge Sharing Event – June 2023

In the past “Knowledge Sharing Session“, our focus has been on examining cloud computing and cybersecurity in the context of solution providers, cloud service providers, and vendors. However, we have not yet explored the usage of cloud computing by enterprises as cloud users.

Cloud service providers often try to persuade users to transition to a cloud environment, but is it truly convincing to adopt a cloud-first or cloud-native strategy?

In this knowledge sharing session, we are excited to welcome our new council member, Dicky Wong from New World Corporate Services Limited (New World Group Member), to guide us through his company’s cloud journey. He will discuss the nature of cloud environments, use cases for cloud computing, and best practices for security. Additionally, he will highlight the benefits and efficiency gains that can be achieved through the use of cloud technology.

Mr. Wong will also address security concerns when transitioning to a serverless PaaS cloud environment and discuss the appropriate security posture for cloud computing.

Participants will claim 1 CPE

DATE: June 29, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar (in Cantonese)
TOPIC: How can the efficiency of an organization’s operations be optimized while also enhancing cybersecurity through the use of cloud technology?
LANGUAGE: Cantonese
SPEAKER: Dicky WONG, Head of Technology Risk, New World Corporate Services Limited and Director of Cloud Security Alliance (HK & Macau) Chapter

AGENDA:

  • What is the efficiency that will create to a corporate?
  • Nature of cloud environment, use case, security setting?
  • Why we need to concern about security going serverless?
  • What security should you be concern on?
  • How to set up a suitable security posture?

THE SPEAKER:

Mr. Wong is currently the Head of Technology Risk for New World Corporate Services, a New World Group Member. He is responsible for oversight and governance for all technology and cyber related compliance, risk management, and security within the group. One of the major tasks of Mr. Wong is to define, design and implement a comprehensive and robust risk framework & protection for the group that applies to all Business Units.


Prior to that, Mr. Wong was with the Hong Kong Police Force for over 10 years and he has held several cyber crime related management positions including being in charge of the Technology Crime investigation team, took up the role of Head of the Cyber Security Centre and the lead of the Collaboration team of the Cyber Security and Technology Crime Bureau (CSTCB), Mr. WONG has gained tremendous amount of experience in technology crime investigation, setting up cyber security framework and handling cyber attacks including the large scaled cyber attacks occurred in Hong Kong.


Mr. Wong is currently volunteering as the Director of Government Relationship Development for Cloud Security Alliance (CSA HK & Macau Chapter) and also a Member of the HKSTP Data Governance Think Tank Group.


Mr. Wong is an INTERPOL accredited trainer in Computer Forensics, Certified Ethical Hacker, Certified Penetration Tester and obtained a Bachelor’s Degree in Management Economics from University of Essex, United Kingdom

VIEW THE PRESENTATION: https://youtu.be/RBGL5wnXrXo

CSA HKM Knowledge Sharing Event – May 2023

The Knowledge Sharing Event in May will be focused on another hot topic – AI and Cloud computing again.

In the Knowledge Sharing Event on ChatGPT in March, our R&D Vice Chairman – Samuel NG mentioned that Cloud Security Alliance has published a document on Cybersecurity implications of ChatGPT and further publish that into a new research publication. This topic is still hot in the IT industry.

In the forthcoming event, we invited Kevin Liu, representative from Microsoft, to talk about another hot topic how to use AI to enhance our cybersecurity posture – Microsoft’s AI-Powered Copilot. Kevin Liu is also our Education Director. He will bring us to the Multicloud Security world.

Participants will claim 1 CPE

DATE: May 11, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar (in Cantonese)
TOPIC: AI-Powered Copilot and Multicloud Security by Microsoft
LANGUAGE: Cantonese
SPEAKER: Kevin Liu, Security Technical Specialist, Microsoft and Education Director of Cloud Security Alliance (HK & Macau) Chapter

ABSTRACT:

Microsoft Security delivers new multicloud capabilities to help customers strengthen visibility and control across multiple cloud providers, workloads, devices, and digital identities. Microsoft Security Copilot, it is an AI-powered security analysis tool that enables analysts to respond to threats quickly, process signals at machine speed, and assess risk. Microsoft’s Cloud Infrastructure Entitlement Management (CIEM) solution helps organizations manage permissions and identities in the cloud. Microsoft’s Zero Trust approach to security helps organizations protect their data and resources by verifying every access request and enforcing least-privilege access principles. This sharing session will give you an overview on how Microsoft empowering Defenders with AI on security.

THE SPEAKER:

Kevin Liu is a Security, Compliance and Modern Work Technical Specialist in Microsoft. He has more than 20 years’ experience in providing advisory and solution consultation in CyberSecurity, Infrastructure and cloud for large companies across Asia Pacific region.

He is a speaker and demonstrator for major industry events in the APAC region including HKISS, APAC O2O digital resilience workshop and RSA Conference APAC.

Kevin worked for many different major IT vendors and solution provider including Microsoft, RSA Security, Symantec, Hewlett-Packard Enterprise and Orange Cyberdefense. Kevin is a CISSP, CEH and ITIL certified.

VIEW THE PRESENTATION: https://youtu.be/vZkS9IRv7z4

CSA HKM Knowledge Sharing Event – March 2023

In our second CSA HKM Knowledge Sharing Event in March, our expert speaker will talk about the ever changing DevOps, DevSecOps in the Cloud Computing environment.

Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.Developer led organizations are innovating more rapidly, cheaply, and independently than ever before as they build new products and services to keep up with ever increasing competitive market conditions. 

Open source software typically accounts for 70% to 90% of code in Web and cloud applications. There is some findings from Open Source Security and Risk Analysis report states that 98% of applications used open source and that open source libraries and components made up more than 75% of the code in the average software application. Most applications, 84%, had at least one vulnerability — the typical application had 158 vulnerabilities — and 60% of applications had at least one high-severity issue.

Organization needs to look into Application Lifecycle Security to identify misconfigurations as early as possible in the Infrastructure-as-code (IaC) development process. This means identifying code vulnerabilities and CI/CD vulnerabilities to ensure faster remediation of code misconfigurations.

In this session, the speaker will provide lifehack tips on how organizations can adopt DevSecOps with low friction and how DevSecOps benefits organization by simplifying developer experience and accelerating application development with security guardrails.

Participants will claim 1 CPE.

DATE: March 30, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Pain Points and Tips in DevSecOps
LANGUAGE: Cantonese
SPEAKER: Bill Ho – Regional Cloud Solution Architect, Palo Alto 

AGENDA:

  1. Pain points in dealing with cyber threads in DevOps cycle
  2. DevSecOps – something more than just technology change 
  3. 5 Steps to simplify DevSecOps

THE SPEAKER:

Bill Ho is a seasoned Cloud Solution Architect with more than 15 years of cloud architecture experience.  He is holding the position of Regional Cloud Solution Architect in Palo Alto Networks.  Prior to this, he worked in a few cloud related solutions providers such as Microsoft, VMWare and IBM to help customers in embarking the cloud journey.  He has lots of hand-ons experience of those solutions from those technology vendors and accredited with relevant certifications.

VIEW THE PRESENTATION: https://youtu.be/SY_h9MZsovs

CSA HKM to support the Build a Secure Cyberspace 2023 seminar

Protect Your Online Security in Web 3.0

Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organization for the “Protect Your Online Security in Web 3.0” seminar co-organised by the Hong Kong Computer Emergency Response Coordination Center, the Office of the Government Chief Information Officer and the Hong Kong Police Force.

With the development of internet and its evolvement into the third generation, the complexity of cyber-attack increases at the same time. How could we protect ourselves online? Join the seminar to learn from information security experts how to strengthen your security in the world of Web 3.0.

DATE: May 5, 2023 (Friday)

TIME: 14:15 – 17:00 (Registration starts at 14:00)

VENUE: Lecture Hall, Hong Kong Space Museum, 10 Salisbury Road, Tsim Sha Tsui, Kowloon

LANGUAGE:     Cantonese

CHARGE: Free (Pre-registration is required)

REGISTRATION: https://www.hkcert.org/event/protect-your-online-security-in-web-3-0-seminar-build-a-secure-cyberspace-2023

CSA HKM supports the Digital Economy Summit 2023


Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organization for the Digital Economy Summit 2023, an event organized by the Government of the Hong Kong Special Administrative Region and Cyberport.

Being an international innovation and technology hub with the distinctive edge of global vision and strategic connectivity with the Greater Bay Area and the rest of the world, Hong Kong is set to spur new growth leveraging opportunities brought by the National 14th Five-Year Plan and from the new opportunities worldwide. The event (rebranded from the Internet Economy Summit, IES) will unveil global and regional visions on how smart city technologies will supercharge smart economies as well as accelerate the formation of futureproof digital societies.

DATE:                          April 13-14, 2023 (Thursday and Friday)
TIME:                           09:00 – 18:00
VENUE:                       Convention Hall & Theatre 1-2, Hong Kong Convention & Exhibition Center
REGISTRATION:           https://www.digitaleconomysummit.hk/

CSA HKM Knowledge Sharing Event – March 2023

Cybersecurity in Cloud Computing is always changing. In this ever-changing world we have a lot of things happening. Our Council member – Samuel NG is a definitely a pioneer in this industry. He would like to bring in a hot topic in IT world – ChatGPT.

The rise of cyber threats in recent years has made cybersecurity an increasingly critical concern for individuals and organizations alike especially organization utilizing cloud infrastructures.

To combat these threats, there is a growing need for advanced technologies that can help identify and mitigate risks in real-time. One such technology is ChatGPT, a large language model trained by OpenAI, that can be utilized in the field of cybersecurity to provide a range of benefits in both defensive & offensive operations.

ChatGPT has the capability to analyze and understand natural language, enabling it to identify potential threats and vulnerabilities in complex data sets, including network traffic, email communications, and social media posts.

Additionally, ChatGPT can assist in developing more effective security policies and protocols, as well as provide real-time threat intelligence and incident response. As a result, ChatGPT has the potential to greatly enhance the cybersecurity landscape and improve the overall safety and security of individuals and organizations.

Participants will claim 1 CPE.

DATE: March 2, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: ChatGPT/OpenAI for Cybersecurity and Cloud
LANGUAGE: Cantonese
SPEAKER: Samuel NG, Vice Chairman of Cloud Security Alliance (HK & Macau Chapter)

AGENDA:

  • Explain about the functions of ChatGPT with demonstration
  • Explain about its relationship with Cloud Computing and CyberSecurity area
  • Explore how ChatGPT can help our CyberSecurity industry.

THE SPEAKER:

Passion fuelled cybersecurity professional with leadership trained by armed forces, Capt. (R) Samuel has extensive experience in all cybersecurity domains from both technical and management perspectives balancing “getting-hands dirty” with technological matters & executive presence working with senior management in various corporate industries, government & military sectors.

He brought value to organisations by orientating governance, controls, risks and business strategies ultimately upholding the CIA Triad (Confidentiality, Integrity, Availability) at highest standards to risk appetite accordingly. As a 14-years Malaysian army veteran with master’s degree and multiple infosec-recognised certifications, he progressed his career to Hong Kong, contributing to various sectors including: banking, telecommunication, cloud, IT infrastructures, start-ups, Cybersecurity R&D etc.

Samuel is an active member of Cloud Security Alliance Hong Kong & Macau Chapter as Vice Chairman of Programs & Research, actively participating in various cybersecurity events as speaker, panelist and moderator. Besides, he is also a guest lecturer in Hong Kong University Space, teaching subjects such as network attacks & digital forensics. Currently exercising his expertise in the Hong Kong cybersecurity commercial community, making efforts to create value in every way possible with a never-stop-learning attitude.

VIEW THE PRESENTATION: https://youtu.be/u0hNrMacDno

Post event updates:

OrganizationDescriptionsURL Link
Cloud Security AllianceCybersecurity Implications of ChatGPThttps://bit.ly/3kQtFP8
Cloud Security AllianceChatGPT discussionhttps://circle.cloudsecurityalliance.org/discussion/chatgpt-research
HKCERTAdopt Good Cyber Security Practices to Make AI Your Friends not Foeshttps://www.hkcert.org/blog/adopt-good-cyber-security-practices-to-make-ai-your-friends-not-foes
HKCERTVerify from Various Sources to Ensure Security When Searching for Answers with AIhttps://www.hkcert.org/blog/verify-from-various-sources-to-ensure-security-when-searching-for-answers-with-ai
OGCIO of HKSAR GovernmentEthical Artificial Intelligence Frameworkhttps://www.ogcio.gov.hk/en/our_work/infrastructure/methodology/ethical_ai_framework/
PCPD of HKSARGuidance on Ethical Development and Use of AIhttps://www.pcpd.org.hk/english/news_events/media_statements/press_20210818.html