CSA HKM Knowledge Sharing Event – December 2020

Christmas is coming and we all wish Covid-19 will be over soon. Cloud Security Alliance Hong Kong & Macau Chapter is arranging another Knowledge Sharing Event on December 17, 2020, a week before Christmas.

As a continuation of the last two Knowledge Sharing Event, we continue to focus on hot cloud security topic – PaaS and Microservices Security topics.

Security microservices provide security functionality, such as encryption and authentication, to calling applications. As microservices (e.g. ‘serverless’ RESTful JSON APIs) become more common in both the cloud and internal architectures, there is a trend towards including hardware security module (HSM) based services, making strong security functionality readily available to applications. In this session, you will learn:

* Why microservices are becoming fashionable
* How security microservices make security easier
* Examples of security microservices

This talk will be delivered by Ian Christofis, Principal Managing Consultant, nCipher Security (an Entrust company).

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: December 17, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Ian Christofis, Principal Managing Consultant, nCipher Security (an Entrust company)

TOPIC: Security Microservices – A New Trend


Ian Christofis is a specialist in information security, including cryptographic security, Public Key Infrastructure (PKI) and identity & access management. He combines a strong understanding of the commercial and strategic business issues with a detailed knowledge of the technology.

He is a Certified Information System Security Professional (CISSP), a Founding Board Member of the Cloud Security Alliance (CSA) Hong Kong & Macau Chapter, sits on the Editorial Board of the Professional Information Security Association (PISA) Journal, and a member of the International Association for Cryptologic Research (IACR).

WATCH PRESENTATION: https://youtu.be/dga_gxwfftQ

PRESENTATION FILE: https://bit.ly/2KvbKM2

CSA HKM Knowledge Sharing Event – November 2020

In last month’s knowledge sharing event, we focused in the methodology to develop and secure our PaaS environment. Do we still need to secure the cloud stem? Do we still need to secure the cloud architecture? How to secure that environment?

The common security challenges faced in the cloud stem from misconfiguration, compliance, and an exploding set of cloud infrastructure services. This session will cover how to combat these challenges and gain visibility into security, compliance, and governance vulnerabilities on your public cloud infrastructure.

We will go over the latest security offering that helps teams build a better cloud architecture. You can also look forward to hundreds of out-of-the-box, step-by-step remediation guides, enabling DevSecOps teams and cloud architects to quickly resolve vulnerabilities.

This upcoming knowledge sharing event, we invited Tony Lee, Head of Consulting of Trend Micro will lead us to the “Cloud operational excellence – Guardrails to build exceptional architecture & avoid misconfigurations“.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: November 05, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Tony Lee, Head of Consulting of Trend Micro

TOPIC: Cloud operational excellence – Guardrails to build exceptional architecture & avoid misconfigurations


Tony Lee is the Head of Consulting at Trend Micro – a global leader in cyber security solutions. He is responsible for the provision of security advice and solution consultation for large scale IT users and key channel partners in Hong Kong.

Tony has more than 13 years experiences in strategic planning and requirements analysis, with special focus on cloud security deployment, cyber threats response and emerging technologies analysis. As a technology evangelist for Trend Micro, he has been acting as a high profile speaker for major industry events in the region, specialized in evolving cyber threats such as ransomware and APT attacks.

Tony is a graduate of the Hong Kong Baptist University, where he received a Bachelor of Science degree in computer science.

REGISTATION: https://csakse2011.eventbrite.hk



軟體定義邊界(Software Defined Perimeter, SDP)是一個能夠為OSI七層協定棧提供安全防護的網絡安全架構,實現資產隱藏,並在允許連接到隱藏資產之前使用單個數據包通過單獨的控制和數據平面建立信任連接。 使用SDP實現的零信任網絡使組織能夠更好防禦新變種攻擊方法,以及改善企業所面臨攻擊面日益複雜和擴大的安全困境。

從本質上講,零信任是一種網絡安全概念,其核心思想是組織不應自動信任傳統邊界內外的任何事物,並旨在捍衛企業資產。 實施零信任需要在授予訪問許可權之前驗證所有嘗試連接到資產的事物,並在整個連接期間對會話進行持續評估。

軟體定義邊界(SDP)是零信任策略的最高級實現方案。 CSA已採用並宣導將以下結構應用於網絡連接:

  • 將建立信任的控制平面與傳輸實際數據的數據平面分開。
  • 使用動態全部拒絕(deny-all)防火牆(不是完全deny-all,而是允許例外)來隱藏基礎架構(例如,使伺服器變”黑”,不可見)
  • 丟棄所有未經授權的數據包並將它們用於記錄和分析流量。
  • 訪問受保護的服務之前,通過單包授權(SPA)協定來認證和授權使用者以及驗證設備。
  • 最小授權在此協定中是自帶的。



CSA HKM Knowledge Sharing Event – October 2020

Container environment is a hot topic in cloud environment especially cloud security area. So after previous two rounds of cloud usage and SaaS cloud security talk, we now start another interesting series of cloud security talk – Cloud Container security talk. We will start our talk from OpenShift and DevSecOps. That are two hot topics in Cloud Computing and Cloud Security Area.

This month we invited William Lok, CTO and Co-founder of TechNet HK to lead us through “Transforming DevOps to DevSecOps with Redhat OpenShift“.

Today, DevOps is an inevitable way to transform the enterprise into digital era and innovate into software company. William will prepare a demo on how a container application governed by series of tool chains and deploy on RedHat OpenShift.

On top of tool chains, William will share how the security perspectives can be fulfilled by transforming DevOps to DevSecOps Journey.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: October 08, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: William Lok, CTO and Co-founder of TechNet HK

TOPIC: Transforming DevOps to DevSecOps with Redhat OpenShift


William Lok, CTO and co-founder of TechNet HK (http://www.technet-asia.com). He leads the company technology visions and directions. He is a frequent speaker on DevOps seminars. He plays an active role in evangelizing opensource, multi-cloud and DevSecOps adoption for Hong Kong, Macau and Taiwan enterprises.

WATCH NOW: https://vimeo.com/466411506

雲安全聯盟大中華區發佈 《雲計算的 11 類頂級威脅》

越來越多的企業正在將數據和應用程式遷移到雲中,這帶來了獨特的資訊安全挑戰。 保護企業在雲中數據的主要責任並不完全在於服務提供者,而主要在於客戶本身。 為了使組織對雲安全問題有新的瞭解,以便他們可以就雲採用策略做出有根據的決策,CSA 大中華區發佈了新版本的《雲計算的11類頂級威脅》(中文版),本報告主要關注11個與雲計算的共用、按需特性相關的問題。 以下是本報告關注的11個主要威脅:

7.不安全的介面和 API 。

拒絕服務共享技術漏洞以及雲服務提供者數據丟失和系統漏洞之類的問題已不在本報告之列。 這表明由雲服務提供者負責的傳統安全問題似乎已經有效的緩解。 相反我們看到更多的是需要解決那些位於技術棧更高層次的安全問題這些問題是高級管理層決策的結果。

在調查中評分最高的新專案更加細微表明消費者對雲的理解日益成熟。 這些問題本質上是雲計算的固有特性表明消費者正在積極考慮向雲遷移的技術環境。 這些主題涉及潛在的控制平面缺陷元結構和應用結構故障以及有限的雲可見性。 這些新的重點與以前的《 關鍵威脅Top Threats》報告中更為突出的通用威脅風險和漏洞(即數據丟失拒絕服務)明顯不同。

CSA大中華區希望本報告能夠提高組織對最重要的安全問題及其應對措施的認識並在為雲遷移和安全性制定預算時將其考慮在內。 該報告提供了控制建議和參考示例旨在供合規風險和技術人員使用管理層也能夠從本報告的技術趨勢和概述中受益。

下載報告:雲計算的 11 類頂級威脅

(ISC)² Info Session: CCSP – The Industry’s Premier Cloud Security Certification


Earning the globally recognized #CCSP cloud security certification is a proven way to build your career and better secure critical assets in the cloud. Join ISC2’s 60-min live info-session on September 10 (Thursday) at 14:00 to learn more about the CCSP, its exam domains, experience requirements and available study resources. And, get to ask any question that will support your certification journey!

(ISC)² Info Session

Topic: CCSP – The Industry’s Premier Cloud Security Certification
Date: September 10, 2020 (Thursday)
Time: 14:00-15:00

Register now: https://www.isc2.org/News-and-Events/Webinars/APAC-Webinars?commid=432478&utm_source=csahk



雲安全聯盟大中華區在810日舉辦的CSA Summit上發佈了《使用者自治數碼身份安全白皮書》該白皮書主要是針對於希望用DID來進行技術開發或者應用落地的專案或公司需要注意的一些安全與隱私的問題分析為什麼在新的數碼化轉型過程中DID能夠解決的痛點問題並對目前國際上已有的標準和案例進行介紹。



CSA HKM Knowledge Sharing Event – September 2020

Our knowledge-sharing session resumed since August 2020, more events will be coming. When we think about security, many of us would like to know how we train up our attack and defense skills through practice. One of the best methods is to perform a pre-defined exercise through CyberRange. But how can we ensure CyberRange is secure? So we can start to learn from one of the best CyberRange SaaS service providers – CyberBit.

This month we invited Mr. Ralph WU, Security Architect of Cyberbit – North East Asia to cover the topic: “Are you ready for Cyber War? – Training on Cloud Range Simulation platform”.

During the talk, Ralph to talk about:

  1. How Hacker make the damage ?
    1. Understand MITRE ATT&CK, why it is important to Cybersecurity Training
  2. Where is the skill gap?
    1. Leverage NICE framework as guideline of training objectives
  3. Cyberbit Cloud Range Platform
    1. Architecture
    2. Differences between Legacy Training and Range-based Training?
    3. Doing Drill Test on Cybersecurity Scenario

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: September 03, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar


Ralph Wu, Security Architect of Cyberbit – North East Asia


Are you ready for Cyber War? – Training on Cloud Range Simulation platform [Recorded Presentation]


Ralph Wu is the Security Architect of Cyberbit – North East Asia. He is helping different Enterprises to embraces Cyber Range platform to gear up Cyber Security Warriors get prepare for different potential outbreaks.   Ralph has more than 20 years in Infrastructure and Cybersecurity domain. Prior joining Cyberbit, he is Pre-Sales of another Israel security vendor – CyberArk which focused on Privileged Account Security on On-Prem and Cloud environment. Ralph has taken team manager role in HKT and lead a team of network and security professional to design network and security architecture for various enterprise customers in HK.



CSA HKM Knowledge Sharing Event -August 2020

In the past few months or more, the Cloud Security Alliance Hong Kong & Macau Chapter has not gathered together for any events and knowledge sharing. But at the same time, we should have adopted to the “new normal” of the event. One of the changes, definitely, is more usage of cloud services and a virtual environment.

Is Virtual Bank one of the services you would like to try? But is that secure enough?  How to use that securely? This month we invited Captain (Rtd) Samuel NG of Welab Bank to give an interesting and technical topic on “Secure your virtual banking on the Cloud”.

Exciting times for Hong Kong in the realm of Fintech. With 8 bold challengers given the honor of virtual bank licenses, innovative digital banking services are coming real soon and definitely here to stay in the pearl of oriental. Virtual banks are expected to bring new dynamics to the traditional bricks-and-mortar banking sector and enable the city to align with the world’s market in Fintech development.

Upcoming debut of Virtual Banking services packaged with innovative and creativity by riding the cloud computing to the bank of the future, this excitement, however, leads to a higher controversially dynamic cybersecurity risks. VBs offering data-centric banking services with operations heavily rely on the cloud & internet are vulnerable to malicious attacks with various intentions.

Arguably virtual banks come with less physical and legacy trails offers better security, a new sets of challenges arise in cloud security. Fuel with “Go Big or Go Home” and “Do 10x better” mindset, Welab Bank’s Cybersecurity Team always walk the extra mile out of the comfort zone enforcing trust and security while deliver customer-centric services, aiming high to be the winner in Fintech Era.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: August 06, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar


Samuel Ng Chen Ying, Captain (Rtd) and Head of Cybersecurity Department of Welab Bank in Hong Kong.


Secure your virtual banking on the Cloud [Recorded Presentation] [Presentation file]


Samuel graduated with a Master’s degree in Information Assurance from the National Technology University of Malaysia (UTM), and a Bachelor’s degree in Computer Science from the National Defense University of Malaysia (NDUM).

He joined Royal Malaysian Army in 2004 and subsequently commissioned as an Army officer serving Royal Signals Corps (Radio Communications and ICT) with various appointments, from Radio Troop Commander, 2nd in Command of a Signal Squadron to Aide De Camp (Special Officer) of The Director-General of Royal Signals Regiment of the Malaysian Army.

He was frequently invited as speakers on cybersecurity topics among the Armed Forces and Universities. Samuel holds multiple industry-recognized certifications including CREST, Offensive Security, and ISC(2). Upon his retirement from the army, Samuel continued to pursue his passion in cybersecurity and held various positions including lecturer, red team, penetration tester, cyber incident responder, and IT security auditor.

[Introductory Slides – CSAHKM – 200806]

CSA HK&M Event Resume on 6 Aug 2020

Dear members and fellow colleagues,

We have not met or arrange knowledge sharing last year. The Covid-19 virus created a long social distance for us to group together. But as we all know Cloud Environment is changing so fast, if we don’t keep up our knowledge together, we will be left behind.

In the past 6 months, I participated in a number of CCSP and CCSK training and coaching in Hong Kong and Asia Pacific region. We can see that more and more people are using cloud computing environment. Usually, security specialists will ask the following questions – How can we secure our applications and infrastructure in our cloud environment? How can we support the multi-cloud environment? How can we make use of container environment to build up a secure and portable application? Any standard that can we use in cloud security assessment and audit?

Definitely, as we get together we will have more and more questions, idea, and knowledge that we can share.

So CSA HK&M chapter after the formation of our new council and committee for 2020, we would like to bring our knowledge sharing to another new platform for the new normal environment.

In this series of coming activities, CSA HK&M knowledge sharing session will become monthly regular lunch time webinar mode. The first event will be on “Securing your Virtual Bank in the Cloud” by the Security team of Welab. They definitely will be able to share their experience and idea about the virtual bank.

Stay tune for new updates.

Ricci IEONG, Vice Chairman Professional Development
Kelvin WONG, Education Director (Hong Kong)
Kevin LAM, Education Director (Macau)