Tag: Cloud Security

CSA HKM Knowledge Sharing Event – November 2025

The ascent of AI and Large Language Models (LLMs) introduces a new class of cybersecurity threats that target the models themselves. Adversaries are now exploiting vulnerabilities unique to these systems through attacks like prompt injection to hijack outputs, training data poisoning to corrupt behavior, and model extraction to steal intellectual property. These techniques bypass conventional security controls, making the AI a primary attack surface.

Securing AI requires a focused shift in strategy. Defenses must move beyond perimeter security to directly fortify the AI lifecycle. While many conferences extensively cover AI security methodologies, a critical gap remains: the lack of a unified, rapid-protection solution. To address this gap, the Cloudflare team will present their solution: leveraging the Cloudflare SASE platform and Gateway to create a dedicated security layer for AI. This provides a much-needed guardrail, applying the proven principles of a WAF directly to AI applications.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants may claim 1 CPE

DATE: November 27, 2025 (Thursday)

TIME: 12:30 – 01:30 pm

FORMAT: Webinar (in English)

SPEAKER: Chad LAU, Senior Solution Engineer, Cloudflare

TOPIC: From Shadow IT to Agentic AI: The Unified Platform for AI Security

CONTENT:
AI adoption brings massive productivity gains, but it also introduces significant security risks like data exfiltration. Traditional security strategies, such as blocking AI entirely, are failing. These strategies ignore the reality of how your teams and customers want to implement.

This session explores how to resolve and provide solution. Chad will introduce the Cloudflare AI Security Suite, a unified platform designed to help organizations adopt AI by managing risk, boosting productivity, and enabling secure development – all at once.

SPEAKER:
Chad is a Senior Solution Engineer at Cloudflare, where he focuses on Hong Kong with Cloud and cybersecurity solutions. Chad works with enterprise clients to design and implement strategies that protect their infrastructure and data without compromising performance.

VIEW THE PRESENTATION: https://youtu.be/-t7e8cWLNrY

CSA HKM Knowledge Sharing Event – May 2025

Modern software development technologies and processes have given rise to a software supply chain rife with vulnerabilities that attackers can exploit. In the Knowledge Sharing Event organised by Cloud Security Alliance Hong Kong & Macau Chapter on May 9, our guest speaker Aaron Zhou, Senior Solution Engineer of  Checkmarx, will help enterprise development and security teams understand what they are up against.  He will dive into some of the fastest growing and most damaging, types of software supply chain attacks.

The speaker will also present practical measures that enterprises can take to protect themselves against each of these specific attack vectors, and conclude with a holistic approach that enterprises can take to achieve comprehensive software supply chain security.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants may claim 1 CPE

DATE: May 9, 2025 (Friday)

TIME: 12:30 – 1:30 pm

FORMAT: Webinar

SPEAKER: Aaron Zhou, Senior Solution Engineer, North Asia and ASEAN, Checkmarx

TOPIC: Software Supply Chain Attack Trends in 2025: Malicious Code, Exposed Secrets, AI, Containers, and More

CONTENT:

Modern software development technologies and processes have given rise to a software supply chain rife with vulnerabilities that attackers can exploit. To help enterprise development and security teams understand what they are up against, we will dive into some of the fastest growing, and most damaging, types of software supply chain attacks. We will present practical measures that enterprises can take to protect themselves against each of these specific attack vectors, and conclude with a holistic approach that enterprises can take to achieve comprehensive software supply chain security.

SPEAKER:

With over 15 years in technology, Aaron has supported enterprise businesses across Asia Pacific and Japan in embracing digital transformation while maintaining strong security standards. He is a passionate technology leader with deep expertise in Application Security, DevOps, DevSecOps, data and information security, digital transformation, and modernizing legacy applications.

Aaron joined Checkmarx in 2022 and currently leads technical pre-sales activities across North Asia and ASEAN. Based in Singapore, his previous roles include Senior Sales Engineer and Technical Sales Specialist at Chef Software and IBM from 2008 to 2022.

VIEW THE PRESENTATION: https://youtu.be/CaAzkUuEUiY

CSA HKM Knowledge Sharing Event – March 2025

As artificial intelligence (AI) continues to evolve rapidly, it introduces new security threats that must be addressed. Ensuring the secure use of AI has become a critical topic of discussion. AI governance, particularly in compliance with ISO 23894 and ISO 42001 standards, presents new challenges such as preventing oversharing and mitigating prompt injection attacks.

In the Knowledge Sharing Event organised by Cloud Security Alliance Hong Kong & Macau Chapter on March 13, our guest speaker, Matt Wong, Senior Security Cloud Solution Architect at Microsoft, will share with you on how to establish a secure AI infrastructure in Cloud environment in Azure.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants may claim 1 CPE

DATE: March 13, 2025 (Thursday)

TIME: 12:30 – 01:30 pm

FORMAT: Webinar (in Cantonese)

SPEAKER: Matt Wong, Senior Security Cloud Solution Architect, Microsoft

TOPIC: Establish Secure AI infrastructure in Cloud Environment in Azure

CONTENT:
As artificial intelligence (AI) continues to evolve rapidly, it introduces new security threats that must be addressed. Ensuring the secure use of AI has become a critical topic of discussion. AI governance, particularly in compliance with ISO 23894 and ISO 42001 standards, presents new challenges such as preventing oversharing and mitigating prompt injection attacks.

Despite these challenges, AI offers numerous benefits, including automation and task simplification. In the realm of security operations, AI is being leveraged to reduce detection and response times, making it a powerful tool in the industry. The use of AI for security purposes is a growing trend, highlighting its significance in enhancing overall security measures.

THE SPEAKER:
Matt Wong now work in Microsoft as Senior Security Cloud Solution Architect. He worked in Cyber Security with more then 25 years of experience.

He has been in Regional Technical Consultant role in Asia Pacific Region covering team development for 21 people. He also acted as Pre-sales and Product Management positions in various listed companies. He was involved in many regional sizable Network/Security projects and he was also invited to speak at many major seminars, conferences and press releases.

​He holds more than 40 IT certificates majorly from Microsoft, FireEye, Cisco, Juniper, Websense, Bluecoat, Ciphertrust, Packeteer and Allied Telesis. He holds Master of Philosophy (M. Phil) in The Hong Kong Polytechnic University research on Network QoS/Routing Algorithm with released Journal paper. He also gains his Bachelor of Electrical and Electronic Engineering in University of Auckland during his 6 years stay in New Zealand.

View the Presentation: https://youtu.be/ZYk2r-p-mgc

CSA HKM Knowledge Sharing Event – June 2024 (Extension)

In addition to our original CSA HKM first physical knowledge sharing event after 5 years of webinar in virtual world by Dr. KANG Meng-Chow in AWS office. He will cover the topic – Pull up your SOC – thoughts on logging strategy in a heterogeneous network environment.

In addition, recently, we know that a number of organizations and HKSAR government departments and/or HKSAR government related organizations encountered various levels of cyberattack or data leakage. Some are related to improper configurations in the Cloud Access Control. But that is not just issues to HKSAR Government, but to other countries as well.

As reported by TechNewsDay.com, Four Cloud-Related Data Breaches were reported just recently. In that case, Snowflake which is an AI services provider in the Cloud may be related.

However, is that meaning we should not use cloud or should move away from the trend of Cloud Computing?

Cloud Security Alliance (HK&Macau Chapter) considered that it would be the perfect time for CSAHKM to bring up this topics to the fireside discussion after the knowledge sharing by Meng-Chow. Representative from AWS, CSA HKM and guests will discuss together – Cloud is really NOT secure?

Let’s join our discussion together.

REGISTRATION: https://csahkmkse2406.eventbrite.hk/

CSA HKM Knowledge Sharing Event – June 2023

In the past “Knowledge Sharing Session“, our focus has been on examining cloud computing and cybersecurity in the context of solution providers, cloud service providers, and vendors. However, we have not yet explored the usage of cloud computing by enterprises as cloud users.

Cloud service providers often try to persuade users to transition to a cloud environment, but is it truly convincing to adopt a cloud-first or cloud-native strategy?

In this knowledge sharing session, we are excited to welcome our new council member, Dicky Wong from New World Corporate Services Limited (New World Group Member), to guide us through his company’s cloud journey. He will discuss the nature of cloud environments, use cases for cloud computing, and best practices for security. Additionally, he will highlight the benefits and efficiency gains that can be achieved through the use of cloud technology.

Mr. Wong will also address security concerns when transitioning to a serverless PaaS cloud environment and discuss the appropriate security posture for cloud computing.

Participants will claim 1 CPE

DATE: June 29, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar (in Cantonese)
TOPIC: How can the efficiency of an organization’s operations be optimized while also enhancing cybersecurity through the use of cloud technology?
LANGUAGE: Cantonese
SPEAKER: Dicky WONG, Head of Technology Risk, New World Corporate Services Limited and Director of Cloud Security Alliance (HK & Macau) Chapter

AGENDA:

  • What is the efficiency that will create to a corporate?
  • Nature of cloud environment, use case, security setting?
  • Why we need to concern about security going serverless?
  • What security should you be concern on?
  • How to set up a suitable security posture?

THE SPEAKER:

Mr. Wong is currently the Head of Technology Risk for New World Corporate Services, a New World Group Member. He is responsible for oversight and governance for all technology and cyber related compliance, risk management, and security within the group. One of the major tasks of Mr. Wong is to define, design and implement a comprehensive and robust risk framework & protection for the group that applies to all Business Units.


Prior to that, Mr. Wong was with the Hong Kong Police Force for over 10 years and he has held several cyber crime related management positions including being in charge of the Technology Crime investigation team, took up the role of Head of the Cyber Security Centre and the lead of the Collaboration team of the Cyber Security and Technology Crime Bureau (CSTCB), Mr. WONG has gained tremendous amount of experience in technology crime investigation, setting up cyber security framework and handling cyber attacks including the large scaled cyber attacks occurred in Hong Kong.


Mr. Wong is currently volunteering as the Director of Government Relationship Development for Cloud Security Alliance (CSA HK & Macau Chapter) and also a Member of the HKSTP Data Governance Think Tank Group.


Mr. Wong is an INTERPOL accredited trainer in Computer Forensics, Certified Ethical Hacker, Certified Penetration Tester and obtained a Bachelor’s Degree in Management Economics from University of Essex, United Kingdom

VIEW THE PRESENTATION: https://youtu.be/RBGL5wnXrXo

CSA HKM Knowledge Sharing Event – May 2023

The Knowledge Sharing Event in May will be focused on another hot topic – AI and Cloud computing again.

In the Knowledge Sharing Event on ChatGPT in March, our R&D Vice Chairman – Samuel NG mentioned that Cloud Security Alliance has published a document on Cybersecurity implications of ChatGPT and further publish that into a new research publication. This topic is still hot in the IT industry.

In the forthcoming event, we invited Kevin Liu, representative from Microsoft, to talk about another hot topic how to use AI to enhance our cybersecurity posture – Microsoft’s AI-Powered Copilot. Kevin Liu is also our Education Director. He will bring us to the Multicloud Security world.

Participants will claim 1 CPE

DATE: May 11, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar (in Cantonese)
TOPIC: AI-Powered Copilot and Multicloud Security by Microsoft
LANGUAGE: Cantonese
SPEAKER: Kevin Liu, Security Technical Specialist, Microsoft and Education Director of Cloud Security Alliance (HK & Macau) Chapter

ABSTRACT:

Microsoft Security delivers new multicloud capabilities to help customers strengthen visibility and control across multiple cloud providers, workloads, devices, and digital identities. Microsoft Security Copilot, it is an AI-powered security analysis tool that enables analysts to respond to threats quickly, process signals at machine speed, and assess risk. Microsoft’s Cloud Infrastructure Entitlement Management (CIEM) solution helps organizations manage permissions and identities in the cloud. Microsoft’s Zero Trust approach to security helps organizations protect their data and resources by verifying every access request and enforcing least-privilege access principles. This sharing session will give you an overview on how Microsoft empowering Defenders with AI on security.

THE SPEAKER:

Kevin Liu is a Security, Compliance and Modern Work Technical Specialist in Microsoft. He has more than 20 years’ experience in providing advisory and solution consultation in CyberSecurity, Infrastructure and cloud for large companies across Asia Pacific region.

He is a speaker and demonstrator for major industry events in the APAC region including HKISS, APAC O2O digital resilience workshop and RSA Conference APAC.

Kevin worked for many different major IT vendors and solution provider including Microsoft, RSA Security, Symantec, Hewlett-Packard Enterprise and Orange Cyberdefense. Kevin is a CISSP, CEH and ITIL certified.

VIEW THE PRESENTATION: https://youtu.be/vZkS9IRv7z4

CSA HKM Knowledge Sharing Event – March 2023

In our second CSA HKM Knowledge Sharing Event in March, our expert speaker will talk about the ever changing DevOps, DevSecOps in the Cloud Computing environment.

Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.Developer led organizations are innovating more rapidly, cheaply, and independently than ever before as they build new products and services to keep up with ever increasing competitive market conditions. 

Open source software typically accounts for 70% to 90% of code in Web and cloud applications. There is some findings from Open Source Security and Risk Analysis report states that 98% of applications used open source and that open source libraries and components made up more than 75% of the code in the average software application. Most applications, 84%, had at least one vulnerability — the typical application had 158 vulnerabilities — and 60% of applications had at least one high-severity issue.

Organization needs to look into Application Lifecycle Security to identify misconfigurations as early as possible in the Infrastructure-as-code (IaC) development process. This means identifying code vulnerabilities and CI/CD vulnerabilities to ensure faster remediation of code misconfigurations.

In this session, the speaker will provide lifehack tips on how organizations can adopt DevSecOps with low friction and how DevSecOps benefits organization by simplifying developer experience and accelerating application development with security guardrails.

Participants will claim 1 CPE.

DATE: March 30, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Pain Points and Tips in DevSecOps
LANGUAGE: Cantonese
SPEAKER: Bill Ho – Regional Cloud Solution Architect, Palo Alto 

AGENDA:

  1. Pain points in dealing with cyber threads in DevOps cycle
  2. DevSecOps – something more than just technology change 
  3. 5 Steps to simplify DevSecOps

THE SPEAKER:

Bill Ho is a seasoned Cloud Solution Architect with more than 15 years of cloud architecture experience.  He is holding the position of Regional Cloud Solution Architect in Palo Alto Networks.  Prior to this, he worked in a few cloud related solutions providers such as Microsoft, VMWare and IBM to help customers in embarking the cloud journey.  He has lots of hand-ons experience of those solutions from those technology vendors and accredited with relevant certifications.

VIEW THE PRESENTATION: https://youtu.be/SY_h9MZsovs

CSA HKM Knowledge Sharing Event – June 2022

Securing cloud computing environment is more than just protecting data and workloads in the cloud and cloud management platform. When more and more cloud-based applications were developed in shared model, vulnerabilities in shared environment could fall between the cracks. Thus, supply chain risk already become a serious issue to many companies.

In the Knowledge Sharing Event organised by Cloud Security Alliance Hong Kong & Macau Chapter on June 9, we will look into how to detect and mitigate supply chain risks.

Checkmarx Engineer, Richard Lee, will bring us to the practice world of security review through demonstration. He will cover:

  • The types of risks associated with open source libraries  
  • How to test the libraries you’re using for safety 
  • Tools you can use to protect your business
  • New reputational and behavioral analysis techniques to overcome obfuscation attempts

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: June 9, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Open Source Software Supply Chain: Risks and Mitigation
SPEAKER: Richard Lee, APAC Channel Sales Engineer, Checkmarx

CONTENT:

Open source libraries have become an essential part of almost all modern applications.  Without open source, software development would be stuck in the slow lane. Not “reinventing the wheel” each time you need a certain functionality in an app saves time and effort, and as a result, open source isn’t going away anytime soon. If anything, it’s becoming more and more widespread.     

But there’s a certain amount of risk that comes with using open source components, modules, and libraries. Today, it’s increasingly important to protect yourself from these risks.

In this session, we discussed the importance and prevalence of open source software as well as the ways you can protect yourself from its attendant risks and licensing issues. The goal is to catch issues early, before they can become a problem or a liability. We’ll cover best practices to secure the software supply chain against errors and bad actors, along with what steps to avoid.

THE SPEAKER:
Richard Lee is currently the Checkmarx Channel Sales Engineer for the Asia Pacific Region with over 10 years’ experience in the IT, IT security and Application Security industry. He has held various positions in manufacturing, software companies and information security companies.

Richard is currently responsible for AST Platform, SAST (Static Application Security Testing), IAST (Interactive Application Security Testing), SCA (Software Composition Analysis) and CodeBashing technologies. Prior to joining Checkmarx he held various positions at Intel, Microsoft, HP and SafeNet.

Richard holds a bachelor’s degree in Computer Science from the University of Kansas, USA.

View the presentation: https://youtu.be/LY8Tkisq2Zs

CSA HKM Knowledge Sharing Event – May 2022

Covid-19 situation is less severe these days. Work from home is not strictly required now. Life is now back to normal. Under the new normal situation, Cloud Computing become a critical component in our daily work. One of the main concern in using Cloud Computing environment is the security.

How can we store secret across multiple cloud environment for secure cloud workflow? In this knowledge sharing session, we invited HashiCorp Cloud Platform to provide us with some insights.

Shohei Maeda, Developer Advocate for HashiCorp APJ will share with us how secret could be and should be stored in cloud and container environment. He will also bring us to the Zero Trust Security model to secure our workflow environment.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: May 19, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Managing Secrets at scale for a Secure Cloud workflow
SPEAKER: Shohei Maeda, Developer Advocate for HashiCorp APJ

CONTENT:
Traditionally, people, applications, and services with access to resources are given their own set of long-lived, scoped credentials.  As your organization, teams, and systems scale, the number of these credentials and the access to them will only increase over time, and are used everywhere which causes what is called “Secret Sprawl”.  Static credentials that exist in your workflows are always at risk of leakage and introduce a large attack surface.

This session will show you how you can apply a Zero Trust Security model that secures your workflows by leveraging dynamic and short-lived credentials.
With this, you are able to avoid managing static, long-lived secrets across systems, and giving direct access to these secrets is no longer required.

THE SPEAKER:
Shohei is a developer advocate at HashiCorp who loves learning new technologies. He lives in Tokyo, Japan.

With his broad experience in Infrastructure, security, and web engineering, he focuses on building new tools and tackling complex problems that developer communities run into to make their life easy and happy.

View the Presentation: https://www.youtube.com/watch?v=RZ3-rKiAEvY

CSA HKM Knowledge Sharing Event – April 2022

Covid-19 brings us a lot of challenges but at the same time with Work / Study at Home opportunity. We have secure a number of new study opportunities and learning opportunities to our members.

Firstly, as a CSA HKM Chapter member, you can enjoy our knowledge sharing session and claim CPE. Besides, if you are our member and have attended 3 of our knowledge sharing event sessions, you can then entitle to register for our CCSK course and CCAK course with special member discount (Membership – Associate Member).

In April we invited Mr Ken Zhang, Head of Security Hong Kong, Google Cloud, to join us again to share the new topic on Security Framework SLSA for CI/CD pipeline. Ken has delivered a talk for us on Cloud Infrastructure Continuous Compliance in November last year.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: April 21, 2022 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Ken Zhang, Head of Security Hong Kong, Google Cloud

TOPIC: Supply chain Levels for Software Artifacts (SLSA) – Open-source Security framework for Serverless and CI/CD Pipeline.

CONTENT:

SLSA is a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises. The solution takes the conceptual framework and turns it into a reference architecture and actual implementation on GCP using native, serverless GCP CI/CD toolchain and Binary Authorisation.

You can directly borrow the solution demo setup & code to start their GCP based CI/CD pipeline design and build. You can also leverage the reference architecture to build out their own pipeline leveraging GCP Binary Authorisation and GKE, or your own pipeline on-premises or on other cloud.

THE SPEAKER:

Ken led multi-cloud security and transformation projects in Australia and the Greater China Region. He has experience helping organisations with their security and transformation journeys in banking, insurance, retail, health service and manufacturing industries

View the Presentation: https://youtu.be/C8h6mfM_VhY