Tag: #CSAHKM

CSA HKM Knowledge Sharing Event – November 2025

The ascent of AI and Large Language Models (LLMs) introduces a new class of cybersecurity threats that target the models themselves. Adversaries are now exploiting vulnerabilities unique to these systems through attacks like prompt injection to hijack outputs, training data poisoning to corrupt behavior, and model extraction to steal intellectual property. These techniques bypass conventional security controls, making the AI a primary attack surface.

Securing AI requires a focused shift in strategy. Defenses must move beyond perimeter security to directly fortify the AI lifecycle. While many conferences extensively cover AI security methodologies, a critical gap remains: the lack of a unified, rapid-protection solution. To address this gap, the Cloudflare team will present their solution: leveraging the Cloudflare SASE platform and Gateway to create a dedicated security layer for AI. This provides a much-needed guardrail, applying the proven principles of a WAF directly to AI applications.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants may claim 1 CPE

DATE: November 27, 2025 (Thursday)

TIME: 12:30 – 01:30 pm

FORMAT: Webinar (in English)

SPEAKER: Chad LAU, Senior Solution Engineer, Cloudflare

TOPIC: From Shadow IT to Agentic AI: The Unified Platform for AI Security

CONTENT:
AI adoption brings massive productivity gains, but it also introduces significant security risks like data exfiltration. Traditional security strategies, such as blocking AI entirely, are failing. These strategies ignore the reality of how your teams and customers want to implement.

This session explores how to resolve and provide solution. Chad will introduce the Cloudflare AI Security Suite, a unified platform designed to help organizations adopt AI by managing risk, boosting productivity, and enabling secure development – all at once.

SPEAKER:
Chad is a Senior Solution Engineer at Cloudflare, where he focuses on Hong Kong with Cloud and cybersecurity solutions. Chad works with enterprise clients to design and implement strategies that protect their infrastructure and data without compromising performance.

VIEW THE PRESENTATION: https://youtu.be/-t7e8cWLNrY

CSA HKM Knowledge Sharing Event – May 2025

Modern software development technologies and processes have given rise to a software supply chain rife with vulnerabilities that attackers can exploit. In the Knowledge Sharing Event organised by Cloud Security Alliance Hong Kong & Macau Chapter on May 9, our guest speaker Aaron Zhou, Senior Solution Engineer of  Checkmarx, will help enterprise development and security teams understand what they are up against.  He will dive into some of the fastest growing and most damaging, types of software supply chain attacks.

The speaker will also present practical measures that enterprises can take to protect themselves against each of these specific attack vectors, and conclude with a holistic approach that enterprises can take to achieve comprehensive software supply chain security.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants may claim 1 CPE

DATE: May 9, 2025 (Friday)

TIME: 12:30 – 1:30 pm

FORMAT: Webinar

SPEAKER: Aaron Zhou, Senior Solution Engineer, North Asia and ASEAN, Checkmarx

TOPIC: Software Supply Chain Attack Trends in 2025: Malicious Code, Exposed Secrets, AI, Containers, and More

CONTENT:

Modern software development technologies and processes have given rise to a software supply chain rife with vulnerabilities that attackers can exploit. To help enterprise development and security teams understand what they are up against, we will dive into some of the fastest growing, and most damaging, types of software supply chain attacks. We will present practical measures that enterprises can take to protect themselves against each of these specific attack vectors, and conclude with a holistic approach that enterprises can take to achieve comprehensive software supply chain security.

SPEAKER:

With over 15 years in technology, Aaron has supported enterprise businesses across Asia Pacific and Japan in embracing digital transformation while maintaining strong security standards. He is a passionate technology leader with deep expertise in Application Security, DevOps, DevSecOps, data and information security, digital transformation, and modernizing legacy applications.

Aaron joined Checkmarx in 2022 and currently leads technical pre-sales activities across North Asia and ASEAN. Based in Singapore, his previous roles include Senior Sales Engineer and Technical Sales Specialist at Chef Software and IBM from 2008 to 2022.

VIEW THE PRESENTATION: https://youtu.be/CaAzkUuEUiY

CSA HKM Knowledge Sharing Event – March 2025

As artificial intelligence (AI) continues to evolve rapidly, it introduces new security threats that must be addressed. Ensuring the secure use of AI has become a critical topic of discussion. AI governance, particularly in compliance with ISO 23894 and ISO 42001 standards, presents new challenges such as preventing oversharing and mitigating prompt injection attacks.

In the Knowledge Sharing Event organised by Cloud Security Alliance Hong Kong & Macau Chapter on March 13, our guest speaker, Matt Wong, Senior Security Cloud Solution Architect at Microsoft, will share with you on how to establish a secure AI infrastructure in Cloud environment in Azure.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants may claim 1 CPE

DATE: March 13, 2025 (Thursday)

TIME: 12:30 – 01:30 pm

FORMAT: Webinar (in Cantonese)

SPEAKER: Matt Wong, Senior Security Cloud Solution Architect, Microsoft

TOPIC: Establish Secure AI infrastructure in Cloud Environment in Azure

CONTENT:
As artificial intelligence (AI) continues to evolve rapidly, it introduces new security threats that must be addressed. Ensuring the secure use of AI has become a critical topic of discussion. AI governance, particularly in compliance with ISO 23894 and ISO 42001 standards, presents new challenges such as preventing oversharing and mitigating prompt injection attacks.

Despite these challenges, AI offers numerous benefits, including automation and task simplification. In the realm of security operations, AI is being leveraged to reduce detection and response times, making it a powerful tool in the industry. The use of AI for security purposes is a growing trend, highlighting its significance in enhancing overall security measures.

THE SPEAKER:
Matt Wong now work in Microsoft as Senior Security Cloud Solution Architect. He worked in Cyber Security with more then 25 years of experience.

He has been in Regional Technical Consultant role in Asia Pacific Region covering team development for 21 people. He also acted as Pre-sales and Product Management positions in various listed companies. He was involved in many regional sizable Network/Security projects and he was also invited to speak at many major seminars, conferences and press releases.

​He holds more than 40 IT certificates majorly from Microsoft, FireEye, Cisco, Juniper, Websense, Bluecoat, Ciphertrust, Packeteer and Allied Telesis. He holds Master of Philosophy (M. Phil) in The Hong Kong Polytechnic University research on Network QoS/Routing Algorithm with released Journal paper. He also gains his Bachelor of Electrical and Electronic Engineering in University of Auckland during his 6 years stay in New Zealand.

View the Presentation: https://youtu.be/ZYk2r-p-mgc

CSA HKM Knowledge Sharing Event – July 2024 – Discussion Forum

It’s an exciting month for cybersecurity professionals in Hong Kong. Earlier this month, the HKSAR Government initiated a public consultation on a proposed legislative framework to enhance the protection of computer systems for critical infrastructure (CI) in Hong Kong.

The framework, outlined in the document [https://www.legco.gov.hk/yr2024/english/panels/se/papers/se20240702cb2-930-3-e.pdf], aims to establish a set of statutory obligations and security measures for operators of critical infrastructures. This is in response to the growing reliance of essential services on computer systems and the increasing threat of cyberattacks that could disrupt Hong Kong’s economy, public safety, and national security. By introducing this new legislation, the government seeks to strengthen the cybersecurity posture of Hong Kong’s critical infrastructure, ensuring the reliable and uninterrupted provision of vital services to the community

Last Friday, July 19, we encountered another massive incident – massive failure of Microsoft Windows with CrowdStrike Falcon Agent (EDR) installed. How should we proceed and how should we react to this? Should we reconsider before installing EDR to the computer systems in Critical Infrastructure environment.

Cloud Security Alliance Hong Kong & Macau Chapter considered that it is time that we should gather our brain and mindset together to determine what should we prepare for the CyberSecurity Law? How should we make use of the framework to enhance the security posture of Hong Kong Critical Infrastructure?

CSA HKM arrange an online forum on July 26, 2024 (Friday) during our knowledge sharing session at 12:30 – 13:30. We have invited our council member and some other practitioners to give their comments. We also wish to gather the comments from you as well.

DETAILS:

DATE: July 26, 2024 (Friday)

TIME: 12:30 – 13:30 pm

FORMAT: Online Zoom Session.

TOPIC: How should “WE” make the CyberSecurity Framework to enhance the Critical Infrastructure protection?

LANGUAGE: English
PANELIST:
– Terry Cheung, Kevin Liu, Otto Lee, Ricci Ieong [Board Members of Cloud Security Alliance (HK & Macau)]
– Wilson Tang [Vice Chairman of HKCNSA]
– Billy Fung [Deputy Director of Financial Services Committee, HKCNSA]
– Representatives from some Cloud Service Providers

LISTEN to the FORUM: https://www.youtube.com/watch?v=rrbtnIoSkWg

This discussion forum is organized by Cloud Security Alliance HK & Macau Chapter (CSA HKM) and supported by Hong Kong China Network Security Association (HKCNSA) and Information Security and Forensics Society (ISFS).

CSA HKM Knowledge Sharing Event – June 2024 (Extension)

In addition to our original CSA HKM first physical knowledge sharing event after 5 years of webinar in virtual world by Dr. KANG Meng-Chow in AWS office. He will cover the topic – Pull up your SOC – thoughts on logging strategy in a heterogeneous network environment.

In addition, recently, we know that a number of organizations and HKSAR government departments and/or HKSAR government related organizations encountered various levels of cyberattack or data leakage. Some are related to improper configurations in the Cloud Access Control. But that is not just issues to HKSAR Government, but to other countries as well.

As reported by TechNewsDay.com, Four Cloud-Related Data Breaches were reported just recently. In that case, Snowflake which is an AI services provider in the Cloud may be related.

However, is that meaning we should not use cloud or should move away from the trend of Cloud Computing?

Cloud Security Alliance (HK&Macau Chapter) considered that it would be the perfect time for CSAHKM to bring up this topics to the fireside discussion after the knowledge sharing by Meng-Chow. Representative from AWS, CSA HKM and guests will discuss together – Cloud is really NOT secure?

Let’s join our discussion together.

REGISTRATION: https://csahkmkse2406.eventbrite.hk/

CSA HKM Knowledge Sharing Event – June 2024

In the past few months, a number of high-profile data breaches and ransomware attacks have been reported in the news. It seems that cyber criminals are becoming increasingly active, launching more incidents targeting various organizations in Hong Kong. Cybersecurity has once again emerged as a hot topic in the media, drawing significant attention.

As more computing environments have migrated to the cloud, cloud-based cybersecurity solutions have become increasingly crucial. In response to these evolving threats and the growing importance of cloud security, the Cloud Security Alliance is finalizing the latest version of its Security Guidance document (v5) as well as the CCSK (Certificate of Cloud Security Knowledge) certification program (v5).

To ensure the security of cloud computing environments, it is essential to enrich the cloud security checklist for cloud service customers (CSCs). This will help CSCs implement robust security measures and mitigate the risks associated with cloud adoption.

To keep pace with the shift towards cloud computing, security defense platforms need to evolve into a hybrid model that covers both cloud and on-premises environments. Dr. Kang Meng Chow will be introducing a logging strategy for this hybrid network environment during an upcoming in-person event.

After more than 5 years of virtual-only events, the Cloud Security Alliance Hong Kong & Macau Chapter is excited to organize a physical event at the AWS Office, located at 20/F, Tower 535, 535 Jaffe Road, Hong Kong. . This event will provide a valuable opportunity for industry professionals to connect, collaborate, and stay abreast of the latest developments in cloud security.

DETAILS:

DATE: June 6, 2024 (Thursday)

TIME: 7:00 – 8:30 pm

VENUE: 20/F, Tower 535, 535 Jaffe Road, Hong Kong. AWS Office.

TOPIC: Pull up your SOC – thoughts on logging strategy in a heterogeneous network environment 

LANGUAGE: English
SPEAKER: Dr. KANG Meng Chow, Director of Averitus Pte, Ltd.

THE SPEAKER:

Meng-Chow is a practicing professional for over 30 years in various cyber security roles across different industries, including the Singapore government, major multi-national financial institutions, and global security and technology providers including Amazon Web Services (AWS), Cisco and Microsoft.

He  has held various standards chair and co-chair positions in Singapore, ISO, and ITU-T, and founded the RAISE Forum in 2004. He was Board Director for ISC2 in 2015-2017.

He published a book, “Responsive Security” in 2013, and has been an Adjunct Associate Professor with NTU, a member of MAS CSAP, and a Govtech Smart Nation Fellow.

ABSTRACT:

This talk discusses the challenges and best practices for developing an effective logging strategy within a security operations center (SOC) managing a heterogeneous network including cloud and on premises infrastructures.

The presentation outlines key logging strategy objectives, including comprehensive incident data, data-driven decision making, and regulatory compliance. It also explores unique obstacles in heterogeneous environments, such as disparate log formats, and centralized management difficulties, and suggests several options for discussion and considerations for designing an effective logging strategy to meet the challenges of complex, heterogeneous networks.

Extended Fireside Chat

CSA HKM Knowledge Sharing Event – June 2024 (Extension)

REGISTRATION: https://csahkmkse2406.eventbrite.hk/

CSA HKM Knowledge Sharing Event – February 2024

CSA Knowledge Sharing Event provides an excellent opportunity for cybersecurity professionals to discuss the latest trends and developments in IT and in the process build a close-knitted cybersecurity community in Hong Kong and Macau.

This month we have invited Mr Louis Cheung, Senior Regional Systems Engineer from Illumio, to deliver a talk on “Extend the Zero Trust Segmentation to the Cloud environment”.

Modern organizations rely on the cloud to run their critical systems and store their most valuable data. Despite this, it’s evident that today’s cloud security solutions are continuing to fail when it comes to safeguarding companies against breaches.  This session will covers key findings from the Cloud Security Index 2023 and the issues plaguing cloud deployments today.

Please do not miss this opportunity to learn from the expert and connect with your peers. Participants may claim 1.5 CPE.

DETAILS:

DATE: February 7, 2024 (Wednesday)

TIME: 12:30 – 1:30 pm

FORMAT: Webinar
TOPIC: Extend the Zero Trust Segmentation to the Cloud environment
LANGUAGE: Cantonese
SPEAKER: Louis Cheung, Sr. Regional Systems Engineer, Illumio

VIEW THE PRESENTATION: https://youtu.be/ucY27sn2VkM

THE SPEAKER:

Louis Cheung has over 20 years’ experience in security industry helping enterprise customer in consultation, solution design and security best practice across Asia Pacific. He helps prospects and customers understand micro-segmentation in all its forms and how Illumio solve problems for organizations across different industries.

Louis Cheung is specializebd in multiple security domains across Zero Trust Architecture, Micro-Segmentation, Intrusion Prevention, Public Cloud Application and Workload protection, Data Protection, Advanced Threat Prevention & Next Generation Firewall Technologies.

Before joining Illumio, Louis served regional and global enterprise customers across the globe by working with world-leading IT security firms including McAfee & Check Point. Louis Cheung also hold the following security industry certifications: Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Kubernetes Administrator (CKA).

CSA HKM Supports CS Summit 2023

The Cloud Security Alliance Hong Kong & Macau Chapter continues to collaborate with the Hong Kong Productivity Council and other prominent information security organizations in Hong Kong to organize the Cyber Security Summit Hong Kong 2023, which is one of the largest local cybersecurity events in the region. Previously known as the IS Summit, the event has been renamed the CS Summit to reflect a sharper focus on cyber security.

The summit’s main goal remains unchanged: to provide participants with the latest insights into information security trends and developments. Theme of this year is “Securing Enterprises to Prepare for the Pos Quantum & AI World“.

Attendees can expect a more concentrated program that delves deeper into various aspects of cyber security, addressing emerging threats, industry best practices, and innovative solutions especially related to Post Quantum and AI related topics.

Details:

Date:11 – 12 September 2023
Time:09:00 – 18:00
Venue:Room N201-N212, 2/F, New Wing, HKCEC, 1 Expo Drive, Wanchai, Hong Kong
Fee:Free (Registration is required)
Registration: https://www.cssummit.hk/registration/
Details:https://www.cssummit.hk/
Home

Efficient Cyber Threat Investigation and Response with CyberSecurity Platform Survey

Most organization has deployed multiple security products against sophisticated cyber threats such as ransomware attacks. They need to spend more than 45 mins to collect and analyzing the information from multiple security products when a cyber threat happens in their environment. The entire project idea is captured as below research question.

One of previous guest speaker – Ricky Mok, who is also a MSc research student in University of Portsmouth would like conduct a survey research in the CyberThreat Investigation and Response with CyberSecurity Platform in both on premises and Cloud Computing environment.

The research study involves completing a questionnaire that will cover a range of topics related to efficient cyber threat investigation and response with a cybersecurity platform. The questionnaire is designed to be user-friendly and should take approximately 15 mins to complete. Your responses will be treated with the utmost confidentiality, and any identifiable information will be anonymized and kept strictly confidential in accordance with applicable data protection laws.

Your participation in this study is completely voluntary. There are no anticipated risks associated with participating in this research study, and your participation will not have any impact on your current position or affiliation.

To participate, please follow the instructions below:

Subject: Invitation to Participate in a Research Study Questionnaire

I hope this letter finds you well. I am writing to invite you to participate in an important research study that aims to determine the efficient cyber threat investigation and response with a cybersecurity platform

As an esteemed member of the Cloud Security Alliance HK Chapter, your valuable insights and expertise would greatly contribute to the success of this study. Your participation will help us gather comprehensive data and insights that will advance knowledge and contribute to the development of cyber threat detection and response.

The research study involves completing a questionnaire that will cover a range of topics related to efficient cyber threat investigation and response with a cybersecurity platform. The questionnaire is designed to be user-friendly and should take approximately 15 mins to complete. Your responses will be treated with the utmost confidentiality, and any identifiable information will be anonymized and kept strictly confidential in accordance with applicable data protection laws.

Your participation in this study is completely voluntary, and you have the right to withdraw at any time without penalty. There are no anticipated risks associated with participating in this research study, and your participation will not have any impact on your current position or affiliation.

To participate, please follow the instructions below:

  1. Access the online questionnaire using the following link: https://docs.google.com/forms/d/1AXmlvmoGk0inSjNRIcVo8xuOmucBlhMJV8fi2EinIjM/edit
  2. Answer each question to the best of your knowledge and provide any additional information as requested.
  3. Should you have any questions or concerns about the research study or questionnaire, please do not hesitate to contact Ricky Mok at up2086702@myport.ac.uk. Your feedback and input are highly valued, and we are available to address any queries you may have.

CSA HKM Knowledge Sharing Event – June 2023

In the past “Knowledge Sharing Session“, our focus has been on examining cloud computing and cybersecurity in the context of solution providers, cloud service providers, and vendors. However, we have not yet explored the usage of cloud computing by enterprises as cloud users.

Cloud service providers often try to persuade users to transition to a cloud environment, but is it truly convincing to adopt a cloud-first or cloud-native strategy?

In this knowledge sharing session, we are excited to welcome our new council member, Dicky Wong from New World Corporate Services Limited (New World Group Member), to guide us through his company’s cloud journey. He will discuss the nature of cloud environments, use cases for cloud computing, and best practices for security. Additionally, he will highlight the benefits and efficiency gains that can be achieved through the use of cloud technology.

Mr. Wong will also address security concerns when transitioning to a serverless PaaS cloud environment and discuss the appropriate security posture for cloud computing.

Participants will claim 1 CPE

DATE: June 29, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar (in Cantonese)
TOPIC: How can the efficiency of an organization’s operations be optimized while also enhancing cybersecurity through the use of cloud technology?
LANGUAGE: Cantonese
SPEAKER: Dicky WONG, Head of Technology Risk, New World Corporate Services Limited and Director of Cloud Security Alliance (HK & Macau) Chapter

AGENDA:

  • What is the efficiency that will create to a corporate?
  • Nature of cloud environment, use case, security setting?
  • Why we need to concern about security going serverless?
  • What security should you be concern on?
  • How to set up a suitable security posture?

THE SPEAKER:

Mr. Wong is currently the Head of Technology Risk for New World Corporate Services, a New World Group Member. He is responsible for oversight and governance for all technology and cyber related compliance, risk management, and security within the group. One of the major tasks of Mr. Wong is to define, design and implement a comprehensive and robust risk framework & protection for the group that applies to all Business Units.


Prior to that, Mr. Wong was with the Hong Kong Police Force for over 10 years and he has held several cyber crime related management positions including being in charge of the Technology Crime investigation team, took up the role of Head of the Cyber Security Centre and the lead of the Collaboration team of the Cyber Security and Technology Crime Bureau (CSTCB), Mr. WONG has gained tremendous amount of experience in technology crime investigation, setting up cyber security framework and handling cyber attacks including the large scaled cyber attacks occurred in Hong Kong.


Mr. Wong is currently volunteering as the Director of Government Relationship Development for Cloud Security Alliance (CSA HK & Macau Chapter) and also a Member of the HKSTP Data Governance Think Tank Group.


Mr. Wong is an INTERPOL accredited trainer in Computer Forensics, Certified Ethical Hacker, Certified Penetration Tester and obtained a Bachelor’s Degree in Management Economics from University of Essex, United Kingdom

VIEW THE PRESENTATION: https://youtu.be/RBGL5wnXrXo