Tag: #CSAHKM

CSA HKM Knowledge Sharing Event – March 2023

In our second CSA HKM Knowledge Sharing Event in March, our expert speaker will talk about the ever changing DevOps, DevSecOps in the Cloud Computing environment.

Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.Developer led organizations are innovating more rapidly, cheaply, and independently than ever before as they build new products and services to keep up with ever increasing competitive market conditions. 

Open source software typically accounts for 70% to 90% of code in Web and cloud applications. There is some findings from Open Source Security and Risk Analysis report states that 98% of applications used open source and that open source libraries and components made up more than 75% of the code in the average software application. Most applications, 84%, had at least one vulnerability — the typical application had 158 vulnerabilities — and 60% of applications had at least one high-severity issue.

Organization needs to look into Application Lifecycle Security to identify misconfigurations as early as possible in the Infrastructure-as-code (IaC) development process. This means identifying code vulnerabilities and CI/CD vulnerabilities to ensure faster remediation of code misconfigurations.

In this session, the speaker will provide lifehack tips on how organizations can adopt DevSecOps with low friction and how DevSecOps benefits organization by simplifying developer experience and accelerating application development with security guardrails.

Participants will claim 1 CPE.

DATE: March 30, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Pain Points and Tips in DevSecOps
LANGUAGE: Cantonese
SPEAKER: Bill Ho – Regional Cloud Solution Architect, Palo Alto 

AGENDA:

  1. Pain points in dealing with cyber threads in DevOps cycle
  2. DevSecOps – something more than just technology change 
  3. 5 Steps to simplify DevSecOps

THE SPEAKER:

Bill Ho is a seasoned Cloud Solution Architect with more than 15 years of cloud architecture experience.  He is holding the position of Regional Cloud Solution Architect in Palo Alto Networks.  Prior to this, he worked in a few cloud related solutions providers such as Microsoft, VMWare and IBM to help customers in embarking the cloud journey.  He has lots of hand-ons experience of those solutions from those technology vendors and accredited with relevant certifications.

VIEW THE PRESENTATION: https://youtu.be/SY_h9MZsovs

CSA HKM Knowledge Sharing Event – March 2023

Cybersecurity in Cloud Computing is always changing. In this ever-changing world we have a lot of things happening. Our Council member – Samuel NG is a definitely a pioneer in this industry. He would like to bring in a hot topic in IT world – ChatGPT.

The rise of cyber threats in recent years has made cybersecurity an increasingly critical concern for individuals and organizations alike especially organization utilizing cloud infrastructures.

To combat these threats, there is a growing need for advanced technologies that can help identify and mitigate risks in real-time. One such technology is ChatGPT, a large language model trained by OpenAI, that can be utilized in the field of cybersecurity to provide a range of benefits in both defensive & offensive operations.

ChatGPT has the capability to analyze and understand natural language, enabling it to identify potential threats and vulnerabilities in complex data sets, including network traffic, email communications, and social media posts.

Additionally, ChatGPT can assist in developing more effective security policies and protocols, as well as provide real-time threat intelligence and incident response. As a result, ChatGPT has the potential to greatly enhance the cybersecurity landscape and improve the overall safety and security of individuals and organizations.

Participants will claim 1 CPE.

DATE: March 2, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: ChatGPT/OpenAI for Cybersecurity and Cloud
LANGUAGE: Cantonese
SPEAKER: Samuel NG, Vice Chairman of Cloud Security Alliance (HK & Macau Chapter)

AGENDA:

  • Explain about the functions of ChatGPT with demonstration
  • Explain about its relationship with Cloud Computing and CyberSecurity area
  • Explore how ChatGPT can help our CyberSecurity industry.

THE SPEAKER:

Passion fuelled cybersecurity professional with leadership trained by armed forces, Capt. (R) Samuel has extensive experience in all cybersecurity domains from both technical and management perspectives balancing “getting-hands dirty” with technological matters & executive presence working with senior management in various corporate industries, government & military sectors.

He brought value to organisations by orientating governance, controls, risks and business strategies ultimately upholding the CIA Triad (Confidentiality, Integrity, Availability) at highest standards to risk appetite accordingly. As a 14-years Malaysian army veteran with master’s degree and multiple infosec-recognised certifications, he progressed his career to Hong Kong, contributing to various sectors including: banking, telecommunication, cloud, IT infrastructures, start-ups, Cybersecurity R&D etc.

Samuel is an active member of Cloud Security Alliance Hong Kong & Macau Chapter as Vice Chairman of Programs & Research, actively participating in various cybersecurity events as speaker, panelist and moderator. Besides, he is also a guest lecturer in Hong Kong University Space, teaching subjects such as network attacks & digital forensics. Currently exercising his expertise in the Hong Kong cybersecurity commercial community, making efforts to create value in every way possible with a never-stop-learning attitude.

VIEW THE PRESENTATION: https://youtu.be/u0hNrMacDno

Post event updates:

OrganizationDescriptionsURL Link
Cloud Security AllianceCybersecurity Implications of ChatGPThttps://bit.ly/3kQtFP8
Cloud Security AllianceChatGPT discussionhttps://circle.cloudsecurityalliance.org/discussion/chatgpt-research
HKCERTAdopt Good Cyber Security Practices to Make AI Your Friends not Foeshttps://www.hkcert.org/blog/adopt-good-cyber-security-practices-to-make-ai-your-friends-not-foes
HKCERTVerify from Various Sources to Ensure Security When Searching for Answers with AIhttps://www.hkcert.org/blog/verify-from-various-sources-to-ensure-security-when-searching-for-answers-with-ai
OGCIO of HKSAR GovernmentEthical Artificial Intelligence Frameworkhttps://www.ogcio.gov.hk/en/our_work/infrastructure/methodology/ethical_ai_framework/
PCPD of HKSARGuidance on Ethical Development and Use of AIhttps://www.pcpd.org.hk/english/news_events/media_statements/press_20210818.html

CSA HKM Knowledge Sharing Event – January 2023

Chinese New Year is coming and it is a good time to plan your learning process and schedule.

In this year the Cloud Security Alliance Hong Kong & Macau Chapter will continue to lead and conduct more cloud security and audit training. In February and March 2023, CSA HKM and Hatter Company Limited jointly organized two RTTP supported Cloud Security Training courses.

How to prepare, understand and get the best training that drives your career plan. In this Knowledge Sharing Event, Ricci Ieong, Vice-Chairman of Cloud Security Alliance (HK & Macau) chapter will share different context and direction of different cloud security trainings (such as CCSK, CCAK, CCSP).

Participants will claim 1 CPE.

DATE: January 31, 2023 (Tuesday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Plan your Cloud Security Training for this year
LANGUAGE: Cantonese
SPEAKER: Ricci IEONG, Vice Chairman of Cloud Security Alliance (HK & Macau Chapter)

AGENDA:

  • Comparison of different cloud security certificate/certification courses
  • Highlights about the different certificate examinations and preparation for examinations
  • Understand other Cloud Computing Training by Cloud Security Alliance
  • Special discount will be given to (selected) participants.

THE SPEAKER:

Dr. Ricci Ieong is one of the course developers and one of the four pioneer trainers of the CCAK course worldwide. Dr. Ieong is a qualified Certificate of Cloud Security Knowledge (CCSK) instructor and grandfathered to teach the Certificate of Cloud Auditing Knowledge (CCAK). He is also an authorized ISC2 Certified Cloud Security Professional (CCSP).

Apart from running his consulting business, Dr. Ieong delivers lectures in local universities. He is both an Adjunct Assistant Professor teaching Cybersecurity courses and an authorized trainer in AWS Academy in Hong Kong University of Science and Technology (HKUST). He teaches Applied Blockchain and Cryptocurrencies course at Chinese University of Hong Kong (CUHK).

Dr. Ieong is the Vice Chairman of professional development of Cloud Security Alliance (HK & Macau Chapter) and has served on CSA Cloud Incident Response Working Group and Certificate of Cloud Auditing Knowledge (CCAK) Working Group. He is an active speaker at numerous security events, including CSA summits, in Hong Kong and throughout APAC. He is one of the recipients of 2021 Ron Knode Service Award awarded by CSA.

REGISTRATION: https://csahkmkse2301.eventbrite.hk

Followup links to 15 sample questions from CCSK, CCSP and CCAK exam.

CSA HKM Supports PwC’s HackaDay 2022

The Cloud Security Alliance Hong Kong & Macau Chapter is excited to support #PwC ‘s annual #HackaDay #cybersecurity conference on 24 November! Find out more from the event official website https://www.pwchk.com/en/events/hackaday-2022-conference.html?icid=con-sp-csa!

* This event is by invitation only and seats are limited.

Certificate of Cloud Auditing Knowledge (CCAK) – First local class in Hong Kong and Macau

Auditing of Cloud Computing Environment is getting more important than ever. More application and infrastructure already implemented in the Cloud Environment.

In last month, Cloud Security Alliance and ISACA jointly promoted the Certificate of Cloud Auditing Knowledge (CCAK) virtual class with discount.

In this month, after we got the confirmation from VTC for the RTTP approval, we can start to offer our first CCAK class in Hong Kong locally. In order to catch this training for yourself or your company, Cloud Security Alliance (HK & Macau) chapter and Hatter Company Limited offer this CCAK evening (Hybrid Class) from 23 August 2022 to 20 Sep 2022 on every Tuesday from 19:00 – 22:00.

If you are interested in registering the first ever CCAK class, you can register and check the link in RTTP web site and apply directly.

CSA (HK and Macau) Chapter members will be entitled to membership discount. For non-CSA (HK&M) Chapter member, you will also be granted with the CSA (HK and Macau) Chapter membership, after taking the class.

CSAHKM Additional Sharing on Log4j on 17 December 2021

Log4j exploit is definitely the hottest topic over this week. Many of the IT company or IT support person said it is the Log4j week. We definitely do not want to be inert or reactive about this hot topic, but we should also not be over reactive by the incident.

So on top of our scheduled regular monthly knowledge sharing session event on this week 17 Dec 2021, CSA (HK & Macau Chapter) consider that it would be a good time that we squeeze 20 minutes from our sharing session and seize this time to pull in a panel to talk about this Log4j exploit attack method, defense mechanism, solutions by cloud service provider for cloud users and current trend detected about the attack in the wild and next step that we could do.

So we will have the following speakers in the panel this friday 17 Dec 2021. You just need join in the event by registering at the same knowledge sharing session link, https://csahkmkse2112.eventbrite.hk

Samuel NG (ASTRI and CSA HKM Vice Chairman of Programs & Research) will cover the attack method of Log4j exploits.

Otto LEE (HKCERT and CSA HKM Vice Chairman – Secretarial & Treasurer) will highlight the alerts and updates about the Log4j vulnerability.

Pike WONG (Data Voyager) will cover the observed current and changes of attack pattern of Log4j related attack in this week.

Vincent IP (PISA, Hon. Secretary & Treasurer) will share the mitigation solutions that corporate and SME can use to reduce the attack currently.

Harry PUN (Microsoft and Deputy Chairman) will give us some input and advises how cloud service provider did to manage the incident and what solutions they provide to cloud user.

Also join our organisation CSA HKM for more benefits and more event in the coming year. You can have discount in our CCSK, CCAK and CCSP training.

DATE: December 17, 2021 (Friday)

TIME: (New time) 13:15 – 13:45 pm

VENUE: Webinar

View the presentation: https://youtu.be/FuFB13MgXX4

(start from 00:47:46)

CSA HKM Knowledge Sharing Event – November 2021

CSA Knowledge Sharing Event provides an excellent opportunity for cybersecurity professionals to discuss the latest trends and developments in IT and in the process build a close-knitted cybersecurity community in Hong Kong and Macau.

This month we have invited Mr Ken Zhang, Head of Security Hong Kong, Google Cloud, to deliver a talk on “Cloud Infrastructure Continuous Compliance”.

In the session, Ken will introduce an open and modular reference architecture to realise the cloud infrastructure continuous compliance. He will also use a simple example to take audiences through how to use the reference architecture, plus a live demo to see the reference architecture working in action in Google Cloud Platform.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: November 18, 2021 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Ken Zhang, Head of Security Hong Kong, Google Cloud

TOPIC: Cloud Infrastructure Continuous Compliance

THE SPEAKER:

Ken led multi-cloud security and transformation projects in Australia and the Greater China Region. He has experience helping organisations with their security and transformation journeys in banking, insurance, retail, health service and manufacturing industries. 

View the Presentation: https://youtu.be/bPEh3LwYD64

CSA HKM Knowledge Sharing Event – September 2021

A rise in remote employees and an increased reliance on SaaS applications create new, wider gaps in security. To put it simply, it’s more challenging to protect users at the edge — ensuring seamless connections that optimize productivity without creating performance issues that drag down user satisfaction.

Enter the secure access service edge (SASE), an architectural approach that offers an alternative to traditional data center-oriented security. SASE converges networking capabilities with cloud-native security functions to simplify deployment and streamline management in the cloud.

Join our September Knowledge Sharing Event to learn how to cut the complexity, reduce risk exposure, and improve performance with a single cloud-delivered service that deploys easily and scales with your business.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: September 23, 2021 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Ricky Mok, Cisco

TOPIC: Streamline cloud security and embrace SASE

THE SPEAKER:

Expert in cyber threat intelligence, highly experienced in identifying cyber threat risks in the complex ICT Infrastructure. With over 15 years of networking and information security experience, I am competent in cybersecurity solution design and consultation of security projects in various industries across the Asia Pacific region. Specialties include Infrastructure transformation, Network Security, Cloud Security, SecOps, Hybrid IT Security & Risk Management, Predictive Analytics, and Security Operation Centre design and build.

View the Presentation: https://youtu.be/mVEpr406UTU

Presentation File: https://drive.google.com/file/d/1FmLH3o06ERugBGcnWq5il_trV6q4Xza2/view?usp=sharing