In this new season 4, I am running a series, "Boards and CEOs Ransomware Resilience"—where I talk about ransomware resilience at leadership levels, but not from the technical angle.
This series is for board members, CEOs, and senior leaders who know that cybersecurity is no longer just an IT issue—it’s a business survival issue.
---
My weekly newsletter: https://sivanathan.substack.com
---
My new book (available on Amazon): Leadership in the Age of AI: A Handbook of Daily Cybersecurity Leadership Nuggets
Grab a cup of kopi-o!
In this episode of Kopi-O with CISO, I am diving deep into Bank Negara Malaysia’s recently released Exposure Draft on Risk Management in Technology (RMiT ED). This draft sets the tone for how financial institutions, from banks to e-money operators, should approach technology risks in an era of escalating cyber threats, fraud, and innovation.
Join me as I break down the key objectives of the ED—resilience, customer protection, and responsible innovation—and what they mean for technology risk management, cybersecurity, and the future of finance in Malaysia.
I’ll explore practical requirements, from appointing a strong CISO to adopting secure cloud services, managing third-party risks, and even preparing for quantum computing.
Whether you’re in finance, tech, or just someone passionate about cybersecurity, this episode is packed with insights on how these changes could impact you. Plus, I’ll share why your feedback to BNM before January 31, 2025, is vital to shaping these regulations.
#KopiOwithCISO #cybersecurity #CISO #infosec #RMiT
Grab a cup of kopi-o!
Join Ramana Ramakrishna and me as we explore the critical cyber security landscape in Malaysia's healthcare sector. Ramana, the GM of IT Operations with KPJ Healthcare Bhd, one of the leading private hospital chains, shares frontline insights on tackling cyber threats, enhancing resilience, and navigating policy challenges to safeguard patient data in an increasingly digital healthcare environment.
Tune in to gain essential perspectives on cyber hygiene, AI use in healthcare, AI-powered cyber security and future-proofing healthcare cyber security strategies.
#KopiOwithCISO #CISO #cybersecurity #infosec #healthcare
Grab a cup of kopi-o!
In this brand new season of 'Kopi-O with CISO' Podcast, join me and my special guest Terence Cheong from BitSight as we delve into the world of third-party cyber risk management and cyber supply chain risk management.
We'll explore the latest strategies for securing extended digital ecosystems, how to effectively manage and mitigate risks associated with external attack surfaces and discuss the importance of Software Bill of Materials (SBOM).
Tune in to gain interesting insights from Terence on strengthening your cybersecurity framework and safeguarding your digital operations against evolving threats.
#KopiOwithCISO #CISO #cybersecurity #infosec
Grab a cup of kopi-o!
In this episode of Kopi-O with CISO, I am joined by Tevanraj Elengoe and Firdaus Juhari to delve into the complex world of cybersecurity in Malaysia, particularly focusing on the ethical and legal considerations of scanning public web platforms for security vulnerabilities.
Together, we unpack the intricacies of detecting security flaws in an effort to "voluntarily and ethically" enhance digital safety of public websites. Through candid conversations, we explore the fine balance between proactive security measures and respecting legal boundaries, all while navigating the unique challenges and regulations faced within the Malaysian digital landscape.
Tune in for an engaging discussion that sheds light on the pressing question: Where do we draw the line in safeguarding our cyber world?
#KopiOwithCISO #cybersecurity #infosec
Grab a cup of kopi-o!
Join me in the latest episode of "Kopi-O with CISO" to dive into the depths of cybersecurity strategy with Prateek, the field CISO from SentinelOne.
With a history that includes stints at Gartner, Qualys, and Deloitte, Prateek brings a treasure trove of experience to the table. We'll cut through the noise to uncover the truths behind cybersecurity investments, explore the critical importance of regular health checks for your security systems, and challenge the common myths that might be holding your security posture back.
From aligning security objectives with business goals to enhancing your security hygiene, this episode can help strengthen your cyber defenses in a world brimming with cyber threats.
We also delve into non-tech elements of cybersecurity; i.e. policies, procedures, and the potent combination of human intellect with machine precision, unraveling the complexities of cybersecurity automation, the importance of breaking down data silos, and the undeniable benefits of technology unification.
Sip your kopi-o and tune in!
#KopiOwithCISO #cybersecurity #infosec #strategy
Grab a cup of kopi-o!
In this final episode of 'Kopi-O with CISO' for this year, Murugason and I delve into the intricacies of Malaysia's long-awaited Cyber Security Bill. Join us as we explore the pivotal components of this crucial legislation and understand what makes it stand out. We discuss the reasons behind its delay and compare Malaysia's progress with that of its neighboring countries in the realm of cyber security.
Our conversation begins on a positive note as we highlight the strengths of the Bill, shedding light on how it could significantly enhance Malaysia's cyber resilience. However, no legislation is without its critiques. We analyze areas where the Bill could be improved, pondering over the aspects that may have been overlooked.
The episode takes a deeper dive into the practical implications of this Bill, especially focusing on its impact on the cyber security providers' landscape. We discuss how licensing requirements might affect both established players and new entrants in the market.
Furthermore, we contemplate the missed opportunities within the Bill, debating on elements that could have made it more comprehensive and robust.
A key part of our discussion revolves around the delicate balance between regulation and innovation. How can Malaysia navigate this complex interplay through the proposed Bill?
Finally, we address the readiness of Malaysia's cyber security industry for this legislative change. We share insights on what providers and businesses should be doing now to prepare for the upcoming shifts.
This episode is a must-listen for cyber security professionals, business leaders, and anyone interested in understanding the future of Malaysia's digital landscape. Tune in to the episode for a deep dive into the proposed Cyber Security Bill and its potential far-reaching implications.
#KopiOwithCISO #CISO #cybersecurity #infosec #cyberlaw
Grab a cup of Kopi-O!
Join Han Ther L., the APAC CTO of Ridge Security and me on 'Kopi-O with CISO' Podcast as we explore the dynamic world of AI in cybersecurity. This episode delves into the evolution of AI in the field, the benefits and challenges it brings, and the future trends in AI-powered cybersecurity.
Key highlights of the episode:
Tune in for a comprehensive look at AI's role in shaping the future of cybersecurity.
#cybersecurity #KopiOwithCISO #AI #infosec #pentest
In this episode of Kopi-O with CISO, I sit down with Zhon Teck, the President of the ISC2 Malaysia Chapter, to dive deep into the evolution of cyber security communities in Malaysia. With a rich background in cyber security, Zhon shares his personal journey in the field, discussing how he ventured into this domain and his current role in shaping the future of ISC2 local chapter.
Zhon, in his leadership role, sheds light on what it means to lead a community like the ISC2 Malaysia chapter and how this platform is helping cyber security awareness and education.
As the chapter President, Zhon reveals his motivations, challenges, and the most gratifying moments of his tenure. We discuss the chapter's future plans, including expanding its reach beyond the Klang Valley to major cities in Malaysia, and how this can strengthen the cyber security movement into the rest of the country.
A key focus of our discussion is on community-based information sharing – understanding its current state and potential improvements.
We also touch on an often-overlooked aspect in our field - work-life balance, mental health, and burnout, and how ISC2 Malaysia chapter is addressing these vital issues. To wrap up, Zhon shares his insights on managing the intricate balance between his professional responsibilities and personal life.
Tune in for an episode that connects the dots between leadership, community, and personal growth in the realm of cyber security.
#KopiOwithCISO #cybersecurity #CISO #infosec #ISC2 #CTI
Welcome to another episode of 'Kopi-O with CISO,' where I spill the beans on all things cyber security!
In this episode, Hon Fun Ping and I explore the transformative journey of Security Operations Centers (SOCs) as they adapt to a rapidly evolving threat landscape and technological advancements. With a growing focus on AI, integrated systems, and agile methodologies, SOCs are taking on new dimensions in risk management and security operations. Join us in a comprehensive discussion with a leading expert in the field to delve into how modern SOCs are leveraging technology and processes to remain not just operational but optimal.
Don't miss this critical conversation that provides key insights into the future of cyber security operations. So pour yourself a hot cup of Kopi-O, and join us for an episode that promises to be as enlightening as it is entertaining!
#KopiOwithCISO #cybersecurity #infosec #SOC #MSSP
Welcome to a very special episode of Kopi-O with CISO Podcast. This episode is not just another addition to my series; it's a tribute to Cyber Security Awareness Month, celebrated every October.
My esteemed guest is Raj Kumar, a pioneer in the field of cyber security awareness in Malaysia. With a career spanning nearly two decades, Raj has been instrumental in shaping the landscape of cyber awareness, dating back to his days with CyberSAFE at CyberSecurity Malaysia. Currently, as the CEO of Cyber Intelligence Sdn Bhd, he continues to lead the charge in making Malaysia a safer cyber space.
In this episode, we explore:
So, grab your cup of kopi-o, sit back, and join us for a conversation that promises to be as enlightening as it is entertaining!
#CyberSecurityAwarenessMonth #CyberSecurityAwareness #cybersecurity #infosec #CISO #KopiOwithCISO
In this riveting episode of "Kopi-O with CISO," I welcome Firdaus Juhari, the Head of Digital Security at Edotco Group, to delve into the current state of the tech industry and explore why cyber security remains a beacon of stability amidst the turmoil.
Episode Highlights:
Meet Firdaus Juhari: Get to know Firdaus as he shares his journey into the world of cybersecurity and outlines his current role at Edotco Group.
The Layoff Landscape:
Cybersecurity: The Safe Haven:
Making the Switch to Cybersecurity:
Essential Skills for Cybersecurity:
The Certification Conundrum:
Expert Advice:
Life Beyond Work:
Join us for a conversation that's as candid and humorous as it is informative. Whether you're an IT professional considering a career change or someone intrigued by the resilience of the cybersecurity industry, this episode is a must-listen!
#KopiOwithCISO #CISO #cybersecurity #infosec #career #talent
Welcome to a very special episode of the Kopi-O with CISO podcast. In celebration of Independence Day and Malaysia Day, this episode is exclusively recorded in the Malay language.
------------
Dalam episod istimewa ini, sempena sambutan Hari Kebangsaan dan Hari Malaysia, "Kopi-O with CISO" mempersembahkan perbincangan mendalam bersama Fadzril Azhar dalam bahasa kebangsaan. Fadzril adalah seorang tokoh keselamatan siber dengan pengalaman hampir 20 tahun.
Kami akan menjelajah topik riskan siber, memahami keunikan servis risikan siber, serta mendengar wawasan dan pandangan Fadzril mengenai cabaran dan peluang dalam bidang keselamatan siber di Malaysia. Sertailah kami dalam perbincangan ini untuk mendapatkan pemahaman yang lebih mendalam tentang dunia risikan siber dan keselamatan siber secara umum.
Oh ya, satu lagi perkara, Fadzril adalah peminat tegar pasukan Man Utd manakala saya peminat tegar Arsenal. Dia mendakwa dalam episod ini bahawa Man Utd masih dalam fasa pembinaan semula. Malangnya, episod ini dirakam beberapa hari sebelum perlawanan Arsenal berhadapan Man Utd yang berakhir dengan keputusan 3-1 untuk Arsenal dua hari lepas.
#KopiOwithCISO #CISO #cybersecurity #infosec #CTI
Grab a cup of kopi-o!
In this episode of Kopi-O with CISO, I am joined by Dr. Ismamuradi Abdul Kadir a distinguished figure in the Malaysian cyber security domain. Our conversation unravels Dr. Isma's captivating journey into the realm of cyber security, from his early beginnings to his present commitments.
Dr. Isma and I delve into why vulnerability management holds such a personal resonance for him and why software and hardware misconfigurations have found a pivotal place in his vulnerability management strategy. As we traverse the conversation further, he sheds light on the tangible benefits that enterprises can harness by executing effective vulnerability management, juxtaposing it with the challenges that often lurk in its implementation.
Dr. Isma then candidly speaks about the potential pitfalls, emphasizing the significance of 'compensating controls' in risk mitigation and the nuances that often go unnoticed in CVSS scores. His expertise becomes especially evident when discussing the evolution of vulnerability management in the context of cloud computing. Given the shifting landscape, especially within the banking sector, his insights are both timely and invaluable.
Yet, beyond the intricacies of vulnerability management, our dialogue takes a personal turn. What is it that propels him to face another day, brimming with potential vulnerabilities and risks? His answer might surprise you.
Lastly, we catch a rare glimpse of Dr. Isma’s outside the professional sphere, touching upon the equilibrium between demanding professional roles and personal passions.
Join us for a cup of kopi-o and immerse yourself in a conversation where technology, strategy, and human perseverance beautifully intersect.
#KopiOwithCISO #CISO #cybersecurity #infosec #vulnerabilitymanagement #CVE #CVSS
Grab a cup of kopi-o!
In this episode of Kopi-O with CISO Podcast, Raja Azrina and I dive into the fascinating world of cyber security leadership and explore her unique journey to becoming a Chief Information Security Officer (CISO).
Raja Azrina shares her personal experiences, key decisions, challenges, and milestones that have paved the way to her current role as a CISO and we discuss the integration of the CISO position into existing organizational structures.
We also delve into the transition from a technical hands-on role to a business-oriented CISO position and uncover the strategies employed by her to bridge this gap successfully. We also candidly discuss about a typical day as a CISO, including the top three tasks she engages in regularly.
Raja Azrina also offers guidance and prioritization strategies for CISOs facing the challenge of building a team from scratch and kickstarting a security program.
Staying current with the rapidly evolving cybersecurity landscape is essential for CISOs. Raja Azrina provides valuable advice on maintaining a learning curve and staying up to date with the latest developments in cyber security, ensuring that a CISO can effectively tackle emerging threats and technologies.
You will also learn the strategies and approaches that have proven effective for Raja Azrina, enabling her to bridge the technical gap and convey the importance of cybersecurity in a language that resonates with the broader business.
Tune in to this insightful episode of Kopi-O with CISO to gain exclusive insights and guidance from a seasoned professional who has successfully navigated the evolving landscape of the CISO role in Malaysia.
#KopiOwithCISO #cybersecurity #CISO #infosec
In this episode of Kopi-O with CISO, Datuk Alan See and I are taking a deep dive into the future of Managed Security Services Providers (MSSPs), the industry trends shaping this landscape, and the growing call for consolidation. Datuk Alan, the Co-founder and CEO of FIRMUS, a leading MSSP, who joins us to shed light on the critical role of these providers in today's complex cyber security environment.
We begin by exploring the fundamentals of MSSPs, their key functions, and the significant challenges they face in delivering effective security services. We then shift focus to the current era of escalating cyber threats, discussing how MSSPs can adapt, and the role technology plays in enhancing their capabilities. Datuk Alan also shares valuable insights into how FIRMUS and other MSSPs communicate their value and ROI to potential clients, alongside the benefits for organizations in outsourcing their security needs.
We also examine the trade-offs of choosing between an in-house security team and outsourcing to an MSSP, discussing how providers like FIRMUS adapt their services to cater to unique industry needs. We delve into the critical considerations for organizations evaluating potential MSSP partnerships and how this potential consolidation impacts competition, innovation, and benefits or risks for client companies.
As we navigate the influence of AI and ML on the security landscape, Datuk Alan elucidates the emerging trends MSSPs need to be cognizant of to stay ahead. We then tackle the question of how MSSPs can maintain a competitive edge in a consolidating market and strategies smaller or newer MSSPs could employ.
Don't miss this enlightening conversation that delves into the heart of MSSP operations, their evolving roles, and the changing dynamics of this critical industry.
#KopiOwithCISO #CISO #cybersecurity #infosec #MSSP
Grab a cup of kopi-o!
Welcome to a very special episode of the Kopi-O with CISO Podcast. This time, I’m bringing you an insightful conversation recorded live on stage at the CYDES 2023 event, organized by the National Cyber Security Agency (NACSA).
In this episode, I’m joined by the esteemed Abid Adam, the Group Chief Risk & Compliance Officer of Axiata Berhad. With his profound expertise and experience, Abid illuminates the world of Cyber Threat Intelligence (CTI) and its vital role in creating a robust cyber security program.
We explore the concept of CTI, its importance, and the critical decisions made within a CTI program. Abid provides valuable insights into the practical application of CTI, guiding us through its strategic, operational, and tactical use in shaping a cyber security program.
Further delving into risk management, Abid shares his experience on how CTI enhances the process by identifying, assessing, and responding to cyber risks effectively. We also get an insider's perspective on the unique challenges and strategies of managing cyber threats in a multinational telecom company, from the viewpoint of a Group CRO.
For organizations stepping into the CTI realm, Abid shares his thoughts on where to begin and how to gradually build a comprehensive CTI program.
Finally, we take a slight detour from professional matters as Abid shares a glimpse into his personal life, offering his tips on maintaining a balance between demanding roles and personal life.
Listen in for an enlightening discussion that merges high-level strategies with on-the-ground realities of cyber security. This episode is a must-listen for cyber security enthusiasts, professionals, and anyone interested in understanding the importance and practical application of CTI.
Please note, due to the live recording nature of this episode, you might need to adjust your audio levels occasionally.
#KopiOwithCISO #CISO #infosec #cybersecurity #cti
Grab a cup of kopi-o for this bonus episode.
Typically, I release two episodes each month. However, in light of the significant MOVEit hack, I felt compelled to create an additional special episode to thoroughly cover the topic.
In this special episode, Azril Rahim and I deep dive into the aftermath of the recent MOVEit Transfer hack—an incident that has shaken the cyber security landscape. Azril, an experienced Management Consultant with a distinguished background in the cyber security industry, joins us to provide invaluable insights and expertise on the subject.
We begin by exploring Azril's journey in the field of cyber security and his current role at TNB, gaining a deeper understanding of their unique perspective. As we delve into the specifics of the MOVEit Transfer attack, we examine how this incident resonated with him, highlighting the vulnerability of even secure file-transferring software to hacking.
Drawing on his vast knowledge, our Azril provides context on the reported SQL injection vulnerability in MOVEit, explaining how hackers exploited it to gain unauthorized access to database structure and content. We unravel the far-reaching impact on major organizations, analyzing the immediate and long-term implications of such widespread data breaches.
Our discussion takes an intriguing turn as we shed light on threat actors like Lace Tempest and Cl0p, dissecting their strategies and exploring what makes them particularly effective. Azril shares insights into the shift in strategy employed by the Cl0p ransomware gang, as they ask affected companies to initiate contact, signaling the magnitude of the attack and the attackers' modus operandi.
Moving forward, we examine the proactive measures that security teams can adopt to enhance their cyber hygiene, ensuring the secure transferability of sensitive data. Azril discusses policy-level actions and the role of organizations, regulators, and customers in deterring similar cyber attacks.
Looking towards the future, we delve into the potential of AI-driven cyber-attacks, discussing the real threat they pose and the steps organizations should take to prepare and protect themselves.
#KopiOwithCISO #MOVEit #ClOp #cybersecurity #infosec #CISO
Grab a cup of kopi-o!
In this episode. Khairelnaim and I delve into the intricate world of cyber security. Naim, a seasoned professional from the National Cyber Security Agency (NACSA) in Malaysia, narrates his path to becoming the Head of Incident Response & Cyber Threat Intelligence at National Cyber Coordination & Command Centre (NC4) and provides insight into his daily responsibilities.
We unpack the pivotal role NACSA plays in Malaysia's cyber security landscape, its collaborations with other agencies, and the private sector. Our guest also sheds light on the workings and significance of the NC4 in Malaysia's cyber security framework.
Addressing current cyber threats, we discuss the evolution of these threats in Malaysia, the country's preparedness for cyber attacks, and the strategies deployed by NACSA.
The conversation then shifts to international cooperation through the the likes of UN Cyber Norm, and our guest shares his role in its implementation. We tackle why cyber incidents in Malaysian entities aren't often publicly discussed and the implications for the broader ecosystem and country.
In addressing the concerns of small and medium enterprises (SMEs), we explore the threats they face and the possible solutions. Our guest further shares insights about small-scale cyber security programs initiated by NACSA and their impact compared to larger vendor-sponsored conferences.
Looking towards the future, our guest shares his aspirations for Malaysia's cyber security landscape and offers advice for businesses and individuals to fortify their defenses against cyber threats. We also discuss the differences between cyber threats and online scams and whether they should all fall under the term "cybercrime."
Finally, we explore hypothetical changes in the national cyber incident response strategy, and our guest shares a glimpse of his life outside the professional sphere, detailing how he balances his demanding role with his personal life.
Join us for an engaging and enlightening discussion that takes you behind the scenes of cybersecurity in Malaysia.
#KopiOwithCISO #cybersecurity #CISO #infosec #CNI
Grab a cup of kopi-o!
In this enlightening episode of 'Kopi-O with CISO', we delve into the fascinating world of Security Operations Centers (SOCs) with our esteemed guest, a seasoned cyber security expert. Our conversation begins with a personal journey into the cyber security field and an introduction to his current role and company.
We then explore the intricacies of SOCs, discussing their primary functions and potential shortcomings in today's dynamic cyber landscape. The episode poses thought-provoking questions about the relevance of traditional SOCs, given the emergence of distributed incident response tools, and discusses how these tools could impact the SOC's role.
Further, the episode probes the relationship between on-prem IT setups, cloud environments, and the SOC's role. It stimulates a dialogue on how SOC operations might be impacted by the shift to cloud, especially for modern, cloud-native companies.
The conversation also touches upon the need for more proactive action in SIEM or SOAR systems beyond mere alert generation, hinting at the future trajectory of cyber security solutions.
Lastly, our guest shares some invaluable advice for enterprises looking to implement a SOC and thoughts on how they would reimagine SOC operations if given a chance. This episode is a must-listen for anyone keen to understand the evolving role of SOCs in cyber security.
