CISO ME 700x150

Agenda Overview

CISO ME 2015 05 CISO ME 2015 06 CISO ME 2015 04 

Monday, 27 March 2017

08:30 – 09:00
Welcome, Registration and Refreshments

09:00  09:10
Chairman’s Introduction
Dimitri Chichlo, former Senior Manager Information Security & BCM, Edmond de Rothschild (Suisse) S.A.


09:10 – 09:50
Keynote Case Study: CISO Board Presentation – Lessons Learned from the Trenches
Presented by: Dan Wittig, Chief Information Security Officer, Louisiana Pacific Corporation

•          High level threat analysis

•          Security risk mapping within the cyber security committee

•          Roadmap development

•          Board level approval and backing

•          Positioning teams to complete the work

Part 2 – Stories from the trenches. What keeps me awake at night?

•          The Media

•          Vendors

•          Hosted solutions

•          Phishing attacks

•          Resource constraints in teams’ I don’t manage

•          Millennials vs traditionalists

•          People that 'cry wolf'

09:50 – 10:30
Panel Discussion: Evolving and Advancing Security Leaders
Chair: Dimitri Chichlo, former Senior Manager Information Security & BCM, Edmond de Rothschild (Suisse) S.A.

Panellists: Gezahegn Tadesse, Director, Information Security, Awash Bank
Dan Wittig, Chief Information Security Officer, Louisiana-Pacific Corporation
Mishal Alhellow, Head of Information Technology, Arcapita
David Cripps, Head of Information Security and Data Protection, Brewin Dolphin Ltd.

•          Creating a corporate culture adopting security at every level and responsibility

•          Ensuring the board is committed to cyber resilience

•          Communicating with and getting your voice heard at board level

10:30 – 11:00
Refreshments and Networking

11:00 – 11:30
CISO Challenge: Bridging the Gap between Tactical and Strategic Information Security Risk Management
Viktor Polic, Chief of Information Security and Assurance Services, International Labour Organization

•          Effectively communicating key risk indicators through risk intelligence

•          Collecting information on the most important business activities and prioritising information security program activities accordingly

•          Focusing on human-oriented rather than technology-oriented information security

11:30 – 11:50
Keynote Address: Old Data? Make it Relevant Again and Fight Cyber Adversaries and...Win!  
Jonathan Martin, Director EMEA Operations, anomali

•          Breach Analytics

•          Match Indicators of Compromise (IOCs) to Historical Data

•          Detect Automatically Generated Domains within that Data

11:50 – 12:15
Late-Breaking Session


12:15 – 13:30
Networking Lunch


13:30 – 14:00
Cardholder Data Discovery Challenges for PCI DSS Compliance
Brindha Chandramohan, Assistant Manager, Information Security, Network International LLC

•          Why cardholder discovery should be more than just ticking off a checkbox in your PCI journey?

•          The non-technical areas of cardholder discovery, which are usually missed out

•          You’ve discovered cardholder data! Now what? Remove, Mask, Retain?

14:00 – 14:30
IoT New Army of Tiny Zombies
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISO27001 LA & I, Information Security Officer, Union Coop

•          Methodology behind IoT attack

•          The October 21st internet major down incident

•          MOM analysis (Means, Opportunity and Motive) of the incident

•          Ways to be protected, beyond endpoints security

14:30 – 15:00
Safeguarding Security and Privacy in the Digital Age  
Roshdi Osman, Head of Security Governance and Deputy CISO, Banque Saudi Fransi

•         How digital transformation is changing the threat landscape

•         Tackling the security and privacy challenges of IoT

•         Dealing with the big dilemma of big data

•         Establishing an effective cyber security strategy for the digital age

15:00 – 15:30
Refreshments and Networking 

15:30 – 16:00
Cyber Risk – No One is Spared – Relive the Moment of Survival 
Brahma V, Head of Audit (Tech, Infra, Apps, e-channels, Projects), Bank Muscat

When breaches happen, it is important for organisations to be back in business almost immediately. This is, of course, after addressing associated legal, regulatory and investigation related requirements effectively. Surviving a cyber breach and carrying on with business as usual requires clear strategy and meticulous planning. There are several players in the game to take into consideration. How best is this achieved? Are there opportunities organisations can exploit in accomplishing this to further their positive image? What are the lessons we can learn?

16:00 – 17:00
Practical Exercise: Cyber Attack and Emerging Cyber Threats – Regional Overview
Dr. Sally Leivesley, Managing Director, Newrisk Limited

•         Techniques for planning for strong resilience

•         Integrating cyber and physical counter-terrorism planning

•         Role play of scenario for business resilience planning

•         Insider threats

•         Risk and crisis management

•         Critical infrastructure effects

•         Financial sector effects

•         Aviation and maritime effects

•         Media response


17:00 – 17:10
Chairman's Closing Remarks 
Dimitri Chichlo, former Senior Manager Information Security & BCM, Edmond de Rothschild (Suisse) S.A.


Tuesday, 28 March 2017

08:30 – 09:00
Registration and Refreshments

09:00 – 09:10
Chairman's Opening Remarks
Dimitri Chichlo, former Senior Manager Information Security & BCM, Edmond de Rothschild (Suisse) S.A.

09:10 – 09:50
Keynote Address: Legislation and Regulations That May Affect Your Security Programme - and Your Career! 

David Cripps, Head of Information Security and Data Protection, Brewin Dolphin Ltd.

Many legislators and regulators are issuing laws and rules covering how firms should protect themselves and their data. Is it time to embrace compliance to improve our security posture? Or are these just unnecessary overheads?

09:50 – 10:20
Keynote Address: Information Security Governance, Risk and Compliance – Road Map for Successful Integration 
Mohamed Saad Mousa, Information Security Senior Consultant

•         Introduce GRC concepts within information security management systems

•         CISO’s challenges for successful GRC program adoption 

•         GRC-ISMS integration road map

•         GRC processes’ effectiveness measurement

10:20 – 10:45
Information Security Governance: Building the Pillar
Bhavani Suresh, Vice President, ISACA UAE   

•         Information security governance: the need(s) of the hour

•         Role of information security governance

•         Measures (KPIs) of information security processes

10:45 – 11:15
Refreshments and Networking

11:15 – 11:50
Case Study: How to Deal with State Sponsored Attacks
Daniel Brunner, Manager IT & Security Architecture, RUAG Schweiz AG 

11:50 – 12:30
Key Strategies for Cyber Resilience 
Chair: Mirza Asrar Baig, CEO, CTM360 & IT Matrix

Panellists: Brahma V, Head of Audit (Tech, Infra, Apps, e-channels, Projects), Bank Muscat
Saker S Al-Harthi, Head of Information Security Department, Arab National Bank ANB
Meshal Abdulla BinHussain, Vice President – Information Security & Operations, Dubai Holding

12:30 – 13:30
Networking Lunch

13:45 – 14:15
The Fortifying the Most Important Defence Layer: The Human Firewall
Ayad (Ed) Sleiman, Information Security, Process and Technology Manager, King Abdullah University of Science and Technology

The Human Firewall Program

•       A defence in depth strategy that includes the human

•       The human firewall layer of defence

•       How to build human firewalls within your organizations

•       You can’t manage what you can’t measure

•       Continual improvement is the key     


14:20 – 15:00
Multiple Terror Attacks on Urban Targets - Solutions?
Dr. Sally Leivesley, Managing Director, Newrisk Limited

Using a case study of a specific loss event to show how physical attacks can damage cyber infrastructure and must be integrated with the cyber planning. Protecting people; Protecting workforce; Protecting built environment; Protecting business brand

•         Aviation

•         Rail

•         Hotel

•         City Centre

•         Important Religious Sites


15:00 – 15:30
Refreshments and Networking 

15:30 – 15:50
The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

Michael D’Arcy, Commercial Director, Darktrace 200x110

•         The new age of silent, stealthy attacks that lie low in networks for weeks and months

•         Why legacy approaches, like rules and signatures, are proving inadequate on their own

•         How new ‘immune system’ technologies based on advanced mathematics and machine learning are being deployed today

•         Real-world examples of subtle, unknown threats that routinely bypass traditional controls 


15:50  17:00
Late-Breaking Session

Wednesday, 29 March 2017

Half-Day CISO Middle East Roundtable

08:45 – 09:00 
Registration and Light Refreshments 

09:00 – 09:15
Roundtable Welcome and Introductions
Co-chaired by: Dimitri Chichlo, former Senior Manager Information Security & BCM, Edmond de Rothschild (Suisse) S.A.
Dan Wittig, Chief Information Security Officer, Louisiana Pacific Corporation

09:15 – 10:30
Topic Discussion  

09:15 – 10:30
Refreshments and Networking

11:00 – 12:30
After Break Discussions and Wrap Up

11:00 – 12:30
Networking Lunch and Close of this years’ CISO event 


The idea of the CISO Middle East Roundtable is to bring your ideas, thoughts and questions to peers and speakers that you have met during the conference.

This is an intimate event of approximately 30 people held under Chatham House rule – you are free to discuss, engage, or simply listen in. However, it’s good to know that the more you put into this event, the more you will take away. Notes will be taken throughout the discussions and provided to delegates electronically after the event. Attend this roundtable and earn 4 CPEs.

Prior to the roundtable you will be asked to submit 2 or 3 topics (can be submitted anonymously) that you wish to bring to the table for discussion. Contact Laura McCrave for more information – This email address is being protected from spambots. You need JavaScript enabled to view it. or to suggest some topics.





Darktrace 200x110





isaca riyadh

 isaca uae logo

     ISC2 Main Logo Green

ISSA logo



SME logo RGB web