• Overview
  • Call For Presentations
  • Program
  • Sponsors
  • Keynotes

Safeguarding Trust

 

Overview 

Join fellow FS-ISAC members from across Asia-Pacific for two full days of learning, collaboration, and networking. 

Summits are our largest events of the year, packed with insightful presentations, workshops, and panels on topics relevant to the security of the global financial services industry. 

Highlights 

Relevance 

The synthesis of cybersecurity and the financial sector distinguishes FS-ISAC Summits from other large industry events. The APAC Summit is specifically designed for cybersecurity professionals in financial institutions.

Content 

Sessions are divided into three tracks – Intelligence, Security, and Resilience – so that you can focus on the most pressing issues in your organization today. 

Connection 

Collaborating with cybersecurity experts from across Asia-Pacific advances your skills and the sector’s security. And by learning from others, you can develop invaluable connections that outlast the Summit. 

Event Sponsorship

We are fully sold out for the 2025 APAC Summit in Singapore. No sponsorship packages or sponsor passes are available. Email sales@fsisac.com to learn about future events and see upcoming events here.

Exercise

Summit Chair

Danny Chan - Director, Regional Security, AP - Mastercard

Danny Chan - Jan 2025Danny is a distinguished, multiple award-winning board member with a global perspective, renowned for his passion, commitment, and decisive leadership. His expertise encompasses information security, cyber and physical security, data protection, and the orchestration of large-scale, complex international operations. Danny’s background is enriched by a diverse array of experiences in both civilian and military contexts, particularly under challenging conditions.

Following a distinguished tenure as a Captain in the Singapore Special Forces, Danny transitioned to the private sector, where he honed his skills in developing, advising, and training law enforcement and military tactical units worldwide with Britam Defense. His career trajectory then led him to Olive Group, where he provided security solutions to Fortune 500 companies, governments, and NGOs across four continents in some of the most demanding environments.

As Director of Global Risk Assessments at Worldaware International Inc., Danny delivered operational intelligence and enterprise risk management solutions to an impressive roster of Fortune 2000 companies. His insights and expertise have made him a sought-after spokesperson, regularly featured on major news networks such as Channel News Asia and The Straits Times.

In his role as Regional Director of Global Safety and Security, Risk Management at Marriott International Inc., Danny handled numerous crises, ranging from man-made incidents like terrorist attacks to natural disasters such as earthquakes, as well as major events like the Olympic Games and data breaches. During his decade-long service, Danny helped develop a world-renowned crisis management program and became a leading voice for security in the hospitality industry.

In 2019, Danny became a Senior Consultant for Security Monitoring and Response in Asia Pacific, the Middle East, and Africa for Mastercard International Inc., where he led the company's efforts through the pandemic and beyond before transitioning into his current role as Regional Chief Security Officer for Asia Pacific. In this role, he is responsible for information, cyber, and physical security, as well as data protection for Mastercard in Asia Pacific. Danny has been very active in coordinating security between the private sector and the government and volunteers as a mentor for YoPros (Young Professionals), where he mentors young professionals.

Danny currently sits on the Global Boards of ASIS International, Harvard Business Review, the US-ASEAN Business Council’s Cybersecurity Subcommittee, and the Counter Terrorism Certification Board. He is also the Vice Chair of FS-ISAC’s Asia-Pacific Strategy Committee.

Outside of his professional endeavors, Danny dedicates time to the community as an Associate Mediator with the Singapore Mediation Centre & Small Claims Tribunals and spearheads the micro-social initiative “Making a Difference.”

Event details 

Theme: Safeguarding Trust

Date: 15-16 July, 2025

Location: Singapore 

Exercise

Participating in exercises increases resilience. Take part in our in-person Tabletop exercise, "SaaS Third Party Outage," on 14 July. This exercise is hosted in conjunction with the 2025 APAC Summit, but registration is separate. Find out more about the exercise here.

Register Now

 


 

Call for Presentations

 

The theme for 2025 APAC Summit is Safeguarding Trust.

The call for presentations has closed., Notifications will be sent out on 5 May 2025

 

There are no third-party sponsors for this event. FS-ISAC completely runs the CAPS exercises.

Day 1 Keynote: Isabelle Theisen, Group CISO, Nomura

Isabelle HeadshotIsabelle Theisen has worked as a Chief Information Security Officer (CISO) for over twenty-five years. Her global CISO career started at American Express where she provided security leadership to a global team of security professionals and multiple security service providers across Europe, South America, and Asia-Pac. Since then, Isabelle has assumed the role of CISO or CSO for various organizations in multiple verticals such as Western Alliance Bank, Caesars Entertainment, First American/First Advantage, Warner Bros., and Universal Studios. Over the past seven years, Isabelle has worked in the global financial industry as a CISO for Société Générale, Deutsche Bank, and Credit Suisse/UBS.

In addition to being a CISO, Isabelle has had entrepreneurial experience working for her own consulting company. In this entrepreneurial position, Isabelle assumed multiple hats, creating security marketing materials, developing budgets and staffing requirements, holding public lectures, and identifying new business opportunities.

Isabelle began her Information Technology and Information Security career with Ernst & Young in Los Angeles and moved into international venues in Paris and Sydney. As a Global Senior Manager with practice management responsibilities Isabelle led the development of the new Information Security Service line for Ernst & Young internationally.

Isabelle has a Master of Science in Business Administration (MSBA) with a major in Information Technology and Financial Management from California State Polytechnic University. Her undergraduate studies were spent in France and the U.S. where she earned a B.A. in Anglo-Saxon Literature and a B.A. in Mass Media Communications/Film Studies.

Isabelle is active in the Information Security arena and was nominated “CSO of the Year” including receiving an award for the Innovative Security Training Program at several organizations. She was also a recipient of the “CIO of the Year & Innovations in Technology” award by the Phoenix Business Journal and the Arizona Technology Council.

Day 2 Keynote: Edward Chen, Deputy Chief Executive (National Cyber Resilience), Cyber Security Agency of Singapore

Edward chen headshot - croppedBrigadier General (BG) Edward Chen assumed the appointment of Deputy Chief Executive (National Cyber Resilience) in the Cyber Security Agency of Singapore on 3 Feb 2025.

BG Edward was commissioned as a Signal Officer in 2000. In his 25 years of military service, he has held several command appointments, including Commander Cyber Defence Group and subsequently Commander SAF C4 Command / Cybersecurity Taskforce. He has also held a number of key staff appointments, such as Director (International) in the MINDEF Defence Policy Office and as Assistant Chief of the General Staff (Intelligence) in the Army. Most recently, he served as the Defence Cyber Chief in the newly formed Digital and Intelligence Service.

As a SAF Overseas Scholarship holder, BG Edward has four engineering and management degrees from Cornell University, Stanford University and the Australia National University. BG Edward also attended military training in the United States and attended military staff college in Australia.

BG Edward is passionate about youth development and believes strongly in paying it forward. He volunteers as a board member of the Institute of Technical Education (ITE) and of the Singapore Chinese High School. He is also on the Industry Advisory Committee of the NUS School of Computing. He also serves as the Vice-President of the Singapore Computer Society – the largest and oldest IT society in Singapore. 

  1. July 15 Tuesday
  2. 8:00 - 6:00 PM

    Registration

  3. 8:00 - 9:00 PM

    Breakfast

  4. 9:00 - 9:15 AM

    Opening Remarks

  5. 9:15 - 10:00 AM

    Cyber Utopia: No Way Out

    Isabelle Theisen, Nomura Holdings, Inc. Keynote
    Event Toggle Arrow
    We set out to secure the digital world – our identities, our economies, our lives. But in the rush to build faster, smarter, safer systems, did we overlook the trap doors? This keynote confronts the unintended consequences of our own success: when control becomes captivity, and safety comes at the cost of choice. For cybersecurity leaders, the question is no longer how to defend – but what we’re defending, and why.
  6. 10:15 - 10:45 AM

    AI Cyber Resilience: Transforming Security Operations in FSI

    Chip Witt, Radware Platinum
    Event Toggle Arrow
    As attackers use AI maliciously, financial institutions must harness AI to stay ahead. Financial services must adopt automated, real-time management of the application lifecycle. This session discusses AI’s role in boosting SOC efficiency and incident response, reducing Mean Time to Repair (MTTR).
  7. 10:45 - 11:15 AM

    AM Networking Break Sponsored by CSC Digital

  8. 11:15 - 12:00 PM

    A CISO Leadership View of Major Security Topics

    Danny Chan, Mastercard; PB Ong, BlackRock; Travis Hoyt, Bank of America; Adam Palmer, First Hawaiian Bank Resilience
    Event Toggle Arrow
    Four CISOs (large bank & mid-size bank) will discuss various security topics. Discussion will focus on strategy and leadership level views of major security issues. The format of the session will be conversational and there will be time for audience questions.
  9. 11:15 - 12:00 PM

    AI: Managing the Risk to Find the Benefits

    Robert Shein, Nomura International Security
    Event Toggle Arrow
    This presentation will identify, categorize, and discuss various forms of risk from adoption of AI solutions from external vendors, and describe methods to address them.
  10. 11:15 - 12:00 PM

    MEMBERS ONLY: Beyond Compliance: Adversary-Driven Testing for FinTech

    Ray Lay, PayPal; Venkatesh Marreddi, PayPal Intel
    Event Toggle Arrow
    Most FinTechs conduct penetration testing for compliance creating a false sense of security while attackers evolve. Adversary-Driven Security Testing aligns with real-world threats, improving risk quantification. AI-driven testing enhances speed, accuracy, scalability and business focused.
  11. 12:00 - 1:00 PM

    Lunch

  12. 1:00 - 1:45 PM

    Actionable Threat Intelligence

    Bisakha Chakraborty, Wells Fargo Intel
    Event Toggle Arrow
    There is a vast amount of information that is available to intelligence analysts from open source, subscriptions, dark web, peer connects. Threat Intelligence analysts must ingest what truly matters to their organization. The presentation will highlight threat modelling adoption and usability
  13. 1:00 - 1:45 PM

    Expanding Perspectives for a Stronger Cyber Industry

    Laura Lees, Citi; Nera Schwartz, Bank of America Resilience
    Event Toggle Arrow
    Bringing together varied backgrounds and experiences strengthens cybersecurity by improving problem-solving, collaboration, and risk mitigation. exploring how fostering representation and valuing different viewpoints can drive innovation, address talent gaps, build stronger, more secure organization.
  14. 1:00 - 1:45 PM

    The Quantum Countdown Has Begun: Building AI-Powered FinServ

    Nan Hao Maguire, Cloudflare; Farooq Sheikh, Cloudflare Security
    Event Toggle Arrow
    As AI-driven threats evolve, financial institutions must modernize security with Zero Trust, AI-powered fraud detection, and quantum-resilient defenses. This session explores how FinServ leaders can future-proof cybersecurity, enhance compliance, and build resilience in the AI era.
  15. 2:00 - 2:45 PM

    Beyond the Perimeter: Proactive Cyber Risk Monitoring

    Hongyu Li, SOMPO Holdings Security
    Event Toggle Arrow
    Financial institutions must extend cyber defense beyond traditional perimeters. This session showcases a unique in-house Proactive Cyber Monitoring for financial sector, integrating real-time recon, threat monitoring, and pentesting. Learn how proactive defense enhances resilience and mitigates risk.
  16. 2:00 - 2:45 PM

    Influencing the Board to Support your Cyber Program

    Robert Veres, Colonial First State; Phoram Mehta, PayPal Resilience
    Event Toggle Arrow
    Planning to present to the board or want to sharpen your message? You are not alone. Phoram (CISO of International Markets at Paypal) and Robert (CISO of Colonial First State) will share a candid exchange of 5 highly impactful techniques that helped them land the cyber message to the board.
  17. 2:00 - 2:45 PM

    Modernizing the SOC: A Strategic Framework for FIs

    Sebastiaan Wahlers, Accenture; Sanjeev Shukla, Accenture Intel
    Event Toggle Arrow
    As technology expands and threats evolve, SOCs must shift from traditional monitoring to an integrated, intelligence-driven framework. This session discusses enhancing SOC capabilities through proactive detection, rapid response, and embedded threat intelligence workflows.
  18. 2:45 - 3:15 PM

    PM Networking Break Sponsored by Concentric AI

  19. 3:15 - 4:00 PM

    Protecting Your Leaders, Your Business and Your Reputation

    Louise Squires, Chubb Limited Resilience
    Event Toggle Arrow
    Governance Emerging regulatory landscape Resilience Roadmap Awareness & Approvals
  20. 3:15 - 4:00 PM

    Accelerating Cyber Response with Forensic Automation

    Elaine Hung, Qube Research & Technologies Security
    Event Toggle Arrow
    Trading environments face unique cybersecurity challenges where speed is critical. Traditional forensic investigations are slow and disruptive. This talk explores how automation and AI accelerate incident response, reducing investigation times from days to hours while ensuring security.
  21. 3:15 - 4:00 PM

    MITRE ATT&CK-Based Threat Prioritization

    Pranabh Bahukhandi, Goldman Sachs Intel
    Event Toggle Arrow
    Financial institutions struggle to prioritize TTPs amid overwhelming threat intelligence. This session presents a MITRE ATT&CK-based framework, using a risk-scoring model on real cyber incidents, adversary trends, and security controls. A case study highlights reduced alert fatigue, SOC efficiency.
  22. 4:15 - 5:15 PM

    Cyber Threat Intelligence and Threat Hunting War Stories

    Will Thomas, Team Cymru Silver Solutions Showcase
    Event Toggle Arrow
    In this talk, we’ll explore the intersection of Cyber Threat Intelligence (CTI) and Threat Hunting through real-world war stories. From tracking Initial Access Brokers and cryptomining botnets to uncovering unusual adversary tactics, we’ll share lessons from the front lines. Along the way, we’ll highlight shared responsibility, key takeaways, and how strong CTI and threat hunting help mitigate diverse threats.
  23. 4:15 - 5:15 PM

    API Playground: Test Cutting-Edge Data Security Solutions

    Gurunath Gadikota, Protegrity Silver Solutions Showcase
    Event Toggle Arrow
    The Protegrity API Playground lets you test Protegrity's data protection features using synthetic data. It includes Vaultless Tokenization for secure, analyzable data and de-identification for analytics and AI. Register for a demo today!
  24. 4:15 - 5:15 PM

    Hidden Dangers of File-Based Attacks in FinSvcs

    Henry Low, OPSWAT Silver Solutions Showcase
    Event Toggle Arrow
    OPSWAT’s MetaDefender protects financial institutions from file-borne threats with Multiscanning, Deep CDR, and DLP—automating file sanitization, ensuring compliance, and reducing malware risks across all document workflows.
  25. 4:15 - 5:15 PM

    Four Hours Later: How to Survive In-The-Wild Exploitation

    Benjamin Harris, watchTowr Silver Solutions Showcase
    Event Toggle Arrow
    Cyber attackers aren’t waiting. What used to be a window of weeks or months for vulnerability exploitation has now shrunk to hours. This demo session will reframe how we approach vulnerability management, moving from tickboxes to taking an attackers mindset to turn speed into your greatest defense.
  26. 5:15 - 6:15 PM

    Reception

  27. July 16 Wednesday
  28. 8:00 - 5:00 PM

    Registration

  29. 8:00 - 9:00 AM

    Breakfast Sponsored by Picus Security

  30. 9:00 - 9:15 AM

    Opening Remarks

  31. 9:15 - 10:00 AM

    Keynote Discussion with Cyber Security Agency of Singapore (CSA)

    Edward Chen, Cyber Security Agency of Singapore Keynote
  32. 10:00 - 10:45 AM

    Women in Cyber Reception

  33. 10:00 - 10:45 AM

    AM Networking Break Sponsored by Concentric AI

  34. 10:45 - 11:30 AM

    Decoding the Threat Landscape: Strategic CTI Analyst's Chat

    Abdallah Alomari, Bank of America; Arnel Tolentino, Bank of America Intel
    Event Toggle Arrow
    Strategic Cyber Threat Intelligence goes beyond indicators of compromise and technical feeds. It’s about connecting dots across global events, geopolitical tensions, and cyber threat landscapes to protect businesses. This talk walks you through a day in the life of a Strategic CTI Analyst.
  35. 10:45 - 11:30 AM

    Architecting Robust Data Loss Prevention Systems

    Ravi Hariprasada Rao, OCBC Security
    Event Toggle Arrow
    Traditional rule-based data loss monitoring systems are hard to operate due to complex configurations. By adding information classification labels, we can streamline monitoring, improve alert accuracy, and enhance decision-making, boosting responsiveness to evolving threats.
  36. 10:45 - 11:30 AM

    Risk Trends in Financial Institutions Across APAC

    Karl Vogel, Censys Resilience
    Event Toggle Arrow
    We will present findings from a new study of financial institutions in Taiwan, Singapore, Japan, and Australia. In particular, we'll show common trends in exposed services, misconfigurations, and 3rd-party suppliers. This session provides actionable insights to prioritize risks and fortify defenses.
  37. 11:45 - 12:30 PM

    The AI Roadmap for Cyber Defenders

    Sheryl Zeng, TD Bank; Ian Tan, TD Bank Intel
    Event Toggle Arrow
    AI is reshaping cybersecurity, driving both nation-state cyber attacks and defensive innovations. We'll cover key AI-driven cyber threats and attack trends; before diving into AI's role in cyber defense, from threat detection to process automation.
  38. 11:45 - 12:30 PM

    The Big 5 (Risks of Cyber Security)

    Paul Atkins, Queensland Sugar Limited Resilience
    Event Toggle Arrow
    With the continually evolving Cyber Security Landscape and managing IT risk register, it is evident that whilst we have a long list of IT risks, there are around 5 BIG risks that impact cyber security. This presentation will review those with examples of how they are impacting us.
  39. 11:45 - 12:30 PM

    Mechanics Behind New Reverse-Proxy Phishing Attacks

    Mitch Davies, Arkose Labs Security
    Event Toggle Arrow
    New Phishing-as-a-Service platforms like Veiled Marble & V3B have democratized sophisticated MFA compromise attacks, allowing rookie attackers to intercept authentication in real-time. This session will reveal how these turnkey solutions are specifically targeting APAC's financial sector.
  40. 12:30 - 1:30 PM

    Lunch

  41. 1:30 - 2:15 PM

    The Evolving Threat Landscape: Cloud Security Trends 2025

    Anup Sinha, Aon PLC Security
    Event Toggle Arrow
    The 2025 cloud threat landscape demands advanced security strategies as AI-driven threats rise. Key trends include zero-trust adoption, CSPM advancements, secure data sharing, and compliance automation. Proactive threat hunting and DevSecOps are essential to ensure resilience.
  42. 1:30 - 2:15 PM

    Unconventional Tactics for Third-Party Due Diligence

    James Healy, Stake Resilience
    Event Toggle Arrow
    Confronting vendor sprawl? Rapid adoption of new AI and SaaS vendors creating an explosion of 3rd and 4th-party risk? Traditional due diligence, like SOC2, ISO27001 and questionnaires inadequate? This session presents unconventional, actionable tactics and methods to quickly uncover risk.
  43. 1:30 - 2:15 PM

    MEMBERS ONLY: You Can't HN/DL the Truth: Harvest Now/Decrypt Later Threats

    John Kingman, JPMorgan Chase Intel
    Event Toggle Arrow
    “HN/DL” was coined describe quantum decryption and a data acquisition strategy threat actors may undertake to enumerate encrypted data for later decryption. We expand to a practical review to encompass all forms of harvest and decrypt, assessed against threat landscape sectors.
  44. 2:15 - 2:45 PM

    PM Networking Break Sponsored by Concentric AI

  45. 2:45 - 3:30 PM

    MEMBERS ONLY: Dox: Phishing-as-a-Service Actor Exposed with Chinese OSINT

    Intel
    Event Toggle Arrow
    In this session, Strawberry Donut will reveal how an PhaaS (Phishing-as-a-Service) actor was identified, provide an in-depth analysis of the PhaaS phishing kits employed, and demonstrate how the actor's identity was uncovered through Chinese-language OSINT investigations.
  46. 2:45 - 3:30 PM

    AI Security Practice

    Reid Zhou, Morgan Stanley; Jaguar Xiong, Morgan Stanley Resilience
    Event Toggle Arrow
    Secure GenAI in finance: encrypt data, audit for bias, monitor threats, comply with regulators, and implement ethical frameworks. Mitigate breaches, model exploits, and regulatory risks while ensuring transparency and accountability.
  47. 2:45 - 3:30 PM

    Building Cryptographic Agility in the FS Sector

    Mike Silverman, FS-ISAC Security
    Event Toggle Arrow
    The cryptography that we rely on is vulnerable to changing threats and advances in technology, notably quantum computing. The sector needs to be able to change algorithms and architectures more efficiently than it does now in response to emerging risks -> Cryptographic Agility.
  48. 3:45 - 4:30 PM

    MEMBERS ONLY: Disrupting a Ransomware Group 3.0

    Intel
  49. 3:45 - 4:30 PM

    Threat Informed Adversary Emulation - An ATT&CK Guide

    Crys Tan, Citi; Denise Tan, Citi Resilience
    Event Toggle Arrow
    This presentation shares a framework of running adversary emulation engagements to extract maximum value to the organization.
  50. 3:45 - 4:30 PM

    Challenges of Quantum Safe Initiatives of Japanese FIs

    Osamu Terai, Mizuho Financial Group Security
    Event Toggle Arrow
    In this presentation, I will share the efforts and challenges of Japanese financial institutions to promote Quantum Safe migration, and emphasize the importance of promoting Quantum Safe with global collaboration.
  51. 4:45 - 5:45 PM

    Creating Preemptive Threat Intelligence with Silent Push

    Maulik Limbachiya, Silent Push Silver Solutions Showcase
    Event Toggle Arrow
    Uncover tomorrow's threats today. Witness how Silent Push identifies attacker infrastructure before attacks launch. Explore how Silent Push is able to create our Indicators of Future Attack (IOFA™) through advanced DNS/IP collection to proactively mitigate risk for organizations around the world.
  52. 4:45 - 5:45 PM

    Be the IT Changemaker Who Locked Down Lateral Movement

    Aaron Steinke, La Trobe Financial; Joe Arcuri, Zero Networks Silver Solutions Showcase
    Event Toggle Arrow
    Explore how La Trobe Financial is blocking lateral movement and thwarting ransomware with automated microsegmentation. This case study highlights their "set-it-and-forget-it" strategy, isolating critical assets and enhancing cybersecurity resilience without constant maintenance.
  53. 4:45 - 5:45 PM

    The Enemy In Your Pocket

    Krishna Vishnubhotla, Zimperium Silver Solutions Showcase
    Event Toggle Arrow
    For our product demo we are going to demonstrate how an app behaves differently when exposed to certain threats, how we can protect data and users and how the solution integrates with existing soc workflows.
  54. 5:45 - 6:30 PM

    Reception

  55. 6:30 - 8:00 PM

    Signature Event