CISO Alliances Session Information

Date: Wednesday, 26th April 2023

Time: 9:00am – 15:15pm

Venue:  Victoria Island (Disclosed to participants only)

Location:  Victoria Island, Lagos, Nigeria

The Alliances chapter is a gathering consists of business risk, information and cyber security leaders who have been highlighted as being able to offer value in terms of content and influence. It is designed to form alliances and to drive progressive change in the business world and beyond.

The content and format is designed to talk together, learn better and experience more. 

Format: Invite only Security Leaders debating pertinent, real life issues through the form of open forums, workshops and  Panels.

Chatham House Rule will be applied

Outcomes:

  1. Depth achieved around business objectives where the opportunity of experience within the attendees is leveraged
  2. Benchmarking and verification of thought processes outside of existing networks i.e. the broader CISO Alliances community
  3. Industry progression and unity in impacting the challenges of the common business objectives
  4. Not corporate flag waiving or sales pitches.  We insist, do that elsewhere.

0Weeks0Days0Hours0Minutes0Seconds

Chapter Order of the Day

0900
Registration and Networking

Registration

0930
Chapter Opening

Welcome Remarks and Housekeeping

Session Leader: Phil Manny, Director – CISO Alliances

Master of Ceremonies: Tunde Dada, Group Head IT/ BCM – Inq. Digital (Formally Vodacom and Vodafone Company)

Session Outcome: Understand the purpose of the day, order of the day and your role throughout the day

0945
Session 1
Workshop

Session Moderator: Dr. Bharat Soni, CISO / DPO – GTCO

Session: Group Workshop

Session Theme Title: “Open AI – Our friend or Foe?”

Session Overview and Synopsis:

Unfortunately, AI can be used by criminals for a variety of illegal activities. As with any technology, AI has both positive and negative applications, depending on how it is used.

We will kick start the day with a group workshop where we divide into sub-groups and debate:

  1. Cyberattacks: Criminals can use AI to develop sophisticated malware that can bypass security measures and infiltrate computer systems.
  2. Fraud: AI can be used to create realistic fake identities, which can be used to commit identity theft and financial fraud.
  3. Social engineering: Criminals can use AI-powered chatbots to engage with potential victims and trick them into revealing sensitive information or performing actions that benefit the criminal.
  4. Deepfakes: Criminals can use AI to create convincing deepfake videos and images that can be used to blackmail or extort individuals.

Session Outcome: 

  • A collective response of perspectives

1045
Session 2

Open Forum

Session Leader: Henry Bett, Solutions Architect East and West Africa – Infoblox

Session Theme Title: Exfiltration and Security Analytics using machine learning and AI

Session Overview and Synopsis:

In today’s world of ever evolving cyberthreats, malicious actors are always finding new ways to evade detection. The more dynamic they are in their approach, the more successful they will be in getting past defenses that use static methods, such as blacklists that are rarely updated.
How can today’s workforce deficient defenses keep up with increasingly automated and sophisticated attacks?
In this session, we will cover one such dynamic tactic used by cyber criminals: domain generation algorithms (DGAs). We will also cover some unique and cutting-edge methods leveraging artificial intelligence/machine learning (AI/ML) to counter these threats and discuss how to handle false detections (both positive and negative).

Session Outcomes: 

1. Static defense approaches towards AI and Machine learning based attacks are a losing battle.
2. Minimizing False Positives in security requires a new approach away from resource constrained SOC teams, manually fine-tuning static rules.
3. AI and Machine learning based security that is focused on the Tactics, Techniques and procedures of attacks is the true “Shift Left Security Strategy.”

1115
Session 3
Open Forum

Session Leader: Craigh Stuart, Director – Endemik Consulting

Session Theme Title: API Security

Session Overview and Synopsis: 

API’s are fundamentally changing how organisations are doing business. They are the foundation that enable businesses to bring applications together to share data and pre-defined processes. API’s provide the means for organisations to enable digitized services to be consumed across multiple platforms.

Session Outcomes and Takeaways:

  1. Understand how API’s have changed the attack surface.
  2. How are API’s attacked and what is needed to prevent API abuse.
  3. Why is API Security so important to third party risk.

1200
Networking Lunch

1300
Recharge – Networking Break

1315
Session 4
Open Forum

Session Leader: Daniel Adaramola, CISO – SunTrust Bank Nigeria Ltd

Session Theme Title: “The Battle for workforce talent – Japa syndrome and beyond”

 Session Overview and Synopsis:

The shortage of cyber professionals is a global challenge. Within Nigeria specifically there are many additional contributing factors including but not limited to “Japa Syndrome” and bridging the skills gap.

The strain on business is evident and we will use this opportunity to decipher the contributing factors and debate action points and recommendations around the issue.

Touch Points:

  • What can Government and Regulators do to mitigate the challenge?
  • What can Organisations do to mitigate the challenge?
  • What can we do as cyber security leaders?

1415
Session 5

Open Forum

Session Leader: Dr. Harrison Nnaji, Group CISO – First Bank of Nigeria & Its Subsidiaries

Session Theme Title: “False assumptions and Best practices in securing the API ecosystem”

 Session Overview and Synopsis:

APIs are the backbone of today’s digital ecosystems and the foundation of modern web applications, allowing for seamless communication between different services, networks, and components. Unfortunately, their importance also makes them a prime target for attackers looking to exploit vulnerabilities and gain unauthorized access to sensitive data. That’s why API security is one of the hottest topics in application security today as its deeply integrated into software systems and a significant driving force behind successful application execution.

In this presentation we will discuss:

• Top API Security Attacks and Trends
• Wrong Assumptions About API Security and
• Best practices in securing the API ecosystem

By attending this session, participants and their organizations will gain valuable knowledge and insights into the dynamics of APIs, the current state of API security, and how to implement best practices for keeping them secure. Don’t miss out on this opportunity to enhance the overall security of your web applications.

1500
Post Alliances Networking

Thank you