CISO Indonesia schedule

• Understanding the shift to AI-powered threats and autonomous attacks

• How AI can strengthen real-time threat detection and incident response

• What CISOs must prioritise to stay resilient in 2025 and beyond

There’s a key defense that organizations often overlook: eradicating data permanently and decisively—and as soon as it’s no longer needed.

Drawing on industry research, best practices, and case studies, we’ll explore why enterprises must address end-of-life data more efficiently and precisely than ever before. We’ll also look at how to target regulated data within traditional endpoints (including remote workplaces), live environments (onsite or in the cloud) and decommissioned IT assets (loose drives and devices).

Session takeaways include:

• How to securely remove sensitive remotely home and on-prem
• The drawbacks of physical destruction for end-of-life assets
• Why reformatting, data deletion, and other data destruction methods are unacceptable approaches
• Best practices for automation and integration, whether to target live data or protect decommissioned assets against unauthorized data access.

• With the PDP Act and Indonesia's national push for digital resilience, the CISO role is evolving from technical enforcer to strategic business leader
• Boards and regulators increasingly expect CISOs to articulate risk, trust, and resilience in business terms—beyond compliance
• Balancing real-time threat response with long-term transformation, regulatory alignment, and enterprise value creation

Moderator

Sanjeev Gathani Group Compliance Officer RV Health

Panellists

Henriko Samosir Head of Information Security GRC & Data Privacy Halodoc

Vincent Sim Regional Director, ASEAN Blancco

Dr. Fandhy Haristha Siregar Head of Cybersecurity Governance & BISO FWD Insurance

• Key principles for architecting secure, scalable environments across cloud, hybrid, and edge

• How to embed resilience and agility without compromising speed or user experience

• Real-world approaches to modernising legacy infrastructure while preparing for future threats

   

Moderator

Sanjeev Gathani Group Compliance Officer RV Health

Panellists

Mashrek Reza Siddique Head of IT Unilever Oleochemical Indonesia

Yusfiannur Lnu IT Infrastructure & Security Specialist Medco E&P Indonesia

Eddy Gunawan IT Security Expert Pertamina

John Taylor Field CTO APAC Mimecast

Indonesia’s digital economy is booming, but while we race toward the "Super App" finish line, hackers are taking a shortcut through the pocket. Mobile devices have become the new front line of cyber warfare, yet they remain the most significant blind spot in the modern enterprise.

In this high-energy session, we’ll explore why traditional security often misses the target where it matters most: the device in your hand. Discover how to move beyond basic protection to implement on-device security that scales with your growth, ensuring your apps and data remain resilient, compliant, and ultimately, a dead end for attackers.

• Design secure GenAI architectures with isolation, controlled data access, and safe integrations (APIs, RAG, vector DBs).
• Protect sensitive data through minimization, encryption, governance, and alignment with Indonesia’s PDP Law.
• Mitigate GenAI‑specific threats such as prompt injection, model poisoning, and hallucination risks with monitoring and AI governance.

As AI adoption outpaces security governance, organizations are facing a widening "AI Exposure Gap." This session explores the dual reality of AI in the enterprise: how AI-driven tools are revolutionizing Exposure Management (AI for Security) and the critical strategies needed to protect the emerging landscape of AI agents, LLMs and shadow AI usage (Security for AI). Discover how to bridge this gap by shifting from the noise of reactive alerts to a posture of proactive exposure management, ensuring security resilience evolves at the speed of innovation.

• Turning policy into practice through behaviour, incentives, and leadership modelling

• How to embed security ownership across departments, not just in IT

• Lessons from leaders driving organisation-wide change in mindset and accountability    

Speakers

Rita Fitria SVP, Head of Internal Audit China Construction Bank Indonesia
Eddy Gunawan IT Security Expert Pertamina

The latest Mythos and Glasswing briefing signals a major shift in cybersecurity: AI is accelerating vulnerability discovery, exploit development, and attack speed faster than most organizations can patch or respond. For security and engineering leaders, this changes the software risk equation.

In this session, Sonatype APJ Principal Solutions Architect, Roger Lau will break down what the Mythos moment really means for the industry, why software supply chain security is now central to cyber resilience, and what organizations should do to prepare.

Attendees will learn how to think about rising patch pressure, dependency risk, malicious open source, SBOM readiness, AI-assisted development, and the controls required to reduce exposure without slowing innovation. The session will separate signal from hype and provide a practical framework for building a Mythos-ready security program.

• Building effective incident response plans tailored to today’s threat landscape

• Using tabletop exercises to validate readiness and improve cross-functional coordination

• Exploring the role of cyber insurance as part of a broader resilience strategy

Identity systems were built to enable business, not provide security. As organisations expanded from on-premises Active Directory to cloud and SaaS, identity became a fragmented, siloed ecosystem, creating gaps in visibility, inconsistent protection, and costly breaches.

Attackers already treat identity as a single attack surface. Defenders must do the same. Drawing parallels to how endpoint and cloud security matured from point solutions into unified platforms, identity security is now undergoing the same consolidation, which is to adopt a holistic Identity Security Stack that protects the entire identity system, from legacy AD to AI.

• Identifying strategic risks at the intersection of IT, OT, and IoT
• Establishing unified frameworks for asset visibility, segmentation, and incident response
• Ensuring governance, safety, and uptime in mission-critical environments

AI agents are becoming part of everyday work, but most security strategies have not kept up.

As organisations adopt AI assistants and agents across collaboration tools and business workflows, the digital workspace is evolving into something new. This agentic workspace connects people, AI, and data more closely than ever before. While this drives productivity, it also introduces new risks across how information is shared, accessed, and acted on.

Join Philip Sow in this session as he explores how security must evolve to support this shift. Learn how to protect modern collaboration environments, manage how AI interacts with sensitive information, and reduce the risk of unintended data exposure. We will also show how a unified, human-centric approach helps you secure both people and the AI systems they rely on.

Secure the agentic workspace end to end, from collaboration tools to data protection, so you can enable AI with confidence.

As AI accelerates both cyber threats and defensive capabilities, cybersecurity must be measured beyond technical controls and compliance. This session explores how leaders can translate cyber risk into business impact, quantify resilience, and position digital trust as a measurable business value. The discussion will highlight how organizations can connect cybersecurity investments to risk reduction, operational continuity, customer confidence, and executive decision-making.

What this is
A time‑pressured, gamified incident simulation that places CISOs and IT leaders in command of a Cyber‑Response Team facing rapid, realistic threat injects. The exercise emphasises decision velocity, evidence preservation, and business‑centric risk tradeoffs.

Why these matters
Builds muscle memory for spotting subtle indicators of compromise, executing the Stop Analyze Report protocol under stress, and aligning technical containment with executive communications to protect continuity and reputation.

Key Outcomes

• Detect: Improve recognition of low‑signal indicators across network, endpoint, and human vectors.
• Contain: Practice a repeatable Stop Analyze Report cadence to reduce dwell time and limit blast radius.
• Coordinate: Strengthen handoffs between SOC, IT Ops, forensics, and executive leadership.
• Protect Reputation: Exercise stakeholder messaging and regulatory posture while response actions proceed.
• Manage People: Learn to influence and control different personas to keep response focused and auditable.

Duration:

Game Time: 30 mins

Presentation: 20 minutes

Wrap up: 10 minutes