CISO Indonesia schedule

• Understanding the shift to AI-powered threats and autonomous attacks

• How AI can strengthen real-time threat detection and incident response

• What CISOs must prioritise to stay resilient in 2025 and beyond

There’s a key defense that organizations often overlook: eradicating data permanently and decisively—and as soon as it’s no longer needed.

Drawing on industry research, best practices, and case studies, we’ll explore why enterprises must address end-of-life data more efficiently and precisely than ever before. We’ll also look at how to target regulated data within traditional endpoints (including remote workplaces), live environments (onsite or in the cloud) and decommissioned IT assets (loose drives and devices).

Session takeaways include:

• How to securely remove sensitive remotely home and on-prem
• The drawbacks of physical destruction for end-of-life assets
• Why reformatting, data deletion, and other data destruction methods are unacceptable approaches
• Best practices for automation and integration, whether to target live data or protect decommissioned assets against unauthorized data access.

• With the PDP Act and Indonesia's national push for digital resilience, the CISO role is evolving from technical enforcer to strategic business leader
• Boards and regulators increasingly expect CISOs to articulate risk, trust, and resilience in business terms—beyond compliance
• Balancing real-time threat response with long-term transformation, regulatory alignment, and enterprise value creation

 

Panellists

Henriko Samosir Head of Information Security GRC & Data Privacy Halodoc

Indra Adillah Head of ICT AirAsia Indonesia

Setiaji Director of Information Technology BJPS Kesehatan

Vincent Sim Regional Director, ASEAN Blancco

• Key principles for architecting secure, scalable environments across cloud, hybrid, and edge

• How to embed resilience and agility without compromising speed or user experience

• Real-world approaches to modernising legacy infrastructure while preparing for future threats

   

Panellists

Raditio Ghifiardi VP - Head of IT Security Strategy & Architecture Indosat Ooredoo Hutchinson

Mashrek Reza Siddique Head of IT Unilever Oleochemical Indonesia 

Christian Prasetya IT Security & Network Operations Head BFI Finance

• Analysing real-world ransomware attacks that exploited AD and disrupted critical systems
• Implementing foundational controls to detect lateral movement and privilege escalation
• Strengthening recovery, segmentation, and monitoring strategies to harden AD environments

• Design secure GenAI architectures with isolation, controlled data access, and safe integrations (APIs, RAG, vector DBs).
• Protect sensitive data through minimization, encryption, governance, and alignment with Indonesia’s PDP Law.
• Mitigate GenAI‑specific threats such as prompt injection, model poisoning, and hallucination risks with monitoring and AI governance.

• How leading teams coordinate across security, legal, comms, and business during an active breach
• What real-world playbooks reveal about decision-making, escalation, and containment
• Turning crisis into resilience through post-incident learning and tabletop exercises

As organizations rapidly adopt Generative AI, they face a critical choice: embrace innovation or manage the "shadow AI" and data exposure risks that follow. This session explores Tenable’s journey in securing the AI revolution, moving beyond the hype to provide a practical framework for AI Security Posture Management (AISPM).

In this session, you will uncover: 

• Uncover shadow AI usage and data exposure

• Identify misconfigurations in AI platforms

• Detect unsafe third-party tools and integrations

• Pinpoint and mitigate prompt injection and jailbreak attempts

• Building effective incident response plans tailored to today’s threat landscape

• Using tabletop exercises to validate readiness and improve cross-functional coordination

• Exploring the role of cyber insurance as part of a broader resilience strategy

• Turning policy into practice through behaviour, incentives, and leadership modelling

• How to embed security ownership across departments, not just in IT

• Lessons from leaders driving organisation-wide change in mindset and accountability    

Speakers

Rita Fitria SVP, Head of Internal Audit China Construction Bank Indonesia
Eddy Gunawan IT Security Expert Pertamina

• How do OT and IT leaders collaborate to prepare for cyber incidents that can halt physical operations?

• Can automation and AI-driven analytics improve visibility and reduce response time in critical environments?

• How can industry, government, and technology providers work together to safeguard Indonesia’s critical infrastructure ecosystem?

AI agents, automation, and non-human identities are reshaping how enterprises operate—but they are also breaking the assumptions that identity security has relied on for decades. Boards are rightly asking whether AI can be trusted to make decisions. Yet a more fundamental risk often goes unaddressed: do we have visibility into which identities are actually acting inside the enterprise, at machine speed, and with what authority? 
Identity is no longer a static access control function. It has become a dynamic, distributed system—executing continuously across cloud platforms, legacy infrastructure, APIs, SaaS, and autonomous AI agents. Managing identity as configuration rather than behavior creates blind spots that traditional IAM, PAM, and CIEM platforms cannot close. 
This session introduces Identity Visibility and Intelligence Platforms (IVIP) as a necessary evolution of identity security in the AI era. IVIP treats identity as an observable system, collecting authentication telemetry across environments, applying behaviorral intelligence, and enabling adaptive Zero Trust enforcement in real time. 
Using Silverfort’s evolution as an illustrative case study, this talk demonstrates how identity visibility becomes a foundational capability for AI trust, cyber risk quantification, and digital resilience—without requiring application rewrites or operational disruption. 

• Identifying strategic risks at the intersection of IT, OT, and IoT
• Establishing unified frameworks for asset visibility, segmentation, and incident response
• Ensuring governance, safety, and uptime in mission-critical environments

In this session, we will explore how a human-centric approach to cybersecurity can significantly transform your data protection efforts. Moving beyond traditional technical solutions, we’ll highlight how integrating data classification, behavioural insights (i.e. user intent), and threat context creates a dynamic defence against data loss.  

• Embedding compliance into security architecture from the design stage
• Translating organisational risk appetite into resilient architectural decisions
• Moving beyond “bolt-on” compliance to proactive risk management

• Translating Zero Trust strategy into executable enterprise initiatives
• Applying identity, segmentation, and continuous verification in hybrid environments
• Navigating organisational resistance and legacy challenges for scalable adoption

• Moving from regulatory compliance to true digital trust – Why compliance alone is no longer enough in Indonesia’s digital landscape.
• Embedding trust into products, data governance, and user experience
• Strengthening transparency, accountability, and security to earn stakeholder confidence

 

Speakers

Ivan Irawan Director of Information Technology Credit Bureau Indonesia

Zulfikar Ahmad BCM QA & Continues Improvement Indosat Ooredoo Hutchison 

 

• Anticipating the next generation of ransomware, APTs, and AI-powered attacks
• Understanding how geopolitical shifts and AI misuse could destabilise security ecosystems
• Rethinking playbooks, tooling, and collaboration for the threat landscape of tomorrow

 

Panellists

Volvin Irawan Head of IT Security Bank OCBC Indonesia

Dedy Mulyadi Cybersecurity Leader