CISO Philippines schedule

During this 5-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

• How digital complexity is outpacing traditional visibility and control methods
• Using AI and automation to detect, prioritise, and respond to threats in real time
• Building continuous attack surface management into your security operations strategy

The rise of AI has supercharged both innovation and cyber threats. In the Philippines and across Asia-Pacific, businesses are seeing a surge in automated attacks that evade traditional defenses and exploit digital growth. 

This session dives into how CISOs can adapt — with real-world insights on detecting, managing, and mitigating bot-driven risks while preserving user experience and brand trust in a fast-evolving threat environment.

• The National Cybersecurity Plan 2023–2028 is redefining the CISO mandate — from technical compliance to national resilience leadership
• Boardroom expectations are shifting: CISOs must now speak the language of risk, brand, and business continuity
• How leading security executives in the Philippines are balancing immediate threats with long-term transformation goals

Moderator

Sam Jacoba Strategic Communications Lead ASEAN Japan Cybersecurity Community Alliance (AJCCA)

Panellist

Marlon Sorongon CISO Maybank Philippines

Suresh Sankaran Srinivasan Group Head – Cyber Security & Privacy Axiata

Arlene Romasanta Director IV and CIO Department of Environment and Natural Resources (DENR)

Gabriel Tuason Head, Information Security Energy Development Corporation

• Key principles for architecting secure, scalable environments across cloud, hybrid, and edge
• How to embed resilience and agility without compromising speed or user experience
• Real-world approaches to modernising legacy infrastructure while preparing for future threats

Moderator

Jed Kenley Chua CISO Asia United Bank

Panellists
Alexander Ramos Senior Cyber Security Advisor Department of ICT

Steffen Minkmar Head, IT Risk and IT Resilience Asian Development Bank (ADB)

Senior Representative Crowdstrike

Despite advancements in cyber security tools, human error remains the leading cause of breaches, with phishing attacks, insider threats, and credential misuse continuing to dominate the threat landscape. Independent research highlight 68% of cyber incidents stem from human error, reinforcing Mimecast’s human-risk research revealing that almost 10% of employees account for 80% of security incidents.

This session will explore the factors contributing to user vulnerabilities that lead to certain individuals being classed as high-risk.

You will gain insights into measuring user risk effectively and implementing tailored strategies to enhance cyber security across their organisations. My session will also highlight how a personalised and adaptive security approach can provide customised security measures for each user. By focusing on these high-risk individuals, organisations can safeguard their workforce while maintaining operational productivity.

• Understanding NICA’s role in predictive threat intelligence under the National Cybersecurity Plan 2023–2028
• How the National Cyber Intelligence Network supports organisations with actionable insights to get ahead of threats
• Practical steps for private sector leaders to engage with government and strengthen national cyber resilience

• Turning policy into practice through behaviour, incentives, and leadership modelling
• How to embed security ownership across departments, not just in IT
• Lessons from leaders driving organisation-wide change in mindset and accountability

Speakers:

Cel Mantua Country Representative, Philippines Crest

Irene M. Camacho CISO Healthway Medical Network

As organizations in  Philippines undergo rapid digital transformation—spanning cloud-native infrastructures, multi-cloud deployments, and hyperconnected workforces—the need for proactive identity security has never been greater. Saviynt’s newly launched Identity Security Posture Management (ISPM), part of the converged Identity Cloud, equips forward-thinking organizations to harness AI-powered intelligence and just‑in‑time access controls to secure both human and non-human identities across dynamic access scenarios

• How leading teams coordinate across security, legal, comms, and business during an active breach
• What real-world playbooks reveal about decision-making, escalation, and containment
• Turning crisis into resilience through post-incident learning and tabletop exercises

It's hard to believe that invoice fraud is even possible in this era of online payment, sophisticated accounts-payable systems and our heightened awareness of cybercrime. Yet, Australian businesses lost $152m to payment redirection scams last year - a 67% increase on 2023.

In this talk, I'll explore real world examples of cleverly crafted socially engineered attacks - taken directly from the emails sent by threat actors to Australian businesses. Some were acted upon and the unbelievable conversation with threat-actors will be revealed. We'll also take a look through the security analyst's lens and uncover ways you can identify these amazingly real-looking emails, as fraudulent.

Generative AI and GPTs feature heavily in the threat actor's toolkit to create very real and convincing attack emails, so we'll review examples of how ChatGPT is being so easily used to not only create the socially engineered email but also perform extensive profiling on the target to ensure the attack is contextually relevant, personal and believable.

How do you transform to evolve your defences against this type of attack, especially when your supplier accounts could be compromised or look-alike domains are used? Is it worth pursuing a takedown? I'll cover the reality of these techniques along with other methods such as EFT payment verification and behavioural AI.

• What is agentic AI, and how is it being deployed in enterprise settings today?
• Threat scenarios: prompt injection, goal hijacking, model manipulation
• How to enforce guardrails, oversight, and reversibility in autonomous agents

AI is rewriting the rules of innovation, and the risks that come with it. Models are learning faster than most security programs can adapt, and the line between smart and unsafe is razor thin.

Join BigID to explore how security and governance can keep pace with AI’s evolution while protecting data, ensuring compliance, and enabling responsible use from concept to runtime and beyond. We’ll unpack how to safely use any CoPilot, deploy third-party models with confidence, and prepare for the next frontier: autonomous AI. Because in a world where every model learns from your data, the question isn’t if you should secure AI, it’s how fast you can.

In this session, a framework will be presented for navigating the delicate relationship between emerging technologies, Trust and Privacy. We will explore how organizations can accelerate innovation amidst AI-powered cyber-attacks while simultaneously building a robust foundation of trust with their customers and stakeholders.  Further, regulations supporting accelerated digital transformation will be discussed that lays the foundation for accountability and transparency. By building a solid foundation of trust and fairness, regulation ultimately accelerates the very innovation it seeks to govern.

The goal is to move from a reactive security posture to a proactive, trust-centric strategy.

• How leading organisations are implementing Zero Trust across hybrid and multi-cloud environments
• Breaking down real-world playbooks: identity, segmentation, continuous verification
• Overcoming resistance, complexity, and legacy system limitations on the path to Zero Trust

• Core capabilities and tools needed to shift from reactive to proactive detection
• How to prioritise hunting targets based on business risk and threat intelligence
• Integrating threat hunting with SOC workflows and incident response

• How to manage internal and public confidence after a major incident
• Communicating transparently with regulators, customers, and the board
• Turning a breach into a catalyst for stronger cyber posture and culture

Moderator

Jeia Tirante Head of Non-Financial Risk ING Hubs Philippines

Panellist

Marlon Sorongon CISO Maybank Philippines

Elizalde Duran Chief, Center for Cybersecurity & Safety National Police College

Gen Macalinao Security GRC – OT AboitizPower

Robert Sanchez Paguia Division Chief (International Cooperation on Cybercrime) & DPO Cybercrime Investigation and Coordinating Center