RSAC 2019 APJ Ambassador Q&A: Magda Chelly

Posted on by RSAC Editorial Team

And finally, hear from RSAC APJ Ambassador, Magda Chelly:

Magda Chelly

This will be your second year speaking at RSAC APJ—what are you most looking forward to? 

Facilitating the discussions around important and critical challenges in the industry with peers is something that I am looking forward to. There is nothing like attending a face-to-face event, where you can share your research and receive constructive feedback and comments. 

As a cyber security professional, I need to be always on top on the updates, and new threats. It is crucial as well to discuss and exchange with peers on what challenges they have been facing, and how they  addressed them. I also enjoy sharing business, technical and cultural lessons from the sessions with my peers and discuss further with the speakers. 

On the other side, as there is a prominent gap in cyber security skills, THE cyber security professionals need to perform sometimes all the functions at once, in one role. That, of course is impossible however a better understanding and knowledge about a topic is always helpful and relevant. 

I am always curious about new cyber security topics, technologies, solutions, and methodologies. The curiosity and variety of areas is what make cyber security a passion for me. 

What do you get out of RSAC APJ that is unique to this Conference? 

Cyber security events are getting frequent and we - cyber security professionals - are aiming for quality, innovation, and knowledge sharing sessions. This is what RSAC is bringing to us, in my opinion, and therefore I am really looking forward to it. Fortunately, RSAC is innovating as well in the overall conference set-up, organization and activities around the conference itself, which is fantastic.

Keeping a practical view of the security trends and evolving threats is critical to any CISO and cyber security professional and attending some of the best security conferences is on the must-do list. I am involved already the second year with RSAC, and I feel a real commitment to give back to the security industry, and to encourage diversity as well. Those are important factors when it comes to talks and conferences. 

I am also very excited about the opportunity to share my experiences from RSAC APJ this year, through a Social Media Takeover on RSAC Twitter, LinkedIn, Instagram and Facebook. At the close of each day, I’ll compile photos, short videos and captions of my time onsite to ensure that attendees and followers alike can experience all that RSAC APJ has to offer. 

What regional topic do you look forward to discussing with peers? 

Asia Pacific is a vibrant economic region where innovation and technology are at the center of every initiative. That said, that drive brings new cyber risks, including larger attack surface as well as cyber criminals’ attention. I am interested to discuss the future of cyber security in the area, where connected devices, artificial intelligence, and blockchain have been striving across with continuous business transformations and digitalisations. 

As cyber security is based on the three pillars; people, process and technology, process and people remain the most challenging to effectively implement. Through continuous and costly awareness as well as bureaucratic process, business cyber resilience is not maturing at the right pace. Artificial intelligence was one of the cyber security applications providing an automated and fast decision-making process, reducing human error and achieving better results. 

Thus, all those new technologies are new. New means immature, and unknown. The complexity and connectivity of these systems and technologies directly impacts their level of security and trust. 

Which session are you most looking forward to attending? 

I am looking forward to the session: Is Your SOC Any Good? Proving and Improving Your Value with Metrics - HPS-W08 with Amy Parde, Director, Security Operations Center from Sony Corporation of America. 

I personally think it is an excellent topic and much needed with practical feedback and lesson learned. 

Day-to-day security activities are monitored by a dedicated team in a security operations center (SOC). The goal of the team would be to provide the assurance for a business of a secure environment and a proper incident response timeframe. However, it often ends with a huge number of false positives, or just wrong reporting metrics, providing a completely inadequate view of the situation. The SOC responsibilities should extend far beyond detecting, analysing and coordinating the responses to security incidents. Therefore, how would you measure the success of your SOC with thousands of events per day. 

By using consistent and efficient metrics to review your SOC’s achievements, you can estimate its performance more accurately. 

And, this session looks to be the perfect one for that purpose. 

You have a number of sessions on the agenda – what is the topic of each?

I have four sessions, including Innovate to Future Proof: 2025, Lightening Round: My Cyber Trend is Better Than Yours, Identity Access Management: In Centralized Storage, Do We Still Trust?, and Cyber-Risk in the Boardroom

O M G – I have four sessions! What an excitement. 

My main session Identity Access Management: In Centralized Storage, Do We Still Trust? will address a topic that I have researched for more than a year – the identity challenge in the cyber space. During that session, I will showcase various authentication types used by enterprises nowadays, their security weaknesses and their future. The session will focus on a research work, which helped myself and my team to take the right decisions for our clients and our partners. 

Innovate to Future Proof: 2025 is exciting. It will address my previous topic and what I would like to hear about. What do you predict for the future, and how will cyber security evolve through the big bang of technologies? 

My cyber trend if better than yours will be a provocative session, where I come back to the blockchain topic and showcase the variety of practical applications in the cyber security areas. I will keep it slightly sweet and short, as you must come and listen to know more. 

My last session, Cyber Risk in the Boardroom is a topic that is relevant to most CISOs nowadays, whether reporting to the board or not, a clear and business-oriented discussion is key to success in cyber. Cyber security must be seen as business enabler and not blocker. As part of this discussion, I would like to showcase and discuss a security scorecard where reporting criteria were based on customer satisfaction, reputation, financial impact, etc. Join the discussion, for insights from various Fortune 500 companies, across different industries. 

How are you preparing for your sessions?

I always choose a topic that I am excited about. I also preferably tell a personal story from my experience and life that relates to the topic, as a way to introduce my session and my topic.  This will ensure that I am engaged with my audience.  I think as well that when I present, others feel my enthusiasm and become interested to know more. Ideally, apart my own experiences, I discuss with peers and ask for their experiences and lesson learned. Then, I can consolidate all the knowledge, research and lesson learned into a great presentation that speaks to the public. 

And, I also make sure I know where the venue is :D! 

What skills/info will those who attend your session walk away with? 

The objectives of all my sessions are to bring a different perspective. Standard cyber security and usual traditional measure might not be efficient in a Tsunami of technologies.

The audience will be able to see various and analysis various scenarios – life experience of failures and successes across industries, across cyber security areas and across cultures. 

I have though a clear strategy and objectives helping the audience to enrich themselves:

  • My top take-aways or insights
  • Specific actions I will take in the next x weeks
  • Obstacles
  • Strategies to get around those obstacles 

You’re hosting a CTF on July 13 – tell our readers about how they can get involved:

I have been passionately playing in CTFs for the past couple of weeks on HackTheBox. I must admit, it is one of my favorite platforms. I have decided to launch the First CTF For Girls in Singapore. During this process, I have learned a lot and I have discovered as well that there are amazing talented women around, however almost none have been invited to hackathons or CTF events, as mostly have been male dominated sessions. Thus, we NEED a CHANGE and we NEED it NOW. 

And the change is – providing organizations around the world, with a #noexcuses hashtag when it comes to finding technical super smart and skilled women for their teams. And, RSAC APJ came to support my initiative! 

I believe one of the main benefits of showcasing those available talents through a great event like a CTF For Girls is allowing organizations in the future to bring diversity into their teams. They will observe how many women and girls are talented, are amazing professionals, bringing a different angle and vibe to the whole industry. 

Thank you so much RSAC APJ for the support! 

To read other conversations with RSAC APJ Ambassadors click here.

RSAC Editorial Team

Editorial, RSA Conference

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs