Conference Agenda

  • MESA - Day 1 (Apr 11)
  • Day 2 - MESCON Conference (April 12)

Middle East Security Awards (MESA) Conference - Dubai

11, April 2017

8:30

Coffee and Registration

9:30

Welcome Note – MESA Team

9:40

OPENING REMARKS – MESA CHAIRMAN

KEYNOTE SESSION

09:50

INTERNATIONAL GUEST KEY NOTE PRESENTATION: Smart Meters - A Secure Critical National Infrastructure (UK Experience)

The UK Government is committed to ensuring that every home and small business in the country is offered a smart meter by 2020, delivered as cost effectively as possible and this is a key priority for the Department for Business, Energy & Industrial Strategy. Smart meters will contribute to the UK having a secure and resilient energy system and by being a catalyst for system flexibility on the demand side. This can play an important role in improving energy security in the future and in integrating renewable energy sources into the system.

This presentation will provide a brief history of the UK Smart Meters programme, an overview of the logical architecture used to support the implementation of the UK Smart Meters network, an overview of the PKI implementation that supports the system security framework and details of the operational security framework.

David Higgins - Security & Programme Director – UK National Grid

10:20

CISO INSIGHTS PANEL: Cybersecurity Innovation & Future Traits

The digitalization phenomenon in the hyper connect world has made the businesses think seriously about the cyber threats as it impacts the business growth and digital economy. This session discussed the latest security tactics and strategies from the regional and global security executives. 

MODERATOR: Ahmed Baig, Founder, CISO Council

David Higgins, Security & Programme Director – UK National Grid

Biju Hameed, Head – Information Security & Compliance – Dubai Airports

Sandro Bucchianeri, GCSO – Seasoned Global CISO

Tamer Gamali, Head Technology RiskKuwait Finance House

Abdullah AlOmari, Executive General Manager Security and Privacy Mobily

10:50

Headline Keynote: Threat Hunting

In the world of cybersecurity, some adversaries are more effective than others.  Adversaries vary in motivation, resources, and skill, which translates to different overarching techniques and themes.  In this talk, Andrew will discuss several high-level techniques implemented by the most effective adversaries to compromise systems, gain unauthorized access to sensitive data, and cause significant damage and loss. Next, he will discuss tactics you can use to protect against each of these offensive techniques. Finally, I will discuss the work we do on the Endgame R&D team to address the most advanced threats

Andrew Morris – Security Research – ENDGAME

11:15 Networking Coffee Break

11:45

CISO DIALOGUE: Defending your business: Earlier Detection and Effective Response?

Organizations today are preparing themselves against the unknown and unseen attacks. The cyber threats have evolved from relatively simple to highly complex targeted and sophisticated attacks. Unfortunately, organizations have to defend themselves at all levels and have a robust incident response. However, the time taken to detect an attack and track the activity of adversaries on you network is a challenge. Join us in a conversation about what businesses can do to reduce time for detection and response to improve their ability to protect their critical assets.

MODERATOR: Ahmed Qurram Baig, Co-Founder – CISO CONNECT

Samir Pawaskar Manager - Cyber Security Strategy and Policy -  Q-CERT

Shabbir Nalwala – Head - Information Security and IT Governance Dubai South

Abdulla Sayari – CISO - Health Authority Abu Dhabi

Adel Al Hosani – CISODubai Customs

12:15

Strategic Sponsor Keynote: Maneuvering in the Winds of Change…   
CISOs – You have many fish to fry!

Digital world gives rise to a new set of security threats applicable to all industry segments. As organizations embrace digital transformation, CISOs need to make sure that businesses remain resilient to digital risks and continue to furnish services to their customers. The task is not at all easy to deliver. This talk highlights new horizons of CISO’s responsibilities and identifies means to contribute towards a secure digital world.

Kamran Ahsan - Senior Director - Digital Security Services – Etisalat

12:40

Security Automation: The Benefits of Security Automation and Orchestration for CISOs

Must Humans Be Replaced by Artificial Intelligence and Machine Learning? – The speaker will demonstrate why fully unattended and unconditional automation is a path and not a turnkey. Dario will also share the results of a 100+ CISO Survey on this topic, proposing a gradual and effective approach to security automation and orchestration based upon Supervised Active Intelligence. All the above with the goal of lowering the reaction time up to 80% and guaranteeing the Return on Investment.

Dario V. Forte - Founder & C.E.O – DFLABS

13:05

SECURITY : Intelligent Security Operations: Enabling real-time detection and investigation

SOC teams are facing a number of challenges today, including talent shortages, an ever-increasing amount of data and tools, and multi-stage attacks that evolve constantly. In this session, you will learn how today’s SOC can access more data to enable analysts and hunt teams to investigate and resolve threats.

Travis Grandpre  - Director - Enterprise Security – HP Enterprise

13:30 Lunch & Prayer Break

14:15

Data Security Address: Data Breach Recovery Real World Hints & Tips

Join this engaging presentation as we share real-world examples of how organizations can effectively recover from a security incident. Learn how to quickly respond after detecting malicious indicators of compromise and minimize the potential damage to an organisation. This session will share practical activities that security professionals can implement regardless of their industry.

  • Discover how to determine the extent of a compromise once a breach is detected and understand the steps necessary to contain the affected systems and reduce security risk
  • Understand how to apply a “standard of due care” in order to prove compliance to regulatory agencies Use a systematic approach to restore trust in affected systems
  • Understand key information that needs to be communicated to various stakeholders in the event of a breach

Paul Edon – Cybersecurity Expert – TRIPWIRE

14:35

Prepare for the next Cyber War: The formula for a successful incident response

Rasha Abu Al-Saud - SVP– Information Security Risk - A Leading Saudi Bank

15:00

PARTNER KEYNOTE: Information risk and the Board: discussion impossible?

Information security professionals are often called to present and communicate with the Board, yet the results are less than satisfactory to both parties. Building on discussions with senior level information security professionals and Board-level individuals, Adrian will describe the issues around working with the Board and then highlight how information security professionals can address these issues and communicate better.

Dr. Adrian Davis, Managing Director – EMEA, (ISC)2

15:20

INTERNATIONAL LEADERSHIP KEYNOTE: Think different: Women Cybersecurity Leaders an answer to increased demand in cybersecurity.

Gender diversity in tech is a hot topic for organisations, as many understand the benefits that women can bring, such as greater profitability, innovation and balance. However, when it comes to cyber security women offer another advantage. They think differently to men and this includes how they see risk. In this talk I’ll be explaining the unique differences between men and women in terms of risk and how a failure to attract and retain women in cyber security is making us all less safe. I’ll also be giving you tips for what can be done to address the issue and incorporate more diversity within cyber security.

Key Points Discussed:

  • Understand the current situation and why women in cyber security really matter.
  • Learn how women see risk in a different way to men, and why this is advantageous.
  • Gain a true understanding of the three main challenges the industry needs to overcome if it’s going to increase the numbers of women.
  • Learn how to remove barriers to entry whilst obtaining the right calibre of professional.
  • Discover how to cultivate talent through internal and collaborative programmes.
  • Find out what cultural changes you can make in the workplace right now so you remain operating happily within it or cultivating a more diverse workforce.

Jane Frankland – CISO Advisor – Cybersecurity Capital

15:40 Coffee Break

16:00

Closing Keynote: Adversarial Thinking  — The Single Most Effective Way to Improve Your Security

Cybersecurity is full of hits and misses. With an every changing threat landscape, it’s easy to end up trying numerous new defences, only to watch them fail.

After studying the wins (and the losses) for the last two decades, we’ll explain what Adversarial Thinking really means, and how it can fundamentally change your approach to security.

Sahir Hidayathullah – C.E.O– Smokescreen

16:00

Breakout Session: 90 Minutes (On Invite Only)

CISO Roundtable Session: Data Security & Compliance - The CISO Challenges !!

16:20

Closing Remarks from the Chairperson

16:30

Closing Remarks from MESA

MESCON Conference - Dubai

12, April 2017

8:30

Coffee and Registration

9:30

Welcome Note – MESCON Team

9:40

OPENING REMARKS – MESCON CHAIRMAN

 

PLENNARY SESSION

10:00

INTERNATIONAL GUEST KEY NOTE PRESENTATION:

Smart Meters - A Secure Critical National Infrastructure (UK Experience)

As a Critical National Infrastructure the UK Smart Meters networks is subject to a number of threats. This session will at the end to end security management of those threats starting with design, through to implementation and operation and detail some of the techniques used to mitigate against risk.

 

David Higgins - Security & Programme Director – UK National Grid

10:25

GUEST KEYNOTE PRESENTATION:

APT attack methods and counter measures

When reading the news it seems like APT attackers would have almost magic superpowers. While in reality the methods most commonly used by attackers do not differ than much from malware or regular hacking.

It is true that organizations like CIA and NSA have also very advanced methods and tools, but even they are reluctant to use them unless they absolutely must. Which means that there is lot to be gained by being more trouble than it is worth for the attacker, and either forcing attacker risk exotic tools and methods being exposed to the public, or look for easier target.

In this presentation Jarno will cover most commonly used attack vectors and lateral movement methods and how to protect your organization against them.

Jarno Niemela – Senior Security Researcher – F-Secure Corporation

10:50

INTERNATIONAL KEYNOTE: Automating Security Operations and IR - Use Cases

The session will present the Top 5 Use Cases in Security Automation and Orchestration for SOC and IR, Based upon the Supervised Active Intelligence Paradigm.  Security Automation and Orchestration can be effective both at Machine to Machine and Machine to Human level.  Thus, the speaker will cover the following cases:  Rule Based Vs Machine Learning based approach; the role of playbooks and incident correlation; API vs Agent-Based Approach; Reporting, KPIs.

Dario V. Forte, Founder & CEO- DFLABS

11:15 Networking Coffee Break

11:40

HEADLINE KEYNOTE: Threat Hunting

In the world of cybersecurity, some adversaries are more effective than others.  Adversaries vary in motivation, resources, and skill, which translates to different overarching techniques and themes.  In this talk, Andrew will discuss several high-level techniques implemented by the most effective adversaries to compromise systems, gain unauthorized access to sensitive data, and cause significant damage and loss. Next, he will discuss tactics you can use to protect against each of these offensive techniques. Finally, I will discuss the work we do on the Endgame R&D team to address the most advanced threats.

Andrew Morris – Security Research – ENDGAME

12:10

EMPOWERMENT PANEL: How can we attract more women in Cybersecurity

Cybersecurity brings immense opportunities for education/employment to women. While cybersecurity jobs are at all-time highs, the gender gap remains wide. Building awareness and interest in cyber careers among women takes a coordinated effort. This session will bring together professionals and advocates for women in cybersecurity to share experiences. Additionally, ways organizations can increase opportunities for women in cybersecurity will be discussed.

Moderator: Ahmed Qurram Baig, Co-Founder – CISO CONNECT

Jane Frankland CISO Advisor – Cybersecurity Capital

Fatma Bazargan– CISO– Injazat Data Systems

Shafeeqa Shakri - Senior Business Analyst - Information Security & Compliance

12:30

CISO SPEAKS: Bending the tree - For Future security leaders

This session is delivered by a globally experienced CISO advising the Rising stars and aspiring CISOs on shaping their career and working towards building the necessary competencies and skill sets for current and future roles.

Sandro Bucchianeri, Group CISO, NBAD

12:50

ASSOCIATE PARTNER KEYNOTE: Emerging Cyber Threats & Attack Trends:

The threats that will keep your security team awake this year – and what can you do to help. The session highlights the attack trends expected to be on rise in 2017 and emphasizes on the lessons to be learnt from the recent past attacks on various organizations ...

Ahmed Qurram Baig, Co-Founder – CISO CONNECT

13:20 Lunch & Prayer Break

14:00

INTERNATIONAL KEYNOTE: Robotics, AI & Machine learning will it still keep cyber security a concern ?

With the advent of Artificially Intelligent appliances in corporate network the first issue of Human error and Human as weak link would be eliminated, and once every network in the world has a self-learning appliance with built-in NIST framework and learning ability, anticipating an attack vector or a unknown cyber threat would no longer remain a human being concern.

Prashant Mali, Internationally renowned - Cyber Law & Cyber Security Expert

14:20

STRATEGIC SPONSOR KEYNOTE: Service Providers: Natural Ally in Securing the Digital Enterprise

Digital enterprise security needs swell far beyond their perimeters, networks to global clouds that are fundamental to power their growing business needs. Owning the network including visibility of network traffic, the availability of skilled security resources position service providers as a natural ally in fortifying the digital enterprise. Service providers who embrace ICT & new Digital lines of business can play a quintessential role in helping you secure your Digital needs. This session will highlight the role of an ICT / Digital Service provider as a natural partner in securing your enterprise.

Sudhir Menon – Director – Digital Security Solutions – Etisalat

14:40

SECURITY ANALYTICS SESSION: Using  analytics and orchestration for faster detection and response?

Rajesh Gopinath, Presales Head - Paladion

15:00

EXPERT SESSION: Advanced Persistent Threats

The business cost of cyber defence will run into $B’s again this year. So why are we constantly hearing about another major breach in which thousands or possibly millions of business customers are adversely impacted? Join Tripwire’s Paul Edon as he discusses the Advanced Persistent Threat (APT) and how we can fight back

·         Who, what and why: Who are the adversaries, what is an APT and why me?

·         What doesn’t work: Locking the doors and windows doesn’t work if the intruders are already inside or if you open the door and ask them in.

·         A strategy for success: Defence in depth still works, it just turns out the water is deeper than we first thought. 

 

Paul Edon, Cybersecurity Expert, Tripwire

15:30 Coffee Break

15:50

CLOSING KEYNOTE: “ Adaptive Security.. the shift from WANT to NEED! "

Incorporating Adaptive Security into your security programme is no longer a recommended approach but an essential one.... To be seen as the ENABLER and not the INHIBITOR!

A look into this along with the 3 "I"s (Information - Identity - Innovation) to see how it gives leadership better visibility and assurance on the state of cybersecurity within the organization.

Biju Hameed, Head – Information Security & Compliance – Dubai Airports

16:10

Security Think Tank Discussion – Open Table

16:30

Closing Remarks from Chair Person

16:40

Closing Remarks from MESCON

 

Frequently Asked Questions (FAQ's)

  • What is MESA?

    MESA is a conference and awards event organized to honor key cyber security leaders & executives for their contributions and innovative approach in securing & protecting the middle east enterprises.
  • What are (ISC)2 Community Choice Awards @ MESA?

    MESA has partnered with (ISC)2 to honor security executives in Middle East through community votes of (ISC)2 Members and CISO Council Members in various categories that includes (ISC)2 - MESA Information Security Executive, (ISC)2 - MESA Government Security Leader & (ISC)2 - MESA Women Security Leader, (ISC)2 - MESA Information Security Executive (Banking & Financial Services), (ISC)2 - MESA Information Security Executive (Healthcare),(ISC)2 - MESA Information Security Executive (Government)
  • Who is hosting the MESA Awards?

    MESA is an Emirsec Venture supported by (ISC)2 & other global cybersecurity partners. 

  • Who is supporting & endorsing these awards?

    A large number of Industry Association and Consortium's such as ISC2, ISACA, CISO Council, Digital Risk Alliance and others are supporting the event.
  • Who should apply for these awards?

    • CxO - CSO, CISO, CRO, DRO, • VP – Information Security / IT• Head – Information Security / Compliance, • IT Security Manager • Manager/Director tasked with security responsibility
  • What is the awards nomination process?

    Security Executives based in Middle East or working for companies in Middle East can apply for the same Online Nomination Form or email completed nomination forms to This email address is being protected from spambots. You need JavaScript enabled to view it.
  • What is the awards nomination qualification and judging process followed by MESA team?

    The nomination qualification and Following Judging Process Critera is used by MESA Awards Team and Jury members from various domains.
  • How will the nomination data be used, can I request specifically , not to use any particular details provided in public forum?

    You can explicitly request MESA to keep certain information confidential if necessary. You can also submit nominations with acceptable encryption or IRM tools.
  • What is the deadline for the awards nominations?

    Deadline for MESA CISO100 & (ISC)2 awards submission is Mar 15, 2017.
  • Do you have any recommendations for awards nominations submissions?

    The following are tips for nomination submission:- Fully Complete Nomination Form- Successful Initiatives and Business Value - Details of any other recognition for these initiatives- Reference or contact of person reporting to- Size and revenue of organization- Organization security sensitivity
  • How do I submit or reach the MESA team?

    Submit on www.mesecurityawards.com or Send an email to  This email address is being protected from spambots. You need JavaScript enabled to view it.

  • 1

For General Queries and Questions

Contact This email address is being protected from spambots. You need JavaScript enabled to view it.