1: 40 PM - 2: 40 PM Parallel Round Table Discussion (Choose One)

Track A: Beyond Compliance: Building a Human-Centric GRC Culture

Ernesto Rufino Jr. MBA, VP Information Technology, Royal Cargo Inc.

How can we design GRC processes that employees actively want to follow because they see clear value, not just fear penalties?

Track B: Securing the AI Development Lifecycle (MLOps Security)

What are the minimum viable security controls we must implement at each stage of the MLOps pipeline to confidently deploy AI in production?

Track C: Zero-Trust in a Hybrid World

Jon David Frilles, Regional IT and Infrastructure Security Leader - APAC,Kenvue (Johnson & Johnson Consumer Health)

For an organization with significant legacy infrastructure, what is the most effective "landing zone" or first project to launch a Zero Trust initiative that delivers quick, visible value?

Track D: Cyber Insurance in 2026: Decoding the Fine Print & Maximizing ROI

Carlos "Titus" C. Manuel, President of Philippine Computer Society (PCS)

Beyond getting a policy, how can we use the insurance renewal process as a strategic tool to justify security investments and validate our resilience program to the board?

Track E: Building the Business Case for Resilience

Jef Lacson, CFO, UnionDigital Bank

What single financial model or business impact scenario is most effective for convincing a skeptical CFO to invest in a proactive resilience program over a reactive insurance payout?

Track F: Third-Party Risk Management: Beyond the Questionnaire

Bram Ketting, Vice President of Business & Product Strategy, 3rdRisk

How can we efficiently transition from an annual questionnaire burden to a continuous monitoring program that focuses only on our most critical vendors?

Track G: The Future Ready SOC: Integrating AI, Automation, and Threat Intelligence

Randy Sac, IT Shared Services Head, Mount Grace Hospitals, Inc.

What is the optimal division of labor between human analysts and AI/automation in the 2025 SOC to maximize both efficiency and advanced threat detection?

Track H: Privacy Engineering: Baking Data Protection into Your Tech Stack

Magie Antonio, Country Head, Asia Pacific Data Privacy Organization

What are the most effective privacy-enhancing technologies (PETs) or architectural patterns developers can adopt now to simplify compliance with future data privacy regulations?

2:40 PM The Breach Briefing: A Live Ransomware Simulation

Steffen Minkmar, Deputy CISO, ADB

In this immersive, real-world simulation, participants navigate a live ransomware attack as injects are introduced to mimic the chaos of an actual incident. The goal is to treat the scenario as real, focus on collaborative learning, and avoid debating plausibility to strengthen crisis response muscle memory.

* The exercise simulates a real-world cyber incident scenario involving ransomware.

* Participants are encouraged to treat the scenario as real, focus on learning, and avoid debating plausibility.

* Facilitators introduce injects (simulated events) throughout the exercise to mimic a live incident response.