• About
  • Subscribe
  • Contact
Friday, August 1, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Process Compliance and Governance

PodChats for FutureCISO: Developing a resilient cybersecurity roadmap

Allan Tan by Allan Tan
July 31, 2025
PodChats for FutureCISO: Developing a resilient cybersecurity roadmap

PodChats for FutureCISO: Developing a resilient cybersecurity roadmap

Share on FacebookShare on Twitter

In 2025, the cybersecurity landscape across Southeast Asia and Hong Kong is being reshaped by rapid digitalisation, the explosive adoption of artificial intelligence (AI), and an increasingly complex web of regulatory demands.

Authorities such as Singapore’s Monetary Authority (MAS) and South Korea’s National AI Committee are tightening enforcement, introducing robust frameworks for data privacy, AI governance, and cyber risk oversight.

Organisations now operate in a high-stakes environment where compliance is not optional — it’s existential.

Businesses face relentless threats: ransomware attacks are more disruptive than ever, advanced persistent threats (APTs) are leveraging AI to evade detection, and supply chain vulnerabilities have become prime attack vectors.

Industry reports warn of a widening cyber resilience gap, with smaller enterprises especially vulnerable. This growing “cyber inequity” underscores the urgent need for stronger recovery capabilities and accessible security solutions — driving demand for Cybersecurity-as-a-Service (CaaS) and managed Security Operations Centres (SOCs).

Regulation: Patchwork, not uniform

The regulatory terrain across Asia-Pacific is increasingly fragmented, posing a major challenge for multinational organisations. As Sean Duca, CTO for customer experience at Cisco for Asia-Pacific and Japan, observes: “When I look at Asia-Pacific as a whole, the regulatory environment is really becoming increasingly fragmented.”

From Singapore’s PDPA to India’s DPDP Act, organisations must navigate divergent data protection laws, cross-border data flow restrictions, and emerging AI model transparency requirements.

“We need to start thinking about how do we map these particular requirements to those other jurisdictional requirements that are actually out there,” stresses Duca.

Without a unified compliance strategy, businesses risk non-compliance, fines, and reputational damage.

Secure by design, always

To combat evolving threats, Duca advocates for a fundamental shift: security must be embedded from the outset. His three strategic pillars for resilience are clear — secure by design, unified threat correlation, and third-party visibility.

Secure by design means integrating security into the software development lifecycle, ensuring secure coding practices, and building systems capable of self-remediation.

“We need to think about how do we start to ingest telemetry from all signals… endpoints, cloud, DNS systems,” Duca explains.

But he cautions: “It’s not simply a case of let’s just consume everything for the sake of consuming it. It’s the right type of information that needs to be ingested.”

Related:  Indonesia's evolving security landscape in 2023

This focus on quality over quantity enables faster threat detection, root cause analysis, and predictive defence.

Zero Trust, full automation

In hybrid and multi-cloud environments — still dominant across the region — the perimeter is obsolete. “Identity is the new perimeter,” Duca asserts. Manual identity and access management (IAM) processes are too slow and error-prone for today’s scale and complexity.

Organisations must automate access controls, enforce least privilege, and dynamically respond to risk signals like anomalous logins or abnormal application usage.

“It’s when people start to implement zero trust and provide that least privilege access, that’s where they’re really getting ahead,” Duca says.

Automation reduces human error, accelerates user experience, and strengthens defences — especially as AI-driven enterprises scale.

Quantum risk, act now

While some dismiss quantum computing as a distant threat, Duca warns against complacency: “Quantum computing really threatens the long-term confidentiality of sensitive information.”

Legacy cryptographic algorithms could soon be broken, exposing years of stored data. “This is not one of those future projects,” he insists.

Organisations must conduct a cryptographic inventory, identify vulnerable algorithms, and begin transitioning to post-quantum cryptography (PQC).

“Five years ago, if I told people to get ahead of AI, some would have put it on the back burner,” Duca reflects. “I think quantum is that thing for me that an organisation has to be thinking about today.”

AI & Edge: New frontiers

AI-powered applications and edge computing are expanding the attack surface and creating data gravity challenges — especially under strict data sovereignty laws in countries like Australia (CPS 234) and India (DPDP).

Duca highlights the need for end-to-end observability and sovereign control: “Observability for me is probably the one area that every organisation needs to focus on.”

Without full visibility across on-prem, cloud, and edge environments, blind spots emerge — and breaches go undetected.

Cisco’s approach, he notes, is to build secure-by-design infrastructure that spans network, compute, storage, and security layers — ensuring protection wherever data resides.

CISO & CIO: Unite now

Sean Duca

Blame games after a breach are costly and avoidable. Duca calls for joint ownership between CISOs, CIOs, and compliance officers:

“The strategic value is really trying to ensure that we can improve the resilience of our own initiatives.” Sean Duca

Collaboration must be built on shared principles — zero trust, automation, platform-based security — to eliminate silos and ensure cohesive incident readiness.

Related:  Cisco AI Defense to address emerging security risks in AI applications

“We need to provide that assurance across the board around future-proofing our cybersecurity strategy,” he says.

Build resilience, not just defence

For Duca, resilience means more than protection — it’s about anticipating, withstanding, and recovering from threats without disrupting business operations.

His roadmap for CISOs and CIOs begins with a maturity assessment using frameworks like NIST, identifying gaps in people, processes, and technology. Then, establish guiding principles: reduce tool sprawl, prioritise automation, and extend protection beyond the data centre.

Finally, classify assets by business criticality, build threat models around crown jewels, and secure the entire data pipeline — especially in AI-driven environments. “Build, operate, recover with security always built in,” Duca concludes.

In 2025 and beyond, resilience isn’t a goal — it’s the foundation.

Click on the PodChats player to learn more from Duca on his take around developing a resilient cybersecurity roadmap.

  1. How will evolving AI, cloud security, and data privacy regulations across Asia-Pacific affect CISO’s multi-cloud governance and compliance frameworks?
  2. What strategies can CISOs/organisations adopt to defend against increasingly sophisticated ransomware, supply chain attacks, and network-based intrusions?
  3. How do CISOs/CIOs secure hybrid and multi-cloud environments effectively, leveraging generative AI tools to automate identity and access management while reducing manual overhead?
  4. Some say quantum computing is still years away. That said, people are talking about post-quantum cryptography today. Can you share any best practice for implementing quantum-resistant encryption and network security protocols to mitigate emerging quantum computing threats?
  5. How can CISOs ensure robust security and compliance for AI-powered cloud applications and edge computing infrastructure under diverse data sovereignty laws? How should the CISO work with the CIO and the risk/compliance officers of the organization?
  6. Recapping what we’ve covered so far: our topic is Developing a Resilient Cybersecurity Roadmap. Can you offer some recommendations for CISOs and CIOs in developing their resilient cybersecurity roadmap?

Tags: APTCiscocybersecurity roadmapPodchatssupply chain vulnerabilities
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • New AI integration strengthens SOC ops
  • PodChats for FutureCISO: Developing a resilient cybersecurity roadmap
  • APAC faces quadruple extortion in ransomware attacks
  • SASE as the new security standard against shadow AI
  • Unpatched vulnerabilities rank high in cybersecurity risks

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl