Before the Event's launch !










Welcome to FICCA2022

Julien Provenzano


FICCA, hosted by RALFKAIROS, is international cybersecurity conference in Asia

We address the fact that in today’s world, the most devastating cyber-attacks are identity theft, third-party service provider compromises, and interwoven failures among financial entities.

FICCA 2022 brings together international decision-makers and professionals in the financial sector, IT experts, CIOs, CISOs and security managers from public institutions for the shared theme of cybersecurity.

For professionals who work in the financial or security sector, FICCA will help you better protect and defend your financial organizations against cyber-attacks and threats.


Free Registration

Nov. 29, 2022

9:30 AM – 5:30 PM KST

Online Event


Interpretation of Korean & English

For queries, contact:
email at [email protected] 

Topics for 2022


After the great success of FICCA 2021 which gathered about 300 cybersecurity professionals with a strong team of renowned speakers, RALFKAIROS is excited to welcome you to the second edition of FICCA this year. You can refer to the first edition here:


The pandemic has accelerated existing trends in remote work, e-commerce, and automation. With the flourishing trend of remote-working, security vulnerability is also increasing. This is the most obvious in banks and crypto exchanges due to the acceleration towards “cashless societies.”


The financial sector should take measures to treat the issue as a purely technological one. Particularly, an executive-led culture that trickles through an organization until it reaches the end-user is fundamental.


Check out FICCA2022





Sung Koo RYEO


Steven Sim

President at ISACA Singapore Chapter

Muhammad AHMAD

Head Information Security | CISO–SVP

at FINCA Microfinance Bank Limited

Pons Mudivai Arun

Head of Security Product Line at NetScaler


CEO at Data Security Council of India

Jongho Lee

Security Tech Team Leader at Toss

Dennis Lam

VP, Head of Cybersecurity, APAC at MUFG Securities Asia Limited

Julien Provenzano


Elavarasu A K

Senior Vice President & CISO at Mphasis

Smitha Sriharsha

Product Security and Governance Leader, Dell

Nilesh Dhande

CEO & Co-Founder at Fortytwo Labs


Online Program

A total of 11 multinational speakers will be giving lectures. A live Q&A session with each speaker will take place for every lecture!

9:30~9:35 (5min) Introduction

9:35~10:15 (40min) Lecture 1 / Q&A

Motivating cybersecurity team for continuous learning

Today, more and more companies are collecting data for digital payments, phone numbers, Personal Identifying Information, remote work login and passwords… leaving this data vulnerable to threats from cybercriminals.

With the frequency and diversity of attacks at record highs, the potential for significant impact is a massive concern for many organizations that don’t know how to support their cyber team to maintain their skills up to date.

Is it possible to stay on top of the game in this ever-changing technology domain? Are certifications and training platforms enough to validate knowledge and skills for professionals? How to create and assess a continuous learning routine among the security teams? 

There is an urgent need, now more than ever, for companies to ensure their cybersecurity experts have the right skills and qualifications, to help protect their systems against the deadliest of cyber raids.




Cybersecurity certified professional for 17 years, Julien has experience as a system administrator, a Microsoft Certified Trainer, an IT architect, and a security manager for different companies including AIRBUS for 8 years.

He is the founder of FICCA, Finance & Industry Cybersecurity Congress Asia, a yearly 1-day online security event, to share the best security strategies with professionals in Asia.

Mentor at BoB Korea Information Technology Research Institute, he is providing lectures to Korean students in Information Security.

He also serves as a Reserve (c) Commander for the French embassy in Korea.

10:15~11:05 (50min) Lecture 2 / Q&A

5 Non-technical Topics for Security Managers

Is there anything we have neglected, due to pressure from security vulnerabilities reported day after day, the latest security technologies, and ever-increasing security regulations? Five topics not to be missed about security that you have experienced and agonized while developing security consulting, IT operations, and service security systems, will be shared.


Topics that security administrators and security organizations might easily miss will be highlighted and approaches for improvement will be suggested. It will be an accessible lecture dealing with the future direction of security as well as how to approach these issues.

Sung Koo RYEO



Sung Koo RYEO has worked for about 20 years in security and IT. He holds a Master’s degree in Forensics Major from Korea University’s School of Cybersecurity (“SCS”), and has a CISA license. He is currently a Ph.D candidate at SCS at the moment.


He was in charge of technical security consulting including mock hacking at AhnLab Inc and others for 9 years. He also managed security and IT organization at Nexon Korea as a CERT team leader, IS auditor, infrastructure and intranet operations director, and platform security director for about 10 years. And now, he directs information security and personal information protection as the CISO and CPO of HYBE Corporation, including Hybe and WEVERSE COMPANY.

11:05~12:05 (60min) Lecture 3 / Q&A

Optimising Cyber Risk in the Era of Finance 4.0

As a Finance professional, do you have the knowledge to analyse and mitigate cyber risk for your or your clients’ organisation? Hear from Steven Sim, President of ISACA Singapore Chapter, as he talks about the cyber risks that arise in our increasingly connected and digital world, and the measures Finance professionals can take to stay ahead of such threats.

Steven Sim


ISACA Singapore Chapter

Steven Sim has worked more than 25 years in cybersecurity. He volunteers at ISACA Singapore Chapter as President, chairs OT-ISAC Executive Committee and holds Masters in Computing (NUS), HBS Credential of Readiness, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP, and technical certifications.

He is an APMG-accredited trainer for ISACA’s core certifications, member of ISACA’s Asia Strategic Advisory Council, Emerging Trends and Chapter Leader Training, and Singapore Standards working groups. He is also ISACA mentor, CRISC and CGEIT Review Manuals reviewer, Engage Topic Leader and a member of multiple cybersecurity councils.

He adjunct lectures at Universities and IHLs, speaks and panels at international conferences, published articles, undertaken industry advisory roles and provided vCISO mentorship to start-ups. He topped IDG’s CSO30 ASEAN Awards 2021, received ISACA Outstanding Chapter Leader Achievement Award 2022, CXOTV Global Cybersecurity Leadership Award Winner 2022, is listed in Peerlyst 29 Highly Influential CISOs and a Singapore SkillsFuture Fellow.

12:05~12:15 (10min) Breaktime

12:15~12:45 (30min) Lecture 4 / Q&A

How to mature your cybersecurity program 

Where does your security strategy stand? What are your biggest risks? Where should you focus your efforts? The Cyber Security Maturity Assessment (CSMA) is a gap analysis and risk assessment that utilizes cybersecurity best practices and recognized cyber frameworks to answer these questions surrounding your existing security program. While the CSMA is particularly valuable to medium and large banking and financial institutions, the assessment can benefit organizations of any size. The goal of the CSMA is to provide a view of your current security posture, an objective review of existing plans, and a guide to strategic planning. The CSMA will also help your organization develop tactical and strategic directions to further mature and strengthen your security program efforts. Not to be forgotten, aligning your security program with the best practices outlined in the assessment better positions your program to meet (and exceed) industry compliance standards. In this session, we will share with you how to mature your cybersecurity program with the CSMA to maximize the ROI. 

Dennis Lam

VP, Head of Cybersecurity, APAC

MUFG Securities Asia Limited

Dennis is the VP, Head of Cybersecurity, APAC, in MUFG Securities Asia Limited. Dennis has been with Cybersecurity for 20 years with experiences gaining in enterprises and consulting firms. Dennis specializes in cybersecurity transformation and cyber risk management. And his key focus areas include Security Governance and Architecture, Security Operation Center, Threat Intelligence, Incident Response (IR), Maturity Assessment, Offensive & Defensive Security, and DevSecOps. He is also certified in Google Security Engineer, AWS-Security Speciality, AWS-Solution Architect, AWS DevOps Engineer, PSM, CISM, CISA, CISSP, PMP, ITIL, CCNA, CCDA, and MCSE.

12:45~13:15 (30min) Lecture 5 / Q&A

Quantum Computing Threats : Reality Check

Famous quote by Richard Feynman (Nobel Price winner in quantum electrodynamics)
“If you think you understand quantum mechanics, you don’t understand qauntum mechanics.”

For most of the world the quote is apt. Through this session we will try and unravel the mysterious quantum computing. Not the how part of it but the what and why part of it. In this session we will explore together
– The what
– The power
– Latest developments
– what it can do (the bane and boon)
– and finally lets answer the question together, Do we really have to bother “NOW”?
– and if we do then what.

Nilesh Dhande

CEO & Co-Founder

Fortytwo Labs

Nilesh Dhande, CEO & CoFounder of Fortytwo Labs is a seasoned entrepreneur with over 22+ years of experience in cybersecurity & cryptography. He has a proven track record of building and scaling deep tech companies.


He believes that digital identity is at the epicenter of cybersecurity and with the right model can solve the biggest challenge of bringing trust to every digital operation. He and his team are currently working on building a cryptographic identity-based quantum-safe digital trust platform.


Before Fortytwo labs, he helped several fortune 500 companies and banks in strengthening their cybersecurity postures and expediting digital transformation journeys. Nilesh was COO & co-founder of Uniken Inc, Managing Director of Deeksha Systems Pvt Ltd & Sr. Systems Analyst at Infosys Ltd. He is a postgraduate in information systems, Bachelor of engineering & economics.

13:15~13:45 (30min) Lecture 6 / Q&A

Security and the Metaverse

Metaverse, a term with no set definition at the moment, can generally be considered another mode of communication over the Internet. The Metaverse builds on the Internet and simulates the physical world. For an immersive and interactive experience in the virtual world, companies make use of new-age technologies like Augmented Reality and Virtual Reality. To achieve the ideal Metaverse, a few key characteristics that must be realized are decentralization, boundlessness, interoperability, immersive and social experiences, persistency, and security. Not adhering to any of these is equivalent to building a non-compliant metaverse. 

The Metaverse opens doors for its users to have a virtual identity. This virtual identity can be an embodiment of their real self or something that influences them. Ultimately, it allows illintenders to procure a person’s private information and analyse their preferences and thought processes. As the Metaverse is still nascent, it is highly unregulated. This is alarming as bad actors resort to crimes like phishing, stalking, child and sexual abuse, molestation, exploitation of human rights, trespassing, obscenity, and much more. In addition, Metaverse requires hardware like haptics, wearables, image and motion sensors, VR headsets, etc., that collect large amounts of sensitive data and are susceptible & easily prone to attacks.

Metaverse makes it easier for hackers to track biometrics, user behaviour & physiological responses, which can be used for malicious purposes like vote rigging & targeted advertising campaigns. Tracing the attacker’s identity is also challenging because the attacker’s tracked public address does not reveal their real-life identity. It is essential to educate the users about basic cybercrimes and general precautions. Governments should recognize new technologies as early as possible & form committees to draft data regulatory policies and laws. 

To lessen the challenges in privacy due to universal interoperability, experts suggest that technology companies agree to specific standards for a connected Metaverse to expel the need for a company to license the right to use another company’s underlying technology to build their own Metaverse. Companies should form their privacy policy, data retention policy, licensing agreements & other legal policies, and documents with guidance from specialized law firms and gain an understanding of the regulatory challenges posed by Metaverse. Since cryptocurrency and tokens are the primary media of exchange in the Metaverse, crypto organizations must seek to make developments with all the security measures and regulations in place. Establishing robust security measures in and around the Metaverse is also recommended to protect its integrity. 

Sriram Birudavolu


Data Security Council of India

Dr. Sriram is a Senior Management Executive with nearly three decades of global experience in the IT/ICT/Telecom industry with an excellent track record of progressive achievements. 

He holds a Ph.D. in Open Innovation in ICT (Information and Communication Technology) conferred by the Indian Institute of Foreign Trade in 2016.

Currently, he is the CEO of DSCI’s Cybersecurity Centre of Excellence, incubating Startups in Cybersecurity & Privacy and running Research, Innovation, International and Domestic Collaborations, and Capability Building Programs for Corporates, Governments, Academia, and the Industry ecosystem. 

Previously, he headed Information Sciences at T-Hub, India’s Largest and Fastest Growing Ecosystem for Technology Startups, incubating and accelerating about 160 Technology startups in 7 verticals.

13:45~13:50 (5min) Breaktime

13:50~14:50 (60min) Lecture 7 / Q&A

Cloud Security Journey for Banks/FI

Financial Institutions/Banks are adopting cloud services and this is becoming the first choice due to its scalability, elasticity, cost-saving, reduced overhead, and Pay as you go model. But financial institutes/Banks have more focus on privacy, security, confidentiality, and integrity of customers & financial data.


Join this session as we discuss:

  • Different aspects of Cloud migration throughout its journey while keeping our risk appetite within limits.
  • Common threats including data breaches, data loss, DDOS, insider threats, shared responsibility, and risk of insufficient due diligence/care throughout the cloud journey.
  • Continuous risk management strategy for the cloud.
  • Why financial institutes/banks are slow/reluctant in moving their customer/core data to the cloud.
  • Legal & Regulatory aspects while dealing with the cloud and mitigating the associated risks.


Muhammad AHMAD

Head Information Security | CISO – SVP

FINCA Microfinance Bank Limited

Muhammad Ahmad is an Information/Cyber Security Expert, Speaker, and Trainer with 16+ years of experience in IS/IT field. He is among a few Pakistanis holding CISSP & CCSP from (ISC)2, USA, and four (4) ISACA, USA professional Certifications (CRISC, CISM, CGEIT, CISA).

He has served Telco, FMCG, and Financial/Banking sectors. He is currently serving as Head of Information Security in a leading Multinational Bank.

He is also a regular speaker at national/international conferences/seminars/webinars etc.

14:50~15:20 (30min) Lecture 8 / Q&A

Why AI-Based cyber defense systems require a shield

Artificial intelligence (AI) is quickly becoming critical in defending our digital assets against sophisticated cyber attacks. During this security transformation, we paid much attention to how these capabilities help build a defense posture. But we often overlook how hackers might harness AI to evade detection.  


This session is about how adversarial AI works and what it takes to eliminate or reduce the risks.

Pons Mudivai Arun

Head of Security Product Line


Pons Mudivai Arun specializes in building behavioral-based cyber defense solutions by embracing the power of Artificial Intelligence and Machine Learning. A security evangelist with over twenty-five years of experience in cybersecurity and a speaker in various security forums. Currently, he leads the behavioral-based cyber defense product line for NetScaler. 


Before NetScaler, Pons held global product leadership positions at Cisco and Oracle. Pons’ twitter handle is @mudivaipons.

15:20~16:00 (40min) Lecture 9 / Q&A

Red Herrings on the Zero Trust Journey

Today, Zero Trust is a key priority item in everyone’s Cyber Security agenda. It’s success and effectiveness depend on how it is perceived and put into practice. The route to Zero Trust is riddled with false leads and missing elements. This session gives some practitioner perspectives that can be useful in Zero Trust implementation.

Elavarasu AK

Senior Vice President & CISO


Elavarasu is the global CISO for an IT service company with more than 22 years’ experience in Cyber/Information Security. This includes a mix of internal and consulting experience across various domains of Cyber Security. In his current role as CISO, he is responsible for Cyber security leadership, strategy, and the Cyber security Program.  He has previously worked with Standard Chartered Bank, Microsoft, Nokia, IBM and Tech Mahindra.  During his previous tenure, his various roles include Security Governance, Cyber Security management for factories worldwide, Third party/Vendor security management, Cyber Threat and Vulnerability Management, Application Security management, Infrastructure Security management, Security Audits and Business Continuity Management. He has played a vital role in establishing a consulting practice and has advised many companies in US, Europe and APAC.

Ela holds an M.B.A from Anna University and B.E from Vellore Institute of Technology (VIT). He is also certified as CISA, CISSP, CISM, and CBCP.

16:00~17:00 (60min) Lecture 10 / Q&A

Evolution of Attacks Against Services and Countermeasures

Today’s IT industry is changing very quickly. As a white hacker leader of a fintech company, which, unlike traditional financial institutions, moves quickly and delivers innovative services everyday in a race against the clock, I will share the perspective on the latest IT trends in view of security. Essentially, I would like to explain the issues that arise from the increase in the use of open sources and frameworks on a case-by-case basis and suggest countermeasures to be taken by companies from both engineering and managing perspective, and also emphasize the importance of such countermeasures.  

Jongho Lee

Security Tech Team Leader


As the Security Tech Team Leader at Viva Republica, which operates Korea’s largest mobile financial service “Toss,” Jongho Lee oversees information security. 

He is a world-class white hacker who participated in the most renowned global hacking conferences – DEFCON (U.S.), SECCON (Japan), and HITCON (Taiwan) – at each of which he led a team of four hackers and won the first place every time. Among them, at the most prestigious conference DEFCON (U.S.), his team became the first Korean team to win the title. 

He also served as a Cyber Guardian at the Korea Internet & Security Agency (KISA), an expert engineering executive at PyeongChang 2018 Olympic Winter Games, and a cyber technology advisor at the South Korean army headquarters’ Chiefs of Staff of Informatization project.

Jongho Lee has a master’s degree from Korea University School of Cybersecurity. He is currently serving as a responsible mentor for the Next-Generation Security Leader Training program (KITRI BOB) organized by The Ministry of Science and ICT (MSIT) and Korea Information Technology Research Institute (KITRI), to train security personnel

17:00~17:25 (25min) Lecture 11 / Q&A

An Engineering Approach to Data Privacy and Protection

The ever-changing paradigm of data generation, storage, and consumption has led to the exponential growth in data incidents. Year 2021 has been the year of highest data breaches exposing Personal information of millions of users. The root cause for these data breaches ranges from vulnerabilities in unprotected databases, misconfigurations in cloud systems, Ransomware, malware or slip from marketing service providers. Most organizations have strong Privacy Organizational functions that are compliance focused however, they lack Privacy Engineering functions focused on embedding privacy into the engineering practices. This lecture makes recommendations about Privacy Engineering best practices that can help prevent, detect, and mitigate Privacy Threats and Vulnerabilities and provides information about appropriate Privacy and Security controls to mitigate the Privacy Risks.


Smitha Sriharsha

Product Security and Governance Leader


Smitha Sriharsha is Product Security Governance Leader at DELL. She is a 16+ year practitioner of product security, cloud, and privacy engineering. She has a unique mix of development, product & application security, and compliance expertise, including establishing security standards, partnering to build foundational security capabilities, delivering consumable security stacks in strategic environments in a DevSecOps model, and driving adoption. She is a blogger and speaker who has designed and contributed to security education programs, bootcamps, talks and presentations at RSAC, Cisco: Security Space Center, Seccon2019,2020,2021 Develop@cisco 2020, CloudSummit2020, and Offensive Summit2021. She has received numerous awards and recognition during her time with Cisco, Ness and Sonicwall.

17:25~17:30 (5min) Closing by MC

Offline Program



Pitch contest for the Most Promising Cyberstartup in Asia

Pitch contest for the most promising cyberstartup in Asia

Nov. 29, 2022 05:30 PM~ 07:00 PM



  • Would you like to participate as a startup candidate? Contact [email protected] for more information!
  • Are you a cybersecurity fan who wants to see the pitch contest in person? Contact [email protected] for more information!

JUDGES for the Pitch Contest

Julien Provenzano



Cybersecurity certified professional for 17 years, Julien has experience as a system administrator, a Microsoft Certified Trainer, an IT architect, and a security manager for different companies including AIRBUS for 8 years.

He is the founder of FICCA, Finance & Industry Cybersecurity Congress Asia, a yearly 1-day online security event, to share the best security strategies with professionals in Asia.

Mentor at BoB Korea Information Technology Research Institute, he is providing lectures to Korean students in Information Security.

He also serves as a Reserve (c) Commander for the French embassy in Korea.

SeungGi Jeong

CEO at SortieLab
SeungGi Jeong is the Co-Founder at Tatum security and CEO of SortieLab.He got his first career in Singapore with Horangi PTE. LTD. founder.Horangi is one of the best-raising cyber security startups in Singapore.With Horangi’s founder, he discovered the cloud cyber security markets and develops the software with the cyber security development team.Using oversea experience, he founded Tatum security with the KITRI BoB program.Tatum security is the most famous cloud security company in South Korea.All the Co-Founder groups were organized with BoB 8th students.KITRI BoB nominates him as a lead mentor from BoB 10th base on his efforts.Now, he newly found his own company as SortieLab. SortieLab is a software company but he will still focus on the security market using the DATA keywords.

Jongho Lee

Security Tech Team Leader at Toss


As the Security Tech Team Leader at Viva Republica, which operates Korea’s largest mobile financial service “Toss,” Jongho Lee oversees information security. 

He is a world-class white hacker who participated in the most renowned global hacking conferences – DEFCON (U.S.), SECCON (Japan), and HITCON (Taiwan) – at each of which he led a team of four hackers and won the first place every time. Among them, at the most prestigious conference DEFCON (U.S.), his team became the first Korean team to win the title. 

He also served as a Cyber Guardian at the Korea Internet & Security Agency (KISA), an expert engineering executive at PyeongChang 2018 Olympic Winter Games, and a cyber technology advisor at the South Korean army headquarters’ Chiefs of Staff of Informatization project.

Jongho Lee has a master’s degree from Korea University School of Cybersecurity. He is currently serving as a responsible mentor for the Next-Generation Security Leader Training program (KITRI BOB) organized by The Ministry of Science and ICT (MSIT) and Korea Information Technology Research Institute (KITRI), to train security personnel

Justin (Yuseok) Hong

CISO at Banksalad


Justin (Yuseok) is the CISO and DevSecOps engineer at BankSaladin Korea. He has been working as a cybersecurity expert specializing in the finance and fintech sector for more than 13 years.

He joined as an early member of Kakao Bank, the No. 1 Internet bank in Korea, and established security infrastructures as well as security governance. In addition, as the leader of the security part of the Cloud Team, he worked on building cloud native security and DevSecOps, as well as developing security platforms.

As the leader of the Blockchain Security Team at a blockchain gaming platform called Wemix, he developed an automated vulnerability scanning system of EVMbased smart contracts.

He is currently focusing on enabling “Usable security” to make fintech service safer and even more usable. He also serves as a member of thecybersecurity professional team for Korea Internet & Security Agency (KISA).

Nicolas Mercier

Board Member at Niio Art


Nicolas is a senior executive with over 25 years of experiences in Travel, Hospitality, Digital and Consumer Electronics. He held executive roles in Fortune 20 companies (NTT Docomo, Samsung Electronics) ranging from Operations, Strategy and overall business management.

He is now involved as a private investor, board member and mentor in a number of start-up / ramp-up companies in Cyber-Security, Health tech IOT, Digital Art and online Travel.




To hear from industry influencers, join RALFKAIROS’s global community and meet with leaders of technology register today.
Registering For a Group?
Email to [email protected]