Concorde Hotel Singapore
April 24, 2025
8:30am - 3:00pm

Singapore AppSec & DevSecOps Summit 2025

Join us in April to strengthen your development process with cutting-edge security practices. Connect with experts, explore automation, secure containers, and gain practical insights through interactive sessions and real-world case studies.

Singapore AppSec & DevSecOps Summit 2025
Singapore AppSec & DevSecOps Summit 2025

Join us at the AppSec and DevSecOps Summit to fortify your software development lifecycle.

We're bringing together developers, security experts, and industry leaders to seamlessly integrate security into every step of your development process.

Discover best practices for shifting left, automating security, and managing open-source risks. Explore how to improve DevSecOps adoption, secure containers and microservices, and weigh in on the debate: automation vs. manual testing. Engage in interactive sessions, real-world case studies, panel discussions, and debates to stay ahead of the latest trends in application security.

Key Themes:

  • Integrating Security into the Software Development Lifecycle
  • Shift Left Strategies
  • Application Breach Response
  • Automating Security Processes
  • Managing Open Source Risks
  • Improving DevSecOps Adoption
  • Container and Microservices Security
  • Automation vs. Manual Testing: What Works Best


Who Should Attend?


Developers, DevOps engineers, security professionals, IT leaders, and anyone eager to enhance their understanding of application security and DevSecOps practices.

Don't miss this chance for a day of learning, innovation, and collaboration at the AppSec and DevSecOps Summit.

Program Highlights

12+

Speakers

10+

Sessions

150+

AppSec & DevSecOps Leaders

1

Track

Our Speakers

Linda Chang

Linda Chang

Assistant Director, DevSecOps CTMO
Picklu Paul

Picklu Paul

Senior Engineering Lead, Cybersecurity
Sathiyaseelan Murugaiayh

Sathiyaseelan Murugaiayh

Head of DevOps/DevSecOps - SaaS
Michael Huang

Michael Huang

Head of Product Security
Ashu Bhatia

Ashu Bhatia

Global Head - Digital Practices
Bobby Lin

Bobby Lin

Application Security and DevSecOps Manager
Indrajeet Bhuyan

Indrajeet Bhuyan

Application Security Lead - Consumer & Business
Rifaj Aboobacker

Rifaj Aboobacker

Enterprise Architect
Sunny Jaisinghani

Sunny Jaisinghani

Senior Manager - Product Security Architecture
Roger Lau

Roger Lau

Lead Solutions Architect APJ
Ankit Talwar

Ankit Talwar

Senior Manager, Enterprise Architect
Jason Lee

Jason Lee

Lead Technical Advisor, APJ
Prashanth Krishnappa

Prashanth Krishnappa

Senior Technology Resourcing Manager, Asia Pacific
Gowtham Sundar

Gowtham Sundar

Senior Lead Engineer - 3A Security
Yashaswi Mudumbai

Yashaswi Mudumbai

Senior Director - Solution Engineering

Agenda

8:30am
Registration, Breakfast Refreshments, Tea & Coffee

Arrive before 9:15am to enter the draw to win a $500 Travel Voucher!

No items found.
9:15AM
Chairpersons Opening Address
No items found.
9:20AM
Patching Dependency Management, Modernising the Approach to Securing External Libraries

External libraries and frameworks fuel modern application development. Equally, dependencies are a known source of security risk and often leave organisations vulnerable to breaches and compliance issues. Existing software composition analysis tools are stuck in the past. They overwhelm developers with false positives, interrupt their workflows, and otherwise make it difficult to keep up with the codeashians. In this talk, Cole Cornford will cover the latest innovations to reduce this toil and get you and your organisation up to date. Or at least to n-1. Key Takeaways include:

  • The existing state of SCA and why we need to change
  • How reachability and cross-correlation can reduce toil
  • Streamlining the patching process and escaping circular dependencies
  • Managing transitive risk with virtual patching
  • Risks with adopting innovative tech
Cole Cornford
Chief Executive Officer, Galah Cyber
9:50AM
Evolution of Enterprise AI: Navigating New Trends and Challenges

The risks in open-source AI models mirror those in traditional open-source libraries, including vulnerabilities, malicious code and licensing issues, while also introducing unique challenges when consuming the models. This talk will delve into the complexities of these risks, examining the challenges they pose and the importance of understanding them in today’s AI-driven landscape.

Roger Lau
Lead Solutions Architect APJ, Sonatype
10:10AM
Panel Discussion: Striking the Right Balance: Speed vs. Security

DevSecOps requires harmonising rapid development cycles with stringent security protocols. This panel brings together leaders to discuss best practices and hard lessons learned in achieving that equilibrium.

  • Aligning developer, security, and operations goals
  • Implementing guardrails without bottlenecks
  • Case studies of successful (and unsuccessful) integrations
  • Measuring the ROI of secure development

Linda Chang
Assistant Director, DevSecOps CTMO, GovTech Singapore
Sathiyaseelan Murugaiayh
Head of DevOps/DevSecOps - SaaS, Cirlces
Rifaj Aboobacker
Enterprise Architect, AIA
Sunny Jaisinghani
Senior Manager - Product Security Architecture, Sprinklr
Ankit Talwar
Senior Manager, Enterprise Architect, Sephora Asia
10:50AM
Morning Tea & Networking
No items found.
11:20AM
Audience Activity

In this innovative session, attendees will be faced with a series of scenarios that they may face in their roles. Attendees will discuss the possible courses of action with their peers to consider the ramifications of each option before logging their own course of action. 

Results will be tallied and analysed by our session facilitator and results will impact the way the group moves through the activity.

Will we collectively choose the right course of action?

No items found.
11:40AM
Lock It Down: Keeping Enterprise Source Code Safe and Mastering Secrets

We hear a lot about signing and attesting for open-source projects, but what if you’re an enterprise keeping your code under wraps? This session cuts through the hype and digs into practical strategies for securing proprietary source code—even if you’re hosting it in a cloud-based version control system. will walkthrough strategies to secure your source code and secrets used in CICD workflows

  • Rolling out code signing across your organisation to prevent leaks
  • Shielding valuable code assets in cloud-based VCS environments
  • Highlighting the reality check on current “granular” secrets management
  • Using serverless magic to plug holes and secure your tokens once and for all
Bobby Lin
Application Security and DevSecOps Manager
11:55AM
How to improve end to end DevSecOps through 360° testing

This demonstration will  highlight the primary areas for application security scanning and testing phases so as to achieve an end-to-end DevSecOps workflow with a 360° view over the entire SDLC.

  • Testing anywhere/everywhere using comprehensive testing technologies support
  • Deliver a better insight on application posture and risk management
  • Escalate the security testing across the organisation to make easier the time to market, and also enhance the security posture to comply with regulations and standards
Jason Lee
Lead Technical Advisor, APJ, HCLSoftware
12:10PM
Panel Discussion: Future Threats: Proactive Strategies for 2025

As threats evolve, so must our defenses—anticipating the next wave of attacks is key to staying secure. This panel looks ahead to emerging vulnerabilities and how the industry can prepare.

  • Shifting from reactive to predictive security models
  • AI-powered threats and defenses
  • The impact of quantum computing on encryption
  • Regulatory and compliance pressures shaping security policies
Picklu Paul
Senior Engineering Lead, Cybersecurity, Grab
Cole Cornford
Chief Executive Officer, Galah Cyber
Michael Huang
Head of Product Security, Univers
Yashaswi Mudumbai
Senior Director - Solution Engineering, JFrog
12:40PM
Roundtable Discussions

Choose 1 topic to join on the day!

1. Continuous Security Testing
2. Shifting Security Left
3. Starting and Growing Your AppSec Program
4. AI-Driven Threat Detection

No items found.
1:30PM
Lunch and Networking

Enter our quiz throughout the day to win a $500 Travel Voucher... winners will be drawn after lunch!

No items found.
2:20PM
Smarter. Safer. Faster: Secure Application Engineering with AI Bridging your DevSecOps

Generative AI, data analytics, and cloud-native technologies are revolutionizing secure application engineering. As enterprises modernise their software stacks and shift towards agile, cloud-first models, there's an urgent need to ‘embed security deeply and intelligently’ throughout the development lifecycle. This session demonstrates how AI can serve as a force multiplier in DevSecOps - reducing complexity, accelerating delivery, and enabling continuous compliance across evolving cloud architectures.

  • Leverage AI in DevSecOps: How AI and Analytics can proactively identify vulnerabilities, automate security testing, and enhance decision-making across the CI/CD pipeline
  • Evolve Engineering Practices: Approaches for designing modern, AI-augmented engineering workflows that support fast iterations while embedding security by design
  • Modernise Secure Architectures: Techniques for optimising cloud-native architectures to reduce cost and complexity—without sacrificing security or scalability
  • Shift to Product Thinking: Moving from project-based oversight to a product-centric model that drives continuous improvement and sustained security posture
  • Accelerate Cloud Transformation Securely: Best practices for aligning AI-enhanced DevSecOps with cloud migration strategies to ensure resilience, compliance, and agility
Ashu Bhatia
Global Head - Digital Practices, Dexian
2:45PM
Debate Session: The Realities of Building and Securing Software in Singapore

This session brings together perspectives from engineering, security leadership, and talent acquisition to debate some of the most pressing challenges in delivering AppSec and DevSecOps programs today. From talent pipelines to real-world implementation and risk management, our panel explores what it really takes to secure modern applications in the Singapore context.

  • Can Singapore’s security talent market meet the pace of demand—or do we need to rethink how we build and buy capability?
  • Is embedding security into development teams actually working—or do we need to recentralise to gain traction and maturity?
  • Are automation tools and platforms solving talent shortages—or just shifting the risk to configuration and oversight?
  • How do we balance innovation and experimentation with growing expectations around compliance and secure-by-design practices?
  • Is the future of AppSec about upskilling existing teams—or attracting a whole new breed of security professionals?
Indrajeet Bhuyan
Application Security Lead - Consumer & Business, Singtel
Prashanth Krishnappa
Senior Technology Resourcing Manager, Asia Pacific, Dexian
Gowtham Sundar
Senior Lead Engineer - 3A Security, SPH Media
Cecil Su
Head of Cybersecurity, BDO LLP

Who Attends?

Chief Technology Officer

Chief Information Security Officer

Head of Application Security

Head of DevSecOps

Head of Cybersecurity

VP Engineering

Product Security Director

DevOps Director

Developer Experience Manager

Release and Environment Manager

Platform Engineering Director

Software Engineering Manager

Cybersecurity Engineering Director

API Security Manager

Testing Manager

Benefits For Attendees

4.7 / 5

average overall rating from attendees at our events.

94%

of attendees rate our content as “Extremely Relevant”.

100%

of attendees would recommend attending a Clutch Event to a colleague.

Our event sponsors
For sponsorship opportunities, please get in touch with Danny Perry, danny@weareclutch.com.au

Event Location

Concorde Hotel Singapore

100 Orchard Rd, Singapore 238840
Singapore AppSec & DevSecOps Summit 2025

FAQs

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

No items found.

Get In Touch

Contact our event team for any enquiry

Danny Perry

Director of Sales
For sponsorship opportunities.
danny@clutchgroup.co

Lili Munar

Director of Client Relations
For guest and attendee enquiries.
lilibeth@clutchgroup.co

Ben Turner

Director of Conference Production
For speaking opportunities & content enquiries.
ben@clutchevents.co

Taylor Stanyon

Director of Operations
For event-related enquiries.
taylor@clutchgroup.co