As Editorial Director of CSO ASEAN, I had the pleasure of interviewing Andrew Bennett, Regional CTO of BT International, whose vast experience offers timely and pragmatic insights for our audience across Southeast Asia’s cybersecurity community. Andrew shared with me the lessons learned from his career journey, highlighting the importance of self-leadership, adaptability, and looking beyond one’s comfort zone to create business impact in digital environments. His perspective underscores the need to embed cybersecurity at the heart of transformation, ensuring that security is not simply layered on, but integrated from the outset to enable business agility and resilience. In our conversation, Andrew shared about the evolving complexity of threats, from ransomware to the next wave of AI-driven attacks and offered actionable guidance on moving away from fragmented, compliance-driven practices towards holistic risk management. He advocated for industry collaboration, talent cultivation, and robust enterprise architecture as foundational to securing distributed, hybrid, and cloud-enabled operations. As we concluded, Andrew urged CSOs to measure cyber investments by business value, champion a culture of continuous improvement, and embrace collective intelligence to anticipate the unknown to thrive in Southeast Asia’s dynamic and digital future.

In this CSO ASEAN Executive Session, Editorial Director Estelle Quek speaks with Michael Montoya, Chief Operating Officer at BlueVoyant, to unpack the evolving cybersecurity landscape in Southeast Asia. With over 25 years of experience in cybersecurity leadership. Montoya offers a grounded perspective on how organizations in the region can build resilience amid rising threat sophistication, regulatory fragmentation, and persistent talent shortages. 

Montoya highlights the growing impact of ransomware, state-sponsored attacks, and third-party breaches, noting that 81% of organizations surveyed experienced vendor-related incidents in the past year. He emphasizes the importance of adopting a Zero Trust architecture, continuous third-party risk monitoring, and aligning cybersecurity strategies with global standards such as NIST and ISO 27001 to navigate ASEAN’s diverse regulatory environment. 

The conversation also explores how AI and machine learning are reshaping both offensive and defensive cyber capabilities. Montoya underscores the need for organizations to combine AI-driven threat detection with human expertise to stay ahead of adversaries leveraging generative AI for phishing, impersonation, and deepfake attacks. 

For organizations operating under budget constraints, Montoya recommends framing cybersecurity investments in terms of cost avoidance, regulatory compliance, and operational continuity. He also calls for stronger public-private collaboration, ongoing cyber education, and scalable partnerships to address the region’s cybersecurity talent gap. This dialogue offers CISOs and technology leaders in Southeast Asia a pragmatic roadmap for enhancing digital resilience in a high-growth, high-risk environment.

In an era where cyber threats are evolving faster than ever, resilience is no longer a technical aspiration, it’s a strategic imperative. Today, CSO ASEAN is joined by Kavitha Mariappan, Chief Transformation Officer at Rubrik, who brings a unique lens to cybersecurity, one that fuses business strategy, customer impact, and cross-functional transformation.

In this conversation, we explored how Southeast Asian organizations can navigate the rising tide of ransomware, AI-driven threats, and regulatory complexity. Kavitha shared insights on elevating cyber resilience to the boardroom, building collaborative ecosystems, and why thinking like an attacker might be the key to staying ahead.

Jason Merrick, Senior Vice President of Product at Tenable joins CSO ASEAN's new Editorial Director, Estelle Quek to discuss how organizations can better navigate ransomware attacks which employs sophisticated extortion tactics, secure today's hyper-interconnected, API-rich, OT- IT, multipartite fragmented environments and critical infrastructure, while proactively managing cyber risks and suppliers' accountability by leveraging Monetary Authority of Singapore and Cyber Security Agency of Singapore's recent proposed rules.

Mandy Andress - CISO at Elastic - joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about how large language models are offering a countermeasure against AI risks, how banks can integrate them with existing SIEM systems, and more.

Martin Whitworth - Lead Cyber Risk Expert at S&P Global Ratings - joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about why the world's largest credit rating firm is now factoring in cyber preparedness when assessing companies, how cyber risk affects a company's financial health, and the role CISOs play in it.

Bryan Woodworth – Director of Solution Strategy at Aviatrix – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about safeguarding the Olympics from cyber threats, operational technology and IoT considerations for critical infrastructure, and more.

Toh Shang Yee – Head of Information Security at MCIS Life – joins Xiou Ann Lim for this CSO Executive Sessions interview. They talk about data governance and regulations in Malaysia, strategies to ensure resilience, and more.