Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Government Technology Agency of Singapore (GovTech Singapore)
Tech Events

Forging defence, futureproofing security: How AI is redefining the cybersecurity landscape

20 March 2026

How is AI changing cybersecurity? Experts from GovTech, Google Cloud, and Wiz share practical insights on staying ahead of threats and building stronger, more resilient digital systems.

Image of STACKx Cybersecurity 2026 key visual

AI is transforming the cybersecurity landscape in unprecedented ways. Threat actors are automating attacks, scaling operations, and exploiting vulnerabilities faster than ever before. For defenders, keeping pace requires more than new tools. It demands a fundamental shift in how organisations design, operate, and secure digital systems.

This is the conversation at the heart of this year’s STACKx Cybersecurity conference hosted by GovTech Singapore. Themed “Creating a trusted digital future together,” the conference convenes cybersecurity leaders, practitioners, and innovators across Government and industry to explore how organisations can futureproof digital systems and strengthen cyber resilience in an AI-driven threat landscape. 

To unpack these current cyber challenges, we spoke with three keynote speakers who bring distinct but complementary perspectives on cybersecurity:

  1. Ong Hong Joo from GovTech Singapore, who is shaping AI-enabled cyber defence in the public sector; 

  2. (Steve) Stephen Hager, from Google Cloud, who oversees global security and infrastructure resilience at scale; and

  3. Matthew Zwolenski, from Wiz, who drives cloud-native and AI workload security across the Asia Pacific. 

Together, they offer insights into how AI, governance, and collaboration can fortify systems, anticipate threats, and build trust in the digital future.

Using AI to strengthen Government cyber defence

Image of STACKx Cybersecurity 2026 Speaker Ong Hong Joo

Ong Hong Joo is a senior cybersecurity leader at GovTech Singapore, working at the intersection of AI, cyber defence, and digital government resilience. He leads efforts to strengthen public sector cyber capabilities, leveraging AI across threat detection, automated triage, and real-time response. At STACKx Cybersecurity 2026, he will share how AI is being deployed strategically to build a more anticipatory cyber defence posture.

Q: AI is often described as both a weapon and a shield. From your perspective, how has AI fundamentally changed the cyber defence landscape?

The "shield" was failing long before AI arrived; we were already losing the battle against alert fatigue and manpower shortages. AI hasn't just added a new layer of defense—it has finally changed the math of the scaling problem. For the first time, we have a way to match the attacker's automation with a "digital force multiplier" that doesn't blink and doesn't get tired. 

Q: What misconceptions do organisations still have about deploying AI in security operations? 

The "magic button" myth. Many people still believe you can just drop a generic LLM into a SOC (Security Operations Center) and watch it hunt threats. At GovTech, our early journey was a reality check involving "brittle" AI and hallucinations that could lead a defender down the wrong path.

Q: What are some capabilities public sector cyber defence teams have built to effectively “forge” AI in the cyber defence strategy? 

We’ve moved past simple chatbots and into agentic workflows. We’ve been running internal trials on both the Red and Blue sides—from AI-augmented pen-testing that rivals recent industry benchmarks to automated triage loops in the SOC. I’ll be revealing the results of these experiments during my presentation.

Q: If you could advise CISOs starting their AI journey today, where should they focus first?  

Don’t start with the "cool" stuff; start with the "soul-crushing" operational stuff. Most organisations aim for strategic AI when they should be looking for the "intern" AI first—the high-volume, repetitive tasks that burn out your best engineers.

Building stronger systems for the future

Image of STACKx Cybersecurity 2026 speaker Steve Hager

(Steve) Stephen Hager oversees security strategy across one of the world’s most complex digital infrastructures at Google Cloud. His work spans global threat management, secure cloud architecture, and AI governance, helping organisations build resilient systems capable of withstanding future attacks. At STACKx Cybersecurity 2026, he will share insights on strategic cyber resilience, governance, and collaboration across sectors.

Q: What does “fireproofing the future” mean in practical, operational terms for cybersecurity?

"Fireproofing the future" is a proactive approach to cybersecurity. In practical operational terms, it’s about building resilient infrastructure from the ground up, embedding security in every stage—from design and development to deployment and operations.

This includes zero-trust architectures, AI-driven detection, proactive threat intelligence, and tested recovery plans. Teams must also practice and rehearse to ensure readiness and build trust in each other, the tools, and the leadership. 

Q: As AI systems become more autonomous, how do we rethink risk governance?

We are moving from a world where we manage the risks of tools to a world where we must govern the behavior of autonomous agents. Rethinking risk governance in this new paradigm involves algorithmic accountability, continuous monitoring, adaptive risk frameworks, and embedding ethics. In this new era, humans shift from direct control to oversight and exception handling, collaborating with AI to ensure safe outcomes.

Q: What is the biggest mistake organisations make when preparing for future threats?

The biggest mistake organisations make when preparing for future threats is complacency and a failure to adapt. Many organisations fall into the trap of preparing for the last war instead of the next one. Common pitfalls include a reactive, check-the-box compliance mindset, over-reliance on technology, neglecting the human element, skipping realistic drills, and failing to think like an adversary.

Q: Looking ahead five years, what will distinguish organisations that are truly resilient from those that are not?

The truly resilient organisations will be distinguished not just by their technological defenses but by their adaptive and holistic approach to cybersecurity. Resilient organisations embed cybersecurity into their DNA—from boardroom to frontline staff.

They operate with agility and collaborate widely, sharing threat intelligence to build a collective defence. They also operate under the assumption that they will eventually be breached. This mindset shifts the focus from prevention alone to rapid detection, response, and recovery.

Protecting cloud and AI systems

Image of STACKx Cybersecurity 2026 speaker Matthew Zwolenski

Matthew Zwolenski leads solutions engineering across Asia Pacific and Japan (APJ) at Wiz, focusing on cloud security and AI workload protection. He helps organisations adopt modern, collaborative approaches, aligning development, operations, and security teams. At STACKx Cybersecurity 2026, he will share practical strategies for securing cloud-native environments and scaling AI workloads safely.

Q: What trends in customer cloud security adoption have you seen across Asia Pacific and Japan over the past year?

Cloud migration has surged across the region, particularly among large enterprises that previously managed their own data centres. This shift is prompting security teams to rethink their operating models. 

One of the most significant changes is the democratisation of security. Organisations are moving away from traditional, reactive approaches—such as weekly spreadsheets of alerts—and towards business-centric risk models. By identifying “toxic combinations” of likelihood and severity, teams can prioritise the issues that pose real threats, rather than chasing low-impact alerts.

To support this transformation, organisations are adopting horizontal security architectures that provide end-to-end visibility from code to cloud to security operations (SOC). This creates a contextual view of risk, allowing teams to prioritise and eliminate threats based on their potential business impact.

In this new operating model, developers and cloud teams can identify and fix issues directly at the source, supported by AI-driven insights and automation. Security teams shift from reactive enforcement to strategic partnership across the organisation, enabling faster threat resolution, automation of compliance controls, and alignment with the broader AI development lifecycle.

Q: What excites you the most about the future of cloud and AI security, and what keeps you cautious?

AI is transforming the CISO’s role from “police” to catalyst. Red, blue, and green AI agents can now simulate attacks, detect threats, and proactively remediate risks—helping security teams respond faster and stay ahead of threats.

At the same time, we are seeing two new threats emerge. Firstly, attackers are using AI to accelerate their attacks, reducing the time it takes to penetrate an environment from months to minutes. Secondly, AI itself has become a new attack surface, with threats such as poisoned training data or hijacked AI models. 

These trends make it essential for organisations to rethink their security operating models, leveraging AI to stay ahead of attackers and secure both traditional workloads and the AI ecosystem itself.

Q: How has AI enhanced cloud security over the years?

We are entering a phase where AI agents become embedded members of the security team, handling the first detection and triage of threats.This frees up human analysts to focus on governance and strategic decision-making, allowing teams to respond faster and keep pace with increasingly sophisticated threats.

AI is also being used to secure the AI ecosystem itself—monitoring models, data pipelines, and agent behaviour to identify emerging risks in complex environments.

With growing workloads and a global shortage of cybersecurity talent, AI offers a scalable solution—automating threat hunting, triage, and remediation to help under-resourced security teams keep pace with evolving threats.

The insights shared by Ong Hong Joo, (Steve) Stephen Hager, and Matthew Zwolenski highlight a common truth: AI’s potential in cybersecurity can only be realised when paired with trust, collaboration, and deliberate governance. 

At STACKx Cybersecurity 2026, attendees will have the opportunity to dive deeper into these strategies, learning from real-world experiments, global best practices, and innovative approaches to securing cloud, AI, and critical infrastructure. 

Expect engaging keynotes, interactive discussions, and a range of lightning talks that will equip you to futureproof your organisation, strengthen cyber resilience, and build the trusted digital systems of tomorrow. Register your seat today!

Connect with us!

Subscribe to the TechNews email newsletter

Subscribe to the TechNews email newsletter

Join the Tech Kaki user-testing community

Join the Tech Kaki user-testing community

Back to top