As organizations embrace AI-driven transformation, their digital ecosystems become broader, faster-moving, and more exposed to cyber risks. This session explores how outside-in cyber risk ratings provide a continuous, data-driven view of an organization’s cyber posture and that of its third-party vendors, enabling proactive risk management across the enterprise and supply chain.
Participants will learn how integrating cyber risk ratings into digital and third-party risk strategies supports operational resilience, stakeholder trust, and regulatory readiness. The talk will cover use cases, metrics, and practical steps to embed cyber risk ratings into transformation programs, ensuring organizations remain secure, accountable, and competitive in an AI-powered future.
12:00 pm – Arrival & Welcome Drinks
Guests arrive, informal networking, introductions.
12:30 pm – Opening Remarks
Host: Alex Teh and Ray Koh
12:45 pm – The NZ Cyber Risk Landscape
Speaker: SecurityScorecard Regional Country Director
Data-driven insights into NZ’s external risk posture
Common weaknesses across key industries
1:15 pm – Executive Roundtable Discussion (Facilitated)
Moderated conversation across the table:
How are boards asking for cyber risk to be quantified?
Are annual assessments enough anymore?
1:50 pm – Deep Dive: From Ratings to Remediation
Speaker: Ray Koh
How organisations operationalise ratings
Integrating continuous monitoring into risk and procurement workflows
2:15 pm – Peer Perspectives
Guest NZ CISO
Practical experience implementing third-party risk monitoring
Communicating cyber risk in business terms
Lessons for the NZ executive community
2:30 pm – Open Forum & Strategic Q&A
An unfiltered discussion session encouraging:
Shared challenges
Vendor risk dilemmas
2:50 pm – Closing Reflections
Key takeaways and future collaboration opportunities.
3:00 pm – Informal Networking & Coffee
Addressing vendor exposure in NZ’s tightly connected business ecosystem.
Translating cyber posture into measurable, benchmarked ratings.
Identifying unknown or unmanaged internet-facing assets.
Ray Koh is a veteran cybersecurity professional with over 30 years of experience as a trusted advisor to customers.
His expertise spans implementing security controls, providing cybersecurity consultancy for Critical Information Infrastructure (CII) sectors, and leading teams across the Asia Pacific and Japan region through startup, hyper-growth, and transformational phases.
Ray is a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP). For those who remember the Novell era, he was a CNE (Certified Novell Engineer), which probably tells you a little about his vintage.
Christoph Demoor is the Group Manager of Technology Operations at Auckland Transport, where he leads the delivery and performance of technology services supporting Auckland’s public transport network.
Overseeing a team of 112 professionals across cybersecurity, cloud and infrastructure, application operations, operational technology (OT), licensing and asset management, workplace technology, and service management, Christoph is responsible for ensuring the reliability, resilience, and security of a complex and business-critical technology environment.
Reporting to the Chief Technology Officer, he sets the strategic direction for technology operations—balancing operational excellence with innovation, while maintaining strong service delivery across a diverse technology estate. Working through a leadership team of seven senior managers, Christoph drives capability uplift, performance, and scalable outcomes that support the evolving needs of Auckland’s transport ecosystem.
269 Parnell Road, Parnell, Auckland 1052
SecurityScorecard helps TPRM and SOC teams detect, prioritize, and remediate vendor risk across their entire supplier ecosystem at scale.
