-
DAY 1
Tuesday, 22 July
-
08:20
Register; grab a coffee. Mix, mingle and say hello to peers old and new.
-
9:00
Welcome from Corinium and the Chairperson
Sandeep Taileng - Industry Cyber Security Leader - State Trustees
-
09:10
Speed Networking – Making New Connections!
In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network!
-
09:20
The Road Ahead: Key Milestones and Next Steps in the 2023-2030 Strategy
Lieutenant General Michelle McGuinness CSC - National Cyber Security Coordinator - Department of Home Affairs
- Reflections on key achievements under Horizon 1 and lessons learned.
- Priorities as we move towards Horizon 2, including scaling cyber maturity across the economy and growing Australia’s cyber workforce.
- The role of public-private partnerships in building a resilient digital future.
- How the federal government continues engaging CISOs and the broader cyber community to drive national cyber resilience.
-
09:45
C-Suite Dialogue: Driving Resilience Through CISO CIO and CFO Collaboration
Step into an engaging conversation among CISO, CIO and CFO as they unpack the critical interplay between cyber security and financial strategy. This dynamic conversation offers a unique opportunity to explore how these three leadership roles align to protect organisational assets while enabling growth.
- How can we align priorities to ensure cyber security investments drive both risk reduction and organisational growth?
- What strategies do you use to translate cyber security risks into financial terms that resonate with the C-suite and board?
- How do you balance the need for proactive cyber security investments with the organisation’s financial constraints?
- What practical steps can improve collaboration among cyber security, IT and finance teams to protect assets and enable innovation?
Moderator:
John Taylor CTO Lumia Care
Panellists:
Noel Toal CIO DPV Health
Chris Storey CFO Suburban Rail Loop Authority
Jo Stewart Rattray Chief Security Officer Silverchain
-
10:15
From Best Practice to Mandate: The Rising Stakes of Data Protection in Australia
Jamie Wright - Field CTO ANZ - HashiCorp
With evolving Australian regulations, enterprises are facing stricter mandates for securing sensitive data. Protecting is no longer just a best practice—it’s a business imperative. This session will explore key data protection requirements, including enhanced encryption, stricter access controls, and stronger authentication mechanisms. Join us to understand how to turn compliance challenges into security advantages while staying ahead of regulatory demands.
-
10:40
Get refreshed! Mingle
-
11:10
Panel: From Risk to Transformation– AI's Impact on Next-Gen Cyber Security
- How would you assess the current level of AI implementation within your organisation?
- What challenges have you encountered in adopting AI, and how have you addressed them?
- What are the key criteria and considerations for evaluating AI technologies as part of a holistic cyber risk management strategy?
- What indicators or benchmarks should organisations consider evaluating the effectiveness of AI-driven cyber defence initiatives?
Moderator:
Dr Imad Khan Data Science AI & Neural Networks Expert Victoria University
Panellists:
Sam Fariborz CISO David Jones
Jonar Marzan Group Cyber - Security, Risk & Compliance Manager Coles
Dushyant Sattiraju Director Cyber Security Deakin University
Craig Searle Regional Director CPS Pacific Trustwave
-
11:45
From Automation to Autonomy: The Next Leap in DevSecOps Security
Senior representative - - Proofpoint
As DevSecOps evolves, AI and automation are redefining security operations, enabling proactive, self-managing security frameworks. This session will examine the benefits and challenges of autonomous DevSecOps, offering insights into how organisations can transition towards a continuous and self-sustaining security model.
-
12:10
AI, Data, and Cyber Security: The Power Trio Reshaping Digital Defence
Samrat Seal - Head of Transformation and Risk Governance - Kmart
- Exploring the convergence of AI, data, and cyber security
- Discussing data as the core foundation for AI-driven cyber security.
- Leveraging AI for proactive and predictive cyber defence.
- Examining challenges and risks that AI brings in for cyber security.
- Shedding light on the future of cyber security with AI and data.
-
12:35
The Power of Global Threat Intelligence to Enhance Cyber Resilience
Senior representative - - Digicert
Harnessing global threat intelligence allows organisations to move from reactive defence to proactive threat mitigation. This session will demonstrate how consolidating and operationalising threat feeds can improve security agility, enhance visibility across systems, and drive a more resilient cybersecurity posture.
-
13:00
Lunch
-
TRACK A: STRATEGIC RESILIENCE
Sandeep Taileng - Industry Cyber Security Leader - State Trustees
-
14:00
Building Cyber-Resilience Against Social Engineering Attacks
- Explore the latest methods cybercriminals use to exploit human vulnerabilities to access sensitive information and compromise systems.
- Learn strategies to build organisational awareness and defences to mitigate the risks associated with social engineering.
- Discover how fostering a culture of cyber security awareness can empower employees reducing susceptibility to social engineering attacks and enhancing overall resilience.
Puneet Tikoo Information Security Lead Cisco
Bharat Bajaj Senior Manager – Risk & Control Enablement CBA
-
14:25
The Security Game - A Strategy to Win
Paul Thomas - Senior Solutions Architect ANZ - Axonius
If there are contenders and goals, there is a game — to win requires theories and strategies. We constantly hear about the need to be strategic and develop strategies to attain cybersecurity goals, but what does that look like and how can you go about it? Ironically, there are actually strategies for developing a strategy. Security experts, join us for an insightful discussion on developing winning security strategies and gain practical insights and real-world examples to help you achieve your security objectives.
-
14:50
From Cyber Chaos to Organisational Resilience: Mastering Crisis Leadership
Nigel Hedges - CISO - Chemist Warehouse
- Transform cyber security incident response skills into effective crisis leadership strategies.
- Apply key principles from ISO 22361 to strengthen crisis management processes and decision-making.
- Equip teams with actionable frameworks to navigate disruptions and ensure business continuity.
-
15:15
TBC
Tom Scully - Principal Architect, Public Sector - Palo Alto Networks
-
TRACK B: RISK MANAGEMENT
Prof Dan Haagman - CEO, Chaleit & Honorary Professor - Murdoch University
-
14:00
The Quantum Leap: A Cyber Security Crossroads
Fatima Hoblos - Lead Engineer - Kmart
- Explore the capabilities of quantum computing, its current developments, and the expected timeline for real-world impact.
- Understand how quantum advancements could disrupt encryption, compromise sensitive data, and challenge existing security controls.
- Assess the implications for cyber security investment, compliance, risk management, and the cost of upgrading security infrastructure.
- Identify actionable steps for CISOs, including risk assessment, vendor collaboration, and future-proofing security architectures with AI-driven defence mechanisms.
-
14:25
Locking Down Microsoft Copilot: Preventing Data Exposure and AI Exploits
Senior representative - - Varonis
Generative AI tools like Microsoft Copilot can enhance productivity but also introduce new security challenges. Learn how to mitigate the risks of prompt-hacking, control data access, and ensure your Copilot deployment remains secure.
-
14:50
Group Discussion: Bridging the Gap – Turning Cyber Risks into Strategic Leadership Conversations
Sunil Rane - CISO - ARN
Join Sunil as he shares his experience at ARN, where he successfully developed a risk framework to align security efforts with business priorities. Following his presentation, attendees will collaborate in small groups to:
- Reflect on Sunil’s framework and brainstorm how similar strategies can be implemented in their organisations.
- Share real-world challenges and successes in communicating cyber risks to leadership teams.
- Explore ideas for enhancing cross-departmental collaboration to improve risk management practices.
- Discuss actionable strategies for securing executive buy-in and driving cyber security initiatives forward.
-
15:15
Zero Trust for the C-Suite: Translating Security Strategy into Business Value with Okta and Palo Alto Networks
Zero Trust is a vital component of modern security, but its value needs to be communicated to the C-suite. This session will explore how Okta and Palo Alto Networks can work together to align Zero Trust strategies with the organisation’s overall business goals. The pair will deep dive into:
- How can Okta’s IAM and Palo Alto’s security solutions help reduce business risk while enhancing operational agility?
- How can security leaders demonstrate the ROI of Zero Trust to the board, using examples from Okta and Palo Alto’s combined solutions?
- What are the key business drivers for adopting Zero Trust, particularly in terms of risk management, compliance, and breach prevention?
Speakers
James Darwin Principal Solutions Engineer Okta
Raj Sharma ANZ SASE:AI Portfolio GTM Leadership Palo Alto Networks
-
TRACK C: CYBER SECURITY OPERATIONS
Raheem Sar - APAC CISO - The Access Group
-
14:00
Threat Intel-Informed Operations: A Force Multiplier for Your Organisation
Nadia Taggart - Director Cyber Security Strategic Development - AARNet
- Distinguish between intelligence and information to drive effective risk mitigation and decision-making.
- Embed real-time threat intelligence into SOC workflows to enhance detection and response.
- Use intelligence-driven insights to prioritise threats and optimise security operations.
- Strengthen collaboration across teams to maximise threat intelligence as a force multiplier.
-
14:25
From Vulnerability to Vanguard: Reinventing DNS Security
Brad Ford - Security Specialist – ANZ - Infoblox
In today's digital world, security challenges are evolving rapidly. As Australia aims for ambitious security goals, the need for cost-effective solutions is rising. Domain Name System (DNS) technology holds immense potential yet many organisations don't fully understand its role in security. We will highlight DNS vulnerabilities, threats exploiting the protocol and security approaches using DNS to defend against cyber threats. Learn about DNS's importance, vulnerabilities and how to leverage it for defence, gaining insights into threat detection and mitigation to bolster your security posture.
-
14:50
Developing a Practical Approach to Security Operations and Incident Management
Sajeesh Patail - Global Cyber Operations Manager - Orica
-
Strategies to uplift your incident response readiness through table-top and crises exercises.
-
Creating documented procedures, consistent and easy to understand for relevant stakeholders –you’ll need them ready-to-go in case of an incident.
-
Incorporating board and executive management into IR – what do they need to know and do?
-
Take-aways and lessons learned – reviewing what went according to plan and what can be improved.
-
-
15:15
AI in Cloud-Native Security: Automating Protection from Code to Production
Senior representative - - Trend micro
Cloud-native applications demand a new approach to security—one that AI is uniquely positioned to provide. This session will examine how AI-driven security solutions can mitigate risks throughout the software lifecycle, from secure coding practices to real-time threat detection.
-
15:40
Get refreshed! Mingle
-
TRACK A: STRATEGIC RESILIENCE
Sandeep Taileng - Industry Cyber Security Leader - State Trustees
-
16:10
Automating GRC Frameworks: Mapping Cyber Maturity with Human-Centric Platforms
Jatinder Oberoi - CISO - Accolade Wines
- Explore the limitations of traditional GRC frameworks in the evolving threat landscape and the benefits of automation, including reduced compliance overhead and real-time visibility for better decision-making.
- Discuss how these platforms address gaps in GRC automation and enable organisations to map cyber maturity effectively.
- Learn from a case study on transitioning from fragmented processes to a future-ready framework, with key takeaways and next steps for automation.
-
16:35
Beyond Awareness: Building a Cyber-Resilient Culture Through Engagement and Education
Senior representative - - Illumio
Cybersecurity isn’t just an IT concern—it’s a shared responsibility. Learn how a human-centric approach, real-life attack scenarios, and technical controls like email filtering and blacklisting can empower teams to mitigate threats effectively.
-
17:00
Fireside Chat: Redefining the Role of CISO to Drive Innovation
- Exploring how the CISO’s responsibilities are evolving from solely managing risks to enabling business growth and innovation.
- Understanding how CISOs can design adaptable security frameworks that support business agility and innovation while safeguarding against emerging threats.
- Discussing how CISOs can cultivate a mindset where security is not seen as a barrier but as a driver of business agility, empowering teams to innovate with confidence.
Moderator:
Lama Tayeh Founder & CEO LULUMPR
Speakers:
Maria Paz, CTO, Epworth
John Taylor CTO Lumia Care
-
TRACK B: RISK MANAGEMENT
Prof Dan Haagman - CEO, Chaleit & Honorary Professor - Murdoch University
-
16:10
Panel: Keeping Up with a Constantly Changing Regulatory Environment
- An overview of new security regulations and standards affecting Australian businesses.
- Complying with SOCI, SoNS, CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, AESCSF, NIST and Essential 8.
- Insights into the current proposed legislation NIS 2.0 and DORA, which have been said to be the GDPR for Information Security.
- Strategies to balance the benefits against the cost-impact of compliance based on the enterprise’s risk appetite.
Moderator:
Dan Goldberg Australian Market ISO Omnicom
Panellists:
Puneet Tikoo Information Security Lead Cisco
Amanda Pinaud Cyber Security Manager Megaport
Helaine Leggat NED CI-ISAC & Chair CI-ISAC Health Cyber Sharing Network Advisory Panel
-
16:35
The Art of the Socially Engineered Attack
Matt Berry - Field CTO & Senior Sales Engineer - Abnormal Security
It's hard to believe that invoice fraud is even possible in this era of online payment, sophisticated accounts-payable systems and our heightened awareness of cybercrime. Yet, Australian businesses lost $152m to payment redirection scams last year - a 67% increase on 2023. In this session we will delve into real-world examples of cleverly crafted socially engineered attacks. We'll look through the security analyst's lens and uncover ways you can identify these amazingly real emails as fraudulent and discuss the impact of Behavioural AI based techniques in halting the attack that might otherwise result in significant financial losses.
-
17:00
Fireside Chat: Safeguarding Data, Privacy and Ethics– Critical Considerations for CISOs Today
- Understand the data protection and privacy challenges posed by emerging technologies as well as the new privacy act updated in August 2024.
- Reduce trust assumptions and adopt a more granular, data-centric and risk-based approach to security.
- Discuss how to take a proactive approach to building a unified data security strategy while grappling with emerging technology in an era where data is widely distributed across the organisation.
Moderator:
Andrew Morgan Head of Information Security & Risk Defence Health
Speakers:
Muzamil Rashid Head of Cyber Security Mazda Australia
Vasant Prabhu Global Data Protection Lead Toll Group
-
17:25
Chairperson's Closing Remarks
Sandeep Taileng - Industry Cyber Security Leader - State Trustees
-
17:30
Cheers with Peers!
Not Found
-
DAY 2
Wednesday, 23 July
-
08:20
Register; grab a coffee. Mix, mingle and say hello to peers old and new.
-
9:00
Welcome from Corinium and the Chairperson
Prof Dan Haagman - CEO Chaleit & Honorary Professor - Murdoch University
-
09:10
Fireside Chat: Threats on the Horizon - Unpacking the Evolving Cyber Landscape
In this candid one-on-one conversation, a leading Australian CISO reflects on the rapidly evolving threat landscape impacting organisations across all sectors. This session explores how emerging technologies, geopolitical shifts, and adversarial innovation are reshaping the threat horizon. Discussing the rise of sophisticated multi-vector attacks, the increasing role of AI in both offence and defence, and the shifting tactics of cybercriminals and nation-state actors. Unpacking what’s keeping security leaders up at night, how businesses can move from reactive to strategic risk management, and what it truly takes to build resilience in a climate of constant cyber disruption.
Speakers:
Vannessa van Beek Global CISO Fortescue
Jason Murrell Chair Australian Cyber Network
-
09:35
Into the Cyberwars
Glenn Maiden - CSO Fortinet Australia & Director of Threat Intelligence, FortiGuard Labs ANZ - Fortinet
Explore FortiGuard Lab's 2025 threat predictions and learn actionable strategies to combat emerging risks like supply chain attacks. Build resilience, minimise systemic risk and stay ahead in an interconnected threat landscape.
-
10:00
Panel: Invest Smart, Secure Smart – Maximising the Value through Strategic Resource Allocation
- What strategies effectively prioritise resource allocation towards high-value targets without over-allocating to less critical areas? What metrics or KPIs should be tracked?
- How crucial are comprehensive risk assessments for identifying critical assets?
- How can businesses balance thorough risk assessments with the fast-paced threat landscape?
- What are the main challenges in getting the board to prioritise cyber security investments, and how do you tackle them? What do you do when the board says no?
Moderator:
Tara Dharnikota CISO Victoria University
Panellists:
Callum Nelson CISO EBOS Group
James Ng GM Cyber Security (CISO) Insignia Financial
Robert Turney CISO auDA
-
10:35
Securing GenAI: From SaaS Copilots to Enterprise Applications
Tim Stead - Technical Director APAC - Securiti
The rise of Generative AI has transformed the enterprise landscape, with Large Language Models (LLMs) powering SaaS copilots and custom-built applications. Yet, two years into this GenAI revolution, businesses face a key challenge: balancing innovation with robust security.
From data privacy concerns to unintended information exposure, early adopters like Microsoft Copilot have revealed critical gaps in managing complex access permissions. Building enterprise-grade AI applications only adds to the complexity, requiring rigorous data controls and governance to mitigate risks.
In this session, we’ll explore:
- Emerging security challenges in AI and their impact on cybersecurity teams
- OWASP Top 10 for LLMs: What’s hype, and what’s real?
- Why traditional approaches, like LLM Firewalls, fall short.
- The essential controls and frameworks needed to secure GenAI deployments.
Whether you’re deploying AI in SaaS platforms or building in-house solutions, this session will arm you with the knowledge to address the toughest security challenges and unlock the full potential of Generative AI – without compromise.
-
11:00
Get refreshed! Mingle
-
TRACK A: CRITICAL INFRASTRUCTURE
Prof Dan Haagman - CEO Chaleit & Honorary Professor - Murdoch University
-
11:30
Responsible AI in the Enterprise: Managing Risks while Driving Business Value
- Explore frameworks and best practices for implementing responsible AI governance in enterprise environments.
- Identify key risk factors associated with AI adoption, including ethical considerations, regulatory compliance, and operational vulnerabilities.
- Demonstrate how to align AI initiatives with business objectives to drive value while maintaining accountability and trust.
Speakers:
Bharat Bajaj Senior Manager – Risk & Control Enablement CBA
Reshma Devi Data & AI Risk and Information Management Transurban
-
11:55
The Role of Asset Intelligence in Strengthening Critical Infrastructure Security
Senior representative - - Exabeam
Asset intelligence is fundamental to securing critical infrastructure. This session will explore how leveraging an Asset Intelligence platform improves asset visibility, simplifies compliance, and enhances overall security posture by ensuring accurate, real-time asset data collection and analysis.
-
12:20
Panel: Rethinking Security for Critical Infrastructure - Zero Trust as a Foundation
- Identifying key dependencies to address before embarking on a Zero Trust network transformation to ensure a smooth and effective implementation.
- Exploring the essential components of a Zero Trust technology stack, their roles in fortifying infrastructure, and their integration into existing environments.
- Applying pragmatic policy principles to focus on high-impact areas, maximising risk reduction without overwhelming resources or processes.
- Addressing the complexities of deploying Zero Trust in environments with legacy systems, OT, and IoT.
Moderator:
Helaine Leggat NED CI-ISAC & Chair CI-ISAC Health Cyber Sharing Network Advisory Panel
Panellists:
David Worthington, GM - Digital Security & Risk, Jemena
Winston Fernando Head of Cyber Security & Compliance Darebin City Council
Maria Paz CTO Epworth
Senior representative Ping Identity
-
TRACK B: CYBER MATURITY
Andrew Morgan - Head of Information Security & Risk - Defence Health
-
11:30
Breaking the Firewall: Navigating Security in a World Without Boundaries
Muzamil Rashid - Head of Cyber Security - Mazda Australia
- The end of traditional perimeter security—why firewalls alone are no longer enough.
- Zero Trust and micro-segmentation—building security from the inside out.
- Defending a hyperconnected world—securing data, identities, and applications everywhere.
-
11:55
From Cyber Hygiene to Compliance: Leveraging Real-Time Data for Security Transformation
Senior representative - - BigID
Effective cyber defence requires more than just static controls. In this session, we’ll examine how real-time data empowers organisations to strengthen cyber hygiene, rapidly detect and respond to breaches, and streamline compliance initiatives to achieve higher Essential 8 Maturity levels.
-
12:20
Panel: From Framework to Function– Embedding GRC into Cyber Maturity Journeys
- How can organisations transform GRC from a compliance framework into a strategic tool that drives cyber maturity and resilience?
- What are the main challenges organisations face when embedding GRC into their cyber maturity journey, and how can these be overcome effectively?
- How can organisations measure and track the impact of GRC integration on their cyber maturity and long-term resilience goals?
Panellists:
Cameron Walter Head of Cyber Security Cricket Australia
Tharaka Perera Head of Information Security Estia Health
Dhaval Parikh Cyber Security Advisory Lead UNSW
Nimisha Balyan GM Program Delivery & Change - P&T Transformation Telstra
-
12:55
Lunch
-
13:55
Panel: Resilience Starts Within– Nurturing a Cyber-Aware Culture Across Your Organisation
Senior representative - - One Identity
- Understand the influence of human behaviour and organisational culture on the effectiveness of cyber security practices.
- Implement strategies to foster a security-conscious mindset, encouraging proactive cyber hygiene and responsible digital behaviour across the workforce.
- Measure and evaluate the impact of security awareness initiatives, refining approaches to maintain a continuously improving cyber-aware culture.
- Empower employees to become active defenders, fortifying the organisation’s resilience.
Moderator:
Daisy Wong Squad Lead - Security Awareness Medibank
Panellists:
Cheryl Wong Security Culture & Engagement Lead EBOS Group
Winston Fernando Head of Cyber Security & Compliance Darebin City Council
Daniel Eastley Head of Group Cybersecurity JB HI-FI
-
14:55
Security That Moves with You: Empowering Smart Teams and Technology Choices
Shana Uhlmann - CISO - Tattarang
- Tough questions that need asking – how to make complex security simple, remove the vendor angst, and enable small teams to focus on the highest-impact tasks.
- Why is tech debt like your home mortgage and how do you know when to re-finance?
- Not assume breach– how does a ‘Let Breach’ mindset change your investment and provide lead indicator forecasting?
- How does MoSCoW prioritisation enable better business security and firewall rules at home?
- Practical tools to work out acceptable loss, right-sized security investment and drive business outcomes.
-
15:20
Get refreshed! Mingle
-
15:50
Panel: The Chain Reaction– Assess, Mitigate and Manage Supply Chain Cyber Risk
- What are the key vulnerabilities in the supply chain or gaps in vendor cyber security practices and their potential business impacts?
- How can businesses shift from reactive to proactive approaches in identifying and managing supply chain risks, particularly with the growing reliance on third-party services?
- What are the actionable strategies for improving vendor oversight and securing the entire supply chain against evolving cyber threats?
- How to develop tailored mitigation strategies to address financial, reputational, and operational risks posed by third-party vulnerabilities?
Moderator:
Raheem Sar APAC CISO The Access Group
Panellists:
Sandra Barns GM Information Security, Technology & Data Risk Judo Bank
Muzamil Rashid Head of Cyber Security Mazda Australia
Catherine Rowe Former Global CISO ex-QBE
-
16:25
Panel: The Innovation Mindset – Cyber Leaders Who Dare to Think Differently
Innovation and security are often seen as opposing forces, but the most successful organisations find ways to balance both. This panel brings together forward-thinking cyber security leaders to explore how to foster creativity while maintaining the rigour needed to safeguard organisations.
Moderator:
Prof Dan Haagman CEO Chaleit & Honorary Professor Murdoch University
Panellists:
Jerome Brown Head of IT: Cyber Security & Risk Country Road Group
Alison Stretch GM of Information Security
Vannessa Van Beek Global CISO Fortescue
-
16:50
Chairperson's Closing Remarks
Prof Dan Haagman - CEO Chaleit & Honorary Professor - Murdoch University
-
17:00
Close of CISO Melbourne 2025
Not Found