CISO Melbourne schedule

In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network!

• Reflections on key achievements under Horizon 1 and lessons learned.
• Priorities as we move towards Horizon 2, including scaling cyber maturity across the economy and growing Australia’s cyber workforce.
• The role of public-private partnerships in building a resilient digital future.
• How the federal government continues engaging CISOs and the broader cyber community to drive national cyber resilience.

Step into an engaging conversation among CISO, CIO and CFO as they unpack the critical interplay between cyber security and financial strategy. This dynamic conversation offers a unique opportunity to explore how these three leadership roles align to protect organisational assets while enabling growth.

• How can we align priorities to ensure cyber security investments drive both risk reduction and organisational growth?
• What strategies do you use to translate cyber security risks into financial terms that resonate with the C-suite and board?
• How do you balance the need for proactive cyber security investments with the organisation’s financial constraints?
• What practical steps can improve collaboration among cyber security, IT and finance teams to protect assets and enable innovation?

Moderator:

John Taylor CTO Lumia Care

Panellists:

Noel Toal Chief Technology & Transformation Officer Repurpose It 

Chris Storey CFO Suburban Rail Loop Authority 

Jo Stewart Rattray Chief Security Officer Silverchain

With evolving Australian regulations, enterprises are facing stricter mandates for securing sensitive data. Protecting is no longer just a best practice—it’s a business imperative. This session will explore key data protection requirements, including enhanced encryption, stricter access controls, and stronger authentication mechanisms. Join us to understand how to turn compliance challenges into security advantages while staying ahead of regulatory demands.

• How would you assess the current level of AI implementation within your organisation?
• What challenges have you encountered in adopting AI, and how have you addressed them?
• What are the key criteria and considerations for evaluating AI technologies as part of a holistic cyber risk management strategy?
• What indicators or benchmarks should organisations consider evaluating the effectiveness of AI-driven cyber defence initiatives?

Moderator:

Dr Imad Khan Data Science AI & Neural Networks Expert Victoria University

Panellists:

Sam Fariborz CISO David Jones

Jonar Marzan Group Cyber - Security, Risk & Compliance Manager Coles

Dushyant Sattiraju Director Cyber Security Deakin University

Craig Searle Regional Director CPS Pacific Trustwave

As DevSecOps evolves, AI and automation are redefining security operations, enabling proactive, self-managing security frameworks. This session will examine the benefits and challenges of autonomous DevSecOps, offering insights into how organisations can transition towards a continuous and self-sustaining security model.

• Exploring the convergence of AI, data, and cyber security
• Discussing data as the core foundation for AI-driven cyber security.
• Leveraging AI for proactive and predictive cyber defence.
• Examining challenges and risks that AI brings in for cyber security.
• Shedding light on the future of cyber security with AI and data.

Harnessing global threat intelligence allows organisations to move from reactive defence to proactive threat mitigation. This session will demonstrate how consolidating and operationalising threat feeds can improve security agility, enhance visibility across systems, and drive a more resilient cybersecurity posture.

• Explore the latest methods cybercriminals use to exploit human vulnerabilities to access sensitive information and compromise systems.
• Learn strategies to build organisational awareness and defences to mitigate the risks associated with social engineering.
• Discover how fostering a culture of cyber security awareness can empower employees reducing susceptibility to social engineering attacks and enhancing overall resilience.

Puneet Tikoo Information Security Lead Cisco

Bharat Bajaj Director ISACA Melbourne Chapter

If there are contenders and goals, there is a game — to win requires theories and strategies. We constantly hear about the need to be strategic and develop strategies to attain cybersecurity goals, but what does that look like and how can you go about it? Ironically, there are actually strategies for developing a strategy. Security experts, join us for an insightful discussion on developing winning security strategies and gain practical insights and real-world examples to help you achieve your security objectives.

• Transform cyber security incident response skills into effective crisis leadership strategies.
• Apply key principles from ISO 22361 to strengthen crisis management processes and decision-making.
• Equip teams with actionable frameworks to navigate disruptions and ensure business continuity.

Digital innovation isn’t optional—it’s the engine of modern business growth, driving sharper customer experiences, operational efficiency, and bottom-line impact. But this momentum comes with risk. As organisations accelerate transformation, cybersecurity must evolve just as fast. In this session, we unpack how security leaders can move from blockers to enablers—managing emerging risks, embedding structured resilience, and using AI to fuel secure innovation at scale.

Key Takeaways:

• Managing Cyber Risks in Digital Transformation – Identify and mitigate the fast-evolving threats that come with rapid innovation and tech adoption.
• Proactive Risk Assessment – Use structured, risk-based methods to boost resilience, maximise return on security investments, and ensure compliance.
• AI for Cyber Defence & Innovation – Harness AI not just to defend, but to accelerate secure innovation—automating response, reducing risk, and enabling scale.

• Explore the capabilities of quantum computing, its current developments, and the expected timeline for real-world impact.
• Understand how quantum advancements could disrupt encryption, compromise sensitive data, and challenge existing security controls.
• Assess the implications for cyber security investment, compliance, risk management, and the cost of upgrading security infrastructure.
• Identify actionable steps for CISOs, including risk assessment, vendor collaboration, and future-proofing security architectures with AI-driven defence mechanisms.

During this session, we will show you just how easily your company’s sensitive data can be exposed using Microsoft Copilot with simple prompts. We will share practical steps and strategies to ensure a secure Microsoft Copilot rollout and prevent prompt hacking

data exposure.

Join Sunil as he shares his experience at ARN, where he successfully developed a risk framework to align security efforts with business priorities. Following his presentation, attendees will collaborate in small groups to:

• Reflect on Sunil’s framework and brainstorm how similar strategies can be implemented in their organisations.
• Share real-world challenges and successes in communicating cyber risks to leadership teams.
• Explore ideas for enhancing cross-departmental collaboration to improve risk management practices.
• Discuss actionable strategies for securing executive buy-in and driving cyber security initiatives forward.

Zero Trust is a vital component of modern security, but its value needs to be communicated to the C-suite. This session will explore how Okta and Palo Alto Networks can work together to align Zero Trust strategies with the organisation’s overall business goals. The pair will deep dive into:

• How can Okta’s IAM and Palo Alto’s security solutions help reduce business risk while enhancing operational agility?
• How can security leaders demonstrate the ROI of Zero Trust to the board, using examples from Okta and Palo Alto’s combined solutions?
• What are the key business drivers for adopting Zero Trust, particularly in terms of risk management, compliance, and breach prevention?

Speakers

James Darwin Principal Solutions Engineer Okta

Raj Sharma ANZ SASE:AI Portfolio GTM Leadership Palo Alto Networks

• Distinguish between intelligence and information to drive effective risk mitigation and decision-making.
• Embed real-time threat intelligence into SOC workflows to enhance detection and response.
• Use intelligence-driven insights to prioritise threats and optimise security operations.
• Strengthen collaboration across teams to maximise threat intelligence as a force multiplier.

In today's digital world, security challenges are evolving rapidly. As Australia aims for ambitious security goals, the need for cost-effective solutions is rising. Domain Name System (DNS) technology holds immense potential yet many organisations don't fully understand its role in security. We will highlight DNS vulnerabilities, threats exploiting the protocol and security approaches using DNS to defend against cyber threats. Learn about DNS's importance, vulnerabilities and how to leverage it for defence, gaining insights into threat detection and mitigation to bolster your security posture.

• Strategies to uplift your incident response readiness through table-top and crises exercises.

• Creating documented procedures, consistent and easy to understand for relevant stakeholders –you’ll need them ready-to-go in case of an incident.

• Incorporating board and executive management into IR – what do they need to know and do?

• Take-aways and lessons learned – reviewing what went according to plan and what can be improved.

 The world beneath us is moving. AI is on the path to be the fastest adopted technology in the world and with that will come significant opportunities and risks. In this session we will look at how quickly AI is changing our worlds and how threat actors are leveraging it to attack us at a speed, scale and sophistication never seen before. Attackers leveraging AI is only one side of the coin, we will also dive into how organisations can safely and securely adopt AI in a time of rapid change and uncertainty. This session will provide practical advice based on Palo Alto Networks experience on how to safely and securely adopt and implement AI with your organisation whilst maintaining strategic reliance 

• Explore the limitations of traditional GRC frameworks in the evolving threat landscape and the benefits of automation, including reduced compliance overhead and real-time visibility for better decision-making.
• Discuss how these platforms address gaps in GRC automation and enable organisations to map cyber maturity effectively.
• Learn from a case study on transitioning from fragmented processes to a future-ready framework, with key takeaways and next steps for automation.

Cybersecurity isn’t just an IT concern—it’s a shared responsibility. Learn how a human-centric approach, real-life attack scenarios, and technical controls like email filtering and blacklisting can empower teams to mitigate threats effectively.

• Exploring how the CISO’s responsibilities are evolving from solely managing risks to enabling business growth and innovation.
• Understanding how CISOs can design adaptable security frameworks that support business agility and innovation while safeguarding against emerging threats.
• Discussing how CISOs can cultivate a mindset where security is not seen as a barrier but as a driver of business agility, empowering teams to innovate with confidence.

Moderator:

Lama Tayeh Founder & CEO LULUMPR 

Speakers:

Maria Paz, CTO, Epworth

John Taylor CTO Lumia Care

• An overview of new security regulations and standards affecting Australian businesses.
• Complying with SOCI, SoNS, CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, AESCSF, NIST and Essential 8.
• Insights into the current proposed legislation NIS 2.0 and DORA, which have been said to be the GDPR for Information Security.
• Strategies to balance the benefits against the cost-impact of compliance based on the enterprise’s risk appetite.

Moderator:

Dan Goldberg Australian Market ISO Omnicom

Panellists:

Puneet Tikoo Information Security Lead Cisco

Amanda Pinaud Cyber Security Manager Megaport

Helaine Leggat NED CI-ISAC & Chair CI-ISAC Health Cyber Sharing Network Advisory Panel

It's hard to believe that invoice fraud is even possible in this era of online payment, sophisticated accounts-payable systems and our heightened awareness of cybercrime. Yet, Australian businesses lost $152m to payment redirection scams last year - a 67% increase on 2023. In this session we will delve into real-world examples of cleverly crafted socially engineered attacks. We'll look through the security analyst's lens and uncover ways you can identify these amazingly real emails as fraudulent and discuss the impact of Behavioural AI based techniques in halting the attack that might otherwise result in significant financial losses.

• Understand the data protection and privacy challenges posed by emerging technologies as well as the new privacy act updated in August 2024.
• Reduce trust assumptions and adopt a more granular, data-centric and risk-based approach to security.
• Discuss how to take a proactive approach to building a unified data security strategy while grappling with emerging technology in an era where data is widely distributed across the organisation.

Moderator:

Andrew Morgan Head of Information Security & Risk Defence Health

Speakers:

Muzamil Rashid Head of Cyber Security Mazda Australia

Vasant Prabhu Global Data Protection Lead Toll Group

In this candid one-on-one conversation, a leading Australian CISO reflects on the rapidly evolving threat landscape impacting organisations across all sectors. This session explores how emerging technologies, geopolitical shifts, and adversarial innovation are reshaping the threat horizon. Discussing the rise of sophisticated multi-vector attacks, the increasing role of AI in both offence and defence, and the shifting tactics of cybercriminals and nation-state actors. Unpacking what’s keeping security leaders up at night, how businesses can move from reactive to strategic risk management, and what it truly takes to build resilience in a climate of constant cyber disruption.

Speakers:

Vannessa van Beek Global CISO Fortescue

Jason Murrell Chair Australian Cyber Network

Explore FortiGuard Lab's 2025 threat predictions and learn actionable strategies to combat emerging risks like supply chain attacks. Build resilience, minimise systemic risk and stay ahead in an interconnected threat landscape.

• What strategies effectively prioritise resource allocation towards high-value targets without over-allocating to less critical areas? What metrics or KPIs should be tracked?
• How crucial are comprehensive risk assessments for identifying critical assets?
• How can businesses balance thorough risk assessments with the fast-paced threat landscape?
• What are the main challenges in getting the board to prioritise cyber security investments, and how do you tackle them? What do you do when the board says no?

Moderator:

Tara Dharnikota CISO Victoria University

Panellists:

Callum Nelson CISO EBOS Group

James Ng GM Cyber Security (CISO) Insignia Financial

Robert Turney CISO auDA

• Value of Implementing Data Security Posture Management (DSPM) and Data Intelligence Access Governance
• How can DSPM and DIAG help organisations prepare for Generative AI Adoption.

Both DSPM and Data Intelligence Access Governance are critical tools for modern organisations aiming to protect sensitive data, ensure compliance, and reduce risk. They address distinct but complementary aspects of data security and governance, helping organisations proactively manage vulnerabilities, minimise attack surfaces, and optimise data usage. Implementing Data Security Posture Management (DSPM) and Data Intelligence Access Governance (DIAG) can significantly help organisations prepare for the adoption of Generative AI (GenAI) by addressing key challenges related to data security, governance, and compliance. This session will provide the audience with a high level understanding of why their Cyber, Data Governance and Data Privacy teams will need to collaborate to enable the business in the age of Generative AI.

• Explore frameworks and best practices for implementing responsible AI governance in enterprise environments.
• Identify key risk factors associated with AI adoption, including ethical considerations, regulatory compliance, and operational vulnerabilities.
• Demonstrate how to align AI initiatives with business objectives to drive value while maintaining accountability and trust.

Speakers:

Bharat Bajaj Senior Director ISACA Melbourne Chapter 

Reshma Devi Data & AI Risk and Information Management Transurban

AI is rapidly transforming the cyber threat landscape, with adversaries—from script kiddies to nation-state actors—leveraging AI to scale and automate attacks. Security operations leaders must adapt, using AI-driven defense strategies to stay ahead. This session explores how organisations can harness AI to enhance detection, response, and resilience. Learn key techniques for integrating AI into security operations, mitigating emerging risks, and ensuring AI works for you—not against you.

• Identifying key dependencies to address before embarking on a Zero Trust network transformation to ensure a smooth and effective implementation.
• Exploring the essential components of a Zero Trust technology stack, their roles in fortifying infrastructure, and their integration into existing environments.
• Applying pragmatic policy principles to focus on high-impact areas, maximising risk reduction without overwhelming resources or processes.
• Addressing the complexities of deploying Zero Trust in environments with legacy systems, OT, and IoT.

Moderator:

Helaine Leggat NED CI-ISAC & Chair CI-ISAC Health Cyber Sharing Network Advisory Panel

Panellists:

David Worthington, GM - Digital Security & Risk, Jemena

Winston Fernando Head of Cyber Security & Compliance Darebin City Council

Maria Paz CTO Epworth

Ash Diffey Vice President, ANZ Ping Identity

• The end of traditional perimeter security—why firewalls alone are no longer enough.
• Zero Trust and micro-segmentation—building security from the inside out.
• Defending a hyperconnected world—securing data, identities, and applications everywhere.

As the evolving threat environment demands a shift to proactive, data-centric security, traditional perimeter defences no longer suffice. Understanding data context is critical.

This session explores how data intelligence can empower cyber resilience, and why collaboration between data and security teams, underpinned by shared visibility, is key to staying ahead in an increasingly complex environment.

Adam Plotnikov Senior Solutions Engineer BigID

John Karabin Chief Cyber Security Strategist McGrathNicol

• How can organisations transform GRC from a compliance framework into a strategic tool that drives cyber maturity and resilience?
• What are the main challenges organisations face when embedding GRC into their cyber maturity journey, and how can these be overcome effectively?
• How can organisations measure and track the impact of GRC integration on their cyber maturity and long-term resilience goals?

Panellists:

Cameron Walter Head of Cyber Security Cricket Australia

Tharaka Perera Head of Information Security Estia Health

Dhaval Parikh Senior Partner Information Security &Technology Risk BoQ Group 

Nimisha Balyan GM Program Delivery & Change - P&T Transformation Telstra

The Great Rugby Giveaway to win hospitality tickets to see The British & Irish Lions face off against the Wallabies!

Join this conversation between Serkan Cetin (Technical Director APJ, One Identity) and Kylie Watson (Head of Cybersecurity, DXC Technology) as they unpack the evolving threats to critical infrastructure and how AI is reshaping cyber security responses. 

• Geopolitical risk spotlight: how conflicts like Ukraine expose infrastructure vulnerabilities
• SOCI Act: what’s changed and why it matters for security leaders
• QR and energy sector case studies: applying controls to protect people and services
• Real-world use of least-privilege and zero trust in operational environments
• AI in action: 113 hours saved in one month by automating SOC approvals for a financial client
• How to prioritise controls when budgets are under pressure

Serkan Cetin Technical Director APJ One Identity

Kylie Watson Head of Cybersecurity DXC technology

• Understand the influence of human behaviour and organisational culture on the effectiveness of cyber security practices.
• Implement strategies to foster a security-conscious mindset, encouraging proactive cyber hygiene and responsible digital behaviour across the workforce.
• Measure and evaluate the impact of security awareness initiatives, refining approaches to maintain a continuously improving cyber-aware culture.
• Empower employees to become active defenders, fortifying the organisation’s resilience.

Moderator:

Daisy Wong Squad Lead - Security Awareness Medibank

Panellists:

Cheryl Wong Security Culture & Engagement Lead EBOS Group

Winston Fernando Head of Cyber Security & Compliance Darebin City Council

Daniel Eastley Head of Group Cybersecurity JB HI-FI

Building on last year’s exploration of what Cyber can learn from Health, this presentation delves into the practical application of healthcare-inspired frameworks like ISBAR and PROMPT within cyber incident management. This session provides insights from the journey at VMIA, highlighting how these frameworks have informed the development of operational processes and systems to enhance response efficiency, communication, and resilience in the face of cyber threats. Join Ian as he shared actionable strategies for bridging disciplines and driving innovation in cyber security.

• What are the key vulnerabilities in the supply chain or gaps in vendor cyber security practices and their potential business impacts?
• How can businesses shift from reactive to proactive approaches in identifying and managing supply chain risks, particularly with the growing reliance on third-party services?
• What are the actionable strategies for improving vendor oversight and securing the entire supply chain against evolving cyber threats?
• How to develop tailored mitigation strategies to address financial, reputational, and operational risks posed by third-party vulnerabilities?

Moderator:

Raheem Sar APAC CISO The Access Group

Panellists:

Sandra Barns GM Information Security, Technology & Data Risk Judo Bank

Muzamil Rashid Head of Cyber Security Mazda Australia

Catherine Rowe Former Global CISO ex-QBE

Innovation and security are often seen as opposing forces, but the most successful organisations find ways to balance both. This panel brings together forward-thinking cyber security leaders to explore how to foster creativity while maintaining the rigour needed to safeguard organisations.

Moderator:

Prof Dan Haagman CEO Chaleit & Honorary Professor Murdoch University

Panellists:

Jerome Brown Head of IT: Cyber Security & Risk Country Road Group

Alison Stretch GM Cyber Security MACS

Vannessa Van Beek Global CISO Fortescue