CISO Melbourne schedule

Dive into a comprehensive exploration of strategic security planning amid the dynamic landscape of cyber threats. This session will discuss a useful framework of to-do’s for formulating a robust and future-oriented security strategies. By asking the right questions, we'll uncover critical insights and approaches that help your organisation anticipate and mitigate risk, thereby securing a more resilient future in an era of growing uncertainty.

The realm of DevSecOps is undergoing a radical transformation, akin to the shift from traditional gas-powered cars to autonomous vehicles. In “Self-Governing DevSecOps: Navigating Towards Continuous Security”, we explore this evolution, highlighting how the integration of AI and automation is driving a new era of proactive and self-managing security. This talk will guide you through the stages of this journey, illustrating the benefits of autonomous DevSecOps in enhancing efficiency, security, and scalability while addressing the challenges that come with it. Discover how to navigate the path towards a self-sustaining security framework that is ready for the future.

• Getting senior management commitment and establishing the company’s risk appetite
• Aligning your security frameworks with key business requirements
• Successful practices governing policies for controls, regulations, and the strategy
• Implementing monitoring processes and metrics for effectiveness and continuous improvement
• How cyber can deliver value by fulfilling business objectives, which in turn increases customer trust

The foundational component of a modern security architecture is a secure identity system. And though most organizations are thinking "cloud first", identity doesn't start in the cloud - it starts on premises. And overwhelmingly that on-premises identity system is Microsoft’s Active Directory (AD).
 AD is involved in more than 90% of all cyberattacks today because when it's compromised it gives attackers near-total control over your IT systems. And once crippled by a cyberattack, it requires an average of two weeks to rebuild and regain trust manually - while your business is down.
 
In this session, Sean will review:

• Why AD is such a target
• How you can increase operational resilience of this mission critical identity system by
• Mitigating attacks against your AD
• Significantly reducing its recovery time objective (RTO)

• Sharpening standards and compliance practices
• Assessing the cost-impact of compliance from a strategic perspective
• Complying with CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, NIST and Essential 8
• Sharing information and intelligence to support the wider ecosystem
• How do industry and boards keep up with all the government led changes such as SoNs and the multiple reporting obligations across various government regimes?

Panel moderator:

Toby Amodio, Director and Government Cyber Delivery Lead, Fujitsu Cyber Security Services

Panellists:

Varun Acharya, CISO, Healthscope

Roshan Daluwakgoda, CISO, Eastern Health

Grant Lockwood, CISO, Virtus Health

Sandeep Taileng, CISO, State Trustees VIC

Credentials, API tokens, certificates, keys. All of these secrets are growing at a rapid rate as we work towards building least privilege patterns. This proliferation introduces significant challenges for visibility, lifecycle, and user experience, and poses significant risk when they fall into the hands of bad actors. In this talk, Jamie Wright, Staff Solutions Engineer for HashiCorp looks at the necessary shifts that you need to make to keep your secrets safe.

GRC is the super sexy discipline that most of us don’t even know we need. We tend to love shiny technologies, but does the rest of business see the same sparkle?
Cyber is all about managing a risk that can shut down your company if you stuff it up. Governance creates the visibility and accountability for the entire business. The key point of risk is knowing you can’t stop everything while ensuring everyone agrees on how far you’re going to go to try and stop bad things from happening. Compliance allows you to ensure the laws that impact your business and the frameworks you’ve chosen to align with have been turned into a cyber security approach that gives regulators comfort that you’ve got your act together.

During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

• Evaluating the threat landscape and how it can impact your business
• What the new regulatory requirements - such as SOCI Act Reform and the 2023-2030 Australian Cyber Security Strategy - mean for your enterprise
• Assessing your company’s risk exposure against the risk tolerance
• Bringing those two together and defining a robust roadmap
• Reporting to the board by presenting KPIs and maturity assessments for effective communication

Extensive knowledge of assets that need to be secured is foundational for any effort to secure any type of asset. It’s no surprise that the Security of Critical Infrastructure Act 2018 (SOCI) addresses this in its initial requirements and recommendations.

When an Asset Intelligence platform is implemented as the bedrock of a cyber security initiative asset information is continuously collected, aggregated, correlated and analysed making all subsequent activities easier.

Join me to learn what constitutes an Asset Intelligence platform and how specific capabilities optimise every step of the process to compliance.

• Building security from scratch – why common controls are not enough for CI, and identifying which ones are
• Strategies to reduce the attack surface, protect critical systems, separate environments, and contain a breach to prevent business interruption and disaster
• Exploring how innovative technologies can help your company achieve adaptability and resilience

Panel moderator:

Rachel Bailes, Delivery Manager, Compliance Policy and Reporting, Coles

Panellists:

Jalpa Bhavsar, Senior Consultant, NAB

Dinesh Perera, Head of Risk Management, Compliance and Security, Pacific, Ingenico Financial Services

Simon Cowley, Principal Cybersecurity Officer & IMT, eHealth, Department of Health 

Grant-Ross Seegers, Independent Senior Security Advisor

 

In today's cybersecurity landscape, traditional detection methods often prove insufficient, as attackers continue to breach environments, across on-prem and public clouds, and establish footholds despite these measures. This session will explore how attackers exploit weak segmentation to move laterally, spreading through networks to execute their disruptive or data-theft missions. By directly addressing the issue of lateral movement, we can break this chain of attack and significantly reduce the success rate of cyber threats.

During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

Explore practical methods for optimizing the performance of offensive security teams within your organization. We will discuss fostering team culture and morale, alongside techniques for boosting technical expertise. Additionally, we'll examine ways to apply offensive security skills in unconventional contexts, expanding their impact beyond traditional penetration testing. By the end, you will have actionable insights to empower your offensive security teams to strengthen your organizational security.

During this session, we'll show you just how easily your company's sensitive data can be exposed using Microsoft Copilot with simple prompts. We will share practical steps and strategies to ensure a secure Microsoft Copilot rollout and prevent prompt-hacking data exposure.

• Effective ways to influence boards and senior management on how security is aligned with the business goals
• Engaging the Steering Committee: How to get cross-functional representatives to be security cheerleaders
• The power of joining forces to assess risks, implement security controls, and ensure tech infrastructure is compliant to regulations

Panel moderator:

Joss Howard, CISO, Scyne Advisory

Panellists:

Vijay Narayan, CISO, Mercy Health

Sara Abak, CISO, Intellihub Group

Robert Turney, Head of Cyber Security, iSelect

Indika Wimalasiri, CISO, Praemium

Sanja Marais, Chief Technology and Security Officer, Aspen Medical

In the dynamic world of cloud-native applications, Artificial Intelligence (AI) has emerged as a game-changer. It’s not just a component, but a pivotal force that is redefining the security landscape of these applications.

At Aqua, we are at the forefront of this exciting intersection of AI and security. We are pioneering innovative solutions that leverage the power of AI to enhance security throughout the lifecycle of cloud-native applications.

Speakers:

Madhul Sachdeva, Presales Cloud Native Security Specialist – APAC, Aqua Security

Peter De Moor, Regional Sales Manager, Aqua Security

During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

In recent years, with the increasing activity and exploitation of organisations; governments have started to see the importance of Information Security. 
To address this governments have been implementing legislation and regulations around Information Security, to ensure that critical systems and infrastructure are protected. 
Europe last year released their versions which will come into effect in 2024 and 2025, that looks to address Information Security in Europe. 
This session will be an introductory talk about the current proposed legislation NIS 2.0 and DORA, which have been said to be the GDPR for Information Security. 
These new directives and regulations could have implications and impacts, for any business working with EU organisations.

Secrets such as APIs, tokens, valid and stolen credentials act as keys to unlock protected resources. They are the leading threat vector for data exposures and breaches of enterprise SaaS applications. In this session, learn the anatomy of a SaaS breach and best practices to build a viable SaaS threat model.

Effective ways to educate – engaging diverse people with cybersecurity and online safety

People centric – adopting an in-person tone and using real-life examples of how a cyberattack can impact everyone’s live

Relevant – what’s in it for them and why they should care

Providing resources – setting clear expectations and providing resources

Panel moderator:

Vriti Magee, Enterprise Security Architect, Transurban

Panellists:

John O'Driscoll, Head of Risk, Data & Technology, Medibank

Vijay Krishnan, CISO, UniSuper

Joanne Lu, Manager Group Cyber Automation, Qantas

Fiona Collie, Cyber Awareness and Outreach Manager, Monash University

Raheem Sar, APAC Region Manager - Security, Risk & Compliance, The Access Group

Ryan Nera, BISO, Telstra

Cyber-attacks are getting more regular and sophisticated, often they go undetected. Improving security posture is an ever-growing priority; however, as organizations continue to struggle with remediation, this gives adversaries more opportunities to exploit not just vulnerabilities but also identity-related issues and misconfigurations. Join this session to learn how organizations mature their security posture by looking at their environment through the lens of an attacker, giving them a common language for discussing, and prioritizing measurable risk reduction.

• Does your AI cybersecurity strategy feel like it’s mission-critical or mission impossible?
• What happens when AI is implemented with little thought or understanding, resulting in a distraction that degrades decision making?
• What is needed from decision makers to ensure success in deployment of AI to enhance the defender’s capability.

Critical infrastructure owners and operators face specific challenges, and common security controls might not meet the enterprise’s requirements. During this session, we will explore how to adopt a holistic and practical approach to OT by involving business owners and architecture teams. We’ll also explore successful practices in mitigating third-party risks.

There’s more to privilege management than access - it’s protection.

Just like a firewall, privilege management segments your infrastructure by controlling who are the appropriate people and services,  and how they use your powerful admin credentials.

Learn how Delinea uses identity intrinsically linked to privilege and authorisation that can, and should, be used as your primary defence.

Every user, machine, role has an identity and has privileges that must be considered and used strategically.

• Recognize cyberwar is inevitable and ongoing, with a focus on Chinese and Russian tactics
• Use Kaizen for continuous improvement; ensure CISOs report to the CEO or board.
• How cyberwar and ransomware defense is like combating 17th-century pirates.
• Learn from Australia's HikVision ban and learn about the 2023-2030 Cyber Security Strategy.

• Developing risk assessment strategies with the emerging risks and threat landscape in mind
• Conducting gap analysis to identify where resilience can be improved
• Analysing metrics for visibility of the effectiveness of your cyber programs
• Selecting the best maturity model for your organisation and creating an advancement plan

Due to the constant evolution of our internal networks and in the face of an unforgiving threat landscape, Security Operations teams are constantly looking at new ways to enhance their visibility in order to better anticipate cyber threats. This session will explore the importance of how clarity of goals, visibility of your attack surface, and cyber threat intelligence can be helpful in better focusing your cyber security defences.

The software development and application security testing landscapes have changed significantly over the years. Application security, however, has not quite kept up and doing security is still an onerous and frustrating process, with security still slowing development down. During this session, we’ll share different approaches to application security and the application's supply chain.

• Building trust with clients and stakeholders
• Compliance as a key enabler
• Security & compliance as a competitive differentiator
• How security & compliance can enable sales

Everyone understands the risks and challenges that passwords pose today. However, eliminating them completely may not be as easy as one might think, especially if you have to support a lot of legacy applications or different user populations that do not all have smart devices. Come join Ash Diffey, Vice President Sales, ANZ from Ping to learn how you can still get started on a journey to passwordless with practical examples.

Continue the conversations in a fun and entertaining way.

• Lessons learned from recent high-profile cyber incidents
• How the National Office of Cyber Security helps coordinate responses to incidents
• What's involved in effective consequence management

Cloud and Artificial Intelligence (AI) are empowering organisations to meet their business goals quickly and effectively, however, also presents a tectonic shift for cyber security teams. Today, CISO’s are forced to enable the adoption of Cloud and AI use cases at the speed of dev, requiring new operating models to continue to protect their environments and eliminate critical risks. Join this session to learn how you can enable your team to build faster in the cloud, ensuring security, Dev and DevOps can work together in a self-service model built for the scale and speed of your cloud and AI developments.

Designing a cybersecurity operating model with people, processes, and technology at the core of your strategy is key. How to factor in the business strategy into the operating model, and how to take your business requirements as part of that process. During this session, we’ll explore strategies to:

• Build a well-developed program that supports and is tailored to the organisation’s needs
• Create a well-designed program with cooperation and support from stakeholders and management
• Develop effective metrics and KPIs for program design, implementation, and management performance assessment

Futuristic threats are not reserved for the future anymore, augmented humans are real and pose a significant threat today. I currently have ten microchip implants within my body that are used for offensive security. I will show how the use of these devices allows me to bypass current security protocols and walk away. By remaining in the grey areas of law I will show how current health and privacy laws prevent discovery.

In this session Len will demonstrate:

 

• Implant instantiated attacks
   
  • Direct Download
  • Implant MiTM
  • Implant Phishing / Smishing
  • Implant Physical security bypass
• Mitigations to Transhuman based attacks

Hear first-hand from someone 12 months from Day 1 of a merger about:

• How to navigate the opportunities and pitfalls from achieving a unified approach to cyber when faced with bringing two disparate teams together following an M&A
• How to manage the threats and risks that surface following the organisation's growing in size and market prominence
• How to approach the need to consolidate cyber technologies, tools and controls whilst actively defending against attacks
• What happens when you have two SOCs and need to get to one?
• How to keep your people motivated on the merger journey?

In today's digital landscape, managing your attack surface and prioritizing vulnerabilities are crucial for robust cybersecurity. Join us for a 20-minute session where we'll explore effective strategies to identify, assess, and mitigate potential threats. Learn how to streamline your vulnerability management process and allocate resources efficiently to safeguard your organization against cyberattacks. 

• What trends are we looking from a security perspective?
• Understanding the risks and implications of offensive AI and how it will change our threat landscape
• How CISOs can be prepared for potential risks
• Strategies to use AI in cyber defence

During this presentation, we’ll discuss:

• Resilient culture
• Cybersecurity and leadership
• Humans Factors
• Interdisciplinary strategies

• How security is changing and how to ideally address it
• The shift-left reality and how the solution didn't work
• The cost implications of a wrong security workflow
• How to make DevSecOps work, strategically 

Panel moderator:

Lisa Dethridge, Senior Research Fellow, RMIT University

Panellists:

Mazino Onibere, CISO, Regis Aged Care

Pearse Courtney, Cyber Project Manager, AEMO

Oliver Pettit, Senior Manager, Monitoring & Defence, Cyber Security, AGL

David Plummer, Regional Director for ANZ, Cyfirma

Many organisations are implementing an integrated identity access and governance management to overcome the challenges they face when upgrading business operations, modernising aging infrastructure, and protecting network perimeters. Join us to learn how IAM is successfully helping safeguard your organisation while scaling up.

Panel moderator:

Jason Murrell, Independent Chair, Cyber Security Certification Australia (CSCAU)  

Panellists:

Ad Wolst, Head of Cyber Security Engineering & Platform Services, Technology Security, Bupa

James Byrne, Manager, Cybersecurity Architecture, AMPOL

Chikonga Maimbo, Manager Information Security, Bank Australia

Daniel Eastley, Cyber Security Services Manager, JB Hi-Fi and The Good Guys

Aidan Turner, Manager, Identity and Access Management, Downer Group

Ben King, VP of Security Trust & Culture, Okta

• Importance of human factor to cyber security and why most cyber awareness efforts fail
• Tailoring security awareness programs to address cyber risks and business priorities
• Strategies to influence behaviour and create a cyber-safe culture

Panel moderator:

Lisa Dethridge, Senior Research Fellow, RMIT University

Panellists:

Tara Dharnikota, Head of Information Security Management, PEXA

Bethwyn Berry, Head of Cyber Security, PMO & Governance, BlueScope Steel

May Mun, Senior Manager – Cyber Governance and Assurance, Transurban

Sandeep Taileng, CISO, State Trustees VIC

Daisy Wong, Former Security Culture & Awareness Lead, Flybuys

AI is here to stay. How can we leverage its benefits while preventing its risks? Join us to discuss dos and don’ts of AI use in business. Exploring AI bright and dark side, from ChatGPT misuse to opportunities of bridging the talent gap

• Can vendors fast track AI in cybersecurity tools?
• What trends are we seeing from a security perspective?
• What are the risks and implications of offensive AI and how it will change our threat landscape?
• How CISOs can keep pace with AI evolution without being a blocker and a function of “no”
• Ways to be prepared for potential risks, and strategies to use AI in cyber defence
• You can’t ban AI – how to balance security & GRC to manage and govern risks

Panel Moderator:

Lama Tayeh, Founder, LULUMPR

Panellists:

Tony Lou, Cyber Security Manager, Bendigo Health

Lisa Dethridge, Senior Research Fellow, RMIT University

Deepa Bradley, CISO, South East Water

Andrew Robinson, Founder And CISO, 6clicks

Your organisation confirms the breach, and you get contacted by the hacker asking for the ransom payment. Whatever decision you make comes with uncertainties and consequences. Join us for an interactive discussion around the challenges, concerns, and risks of paying – or not – the ransom.

Moderator:

Jason Murrell, Independent Chair, Cyber Security Certification Australia (CSCAU)  

Panellists:

Anya Avinash, Head of Cybersecurity, Bank First

Vijay Narayan, CISO, Mercy Health

Rob Wiggan, Experienced CISO

Tim Hartman, Head of Solutions Architect – ANZ, Infoblox

The technology migration required to address threats of quantum computing require organizations to start planning immediately. During this session we will discuss the quantum computing timelines, the impacts of quantum computing, what organizations are doing to prepare, and how you can get started on defining a migration strategy.

In the ever-evolving landscape of cybersecurity, the path to leadership is often as unpredictable as the threats we face. In this presentation, titled "Lessons from an unexpected CISO," I will share my journey from a rapid appointment to the role of Chief Information Security Officer (CISO) to becoming an effective leader in a critical domain.

Through personal anecdotes and professional insights, I will explore the challenges and triumphs encountered when stepping into the CISO role under expedited circumstances. Attendees will gain a deeper understanding of the strategic and operational adjustments required, the importance of rapid learning and adaptation, and the value of leveraging diverse experiences to build a resilient security posture.

Analysis of how Victoria Health Services manage emergencies and highlighting transferable elements from their processes, systems, tools, and training for Cyber to adopt, aiming to improve incident response efficiencies and effectiveness.

• Strategies to uplift your incident response readiness through table-top and crises exercises
• Creating documented procedures, consistent and easy to understand for relevant stakeholders –you’ll need them ready-to-go in case of an incident
• Incorporating board and executive management into IR – what do they need to know and do
• Take-aways and lessons learned – reviewing what went according to plan and what can be improved 

• Assessing the status of your incident response capability: when should you perform read-through, table-top, and red team exercises
• How can pen-testing and vulnerability management be most effective?
• What are the challenges and benefits of CMDB from an IM perspective?
• Incident Management Systems – benefits of EDR systems, IDPS, and other managed incident strategies
• Reactive Incident response vs Proactive Incident response – how well organisation manage that and how well those tasks are defined and segregated among defensive teams

Panel moderator:

Jason Murrell, Independent Chair, Cyber Security Certification Australia (CSCAU)  

Panellists:

Deniz Molokov, CISO, Downer

Sonomi Miyazaki, Senior Blue Team Manager, Attack & Response, TPG Telecom

Jalpa Bhavsar, Senior Consultant, NAB

Raymond Schippers, Head of Detection and Response, Canva

Lama Tayeh, Founder, LULUMPR