CISO Melbourne schedule

In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network!

• Reflections on key achievements under Horizon 1 and lessons learned.
• Priorities as we move towards Horizon 2, including scaling cyber maturity across the economy and growing Australia’s cyber workforce.
• The role of public-private partnerships in building a resilient digital future.
• How the federal government continues engaging CISOs and the broader cyber community to drive national cyber resilience.

Step into an engaging conversation among CISO, CIO and CFO as they unpack the critical interplay between cyber security and financial strategy. This dynamic conversation offers a unique opportunity to explore how these three leadership roles align to protect organisational assets while enabling growth.

• How can we align priorities to ensure cyber security investments drive both risk reduction and organisational growth?
• What strategies do you use to translate cyber security risks into financial terms that resonate with the C-suite and board?
• How do you balance the need for proactive cyber security investments with the organisation’s financial constraints?
• What practical steps can improve collaboration among cyber security, IT and finance teams to protect assets and enable innovation?

Moderator:

John Taylor CTO Lumia Care

Panellists:

Noel Toal CIO DPV Health

Chris Storey CFO Suburban Rail Loop Authority 

Jo Stewart Rattray Chief Security Officer Silverchain

With evolving Australian regulations, enterprises are facing stricter mandates for securing sensitive data. Protecting is no longer just a best practice—it’s a business imperative. This session will explore key data protection requirements, including enhanced encryption, stricter access controls, and stronger authentication mechanisms. Join us to understand how to turn compliance challenges into security advantages while staying ahead of regulatory demands.

• How would you assess the current level of AI implementation within your organisation?
• What challenges have you encountered in adopting AI, and how have you addressed them?
• What are the key criteria and considerations for evaluating AI technologies as part of a holistic cyber risk management strategy?
• What indicators or benchmarks should organisations consider evaluating the effectiveness of AI-driven cyber defence initiatives?

Moderator:

Dr Imad Khan Data Science AI & Neural Networks Expert Victoria University

Panellists:

Sam Fariborz CISO David Jones

Jonar Marzan Group Cyber - Security, Risk & Compliance Manager Coles

Dushyant Sattiraju Director Cyber Security Deakin University

Craig Searle Regional Director CPS Pacific Trustwave

As DevSecOps evolves, AI and automation are redefining security operations, enabling proactive, self-managing security frameworks. This session will examine the benefits and challenges of autonomous DevSecOps, offering insights into how organisations can transition towards a continuous and self-sustaining security model.

• Exploring the convergence of AI, data, and cyber security
• Discussing data as the core foundation for AI-driven cyber security.
• Leveraging AI for proactive and predictive cyber defence.
• Examining challenges and risks that AI brings in for cyber security.
• Shedding light on the future of cyber security with AI and data.

Harnessing global threat intelligence allows organisations to move from reactive defence to proactive threat mitigation. This session will demonstrate how consolidating and operationalising threat feeds can improve security agility, enhance visibility across systems, and drive a more resilient cybersecurity posture.

• Explore the latest methods cybercriminals use to exploit human vulnerabilities to access sensitive information and compromise systems.
• Learn strategies to build organisational awareness and defences to mitigate the risks associated with social engineering.
• Discover how fostering a culture of cyber security awareness can empower employees reducing susceptibility to social engineering attacks and enhancing overall resilience.

Puneet Tikoo Information Security Lead Cisco

Bharat Bajaj Senior Manager – Risk & Control Enablement CBA

If there are contenders and goals, there is a game — to win requires theories and strategies. We constantly hear about the need to be strategic and develop strategies to attain cybersecurity goals, but what does that look like and how can you go about it? Ironically, there are actually strategies for developing a strategy. Security experts, join us for an insightful discussion on developing winning security strategies and gain practical insights and real-world examples to help you achieve your security objectives.

• Transform cyber security incident response skills into effective crisis leadership strategies.
• Apply key principles from ISO 22361 to strengthen crisis management processes and decision-making.
• Equip teams with actionable frameworks to navigate disruptions and ensure business continuity.

• Explore the capabilities of quantum computing, its current developments, and the expected timeline for real-world impact.
• Understand how quantum advancements could disrupt encryption, compromise sensitive data, and challenge existing security controls.
• Assess the implications for cyber security investment, compliance, risk management, and the cost of upgrading security infrastructure.
• Identify actionable steps for CISOs, including risk assessment, vendor collaboration, and future-proofing security architectures with AI-driven defence mechanisms.

Generative AI tools like Microsoft Copilot can enhance productivity but also introduce new security challenges. Learn how to mitigate the risks of prompt-hacking, control data access, and ensure your Copilot deployment remains secure.

Join Sunil as he shares his experience at ARN, where he successfully developed a risk framework to align security efforts with business priorities. Following his presentation, attendees will collaborate in small groups to:

• Reflect on Sunil’s framework and brainstorm how similar strategies can be implemented in their organisations.
• Share real-world challenges and successes in communicating cyber risks to leadership teams.
• Explore ideas for enhancing cross-departmental collaboration to improve risk management practices.
• Discuss actionable strategies for securing executive buy-in and driving cyber security initiatives forward.

Zero Trust is a vital component of modern security, but its value needs to be communicated to the C-suite. This session will explore how Okta and Palo Alto Networks can work together to align Zero Trust strategies with the organisation’s overall business goals. The pair will deep dive into:

• How can Okta’s IAM and Palo Alto’s security solutions help reduce business risk while enhancing operational agility?
• How can security leaders demonstrate the ROI of Zero Trust to the board, using examples from Okta and Palo Alto’s combined solutions?
• What are the key business drivers for adopting Zero Trust, particularly in terms of risk management, compliance, and breach prevention?

Speakers

James Darwin Principal Solutions Engineer Okta

Raj Sharma ANZ SASE:AI Portfolio GTM Leadership Palo Alto Networks

• Distinguish between intelligence and information to drive effective risk mitigation and decision-making.
• Embed real-time threat intelligence into SOC workflows to enhance detection and response.
• Use intelligence-driven insights to prioritise threats and optimise security operations.
• Strengthen collaboration across teams to maximise threat intelligence as a force multiplier.

In today's digital world, security challenges are evolving rapidly. As Australia aims for ambitious security goals, the need for cost-effective solutions is rising. Domain Name System (DNS) technology holds immense potential yet many organisations don't fully understand its role in security. We will highlight DNS vulnerabilities, threats exploiting the protocol and security approaches using DNS to defend against cyber threats. Learn about DNS's importance, vulnerabilities and how to leverage it for defence, gaining insights into threat detection and mitigation to bolster your security posture.

• Strategies to uplift your incident response readiness through table-top and crises exercises.

• Creating documented procedures, consistent and easy to understand for relevant stakeholders –you’ll need them ready-to-go in case of an incident.

• Incorporating board and executive management into IR – what do they need to know and do?

• Take-aways and lessons learned – reviewing what went according to plan and what can be improved.

Cloud-native applications demand a new approach to security—one that AI is uniquely positioned to provide. This session will examine how AI-driven security solutions can mitigate risks throughout the software lifecycle, from secure coding practices to real-time threat detection.

• Explore the limitations of traditional GRC frameworks in the evolving threat landscape and the benefits of automation, including reduced compliance overhead and real-time visibility for better decision-making.
• Discuss how these platforms address gaps in GRC automation and enable organisations to map cyber maturity effectively.
• Learn from a case study on transitioning from fragmented processes to a future-ready framework, with key takeaways and next steps for automation.

Cybersecurity isn’t just an IT concern—it’s a shared responsibility. Learn how a human-centric approach, real-life attack scenarios, and technical controls like email filtering and blacklisting can empower teams to mitigate threats effectively.

• Exploring how the CISO’s responsibilities are evolving from solely managing risks to enabling business growth and innovation.
• Understanding how CISOs can design adaptable security frameworks that support business agility and innovation while safeguarding against emerging threats.
• Discussing how CISOs can cultivate a mindset where security is not seen as a barrier but as a driver of business agility, empowering teams to innovate with confidence.

Moderator:

Lama Tayeh Founder & CEO LULUMPR 

Speakers:

Maria Paz, CTO, Epworth

John Taylor CTO Lumia Care

• An overview of new security regulations and standards affecting Australian businesses.
• Complying with SOCI, SoNS, CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, AESCSF, NIST and Essential 8.
• Insights into the current proposed legislation NIS 2.0 and DORA, which have been said to be the GDPR for Information Security.
• Strategies to balance the benefits against the cost-impact of compliance based on the enterprise’s risk appetite.

Moderator:

Dan Goldberg Australian Market ISO Omnicom

Panellists:

Puneet Tikoo Information Security Lead Cisco

Amanda Pinaud Cyber Security Manager Megaport

Helaine Leggat NED CI-ISAC & Chair CI-ISAC Health Cyber Sharing Network Advisory Panel

It's hard to believe that invoice fraud is even possible in this era of online payment, sophisticated accounts-payable systems and our heightened awareness of cybercrime. Yet, Australian businesses lost $152m to payment redirection scams last year - a 67% increase on 2023. In this session we will delve into real-world examples of cleverly crafted socially engineered attacks. We'll look through the security analyst's lens and uncover ways you can identify these amazingly real emails as fraudulent and discuss the impact of Behavioural AI based techniques in halting the attack that might otherwise result in significant financial losses.

• Understand the data protection and privacy challenges posed by emerging technologies as well as the new privacy act updated in August 2024.
• Reduce trust assumptions and adopt a more granular, data-centric and risk-based approach to security.
• Discuss how to take a proactive approach to building a unified data security strategy while grappling with emerging technology in an era where data is widely distributed across the organisation.

Moderator:

Andrew Morgan Head of Information Security & Risk Defence Health

Speakers:

Muzamil Rashid Head of Cyber Security Mazda Australia

Vasant Prabhu Global Data Protection Lead Toll Group

In this candid one-on-one conversation, a leading Australian CISO reflects on the rapidly evolving threat landscape impacting organisations across all sectors. This session explores how emerging technologies, geopolitical shifts, and adversarial innovation are reshaping the threat horizon. Discussing the rise of sophisticated multi-vector attacks, the increasing role of AI in both offence and defence, and the shifting tactics of cybercriminals and nation-state actors. Unpacking what’s keeping security leaders up at night, how businesses can move from reactive to strategic risk management, and what it truly takes to build resilience in a climate of constant cyber disruption.

Speakers:

Vannessa van Beek Global CISO Fortescue

Jason Murrell Chair Australian Cyber Network

Explore FortiGuard Lab's 2025 threat predictions and learn actionable strategies to combat emerging risks like supply chain attacks. Build resilience, minimise systemic risk and stay ahead in an interconnected threat landscape.

• What strategies effectively prioritise resource allocation towards high-value targets without over-allocating to less critical areas? What metrics or KPIs should be tracked?
• How crucial are comprehensive risk assessments for identifying critical assets?
• How can businesses balance thorough risk assessments with the fast-paced threat landscape?
• What are the main challenges in getting the board to prioritise cyber security investments, and how do you tackle them? What do you do when the board says no?

Moderator:

Tara Dharnikota CISO Victoria University

Panellists:

Callum Nelson CISO EBOS Group

James Ng GM Cyber Security (CISO) Insignia Financial

Robert Turney CISO auDA

The rise of Generative AI has transformed the enterprise landscape, with Large Language Models (LLMs) powering SaaS copilots and custom-built applications. Yet, two years into this GenAI revolution, businesses face a key challenge: balancing innovation with robust security.

From data privacy concerns to unintended information exposure, early adopters like Microsoft Copilot have revealed critical gaps in managing complex access permissions. Building enterprise-grade AI applications only adds to the complexity, requiring rigorous data controls and governance to mitigate risks.

In this session, we’ll explore:

• Emerging security challenges in AI and their impact on cybersecurity teams
• OWASP Top 10 for LLMs: What’s hype, and what’s real?
• Why traditional approaches, like LLM Firewalls, fall short.
• The essential controls and frameworks needed to secure GenAI deployments.

Whether you’re deploying AI in SaaS platforms or building in-house solutions, this session will arm you with the knowledge to address the toughest security challenges and unlock the full potential of Generative AI – without compromise.

• Explore frameworks and best practices for implementing responsible AI governance in enterprise environments.
• Identify key risk factors associated with AI adoption, including ethical considerations, regulatory compliance, and operational vulnerabilities.
• Demonstrate how to align AI initiatives with business objectives to drive value while maintaining accountability and trust.

Speakers:

Bharat Bajaj Senior Manager – Risk & Control Enablement CBA

Reshma Devi Data & AI Risk and Information Management Transurban

Asset intelligence is fundamental to securing critical infrastructure. This session will explore how leveraging an Asset Intelligence platform improves asset visibility, simplifies compliance, and enhances overall security posture by ensuring accurate, real-time asset data collection and analysis.

• Identifying key dependencies to address before embarking on a Zero Trust network transformation to ensure a smooth and effective implementation.
• Exploring the essential components of a Zero Trust technology stack, their roles in fortifying infrastructure, and their integration into existing environments.
• Applying pragmatic policy principles to focus on high-impact areas, maximising risk reduction without overwhelming resources or processes.
• Addressing the complexities of deploying Zero Trust in environments with legacy systems, OT, and IoT.

Moderator:

Helaine Leggat NED CI-ISAC & Chair CI-ISAC Health Cyber Sharing Network Advisory Panel

Panellists:

David Worthington, GM - Digital Security & Risk, Jemena

Winston Fernando Head of Cyber Security & Compliance Darebin City Council

Maria Paz CTO Epworth

Senior representative Ping Identity

• The end of traditional perimeter security—why firewalls alone are no longer enough.
• Zero Trust and micro-segmentation—building security from the inside out.
• Defending a hyperconnected world—securing data, identities, and applications everywhere.

Effective cyber defence requires more than just static controls. In this session, we’ll examine how real-time data empowers organisations to strengthen cyber hygiene, rapidly detect and respond to breaches, and streamline compliance initiatives to achieve higher Essential 8 Maturity levels.

• How can organisations transform GRC from a compliance framework into a strategic tool that drives cyber maturity and resilience?
• What are the main challenges organisations face when embedding GRC into their cyber maturity journey, and how can these be overcome effectively?
• How can organisations measure and track the impact of GRC integration on their cyber maturity and long-term resilience goals?

Panellists:

Cameron Walter Head of Cyber Security Cricket Australia

Tharaka Perera Head of Information Security Estia Health

Dhaval Parikh Cyber Security Advisory Lead UNSW

Nimisha Balyan GM Program Delivery & Change - P&T Transformation Telstra

• Understand the influence of human behaviour and organisational culture on the effectiveness of cyber security practices.
• Implement strategies to foster a security-conscious mindset, encouraging proactive cyber hygiene and responsible digital behaviour across the workforce.
• Measure and evaluate the impact of security awareness initiatives, refining approaches to maintain a continuously improving cyber-aware culture.
• Empower employees to become active defenders, fortifying the organisation’s resilience.

Moderator:

Daisy Wong Squad Lead - Security Awareness Medibank

Panellists:

Cheryl Wong Security Culture & Engagement Lead EBOS Group

Winston Fernando Head of Cyber Security & Compliance Darebin City Council

Daniel Eastley Head of Group Cybersecurity JB HI-FI

• Tough questions that need asking – how to make complex security simple, remove the vendor angst, and enable small teams to focus on the highest-impact tasks.
• Why is tech debt like your home mortgage and how do you know when to re-finance?
• Not assume breach– how does a ‘Let Breach’ mindset change your investment and provide lead indicator forecasting?
• How does MoSCoW prioritisation enable better business security and firewall rules at home?
• Practical tools to work out acceptable loss, right-sized security investment and drive business outcomes.

• What are the key vulnerabilities in the supply chain or gaps in vendor cyber security practices and their potential business impacts?
• How can businesses shift from reactive to proactive approaches in identifying and managing supply chain risks, particularly with the growing reliance on third-party services?
• What are the actionable strategies for improving vendor oversight and securing the entire supply chain against evolving cyber threats?
• How to develop tailored mitigation strategies to address financial, reputational, and operational risks posed by third-party vulnerabilities?

Moderator:

Raheem Sar APAC CISO The Access Group

Panellists:

Sandra Barns GM Information Security, Technology & Data Risk Judo Bank

Muzamil Rashid Head of Cyber Security Mazda Australia

Catherine Rowe Former Global CISO ex-QBE

Innovation and security are often seen as opposing forces, but the most successful organisations find ways to balance both. This panel brings together forward-thinking cyber security leaders to explore how to foster creativity while maintaining the rigour needed to safeguard organisations.

Moderator:

Prof Dan Haagman CEO Chaleit & Honorary Professor Murdoch University

Panellists:

Jerome Brown Head of IT: Cyber Security & Risk Country Road Group

Alison Stretch GM of Information Security

Vannessa Van Beek Global CISO Fortescue