CISO Melbourne schedule

In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network!

• Reflections on key achievements under Horizon 1 and lessons learned.
• Priorities as we move towards Horizon 2, including scaling cyber maturity across the economy and growing Australia’s cyber workforce.
• The role of public-private partnerships in building a resilient digital future.
• How the federal government continues engaging CISOs and the broader cyber community to drive national cyber resilience.

• Exploring the convergence of AI, data, and cyber security
• Discussing data as the core foundation for AI-driven cyber security.
• Leveraging AI for proactive and predictive cyber defence.
• Examining challenges and risks that AI brings in for cyber security.
• Shedding light on the future of cyber security with AI and data.

With evolving Australian regulations, enterprises are facing stricter mandates for securing sensitive data. Protecting is no longer just a best practice—it’s a business imperative. This session will explore key data protection requirements, including enhanced encryption, stricter access controls, and stronger authentication mechanisms. Join us to understand how to turn compliance challenges into security advantages while staying ahead of regulatory demands.

• How would you assess the current level of AI implementation within your organisation?
• What challenges have you encountered in adopting AI, and how have you addressed them?
• What are the key criteria and considerations for evaluating AI technologies as part of a holistic cyber risk management strategy?
• What indicators or benchmarks should organisations consider evaluating the effectiveness of AI-driven cyber defence initiatives?

Moderator:

Dr Imad Khan Data Science AI & Neural Networks Expert Victoria University

Panellists:

Sam Fariborz CISO David Jones

Jonar Marzan Group Cyber - Security, Risk & Compliance Manager Coles

Dushyant Sattiraju Director Cyber Security Deakin University

Craig Searle Regional Director CPS Pacific Trustwave

In this session, we will explore how a human-centric approach to cybersecurity can significantly transform your data protection efforts. Moving beyond traditional technical solutions, we’ll highlight how integrating data classification, behavioural insights (i.e. user intent), and threat context creates a dynamic defence against data loss.

Step into an engaging conversation among CISO, CIO and CFO as they unpack the critical interplay between cyber security and financial strategy. This dynamic conversation offers a unique opportunity to explore how these three leadership roles align to protect organisational assets while enabling growth.

• How can we align priorities to ensure cyber security investments drive both risk reduction and organisational growth?
• What strategies do you use to translate cyber security risks into financial terms that resonate with the C-suite and board?
• How do you balance the need for proactive cyber security investments with the organisation’s financial constraints?
• What practical steps can improve collaboration among cyber security, IT and finance teams to protect assets and enable innovation?

Moderator:

John Taylor CTO Lumia Care

Panellists:

Noel Toal Chief Technology & Transformation Officer Repurpose It 

Chris Storey CFO Suburban Rail Loop Authority 

Jo Stewart Rattray Chief Security Officer Silverchain

PKI is undergoing a mandatory rebirth. This renaissance is driven by a series of events that require action in order to address security threats, regulations, scalability, and lifecycle management challenges. The good news is that this transformation will lead to a new generation of PKI that is more secure, resilient, and agile. Factors Driving the PKI Renaissance:

• Shortened certificate validity: By 2029, organizations will need to operate certificates with 47-day validity periods for all public trust use cases. This decision by the CA/Browser Forum will make manual processes practically impossible to maintain.
• Explosion of Machine Identities: From APIs and IoT devices to containers and multi-cloud environments, machines now represent billions of connections. Soon, there will be three times as many devices as humans—not including the coming wave of AI agents that will also need trusted identities.
• Operational Scale and Complexity: Traditional cloud and hybrid environments blur the lines between external, internal, and federated PKIs. These systems demand large volumes of varying certificate types, which in turn requires a flexible CLM that can seamlessly tie everything together.
• The Quantum Threat: The very foundation of PKI—the cryptographic algorithms that cannot be guessed or brute-forced with today’s computing power—is now under threat. Quantum computers will soon be able to break existing crypto algorithms. New, quantum-safe algorithms exist, but they need to be tested and deployed everywhere by 2029, according to Gartner and other industry experts.

• Explore the latest methods cybercriminals use to exploit human vulnerabilities to access sensitive information and compromise systems.
• Learn strategies to build organisational awareness and defences to mitigate the risks associated with social engineering.
• Discover how fostering a culture of cyber security awareness can empower employees reducing susceptibility to social engineering attacks and enhancing overall resilience.

Puneet Tikoo Information Security Lead Cisco

Bharat Bajaj Director ISACA Melbourne Chapter

If there are contenders and goals, there is a game — to win requires theories and strategies. We constantly hear about the need to be strategic and develop strategies to attain cybersecurity goals, but what does that look like and how can you go about it? Ironically, there are actually strategies for developing a strategy. Security experts, join us for an insightful discussion on developing winning security strategies and gain practical insights and real-world examples to help you achieve your security objectives.

• Transform cyber security incident response skills into effective crisis leadership strategies.
• Apply key principles from ISO 22361 to strengthen crisis management processes and decision-making.
• Equip teams with actionable frameworks to navigate disruptions and ensure business continuity.

Digital innovation isn’t optional—it’s the engine of modern business growth, driving sharper customer experiences, operational efficiency, and bottom-line impact. But this momentum comes with risk. As organisations accelerate transformation, cybersecurity must evolve just as fast. In this session, we unpack how security leaders can move from blockers to enablers—managing emerging risks, embedding structured resilience, and using AI to fuel secure innovation at scale.

Key Takeaways:

• Managing Cyber Risks in Digital Transformation – Identify and mitigate the fast-evolving threats that come with rapid innovation and tech adoption.
• Proactive Risk Assessment – Use structured, risk-based methods to boost resilience, maximise return on security investments, and ensure compliance.
• AI for Cyber Defence & Innovation – Harness AI not just to defend, but to accelerate secure innovation—automating response, reducing risk, and enabling scale.

• Explore the capabilities of quantum computing, its current developments, and the expected timeline for real-world impact.
• Understand how quantum advancements could disrupt encryption, compromise sensitive data, and challenge existing security controls.
• Assess the implications for cyber security investment, compliance, risk management, and the cost of upgrading security infrastructure.
• Identify actionable steps for CISOs, including risk assessment, vendor collaboration, and future-proofing security architectures with AI-driven defence mechanisms.

In an era where AI is transforming how we work, the stakes for data security have never been higher. This panel brought to you by Varonis brings together two distinct but complementary voices - Selena Schimko from Lantern Legal and Edie Ward from Chemist Warehouse to explore how security and transformation leaders are navigating the tension between innovation and risk.

We will cover:

• Translating AI risk into business language that resonates with leadership.
• Balancing experimentation with governance in high-stakes environments.
• Building trust in AI systems through transparency, education, and tooling.
• How vendors like Varonis help bridge the gap between risk aversion and innovation.

You’ll walk away with real-world strategies for securing sensitive data, enabling safe AI adoption, and empowering your teams to innovate responsibly.

Moderator:

Geoff Morrison Manager of Sales Engineering ANZ Varonis

Panellists:

Selena Schimko General Manager Lantern Legal

Edie Ward Cyber Security Project Manager Chemist Warehouse 

Join Sunil in a candid fireside chat moderated by Dan Haagman, as they unpack what it takes to elevate cyber risk into a meaningful business conversation. Sunil will share insights from his experience developing a risk framework that helped align security efforts with business priorities and secure executive support.

Speakers:

Sunil Rane Deputy CISO EBOS Group

Zero Trust is a vital component of modern security, but its value needs to be communicated effectively to the C-suite. This session will explore how Okta and Palo Alto Networks can work together to align Zero Trust strategies with the organisation’s overall business goals.
This session features Palo Alto Networks and Estia Health, who will share their unique journeys and experiences leveraging Okta to achieve robust security and streamlined operations. Gain valuable insights directly from industry leaders on how they've successfully implemented Zero Trust principles and integrated Okta within their existing security frameworks.

Speakers:

James Darwin Principal Solutions Engineer Okta

Raj Sharma ANZ SASE:AI Portfolio GTM Leadership Palo Alto Networks

Tharaka Perera Head of Information Security Estia Health

• Distinguish between intelligence and information to drive effective risk mitigation and decision-making.
• Embed real-time threat intelligence into SOC workflows to enhance detection and response.
• Use intelligence-driven insights to prioritise threats and optimise security operations.
• Strengthen collaboration across teams to maximise threat intelligence as a force multiplier.

In today's digital world, security challenges are evolving rapidly. As Australia aims for ambitious security goals, the need for cost-effective solutions is rising. Domain Name System (DNS) technology holds immense potential yet many organisations don't fully understand its role in security. We will highlight DNS vulnerabilities, threats exploiting the protocol and security approaches using DNS to defend against cyber threats. Learn about DNS's importance, vulnerabilities and how to leverage it for defence, gaining insights into threat detection and mitigation to bolster your security posture.

• Strategies to uplift your incident response readiness through table-top and crises exercises.

• Creating documented procedures, consistent and easy to understand for relevant stakeholders –you’ll need them ready-to-go in case of an incident.

• Incorporating board and executive management into IR – what do they need to know and do?

• Take-aways and lessons learned – reviewing what went according to plan and what can be improved.

 The world beneath us is moving. AI is on the path to be the fastest adopted technology in the world and with that will come significant opportunities and risks. In this session we will look at how quickly AI is changing our worlds and how threat actors are leveraging it to attack us at a speed, scale and sophistication never seen before. Attackers leveraging AI is only one side of the coin, we will also dive into how organisations can safely and securely adopt AI in a time of rapid change and uncertainty. This session will provide practical advice based on Palo Alto Networks experience on how to safely and securely adopt and implement AI with your organisation whilst maintaining strategic reliance.

Speakers:

Michael Shipley Principal Architect Strata Palo Alto Networks

Marc Gallop Senior Domain Consultant Palo Alto Networks

This roundtable will explore effective practices, current challenges, and innovative ideas for optimising your existing Vulnerability Management (VM) programme. We will also discuss Continuous Threat Exposure Management (CTEM), a proactive approach that moves beyond vulnerability identification to focus on exploitability, likely attack paths, and real-world business impact.

• Explore the limitations of traditional GRC frameworks in the evolving threat landscape and the benefits of automation, including reduced compliance overhead and real-time visibility for better decision-making.
• Discuss how these platforms address gaps in GRC automation and enable organisations to map cyber maturity effectively.
• Learn from a case study on transitioning from fragmented processes to a future-ready framework, with key takeaways and next steps for automation.

“Defenders think in lists, attackers think in graphs, and as long as this continues attackers win” – JLambert (Microsoft).

Join us for an insightful look at how AI Powered Security Graphs are revolutionising breach identification, helping reframe detection in a decentralised world, represent a vital component of defenders’ security observability and are transforming breach containment into board-level resilience.

• Exploring how the CISO’s responsibilities are evolving from solely managing risks to enabling business growth and innovation.
• Understanding how CISOs can design adaptable security frameworks that support business agility and innovation while safeguarding against emerging threats.
• Discussing how CISOs can cultivate a mindset where security is not seen as a barrier but as a driver of business agility, empowering teams to innovate with confidence.

Moderator:

Lama Tayeh Founder & CEO LULUMPR 

Speakers:

Maria Paz, CTO, Epworth

John Taylor CTO Lumia Care

• An overview of new security regulations and standards affecting Australian businesses.
• Complying with SOCI, SoNS, CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, AESCSF, NIST and Essential 8.
• Insights into the current proposed legislation NIS 2.0 and DORA, which have been said to be the GDPR for Information Security.
• Strategies to balance the benefits against the cost-impact of compliance based on the enterprise’s risk appetite.

Moderator:

Dan Goldberg Australian Market ISO Omnicom

Panellists:

Puneet Tikoo Information Security Lead Cisco

Amanda Pinaud Head of Cyber Security Compliance Megaport

Helaine Leggat NED CI-ISAC & Chair CI-ISAC Health Cyber Sharing Network Advisory Panel

It's hard to believe that invoice fraud is even possible in this era of online payment, sophisticated accounts-payable systems and our heightened awareness of cybercrime. Yet, Australian businesses lost $152m to payment redirection scams last year - a 67% increase on 2023. In this session we will delve into real-world examples of cleverly crafted socially engineered attacks. We'll look through the security analyst's lens and uncover ways you can identify these amazingly real emails as fraudulent and discuss the impact of Behavioural AI based techniques in halting the attack that might otherwise result in significant financial losses.

• Understand the data protection and privacy challenges posed by emerging technologies as well as the new privacy act updated in August 2024.
• Reduce trust assumptions and adopt a more granular, data-centric and risk-based approach to security.
• Discuss how to take a proactive approach to building a unified data security strategy while grappling with emerging technology in an era where data is widely distributed across the organisation.

Moderator:

Andrew Morgan Head of Information Security & Risk Defence Health

Speakers:

Muzamil Rashid Head of Cyber Security Mazda Australia

Vasant Prabhu Global Data Protection Lead Toll Group

In this candid one-on-one conversation, a leading Australian CISO reflects on the rapidly evolving threat landscape impacting organisations across all sectors. This session explores how emerging technologies, geopolitical shifts, and adversarial innovation are reshaping the threat horizon. Discussing the rise of sophisticated multi-vector attacks, the increasing role of AI in both offence and defence, and the shifting tactics of cybercriminals and nation-state actors. Unpacking what’s keeping security leaders up at night, how businesses can move from reactive to strategic risk management, and what it truly takes to build resilience in a climate of constant cyber disruption.

Speakers:

Vannessa van Beek Global CISO Fortescue

Jason Murrell Chair Australian Cyber Network

Explore FortiGuard Lab's 2025 threat predictions and learn actionable strategies to combat emerging risks like supply chain attacks. Build resilience, minimise systemic risk and stay ahead in an interconnected threat landscape.

• What strategies effectively prioritise resource allocation towards high-value targets without over-allocating to less critical areas? What metrics or KPIs should be tracked?
• How crucial are comprehensive risk assessments for identifying critical assets?
• How can businesses balance thorough risk assessments with the fast-paced threat landscape?
• What are the main challenges in getting the board to prioritise cyber security investments, and how do you tackle them? What do you do when the board says no?

Moderator:

Tara Dharnikota CISO Victoria University

Panellists:

Callum Nelson CISO EBOS Group

James Ng GM Cyber Security (CISO) Insignia Financial

Robert Turney CISO auDA

• Value of Implementing Data Security Posture Management (DSPM) and Data Intelligence Access Governance
• How can DSPM and DIAG help organisations prepare for Generative AI Adoption.

Both DSPM and Data Intelligence Access Governance are critical tools for modern organisations aiming to protect sensitive data, ensure compliance, and reduce risk. They address distinct but complementary aspects of data security and governance, helping organisations proactively manage vulnerabilities, minimise attack surfaces, and optimise data usage. Implementing Data Security Posture Management (DSPM) and Data Intelligence Access Governance (DIAG) can significantly help organisations prepare for the adoption of Generative AI (GenAI) by addressing key challenges related to data security, governance, and compliance. This session will provide the audience with a high level understanding of why their Cyber, Data Governance and Data Privacy teams will need to collaborate to enable the business in the age of Generative AI.

• Explore frameworks and best practices for implementing responsible AI governance in enterprise environments.
• Identify key risk factors associated with AI adoption, including ethical considerations, regulatory compliance, and operational vulnerabilities.
• Demonstrate how to align AI initiatives with business objectives to drive value while maintaining accountability and trust.

Speakers:

Bharat Bajaj Senior Director ISACA Melbourne Chapter 

Reshma Devi Data & AI Risk and Information Management Transurban

AI is rapidly transforming the cyber threat landscape, with adversaries—from script kiddies to nation-state actors—leveraging AI to scale and automate attacks. Security operations leaders must adapt, using AI-driven defense strategies to stay ahead. This session explores how organisations can harness AI to enhance detection, response, and resilience. Learn key techniques for integrating AI into security operations, mitigating emerging risks, and ensuring AI works for you—not against you.

• Identifying key dependencies to address before embarking on a Zero Trust network transformation to ensure a smooth and effective implementation.
• Exploring the essential components of a Zero Trust technology stack, their roles in fortifying infrastructure, and their integration into existing environments.
• Applying pragmatic policy principles to focus on high-impact areas, maximising risk reduction without overwhelming resources or processes.
• Addressing the complexities of deploying Zero Trust in environments with legacy systems, OT, and IoT.

Moderator:

Helaine Leggat NED CI-ISAC & Chair CI-ISAC Health Cyber Sharing Network Advisory Panel

Panellists:

David Worthington, GM - Digital Security & Risk, Jemena

Winston Fernando Head of Cyber Security & Compliance Darebin City Council

Maria Paz CTO Epworth

Ash Diffey Vice President, ANZ Ping Identity

• The end of traditional perimeter security—why firewalls alone are no longer enough.
• Zero Trust and micro-segmentation—building security from the inside out.
• Defending a hyperconnected world—securing data, identities, and applications everywhere.

As the evolving threat environment demands a shift to proactive, data-centric security, traditional perimeter defences no longer suffice. Understanding data context is critical.

This session explores how data intelligence can empower cyber resilience, and why collaboration between data and security teams, underpinned by shared visibility, is key to staying ahead in an increasingly complex environment.

Adam Plotnikov Senior Solutions Engineer BigID

John Karabin Chief Cyber Security Strategist McGrathNicol

• How can organisations transform GRC from a compliance framework into a strategic tool that drives cyber maturity and resilience?
• What are the main challenges organisations face when embedding GRC into their cyber maturity journey, and how can these be overcome effectively?
• How can organisations measure and track the impact of GRC integration on their cyber maturity and long-term resilience goals?

Panellists:

Cameron Walter Head of Cyber Security Cricket Australia

Tharaka Perera Head of Information Security Estia Health

Dhaval Parikh Senior Partner Information Security &Technology Risk BoQ Group 

Nimisha Balyan GM Program Delivery & Change - P&T Transformation Telstra

This session unpacks the evolving threats to critical infrastructure and how AI is reshaping cyber security responses. 

• Geopolitical risk spotlight: how conflicts like Ukraine expose infrastructure vulnerabilities
• SOCI Act: what’s changed and why it matters for security leaders
• QR and energy sector case studies: applying controls to protect people and services
• Real-world use of least-privilege and zero trust in operational environments
• AI in action: 113 hours saved in one month by automating SOC approvals for a financial client
• How to prioritise controls when budgets are under pressure

Moderator:

Ben Smith Solution Engineer One Identity

Speakers:

Eralp Kubilay Country Head ANZ One Identity

Kylie Watson Head of Cybersecurity DXC technology

• Understand the influence of human behaviour and organisational culture on the effectiveness of cyber security practices.
• Implement strategies to foster a security-conscious mindset, encouraging proactive cyber hygiene and responsible digital behaviour across the workforce.
• Measure and evaluate the impact of security awareness initiatives, refining approaches to maintain a continuously improving cyber-aware culture.
• Empower employees to become active defenders, fortifying the organisation’s resilience.

Moderator:

Daisy Wong Squad Lead - Security Awareness Medibank

Panellists:

Cheryl Wong Security Culture & Engagement Lead EBOS Group

Winston Fernando Head of Cyber Security & Compliance Darebin City Council

Daniel Eastley Head of Group Cybersecurity JB HI-FI

Building on last year’s exploration of what Cyber can learn from Health, this presentation delves into the practical application of healthcare-inspired frameworks like ISBAR and PROMPT within cyber incident management. This session provides insights from the journey at VMIA, highlighting how these frameworks have informed the development of operational processes and systems to enhance response efficiency, communication, and resilience in the face of cyber threats. Join Ian as he shared actionable strategies for bridging disciplines and driving innovation in cyber security.

• What are the key vulnerabilities in the supply chain or gaps in vendor cyber security practices and their potential business impacts?
• How can businesses shift from reactive to proactive approaches in identifying and managing supply chain risks, particularly with the growing reliance on third-party services?
• What are the actionable strategies for improving vendor oversight and securing the entire supply chain against evolving cyber threats?
• How to develop tailored mitigation strategies to address financial, reputational, and operational risks posed by third-party vulnerabilities?

Moderator:

Raheem Sar APAC CISO The Access Group

Panellists:

Muzamil Rashid Head of Cyber Security Mazda Australia

Catherine Rowe CISO Teachers Mutual Bank

Miraj Rajan Cyber Security Advisor EC-Council 

Innovation and security are often seen as opposing forces, but the most successful organisations find ways to balance both. This panel brings together forward-thinking cyber security leaders to explore how to foster creativity while maintaining the rigour needed to safeguard organisations.

Moderator:

Prof Dan Haagman CEO Chaleit & Honorary Professor Murdoch University

Panellists:

Jerome Brown Head of IT: Cyber Security & Risk Country Road Group

Alison Stretch GM Cyber Security MACS

Vannessa Van Beek Global CISO Fortescue