CISO Melbourne schedule

• Exploring the most recent updates on the SOCI Act Reforms
• How will these affect your organisation moving forward?
• Better understanding companies’ obligations and exemptions
• Further clarification on contingency act and stepping power
• Overview of new plans and approaches to the reform

Cyber Security Programs are challenged by the sprawl of devices, device types, and the quantity of solutions continues to skyrocket and environments only grow more siloed and complex. 
But there’s good news: Asset data can now be harnessed to transform your cyber security program.
Today’s “asset intelligence” moves from a spreadsheet approach to an API-driven, rich and always up-to-date view into all assets via integrations of existing solutions, data correlation at scale, and querying capabilities to find and respond to gaps. 
Join this session to learn how asset intelligence improves security hygiene, allocate resources, accelerate incident responses and remediates gaps.

Hear our keynote discuss the impact of cyber-attacks and what can be learnt from them.

• What are the impacts of cyberattacks on the public sector for society, businesses, and economies, and what can we learn?
• Understand what is at stake for organisations across the country
• Understanding the convergence of advanced persistent threats (APT) and cybercrime, and how it affects Australian organisations

Are you ready for the adversary? In this talk Ash will describe 4 major areas that affect the security of critical infrastructure, namely legacies, legislation, people and finally the adversary. He will outline how a threat actor, Vanguard Panda (Volt Typhoon) targets weakness in CI systems to gain access. Ash will provide guidance on the 5 areas of focus organisations need to consider to defend against this type of state actor.

Cybersecurity is traditionally seen as additional friction to normal operations, a necessary hindrance to daily business performance. OT is an area where these priorities converge, compete, and often collide. But is this friction unavoidable? For example, the Critical Infrastructure legislation focusses on resilience, which should be a naturally shared goal between production and cyber teams.

Our two speakers will take an operations and engineering perspective to look beyond the traditional IT/OT rift. They will share practical insights, front-line experience, and ideas from various sectors to better leverage synergies between cyber and operations from design to asset operation and incident response.

François Aye, Principal, Analytics and Cybersecurity, Aurecon

Hassan Mounzer, Associate, Cybersecurity, Aurecon

Tim Fleming has 40 years ICT experience in a range of technical and managerial roles across a broad range of industries. Responsible for all commercial and operational technology strategy at Deloitte for over 20 years; as CIO of Australia and APAC, Tim oversaw a team of more than 1300 with direct accountability for countries including India, China, Taiwan and Japan.

Effective regulation for secure critical infrastructure is in everyone’s interest, and a strong government-industry partnership is crucial in managing risks and reducing regulatory burden. During this panel, we’ll explore challenges, concerns, and ideas on:

• What’s the cost impact to achieve and maintain CI compliance?
• Complying with CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, NIST and Essential 8
• Cross-sector support: how shared information and threat intelligence can be applicable across industries and benefit the wider ecosystem

Moderator:

Rachel Bailes, Head of Policy, AIIA

Panellists:

Emily Wade, Executive Manager Group Cyber Governance and Compliance, Commonwealth Bank

Wayne Pennington, Cyber Solutions & Architecture Lead, Airservices Australia

Raheem, APAC Region Manager, Security, Risk & Compliance, The Access Group

Having an effective incident strategy in place is critical but can be increasingly challenging when third parties must be involved. During this session, we will explore some of the common issues involved third parties to the company’s incident response plans and brainstorm ideas

 Cindy Tarczon, Senior Manager, Cyber Intelligence and Response Service, Victoria Government

We’re told compromise is inevitable and to assume breach. When prevention fails, it’s lateral movement (speed, scale, and extent of spread) that makes a cyber-attack so damaging. Network segmentation isn’t new, but dynamic computing and distributed IT architectures have taken segmentation needs beyond the firewall. In this session we’ll explore how zero-trust segmentation mitigates lateral movement risk and helps organizations to:

• Reduce the attack surface
• Protect critical systems
• Separate environments
• Contain a breach to prevent a cyber disaster

In this talk, we will progressively build the audience’s understanding of how moving from a siloed, non-collaborative approach to defend against cyber-attacks towards collective defence will force-multiply their ability to deploy resources more effectively to secure their critical infrastructure organisations.

The legislation for critical infrastructure security offers great support for incident response. But recovering from cyber-attacks can be extremely challenging and costly for businesses. During this group discussion, you’ll brainstorm and share ideas with the group on how to create effective threat management and incident response strategies, and how to implement successful recovery and business continuity plans.

Organisations need to build Cyber Resilience - Critical Infrastructure will continue to be highly targeted by Cybercrime and State Sponsored Threat Actors, keeping systems secure and reliable in the face of threats and disruptions is key. Splunk's Head of Security will discuss today's challenges and provide guidance on how Splunk can help you build better cyber resilience.

Having an effective incident declaration process in place is key when developing your compliance strategy and meeting critical infrastructure regulations and standards. During this session, the group will share ideas, lessons learned and best-practice defining and fine-tuning incident declaration processes and response plans, identify what your organisation is doing, and brainstorm strategies to advance your maturity model.

Join our interactive wrap-up panel to share your key take-aways from today’s sessions and hear how your peers will be address the Critical Infrastructure reforms moving forward. Key discussion points include:

• Understanding how the reform is applicable to your business
• Your new obligations related to your data storage or processing asset
• Government Assistance Measures: gather powers, action directions, and intervention powers
• Where to go and who to follow

Facilitators:
Deepa Bradley, Cybersecurity Strategist
Dushyant Sattiraju, Manager, Cybersecurity Operations, Deakin University
Pearse Courtney, Cyber Project Manager, AEMO

• Overview on the growing threats landscape and how to reduce our critical infrastructure vulnerabilities
• How could major cyber-attacks impact our societies, businesses, and economies?
• Australian Government plans to work in collaboration with industries for highly efficient CI cybersecurity

The rapid pace of the cloud introduces a growing attack surface spanning multiple clouds, multiple architectures (containers, serverless, and VMs) and thousands of cloud technologies. Join us as we take a deeper look into common cloud attack paths from initial access to internal exposure and isolation breakout. This session will cover strategies for how organizations can approach prevention, including a playbook for how security and development teams can control risks together across the pipeline.

• Organisational threat assessment (divergent)
• Organisational threat assessment (convergent)
• Identifying and defeating ransomware actors’ techniques
• Operationalising intelligence to continuously improve defences

AI can be both a villain as it gathers all information about every one of us, or a hero if used to prevent misuse and abuse of our personal data. During this session, we will explore how cybersecurity leaders can use AI to take child and adolescent online abuse more seriously and do a better job staying proactive in finding preventative tools.

Three-quarters of Australian CISOs see human error as their organisation’s biggest cyber vulnerability. What if there was a way to stop rolling the human dice every day?

Learn how organisations can leverage advanced behavioural science and automation for informed and near instantaneous decision-making on what is good and what is bad email. As well as removing the increasing burden that is placed on employees as a last line of defence.

In this session we will discuss:

• Account takeover techniques and measures that can be taken to help protect against them
• New insights and controls over protecting against supply chain attacks
• The accuracy of advanced behavioural data science in identifying anomalous behaviour

• How can CISOs speak the CEOs’ language?
• What does the board expect from CISOs when evaluating and reporting inherent and evolving risks?
• How can the board support CISOs in conducting a cybersecurity mission & strengthening their posture?
• Working together in mastering the company’s digital governance & risk management practices
• Exploring challenges and opportunities to adopt a secure-by-design approach in the business

Moderator:

Jason Murrell, Group Executive, AustCyber

Panellists:

Andrew Pade, GM of Cyber Defence Operations and Security Integration, CBA

Shannon Jurkovic, CISO, Bendigo and Adelaide Bank

Callum Nelson, CISO, Australian Red Cross Lifeblood

Charles Sterner, CISO, AARNet

We'll discuss how digital trust:

• is an emerging strategic imperative for ANZ businesses
• can drive real world innovation
• can reduce the risk of business disruption
• can secure attack surfaces and improve agility

Dive into a comprehensive exploration of strategic security planning amid the dynamic landscape of cyber threats. This session will discuss a useful framework of to-do’s for formulating a robust and future-oriented security strategies. By asking the right questions, we'll uncover critical insights and approaches that help your organization anticipate and mitigate risk, thereby securing a more resilient future in an era of growing uncertainty.

Join us for a deeper understanding of the role of security data lakes in cybersecurity and how to leverage them to improve their security posture. We will explore the benefits of security data lakes, best practices for implementation, and strategies for getting value from security big data. We will also share insights and lessons learned from successful security data lake projects and offer practical tips for organisations looking to implement their own security data lake solutions.

This presentation aims to offer practical advice on how to strategically establish a proactive intelligence function, starting with modest beginnings and gradually enhancing the sophistication of the function as the organisation's capability, finances, and maturity grow.

You will learn how to effectively mitigate cyber threats by utilising open-source intelligence (OSINT) and monitor critical areas such as credentials on the dark web, domain registrations, phishing intelligence, and ransomware. Additionally, we will cover how to obtain buy-in from key stakeholders, secure funding, and foster a culture of security awareness throughout the organisation.

Cyber attackers target people. They exploit people. Ultimately, they are people. That's why people—not technology—are the most critical variable in today’s cyber threats.

In this session we will focus on specific areas of the Attack Chain and discuss how you can use a people-centric approach to:

• Understand who in your organisation is the most attacked and represents the most risk
• Detect risky behaviour and data exfiltration attempts
• Prevent lateral movement and privilege escalation within your network
• Provide your team with visibility and context to stop data loss and insider risk

Traditional networks were built from the inside out. We created a fortress around our datacentres and kept our companies protected. Then everything changed. Data is now everywhere. Our people are everywhere. We no longer connect to a network - we are simply connected to data. So how do you enable this seamless connectivity while maintaining - or even enhancing - your security? It starts here. Join us to demystify the jargon of network security for the why and how of the most modern access security strategies.

 Jaye Tillson, Director of Strategy (Field CTO), Axis Security

Carlos Gómez Gallego, Chief Technology Officer – APJ, HPE Aruba Networking

Your password is potato. Less complexity and increased offensiveness in communication between red teams and boards.

Getting a handle on cybersecurity risk can feel like a losing battle. As businesses work to transform their processes to meet the latest internal and external threats, operationalising cybersecurity is key. Hear Rapid7 APJ CTO, Robin Long discuss a holistic, business-driven approach to cyber security that delivers security-related inputs to internal stakeholder groups for better decision making and measurable risk reduction. A clearly defined operating model can enable effective change in management risk that in turn brings the whole business on the same journey.

• Before ticking big items in your cyber strategy lists, how can you ensure you got the basic hygiene covered?
• Successful strategies to check if you got your incident response and business continuity plans right
• What can we learn from effective ways to communicate breaches to the board, stakeholders, and customers?
• How can you work with other teams to minimise unnecessary risks by collecting, using, and disposing only the information your organisation actually needs

Panel moderator:

Christie Wilson, Manager, Cyber Resilience, Information Security, UniSuper

Panellists:

Mick Dunne, CISO & CSO, AustralianSuper

Varun Acharya, CISO, Healthscope

Callum Nelson, CISO, Australian Red Cross Lifeblood

Daniel Muchow, Head of Cyber Risk and Security, La Trobe Financial

Raheem, APAC Region Manager, Security, Risk & Compliance, The Access Group

During this session, we’ll explore strategies to increase cybersecurity awareness and get board-level buy-in. Join us session and get invaluable insights that will help you create risk awareness, drive change, and build a cybersecurity driven culture.

• Effective ways to educate those who are not in IT – and those who are – around cybersecurity
• Adopting an in-person tone and using real-life examples of how cyberattack can impact everyone’s lives
• Offering specific information about what’s in it for them and why they should care
• Setting clear expectations and providing the necessary resources

Moderator:

Jason Murrell, Group Executive, AustCyber

Panellists:

Jacqui Loustau, Executive Director & Founder, AWSN

Christie Wilson, Manager, Cyber Resilience, Information Security, UniSuper

Daisy Wong, Security Culture and Awareness Lead, Flybuys

Dushyant Sattiraju, Manager, Cybersecurity Operations, Deakin University

Why cloud security consolidation should be on your radar

In this session with Avi Shua, Chief Innovation Officer & Co-Founder, we look at why cloud security consolation should be on your radar, how to manage the evolving landscape for cloud security for the modern enterprise, and the Orca differentiator.

How the convergence of physical and cyber security is impacting enterprises
During this session, we’ll explore how physical and cyber security teams can come together to protect the enterprise. We’ll also discuss the benefits of a convergent model, how to improve accountability between physical and cyber security teams, and what we must do to make the convergent model work.

Moderators:

Kostas Kyrifidis, President, VSI

Mick Dunne, CISO & CSO, AustralianSuper

Continue your conversations in a fun and entertaining Wine Tasting Competition to discover different ranges and categories of some of Australia’s best wines.

• Successful practices combining cybersecurity and data protection to comply with increased data privacy regulations
• How to adopt secure digital identity and mitigate privacy rights risks
• Embedding the necessary protections into your identity verification systems
• Implementing architecture systems that reduces overcollection during identity verification

In today's rapidly evolving threat landscape, security analysts play a crucial role in protecting organizations from cyberattacks. However, the overwhelming volume of security alerts and the complexity of identifying and responding to advanced threats pose significant challenges. Enter Artificial Intelligence (AI), the game-changer in security operations.
This keynote talk delves into the transformative potential of AI in Security Operations Centers (SOCs) and explores how it can empower security analysts to tackle the ever-growing complexities of cybersecurity. By harnessing the power of AI, SOC teams can enhance their capabilities, augment human expertise, and gain the upper hand against adversaries.

It's said that smooth seas never make skilled sailors. If you're a cyber security leader, the good news then is that you definitely don't have "smooth seas" to reckon with. The challenging times presented by increasing connectivity, speed of business transformation, evolution of cyber threats and ever rising expectations can and do overwhelm even the best amongst us.

This unique session will focus on providing cyber leaders with tangible, real-world tips to build the right mindset, emotional intelligence and differentiating skills that will allow them to deliver massive value to their organisations and optimise their own well-being.

Avi Shua, Orca's Chief Innovation Officer, who patented agentless cloud security (SideScanning) shares his experience and knowledge around cloud security challenges and solutions in the global arena, starting with development, and through to production. Martin Littlewood (Director of Information Security Whispir) , Nicole Neil (Information Security Director , Seer Medical) and Venkat Balakrishnan (CISO TAL) will share their views from the local arena experience. 

• Key strategies to reduce risks of financial cybercrime and fraud
• Understanding the vulnerabilities and exploit points inherent in automation and digitalisation
• Reducing organisational silos to strengthen your boundaries
• Applying advanced tools and technologies to minimise risks

AI has evolved from occasional breakthroughs to everyday conversation, fuelled significantly by the accessible, user-friendly nature of systems like ChatGPT. This session will explore how the resulting global AI revolution is impacting Security Operations Centres (SOCs). As CISOs, understanding this landscape is paramount, especially as Generative AI and Natural Language Processing (NLP) are reshaping SOCs, augmenting defences, and transforming SIEM. Learn actionable strategies for harnessing these innovations responsibly via Data Onboarding, Threat Detection, Threat Explaining, and Threat Debt identification.

Join Cosi as she will guide you through her own personal experience of identity theft. She will talk about the effects and repercussions it has had on her life, as well as advice on preventative measures. Her talk also includes helpful hints on steps one should take if you fall victim to this crime.  

As there is no rule book to follow when impacted by this crime, the suggestive measures will be a great help to limit the damage and recover from the crime.

Our identities are under attack, both at home and at work. Unprecedented data breaches are leading to more credential stuffing and phishing attacks. Protecting both customer and employee identity is a keystone of modern security strategy. Learn how new authenticators and risk analysis can deliver enhanced security without compromising user experience.

Recognising that many cyber security professionals are under sustained and increasing stress, we at Cybermindz provide direct support to restore and rebuild emotional and cognitive health and minimise suffering. Using the 'IRest Protocol' developed by psychologist Dr Richard Miller in the US, we provide a system that can help lift our cyber teams back to mental wellness and in turn strengthen cyber security generally. This brief session with iRest facilitator Chris Wilson will be a practical introduction, and a 'taste test' of the process we use while working with cyber teams.

This session is designed for cybersecurity leaders who are currently investing in Zero Trust architecture models or planning to do this in the near future. Join us for a hands-on discussion where you will share challenges and explore solutions on:

• How to develop a roadmap and implementing specific initiatives to your projects
• Discover effective ways to build a zero-trust security framework
• Identify key components of a zero-trust model to protect the current environment

With many recent SaaS related breaches (GitHub, Okta, LastPass, Dropbox, Microsoft, HubSpot), more and more attention is being focused on SaaS applications and potential security gaps. To further exacerbate the challenge, security practitioners often lack both visibility and domain expertise of the SaaS application control set required to mitigate the risk of data theft and breaches. In the hands of the business, SaaS enables organizations to move more quickly and with greater agility, but they often do so without any security guard rails or checks beyond a supplier risk assessment during procurement. With industry analysts estimating that 99% of data leaks and breaches in SaaS will be due to application and platform misconfigurations, this leaves companies exposed to potential ticking time bombs or blind spots. In this session, learn more about:

• Common security gaps in SaaS applications and data exposure points. 
• Pitfalls of building on top of the PaaS layer and inadvertently leveraging security by obscurity techniques
• The anatomy of a SaaS breach and best practices for the SaaS threat model
• Comparisons of different cloud and SaaS security technologies and approaches

• What trends are we looking at from a security perspective?
• Understanding the risks and implications of offensive AI and how it will change our threat landscape
• How CISOs can be prepared for potential risks
• Strategies to use AI in cyber defence

How will you overcome a cyber-attack on your organisation?

In our rapidly-evolving digital world, cyber skills are critical to ensure reasonable, appropriate and informed business decisions can be made at an executive level.

In less than an hour, you can learn how

We will lead participants through an interactive cyber-attack, which includes ‘live’ news reports and calls for quick responses and decision making. Our user friendly physical boardgame is the centrepiece of the Gamification experience, designed to help participants better understand the cyber security application. The game facilitates open discussion in a fast-paced, fun and memorable environment, an innovative way to introduce cyber security into an organisation’s security awareness training and to complement routine computer-based education.

In a collaborative project, the Cyber Security Cooperative Research Centre (CSCRC), CSIRO’s Data61, Government of Western Australia through the Office of Digital Government, with the support of Edith Cowan University, have created an interactive board game to raise awareness and encourage critical thinking about how to prepare and respond to a ransomware attack.

Moderators:

Helge Janicke, Research Director, Cyber Security Cooperative Research Centre

Carl Celedin, Project Manager, Cyber Security Cooperative Research Centre

To be successful, today’s CISO needs to bring more than their security acumen to the table. The role has expanded exponentially to address executive and board concerns, endless business challenges and customer and product confidence. While positive outcomes are the goal, it is critical for CISOs to work with full transparency to protect the business and themselves. In this session Gail will share best practices from her experience negotiating the evolving role of the CISO in an expanding threat landscape.

• How has the threat landscape evolved in Australia?
• How malicious cyber activities are impacting organisations across the country?
• What strategies can organisations adopt to create robust cyber security measures to prevent incidents and exploitations?
• Government, industry, academia and citizens working in collaboration to safeguard our country and communities

• The Evolution of Ransomware – How did we get here and what is next
• Understanding the risks and potential costs of attacks
• Exploring successful techniques to improve organisations’ ransomware protection posture

• Building security from scratch – incorporating people, process, and technology into your programs
• Strategies to improve your teams’ skills and knowledge in IT and cybersecurity
• Exploring how innovative technologies can help your company achieve adaptability and resilience

Join us to hear how to deter attackers, apply similar new techniques that the world’s biggest companies, like Adobe, Snap, PayPal, are using, and adapt your strategies to deliver measurable cost savings.

During the session, we’ll discuss:

• How criminals are conducting account takeovers and credential stuffing attacks that bypass MFA SMS toll fraud, and more to monetise CISOs’ own security defenses against themselves
• How attackers overcame MFA and how we worked with a top gaming merchant to prevent it
• A tour of the modern areas where adversaries share techniques and learn, the latest networks in play, and other threats, like SMS Toll Fraud and much more.

• How do you build a security program in 2023?  How has it changed from recent years?
• People, process, and technology – what do you need to incorporate into your program?
• What does ‘good enough’ look like and how do we measure it?  Risk, regulation, and strategy – making them all fit together

Supply chain can be the weakest risk of your digital assets. During this presentation, we’ll explore good practices for data protection, data governance, fraud prevention and third-party risks to ensure your supply chain is secure.

During this presentation, we’ll explore how to build supply chain resilience and where it should sit within cybersecurity. We’ll also share good practices for data protection, data governance, fraud prevention and third-party risks to ensure your supply chain is secure.

This session is designed for cybersecurity leaders who are currently implementing Zero Trust architecture models. Join us to hear common challenges and explore ways to overcome them. Key discussion points:

• The evolution of Zero Trust
• What are the key challenges you are trying to overcome
• How to develop a roadmap and implementing specific initiatives to your projects
• Discover effective ways to build a zero-trust security framework
• Identify key components of a zero-trust model to protect the current environment

During this session, we’ll explore various methods utilised in building a stronger, more secure company to prepare and protect against cybercrime. Richard will share his experiences of what has worked and hasn’t worked over the years and how getting certified really helped the organisation maturity journey.

How will you overcome a cyber-attack on your organisation?

In our rapidly-evolving digital world, cyber skills are critical to ensure reasonable, appropriate and informed business decisions can be made at an executive level.

In less than an hour, you can learn how

We will lead participants through an interactive cyber-attack, which includes ‘live’ news reports and calls for quick responses and decision making. Our user friendly physical boardgame is the centrepiece of the Gamification experience, designed to help participants better understand the cyber security application. The game facilitates open discussion in a fast-paced, fun and memorable environment, an innovative way to introduce cyber security into an organisation’s security awareness training and to complement routine computer-based education.

In a collaborative project, the Cyber Security Cooperative Research Centre (CSCRC), CSIRO’s Data61, Government of Western Australia through the Office of Digital Government, with the support of Edith Cowan University, have created an interactive board game to raise awareness and encourage critical thinking about how to prepare and respond to a ransomware attack. 

Facilitators:

Helge Janicke, Research Director, Cyber Security Cooperative Research Centre

Carl Celedin, Project Manager, Cyber Security Cooperative Research Centre

Cyber Security Programs are challenged by the sprawl of devices, device types, and the quantity of solutions continues to skyrocket and environments only grow more siloed and complex.

But there’s good news: Asset data can now be harnessed to transform your cyber security program. Today’s “asset intelligence” moves from a spreadsheet approach to an API-driven, rich and always up-to-date view into all assets via integrations of existing solutions, data correlation at scale, and querying capabilities to find and respond to gaps. Join this session to learn how asset intelligence improves security hygiene, allocate resources, accelerate incident responses and remediates gaps.

During this presentation, we’ll explore how to build supply chain resilience and where it should sit within cybersecurity. We’ll also share good practices for data protection, data governance, fraud prevention and third-party risks to ensure your supply chain is secure.

• What trends are we looking from a security perspective?
• Understanding the risks and implications of offensive AI and how it will change our threat landscape
• How CISOs can be prepared for potential risks
• Strategies to use AI in cyber defense

• Exploring the challenges and opportunities for improvement
• What information should be given to the board?
• Quite the technical jargons – what the board won’t listen to and what they will shift attention to
• Developing and mastering your skills of communicating with the board

NSW has added cyber education to school curriculum, and secondary students will learn in ‘smart city sandbox’. The 10-week course was development between NSW Department of Education, Cyber Security NSW, and industry firms including MCB Business Partners and Core Electronics. During this session, you’ll get inspired on how the project came about, and what the profession can expect for 1000s of kids every year doing this course in NSW schools.