CISO Melbourne schedule

In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network!

• Reflections on key achievements under Horizon 1 and lessons learned.
• Priorities as we move towards Horizon 2, including scaling cyber maturity across the economy and growing Australia’s cyber workforce.
• The role of public-private partnerships in building a resilient digital future.
• How the federal government continues engaging CISOs and the broader cyber community to drive national cyber resilience.

Step into an engaging conversation among CISO, CIO and CFO as they unpack the critical interplay between cyber security and financial strategy. This dynamic conversation offers a unique opportunity to explore how these three leadership roles align to protect organisational assets while enabling growth.

• How can we align priorities to ensure cyber security investments drive both risk reduction and organisational growth?
• What strategies do you use to translate cyber security risks into financial terms that resonate with the C-suite and board?
• How do you balance the need for proactive cyber security investments with the organisation’s financial constraints?
• What practical steps can improve collaboration among cyber security, IT and finance teams to protect assets and enable innovation?

Moderator:

John Taylor CTO Lumia Care

Panellists:

Noel Toal CIO DPV Health

Chris Storey CFO Suburban Rail Loop Authority 

Today staying ahead of cyber threats requires a proactive and adaptive approach. This session will focus on how organisations can optimise threat detection, response, and attack surface management to enhance visibility and build more resilient security operations.

• How would you assess the current level of AI implementation within your organisation?
• What challenges have you encountered in adopting AI, and how have you addressed them?
• What are the key criteria and considerations for evaluating AI technologies as part of a holistic cyber risk management strategy?
• What indicators or benchmarks should organisations consider evaluating the effectiveness of AI-driven cyber defence initiatives?

Moderator:

Dr Imad Khan Data Science AI & Neural Networks Expert Victoria University

Panellists:

Sam Fariborz CISO David Jones

Jonar Marzan Group Cyber - Security, Risk & Compliance Manager Coles

Dushyant Sattiraju Director Cyber Security Deakin University

Craig Searle Regional Director CPS Pacific Trustwave

As DevSecOps evolves, AI and automation are redefining security operations, enabling proactive, self-managing security frameworks. This session will examine the benefits and challenges of autonomous DevSecOps, offering insights into how organisations can transition towards a continuous and self-sustaining security model.

• Exploring the convergence of AI, data, and cyber security
• Discussing data as the core foundation for AI-driven cyber security.
• Leveraging AI for proactive and predictive cyber defence.
• Examining challenges and risks that AI brings in for cyber security.
• Shedding light on the future of cyber security with AI and data.

Harnessing global threat intelligence allows organisations to move from reactive defence to proactive threat mitigation. This session will demonstrate how consolidating and operationalising threat feeds can improve security agility, enhance visibility across systems, and drive a more resilient cybersecurity posture.

• Explore the latest methods cybercriminals use to exploit human vulnerabilities to access sensitive information and compromise systems.
• Learn strategies to build organisational awareness and defences to mitigate the risks associated with social engineering.
• Discover how fostering a culture of cyber security awareness can empower employees reducing susceptibility to social engineering attacks and enhancing overall resilience.

Puneet Tikoo Information Security Lead Cisco

Bharat Bajaj Senior Manager – Risk & Control Enablement CBA

As corporate and operational environments become increasingly interconnected, securing the corporate infrastructure is essential for building a resilient operational framework. This session will explore strategies to mitigate risks, protect critical assets, and ensure business continuity through a strong security foundation.

• Transform cyber security incident response skills into effective crisis leadership strategies.
• Apply key principles from ISO 22361 to strengthen crisis management processes and decision-making.
• Equip teams with actionable frameworks to navigate disruptions and ensure business continuity.

Cybercriminals exploit weak segmentation to move laterally across networks, increasing the impact of breaches. This session will break down real-world attack patterns, revealing how organisations can disrupt lateral movement and reduce the success of cyber threats.

• Explore the capabilities of quantum computing, its current developments, and the expected timeline for real-world impact.
• Understand how quantum advancements could disrupt encryption, compromise sensitive data, and challenge existing security controls.
• Assess the implications for cyber security investment, compliance, risk management, and the cost of upgrading security infrastructure.
• Identify actionable steps for CISOs, including risk assessment, vendor collaboration, and future-proofing security architectures with AI-driven defence mechanisms.

Generative AI tools like Microsoft Copilot can enhance productivity but also introduce new security challenges. Learn how to mitigate the risks of prompt-hacking, control data access, and ensure your Copilot deployment remains secure.

Join Sunil as he shares his experience at ARN, where he successfully developed a risk framework to align security efforts with business priorities. Following his presentation, attendees will collaborate in small groups to:

• Reflect on Sunil’s framework and brainstorm how similar strategies can be implemented in their organisations.
• Share real-world challenges and successes in communicating cyber risks to leadership teams.
• Explore ideas for enhancing cross-departmental collaboration to improve risk management practices.
• Discuss actionable strategies for securing executive buy-in and driving cyber security initiatives forward.

As cyber threats grow in sophistication, security teams must move beyond traditional remediation approaches. Discover how Continuous Exposure Management helps organisations assess, prioritise, and mitigate risk by adopting the same mindset as attackers.

• Distinguish between intelligence and information to drive effective risk mitigation and decision-making.
• Embed real-time threat intelligence into SOC workflows to enhance detection and response.
• Use intelligence-driven insights to prioritise threats and optimise security operations.
• Strengthen collaboration across teams to maximise threat intelligence as a force multiplier.

APIs, tokens, and compromised credentials continue to be the top threat vector for SaaS applications. In this session, we’ll explore how attackers gain access, why these breaches often remain undisclosed, and what steps you can take to implement a proactive SaaS security model.

• Strategies to uplift your incident response readiness through table-top and crises exercises.

• Creating documented procedures, consistent and easy to understand for relevant stakeholders –you’ll need them ready-to-go in case of an incident.

• Incorporating board and executive management into IR – what do they need to know and do?

• Take-aways and lessons learned – reviewing what went according to plan and what can be improved.

Cloud-native applications demand a new approach to security—one that AI is uniquely positioned to provide. This session will examine how AI-driven security solutions can mitigate risks throughout the software lifecycle, from secure coding practices to real-time threat detection.

• An overview of new security regulations and standards affecting Australian businesses.
• Complying with SOCI, SoNS, CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, AESCSF, NIST and Essential 8.
• Insights into the current proposed legislation NIS 2.0 and DORA, which have been said to be the GDPR for Information Security.
• Strategies to balance the benefits against the cost-impact of compliance based on the enterprise’s risk appetite.

Moderator:

Dan Goldberg Australian Market ISO Omnicom

Panellists:

Puneet Tikoo Information Security Lead Cisco

Amanda Pinaud Cyber Security Manager Megaport

Helaine Leggat NED CI-ISAC & Chair CI-ISAC Health Cyber Sharing Network Advisory Panel

Cybersecurity isn’t just an IT concern—it’s a shared responsibility. Learn how a human-centric approach, real-life attack scenarios, and technical controls like email filtering and blacklisting can empower teams to mitigate threats effectively.

• Exploring how the CISO’s responsibilities are evolving from solely managing risks to enabling business growth and innovation.
• Understanding how CISOs can design adaptable security frameworks that support business agility and innovation while safeguarding against emerging threats.
• Discussing how CISOs can cultivate a mindset where security is not seen as a barrier but as a driver of business agility, empowering teams to innovate with confidence.

Moderator:

Lama Tayeh Founder & CEO LULUMPR 

Speakers:

Maria Paz, CTO, Epworth

John Taylor CTO Lumia Care

• Explore frameworks and best practices for implementing responsible AI governance in enterprise environments.
• Identify key risk factors associated with AI adoption, including ethical considerations, regulatory compliance, and operational vulnerabilities.
• Demonstrate how to align AI initiatives with business objectives to drive value while maintaining accountability and trust.

A Risk Operations Centre (ROC) brings a proactive approach to cyber risk management by integrating real-time monitoring with strategic decision-making. This session explores key risk concepts like Value at Risk (VAR) and Enterprise True Risk Management (ETM), enabling organisations to prioritise threats and communicate cyber risks effectively to leadership.

• Understand the data protection and privacy challenges posed by emerging technologies as well as the new privacy act updated in August 2024.
• Reduce trust assumptions and adopt a more granular, data-centric and risk-based approach to security.
• Discuss how to take a proactive approach to building a unified data security strategy while grappling with emerging technology in an era where data is widely distributed across the organisation.

Moderator:

Andrew Morgan Head of Information Security & Risk Defence Health

Speakers:

Muzamil Rashid Head of Cyber Security Mazda Australia

Vasant Prabhu Global Data Protection Lead Toll Group

• Understanding the current state of the threat landscape, including the most prevalent types of attacks, such as ransomware, phishing, and supply chain compromises.
• Gain insights into the latest cyber threat trends, including the rise of ransomware, targeted phishing, and AI-driven attacks, and learn about new vulnerabilities impacting the nationwide and global landscape.
• Stay informed about the latest threat trends and adversary tactics, organisations can better prepare themselves to defend against increasingly sophisticated attacks. 
• Discover the knowledge and tools needed to enhance security posture, prioritise security investments, and foster a culture of proactive threat management.

Security leaders are under pressure to secure AI-driven cloud environments at the speed of development. This session unpacks strategies for integrating security seamlessly into AI and cloud workflows, ensuring protection while enabling business agility.

• What strategies effectively prioritise resource allocation towards high-value targets without over-allocating to less critical areas? What metrics or KPIs should be tracked?
• How crucial are comprehensive risk assessments for identifying critical assets?
• How can businesses balance thorough risk assessments with the fast-paced threat landscape?
• What are the main challenges in getting the board to prioritise cyber security investments, and how do you tackle them? What do you do when the board says no?

Panellists:

Callum Nelson CISO EBOS Group

James Ng GM Cyber Security (CISO) Insignia Financial

Robert Turney CISO auDA

From incident declaration to response execution, this session will guide you through optimising your incident management strategy. Gain insights into aligning compliance with operational resilience and explore strategies to elevate your organisation’s incident maturity model.

This session examines the complexities of navigating policy and cyber security under the Australian Cyber Security Bill 2024, alongside other regulatory challenges:

• Understanding the complexities of the new cyber security policies and regulations.
• Preparing for mandatory ransomware reporting and other compliance obligations.
• Aligning response plans to address a broad range of incidents.
• Strengthening risk management and communication with government agencies.

Asset intelligence is fundamental to securing critical infrastructure. This session will explore how leveraging an Asset Intelligence platform improves asset visibility, simplifies compliance, and enhances overall security posture by ensuring accurate, real-time asset data collection and analysis.

• Identifying key dependencies to address before embarking on a Zero Trust network transformation to ensure a smooth and effective implementation.
• Exploring the essential components of a Zero Trust technology stack, their roles in fortifying infrastructure, and their integration into existing environments.
• Applying pragmatic policy principles to focus on high-impact areas, maximising risk reduction without overwhelming resources or processes.
• Addressing the complexities of deploying Zero Trust in environments with legacy systems, OT, and IoT.

Moderator:

Helaine Leggat NED CI-ISAC & Chair CI-ISAC Health Cyber Sharing Network Advisory Panel

Panellists:

David Worthington, GM - Digital Security & Risk, Jemena

Winston Fernando Head of Cyber Security & Compliance Darebin City Council

Maria Paz CTO Epworth

• The end of traditional perimeter security—why firewalls alone are no longer enough.
• Zero Trust and micro-segmentation—building security from the inside out.
• Defending a hyperconnected world—securing data, identities, and applications everywhere.

Effective cyber defence requires more than just static controls. In this session, we’ll examine how real-time data empowers organisations to strengthen cyber hygiene, rapidly detect and respond to breaches, and streamline compliance initiatives to achieve higher Essential 8 Maturity levels.

• How can organisations transform GRC from a compliance framework into a strategic tool that drives cyber maturity and resilience?
• What are the main challenges organisations face when embedding GRC into their cyber maturity journey, and how can these be overcome effectively?
• How can organisations measure and track the impact of GRC integration on their cyber maturity and long-term resilience goals?

Panellists:

Cameron Walter Head of Cyber Security Cricket Australia

Tharaka Perera Head of Information Security Estia Health

Dhaval Parikh Cyber Security Advisory Lead UNSW

Nimisha Balyan GM Program Delivery & Change - P&T Transformation Telstra

• Understand the influence of human behaviour and organisational culture on the effectiveness of cyber security practices.
• Implement strategies to foster a security-conscious mindset, encouraging proactive cyber hygiene and responsible digital behaviour across the workforce.
• Measure and evaluate the impact of security awareness initiatives, refining approaches to maintain a continuously improving cyber-aware culture.
• Empower employees to become active defenders, fortifying the organisation’s resilience.

Moderator:

Daisy Wong Squad Lead - Security Awareness Medibank

Panellists:

Cheryl Wong Security Culture & Engagement Lead EBOS Group

Winston Fernando Head of Cyber Security & Compliance Darebin City Council

Daniel Eastley Cyber Security Services Manager JB HI-FI

• Explore the limitations of traditional GRC frameworks in the evolving threat landscape and the benefits of automation, including reduced compliance overhead and real-time visibility for better decision-making.
• Discuss how these platforms address gaps in GRC automation and enable organisations to map cyber maturity effectively.
• Learn from a case study on transitioning from fragmented processes to a future-ready framework, with key takeaways and next steps for automation.

• Tough questions that need asking – how to make complex security simple, remove the vendor angst, and enable small teams to focus on the highest-impact tasks.
• Why is tech debt like your home mortgage and how do you know when to re-finance?
• Not assume breach– how does a ‘Let Breach’ mindset change your investment and provide lead indicator forecasting?
• How does MoSCoW prioritisation enable better business security and firewall rules at home?
• Practical tools to work out acceptable loss, right-sized security investment and drive business outcomes.

• What are the key vulnerabilities in the supply chain or gaps in vendor cyber security practices and their potential business impacts?
• How can businesses shift from reactive to proactive approaches in identifying and managing supply chain risks, particularly with the growing reliance on third-party services?
• What are the actionable strategies for improving vendor oversight and securing the entire supply chain against evolving cyber threats?
• How to develop tailored mitigation strategies to address financial, reputational, and operational risks posed by third-party vulnerabilities?

Moderator:

Raheem Sar APAC CISO The Access Group

Panellists:

Sandra Barns GM Information Security, Technology & Data Risk Judo Bank

Muzamil Rashid Head of Cyber Security Mazda Australia

Catherine Rowe Former Global CISO ex-QBE

Innovation and security are often seen as opposing forces, but the most successful organisations find ways to balance both. This panel brings together forward-thinking cyber security leaders to explore how to foster creativity while maintaining the rigour needed to safeguard organisations.

Moderator:

Prof Dan Haagman CEO Chaleit & Honorary Professor Murdoch University

Panellists:

Jerome Brown Head of IT: Cyber Security & Risk Country Road Group