CISO Melbourne schedule

In this 5-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network!

As organisations race to adopt Generative AI, transitioning to an "AI Native" business model introduces unprecedented cyber security challenges. In this international keynote, discover how Mercari, Japan's largest C2C marketplace and one of Japan's first tech unicorns, is safely navigating the LLM revolution. We will explore the current state of agentic AI, common challenges, and essential frameworks, strategies and guardrails to govern and secure the modern agentic enterprise. By examining real-world security models through this case study, attendees will learn practical and actionable strategies to safely accelerate AI integration while ensuring effective controls are in place. 

This session will demonstrate how consolidating and operationalising threat feeds can improve security agility, enhance visibility across systems, and drive a more resilient cyber security posture.

Cyber incidents require coordinated decisions across security, risk, legal, and operations leaders.

Scenario: It is early in the business day. The organisation relies on shared digital systems to deliver services, make decisions, and communicate externally. Overnight, unusual activity was detected in a core system. The activity appears unauthorised, but the scope and impact are not yet clear. Systems are still running. The executive team has been called together to decide what to do next with incomplete information.

This session will explore:

• How different executive roles frame risk and urgency during a live incident
• What triggers executive escalation and board involvement
• How decisions change as facts emerge and assumptions are challenged
• What alignment looks like when speed, accuracy, and accountability collide

Moderator:

Chirag Joshi CISO & Founder 7 Rules Cyber

Speakers:

Anya Avinash Head of Cybersecurity Bank First

Sarah Tinsley Chief Legal Officer & Company Secretary Southern Cross Austereo 

Stephen Tiley Director Internal Audit & Risk Assurance Australian Red Cross Lifeblood 

Cybercriminals exploit weak segmentation to move laterally across networks, increasing the impact of breaches. This session will break down real-world attack patterns, revealing how organisations can disrupt lateral movement and reduce the success of cyber threats.

This session showcases specific AI use cases from each panellist that have reduced operational burden for security teams. The conversation will then explore what worked, what didn’t, and the lessons CISOs can apply to adopt AI safely, effectively, and with proper oversight.

• What unexpected challenges did you face, and how did you respond?
• Which governance or oversight decisions were critical for success?
• What practical lessons should other CISOs take away before adopting similar AI initiatives?

Panellists:

Sandeep Taileng Information Security Officer State Trustees

Igor Aleksenitser Head of IT Security Toll Group

Nigel Hedges GM – Cyber & Risk (CISO) Sigma Healthcare 

Cloud environments move faster than human teams can monitor. Misconfigurations, identity risks, and lateral movement often unfold in minutes, not hours. This session will explore how automation is being embedded into cloud-native security operations from real-time detection of anomalies to automated remediation of misconfigurations and credential misuse. Learn how leading organisations are reducing dwell time, accelerating incident response, and maintaining resilience at cloud speed.

Explore the tension between protecting the organisation and enabling innovation. Learn how top CISOs navigate tricky trade-offs and keep security aligned with business outcomes.

• How do you decide when to enforce controls and when to compromise?
• Can friction be productive, or is it always a blocker?
• What separates leaders who influence business outcomes from those who just enforce rules?
• How do you maintain trust while challenging business priorities?

Speakers:

Muzamil Rashid Head of Cyber Security Mazda Australia 

Jason Hargenrader GM of IT Services, Infrastructure & Cyber Treasury Wine Estate

Mariana Paun Chief Business Resilience Officer Zepto 

Most breaches don’t occur because a tool failed. They occur because ownership, context, or response broke down. Despite unprecedented investment in cyber security technology, many organisations remain vulnerable. This presentation explores why, now more than ever, tools alone are not enough, and how human judgement, clear ownership, and decisive action ultimately determine security outcomes.

Even with AI integrated through outsourced or hybrid SOCs, organisations still face alert fatigue, slow response, and gaps in detection. This session shares a CISO’s journey managing AI-enabled security operations, highlighting the decisions, trade-offs, and lessons learned in strengthening defensive capability and ensuring effective incident response.

Speakers:

Dan Haagman CEO Chaleit & Honorary Professor of Practice Murdoch University

This session explores how to embed security thinking into broader organisational decision-making from procurement and product to HR and finance and build a culture where shared responsibility drives better security outcomes.

This session focuses on the real decisions behind adopting AI in security. Delve into how to get early wins, navigate common pitfalls, manage AI-driven risks, and implement governance controls while scaling responsibly. Unlike use-case sessions, this is about the journey and decisions that enable safe, practical AI adoption in complex environments.

This session features case studies and practical insights from working with enterprise customers to strengthen supply chain resilience. Discover how transparent communication, shared risk frameworks, and coordinated response strategies can reduce vulnerabilities and build trust across the ecosystem.

This session explores how to establish security capability and oversight from the ground up, creating structures, processes and roadmaps that grow with the organisation, communicate trade offs effectively, and balance risk, accountability and operational priorities, with practical lessons for scaling organisations.

DLP is evolving fast in the era of AI offering new capabilities, but also new risks. This session shares case studies on how organisations are deploying DLP alongside AI tools to protect sensitive data without stifling productivity. Explore practical lessons, from policy design and user adoption to monitoring, governance, and incident response in AI-enabled environments. 

This session explores the practical challenges of embedding governance, balancing oversight with business priorities, and turning regulatory requirements into actionable strategies. Gain insights and lessons that make compliance purposeful, manageable, and meaningful for your organisation.

Digital trust is being redefined as identity threats grow more complex. From deepfakes and impersonation attacks to the rapid rise of non-human identities, the identity landscape is evolving. This session explores what these changes mean for verification and control and how security leaders can adapt their strategies to safeguard trust in a world where not every identity is who or what it claims to be. 

Human behaviour is often highlighted in security incidents, but the real risk lies in cognitive overload, decision fatigue, and misplaced confidence. The focus moves from mistakes to effective decision design and prioritisation. This session examines which decisions humans should retain, and how technology can absorb routine risk.

This session examines how to implement continuous AI risk monitoring — from identifying vulnerabilities in AI models and data pipelines to detecting misuse and drift. Learn how to combine automation, governance, and human oversight to safeguard high-value systems against evolving AI threats.

Point-in-time assessments leave blind spots in supply-chain risk. In this session, we’ll explore how continuous monitoring and real-time telemetry can help reduce risk, improve resilience, and provide actionable insights. Using practical examples, Igor shows why episodic reviews fall short, how to track vendor and technology risks effectively, and steps to make continuous monitoring realistic and achievable.

Shared infrastructure vulnerabilities can cascade across organisations. This presentation examines DNS, CDN, and edge security, showing how to mitigate ecosystem-wide attacks, build resilient network architectures, and collaborate with partners and service providers to safeguard critical operations in today’s interconnected digital landscape. 

This session explores the journey of integrating AI as a “digital employee,” highlighting lessons learned, human oversight, and emerging cyber security considerations along the way.

• Should we ever treat AI as fully accountable, or is accountability always human?
• How much autonomy is too much for a digital employee before oversight breaks down?
• Have AI “employees” already caused security headaches you didn’t anticipate and what did you do?
• Can humans really trust AI colleagues, or do we just tolerate them?
• What’s the biggest lesson you’ve learned from putting AI on the front line of operations - success or disaster? 

 This session looks at how AI-driven threat detection can streamline SOC workflows, prioritise the right incidents, and surface actionable insights without adding to analyst fatigue. Hear lessons from actual deployments on balancing automation with human expertise to strengthen detection and response. 

Reflect on AI decisions from the past year, what’s changed, and share your thoughts on new challenges and opportunities.

1. Which AI decisions truly moved the needle?
2. How has AI adoption or governance changed in the last year?
3. What lessons on trust, risk, and accountability stick out?

This session provides practical guidance on structuring a program that prioritises remediation by risk, establishes clear governance and SLAs, delivers meaningful reporting to the board, and embeds continuous improvement.

Cybercriminals exploit weak segmentation to move laterally across networks, increasing the impact of breaches. This session will break down real-world attack patterns, revealing how organisations can disrupt lateral movement and reduce the success of cyber threats.

Join this session to explore the grey areas of oversight, where judgement and decision-making matter more than checklists. This closing discussion is your chance to reflect on the day, debate the dilemmas, and leave with insights to guide real-world decision-making.

• What counts as “enough” oversight?
• How much assurance is reasonable?
• Who decides when controls are sufficient?

This keynote dialogue explores what global threat intelligence is revealing and what it means for organisations and national cyber resilience.

• How are cyber threats shifting, from state-linked campaigns to hybrid criminal activity?
• How can government and industry collaborate to detect and respond faster?
• How can global intelligence be translated into actionable strategies?
• What lessons from recent incidents should CISOs prioritise? What have we learned from 2025?

Facilitator:

John Ellis Global Head of Security Trust & Influence QBE 

Speakers:

Mark Alexander CISO ASD 

Ransomware remains one of the most disruptive threats with attackers adapting faster than many defences. This session explores practical strategies for prevention, early detection and effective response. Learn how to reduce impact, strengthen readiness and close the gaps that make organisations vulnerable to modern ransomware campaigns.  

No system is completely secured and no plan survives every challenge. Join us for a candid, practical conversation that will challenge how you think about leadership, risk, and success in an unpredictable world.

• How do you decide what’s truly worth protecting?
• Can failure ever become an advantage?
• Which policies, processes, or habits add real value and what would you eliminate?
• What happens when your best defence still fails?
• What separates teams that adapt and thrive from those that crumble?

Moderator:

Anafrid Bennet CIO Great Western Water

Panellists:

Deniz Molokov CISO Downer

Jo Stewart-Rattray Australian CISO Advisory Board Corinium Global Intelligence

Alison Stretch GM Information Security Melbourne Archdiocese Catholic Schools  

With increased digital capability comes increased risk and responsibility. Evolving cyber threats, complex compliance demands and growing public scrutiny are placing more pressure than ever on public sector cyber leaders. This session explores how advancing your organisation’s cyber maturity can protect critical services, uphold public trust, and strengthen resilience in the face of modern threats.

Explore the tough decisions behind vendor concentration in critical infrastructure, where over-reliance can amplify risk. This panel discusses how organisations assess, mitigate, and live with systemic dependencies.

• Which vendor dependencies keep you awake at night?
• When is reliance on a single vendor acceptable and when is it risky?
• How do you handle tough conversations with boards or regulators about concentration risk?
• What vendor surprises over the past year changed your approach?

Moderator:

Ian Pham CISO Victorian Managed Insurance Authority 

Panellists:

Varun Acharya CISO Healthscope

Ben Lester Head of Digital Security (CISO) St John of God Health Care

Dr Huon Curtis Head of External Affairs CI-ISAC Australia

Ciara Spencer Deputy Secretary, Law Enforcement & Domestic Security Department of Home Affairs  

Join this interactive session to wrestle with the tough choices CISOs face when cyber budgets are tight and every dollar counts.

• Which cyber initiatives get your first dollar?
• How do you balance investment between prevention, detection, and response?
• What’s a compromise you can live with and what’s a deal-breaker?

As corporate and operational environments become increasingly interconnected, securing the corporate infrastructure is essential for building a resilient operational framework. This session will explore strategies to mitigate risks, protect critical assets, and ensure business continuity through a strong security foundation.  

SOCs are central to cyber defence, but they are still a relatively young function. Control rooms, managing energy networks, transport systems, and emergency services, have decades of experience coordinating complex, high-stakes operations. This session challenges cyber security leaders to rethink SOC strategy through the lens of mature operational leadership, providing fresh perspectives on managing risk, investment, and executive decision-making in an increasingly complex cyber environment.

As reliance on satellite communications and GPS grows, so does systemic risk. This session examines how space-enabled services intersect with enterprise risk, and why security leaders need to factor space dependencies into their business continuity and cyber resilience strategies.

Today, staying ahead of cyber threats requires a proactive and adaptive approach. This session will focus on how organisations can optimise threat detection, response, and attack surface management to enhance visibility and build more resilient security operations.  

This structured solo debate examines quantum computing from both sides of the executive dilemma.

• Explores whether quantum disruption of RSA and ECC is closer than organisations are prepared for.
• Challenges assumptions around harvest-now-decrypt-later risk and long-lived data exposure.
• Questions whether large-scale quantum timelines justify immediate large capital investment.
• Examines the dependency of identity systems, PKI, certificates, federation, and trust chains on current cryptography.
• Reframes quantum not as a physics problem, but as a governance and architectural maturity test.
• Confronts whether organisations truly understand their cryptographic inventory and crypto agility.
• Provides a practical executive decision framework to navigate quantum uncertainty without hype or paralysis.

This session explores how to build an AI literacy programme that empowers your people to use AI confidently and safely. Learn practical approaches for training, cultural adoption, and governance to turn AI from a tool into a capability that supports smarter, more informed decision-making across your organisation.

CISOs are increasingly asked to justify cyber security budgets while managing uncertainty and risk. This session explores how to determine the right size of GRC investment under constrained resources, communicate risk and uncertainty effectively, and maintain credibility with boards and executives.

This session explores how to keep messages clear, consistent, and credible under pressure, from briefing executives and coordinating teams to managing regulators and public statements. Learn practical techniques to maintain trust, reduce confusion, and keep everyone aligned when the stakes are highest. 

As organisations shift more services and operations into SaaS and cloud environments, identity is no longer just a technical issue—it’s a business-critical risk factor. This conversation explores how technology and security leaders are navigating identity sprawl, trust, and operational resilience beyond the tools and dashboards.

• Where does identity risk show up first in the business?
• How can CISOs balance simplicity, user experience, and control?
• What is the best approach to managing both user and service accounts at scale?
• How can leaders maintain visibility over access, privilege, and lifecycle in cloud environments?

Speakers:

Prof Abbi Sharma Chief Digital & Transformation Officer Victorian Government