CISO MELBOURNE

Hosted by Blackberry (Invite only)

Mark Priebatsch, Regional Director Australia & New Zealand, Checkmarx

During the Equifax 2017 Data Breach (which exposed the sensitive information on 146 million US consumers), Graeme Payne was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was human error and technological failure. Graeme would later be identified as “the human error”. During this session, he’ll explore how the lessons learned from major cybersecurity breaches, including the Equifax 2017 Data Breach, can be applied to your company to “test and improve” your cybersecurity posture.

Graeme Payne, Author, The New Era of Cybersecurity Breaches: A Case Study and Lessons Learned

• Understanding cyber risks in a quantifiable way
• How to demonstrate the value of risks to the executive management
• What are the biggest challenges when getting buy-in from top management?
• Communication effectiveness: putting yourself in the boss’ shoes and delivering the right message

Mitchell White, Acting Assistant Commissioner for Cyber Security Governance & Operations, ATO

Join us to learn about trends and observations from thousands of cloud environments. What are the common pitfalls? How many falls into common mistakes, and which could be devastating to an organization? See how the cloud allows a new generation of innovation in security tools to provide better comprehensive security with complete coverage and full context We will show and explain how an agentless approach to cloud security can tackle these challenges.

Gil Geron, CPO & Co-Founder, Orca Security

• Combining cybersecurity and data protection to comply with increased data privacy regulations
• How to adopt secure digital identity and mitigate privacy rights risks
• Embedding the necessary protections into your identity verification systems
• Implementing architecture systems that reduces overcollection during identity verification

Panel moderator:

Kostas Kyrifidis, President, VSI

Panellists:

Grant Lockwood, CISO, Virtus Health

Damien Manuel, Adjunct Professor for Cyber Security Research and Innovation Centre (CSRI), Deakin University & Chairperson, AISA

Alison O’Hare, Senior Technical Director, Mimecast

A lot of things have changed: everything is code, our datacenters, our infrastructure, and of course our apps. It's all software….
So much software is being built and security teams can't keep up, nor do they have the resources to do so. Most companies have a ratio of 100:1 developers to security professionals, so why not empower developers to take action? It makes economic sense.
Here is the reality: If companies want to survive and thrive in this fast-paced digital world, not only should we trust developers to handle security but also empower them to fix security issues themselves.
In this session, Lawrence Crowther from Snyk will share some insights on how security teams can scale by empowering developers to create secure applications, including the use of modern cloud technologies that are used to deploy and run application workloads.

Lawrence Crowther, Head of Solutions Engineering APJ, Snyk

• How can we raise awareness of the cyber security industry?
• How can people join the cyber security industry and what experiences can you share?
• How can Executives or CISO’s support and what can be done to increase more awareness?
• What can be done in the short term and long term?

Panel Moderator:

Daisy Wong, Security Culture and Engagement Lead, Flybuys

Panellists:

Jacqui Loustau, Founder, AWSN

Matt Tett, Co-Chair, AWSN

Jason Murrell, Cloud Branch Chair, AISA

Many organisations today are looking to Zero Trust to better protect critical assets, but struggle to cut through the jargon and marketing smoke. In this session explore how to prevent crippling breaches through proactive controls and simplify the journey to Zero Trust.

Join to learn:

• What should your Zero Trust ‘north star’ be
• Critical elements of building Zero Trust controls
• Outcomes of a deny by default vs detect and respond
• How to apply your initial Zero Trust controls across hybrid environments

Dragan Vladicic, Director, Solutions Engineer, Okta

Pete Murray, Managing Director, Australia & New Zealand, Veritas Technologies

• How do you build a security program in 2022?  How has it changed?
• People Process and Technology – what do you need to incorporate into your program?
• What does ‘good enough’ look like and how do we measure it?  Risk, regulation, and strategy – making them all fit together.

Andrew Morgan, CISO, La Trobe University

With the threat of cyber warfare becoming ever more serious, every organisation needs a “this is not a drill” cyber-first recovery plan. If cyberattackers targeted your organisation, the most likely business-crippling scenario would be a direct attack on Active Directory (AD)—the system that authenticates users and grants access to business-critical applications and services. AD has become a prime target for cybercriminals—implicated in 90% of the incidents Mandiant researchers investigate—because it has systemic vulnerabilities and because it gives attackers the means to unleash devastating malware.

The NotPetya attack that crippled Maersk in 2017 was a harbinger of the chaos to come. In this session, we’ll examine the action plan every organisation needs to execute to protect against a business-disrupting cyber incident.

Sean Deuby, Director of Services, Semperis

• Exploring the most common challenges when implementing your IAM strategy
• How can teams overcome these challenges?
• Advice for anyone starting the IAM journey
• Lessons learned and final thoughts
  

Moderator:

Mark Priebatsch, Regional Director Australia & New Zealand, Checkmarx

Speakers:

Jo Steward-Rattray, CSO, Silver Chain

Mazino Onibere, Head of Cyber Security, Risk and Compliance, Regis Aged Care

Mark Priebatsch, Regional Director Australia & New Zealand, Checkmarx

• Is the latest & greatest technology the holy grail of protection?
• How to overcome implementation challenges
• Strategies to address lack of skills and capabilities
• Lessons learned from a CISO

Charles Gillman, CISO, Superchoice

During this session, we’ll explore how to ensure your team has the technical and non-technical skills required to ensure success of your cybersecurity strategies. What role does organisational and change management planning play in getting your workforce strategy right? Why and how is strategy and planning the new trend in cybersecurity?

Agnieszka Lecka, Strategy and Planning Senior Manager, Standard Chartered Bank (Poland)

• With digitalization of business processes, increasing adoption of cloud services, and distributed workforce in a hybrid work model have all contributed to an expanded attack surface beyond your corporate network - the weakest link breaks
• Are your Executive leadership and Board of Directors aware of the increasing cyber risks?
• How would risk management and cybersecurity strategies be any different now? Lessons and sharing on how to translates those strategies into tactical and executable security controls

Wai Kit Cheah, Senior Director, APAC Product Management & Security Practice, Lumen

• Approaching diversity of thought and capabilities as a key element of success in cybersecurity
• How different backgrounds and experiences can be an opportunity of developing the talents you need
• Dealing with toxic cultures in your teams
• Driving cultural change and strengthening your strategies through your people

Moderator:

Deepa Bradley, Cyber Security Strategy and Programs Specialist

Speakers:

Adam Hallyburton, Security Project Manager, SEEK

Sarah Iannantuono, Security Influencer, APAC Security, SEEK

Hashim Khan, Cybersecurity Projects and Governance Lead, SEEK

Security breaches in the cloud usually don’t exploit a single misconfiguration or vulnerability but rather a toxic combination of multiple issues that in isolation wouldn’t raise a red flag given the tons of alerts security teams already get. In this session, we’ll discuss five common toxic combinations across internet exposure, identities and entitlements, software vulnerabilities, and misconfigurations that when combined represent an attacker's pathway to a breach.

Matt Preswick, Enterprise Solutions Engineer, APJ, Wiz

Boards rely heavily on the advice and reporting from CISOs for strategic decision making and ensure appropriate governance regarding Cyber Security matters. Effective Board decisions require structures, policies, and relevant procedures initiated and adhered whilst collecting, organising, utilising and securing the reporting data. This sounds complex, but could what all of us have learned in kindergarten be applicable and the lens in which we should look through to simplify how CISOs should be communicated to Board, and to enable directors to take responsibility for the information they receive?

Arnold Wong, National Treasurer, ACS

Your Customer Identity and Access Management (CIAM) program doesn't have to be burdened with uncomfortable tradeoffs. You can achieve your security objectives AND deliver a low-friction customer experience (CX), extend the platform to suit your organization's needs, deploy it however your organization requires, and achieve a quick ROI. Learn how to achieve CIAM Without Compromise.

Robin Antony, Solutions Architect, WSO2

Remote work and relentless user-oriented attacks is putting cybersecurity professionals under incredible pressure. During this session, we’ll discuss the latest trends and insights into phishing and other cyber threats targeting your users based on survey data, simulated phishing exercises and real-world attacks. Our presenters will also share valuable actionable recommendations for you to take back to your organisation.

Panel moderator:

Ron Gauci, CEO, AIIA

Panellists:

Christie Wilson, Cyber Resilience Manager, UniSuper

Daniela Fernandez, Head of Information Security, PayPal Australia

Jo Steward-Rattray, CSO, Silver Chain

Matt Berry, Senior Pre-Sales Engineer, Abnormal Security

Three-quarters of Australian CISOs see human error as their organisation’s biggest cyber vulnerability. It only takes one employee to click on a bad email to compromise your organisations entire network. Actors know what the weakest link is and they’ve long since shifted to exploiting the human. What if there was a way to stop rolling the human dice every day?

Learn how organisations can leverage advanced behavioral science and automation for informed and near instantaneous decision making on what is good and what is bad email. As well as removing the increasing burden that is placed on employees as a last line of defence.

Join this session to understand:

• How behavioural data science from the ad-tech world is being used to baseline normal in order to find what is abnormal
• New insights and controls over protecting against supply chain attacks
• Account takeover techniques and measures that can be taken to help protect against them