9:30am - 1:30pm AEST
11:30pm - 3:30pm NZST
.png?width=600&height=300&name=0768%20CISO%20Logo%20(1).png)
Day 1 - 17 August
10:00
KEYNOTE PANEL: How the CISO role is changing and strategies to keep up
CISOs committed to creating risk awareness and building a cybersecurity driven culture are facing a number of challenges, from getting senior management buy-in, to implementing organisational change and engaging employees. During this session, our panellists will share their experiences on:
- Successful ways of shifting from a technical to a strategic role
- Building empathy when having strategic conversations
- Quantifying and reporting risk assessment metrics to the board to get senior-level support and funds
- Working across departments to ensure strategic decisions meet the company’s risk appetite
Speaking:
Daisy Wong
Cyber Culture & Engagement Lead, Department of Premier and Cabinet (VIC)
Venkat Balakrishnan
CISO, TAL
Damien Manuel
Director, Cyber Security Research and Innovation Centre
Charles Sterner
CISO, AARNet
KEYNOTE PANEL: How the CISO role is changing and strategies to keep up
August 17 | 10:00 - 10:43
CISOs committed to creating risk awareness and building a cybersecurity driven culture are facing a number of challenges, from getting senior management buy-in, to implementing organisational change and engaging employees. During this session, our panellists will share their experiences on:
- Successful ways of shifting from a technical to a strategic role
- Building empathy when having strategic conversations
- Quantifying and reporting risk assessment metrics to the board to get senior-level support and funds
- Working across departments to ensure strategic decisions meet the company’s risk appetite
Speaking:
10:43
Measuring the effectiveness of security programs
- What are the biggest challenges when getting buy-in from top management?
- How to encourage everybody to take ownership of cyber?
- Why leaders must be committed to continually improve their teams’ skills and knowledge in IT and cybersecurity – and how do to this?
- Exploring business cases of companies that are successfully achieving this
Speaking:
Dave Lewis
Global Advisory CISO, Duo Security at Cisco
Measuring the effectiveness of security programs
August 17 | 10:43 - 11:10
- What are the biggest challenges when getting buy-in from top management?
- How to encourage everybody to take ownership of cyber?
- Why leaders must be committed to continually improve their teams’ skills and knowledge in IT and cybersecurity – and how do to this?
- Exploring business cases of companies that are successfully achieving this
Speaking:
11:10
Successfully leveraging culture in the era of cybersecurity
- What are the biggest challenges when creating risk awareness and building a cybersecurity driven culture?
- How to encourage everybody to take ownership of cyber
- Making cybersecurity a shared responsibility in the business
- Exploring business cases of companies that are successfully overcoming these challenges
Speaking:
Jason Anderson
CISO, QSuper
Successfully leveraging culture in the era of cybersecurity
August 17 | 11:10 - 11:26
- What are the biggest challenges when creating risk awareness and building a cybersecurity driven culture?
- How to encourage everybody to take ownership of cyber
- Making cybersecurity a shared responsibility in the business
- Exploring business cases of companies that are successfully overcoming these challenges
Speaking:
11:26
PANEL DISCUSSON: Embracing the future of work with confidence
Ransomware and other significant cyber breaches over the last year demonstrate weaknesses in the current state of our cybersecurity. But this is an excellent opportunity for those that understand the challenges to make a shift and implement the cybersecurity capabilities necessary to protect and defend enterprises. Join Zscaler and Bupa as we take part in a panel to discuss:
- The threat landscape and weaknesses in the current state of our cybersecurity
- With more people working remotely, users and workflows are changing. How has the increase in remote work impacted organisations’ security strategies?
- How can CISOs enable digital transformation for the business, while keeping their organisations secure?
Speaking:
John Ellis
CISO, BUPA
Danny Connelly
CISO, AMS and Public Sector, Zscaler
Steve Singer
Country Manager, ANZ, Zscaler
PANEL DISCUSSON: Embracing the future of work with confidence
August 17 | 11:26 - 11:44
Ransomware and other significant cyber breaches over the last year demonstrate weaknesses in the current state of our cybersecurity. But this is an excellent opportunity for those that understand the challenges to make a shift and implement the cybersecurity capabilities necessary to protect and defend enterprises. Join Zscaler and Bupa as we take part in a panel to discuss:
- The threat landscape and weaknesses in the current state of our cybersecurity
- With more people working remotely, users and workflows are changing. How has the increase in remote work impacted organisations’ security strategies?
- How can CISOs enable digital transformation for the business, while keeping their organisations secure?
Speaking:
11:44
Cyber through a CX lens
Speaking:
Jen Waugh
Senior Manager, Information Security, Pepper Financial Services
Cyber through a CX lens
August 17 | 11:44 - 11:57
Speaking:
11:57
How companies are tackling their biggest cybersecurity challenges
Join this session for a deep-dive on issues around emerging cyber threats & how an identity centric approach can mitigate risk, improve fraud detection & prevention and bridge the gap between physical and cybersecurity.
Speaking:
Richard Bird
Chief Customer Information Officer, Ping Identity
How companies are tackling their biggest cybersecurity challenges
August 17 | 11:57 - 12:22
Join this session for a deep-dive on issues around emerging cyber threats & how an identity centric approach can mitigate risk, improve fraud detection & prevention and bridge the gap between physical and cybersecurity.
Speaking:
12:22
Progressing your vulnerability assessments
- Exploring ways to identify and block up gaps and exploit points
- What are we doing wrong?
- Best approach for Vulnerability management
- Having a holistic view of VM
Speaking:
Nimesh Mohan
Group Threat and Vulnerability Lead at Coca Cola Europacific Partners
Progressing your vulnerability assessments
August 17 | 12:22 - 12:41
- Exploring ways to identify and block up gaps and exploit points
- What are we doing wrong?
- Best approach for Vulnerability management
- Having a holistic view of VM
Speaking:
12:41
Building resilience, leading during a world of disruptions
- We have seen considerable vulnerabilities; what are leaders doing building focusing their strategies with business outcomes
- Considerations for every leader looking at the Australian regulation requirements
- Building a checklist for success in your business
Speaking:
Corne Mare
CISO, Fortinet
Building resilience, leading during a world of disruptions
August 17 | 12:41 - 13:02
- We have seen considerable vulnerabilities; what are leaders doing building focusing their strategies with business outcomes
- Considerations for every leader looking at the Australian regulation requirements
- Building a checklist for success in your business
Speaking:
1:02
An overview of cyber security threats to Industrial Control Systems and Critical Infrastructure
Industrial control systems (ICS) form the backbone supporting essential industries including electricity, gas, water and waste services, construction, agriculture, mining, manufacturing, transport, postal, and warehousing sectors. These industries not only significantly contribute to the Australian economy, but also support several other industries such as healthcare and tourism. Due to the criticality to everyday life and economy, ICS are usually considered by many as ‘critical infrastructure’. In this talk, I will cover the main threats critical infrastructure stakeholders are experiencing, and describe possible approaches to countering them. I will also demonstrate some recent works focusing on detecting these threats. I will also introduce the work conducted at the UQ Industry 4.0 Energy TestLab, a digital twin funded by the Australian Government’s Department of Industry, Science, Energy and Resources, UQ, and Siemens, with realistic scenarios supplied by several industry partners mimicking energy production and consumption, manufacturing and a wide range of control automation configurations.
Speaking:
Ryan Ko
Chair and Director of Cyber Security, University of Queensland
An overview of cyber security threats to Industrial Control Systems and Critical Infrastructure
August 17 | 13:02 - 13:31
Industrial control systems (ICS) form the backbone supporting essential industries including electricity, gas, water and waste services, construction, agriculture, mining, manufacturing, transport, postal, and warehousing sectors. These industries not only significantly contribute to the Australian economy, but also support several other industries such as healthcare and tourism. Due to the criticality to everyday life and economy, ICS are usually considered by many as ‘critical infrastructure’. In this talk, I will cover the main threats critical infrastructure stakeholders are experiencing, and describe possible approaches to countering them. I will also demonstrate some recent works focusing on detecting these threats. I will also introduce the work conducted at the UQ Industry 4.0 Energy TestLab, a digital twin funded by the Australian Government’s Department of Industry, Science, Energy and Resources, UQ, and Siemens, with realistic scenarios supplied by several industry partners mimicking energy production and consumption, manufacturing and a wide range of control automation configurations.
Speaking:
1:40
Close of Day One
Close of Day One
August 17 | 13:40
Speaking:
Day 2 - 18 August
10:00
PANEL: CISOs reveal the secrets to break through governance complexity
- Defining your company’s control and security policies
- Defining a desired cybersecurity maturity matrix for the organisation
- Shifting traditional mindset for compliance framework
- Identifying best practices for meeting standards and regulatory requirements
Speaking:
Gladwin Mendez
Data and Technology Operations Officer, Fisher Funds
Jo Stewart-Rattray
Chief Security Officer, Silver Chain Group
Amit Chaubey
Cyber Ambassador, AustCyber & Deputy Chair, AISA
Joseph Carson
Chief Security Scientist (CSS) and Advisory CISO, ThycoticCentrify
PANEL: CISOs reveal the secrets to break through governance complexity
August 18 | 10:00 - 10:45
- Defining your company’s control and security policies
- Defining a desired cybersecurity maturity matrix for the organisation
- Shifting traditional mindset for compliance framework
- Identifying best practices for meeting standards and regulatory requirements
Speaking:
10:45
Establishing Zero Trust Security, One Step at a Time
Last year, the business community was forced to adapt to a new era of distributed work—and cyber threats have adapted right along with them. Between unsecured home WiFi networks and the rise in personal devices accessing company resources, the opportunities for data theft have risen as teams have dispersed. What are the best-practice models for securing it? Why is continuing to rely on traditional approaches courting disaster? What are the steps you must take to implementing Zero Trust across your ecosystem? What are the top trends in Identity Management and how can your organisation leverage these for customer success? In this session, Sami will focus on:
- The full Zero Trust reference architecture and steps to get there
- Why Identity is the foundational layer to build contextual access controls from
Speaking:
Sami Laine
Director, Technology Strategy, Okta
Establishing Zero Trust Security, One Step at a Time
August 18 | 10:45 - 11:05
Last year, the business community was forced to adapt to a new era of distributed work—and cyber threats have adapted right along with them. Between unsecured home WiFi networks and the rise in personal devices accessing company resources, the opportunities for data theft have risen as teams have dispersed. What are the best-practice models for securing it? Why is continuing to rely on traditional approaches courting disaster? What are the steps you must take to implementing Zero Trust across your ecosystem? What are the top trends in Identity Management and how can your organisation leverage these for customer success? In this session, Sami will focus on:
- The full Zero Trust reference architecture and steps to get there
- Why Identity is the foundational layer to build contextual access controls from
Speaking:
11:05
People-driven decision making during a crisis
- How to take a people-centric approach when managing and responding to incidents?
- Human-factors to be considered during cybersecurity exercises
- Predicting risks and anticipating how prepared you are for an attack
- What are the best strategies to minimise financial and reputational losses as a result of cyber-attacks?
Speaking:
Daminda Kumara
Head of Cyber Security & Risk, Wesfarmers Industrial Safety
People-driven decision making during a crisis
August 18 | 11:05 - 11:21
- How to take a people-centric approach when managing and responding to incidents?
- Human-factors to be considered during cybersecurity exercises
- Predicting risks and anticipating how prepared you are for an attack
- What are the best strategies to minimise financial and reputational losses as a result of cyber-attacks?
Speaking:
11:21
Autonomous Self-Learning AI: Redefining Enterprise Security
In this new era of cyber-threat, characterized by both slow and stealthy attacks and rapid, automated campaigns, static and siloed security tools are failing - and the challenge has gone beyond one that is human-scalable. Organizations need to urgently rethink their strategy to ensure their systems, critical data and people are protected, wherever they are. Today’s Autonomous, Self-Learning defences are capable of identifying and neutralizing security incidents in seconds, not hours - before the damage is done
In this session, learn how self-learning AI:
- Detects, investigates and responds to threats – even while you are OOTO
- Protects your entire workforce and digital environment - wherever they are, whatever the data
- Defends against zero-days and other advanced attacks – without disrupting the organization
Speaking:
Hayley Turner
Director of Industrial Security, APAC, Darktrace
Autonomous Self-Learning AI: Redefining Enterprise Security
August 18 | 11:21 - 11:44
In this new era of cyber-threat, characterized by both slow and stealthy attacks and rapid, automated campaigns, static and siloed security tools are failing - and the challenge has gone beyond one that is human-scalable. Organizations need to urgently rethink their strategy to ensure their systems, critical data and people are protected, wherever they are. Today’s Autonomous, Self-Learning defences are capable of identifying and neutralizing security incidents in seconds, not hours - before the damage is done
In this session, learn how self-learning AI:
- Detects, investigates and responds to threats – even while you are OOTO
- Protects your entire workforce and digital environment - wherever they are, whatever the data
- Defends against zero-days and other advanced attacks – without disrupting the organization
Speaking:
11:44
INTERNATIONAL PRESENTATION: Creating a cybersecurity driven culture
- What are the biggest challenges when creating risk awareness and building a cybersecurity driven culture?
- How to encourage everybody to take ownership of cyber?
- How leaders can continually improve their teams’ skills and knowledge in IT and cybersecurity
- Exploring business cases of companies that are successfully achieving this
Speaking:
Thavaselvi Munusamy
Security GRC Lead, Digi Telecommunications & Academics Director, ISACA Malaysia Chapter
INTERNATIONAL PRESENTATION: Creating a cybersecurity driven culture
August 18 | 11:44 - 12:00
- What are the biggest challenges when creating risk awareness and building a cybersecurity driven culture?
- How to encourage everybody to take ownership of cyber?
- How leaders can continually improve their teams’ skills and knowledge in IT and cybersecurity
- Exploring business cases of companies that are successfully achieving this
Speaking:
12:00
Securing your software supply chain. How to leverage software and drive innovation, securely.
Nearly every organisation today relies on software to operate. This software is a product of a complicated, interconnected supply chain in which organisations may not have visibility of the vulnerabilities. Yet, the consequences of successful cyber attacks through the supply chain can be severe. In this session Ken Mizota, Director, Platform at Rapid7, will cover why you should be focusing on your software sources and how to prevent, detect and respond to incidents in your supply chain.
Speaking:
Ken Mizota
Regional CTO, APAC, Rapid7
Securing your software supply chain. How to leverage software and drive innovation, securely.
August 18 | 12:00 - 12:16
Nearly every organisation today relies on software to operate. This software is a product of a complicated, interconnected supply chain in which organisations may not have visibility of the vulnerabilities. Yet, the consequences of successful cyber attacks through the supply chain can be severe. In this session Ken Mizota, Director, Platform at Rapid7, will cover why you should be focusing on your software sources and how to prevent, detect and respond to incidents in your supply chain.
Speaking:
12:16
The convergence of physical and cyber security – what does it mean to businesses?
- Understanding how IT is converging with OT and how to protect them in the network
- How to overcome the increase of cyber risk to industrial control?
- Adopting cybersecurity strategies across your ICT (industry control systems)
- Key cybersecurity considerations of networks, IoT devices security, mobile and the cloud
Speaking:
Vijay Varadharajan
Director of Advanced Cyber Security Engineering, University of Newcastle
The convergence of physical and cyber security – what does it mean to businesses?
August 18 | 12:16 - 12:51
- Understanding how IT is converging with OT and how to protect them in the network
- How to overcome the increase of cyber risk to industrial control?
- Adopting cybersecurity strategies across your ICT (industry control systems)
- Key cybersecurity considerations of networks, IoT devices security, mobile and the cloud
Speaking:
12:51
The Risks of Open Source in the Software Supply Chain
The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns.
In this talk, Lawrence Crowther, Head of Solutions Engineering, APJ @ Snyk will cover:
- Risks of using the open-source code in the software supply chain
- Insights into how to secure applications across the SDLC
- Examples of how attackers use different techniques to exploit open-source libraries with a live hack demo
Speaking:
Lawrence Crowther
Head of Solutions Engineering APJ, Snyk
The Risks of Open Source in the Software Supply Chain
August 18 | 12:51 - 13:16
The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns.
In this talk, Lawrence Crowther, Head of Solutions Engineering, APJ @ Snyk will cover:
- Risks of using the open-source code in the software supply chain
- Insights into how to secure applications across the SDLC
- Examples of how attackers use different techniques to exploit open-source libraries with a live hack demo
Speaking:
1:16
Strategies to simplify cybersecurity compliance
- Defining a desired cybersecurity maturity matrix for the organization
- Breaking through traditional mindset for compliance framework
- Identifying best practices for meeting standards and regulatory requirements
Speaking:
Krishna Kasi
Vice President, IT Audit, BNP Paribas
Strategies to simplify cybersecurity compliance
August 18 | 13:16 - 13:40
- Defining a desired cybersecurity maturity matrix for the organization
- Breaking through traditional mindset for compliance framework
- Identifying best practices for meeting standards and regulatory requirements
Speaking:
1:50
Close of Day Two
Close of Day Two
August 18 | 13:50