CISO Sydney schedule

In this 10-minute networking session, the goal is to connect with three new people. Let the questions on the screen spark your conversation. Enjoy the opportunity to expand your network!

• Discuss the rapidly evolving landscape of cyber security threats and their profound impact on business success.
• Highlight the transformational power of aligning technology risk with your core business strategy, creating a strong defence against emerging threats.
• Emphasise the importance of building and nurturing a resilient workforce, equipped to tackle the evolving challenges of the digital age.

Cyber security can seem like an unrewarding career. Preventing breaches depends on a variety of factors, including the company's risk-appetite, senior management buy-in and adequate budgets. If the company is not hacked, whether you have a robust and mature cyber strategy or just luck, you're just doing your job. But if it is does, the cyber team often gets the blame. It's essential for CISOs to ensure their teams are motivated and engaged. During this interview, we will review KPIs and discuss successful ways to ensure the wellbeing of the team and prevent burnout.

Interviewer:

Chirag Joshi, Founder & CISO, 7 Rules Cyber

Interviewee:

Jan Zeilinga, CISO, James Cook University

With evolving Australian regulations, enterprises are facing stricter mandates for securing sensitive data. Protecting is no longer just a best practice—it’s a business imperative. This session will explore key data protection requirements, including enhanced encryption, stricter access controls, and stronger authentication mechanisms.

Join us to understand how to turn compliance challenges into security advantages while staying ahead of regulatory demands.

• An overview of new security regulations and standards affecting Australian businesses
• Complying with SOCI, SoNS, CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, AESCSF, NIST and Essential 8
• Insights into the current proposed legislation NIS 2.0 and DORA, which have been said to be the GDPR for Information Security
• Strategies to balance the benefits against the cost-impact of compliance based on the enterprise’s risk appetite 

Panellists:

Nathan Lewis, Head of Cyber, Technology and Data Risk, Newcastle Permanent

Gaurav Vikash, Head of Security and Risk, APAC, Axon Enterprise

Sebastian Tymoszuk, CISO, Autosports Group

Umair Zia, Head of Cyber Security, Sydney Local Health District

Marc Airo-Farulla, Regional Sales Director, Entrust

As digital transformation accelerates across industries, the need for secure, scalable, and resilient applications has never been more critical. This session delves into best practices and innovative strategies for ensuring application security in dynamic and complex environments. From integrating Static Application Security Testing (SAST) and Software Composition Analysis (SCA) into modern CI/CD pipelines to addressing unique challenges posed by containerized applications in Kubernetes, we’ll explore practical approaches to safeguard software throughout its lifecycle. Attendees will gain actionable insights into building resilient security postures, fostering collaboration between development and security teams, and aligning security practices with the pace of digital innovation.

Join us to discover how to future-proof your applications and secure the foundation of your digital initiatives.

• Understanding the risks and implications of AI and how it will change our threat landscape
• Influencing and guiding the business to make strategic investment decisions
• How cyber leaders are successfully governing the use of AI
• How can AI be used in cyber defence?

Credentials, API tokens, certificates, keys. All these secrets are growing at a rapid rate as we work towards building least privilege patterns. This proliferation introduces significant challenges for visibility, lifecycle, and user experience, and poses significant risk when they fall into the hands of bad actors. During this session, we will look at the necessary shifts that you need to make to keep your secrets safe.

In recent years, with the increasing activity and exploitation of organisations; governments have started to see the importance of Information Security.

To address this governments have been implementing legislation and regulations around Information Security, to ensure that critical systems and infrastructure are protected.

Europe last year released their versions which will come into effect in 2024 and 2025, that looks to address Information Security in Europe.

These new directives and regulations could have implications and impacts, for any business working with EU organisations.

Moderator: 
Chirag Joshi, Founder & CISO, 7 Rules Cyber

Panellists:

Jihad Zein, Global Head of GRC, Technology, Toll Group

Matthew Duckworth, Director, IT Risk and Security, MetLife Australia

Leron Zinatullin, CISO, Linkly 

• Strategies to increase awareness of AI risks to senior management and the board to support informed business decisions
• How can cyber leaders collaborate with regulatory bodies to create effective AI security standards and guidelines
• Overview of the ISO/IEC CD 27090 guidance and ASD’s Guidelines for Secure AI System Development – where to from here

Moderator:

Chirag Joshi, Founder & CISO, 7 Rules Cyber

Panellists:

Nathan Lewis, Head of Cyber, Technology and Data Risk, Newcastle Permanent

Pearse Courtney, Cyber Project Manager, AEMO

Robin Long, CTO, Rapid7

In today's fast-paced digital world, the security landscape is evolving rapidly, presenting organisations with increasingly sophisticated challenges. As Australia aims to achieve ambitious security objectives, the demand for cost-effective, high-impact security solutions is escalating. One area of immense potential lies within Domain Name System (DNS) technology, yet many organisations lack a comprehensive understanding of its pivotal role in modern security strategies.

This session will shed light on the vulnerabilities inherent in DNS, the diverse array of threats exploiting the protocol, and innovative security approaches harnessing DNS and related network services to fortify organisations against evolving cyber threats. Attendees will learn about the importance of DNS, its vulnerabilities, and how to leverage DNS for defence, gaining valuable insights into threat detection and mitigation to bolster their security posture.

• Integrate offensive security teams into a proactive risk management strategy to prioritise and address critical vulnerabilities.
• Foster a culture of continuous improvement within teams to stay agile and responsive to evolving threats.
• Align offensive security efforts with organisational risk reduction goals, ensuring they support broader security objectives.
• Apply offensive security skills beyond traditional penetration testing to identify emerging threats and reinforce the organisation's overall risk posture

In today’s rapidly evolving digital landscape, identity fraud poses a significant threat to organizations, costing billions annually and damaging customer trust. From account takeovers and synthetic identities to sophisticated impersonation scams, fraudsters are becoming more adept at exploiting vulnerabilities.

Join us for a session  tailored for Security & IAM professionals, where we will explore:
- Emerging Threats: A deep dive into the latest trends in identity fraud, including account takeovers, new account fraud, and the risks posed by bots and advanced impersonation techniques.
- Proven Mitigation Strategies: Discover how a layered identity approach with real-time risk assessment, dynamic fraud detection, and secure authentication methods can protect your organization without compromising user experience.
- Future-Proofing IAM Systems: Learn about scalable, AI-driven fraud detection technologies and identity orchestration that integrate seamlessly into existing IAM infrastructures.

This session will equip you with actionable insights to strengthen your organisation’s defences while ensuring seamless and secure user journeys. Don’t miss this opportunity to stay ahead in the fight against identity fraud!

• Effective ways to influence boards and senior management on how security is aligned with the business goals
• Engaging the Steering Committee: How to get cross-functional representatives to be security cheerleaders
• The power of joining forces to assess risks, implement security controls, and ensure tech infrastructure is compliant to regulations

Moderator:

Madhuri Nandi, Head of Security, Nuvei

Panellists:

Vasyl Nair, Group CEO, Mine Super

Christopher Johnson, Group Head of Technology, Charter Hall

Saleshni Sharma, Regional CISO, Berkley

Catherine Rowe, Former Global CISO, ex-QBE

Risk management is a crucial aspect of every organisation. The basic process is to identify potential risks, assess their impact, and implement strategies to mitigate them. Data analytics plays a vital role in risk management by providing insights into potential risks and helping organisations make informed decisions. Additionally, data analytics closes the risk management loop through assessing the effectiveness of mitigation strategies. Historical data, both external and internal, enables an organisation to evaluate the efficacy of previous initiatives and identify areas for further improvement.

So how can you add data analytics to your Cyber Risk Management process? Let's discuss the risks of this promising venture and the potential sweet spot for your organisation.

In the ever-evolving landscape of cyber security, the path to leadership is often as unpredictable as the threats we face. In this presentation, we’ll explore successful ways to become an effective leader in a critical domain. Attendees will gain a deeper understanding of the strategic and operational adjustments required, the importance of rapid learning and adaptation, and the value of leveraging diverse experiences to build a resilient security posture.

• What are the key challenges organisations face when implementing identity access management?
• What are your recommendations to navigate these challenges?
• What does a successful approach look like?
• How can IAM help safeguard organisations upgrading business operations, modernising aging infrastructure, and protecting network perimeters, and scaling up?

Effective ways to educate – engaging diverse people with cybersecurity and online safety

People centric – adopting an in-person tone and using real-life examples of how a cyberattack can impact everyone’s lives

Relevant – what’s in it for them and why they should care

Providing resources – setting clear expectations and providing resources

 

Moderator:

Lisa Dethridge, Research Fellow, RMIT University

Panellists:

Hani Arab, CIO, Seymour Whyte

River Nygryn, CISO, HammondCare

Naveen Sharma, Head of Information Security, Superloop

• Explore the latest methods cybercriminals use to exploit human vulnerabilities to access sensitive information and compromise systems.
• Learn strategies to build organisational awareness and defences to mitigate the risks associated with social engineering.
• Discover how fostering a culture of cyber security awareness can empower employees reducing susceptibility to social engineering attacks and enhancing overall resilience.

In today’s rapidly evolving digital landscape, real-time data is revolutionising the way critical infrastructure organisations manage and secure their IT environments. This insightful presentation by Tanium delves into the transformative power of real-time data, highlighting three key pillars: 

• Cyber Hygiene: How to fortify your defences and make it increasingly difficult for adversaries to penetrate your systems. 
• Security: Learn how to swiftly detect breaches, understand the extent of intrusions, and implement effective response measures to mitigate damage. 
• Compliance: How real-time data super charges data collection, remediation and uplifts Essential 8 Maturity levels faster. 

Join Matt as he explores how leveraging real-time data can enhance your cyber resilience, providing a robust shield against ever-evolving threats. 

• Importance of human factor to cyber security and why most cyber awareness efforts fail
• Tailoring security awareness programs to address cyber risks and business priorities
• Strategies to influence behaviour and create a cyber-safe culture

Moderator:

Jennifer Firbank, Cyber Security Strategy & Influence Principal, Telstra

Panellists:

Oliver Sebastian, Director, Information Technology, Landcom

Bradley Busch, Non-Executive Director, Shire Christian School

Sophia Barbour, Cyber Awareness and Intelligence Lead, Commonwealth Superannuation Corporation

Tom Scully, Principal Architect, Public Sector, Palo Alto Networks 

• Exploring the role of AI in cyber security, including how it’s currently implemented and making a real impact on defence and threat response.
• Discussing the challenges and key considerations for adopting AI in cyber risk management and choosing the right technologies for a broader strategy.
• Looking ahead to the future of AI in security, focusing on how organisations can measure its effectiveness and continue to strengthen their defences.

Interviewer:

Dan Haagman, Doctoral Security Researcher

Interviewee:

Lee Barney, GM Tech Security, TPG Telecom

• Uncover what lies ahead - a brief guide outlining key initiatives, strategic imperatives and the challenges that CISOs must navigate
• Deepen your understanding of the vision of the 2023-2030 Australian Cyber Security Strategy to empower you with actionable strategies to craft a path to success
• Learn about the key challenges and success factors identified for the strategy, including the need for long-term commitment, flexibility, and alignment with global allies

Cloud and AI are empowering organisations to meet their business goals quickly and effectively, however, also presents a tectonic shift for cyber security teams. Today, CISO’s are forced to enable the adoption of Cloud and AI use cases at the speed of dev, requiring new operating models to continue to protect their environments and eliminate critical risks. Join this session to learn how you can enable your team to build faster in the cloud, ensuring security, Dev and DevOps can work together in a self-service model built for the scale and speed of your cloud and AI developments.

• Exploring the importance of security architecture
• Several misconceptions about what security architects do
• 3 important jobs of security architect and how they differ
• Making it easy and fast for business

In today's digital landscape, managing your attack surface and prioritizing vulnerabilities are crucial for robust cybersecurity. Join us for a 20-minute session where we'll explore effective strategies to identify, assess, and mitigate potential threats. Learn how to streamline your vulnerability management process and allocate resources efficiently to safeguard your organization against cyberattacks.

Secrets such as APIs, tokens, valid and stolen credentials act as keys to unlock protected resources. They are the leading threat vector for data exposures and breaches of enterprise SaaS applications. In this session, learn the anatomy of a SaaS breach and best practices to build a viable SaaS threat model.

This session explores how to leverage technology effectively to handle complex security challenges while enabling small, agile teams to focus on high-impact tasks. Learn how to choose the right vendors, avoid vendor lock-in, and navigate bold claims to make informed, secure business decisions. Discover practical strategies for balancing security needs with business agility, ensuring security teams act as enablers, making security stronger one business decision at a time – without becoming a 'no' factory.

• How security is changing and how to ideally address it
• The shift-left reality and how the solution didn't work
• The cost implications of a wrong security workflow
• How to make DevSecOps work, strategically 

Moderator:

Pablo Reys, Associate Director, DevSecOps National & Cyber Security, Optus

Panellists:

Chris Grisdale, Head of Information Security, hipages Group

Jess Thomas, Assistant Director Cyber Security Outreach, National Office of Cyber Security, Department of Home Affairs

Cody Kieltyka, CISO, Australian Payments Plus

Devraj Chakraborty, Head of Information Security APAC, ABN AMRO Clearing Bank

• How to leverage GRC as a strategic framework to drive continuous improvement in your cyber security capabilities and overall resilience
• Successful practices to advanced techniques for aligning GRC initiatives with your business objectives and key risk indicators to maximise the impact of your cyber investments
• Sharing practical approaches to navigating the challenges of implementing cyber into GRC strategy

Moderator:

Lisa Dethridge, Research Fellow, RMIT University

Panellists:

Madhuri Nandi, Head of Security, Nuvei

Siddharth Rajanna, Head of Cyber Security, Bingo Industries

River Nygryn, CISO, HammondCare

Peter Brooks, Head of IT, Billbergia 

Johann Filmalter, Senior AE GRC, Vanta

• What are the key challenges organisations face when implementing identity access management?
• What are your recommendations to navigate these challenges?
• What does a successful approach look like
• How can IAM help safeguard organisations upgrading business operations, modernising aging infrastructure, and protecting network perimeters, and scaling up?

Moderator:

Paul dos Santos, Group Head of Information Security, SG Fleet AU

Panellists:

Sebastian Tymoszuk, CISO, Autosports Group

Ilya Polyakov, Head of Identity Management, NSW Department of Planning, housing and Infrastructure

Senior representative, JumpCloud

• Importance of having a team who’s well-prepared and well-rehearsed during incidents to go through crisis
• Reactive Incident response vs Proactive Incident response – how well organisation manage that and how well those tasks are defined and segregated among defensive teams
• How much can we trust AI in the incident response capability? What place do AI and automation have in incident response – is it possible to embed it to a place where you can trust them?
• Taking the communication component seriously – strategies to prepare and prevent reputational losses because of cyber incidents

Moderator:

Edwin Kwan, Head of Cyber Security 

Panellists:

Siddharth Rajanna, Head of Cyber Security, Bingo Industries

Jayden Le, Global Head of IT & Security, Zoomo

Simona Dimovski, Technology & Security Expert

• Biometric authentication is gaining widespread adoption across industries as a means of enhancing security and user experience
• Opportunities and Challenges: Capitalising on promising opportunities for reducing password fatigue and improving user identity verification, while managing unique risks that come with it which require careful consideration
• Delve further into the multifaceted landscape of biometric authentication, discussing its key benefits, associated risks, real-world case studies, and actionable solutions for organisations aiming to harness its potential securely

Ransomware strategies because of the growing threat and potentially devastating consequences of attacks. With ransomware incidents increasing in frequency and cost, businesses aim to protect their valuable data, maintain operational continuity, avoid financial losses, and safeguard their reputation by implementing comprehensive prevention, detection, and response measures

Join us as we'll dissect a real-life cybersecurity breach, revealing the vulnerabilities exploited and the cascading consequences. We'll explore the attacker's methods, the organisation's response, and the aftermath. Most importantly, we'll extract crucial lessons to fortify our defenses and create a more resilient cybersecurity posture for the future.