CISO Sydney schedule

• How to keep OT and CI safe, secure, compliant, and available focusing on questions the boards can ask to assess progress
• The impact on critical infrastructure
• Strategies that can help reduce business risk
• Keeping it simple using security hygiene

In this session we’ll discuss taking a business-centric approach to delivering an all-hazards risk management strategy, and whether it’s a ‘one size fits all’ solution for every organisation.

We’ll also touch on three human challenges every strategy will encounter, and how we can potentially turn these challenges into strategic opportunities for our people and our organisations. Namely:

• Applying the 80/20 to people and culture;
• Using vulnerability to your advantage; and
• Balancing the ‘nurture and nature’ when building resilience.

• Exploring the most recent updates on the SOCI Act Reforms
• How will these affect your organisation moving forward?
• Better understanding companies’ obligations and exemptions
• Further clarification on contingency act and stepping power
• Overview of new plans and approaches to the reform

We’re told compromise is inevitable and to assume breach. When prevention fails, it’s lateral movement (speed, scale and extent of spread) that makes a cyber attack so damaging. Network segmentation isn’t new, but dynamic computing and distributed IT architectures have taken segmentation needs beyond the firewall. In this session we’ll explore how zero-trust segmentation mitigates lateral movement risk and helps organizations to:

• Reduce the attack surface
• Protect critical systems
• Separate environments
• Contain a breach to prevent a cyber disaster

Effective regulation for secure critical infrastructure is in everyone’s interest, and a strong government-industry partnership is crucial in managing risks and reducing regulatory burden. During this panel, we’ll explore challenges, concerns, and ideas on:

• What’s the cost impact to achieve and maintain CI compliance?
• Complying with CPS 234, CPG 234, CPG 235, and other standards
• Cross-sector support: how shared information and threat intelligence can be applicable across industries

Panel moderator:

Simon Bush, CEO, AIIA

Panellists:

Wouter Veugelen, Former CISO, Santos

Maryam Bechtel, CISO, AGL

Dave Cowan, CISO, Link Group

Faizal Janif, Executive Advisory Board Member, AISA

David Sandell, CEO & Managing Director, CI-ISAC

• Importance of human factor to cyber security and why most cyber awareness efforts fail
• Tailoring security awareness programs to address cyber risks and business priorities
• Strategies to influence behaviour and create a cyber-safe culture

Join Rowan as he introduces the Dragos ‘5 critical controls for world-class OT cyber security’. He’ll draw on a wealth of operational experience to provide practical examples of how each control can be implemented safely and effectively.

Each year, Dragos analysts conduct hundreds of assessments against critical infrastructure assets around the world. Despite the industry changing rapidly through new regulations, technology, and threats, there are a few key issues that appear and re-appear across the world. In the ‘2021 Year in Review’, Dragos identified five critical controls to address these issues, establish world-class cybersecurity, and improve operational environment resiliency.

While knowing where to focus is half the battle, knowing how and when to change can be just as challenging for operational environments. Rowan will pragmatically dissect each of the five controls and provide practical examples of basic, good, and advanced applications in real-world environments. This won't be a collection of anecdotes or war stories; bring a notepad and your best questions for someone who has ‘been there, tripped that’!

Finally, each of the controls will be considered against the changing Australian critical infrastructure regulations (SOCI) and Australian Energy Sector Cyber Security Framework (AESCSF) for commonality and pitfalls.

The legislation for critical infrastructure security offers great support for incident response. But recovering from cyber-attacks can be extremely challenging and costly for businesses. During this group discussion, you’ll brainstorm and share ideas with the group on how to create effective threat management and incident response strategies, and how to implement successful recovery and business continuity plans.

• What is cyber insurance and what is it for?
• What you need to know about insurance underwriting for your business
• What are the key considerations for organisations when thinking about cyber insurance?
• Adopting cyber insurance as part of your risk management strategy
• Strategies to be specific about your company’s needs to get premiums down

Comprehensively securing Critical Infrastructure of an existing legacy organisation can be tough. Seeking budgets could be tougher. A startup, with no legacy and small budgets, provides an ideal scenario to build cybersecurity in the core design of a company. We could translate some lessons from such a HealthTech journey into the cybersecurity initiatives of your organisation.

Speakers:

Samir Sinha, Co-founder CEO, Global Medics

Amit Chaubey, Cyber Security Advisor, Global Medics

Join our interactive wrap-up discussion to share your key take-aways from today’s sessions and hear how your peers will be address the Critical Infrastructure reforms moving forward. Key discussion points include:

• Understanding how the reform is applicable to your business
• Your new obligations related to your data storage or processing asset
• Government Assistance Measures: gather powers, action directions, and intervention powers
• Where to go and who to follow

Facilitator:
Jason Murrell, Group Executive, AustCyber 

• Not just one persona's responsibility to fix an appsec vulnerability
• Purposeful strategies of various personas coming together towards app sec vuln remediation and not being in silos
• App Sec starts with human behavior
• Win-Win towards releasing a secure deliverable

The talk will focus on the importance of Application Security Posture Management in today's digital world. The speaker will begin by explaining what Application Security Posture Management (ASPM) is and why it is critical for organisations to adopt this practice.

Getting more visibility into which applications have security issues is one thing, but ASPM strives to go further by bringing context from a variety of sources to help security and development teams focus on the most critical risks the business has right now.

You will leave this session knowing the tips and tricks for implementing an ASPM solution as well as the cultural changes required to adopt such a model.

• What security measures can be applied when using DevOps strategies?
• What approaches can be employed to prioritise these security measures?
• How can you and your team make effective assessments?
• The tools are there for a while – what are the cultural challenges of advancing your maturity model and how to address them?

As development technologies become more fast-paced, modular, and automated, the tools and practices used to secure the software that passes through these pipelines must evolve. While many application security testing (AST) tools can be integrated into pipelines, teams often struggle with complexity, performance, and noisy results. Injecting security into DevOps without sacrificing efficiency requires a concerted approach focusing on: 

• Running the right test at the right time and to the right depth
• Aligning remediation efforts with business risks
• Empowering developers to “secure” code as fast as they write it
• Modular AST that can be employed based on the software being tested
• Integration and automation that minimizes impediments, running necessary tests at appropriate times

During this interactive discussion, our panellists will discuss common challenges, share perspectives, and propose ideas and solutions to key challenges. Key discussion points include:

• What good and bad looks like for different organisations
• What are you measuring against? Do you have a benchmark?
• How do you know what you are measuring – and is that what you should be measuring?
• How to build metrics and understand what will lead you to effectiveness and success
• Final thoughts and conclusions

Moderator:

Jo Stewart-Rattray, Chief Security Officer, Silverchain

Panellists:

Alex Teseo,Cyber Security Manager, BetMakers

Matthew Flannery, DevSecOps Specialist

Join Kevin Fleming for a light-hearted presentation designed for developers to help improve their code readability and performance.

• How security is changing and how to ideally address it
• The shift-left reality and how the solution didn't work
• The cost implications of a wrong security workflow
• How to make DevSecOps work, for real

Edwin Kwan is a DevSecOps advocate and strong believer in having a developer focused approach towards embedding security into the software development life cycle. Trained as a software engineer, he transitioned into security 8 years ago and now heads up the application security and security advisory teams at an Australian financial services company.

• Application security design
• API security design
• Automated code reviews
• Application security pre-prod review

When building great user experience design, how can engineers and security leaders design great experienced in the lead to high compliance? How can they affect behavioural economics and behavioural psychology? How can they help users, develops, and end-users to behave the right way? Join this expert-moderated session to answer these – and many other – questions along with your peers.

Facilitator:
Kevin Fleming, Chief Technology Officer, ExperstDirect

• How the cybersecurity function can support the business to deliver key strategic goals
• Benefits of including cybersecurity as part of your organisation’s Environmental, social, and corporate governance (ESG) processes and frameworks

Cloud adoption is expanding rapidly, and with that expansion comes new complexities. The speed of growth and change in the cloud creates an ever-changing threat landscape. Wiz Research is at the forefront of the cloud's threat landscape and is behind the discovery of vulnerabilities like ChaosDB, ExtraReplica, AttachMe and OMIGOD. In this session, we will cover the major cloud threats recently seen by the Wiz Research team which includes supply chain risks, data exposure, API security threats, and attack patterns used by groups such as LAP$U$. This session summarizes key insights across customers, Wiz and third-party threat research, and numerous other sources

• Overview on the growing threats landscape and how it could impact our societies, businesses, and economies
• Bridging the talent gap for better security and resilience
• Advices for Australian organisations to support workforce training when adopting robust cyber security measures

As the severity of scams and frauds increase and cybercrime becomes more sophisticate than ever, staying ahead of the game is critical. During this session, you’ll hear how cybersecurity is “front of mind” for one of Australia’s largest banks by investing in the right skills, creating robust defence and control systems, and employing effective detection and response plans.

Three-quarters of Australian CISOs see human error as their organisation’s biggest cyber vulnerability. What if there was a way to stop rolling the human dice every day?

Learn how organisations can leverage advanced behavioural science and automation for informed and near instantaneous decision-making on what is good and what is bad email. As well as removing the increasing burden that is placed on employees as a last line of defence.

In this session we will discuss:

• Account takeover techniques and measures that can be taken to help protect against them
• New insights and controls over protecting against supply chain attacks
• The accuracy of advanced behavioural data science in identifying anomalous behaviour

During this session, Brad will share his personal when he was seriously injured in a bike accident’ He’ll share lessons learned, why cyber security professionals shouldn’t blame the victim and how to help their friends and organisations recover from data breaches and cyber-attacks.

With the threat of cyber warfare becoming ever more serious, every organisation needs a “this is not a drill” cyber-first recovery plan. If cyberattackers targeted your organisation, the most likely business-crippling scenario would be a direct attack on Active Directory (AD)—the system that authenticates users and grants access to business-critical applications and services. AD has become a prime target for cybercriminals—implicated in 90% of the incidents Mandiant researchers investigate—because it has systemic vulnerabilities and because it gives attackers the means to unleash devastating malware.

The NotPetya attack that crippled Maersk in 2017 was a harbinger of the chaos to come. In this session, we’ll examine the action plan every organisation needs to execute to protect against a business-disrupting cyber incident.

• How long does an incident response take usually and what normally brings down the AD?
• How common is it that the Active Directory is used in a data breach ransomware scenario?
• What does ADFR require to be able to recover AD?

CISOs committed to creating risk awareness and building a cybersecurity driven culture are facing several challenges, from getting senior management buy-in, to implementing organisational change and engaging employees. During this session, you’ll explore:

• What are the biggest challenges when getting buy-in from top management?
• Successful ways of incorporating cybersecurity into the organisation’s risk management strategy
• How to encourage everybody to take ownership of cyber?
• Why leaders must be committed to continually improve their teams’ skills and knowledge in IT and cybersecurity – and how do to this?

Moderator:
Kevin Fleming, Chief Technology Officer, ExperstDirect

Panellists:

Frances Bouzo, CISO, Ampol

Anna Aquilina, CISO, UTS

Jo Stewart-Rattray, Chief Security Officer, Silverchain

Grant Lockwood, CISO, Virtus Health

Varun Acharya, CISO, Healthscope

• How to go about defining your Cyber Security Strategy?
• What metrics should you use to measure progress and success of the strategy?
• What frameworks should you consider when building the Cyber Security Strategy?
• What are example capabilities to consider?
• What does your roadmap look like?
• What budget will you be asking for per year based on the roadmap?
• How do you plan on operating these capabilities?

As more organisations look to align to the Essential Eight many are finding significant challenges around the aspects of removing Admin Privileges, Application Control and User Application Hardening. Yet as many organisations are finding, leveraging a modern Privilege Access Management solution can provide significant coverage across the requirements of the Essential Eight and more.

Join Scott Hesford, Director of Solutions Engineering, APJ, BeyondTrust, as he dives into some of the more challenging aspects of the Essential Eight and, bringing first-hand experience, shows you how you can solve many of the challenges you might be facing in adopting the Essential Eight. 

By attending this session, you will learn:

• How modern PAM helps organisations cover multiple aspects of the Essential Eight
• Where you can leverage the Essential Eight for your zero-trust journey
• Key questions to ask in consideration to Application Control and User Application Hardening

There’s a cyber superpower out there, but have you discovered them yet? If you’ve discovered them, have you brought them into the tent? When it all goes pear shaped, they’ll be the second call you make (after your boss!) When all is going well, you’ll want to speak to them regularly to drive strong security outcomes. Let me introduce them to you and share the why and how. You’ll want one too! 

Businesses have embraced digital to engage with their customers. As quickly as brands have delivered digital experiences, bad actors have been just as fast in figuring out how to use credential stuffing, account takeover, and other types of attacks to their advantage. Keeping pace in this rapidly evolving threat landscape requires businesses to look for innovative ways to build experiences that optimize both security and convenience. But, ensuring one doesn’t overshadow the other often requires multiple integrations and custom development that adds internal friction and slows down innovation. A customer identity strategy that expands beyond access management, but includes fraud detection and identity verification capabilities that can seamlessly be orchestrated together can eliminate integration challenges and drive innovation. Join this session to learn Ping Identity’s drag-and-drop approach to customer identity that streamlines bringing together all the tools a business needs to rapidly build, test and optimize end-to-end customer journeys.

• How to effectively translate threat to risk to the board and the teams
• Human-issue in risk management – improving culture through intelligence models
• Eliminating risks by improving your asset x threat x vulnerability model – hype or reality?

• How the lack of understanding and false sense of security impacts your cloud journey
• How save your data really is when you move to the cloud?
• What factors you must consider to ensure you are getting a reliable, secure product
• Strategies to trust and rely on your providers with a full, clear picture of what you are getting as part of your contract

Securing the cloud is a never-ending task that becomes more challenging each year as clouds accrue new features and functionality. The same can be said for the ever increasing responsibilities and mandates expected of CISOs, including driving the probability of intrusions, data exfiltration, ransomware, etc., to effectively zero. With new technologies and tools come great opportunities for businesses; however, if they are not used appropriately and securely, they can do more damage than good. In this session we will address the elephant in the room: how can CISO’s do more with less, while ensuring the integrity of their resilience based security architecture, and prepare for enterprise obstacles and opportunities ahead.

In a world where the pressure to deliver new and innovative ICT capability is only ever growing, and the threat actors are also increasingly sophisticated and pervasive, how can companies ensure they meet these challenges whilst still ensuring cyber resilience? During this interactive discussion, hear challenges and benefits of SOC Automation, explore experiences and lessons learned, and discuss different ways of improving and driving efficiency of your SOC.

With the growth of the digital services industry and AI technologies, data has arguably become one of the most valuable economic resources of the modernized economy. However, it is also becoming increasingly the most regulated and riskiest to handle.

The emergence of the GDPR in Europe, which is based on a set of comprehensive principles and obligations for data controllers, extra-territorial application, and strict enforcement mechanisms has been followed by countries and jurisdictions around the world passing similarly prescriptive data privacy and protection laws all with their own unique requirements.

Today more than 200+ countries have passed data privacy and protection laws which keep getting more complex and demanding - countries like New Zealand, Indonesia, and India are now also morphing these regulations into Data Protection and Privacy requirements including for Sensitive Data. Australia is also embarking on its own uplifts to Privacy Laws.

The scope of responsibilities for data controllers under these global data privacy and protection laws are also growing - with many modern

Thus, organizations in APAC are encountering experiences in which they are seeing Data Sovereignty Laws as well as banking regulations around PII and MetaData that require audit and compliance at cloud scale.

We will explore the organizational impacts we are seeing across the region in meeting these challenges.

• The key impacts and considerations for organizations who are impacted by the merger of PI and SI into multiple regulations
• Technology is being developed and adopted to help organizations to manage these regulations at scale and where possible autonomously
• An overlap of roles and responsibilities across Policy, Classification, and Protection is occurring and the adoption of cloud and multicloud is accelerating this

• Exploring the most common industry security standards and cloud control framework
• How to choose the right standard and bring it to life in your cloud practices
• Striving for on-going compliance - when independent control assurance is needed?

In a world where the information age is at its zenith, with hundreds of thousands of applications being launched every day, the use and demand for application programming Interfaces (APIs) has increased significantly. Powered by open web technologies, APIs have transformed interdependence and partnerships between various commercial enterprises and sectors, allowing them to extend their offerings through in-app connections. With increased API usage, however, comes with it complications -- a major one being security. 
In this session, cyber security experts from Orca Security, Daniel Keidar and Scott van Kalken, will share how the company’s first patented agentless cloud security technology helps security teams identify and address API misconfigurations and security risks across a multi-cloud environment.

Gil Geron, Co-Founder, Orca Security

Daniel Keidar, Associate Vice President, Orca Security

Scott van Kalken, Senior Systems Engineer, Orca Security

It's said that smooth seas never make skilled sailors. If you're a cyber security leader, the good news then is that you definitely don't have "smooth seas" to reckon with. The challenging times presented by increasing connectivity, speed of business transformation, evolution of cyber threats and ever rising expectations can and do overwhelm even the best amongst us.  
This unique session will focus on providing cyber leaders with tangible, real-world tips to build the right mindset, emotional intelligence and differentiating skills that will allow them to deliver massive value to their organisations and optimise their own well-being. 

• Understanding cyber risks in a quantifiable way
• How to demonstrate the value of risks to the executive management
• What are the biggest challenges when getting buy-in from top management?
• Communication effectiveness: putting yourself in the boss’ shoes and delivering the right message

• How can CISOs speak the CEOs’ language?
• What does the board expect from CISOs when evaluating and reporting inherent and evolving risks?
• How can the board support CISOs in conducting a cybersecurity mission & strengthening their posture?
• Working together in mastering the company’s digital governance & risk management practices
• Exploring challenges and opportunities to adopt a secure-by-design approach in the business

Panellists:

Greg Sawyer, CEO, CAUDIT

Walter Kmet, CEO, Macquarie University Hospital

Vasyl Nair, CEO, Mine Super

Faizal Janif, Executive Advisory Board Member, AISA

To be successful, today’s CISO needs to bring more than their security acumen to the table. The role has expanded exponentially to address executive and board concerns, endless business challenges and customer and product confidence. While positive outcomes are the goal, it is critical for CISOs to work with full transparency to protect the business and themselves. In this session Gail will share best practices from her experience negotiating the evolving role of the CISO in an expanding threat landscape.

• How has the threat landscape evolved in Australia?
• How malicious cyber activities are impacting organisations across the country?
• What strategies can organisations adopt to create robust cyber security measures to prevent incidents and exploitations?
• Government, industry, academia and citizens working in collaboration to safeguard our country and communities

• The Evolution of Ransomware – How did we get here and what is next
• Understanding the risks and potential costs of attacks
• Exploring successful techniques to improve organisations’ ransomware protection posture

• Building security from scratch – incorporating people, process, and technology into your programs
• Strategies to improve your teams’ skills and knowledge in IT and cybersecurity
• Exploring how innovative technologies can help your company achieve adaptability and resilience

Join us to hear how to deter attackers, apply similar new techniques that the world’s biggest companies, like Adobe, Snap, PayPal, are using, and adapt your strategies to deliver measurable cost savings.

During the session, we’ll discuss:

• How criminals are conducting account takeovers and credential stuffing attacks that bypass MFA SMS toll fraud, and more to monetise CISOs’ own security defenses against themselves
• How attackers overcame MFA and how we worked with a top gaming merchant to prevent it
• A tour of the modern areas where adversaries share techniques and learn, the latest networks in play, and other threats, like SMS Toll Fraud and much more.

• How do you build a security program in 2023?  How has it changed from recent years?
• People, process, and technology – what do you need to incorporate into your program?
• What does ‘good enough’ look like and how do we measure it?  Risk, regulation, and strategy – making them all fit together

During this interactive discussion, Sam Hewett will guide the group to share key challenges and ways to overcome one of the most critical issues cybersecurity professionals are facing – mental health.

Supply chain can be the weakest risk of your digital assets. During this presentation, we’ll explore good practices for data protection, data governance, fraud prevention and third-party risks to ensure your supply chain is secure.

Cyber Security Programs are challenged by the sprawl of devices, device types, and the quantity of solutions continues to skyrocket and environments only grow more siloed and complex.
But there’s good news: Asset data can now be harnessed to transform your cyber security program. Today’s “asset intelligence” moves from a spreadsheet approach to an API-driven, rich and always up-to-date view into all assets via integrations of existing solutions, data correlation at scale, and querying capabilities to find and respond to gaps. Join this session to learn how asset intelligence improves security hygiene, allocate resources, accelerate incident responses and remediates gaps.

This session is designed for cybersecurity leaders who are currently implementing Zero Trust architecture models. Join us to hear common challenges and explore ways to overcome them. Key discussion points:

• The evolution of Zero Trust
• What are the key challenges you are trying to overcome
• How to develop a roadmap and implementing specific initiatives to your projects
• Discover effective ways to build a zero-trust security framework
• Identify key components of a zero-trust model to protect the current environment

During this session, we’ll explore various methods utilised in building a stronger, more secure company to prepare and protect against cybercrime. Richard will share his experiences of what has worked and hasn’t worked over the years and how getting certified really helped the organisation maturity journey.

How will you overcome a cyber-attack on your organisation?

In our rapidly-evolving digital world, cyber skills are critical to ensure reasonable, appropriate and informed business decisions can be made at an executive level.

In less than an hour, you can learn how

We will lead participants through an interactive cyber-attack, which includes ‘live’ news reports and calls for quick responses and decision making. Our user friendly physical boardgame is the centrepiece of the Gamification experience, designed to help participants better understand the cyber security application. The game facilitates open discussion in a fast-paced, fun and memorable environment, an innovative way to introduce cyber security into an organisation’s security awareness training and to complement routine computer-based education.

In a collaborative project, the Cyber Security Cooperative Research Centre (CSCRC), CSIRO’s Data61, Government of Western Australia through the Office of Digital Government, with the support of Edith Cowan University, have created an interactive board game to raise awareness and encourage critical thinking about how to prepare and respond to a ransomware attack. 

Facilitators:

Helge Janicke, Research Director, Cyber Security Cooperative Research Centre

Carl Celedin, Project Manager, Cyber Security Cooperative Research Centre

Join Splunk's Regional Director for Security, as he takes us through cyber predictions wins and losses of 2022 and looks forward into 2023 for Splunk's Data Security predictions. During this presentation you will hear more about ransomware, cyber-crime-as-a-service, Supply chain and Hiring cyber talent. All of this plus a little bit of fun with Open AI

• Exploring the challenges and opportunities for improvement
• What information should be given to the board?
• Quite the technical jargons – what the board won’t listen to and what they will shift attention to
• Developing and mastering your skills of communicating with the board

NSW has added cyber education to school curriculum, and secondary students will learn in ‘smart city sandbox’. The 10-week course was development between NSW Department of Education, Cyber Security NSW, and industry firms including MCB Business Partners and Core Electronics. During this session, you’ll get inspired on how the project came about, and what the profession can expect for 1000s of kids every year doing this course in NSW schools.

Join our interactive wrap-up discussion to share your key take-aways from CISO Sydney 2023 and hear how your peers will be address their key learnings moving forward.

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.