-
Day 1
-
08:20
Register; grab a coffee. Mix, mingle and say hello to peers old and new.
-
09:00
Welcome from Corinium and the Chairperson
Aaron McKeown - CISO - NGM Group
-
09:10
Speed Networking - Making new connections!
In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network!
-
09:20
Opening Keynote: Confronting Cybercrime at a National Scale
With cybercrime now estimated at a $10.5 trillion global economy in 2025, its scale demands the urgency, resources, and collaboration of a national crisis. This keynote will examine how the threat environment is evolving, from sophisticated multi-vector attacks and the growing role of AI in both offence and defence, to the shifting tactics of cybercriminal and nation-state actors. It will also explore how Australia can build stronger resilience through public-private collaboration and coordinated national response.
-
09:45
Fireside Chat: How to Land Cyber Deliverables – From Strategy to Impact
Bridging the gap between strategy and execution is one of the toughest challenges in cyber leadership. This candid conversation explores how to turn high-level plans into clear, achievable actions that deliver measurable outcomes. From stakeholder alignment to delivery roadmaps and the metrics that matter, the discussion focuses on making cyber real across the organisation.
- What are the common pitfalls leaders face when trying to turn cyber strategy into actionable outcomes, and how can they be avoided?
- How do you create buy-in across the organisation to ensure cyber initiatives move from plan to execution?
- When cyber strategies are successfully implemented, what really makes the difference?
Moderator:
Gaurav Vikash Head of Security and Risk (APAC) Axon
Speakers:
David Griffiths CISO Northern Beaches Council
Roshan Fernandes Information Security & Risk Manager Sydney Children’s Hospital Networks -
10:10
The Power of Global Threat Intelligence to Enhance Cyber Resilience
- Senior representative - HashiCorp
Harnessing global threat intelligence allows organisations to move from reactive defence to proactive threat mitigation. This session will demonstrate how consolidating and operationalising threat feeds can improve security agility, enhance visibility across systems, and drive a more resilient cyber security posture.
-
10:35
Get refreshed! Mingle
-
11:05
C-Suite Panel: Driving Executive-Level Engagement in Security Strategy
While security professionals are across the threats, the same can’t always be said for executive leadership and board members. Bringing together the C-suite in this panel, we explore how CISOs get meaningful cut-through with the executive suite when they’re already swamped with compliance, governance, and operational pressures.
- What was the defining moment or incident that fundamentally changed how you think about cyber resilience and your role in it?
- How do you embed security into the way the business actually operates – not just slogans but as something enduring and strategic?
- How do you, as CFO, set priorities, and where can the cyber leader add the most value? Has there been a moment or incident that shifted your view or priorities for cyber and resilience?
- As a CIO, what qualities beyond technical expertise do you value most in a cyber leader?
- What language, evidence, or framing truly resonates with non-security executives?
- How can we influence the broader business to own and act on risk, creating accountability beyond the security team?
Panellists:
Tony Mckeown CSO KBR
Andrew Karvinen CISO NSW Department of Communities and Justice
Rajini Carpenter CTO Beforepay Group -
11:40
The CISO’s AI Challenge: Balancing Speed and Security in Cloud-Driven Innovation
- Senior representative - DigiCert
Security leaders are under pressure to secure AI-driven cloud environments at the speed of development. This session unpacks strategies for integrating security seamlessly into AI and cloud workflows, ensuring protection while enabling business agility.
Reserved for a solution partner
-
12:05
Panel: Governing AI – Where Should We Draw the Line?
As AI adoption accelerates, leaders face the challenge of setting clear boundaries, not only around what AI should and shouldn’t do, but also around who holds responsibility for its oversight. This panel explores governance from two critical perspectives:
- Structure and Responsibility - Where does AI sit across the organisation? Which teams shared responsibility
- Scope of AI – What tasks should AI be trusted with, and where must human oversight remain non-negotiable? How can organisations prevent over-reliance, ensure explainability, and avoid ethical or operational pitfalls?
Panellists will debate practical approaches to establishing guardrails that support innovation without undermining trust, compliance, or human judgement.
Panellists:
Colin Renouf CISO Healius
Mustafa Qasim Global Head of Detection & Response Flight Centre Travel Group
Leron Zinatullin CISO Linkly
Daminda Kumara CISO Commonwealth Superannuation Corporation
-
12:35
Advancing Cyber Maturity to Strengthen Public Trust and Service Delivery
- Senior representative - Cyera
With increased digital capability comes increased risk and responsibility. Evolving cyber threats, complex compliance demands and growing public scrutiny are placing more pressure than ever on public sector cyber leaders. This session explores how advancing your organisation’s cyber maturity can protect critical services, uphold trust in government systems, and support the secure delivery of digital transformation initiatives.
Reserved for a solution partner
-
13:00
Lunch
-
Track A: AI in Practice
Track Chair: River Nygryn - CISO - HammondCare
-
14:00
AI Agents Unleashed: Where Humans Fit In
This session explores the landscape of human–AI collaboration, focusing on how humans and AI agents co-create value, share trust, and define oversight in agentic workflows. Explore practical approaches to managing and governing agentic systems, including accountability, monitoring, and frameworks for ethical, secure, and resilient systems.
-
14:25
Continuous AI Risk Monitoring for Critical Assets
- Senior representative - Axonius
This session examines how to implement continuous AI risk monitoring — from identifying vulnerabilities in AI models and data pipelines to detecting misuse and drift. Learn how to combine automation, governance, and human oversight to safeguard high-value systems against evolving AI threats.
-
14:50
Access Control in the Age of AI: Preventing Insider Threats
In an AI-enabled workplace, the biggest insider threat may not be malice but a simple human error. One misplaced upload or prompt to a company AI assistant can expose sensitive data in seconds. This session examines how CISOs can balance trust and control, building guardrails that stop accidental leaks without slowing innovation. -
15:15
Protecting What Matters: DLP Strategies for the AI Era
- Senior representative - XM Cyber
DLP is evolving fast in the era of AI offering new capabilities, but also new risks. This session shares case studies on how organisations are deploying DLP alongside AI tools to protect sensitive data without stifling productivity. Explore practical lessons, from policy design and user adoption to monitoring, governance, and incident response in AI-enabled environments.
-
Track B: Human-Tech Momentum
Track Chair: Aaron McKeown - CISO - NGM Group
-
14:00
Cyber Security Meets Human Behaviour: Rethinking Awareness in the Age of AI
Dr. Alana - Maurushat Professor of Cybersecurity and Behaviour & Acting Associate Dean Engagement, School of Computer, Data and Mathematical Sciences - Western Sydney University
Phishing and social engineering remain among the most effective attack vectors, and AI is making them more persuasive and scalable than ever. Yet traditional awareness programmes often rely on “gotcha” tests and compliance-driven training that fail to change behaviour. In this session, we explore how behavioural science and psychology can be applied to build more resilient human firewalls.
-
14:25
Shifting Security Left in the Organisation: Risk Thinking Beyond the Security Team
- Senior representative - Varonis
This session explores how to embed security thinking into broader organisational decision-making from procurement and product to HR and finance and build a culture where shared responsibility drives better security outcomes.
-
14:50
Group Discussion: The Future Cyber Workforce – Humans, AI, hand the Skills That Still Matter
Sharon Lee - Associate Director Cyber Security Operations - NSW Department of Creative Industries, Tourism, Hospitality and Sport
AI is already automating parts of engineering and analyst roles. In this interactive group discussion, every participant will have the chance to share their views on which skills will matter most in an AI-augmented workforce and how to reshape the talent pipeline to match.
- Which current cyber roles are most likely to be transformed or replaced by AI?
- What new roles or skills will emerge as AI adoption grows?
- How can we work with education providers to prepare the next generation of talent?
-
15:15
The Human Side of Incident Response: Communicating Under Pressure
- Senior representative - Okta
This session explores how to keep messages clear, consistent, and credible under pressure, from briefing executives and coordinating teams to managing regulators and public statements. Learn practical techniques to maintain trust, reduce confusion, and keep everyone aligned when the stakes are highest.
-
Track C: Partnerships & Ecosystem Security
Track Chair: Prof. Dan Haagman - CEO Chaleit & Honorary Professor of Practice - Murdoch University
-
14:00
Seeing Around Corners: Threat Intelligence for Supply Chain Defence
Saba Bagheri - Cyber Threat Intelligence Manager - Bupa
Supply chains are now one of the most exploited entry points for attackers and too often, organisations only discover the risk once it’s too late. When applied effectively, threat intelligence can give earlier warning of emerging exposures across these extended ecosystems. This session explores how consolidating and operationalising intelligence feeds strengthens supplier oversight, reveals adversary patterns before they strike, and improves agility in response.
-
14:25
Beyond the Questionnaire: Human-Centric Vendor Risk Management
- Senior representative - Infoblox
Vendor risk assessments often start and end with a checklist, but real resilience comes from understanding the people, processes and relationships behind the data. This session explores how to build trust, clarity and accountability with vendors through ongoing engagement, transparent communication and shared responsibility for security.
-
14:50
Fireside Chat: Embedding Security Obligations into Partner Agreements – Contract Clauses That Matter
While legal teams own contracts, security teams play a crucial role in shaping the obligations that protect the organisation. This session explores how security leaders can collaborate with legal and business teams to ensure key risks are addressed in partner agreements. Learn which clauses matter most, from data protection and breach notification to audit rights and compliance obligations, and how to turn security requirements into enforceable commitments.
Speakers:
Sarah Lattimer Chief Legal and Corporate Affairs Officer I-MED Radiology Network
Jihad Zein Global Head of Governance, Risk & Assurance Toll Group
-
15:15
Lessons from Enterprise-Vendor Partnerships in Reducing Third-Party Risk
- Senior representative - UpGuard
This session features case studies and practical insights from working with enterprise customers to strengthen supply chain resilience. Discover how transparent communication, shared risk frameworks, and coordinated response strategies can reduce vulnerabilities and build trust across the ecosystem.
-
15:40
Get refreshed! Mingle
-
Track A: AI in Practice
Track Chair: River Nygryn - CISO - HammondCare
-
16:10
Group Discussion: Shadow AI in the Enterprise - Governing the Unseen
The rapid rise of generative AI has brought powerful new capabilities into the enterprise but also created “shadow AI,” where employees adopt unapproved tools without security review. For CISOs, the challenge is not only visibility but also accountability. Join us to share your thoughts on how to govern what is unseen, while enabling innovation.
- Oversight: How should CISOs gain visibility into AI use without creating a culture of surveillance or distrust?
- Accountability: Who should own the risks of shadow AI — security, business leaders, or individual teams?
- Governance: What frameworks or guardrails can balance compliance, ethics, and innovation at scale?
Facilitators:
Siddharth Rajanna Head of IT Security BINGO Industries
Jim Marinos Head of Security Advisory REA Group
-
16:35
AI in Threat Detection: Improving SOC Efficiency Without Overloading Analysts
This session looks at how AI-driven threat detection can streamline SOC workflows, prioritise the right incidents, and surface actionable insights without adding to analyst fatigue. Hear lessons from actual deployments on balancing automation with human expertise to strengthen detection and response.
-
17:00
Group Discussion: Scaling Small Security Teams with AI – Tools and Tactics to Boost Productivity
River Nygryn - CISO - HammondCare
This discussion explores how AI can help streamline workflows, automate repetitive tasks, and prioritise alerts, allowing teams to focus on high-value work.
- Which AI tools provide the biggest productivity gains for small security teams?
- How do you balance automation with human oversight to avoid missed threats?
- What tasks should be prioritised for AI-assisted workflows versus manual handling?
- How can small teams measure the impact of AI on efficiency and risk reduction?
-
17:25
Track A Chair's Closing Remarks
Track Chair: River Nygryn - CISO - HammondCare
-
Track B: Human-Tech Momentum
Track Chair: Aaron McKeown - CISO - NGM Group
-
16:10
Group Discussion: Building AI Capability Without Losing Momentum
How can organisations create the capacity for AI upskilling while ensuring regular work and operational tasks continue uninterrupted? Join us to share your thoughts and experience on balancing training, workload, and business priorities, discussing approaches to integrate AI learning into day-to-day workflows effectively.
- How can AI upskilling be integrated into existing workflows without disrupting productivity?
- What methods ensure employees apply newly acquired AI skills effectively in real projects?
- How can organisations measure the impact of AI upskilling on workforce capability, innovation, and business outcomes?
- What’s one lesson learned from failed AI
-
16:35
Anatomy of a Breach: How Attackers Spread and How to Stop Them
Cybercriminals exploit weak segmentation to move laterally across networks, increasing the impact of breaches. This session will break down real-world attack patterns, revealing how organisations can disrupt lateral movement and reduce the success of cyber threats.
-
17:00
On the Stage Interview: Decisions That Shaped a CISO’s Leadership Journey
This one-on-one conversation delves into stories behind the decisions, inflection points and leadership lessons that have shaped their journey. From earning trust and building influence to navigating complexity under pressure, the dialogue explores what they might approach differently today and what they still stand by. More than frameworks and controls, this session reveals how the CISO role is defined by the judgement calls that matter, focusing on the personal side of leadership in one of the most high-stakes positions in any organisation
Interviewee:
Arun Singh CISO Tyro Payments
Interviewer:
Dan Haagman CEO Chaleit & Honorary Professor of Practice Murdoch University
-
17:25
Track B Chair's Closing Remarks
Track Chair: Aaron McKeown - CISO - NGM Group
-
17:30
Networking Drinks Reception
Not Found
-
Day 2
-
08:20
Register; grab a coffee. Mix, mingle and say hello to peers old and new
-
09:00
Welcome from Corinium and the Chairperson
Dan Haagman - CEO Chaleit & Honorary Professor of Practice - Murdoch University
-
09:05
Panel: CISOs in an Identity-Driven, As-a-Service World – What Really Matters Now?
As organisations shift more services, data and operations into an as-a-service model, identity risk becomes a critical business concern. This conversation explores what CISOs need to know beyond the technical detail to guide strategy, investment and trust.
- What’s the hardest part of managing identity sprawl across SaaS and multi-cloud?
- What’s the most effective ways to reduce complexity and maintain positive user experience while maintaining control?
- How do identity failures affect operational resilience and regulatory standing?
- How can CISO get a clear, continuous picture of trust, privilege and lifecycle in cloud-based environments?
Moderator:
Gaurav Vikash Head of Security and Risk (APAC) Axon
Panellists:
Chris Grisdale Head of Information Security hipages Group
Sajeesh Patail Global Cyber Operations Manager & Head of Cyber Operations Orica
Siddharth Rajanna Head of IT Security BINGO Industries
Vishwanath Nair GM Cyber & IT Risk BaptistCare -
09:35
Ransomware Readiness: What Every Organisation Needs to Know
Ransomware remains one of the most disruptive threats with attackers adapting faster than many defences. This session explores practical strategies for prevention, early detection and effective response. Learn how to reduce impact, strengthen readiness and close the gaps that make organisations vulnerable to modern ransomware campaigns.
-
10:00
The Privacy–Security Nexus: Building Confidence in a Connected World
Privacy and security are inseparable foundations of digital trust. This session will move beyond principle to practice, exploring where privacy expectations directly shape security controls, the hard trade-offs CISOs face, and how organisations can turn privacy compliance into a driver of customer confidence and competitive differentiation. -
10:25
Rethinking Identity in a Changing Threat Landscape
- Senior representative - KnowBe4
Digital trust is being redefined as identity threats grow more complex. From deepfakes and impersonation attacks to the rapid rise of non-human identities, the identity landscape is evolving. This session explores what these changes mean for verification and control and how security leaders can adapt their strategies to safeguard trust in a world where not every identity is who or what it claims to be.
-
10:50
Fireside Chat: Doing More with Less - Budget Constraints and Tool Rationalisation
This interactive discussion explores how to optimise sourcing, consolidate tools, and make smarter budget decisions. Join us to share your experiences, discuss trade-offs, and uncover practical strategies to streamline operations, reduce costs, and maximise value from existing investments.
- How can organisations decide which tools to keep, consolidate, or retire under budget constraints?
- What strategies or framework help teams achieve more without increasing spend?
- How do you avoid false economises that save money but increase risk?
- How do you measure the impact of tool rationalisation on efficiency, performance, and cost savings?
Moderator:
Madhuri Nandi Head of Security Nuvei
Speakers:
Arun Singh CISO Tyro Payments
Leana El-Hourani Head of Information Security & GRC Mission Australia -
11:15
Get refreshed! Mingle
-
Track A: Resilience & Leadership
Track Chair: Lauren Veenstra - CSO - Iberdrola Australia
-
11:45
Reputation, Risk and Recovery: Good Cyber Crisis Leadership
Mustafa Qasim - Global Head of Detection & Response - Flight Centre Travel Group
In a cyber crisis, technical controls matter, but leadership defines the outcome. Crises demand fast decisions and trade-offs, and incidents quickly become organisation-wide challenges. This session explores how security leaders align technical response with executive-level crisis management to ensure clarity, speed, and coordinated action, building resilience before, during, and after the storm.
-
12:10
The Foundation of Cyber Resilience: Securing Corporate Environments for Operational Success
As corporate and operational environments become increasingly interconnected, securing the corporate infrastructure is essential for building a resilient operational framework. This session will explore strategies to mitigate risks, protect critical assets, and ensure business continuity through a strong security foundation.
-
12:35
Group Discussion: Three Things Every SME Should Check in Their Security Posture
Andrew Hottes - Chief Digital Information Officer - Cranbrook School
Small and medium enterprises often face tough security challenges without the resources of larger organisations. In this interactive discussion, we’ll explore three critical areas to strengthen security posture—from access control and data protection to incident response and vendor risk. Participants will share experiences, practical tips, and examples to protect their businesses effectively without overburdening teams or budgets.
-
Track B: Security Operations
Track Chair: Dan Haagman - CEO Chaleit & Honorary Professor of Practice - Murdoch University
-
11:45
The Paradigm Shift from Castle Walls to Zero Trust
Hani Arab - CIO - Seymour Whyte
The shift from perimeter-based defence to Zero Trust marks a fundamental transformation in cybersecurity thinking. Rather than relying on static boundaries, Zero Trust requires a reimagining of how trust, identity, and access are governed. This talk examines how such shifts reshape the mental models of practitioners, emphasising the socio-technical dimensions that drive sustainable security change.
- Explore how trust is redefined as contextual, provisional, and continuously evaluated.
- Identify shifts in practitioner mental models and the cognitive load of adopting Zero Trust logic.
- Examine the socio-technical integration required for cohesive, organisation-wide Zero Trust implementation.
-
12:10
Adapting Security Operations to the Modern Threat Landscape
Today, staying ahead of cyber threats requires a proactive and adaptive approach. This session will focus on how organisations can optimise threat detection, response, and attack surface management to enhance visibility and build more resilient security operations.
-
12:35
When IT Becomes the Gateway: Defending OT from Modern Attackers
Rolf Samonte - Head of ICT & Cyber Security - Metro Trains Sydney
Most OT attacks now begin in IT. Once inside, adversaries move laterally, exploiting weak segmentation to reach critical systems. This session explores how threat actors cross the IT–OT divide and what it takes to stop them from visibility and separation to response readiness. Discuss the strategic perspective and technical insight needed to prepare effectively for the next wave of converged threats.
-
13:00
Lunch
-
13:55
Prize Draw!
-
14:00
Panel: Quantum Computing – Is It a Risk or Not?
Quantum computing promises groundbreaking capabilities, but also the potential to break today’s encryption and security assumptions. In this debate, leading experts will explore whether quantum is an imminent cyber risk, a distant concern, or an overhyped distraction. We will explore what security leaders should be doing now to prepare.
Moderator:
Cathy Foley CSIRO Board Member & Former Australia’s Chief Scientist
Panellists:
Adam Byrne Group CSO The Adecco Group
Saba Bagheri Cyber Threat Intelligence Manager Bupa
Henry Huang Head of IT - Digital Service Delivery & Operations UBank -
14:35
Fireside Chat: Where To From Here? Redefining Cyber Strategy for 2026 and Beyond
Has cyber really changed, or are we still fighting the same battles in new ways? This closing session pairs two perspectives, one deeply experienced and the other earlier in their career, to spark a candid conversation about what defines a “good” cyber strategy today. Together, we’ll explore:
- What has truly changed in cyber strategy over the past 20 years, and what hasn’t?
- Can you share a strategy that failed and the key lesson you took from it?
- Where should organisations go “back to basics” and where is bold innovation needed?
- If you had to define the top marker of a “good” strategy in 2026, what would it be?
Moderator:
Chirag Joshi Founder & CISO 7 Rules Cyber
Speakers:
Sanja Petrovic GM Cyber Security & Governance HUB24 -
15:00
Chair's Closing Remarks
Dan Haagman - CEO Chaleit & Honorary Professor of Practice - Murdoch University
-
15:10
Close of CISO Sydney 2026
Not Found