CISO Sydney schedule

• An overview of the government six cyber shields to layer the country’s protection
• How the multi-layered defence will support organisations be prepared for evolving threats and attacks
• More details on how the shields will enable Australia to meet the government’s 2023 strategy

A cyber security strategic roadmap is crucial as it provides a comprehensive plan to proactively manage cyber security risks, allocate resources effectively, comply with regulations, and integrate security measures into new technologies. During this session, we’ll discuss how different inputs must be taken into consideration when shaping a cyber security roadmap designed to safeguard CI assets, data, and operations from evolving threats.

• How has the threat landscape evolved in Australia?
• How malicious cyber activities are impacting organisations across the country?
• What strategies can organisations adopt to create robust cyber security measures to prevent incidents and exploitations?
• Government, industry, academia and citizens working in collaboration to safeguard our country and communities

Dive into a comprehensive exploration of strategic security planning amid the dynamic landscape of cyber threats. This session will discuss a useful framework of to-do’s for formulating a robust and future-oriented security strategies. By asking the right questions, we'll uncover critical insights and approaches that help your organisation anticipate and mitigate risk, thereby securing a more resilient future in an era of growing uncertainty.

Nivedita Newar, Head of Cyber Strategy & Governance, UNSW

Credentials, API tokens, certificates, keys. All of these secrets are growing at a rapid rate as we work towards building least privilege patterns. This proliferation introduces significant challenges for visibility, lifecycle, and user experience, and poses significant risk when they fall into the hands of bad actors. In this talk, Grant Orchard, Field CTO for HashiCorp looks at the necessary shifts that you need to make to keep your secrets safe.

•    Assessing the cost-impact of compliance from a strategic perspective
•    Complying with CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, NIST and Essential 8
•    Sharing information and intelligence to support the wider ecosystem
•    How do industry and boards keep up with all the government led changes such as CI SoNs and the multiple reporting obligations across various government regimes

Panel moderator:

Chirag Joshi, Founder and CISO, 7 Rules Cyber

Panellists:

Jason Anderson, CISO, Australian Retirement Trust

Nick Stanton, Head of Technology Risk & Compliance, Tyro

Munashe Kandawasvika, Manager Security Governance Risk and Compliance, UniSuper

A successful cloud security strategy needs to evolve to meet the changing needs of the business and growth of the cloud. Cutting-edge security teams are coming up with new approaches and initiatives to improve their company’s agility through security and accelerate the business. In this session, learn how you can improve your cloud security operational efficiency by up to 10 times by operationalizing security and democratizing it across your organization.

During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

Extensive knowledge of assets that need to be secured is foundational for any effort to secure any type of asset. It’s no surprise that the Security of Critical Infrastructure Act 2018 (SOCI) addresses this in its initial requirements and recommendations.

When an Asset Intelligence platform is implemented as the bedrock of a cyber security initiative asset information is continuously collected, aggregated, correlated and analysed making all subsequent activities easier.

Join me to learn what constitutes an Asset Intelligence platform and how specific capabilities optimise every step of the process to compliance.

Cybersecurity takes on its full meaning when all stakeholders work together in reaching the highest security standards acknowledging that each third-party has its own maturity and dependencies which makes it challenging to have a joint security posture. During this session, we will explore how to deal with third-party partners to mitigate risks and raise the bar together

How cyber leaders in critical infrastructure organisations are adopting Zero Trust Segmentation as a simple way to not only protect themselves and the public interest from immediate and evolving threat, but also to strategically balance innovation and cyber risk. Rethinking security architectures for modern platforms that run critical infrastructure and economy vital systems - from conscious reaction to resilient anticipation.

• Effective ways to influence boards and senior management on how security is aligned with the business goals
• Engaging the Steering Committee: How to get cross-functional representatives to be security cheerleaders
• The power of joining forces to assess risks, implement security controls, and ensure tech infrastructure is compliant to regulations

Panel moderator:

Kevin Fleming, CTO & Security Specialist

Panellists:

Christopher Johnson, Head of Group Technology, Charter Hall

Doug Hammond, CISO, Uniting

Riccardo Galbiati, CSO, Palo Alto Networks

Aqua will discuss the value a CISO brings across the enterprise.  

• Being able to show risks that were picked up and prevented
• Being able to show a reduction of risky behaviours though monitoring, behaviour adjustment and enforcement
• Reporting on attacks stopped
• Reducing time to remediate
• Consistent policy deployment (reduced time, clear protection)
• Integration into automation reducing engineering hours
• Consistent protection across clouds and lifetime of platforms

Speakers:

Simon Hoare, Regional Sales Manager, Aqua Security

David Taylor, Solution Architect, Aqua Security

Effective ways to educate – engaging diverse people with cybersecurity and online safety

People centric – adopting an in-person tone and using real-life examples of how a cyberattack can impact everyone’s lives

Relevant – what’s in it for them and why they should care

Providing resources – setting clear expectations and providing resources

Getting it right – educating young people to grow an informed community

Panellists:

Peter Sharp, Head of Cyber Strategy and Governance, Macquarie Group

Edwin Kwan, Head of Cyber Security Advisory and Application Security

Elaine Muir, Manager, Cyber Security Education and Awareness, IAG

Mona Sidhu, Manager Education and Awareness, NSW Department of Education

Secrets such as APIs, tokens, valid and stolen credentials act as keys to unlock protected resources. They are the leading threat vector for data exposures and breaches of enterprise SaaS applications. In this session, learn the anatomy of a SaaS breach and best practices to build a viable SaaS threat model.

Governance is the foundation of strong and effective cybersecurity strategy. During this session, Peter will share his experiences embracing governance as an enabler for cyber maturity, and how implementing a structured, risk-based, management system helped optimise the organisation’s cybersecurity programs.

 As the trend toward digital business models continues and your organisation migrates its data and applications to the cloud, your role has changed to include global business enabler. It sounds like a big job, and it is. Most enterprises today have an average of 45 to 90 different security tools and are grappling with emerging technology such as GenAI. In this complex new world, where data is distributed across your entire organisation, you need a unified data protection strategy. In this session we talk about how to take a proactive versus a reactive approach to building your data security strategy.

• How can the GRC better support the cyber function
• What are the challenges incorporating cybersecurity into the organisation’s governance, risk and compliance strategies
• Successful practices and examples of overcoming common challenges

Panel moderator:

Ashwani Ram, GM Cybersecurity and IT Infrastructure, CA ANZ

Panellists:

Jan Zeilinga, CISO, James Cook University

Bijoy Kuttappan, Head of SM I&AM and Batch, Westpac

Saleshni Sharma, Director, Regional Information Security Officer: AsiaPac, W. R. Berkley

Gaurav Vikash, Head of Security and Risk, APAC, Axon Enterprise

Amir Rezghian, Cybersecurity Manager, Sydney Local Health District, NSW Health

Mike Henry, Chief Technology Officer, CYFIRMA

Due to the constant evolution of our internal networks and in the face of an unforgiving threat landscape, Security Operations teams are constantly looking at new ways to enhance their visibility in order to better anticipate cyber threats. This session will explore the importance of how clarity of goals, visibility of your attack surface, and cyber threat intelligence can be helpful in better focusing your cyber security defences.

In a recent study by IDC across Asia Pacific and Japan (APJ) on the state of threat detection, investigation, and response (TDIR) of more than 300 senior security and IT professionals - more than half of those surveyed have automated less than 50% of their workflow, contributing to the amount of time spent on TDIR. Yet automation is the #1 desired feature in TDIR platforms of those respondents. 

Join your peers in this interactive, VIP, closed door roundtable where you will learn why automation is the key to improved TDIR capabilities in your organisation, giving your SOC team back the time to identify and manage critical incidents. Generative AI, around predictive analytics, better detections, investigation techniques, AI copilots, and workflow automation can transform your security operations so your team can work on what matters. 

Critical infrastructure owners and operators face specific challenges, and common security controls might not meet the enterprise’s requirements. During this session, we will explore how an approach that uses layered defensive mechanisms to protect systems and data can be effectively implemented in your organisation.

Your supply chain consists of your third and fourth parties as well as Nth parties that are all connected to your business. Vulnerabilities and threats in your supply chain can pose risks to your business operations. In this session, we will discuss how you can gain visibility into your vendor’s cybersecurity posture and take proactive actions to manage and secure your supply chain.

Having an effective incident declaration process in place is key when developing your compliance strategy and meeting critical infrastructure regulations and standards. During this session, we’ll discuss best-practice defining and fine-tuning incident declaration processes and response plans, identify what your organisation is doing, and brainstorm strategies to advance your maturity model.

Panel moderator:

Michael Bromley, Founder and CEO, VentureSpark

Panellists:

Thomas S. Breeden, Supervisory Special Agent, FBI

Himanshu Anand, Head of Technology, Cyber Threat Management, Tabcorp

APIs are the essential component of modern security. They are both a fundamental building block, the increasing focus of attackers, and a mental model for transforming the way you approach security. Traditionally, technologists use APIs for machine-to-machine communication, but APIs can also be used to define structured interfaces for human-to-human interactions. Redefine your security strategy as an API to reduce friction, improve transparency and inspect decision making at scale. This session will briefly describe what APIs are and how to work with them securely and will then show you how to transform your organisation’s security strategy by using APIs as mechanisms to trust but verify technology teams as they move fast and stay secure.

There’s more to privilege management than access - it’s protection.

Just like a firewall, privilege management segments your infrastructure by controlling who are the appropriate people and services, 
and how they use your powerful admin credentials.

Learn how Delinea uses identity intrinsically linked to privilege and authorisation that can, and should, be used as your primary defence. 
Every user, machine, role has an identity and has privileges that must be considered and used strategically.

Creating our own cybersecurity unicorns is possible when we shift the lens we see them through. By taking transferable skills, valuable professional background, and the right attitude into account, we can bridge the cybersecurity talent gap. In this relaxed fireside chat, the panellists be sharing insights about their career journeys and aspirations, and how they are encouraging non-cybersecurity executives to break into cyber roles with confidence.

Panel moderator:

Jay Hira, Founder and Executive Director MakeCyberSimple and Board Director, ISACA Sydney Chapter

Panellists:

Saleshni Sharma, Director, Regional Information Security Officer: AsiaPac, W. R. Berkley

Laura Tantum, Cyber Security Manager Risk, Threat Intelligence and Culture, The Arnott’s Group

Joel McAllansmith, Head of Cyber Defence Strategy and Operations

Continue your conversations in a fun and entertaining Wine Tasting Competition to discover different ranges and categories of some of Australia’s best wines.

During this session, you will hear insights on how to lead a mission focused, highly motivated and business aligned security team of varying skills and nature across all levels and sizes. These insights will enable you to develop a resilient, cohesive and well-respected team that consistently demonstrates effectiveness and delivers business value over and over again.

An outsized number of impactful security incidents continue to arise from session-stealing malware and phishing campaigns.

We know how to defend against “stealer” malware on managed devices: by preventing devices with poor posture from reaching sensitive assets. We know how to defend against AiTM phishing attacks: by requiring phishing resistant authenticators. It’s because of these innovations that most adversaries target the unmanaged devices of employees and contractors.

Can we also thwart the theft and replay of session tokens at the application level? In this presentation, Okta APJ CSO Brett Winterford provides a short list of requirements every CSO should start demanding from application vendors to dramatically reduce the value of stolen tokens.

The December 2023 breach of St Vincent’s Hospital echoed similarities in the 2022 incident at Medibank. Healthcare is one of eleven industries that are governed under Australia’s Security of Critical Infrastructure Act 2018 (SOCI) which is part of the overall Cybersecurity Strategy in Australia. This legislation ensures that Australia’s critical sectors are protecting critical assets and have a resiliency and recovery plan that would not disrupt the services these organisations provide.

Australia released the latest Security Strategy in November 2023, the first of those was published when the Hon. Malcolm Turnbull AC was Prime Minister of Australia in 2016. Australia had always focused on the ability to use cyber to disrupt and disable opponents, the 2016 Cybersecurity Strategy went further into business though to make cybersecurity an issue that the CEO as well as the CIO, CTO or CISO was to understand. The latest 2023-2030 release goes further again and focuses on shifting from a technical topic to a whole of nation endeavour.

The foundational component of a modern security architecture is a secure identity system. And though most organizations are thinking "cloud first", identity doesn't start in the cloud - it starts on premises. And overwhelmingly that on-premises identity system is Microsoft’s Active Directory (AD).
 
AD is involved in more than 90% of all cyberattacks today because when it's compromised it gives attackers near-total control over your IT systems. And once crippled by a cyberattack, it requires an average of two weeks to rebuild and regain trust manually - while your business is down.
 
In this session, Sean will review:

• Why AD is such a target
• How you can increase operational resilience of this mission critical identity system by:
• Mitigating attacks against your AD
• Significantly reducing its recovery time objective (RTO)

• What trends are we looking from a security perspective?
• Understanding the risks and implications of offensive AI and how it will change our threat landscape
• How CISOs can be prepared for potential risks
• Strategies to use AI in cyber defense

As CIO of one of Australia’s largest organisations for over 8 years, Ellis Brover built and led a team of 300 people, and successfully transformed the IT function from a service provider to a strategic enabler

However, even 30 years’ experience in technology and the support of a great team was not enough to be ready for a targeted and highly skilled cyber-attack, which caused significant business disruption.

In this presentation, Ellis will share some lessons learned at the front-line about how to avoid, recognise, defend, and recover from such an event, from a non-technical perspective, covering:

• Types of attacks (thinking beyond ransomware)
• Lessons to apply before a crisis
• Lessons to apply during a crisis

• The objective is to help senior leaders to understand where to focus to ensure that their organisation is prepared

This year, we will see tectonic shifts in cybersecurity due to the impact of artificial intelligence on the adaptability and velocity of cyberattacks, and on identity and provenance. This is also occurring at a time when companies will start transitioning their cryptography to quantum-safe algorithms. The intersection of these two trends makes attention to digital trust a necessity.

In this session we’ll discuss key trends in digital trust during the coming year. These underscore the emerging importance of trust in content, software supply chains, and devices, the need to plan for transition to quantum-safe cryptography and the emerging role of the Chief Digital Trust Officer in pairing trust investments with business objectives and outcomes.

Your organisation confirms the breach, and you get contacted by the hacker asking for the ransom payment. Whatever decision you make comes with uncertainties and consequences. Join us for an interactive discussion around the challenges, concerns, and risks of paying – or not – the ransom.

Moderator:

Jason Murrell, Independent Chair, Cyber Security Certification Australia (CSCAU)

Panellists:

Jason Anderson, CISO, Australian Retirement Trust

Anthony Smit, Cybersecurity Specialist, WTW

Michael Heffernan, Field Technical Director, Cohesity

• Understanding how IT is converging with OT and how to protect them in the network
• How to overcome the increase of cyber risk to industrial control?
• Adopting cybersecurity strategies across your ICT (industry control systems)
• Managing vulnerability for OT/IoT devices
• Key cybersecurity considerations of networks, mobile and the cloud

 Panellists:

Nora Fusiyao, Director Security Architecture and Engagement, NSW Department of Customer Service

Charles Sterner, CISO, AARNet

Gurvinder Pal Singh, Head of Cyber Security and Assurance, NUIX

Cloud attacks are fast. After finding an exploitable asset, malicious actors need less than 10 minutes to execute an attack. While preventive controls are common in cloud environments, no organization can stay safe without a threat detection and response program for addressing zero-day exploits, insider threats, and other malicious behavior. Join our session to learn and discover how to stay ahead of the evolving threat landscape by acknowledging the realities of modern attacks, identifying areas of improvement, and pushing your cloud security programs forward.

How to build a cybersecurity operating model with people, processes and technology at the core of your strategy. How to factor in the business strategy into the operating model, and how to take your business requirements as part of that process.

During this presentation, we’ll explore how systems like the previously Google, now Linux Foundation owned SLSA (Security Levels for Software Artifacts) can be used as a framework for measuring success, and some strategies you can employ to take your supply chain security to the next level.

AI is here to stay. How can we leverage its benefits while preventing its risks? Join us to discuss dos and don’ts of AI use in business.

• Exploring AI bright and dark side, from ChatGPT misuse to opportunities of bridging the talent gap
• Can vendors fast track AI in cybersecurity tools?
• What trends are we seeing from a security perspective?
• What are the risks and implications of offensive AI and how it will change our threat landscape?
• How CISOs can keep pace with AI evolution without being a blocker and a function of “no”
• Ways to be prepared for potential risks, and strategies to use AI in cyber defence
• You can’t ban AI – how to balance security & GRC to manage and govern risks

Facilitator:

Greg Sawyer, CEO, CAUDIT

The software development and application security testing landscapes have changed significantly over the years. Application security, however, has not quite kept up and doing security is still an onerous and frustrating process, with security still slowing development down. Edwin will share a different approach to application security, where we're shifting security further left and focusing on the application's supply chain.

• How the cybersecurity function can support the business to deliver key strategic goals
• Benefits of including cybersecurity as part of your organisation’s Environmental, social, and corporate governance (ESG) processes and frameworks

Cloud adoption is expanding rapidly, and with that expansion comes new complexities. The speed of growth and change in the cloud creates an ever-changing threat landscape. Wiz Research is at the forefront of the cloud's threat landscape and is behind the discovery of vulnerabilities like ChaosDB, ExtraReplica, AttachMe and OMIGOD. In this session, we will cover the major cloud threats recently seen by the Wiz Research team which includes supply chain risks, data exposure, API security threats, and attack patterns used by groups such as LAP$U$. This session summarizes key insights across customers, Wiz and third-party threat research, and numerous other sources

• Overview on the growing threats landscape and how it could impact our societies, businesses, and economies
• Bridging the talent gap for better security and resilience
• Advices for Australian organisations to support workforce training when adopting robust cyber security measures

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.

As the severity of scams and frauds increase and cybercrime becomes more sophisticate than ever, staying ahead of the game is critical. During this session, you’ll hear how cybersecurity is “front of mind” for one of Australia’s largest banks by investing in the right skills, creating robust defence and control systems, and employing effective detection and response plans.

Three-quarters of Australian CISOs see human error as their organisation’s biggest cyber vulnerability. What if there was a way to stop rolling the human dice every day?

Learn how organisations can leverage advanced behavioural science and automation for informed and near instantaneous decision-making on what is good and what is bad email. As well as removing the increasing burden that is placed on employees as a last line of defence.

In this session we will discuss:

• Account takeover techniques and measures that can be taken to help protect against them
• New insights and controls over protecting against supply chain attacks
• The accuracy of advanced behavioural data science in identifying anomalous behaviour

During this session, Brad will share his personal when he was seriously injured in a bike accident’ He’ll share lessons learned, why cyber security professionals shouldn’t blame the victim and how to help their friends and organisations recover from data breaches and cyber-attacks.

With the threat of cyber warfare becoming ever more serious, every organisation needs a “this is not a drill” cyber-first recovery plan. If cyberattackers targeted your organisation, the most likely business-crippling scenario would be a direct attack on Active Directory (AD)—the system that authenticates users and grants access to business-critical applications and services. AD has become a prime target for cybercriminals—implicated in 90% of the incidents Mandiant researchers investigate—because it has systemic vulnerabilities and because it gives attackers the means to unleash devastating malware.

The NotPetya attack that crippled Maersk in 2017 was a harbinger of the chaos to come. In this session, we’ll examine the action plan every organisation needs to execute to protect against a business-disrupting cyber incident.

• How long does an incident response take usually and what normally brings down the AD?
• How common is it that the Active Directory is used in a data breach ransomware scenario?
• What does ADFR require to be able to recover AD?

CISOs committed to creating risk awareness and building a cybersecurity driven culture are facing several challenges, from getting senior management buy-in, to implementing organisational change and engaging employees. During this session, you’ll explore:

• What are the biggest challenges when getting buy-in from top management?
• Successful ways of incorporating cybersecurity into the organisation’s risk management strategy
• How to encourage everybody to take ownership of cyber?
• Why leaders must be committed to continually improve their teams’ skills and knowledge in IT and cybersecurity – and how do to this?

Moderator:
Kevin Fleming, Chief Technology Officer, ExperstDirect

Panellists:

Frances Bouzo, CISO, Ampol

Anna Aquilina, CISO, UTS

Jo Stewart-Rattray, Chief Security Officer, Silverchain

Grant Lockwood, CISO, Virtus Health

Varun Acharya, CISO, Healthscope

• How to go about defining your Cyber Security Strategy?
• What metrics should you use to measure progress and success of the strategy?
• What frameworks should you consider when building the Cyber Security Strategy?
• What are example capabilities to consider?
• What does your roadmap look like?
• What budget will you be asking for per year based on the roadmap?
• How do you plan on operating these capabilities?

As more organisations look to align to the Essential Eight many are finding significant challenges around the aspects of removing Admin Privileges, Application Control and User Application Hardening. Yet as many organisations are finding, leveraging a modern Privilege Access Management solution can provide significant coverage across the requirements of the Essential Eight and more.

Join Scott Hesford, Director of Solutions Engineering, APJ, BeyondTrust, as he dives into some of the more challenging aspects of the Essential Eight and, bringing first-hand experience, shows you how you can solve many of the challenges you might be facing in adopting the Essential Eight. 

By attending this session, you will learn:

• How modern PAM helps organisations cover multiple aspects of the Essential Eight
• Where you can leverage the Essential Eight for your zero-trust journey
• Key questions to ask in consideration to Application Control and User Application Hardening

There’s a cyber superpower out there, but have you discovered them yet? If you’ve discovered them, have you brought them into the tent? When it all goes pear shaped, they’ll be the second call you make (after your boss!) When all is going well, you’ll want to speak to them regularly to drive strong security outcomes. Let me introduce them to you and share the why and how. You’ll want one too! 

Businesses have embraced digital to engage with their customers. As quickly as brands have delivered digital experiences, bad actors have been just as fast in figuring out how to use credential stuffing, account takeover, and other types of attacks to their advantage. Keeping pace in this rapidly evolving threat landscape requires businesses to look for innovative ways to build experiences that optimize both security and convenience. But, ensuring one doesn’t overshadow the other often requires multiple integrations and custom development that adds internal friction and slows down innovation. A customer identity strategy that expands beyond access management, but includes fraud detection and identity verification capabilities that can seamlessly be orchestrated together can eliminate integration challenges and drive innovation. Join this session to learn Ping Identity’s drag-and-drop approach to customer identity that streamlines bringing together all the tools a business needs to rapidly build, test and optimize end-to-end customer journeys.

• How to effectively translate threat to risk to the board and the teams
• Human-issue in risk management – improving culture through intelligence models
• Eliminating risks by improving your asset x threat x vulnerability model – hype or reality?

• How the lack of understanding and false sense of security impacts your cloud journey
• How save your data really is when you move to the cloud?
• What factors you must consider to ensure you are getting a reliable, secure product
• Strategies to trust and rely on your providers with a full, clear picture of what you are getting as part of your contract

Securing the cloud is a never-ending task that becomes more challenging each year as clouds accrue new features and functionality. The same can be said for the ever increasing responsibilities and mandates expected of CISOs, including driving the probability of intrusions, data exfiltration, ransomware, etc., to effectively zero. With new technologies and tools come great opportunities for businesses; however, if they are not used appropriately and securely, they can do more damage than good. In this session we will address the elephant in the room: how can CISO’s do more with less, while ensuring the integrity of their resilience based security architecture, and prepare for enterprise obstacles and opportunities ahead.

In a world where the pressure to deliver new and innovative ICT capability is only ever growing, and the threat actors are also increasingly sophisticated and pervasive, how can companies ensure they meet these challenges whilst still ensuring cyber resilience? During this interactive discussion, hear challenges and benefits of SOC Automation, explore experiences and lessons learned, and discuss different ways of improving and driving efficiency of your SOC.

With the growth of the digital services industry and AI technologies, data has arguably become one of the most valuable economic resources of the modernized economy. However, it is also becoming increasingly the most regulated and riskiest to handle.

The emergence of the GDPR in Europe, which is based on a set of comprehensive principles and obligations for data controllers, extra-territorial application, and strict enforcement mechanisms has been followed by countries and jurisdictions around the world passing similarly prescriptive data privacy and protection laws all with their own unique requirements.

Today more than 200+ countries have passed data privacy and protection laws which keep getting more complex and demanding - countries like New Zealand, Indonesia, and India are now also morphing these regulations into Data Protection and Privacy requirements including for Sensitive Data. Australia is also embarking on its own uplifts to Privacy Laws.

The scope of responsibilities for data controllers under these global data privacy and protection laws are also growing - with many modern

Thus, organizations in APAC are encountering experiences in which they are seeing Data Sovereignty Laws as well as banking regulations around PII and MetaData that require audit and compliance at cloud scale.

We will explore the organizational impacts we are seeing across the region in meeting these challenges.

• The key impacts and considerations for organizations who are impacted by the merger of PI and SI into multiple regulations
• Technology is being developed and adopted to help organizations to manage these regulations at scale and where possible autonomously
• An overlap of roles and responsibilities across Policy, Classification, and Protection is occurring and the adoption of cloud and multicloud is accelerating this

• Exploring the most common industry security standards and cloud control framework
• How to choose the right standard and bring it to life in your cloud practices
• Striving for on-going compliance - when independent control assurance is needed?

In a world where the information age is at its zenith, with hundreds of thousands of applications being launched every day, the use and demand for application programming Interfaces (APIs) has increased significantly. Powered by open web technologies, APIs have transformed interdependence and partnerships between various commercial enterprises and sectors, allowing them to extend their offerings through in-app connections. With increased API usage, however, comes with it complications -- a major one being security. 
In this session, cyber security experts from Orca Security, Daniel Keidar and Scott van Kalken, will share how the company’s first patented agentless cloud security technology helps security teams identify and address API misconfigurations and security risks across a multi-cloud environment.

Gil Geron, Co-Founder, Orca Security

Daniel Keidar, Associate Vice President, Orca Security

Scott van Kalken, Senior Systems Engineer, Orca Security

It's said that smooth seas never make skilled sailors. If you're a cyber security leader, the good news then is that you definitely don't have "smooth seas" to reckon with. The challenging times presented by increasing connectivity, speed of business transformation, evolution of cyber threats and ever rising expectations can and do overwhelm even the best amongst us.  
This unique session will focus on providing cyber leaders with tangible, real-world tips to build the right mindset, emotional intelligence and differentiating skills that will allow them to deliver massive value to their organisations and optimise their own well-being. 

• Understanding cyber risks in a quantifiable way
• How to demonstrate the value of risks to the executive management
• What are the biggest challenges when getting buy-in from top management?
• Communication effectiveness: putting yourself in the boss’ shoes and delivering the right message

• How can CISOs speak the CEOs’ language?
• What does the board expect from CISOs when evaluating and reporting inherent and evolving risks?
• How can the board support CISOs in conducting a cybersecurity mission & strengthening their posture?
• Working together in mastering the company’s digital governance & risk management practices
• Exploring challenges and opportunities to adopt a secure-by-design approach in the business

Panellists:

Greg Sawyer, CEO, CAUDIT

Walter Kmet, CEO, Macquarie University Hospital

Vasyl Nair, CEO, Mine Super

Faizal Janif, Executive Advisory Board Member, AISA

To be successful, today’s CISO needs to bring more than their security acumen to the table. The role has expanded exponentially to address executive and board concerns, endless business challenges and customer and product confidence. While positive outcomes are the goal, it is critical for CISOs to work with full transparency to protect the business and themselves. In this session Gail will share best practices from her experience negotiating the evolving role of the CISO in an expanding threat landscape.

• How has the threat landscape evolved in Australia?
• How malicious cyber activities are impacting organisations across the country?
• What strategies can organisations adopt to create robust cyber security measures to prevent incidents and exploitations?
• Government, industry, academia and citizens working in collaboration to safeguard our country and communities

• The Evolution of Ransomware – How did we get here and what is next
• Understanding the risks and potential costs of attacks
• Exploring successful techniques to improve organisations’ ransomware protection posture

• Building security from scratch – incorporating people, process, and technology into your programs
• Strategies to improve your teams’ skills and knowledge in IT and cybersecurity
• Exploring how innovative technologies can help your company achieve adaptability and resilience

Join us to hear how to deter attackers, apply similar new techniques that the world’s biggest companies, like Adobe, Snap, PayPal, are using, and adapt your strategies to deliver measurable cost savings.

During the session, we’ll discuss:

• How criminals are conducting account takeovers and credential stuffing attacks that bypass MFA SMS toll fraud, and more to monetise CISOs’ own security defenses against themselves
• How attackers overcame MFA and how we worked with a top gaming merchant to prevent it
• A tour of the modern areas where adversaries share techniques and learn, the latest networks in play, and other threats, like SMS Toll Fraud and much more.

• How do you build a security program in 2023?  How has it changed from recent years?
• People, process, and technology – what do you need to incorporate into your program?
• What does ‘good enough’ look like and how do we measure it?  Risk, regulation, and strategy – making them all fit together

During this interactive discussion, Sam Hewett will guide the group to share key challenges and ways to overcome one of the most critical issues cybersecurity professionals are facing – mental health.

Supply chain can be the weakest risk of your digital assets. During this presentation, we’ll explore good practices for data protection, data governance, fraud prevention and third-party risks to ensure your supply chain is secure.

Cyber Security Programs are challenged by the sprawl of devices, device types, and the quantity of solutions continues to skyrocket and environments only grow more siloed and complex.
But there’s good news: Asset data can now be harnessed to transform your cyber security program. Today’s “asset intelligence” moves from a spreadsheet approach to an API-driven, rich and always up-to-date view into all assets via integrations of existing solutions, data correlation at scale, and querying capabilities to find and respond to gaps. Join this session to learn how asset intelligence improves security hygiene, allocate resources, accelerate incident responses and remediates gaps.

This session is designed for cybersecurity leaders who are currently implementing Zero Trust architecture models. Join us to hear common challenges and explore ways to overcome them. Key discussion points:

• The evolution of Zero Trust
• What are the key challenges you are trying to overcome
• How to develop a roadmap and implementing specific initiatives to your projects
• Discover effective ways to build a zero-trust security framework
• Identify key components of a zero-trust model to protect the current environment

During this session, we’ll explore various methods utilised in building a stronger, more secure company to prepare and protect against cybercrime. Richard will share his experiences of what has worked and hasn’t worked over the years and how getting certified really helped the organisation maturity journey.

How will you overcome a cyber-attack on your organisation?

In our rapidly-evolving digital world, cyber skills are critical to ensure reasonable, appropriate and informed business decisions can be made at an executive level.

In less than an hour, you can learn how

We will lead participants through an interactive cyber-attack, which includes ‘live’ news reports and calls for quick responses and decision making. Our user friendly physical boardgame is the centrepiece of the Gamification experience, designed to help participants better understand the cyber security application. The game facilitates open discussion in a fast-paced, fun and memorable environment, an innovative way to introduce cyber security into an organisation’s security awareness training and to complement routine computer-based education.

In a collaborative project, the Cyber Security Cooperative Research Centre (CSCRC), CSIRO’s Data61, Government of Western Australia through the Office of Digital Government, with the support of Edith Cowan University, have created an interactive board game to raise awareness and encourage critical thinking about how to prepare and respond to a ransomware attack. 

Facilitators:

Helge Janicke, Research Director, Cyber Security Cooperative Research Centre

Carl Celedin, Project Manager, Cyber Security Cooperative Research Centre

Join Splunk's Regional Director for Security, as he takes us through cyber predictions wins and losses of 2022 and looks forward into 2023 for Splunk's Data Security predictions. During this presentation you will hear more about ransomware, cyber-crime-as-a-service, Supply chain and Hiring cyber talent. All of this plus a little bit of fun with Open AI

• Exploring the challenges and opportunities for improvement
• What information should be given to the board?
• Quite the technical jargons – what the board won’t listen to and what they will shift attention to
• Developing and mastering your skills of communicating with the board

NSW has added cyber education to school curriculum, and secondary students will learn in ‘smart city sandbox’. The 10-week course was development between NSW Department of Education, Cyber Security NSW, and industry firms including MCB Business Partners and Core Electronics. During this session, you’ll get inspired on how the project came about, and what the profession can expect for 1000s of kids every year doing this course in NSW schools.

Join our interactive wrap-up discussion to share your key take-aways from CISO Sydney 2023 and hear how your peers will be address their key learnings moving forward.

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.