CISO Sydney schedule

In this 10-minute networking session, the goal is to connect with three new people. Let the questions on the screen spark your conversation. Enjoy the opportunity to expand your network!

• Discuss the rapidly evolving landscape of cyber security threats and their profound impact on business success.
• Highlight the transformational power of aligning technology risk with your core business strategy, creating a strong defence against emerging threats.
• Emphasise the importance of building and nurturing a resilient workforce, equipped to tackle the evolving challenges of the digital age.

Cyber security can seem like an unrewarding career. Preventing breaches depends on a variety of factors, including the company's risk-appetite, senior management buy-in and adequate budgets. If the company is not hacked, whether you have a robust and mature cyber strategy or just luck, you're just doing your job. But if it is does, the cyber team often gets the blame. It's essential for CISOs to ensure their teams are motivated and engaged. During this interview, we will review KPIs and discuss successful ways to ensure the wellbeing of the team and prevent burnout.

Interviewer:

Chirag Joshi, Founder & CISO, 7 Rules Cyber

Interviewee:

Jan Zeilinga, CISO, James Cook University

With evolving Australian regulations, enterprises are facing stricter mandates for securing sensitive data. Protecting is no longer just a best practice—it’s a business imperative. This session will explore key data protection requirements, including enhanced encryption, stricter access controls, and stronger authentication mechanisms.

Join us to understand how to turn compliance challenges into security advantages while staying ahead of regulatory demands.

• Navigating regulatory change: Adapting to evolving laws like the Privacy Act, SOCI Act, and Cyber Security Act without disrupting business operations
• Preparing for a post-quantum future: Addressing the deprecation of legacy encryption and transitioning to Post-Quantum Cryptography
• Ensuring compliance in a complex ecosystem: Managing regulatory obligations across a globally dispersed network of suppliers, partners, and customers

Panellists:

Nathan Lewis, Head of Cyber, Technology and Data Risk, Newcastle Permanent

Gaurav Vikash, Head of Security and Risk, APAC, Axon Enterprise

Sebastian Tymoszuk, Director, Australian Trusted 

Umair Zia, Head of Cyber Security, Sydney Local Health District

Marc Airo-Farulla, Regional Sales Director, Entrust

As digital transformation accelerates across industries, the need for secure, scalable, and resilient applications has never been more critical. This session delves into best practices and innovative strategies for ensuring application security in dynamic and complex environments. From integrating Static Application Security Testing (SAST) and Software Composition Analysis (SCA) into modern CI/CD pipelines to addressing unique challenges posed by containerized applications in Kubernetes, we’ll explore practical approaches to safeguard software throughout its lifecycle. Attendees will gain actionable insights into building resilient security postures, fostering collaboration between development and security teams, and aligning security practices with the pace of digital innovation.

Join us to discover how to future-proof your applications and secure the foundation of your digital initiatives.

• Understanding the risks and implications of AI and how it will change our threat landscape
• Influencing and guiding the business to make strategic investment decisions
• How cyber leaders are successfully governing the use of AI
• How can AI be used in cyber defence?

DigiCert’s annual forecast of cybersecurity predictions for identity, technology, and digital trust expected to shape the landscape in 2025 and beyond. These predictions provide a snapshot of the cyber security challenges and opportunities that ANZ enterprises will encounter in the months ahead.

In recent years, with the increasing activity and exploitation of organisations; governments have started to see the importance of Information Security.

To address this governments have been implementing legislation and regulations around Information Security, to ensure that critical systems and infrastructure are protected.

Europe last year released their versions which will come into effect in 2024 and 2025, that looks to address Information Security in Europe.

These new directives and regulations could have implications and impacts, for any business working with EU organisations.

Moderator: 
Chirag Joshi, Founder & CISO, 7 Rules Cyber

Panellists:

Jihad Zein, Global Head of GRC, Technology, Toll Group

Matthew Duckworth, Director, IT Risk and Security, MetLife Australia

Leron Zinatullin, CISO, Linkly 

Developing risk assessment Supply chain disruptions can have catastrophic consequences, and recent incidents have shown that knowing your supply chain (KYSC) is a cornerstone of cyber resilience. Security teams need the ability to map dependencies effectively, identify critical vendors, and gain visibility into their extended ecosystem.
Learn how to enhance your organization's cyber resilience, mitigate supply chain risks, and future-proof your organization for incidents. Alex will discuss:

• The impact of recent outages on the global supply chain
• The critical role of KYSC in managing emerging threats 
• How to prioritize vendors based on criticality and business impact
• Best practices for leveraging technology to enhance supply chain visibility
• Actionable recommendations to build a resilient supply chain through proactive measures

• Strategies to increase awareness of AI risks to senior management and the board to support informed business decisions
• How can cyber leaders collaborate with regulatory bodies to create effective AI security standards and guidelines
• Overview of the ISO/IEC CD 27090 guidance and ASD’s Guidelines for Secure AI System Development – where to from here

Moderator:

Chirag Joshi, Founder & CISO, 7 Rules Cyber

Panellists:

Nathan Lewis, Head of Cyber, Technology and Data Risk, Newcastle Permanent

Pearse Courtney, Cyber Project Manager, AEMO

Robin Long, CTO, Rapid7

In today's fast-paced digital world, the security landscape is evolving rapidly, presenting organisations with increasingly sophisticated challenges. As Australia aims to achieve ambitious security objectives, the demand for cost-effective, high-impact security solutions is escalating. One area of immense potential lies within Domain Name System (DNS) technology, yet many organisations lack a comprehensive understanding of its pivotal role in modern security strategies.

This session will shed light on the vulnerabilities inherent in DNS, the diverse array of threats exploiting the protocol, and innovative security approaches harnessing DNS and related network services to fortify organisations against evolving cyber threats. Attendees will learn about the importance of DNS, its vulnerabilities, and how to leverage DNS for defence, gaining valuable insights into threat detection and mitigation to bolster their security posture.

• Integrate offensive security teams into a proactive risk management strategy to prioritise and address critical vulnerabilities.
• Foster a culture of continuous improvement within teams to stay agile and responsive to evolving threats.
• Align offensive security efforts with organisational risk reduction goals, ensuring they support broader security objectives.
• Apply offensive security skills beyond traditional penetration testing to identify emerging threats and reinforce the organisation's overall risk posture

In today’s rapidly evolving digital landscape, identity fraud poses a significant threat to organizations, costing billions annually and damaging customer trust. From account takeovers and synthetic identities to sophisticated impersonation scams, fraudsters are becoming more adept at exploiting vulnerabilities.

Join us for a session  tailored for Security & IAM professionals, where we will explore:
- Emerging Threats: A deep dive into the latest trends in identity fraud, including account takeovers, new account fraud, and the risks posed by bots and advanced impersonation techniques.
- Proven Mitigation Strategies: Discover how a layered identity approach with real-time risk assessment, dynamic fraud detection, and secure authentication methods can protect your organization without compromising user experience.
- Future-Proofing IAM Systems: Learn about scalable, AI-driven fraud detection technologies and identity orchestration that integrate seamlessly into existing IAM infrastructures.

This session will equip you with actionable insights to strengthen your organisation’s defences while ensuring seamless and secure user journeys. Don’t miss this opportunity to stay ahead in the fight against identity fraud!

• Effective ways to influence boards and senior management on how security is aligned with the business goals
• Engaging the Steering Committee: How to get cross-functional representatives to be security cheerleaders
• The power of joining forces to assess risks, implement security controls, and ensure tech infrastructure is compliant to regulations

Moderator:

Madhuri Nandi, Head of Security, Nuvei

Panellists:

Vasyl Nair, Group CEO, Team Super 

Christopher Johnson, Group Head of Technology, Charter Hall

Saleshni Sharma, Regional CISO, Berkley

Catherine Rowe, Former Global CISO, ex-QBE

Risk management is a crucial aspect of every organisation. The basic process is to identify potential risks, assess their impact, and implement strategies to mitigate them. Data analytics plays a vital role in risk management by providing insights into potential risks and helping organisations make informed decisions. Additionally, data analytics closes the risk management loop through assessing the effectiveness of mitigation strategies. Historical data, both external and internal, enables an organisation to evaluate the efficacy of previous initiatives and identify areas for further improvement.

So how can you add data analytics to your Cyber Risk Management process? Let's discuss the risks of this promising venture and the potential sweet spot for your organisation.

In the ever-evolving landscape of cyber security, the path to leadership is often as unpredictable as the threats we face. In this presentation, we’ll explore successful ways to become an effective leader in a critical domain. Attendees will gain a deeper understanding of the strategic and operational adjustments required, the importance of rapid learning and adaptation, and the value of leveraging diverse experiences to build a resilient security posture.

Zero Trust is revolutionizing network security architecture: it is data and device-centric and designed to stop data breaches while protecting critical infrastructure and making cyber-attacks unsuccessful. This session will explore how Zero Trust will help you achieve tactical and operational goals that make cybersecurity a business growth enabler, not a business inhibitor. Find out why Forrester calls this 'the golden age of microsegmentation,' and how it's driving growth in confidence, resilience and accelerating modern platform adoption.

Effective ways to educate – engaging diverse people with cybersecurity and online safety

People centric – adopting an in-person tone and using real-life examples of how a cyberattack can impact everyone’s lives

Relevant – what’s in it for them and why they should care

Providing resources – setting clear expectations and providing resources

Moderator:

Lisa Dethridge, Research Fellow, RMIT University

Panellists:

Hani Arab, CIO, Seymour Whyte

River Nygryn, CISO, HammondCare

Naveen Sharma, Head of Information Security, Superloop

Amelia Gowa, State Director of NSW (CPS), Trustwave 

During this session, we will show you just how easily your company’s sensitive data can be exposed using Microsoft Copilot with simple prompts. We will share practical steps and strategies to ensure a secure Microsoft Copilot rollout and prevent prompt hacking data exposure.

Zero Trust is a vital component of modern security, but its value needs to be communicated to the C-suite. This session will explore how Okta and Palo Alto Networks can work together to align Zero Trust strategies with the organisation’s overall business goals.

The pair will deep dive into:

• How can Okta’s IAM and Palo Alto’s security solutions help reduce business risk while enhancing operational agility?
• How can security leaders demonstrate the ROI of Zero Trust to the board, using examples from Okta and Palo Alto’s combined solutions?
• What are the key business drivers for adopting Zero Trust, particularly in terms of risk management, compliance, and breach prevention?

Speakers:

Jefferson Haw, Principal Solutions Architect, Okta

Riccardo Galbiati, Regional CSO, JAPAC, Palo Alto Networks

In today’s rapidly evolving digital landscape, real-time data is revolutionising the way critical infrastructure organisations manage and secure their IT environments. This insightful presentation by Tanium delves into the transformative power of real-time data, highlighting three key pillars: 

• Cyber Hygiene: How to fortify your defences and make it increasingly difficult for adversaries to penetrate your systems. 
• Security: Learn how to swiftly detect breaches, understand the extent of intrusions, and implement effective response measures to mitigate damage. 
• Compliance: How real-time data super charges data collection, remediation and uplifts Essential 8 Maturity levels faster. 

Join Matt as he explores how leveraging real-time data can enhance your cyber resilience, providing a robust shield against ever-evolving threats. 

• Importance of human factor to cyber security and why most cyber awareness efforts fail
• Tailoring security awareness programs to address cyber risks and business priorities
• Strategies to influence behaviour and create a cyber-safe culture

Moderator:

Jennifer Firbank, Cyber Security Strategy & Influence Principal, Telstra

Panellists:

Oliver Sebastian, Director, Information Technology, Landcom

Bradley Busch, Non-Executive Director, Shire Christian School

Sophia Barbour, Cyber Awareness and Intelligence Lead, Commonwealth Superannuation Corporation

Tom Scully, Principal Architect, Public Sector, Palo Alto Networks 

• Exploring the role of AI in cyber security, including how it’s currently implemented and making a real impact on defence and threat response.
• Discussing the challenges and key considerations for adopting AI in cyber risk management and choosing the right technologies for a broader strategy.
• Looking ahead to the future of AI in security, focusing on how organisations can measure its effectiveness and continue to strengthen their defences.

Interviewer:

Dan Haagman, CEO of Chaleit & Honorary Professor of Murdoch University

Interviewee:

Lee Barney, GM Tech Security, TPG Telecom

• Uncover what lies ahead - a brief guide outlining key initiatives, strategic imperatives and the challenges that CISOs must navigate
• Deepen your understanding of the vision of the 2023-2030 Australian Cyber Security Strategy to empower you with actionable strategies to craft a path to success
• Learn about the key challenges and success factors identified for the strategy, including the need for long-term commitment, flexibility, and alignment with global allies

Explore FortiGuard's 2025 threat predictions and learn actionable strategies to combat emerging risks like supply chain attacks. Build resilience, minimise systemic risk and stay ahead in an interconnected threat landscape.

• Exploring the importance of security architecture
• Several misconceptions about what security architects do
• 3 important jobs of security architect and how they differ
• Making it easy and fast for business

This presentation explores the transformative potential of Generative AI, machine learning, and hyper automation in cybersecurity. The talk delves into how these advanced technologies are reshaping Security Operations Centers by enabling intelligent threat detection, automated incident response, and predictive risk management. By leveraging AI-driven analytics, continuous learning algorithms, and seamless workflow integration, organizations can dramatically enhance their defensive capabilities, reduce response times, and proactively mitigate emerging cyber risks with unprecedented precision and efficiency.

APIs power critical business operations, but they’ve also become prime targets for cyberattacks. With threats like data breaches and business logic manipulation on the rise, securing APIs is no longer optional—it’s a strategic necessity. This session explores:

• The API Attack Landscape: How attackers exploit APIs to bypass defenses, manipulate business logic, and disrupt operations.
• Business Impacts of API Breaches: Real-world examples of financial, reputational, and operational fallout from API vulnerabilities.
• Defending the Full API Lifecycle: Why traditional tools like WAFs and pen testing are insufficient and how to adopt proactive, context-aware security strategies.
• Strategic Compliance Alignment: How to prepare for evolving regulatory mandates around API security and governance.
  
  

This session explores how to leverage technology effectively to handle complex security challenges while enabling small, agile teams to focus on high-impact tasks. Learn how to choose the right vendors, avoid vendor lock-in, and navigate bold claims to make informed, secure business decisions. Discover practical strategies for balancing security needs with business agility, ensuring security teams act as enablers, making security stronger one business decision at a time – without becoming a 'no' factory.

Today, the domains of Cloud Security and Security Operations Center (SOC) often operate in silos, moving at different paces and lacking seamless integration. However, with cloud breaches becoming increasingly probable for most organizations, it is imperative to empower SecOps to prevent, detect and respond in real-time. In this presentation, Palo Alto Networks unveils a revolutionary approach that unifies cybersecurity efforts across the enterprise. Discover the future of CNAPP and how this integrated strategy delivers real-time response capabilities and secures your organization in today’s cloud-first era.

• How security is changing and how to ideally address it
• The shift-left reality and how the solution didn't work
• The cost implications of a wrong security workflow
• How to make DevSecOps work, strategically 

Moderator:

Dan Haagman, CEO of Chaleit & Honorary Professor of Murdoch University

Panellists:

Chris Grisdale, Head of Information Security, hipages Group

Jess Thomas, Assistant Director Cyber Security Outreach, National Office of Cyber Security, Department of Home Affairs

Cody Kieltyka, CISO, Australian Payments Plus

Devraj Chakraborty, Head of Information Security APAC, ABN AMRO Clearing Bank

• How to leverage GRC as a strategic framework to drive continuous improvement in your cyber security capabilities and overall resilience
• Successful practices to advanced techniques for aligning GRC initiatives with your business objectives and key risk indicators to maximise the impact of your cyber investments
• Sharing practical approaches to navigating the challenges of implementing cyber into GRC strategy

Moderator:

Johann Filmalter, Senior AE GRC, Vanta
Panellists:

Madhuri Nandi, Head of Security, Nuvei

Siddharth Rajanna, Head of Cyber Security, Bingo Industries 

River Nygryn, CISO, HammondCare

Peter Brooks, Head of IT, Billbergia

Lisa Dethridge, Research Fellow, RMIT University

• What are the key challenges organisations face when implementing identity access management?
• What are your recommendations to navigate these challenges?
• What does a successful approach look like
• How can IAM help safeguard organisations upgrading business operations, modernising aging infrastructure, and protecting network perimeters, and scaling up?

Moderator:

Paul dos Santos, Group Head of Information Security, SG Fleet AU

Panellists:

Sebastian Tymoszuk, Director, Australian Trusted 

Ilya Polyakov, Former Chief Security Architect and Head of Identity Management, ex-NSW Department of Planning, housing and Infrastructure

Antoine Jebara, Co-Founder, JumpCloud

• Importance of having a team who’s well-prepared and well-rehearsed during incidents to go through crisis
• Reactive Incident response vs Proactive Incident response – how well organisation manage that and how well those tasks are defined and segregated among defensive teams
• How much can we trust AI in the incident response capability? What place do AI and automation have in incident response – is it possible to embed it to a place where you can trust them?
• Taking the communication component seriously – strategies to prepare and prevent reputational losses because of cyber incidents

Moderator:

Edwin Kwan, Head of Cyber Security 

Panellists:

Siddharth Rajanna, Head of Cyber Security, Bingo Industries

Jayden Le, Global Head of IT & Security, Zoomo

Kapil Yewale, Head of Cybersecurity and Technology Risk, ClearView

Andrew Lawrence, CTO, 6clicks 

 

• Biometric authentication is gaining widespread adoption across industries as a means of enhancing security and user experience
• Opportunities and Challenges: Capitalising on promising opportunities for reducing password fatigue and improving user identity verification, while managing unique risks that come with it which require careful consideration
• Delve further into the multifaceted landscape of biometric authentication, discussing its key benefits, associated risks, real-world case studies, and actionable solutions for organisations aiming to harness its potential securely

Ransomware remains one of the most significant cybersecurity threats, with attacks growing in frequency, sophistication, and financial impact. This session will explore the evolving ransomware landscape, attack stages, and key defense strategies.

Discover strategies to encourage creativity and innovation within cyber security teams. Explore effective activities to boost creativity and problem-solving skills in high-pressure environments.