CISO Sydney schedule

 In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network! 

With cybercrime now estimated at a $10.5 trillion global economy in 2025, its scale demands the urgency, resources, and collaboration of a national crisis. This keynote will examine how the threat environment is evolving, from sophisticated multi-vector attacks and the growing role of AI in both offence and defence, to the shifting tactics of cybercriminal and nation-state actors. It will also explore how Australia can build stronger resilience through public-private collaboration and coordinated national response. 

Bridging the gap between strategy and execution is one of the toughest challenges in cyber leadership. This candid conversation explores how to turn high-level plans into clear, achievable actions that deliver measurable outcomes. From stakeholder alignment to delivery roadmaps and the metrics that matter, the discussion focuses on making cyber real across the organisation.

• What are the common pitfalls leaders face when trying to turn cyber strategy into actionable outcomes, and how can they be avoided?
• How do you create buy-in across the organisation to ensure cyber initiatives move from plan to execution?
• When cyber strategies are successfully implemented, what really makes the difference?

Moderator:

Gaurav Vikash Head of Security and Risk (APAC) Axon

Speakers:

David Griffiths CISO Northern Beaches Council

Roshan Fernandes Information Security & Risk Manager Sydney Children’s Hospital Networks

 Harnessing global threat intelligence allows organisations to move from reactive defence to proactive threat mitigation. This session will demonstrate how consolidating and operationalising threat feeds can improve security agility, enhance visibility across systems, and drive a more resilient cyber security posture. 

 

While security professionals are across the threats, the same can’t always be said for executive leadership and board members. Bringing together the C-suite in this panel, we explore how CISOs get meaningful cut-through with the executive suite when they’re already swamped with compliance, governance, and operational pressures.

• What was the defining moment or incident that fundamentally changed how you think about cyber resilience and your role in it?
• How do you embed security into the way the business actually operates – not just slogans but as something enduring and strategic?
• How do you, as CFO, set priorities, and where can the cyber leader add the most value? Has there been a moment or incident that shifted your view or priorities for cyber and resilience?
• As a CIO, what qualities beyond technical expertise do you value most in a cyber leader?
• What language, evidence, or framing truly resonates with non-security executives?
• How can we influence the broader business to own and act on risk, creating accountability beyond the security team?

Panellists:

Tony Mckeown CSO KBR

Andrew Karvinen CISO NSW Department of Communities and Justice

Rajini Carpenter CTO Beforepay Group  

Security leaders are under pressure to secure AI-driven cloud environments at the speed of development. This session unpacks strategies for integrating security seamlessly into AI and cloud workflows, ensuring protection while enabling business agility.

Reserved for a solution partner

As AI adoption accelerates, leaders face the challenge of setting clear boundaries, not only around what AI should and shouldn’t do, but also around who holds responsibility for its oversight. This panel explores governance from two critical perspectives:

• Structure and Responsibility - Where does AI sit across the organisation? Which teams shared responsibility
• Scope of AI – What tasks should AI be trusted with, and where must human oversight remain non-negotiable? How can organisations prevent over-reliance, ensure explainability, and avoid ethical or operational pitfalls?

Panellists will debate practical approaches to establishing guardrails that support innovation without undermining trust, compliance, or human judgement.

Panellists:

Colin Renouf CISO Healius

Mustafa Qasim Global Head of Detection & Response Flight Centre Travel Group

Leron Zinatullin CISO Linkly

Daminda Kumara CISO Commonwealth Superannuation Corporation 

With increased digital capability comes increased risk and responsibility. Evolving cyber threats, complex compliance demands and growing public scrutiny are placing more pressure than ever on public sector cyber leaders. This session explores how advancing your organisation’s cyber maturity can protect critical services, uphold trust in government systems, and support the secure delivery of digital transformation initiatives. 

Reserved for a solution partner

This session explores the landscape of human–AI collaboration, focusing on how humans and AI agents co-create value, share trust, and define oversight in agentic workflows. Explore practical approaches to managing and governing agentic systems, including accountability, monitoring, and frameworks for ethical, secure, and resilient systems. 

This session examines how to implement continuous AI risk monitoring — from identifying vulnerabilities in AI models and data pipelines to detecting misuse and drift. Learn how to combine automation, governance, and human oversight to safeguard high-value systems against evolving AI threats. 

In an AI-enabled workplace, the biggest insider threat may not be malice but a simple human error. One misplaced upload or prompt to a company AI assistant can expose sensitive data in seconds. This session examines how CISOs can balance trust and control, building guardrails that stop accidental leaks without slowing innovation.

DLP is evolving fast in the era of AI offering new capabilities, but also new risks. This session shares case studies on how organisations are deploying DLP alongside AI tools to protect sensitive data without stifling productivity. Explore practical lessons, from policy design and user adoption to monitoring, governance, and incident response in AI-enabled environments. 

Phishing and social engineering remain among the most effective attack vectors, and AI is making them more persuasive and scalable than ever. Yet traditional awareness programmes often rely on “gotcha” tests and compliance-driven training that fail to change behaviour. In this session, we explore how behavioural science and psychology can be applied to build more resilient human firewalls.

This session explores how to embed security thinking into broader organisational decision-making from procurement and product to HR and finance and build a culture where shared responsibility drives better security outcomes.

AI is already automating parts of engineering and analyst roles. In this interactive group discussion, every participant will have the chance to share their views on which skills will matter most in an AI-augmented workforce and how to reshape the talent pipeline to match.

• Which current cyber roles are most likely to be transformed or replaced by AI?
• What new roles or skills will emerge as AI adoption grows?
• How can we work with education providers to prepare the next generation of talent?

This session explores how to keep messages clear, consistent, and credible under pressure, from briefing executives and coordinating teams to managing regulators and public statements. Learn practical techniques to maintain trust, reduce confusion, and keep everyone aligned when the stakes are highest. 

Supply chains are now one of the most exploited entry points for attackers and too often, organisations only discover the risk once it’s too late. When applied effectively, threat intelligence can give earlier warning of emerging exposures across these extended ecosystems. This session explores how consolidating and operationalising intelligence feeds strengthens supplier oversight, reveals adversary patterns before they strike, and improves agility in response.

Vendor risk assessments often start and end with a checklist, but real resilience comes from understanding the people, processes and relationships behind the data. This session explores how to build trust, clarity and accountability with vendors through ongoing engagement, transparent communication and shared responsibility for security. 

While legal teams own contracts, security teams play a crucial role in shaping the obligations that protect the organisation. This session explores how security leaders can collaborate with legal and business teams to ensure key risks are addressed in partner agreements. Learn which clauses matter most, from data protection and breach notification to audit rights and compliance obligations, and how to turn security requirements into enforceable commitments.

Speakers:

Sarah Lattimer Chief Legal and Corporate Affairs Officer I-MED Radiology Network

Jihad Zein Global Head of Governance, Risk & Assurance Toll Group

This session features case studies and practical insights from working with enterprise customers to strengthen supply chain resilience. Discover how transparent communication, shared risk frameworks, and coordinated response strategies can reduce vulnerabilities and build trust across the ecosystem.

The rapid rise of generative AI has brought powerful new capabilities into the enterprise but also created “shadow AI,” where employees adopt unapproved tools without security review. For CISOs, the challenge is not only visibility but also accountability. Join us to share your thoughts on how to govern what is unseen, while enabling innovation.

• Oversight: How should CISOs gain visibility into AI use without creating a culture of surveillance or distrust?
• Accountability: Who should own the risks of shadow AI — security, business leaders, or individual teams?
• Governance: What frameworks or guardrails can balance compliance, ethics, and innovation at scale?

Facilitators:

Siddharth Rajanna Head of IT Security BINGO Industries

Jim Marinos Head of Security Advisory REA Group  

This session looks at how AI-driven threat detection can streamline SOC workflows, prioritise the right incidents, and surface actionable insights without adding to analyst fatigue. Hear lessons from actual deployments on balancing automation with human expertise to strengthen detection and response. 

This discussion explores how AI can help streamline workflows, automate repetitive tasks, and prioritise alerts, allowing teams to focus on high-value work.

• Which AI tools provide the biggest productivity gains for small security teams?
• How do you balance automation with human oversight to avoid missed threats?
• What tasks should be prioritised for AI-assisted workflows versus manual handling?
• How can small teams measure the impact of AI on efficiency and risk reduction?

How can organisations create the capacity for AI upskilling while ensuring regular work and operational tasks continue uninterrupted? Join us to share your thoughts and experience on balancing training, workload, and business priorities, discussing approaches to integrate AI learning into day-to-day workflows effectively.

• How can AI upskilling be integrated into existing workflows without disrupting productivity?
• What methods ensure employees apply newly acquired AI skills effectively in real projects?
• How can organisations measure the impact of AI upskilling on workforce capability, innovation, and business outcomes?
• What’s one lesson learned from failed AI 

Cybercriminals exploit weak segmentation to move laterally across networks, increasing the impact of breaches. This session will break down real-world attack patterns, revealing how organisations can disrupt lateral movement and reduce the success of cyber threats. 

This one-on-one conversation delves into stories behind the decisions, inflection points and leadership lessons that have shaped their journey. From earning trust and building influence to navigating complexity under pressure, the dialogue explores what they might approach differently today and what they still stand by. More than frameworks and controls, this session reveals how the CISO role is defined by the judgement calls that matter, focusing on the personal side of leadership in one of the most high-stakes positions in any organisation

Interviewee:

Arun Singh CISO Tyro Payments

Interviewer:

Dan Haagman CEO Chaleit & Honorary Professor of Practice Murdoch University 

 

As organisations shift more services, data and operations into an as-a-service model, identity risk becomes a critical business concern. This conversation explores what CISOs need to know beyond the technical detail to guide strategy, investment and trust.

• What’s the hardest part of managing identity sprawl across SaaS and multi-cloud?
• What’s the most effective ways to reduce complexity and maintain positive user experience while maintaining control?
• How do identity failures affect operational resilience and regulatory standing?
• How can CISO get a clear, continuous picture of trust, privilege and lifecycle in cloud-based environments?

Moderator:

Gaurav Vikash Head of Security and Risk (APAC) Axon

Panellists:

Chris Grisdale Head of Information Security hipages Group

Sajeesh Patail Global Cyber Operations Manager & Head of Cyber Operations Orica

Siddharth Rajanna Head of IT Security BINGO Industries

Vishwanath Nair GM Cyber & IT Risk BaptistCare

Ransomware remains one of the most disruptive threats with attackers adapting faster than many defences. This session explores practical strategies for prevention, early detection and effective response. Learn how to reduce impact, strengthen readiness and close the gaps that make organisations vulnerable to modern ransomware campaigns. 

Privacy and security are inseparable foundations of digital trust. This session will move beyond principle to practice, exploring where privacy expectations directly shape security controls, the hard trade-offs CISOs face, and how organisations can turn privacy compliance into a driver of customer confidence and competitive differentiation.

 Digital trust is being redefined as identity threats grow more complex. From deepfakes and impersonation attacks to the rapid rise of non-human identities, the identity landscape is evolving. This session explores what these changes mean for verification and control and how security leaders can adapt their strategies to safeguard trust in a world where not every identity is who or what it claims to be. 

This interactive discussion explores how to optimise sourcing, consolidate tools, and make smarter budget decisions. Join us to share your experiences, discuss trade-offs, and uncover practical strategies to streamline operations, reduce costs, and maximise value from existing investments.

• How can organisations decide which tools to keep, consolidate, or retire under budget constraints?
• What strategies or framework help teams achieve more without increasing spend?
• How do you avoid false economises that save money but increase risk?
• How do you measure the impact of tool rationalisation on efficiency, performance, and cost savings?

Moderator:

Madhuri Nandi Head of Security Nuvei

Speakers:

Arun Singh CISO Tyro Payments

Leana El-Hourani Head of Information Security & GRC Mission Australia  

In a cyber crisis, technical controls matter, but leadership defines the outcome. Crises demand fast decisions and trade-offs, and incidents quickly become organisation-wide challenges. This session explores how security leaders align technical response with executive-level crisis management to ensure clarity, speed, and coordinated action, building resilience before, during, and after the storm.

 As corporate and operational environments become increasingly interconnected, securing the corporate infrastructure is essential for building a resilient operational framework. This session will explore strategies to mitigate risks, protect critical assets, and ensure business continuity through a strong security foundation. 

Small and medium enterprises often face tough security challenges without the resources of larger organisations. In this interactive discussion, we’ll explore three critical areas to strengthen security posture—from access control and data protection to incident response and vendor risk. Participants will share experiences, practical tips, and examples to protect their businesses effectively without overburdening teams or budgets.

The shift from perimeter-based defence to Zero Trust marks a fundamental transformation in cybersecurity thinking. Rather than relying on static boundaries, Zero Trust requires a reimagining of how trust, identity, and access are governed. This talk examines how such shifts reshape the mental models of practitioners, emphasising the socio-technical dimensions that drive sustainable security change.

• Explore how trust is redefined as contextual, provisional, and continuously evaluated.
• Identify shifts in practitioner mental models and the cognitive load of adopting Zero Trust logic.
• Examine the socio-technical integration required for cohesive, organisation-wide Zero Trust implementation.

Today, staying ahead of cyber threats requires a proactive and adaptive approach. This session will focus on how organisations can optimise threat detection, response, and attack surface management to enhance visibility and build more resilient security operations. 

Most OT attacks now begin in IT. Once inside, adversaries move laterally, exploiting weak segmentation to reach critical systems. This session explores how threat actors cross the IT–OT divide and what it takes to stop them from visibility and separation to response readiness. Discuss the strategic perspective and technical insight needed to prepare effectively for the next wave of converged threats.

Quantum computing promises groundbreaking capabilities, but also the potential to break today’s encryption and security assumptions. In this debate, leading experts will explore whether quantum is an imminent cyber risk, a distant concern, or an overhyped distraction. We will explore what security leaders should be doing now to prepare.

Moderator:

Cathy Foley CSIRO Board Member & Former Australia’s Chief Scientist

Panellists:

Adam Byrne Group CSO The Adecco Group

Saba Bagheri Cyber Threat Intelligence Manager Bupa

Henry Huang Head of IT - Digital Service Delivery & Operations UBank 

Has cyber really changed, or are we still fighting the same battles in new ways? This closing session pairs two perspectives, one deeply experienced and the other earlier in their career, to spark a candid conversation about what defines a “good” cyber strategy today. Together, we’ll explore:

• What has truly changed in cyber strategy over the past 20 years, and what hasn’t?
• Can you share a strategy that failed and the key lesson you took from it?
• Where should organisations go “back to basics” and where is bold innovation needed?
• If you had to define the top marker of a “good” strategy in 2026, what would it be?

Moderator:

Chirag Joshi Founder & CISO 7 Rules Cyber

Speakers:

Sanja Petrovic GM Cyber Security & Governance HUB24