-
Day 1
-
08:20
Register; grab a coffee. Mix, mingle and say hello to peers old and new.
-
08:50
Welcome from Corinium and the Chairperson
Chirag Joshi - Founder & CISO - 7 Rules Cyber
-
09:00
Speed Networking - Making new connections!
In this 10-minute networking session, the goal is to connect with three new people. Let the questions on the screen spark your conversation. Enjoy the opportunity to expand your network!
-
09:10
Opening Keynote: Dynamic Risks, Strategic Moves – Embracing Change for Success
- Discuss the rapidly evolving landscape of cybersecurity threats and their profound impact on business success.
- Highlight the transformational power of aligning technology risk with your core business strategy, creating a strong defence against emerging threats.
- Explore the complexities of managing enterprise-scale cybersecurity risks, including third-party and supply chain vulnerabilities.
- Emphasise the importance of building and nurturing a resilient workforce, equipped to tackle the evolving challenges of the digital age.
-
09:35
Self-Governing DevSecOps: Navigating Towards Continuous Security
This session will guide you through the stages of the DevSecOps transformation journey, illustrating the benefits of autonomous DevSecOps in enhancing efficiency, security, and scalability while addressing the challenges that come with it. Discover how to navigate the path towards a self-sustaining security framework that is ready for the future. -
10:00
Taking full advantage of diversity in your cyber teams
Imtiaz Khan - CISO - Roads and Maritime Services
Creating our own cybersecurity unicorns is possible when we shift the lens we see them through. By taking transferable skills, valuable professional background, and the right attitude into account, we can bridge the cybersecurity talent gap. In this session, we will explore how to encourage non-cybersecurity executives to break into cyber roles with confidence.
-
10:25
NETWORKING BREAK
-
10:55
“Know Thy Enemy” – Effectively managing AI risks
- Strategies to protect data from poisoning and manipulation, disclosure of sensitive information, and bias and discrimination issues
- Mitigating adversarial prompts and risks for generative AI systems
- Preventing systemic vulnerabilities such as DoS attacks and overreliance and misuse of AI
-
11:20
Mitigating Risk to the #1 Target for Attackers: Your Enterprise Identity System
Senior representative - TBC - HashiCorp
- Why AD is such a target
- How you can increase operational resilience of this mission critical identity system by
- Mitigating attacks against your AD
- Significantly reducing its recovery time objective (RTO)
-
11:45
PANEL: Keeping up with a constantly changing regulatory environment
- An overview of new security regulations and standards affecting Australian businesses
- Complying with SOCI, SoNS, CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, AESCSF, NIST and Essential 8
- Insights into the current proposed legislation NIS 2.0 and DORA, which have been said to be the GDPR for Information Security
- Strategies to balance the benefits against the cost-impact of compliance based on the enterprise’s risk appetite
Panellists:
Nathan Lewis, Head of Cyber, Technology and Data Risk, Newcastle Permanent
Gaurav Vikash, Head of Security and Risk, APAC, Axon Enterprise
Sebastian Tymoszuk, CISO, Autosports Group
Umair Zia, Head of Cyber Security, Sydney Local Health District
-
12:20
Keeping your company’s Crown Jewels safe
Credentials, API tokens, certificates, keys. All these secrets are growing at a rapid rate as we work towards building least privilege patterns. This proliferation introduces significant challenges for visibility, lifecycle, and user experience, and poses significant risk when they fall into the hands of bad actors. During this session, we will look at the necessary shifts that you need to make to keep your secrets safe.
-
12:45
Sobering Up the AI Hype – Making Strategic Cyber Investments and Delivering Business Value
Nivi Newar - Head of Cyber Security Strategy & Governance - UNSW
- Understanding the risks and implications of AI and how it will change our threat landscape
- Influencing and guiding the business to make strategic investment decisions
- How cyber leaders are successfully governing the use of AI
- How can AI be used in cyber defence?
-
13:10
Lunch
-
TRACK A - Standards & Regulations
Chair: Chirag Joshi - Founder & CISO - 7 Rules Cyber
-
14:20
PANEL: Adapting to EU Regulatory Changes: Navigating Compliance and Managing Impacts
In recent years, with the increasing activity and exploitation of organisations; governments have started to see the importance of Information Security.
To address this governments have been implementing legislation and regulations around Information Security, to ensure that critical systems and infrastructure are protected.
Europe last year released their versions which will come into effect in 2024 and 2025, that looks to address Information Security in Europe.
These new directives and regulations could have implications and impacts, for any business working with EU organisations.
Panellists:
Jihad Zein, Global Head of GRC, Technology, Toll Group
Matthew Duckworth, Director, IT Risk and Security, MetLife Australia
Leron Zinatullin, CISO, Linkly
-
14:45
Advancing your cyber maturity through improved resilience
Senior representative - TBC - Varonis
- Developing risk assessment strategies with the emerging risks and threat landscape in mind
- Conducting gap analysis to identify where resilience can be improved
- Analysing metrics for visibility of the effectiveness of your cyber programs
- Selecting the best maturity model for your organisation and creating an advancement plan
-
15:10
PANEL: Driving the Need for AI Security Regulations
- Strategies to increase awareness of AI risks to senior management and the board to support informed business decisions
- How can cyber leaders collaborate with regulatory bodies to create effective AI security standards and guidelines
- Overview of the ISO/IEC CD 27090 guidance and ASD’s Guidelines for Secure AI System Development – where to from here
Panellists:
Nathan Lewis, Head of Cyber, Technology and Data Risk, Newcastle Permanent
Pearse Courtney, Cyber Project Manager, AEMO
David Soldani, SVP Next Generation Advanced Research, Rakuten Mobile
-
15:35
Automating compliance – hype or reality?
Senior representative - TBC - Axonius
During this session, we’ll explore how compliance management platform can help you take the manual work out of your security and compliance process and replaces it with continuous automation
-
TRACK B - Risk Management
Chair: Dan Haagman - - Doctoral Security Researcher
-
14:20
Leveraging Offensive Security for Proactive Risk Management
Dan Elliott - Head of Cyber Resilience - Zurich
- Integrate offensive security teams into a proactive risk management strategy to prioritise and address critical vulnerabilities.
- Foster a culture of continuous improvement within teams to stay agile and responsive to evolving threats.
- Align offensive security efforts with organisational risk reduction goals, ensuring they support broader security objectives.
- Apply offensive security skills beyond traditional penetration testing to identify emerging threats and reinforce the organisation's overall risk posture
-
14:45
Risk and Vulnerabilities - Managing your attack surface and prioritising vulnerabilities
Senior representative - TBC - Ping Identity
In today's digital landscape, managing your attack surface and prioritizing vulnerabilities are crucial for robust cybersecurity. Join us for a 20-minute session where we'll explore effective strategies to identify, assess, and mitigate potential threats. Learn how to streamline your vulnerability management process and allocate resources efficiently to safeguard your organization against cyberattacks.
-
15:10
PANEL: Elevating cyber risks to boards, senior management, and across departments
- Effective ways to influence boards and senior management on how security is aligned with the business goals
- Engaging the Steering Committee: How to get cross-functional representatives to be security cheerleaders
- The power of joining forces to assess risks, implement security controls, and ensure tech infrastructure is compliant to regulations
Moderator:
Madhuri Nandi, Head of Security, Till Payments
Panellists:
Vasyl Nair, Group CEO, Mine Super
Christopher Johnson, Group Head of Technology, Charter Hall
Saleshni Sharma, Regional CISO, Berkley
Nick Stanton, Head of Technology Risk, Tyro
-
15:35
Harnessing global threat intelligence to stay ahead of the game
Senior representative - TBC - Infoblox
As we explore leveraging threat intelligence, machine learning, and AI for proactive protection, learn how consolidating vendors and platforms simplifies operations while enhancing visibility and efficiency.
Join us to unlock new strategies for bolstering cybersecurity resilience and how you can revolutionise your cybersecurity strategy.
-
TRACK C - Enabling Growth
-
14:20
Measuring the effectiveness of security programs and uplifting maturity
Anil Yellamati - Head of Cyber Security & Risk - Blackmores Group
- Getting buy-in from the board and steering committee
- Deciding on the most suitable techniques to implement a successful program
- How to ensure internal stakeholders understand the objectives and needs of security controls
- Defining metrics and adopting assurance frameworks
- Uplifting your program’s maturity by focusing on continuous improvement
-
14:45
Reinforcing your boundaries with IAM
Senior representative - TBC - Okta
- What are the key challenges organisations face when implementing identity access management?
- What are your recommendations to navigate these challenges?
- What does a successful approach look like?
- How can IAM help safeguard organisations upgrading business operations, modernising aging infrastructure, and protecting network perimeters, and scaling up?
-
15:10
PANEL: Educate, educate, educate – simple steps to improve accountability across the business
Effective ways to educate – engaging diverse people with cybersecurity and online safety
People centric – adopting an in-person tone and using real-life examples of how a cyberattack can impact everyone’s lives
Relevant – what’s in it for them and why they should care
Providing resources – setting clear expectations and providing resources
Moderator:
Lisa Dethridge, Research Fellow, RMIT University
Panellists:
Hani Arab, CIO, Seymour Whyte
River Nygryn, CISO, HammondCare
Naveen Sharma, Head of Information Security, Superloop
-
15:35
Continuous Exposure Management - Why thinking like an attacker is an efficient way to shape your remediation
Senior representative - TBC - SecurityScorecard
Cyber-attacks are getting more regular and sophisticated, often they go undetected. Improving security posture is an ever-growing priority; however, as organizations continue to struggle with remediation, this gives adversaries more opportunities to exploit not just vulnerabilities but also identity-related issues and misconfigurations. Join this session to learn how organizations mature their security posture by looking at their environment through the lens of an attacker, giving them a common language for discussing, and prioritising measurable risk reduction.
-
16:00
NETWORKING BREAK
-
16:30
PANEL: Influencing Human Behaviour and Reducing Cyber Risks
- Importance of human factor to cyber security and why most cyber awareness efforts fail
- Tailoring security awareness programs to address cyber risks and business priorities
- Strategies to influence behaviour and create a cyber-safe culture
Panellists:
Oliver Sebastian, Director, Information Technology, Landcom
Bradley Busch, Non-Executive Director, Shire Christian School
Sophia Barbour, Cyber Awareness and Intelligence Lead, Commonwealth Superannuation Corporation
-
16:55
Fortifying your Security Operations with Enhanced Visibility
Due to the constant evolution of our internal networks and in the face of an unforgiving threat landscape, Security Operations teams are constantly looking at new ways to enhance their visibility to better anticipate cyber threats. This session will explore the importance of how clarity of goals, visibility of your attack surface, and cyber threat intelligence can be helpful in better focusing your cyber security defences.
-
17:20
On-stage Interview: Nurturing high-performing, positive teams
Cybersecurity can seem like an unrewarding career. Preventing breaches depends on a variety of factors, including the company's risk-appetite, senior management buy-in and adequate budgets. If the company is not hacked, whether you have a robust and mature cyber strategy or just luck, you're just doing your job. But if it is does, the cyber team often gets the blame. It's essential for CISOs to ensure their teams are motivated and engaged. During this interview, we will review KPIs and discuss successful ways to ensure the wellbeing of the team and prevent burnout.
Interviewer:
Chirag Joshi, Founder & CISO, 7 Rules Cyber
Interviewee:
Jan Zeilinga, CISO, James Cook University
-
17:40
CISO Sydney Day 1 Closing Remarks & Networking Drinks
Not Found
-
Day 2
-
08:50
Welcome from Corinium and the Chairperson
Jason Murrell - Chair - Australian Cyber Network
-
09:00
Leading a business value driven team
Lieutenant General Michelle McGuinness CSC - National Cyber Security Coordinator - Department of Home Affairs
- Uncover what lies ahead - a brief guide outlining key initiatives, strategic imperatives and the challenges that CISOs must navigate
- Deepen your understanding of the vision of the 2023-2030 Australian Cyber Security Strategy to empower you with actionable strategies to craft a path to success
- Learn about the key challenges and success factors identified for the strategy, including the need for long-term commitment, flexibility, and alignment with global allies
-
09:25
Accelerating Cloud Security to enable AI: How Security teams can adopt a new operating model to enable agile AI adoption
Cloud and AI are empowering organisations to meet their business goals quickly and effectively, however, also presents a tectonic shift for cyber security teams. Today, CISO’s are forced to enable the adoption of Cloud and AI use cases at the speed of dev, requiring new operating models to continue to protect their environments and eliminate critical risks. Join this session to learn how you can enable your team to build faster in the cloud, ensuring security, Dev and DevOps can work together in a self-service model built for the scale and speed of your cloud and AI developments. -
09:50
Unravelling the complexities of security architecture
Ilya Polyakov - Chief Security Architect and Head of Identity Management - NSW Department of Planning, housing and Infrastructure
- Exploring the importance of security architecture
- Several misconceptions about what security architects do
- 3 important jobs of security architect and how they differ
- Making it easy and fast for business
-
10:15
Cyber strategy – creating robust and future-oriented frameworks
Devraj Chakraborty - Head of Information Security APAC - ABN AMRO Clearing Bank
Designing a cybersecurity operating model with people, processes, and technology at the core of your strategy is key. How to factor in the business strategy into the operating model, and how to take your business requirements as part of that process. During this session, we’ll explore strategies to:
- Build a well-developed program that supports and is tailored to the organisation’s needs
- Create a well-designed program with cooperation and support from stakeholders and management
- Develop effective metrics and KPIs for program design, implementation, and management performance assessment
-
10:40
NETWORKING BREAK
-
TRACK A - Presentations
Chair: Jason Murrell, - Chair - Australian Cyber Network
-
11:10
Data on the move: The hidden risks of employee turnover
Sandeep Taileng - CISO - State Trustees
-
11:35
Why SaaS breaches are the best kept secrets
Secrets such as APIs, tokens, valid and stolen credentials act as keys to unlock protected resources. They are the leading threat vector for data exposures and breaches of enterprise SaaS applications. In this session, learn the anatomy of a SaaS breach and best practices to build a viable SaaS threat model.
-
12:00
Where security and business meet – advancing cyber maturity and helping the business scale up
Roxanne Pashaei - CISO - NSW Rural Fire Service
Dive into a comprehensive exploration of strategic security planning amid the dynamic landscape of cyber threats. This session will discuss a useful framework of to-do’s for formulating a robust and future-oriented security strategies. By asking the right questions, we'll uncover critical insights and approaches that help your organisation anticipate and mitigate risk, thereby securing a more resilient future in an era of growing uncertainty.
-
12:25
Delivering security of applications and APIs
- Identifying and mitigating API bugs and vulnerabilities
- The importance of doing API threat modelling early in the development process
- Addressing API-related compliance concerns and keeping up with changing security requirements
- Can AI improve Zero Trust of APIs?
-
TRACK B - Panels
-
11:10
PANEL: Evolving your supply chain security practices and advancing its maturity
- How security is changing and how to ideally address it
- The shift-left reality and how the solution didn't work
- The cost implications of a wrong security workflow
- How to make DevSecOps work, strategically
Moderator:
Pablo Reys, Associate Director, DevSecOps National & Cyber Security, Optus
Panellists:
Chris Grisdale, Head of Information Security, hipages Group
Jess Thomas, Assistant Director Cyber Security Outreach, National Office of Cyber Security, Department of Home Affairs
Sam Mackay, Chief Information Security Officer, Department of Customer Service
-
11:45
PANEL: Advancing your cyber maturity through effective GRC
- How to leverage GRC as a strategic framework to drive continuous improvement in your cyber security capabilities and overall resilience
- Successful practices to advanced techniques for aligning GRC initiatives with your business objectives and key risk indicators to maximise the impact of your cyber investments
- Sharing practical approaches to navigating the challenges of implementing cyber into GRC strategy
Moderator:
Lisa Dethridge, Research Fellow, RMIT University
Panellists:
Madhuri Nandi, Head of Security, Till Payments
Siddharth Rajanna, Head of Cyber Security, Bingo Industries
River Nygryn, CISO, HammondCare
Peter Brooks, Head of IT, Billbergia
-
12:20
PANEL: Reinforcing your boundaries with IAM
- What are the key challenges organisations face when implementing identity access management?
- What are your recommendations to navigate these challenges?
- What does a successful approach look like
- How can IAM help safeguard organisations upgrading business operations, modernising aging infrastructure, and protecting network perimeters, and scaling up?
Moderator:Paul dos Santos, Group Head of Information Security, SG Fleet AU
Panellists:
Sebastian Tymoszuk, CISO, Autosports Group
Ilya Polyakov, Head of Identity Management, NSW Department of Planning, housing and Infrastructure
Enrico Conte, CISO, IMB Bank
-
12:50
Lunch
-
13:50
PANEL: Overcoming common Incident Management issues
- Importance of having a team who’s well-prepared and well-rehearsed during incidents to go through crisis
- Reactive Incident response vs Proactive Incident response – how well organisation manage that and how well those tasks are defined and segregated among defensive teams
- How much can we trust AI in the incident response capability? What place do AI and automation have in incident response – is it possible to embed it to a place where you can trust them?
- Taking the communication component seriously – strategies to prepare and prevent reputational losses because of cyber incidents
Moderator:
Edwin Kwan, Head of Cyber Security
Panellists:
Siddharth Rajanna, Head of Cyber Security, Bingo Industries
Jayden Le, Global Head of IT & Security, Zoomo
Simona Dimovski, Technology & Security Expert
-
14:20
ACSC Insights: The Impact of Cyber-Attacks and the Path Forward
Daniel Tripovich - Assistant Director General Incident Management - ASD
-
14:45
New CISO: A toolkit for your first 90 days
Harsh Rasik Busa - CISO - Avant Mutual
In the ever-evolving landscape of cybersecurity, the path to leadership is often as unpredictable as the threats we face. In this presentation, we’ll explore successful ways to becoming an effective leader in a critical domain. Attendees will gain a deeper understanding of the strategic and operational adjustments required, the importance of rapid learning and adaptation, and the value of leveraging diverse experiences to build a resilient security posture.
-
15:10
NETWORKING BREAK
-
15:40
Comprehensive Ransomware Defense: Safeguarding Business Continuity
Shalbin Samuel - Head of Cybersecurity - Intesa Sanpaolo
Ransomware strategies because of the growing threat and potentially devastating consequences of attacks. With ransomware incidents increasing in frequency and cost, businesses aim to protect their valuable data, maintain operational continuity, avoid financial losses, and safeguard their reputation by implementing comprehensive prevention, detection, and response measures
-
16:05
The Aftermath: Learning Lessons from Cyber-Attacks and Breaches
Alexander Moskvin - CISO - Steadfast Group
Join us as we'll dissect a real-life cybersecurity breach, revealing the vulnerabilities exploited and the cascading consequences. We'll explore the attacker's methods, the organisation's response, and the aftermath. Most importantly, we'll extract crucial lessons to fortify our defenses and create a more resilient cybersecurity posture for the future.
-
16:30
Close of CISO Sydney 2025
Not Found