CISO Sydney schedule

• Discuss the rapidly evolving landscape of cybersecurity threats and their profound impact on business success.
• Highlight the transformational power of aligning technology risk with your core business strategy, creating a strong defence against emerging threats.
• Explore the complexities of managing enterprise-scale cybersecurity risks, including third-party and supply chain vulnerabilities.
• Emphasise the importance of building and nurturing a resilient workforce, equipped to tackle the evolving challenges of the digital age.

This session will guide you through the stages of the DevSecOps transformation journey, illustrating the benefits of autonomous DevSecOps in enhancing efficiency, security, and scalability while addressing the challenges that come with it. Discover how to navigate the path towards a self-sustaining security framework that is ready for the future.

Creating our own cybersecurity unicorns is possible when we shift the lens we see them through. By taking transferable skills, valuable professional background, and the right attitude into account, we can bridge the cybersecurity talent gap. In this session, we will explore how to encourage non-cybersecurity executives to break into cyber roles with confidence. 

• Strategies to protect data from poisoning and manipulation, disclosure of sensitive information, and bias and discrimination issues
• Mitigating adversarial prompts and risks for generative AI systems
• Preventing systemic vulnerabilities such as DoS attacks and overreliance and misuse of AI

• Why AD is such a target
• How you can increase operational resilience of this mission critical identity system by
• Mitigating attacks against your AD
• Significantly reducing its recovery time objective (RTO)

• An overview of new security regulations and standards affecting Australian businesses
• Complying with SOCI, SoNS, CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, AESCSF, NIST and Essential 8
• Insights into the current proposed legislation NIS 2.0 and DORA, which have been said to be the GDPR for Information Security
• Strategies to balance the benefits against the cost-impact of compliance based on the enterprise’s risk appetite 

Panellists:

Nathan Lewis, Head of Cyber, Technology and Data Risk, Newcastle Permanent

Gaurav Vikash, Head of Security and Risk, APAC, Axon Enterprise

Sebastian Tymoszuk, CISO, Autosports Group

Umair Zia, Head of Cyber Security, Sydney Local Health District

Credentials, API tokens, certificates, keys. All these secrets are growing at a rapid rate as we work towards building least privilege patterns. This proliferation introduces significant challenges for visibility, lifecycle, and user experience, and poses significant risk when they fall into the hands of bad actors. During this session, we will look at the necessary shifts that you need to make to keep your secrets safe.

• Understanding the risks and implications of AI and how it will change our threat landscape
• Influencing and guiding the business to make strategic investment decisions
• How cyber leaders are successfully governing the use of AI
• How can AI be used in cyber defence?

In recent years, with the increasing activity and exploitation of organisations; governments have started to see the importance of Information Security.

To address this governments have been implementing legislation and regulations around Information Security, to ensure that critical systems and infrastructure are protected.

Europe last year released their versions which will come into effect in 2024 and 2025, that looks to address Information Security in Europe.

These new directives and regulations could have implications and impacts, for any business working with EU organisations.

Panellists:

Jihad Zein, Global Head of GRC, Technology, Toll Group

Matthew Duckworth, Director, IT Risk and Security, MetLife Australia

Leron Zinatullin, CISO, Linkly 

• Developing risk assessment strategies with the emerging risks and threat landscape in mind
• Conducting gap analysis to identify where resilience can be improved
• Analysing metrics for visibility of the effectiveness of your cyber programs
• Selecting the best maturity model for your organisation and creating an advancement plan

• Strategies to increase awareness of AI risks to senior management and the board to support informed business decisions
• How can cyber leaders collaborate with regulatory bodies to create effective AI security standards and guidelines
• Overview of the ISO/IEC CD 27090 guidance and ASD’s Guidelines for Secure AI System Development – where to from here

Panellists:

Nathan Lewis, Head of Cyber, Technology and Data Risk, Newcastle Permanent

Pearse Courtney, Cyber Project Manager, AEMO

During this session, we’ll explore how compliance management platform can help you take the manual work out of your security and compliance process and replaces it with continuous automation

• Integrate offensive security teams into a proactive risk management strategy to prioritise and address critical vulnerabilities.
• Foster a culture of continuous improvement within teams to stay agile and responsive to evolving threats.
• Align offensive security efforts with organisational risk reduction goals, ensuring they support broader security objectives.
• Apply offensive security skills beyond traditional penetration testing to identify emerging threats and reinforce the organisation's overall risk posture

In today's digital landscape, managing your attack surface and prioritizing vulnerabilities are crucial for robust cybersecurity. Join us for a 20-minute session where we'll explore effective strategies to identify, assess, and mitigate potential threats. Learn how to streamline your vulnerability management process and allocate resources efficiently to safeguard your organization against cyberattacks.

• Effective ways to influence boards and senior management on how security is aligned with the business goals
• Engaging the Steering Committee: How to get cross-functional representatives to be security cheerleaders
• The power of joining forces to assess risks, implement security controls, and ensure tech infrastructure is compliant to regulations

Moderator:

Madhuri Nandi, Head of Security, Till Payments

Panellists:

Vasyl Nair, Group CEO, Mine Super

Christopher Johnson, Group Head of Technology, Charter Hall

Saleshni Sharma, Regional CISO, Berkley

Nick Stanton, Head of Technology Risk, Tyro

As we explore leveraging threat intelligence, machine learning, and AI for proactive protection, learn how consolidating vendors and platforms simplifies operations while enhancing visibility and efficiency.

Join us to unlock new strategies for bolstering cybersecurity resilience and how you can revolutionise your cybersecurity strategy.

• Getting buy-in from the board and steering committee
• Deciding on the most suitable techniques to implement a successful program
• How to ensure internal stakeholders understand the objectives and needs of security controls
• Defining metrics and adopting assurance frameworks
• Uplifting your program’s maturity by focusing on continuous improvement

• What are the key challenges organisations face when implementing identity access management?
• What are your recommendations to navigate these challenges?
• What does a successful approach look like?
• How can IAM help safeguard organisations upgrading business operations, modernising aging infrastructure, and protecting network perimeters, and scaling up?

Effective ways to educate – engaging diverse people with cybersecurity and online safety

People centric – adopting an in-person tone and using real-life examples of how a cyberattack can impact everyone’s lives

Relevant – what’s in it for them and why they should care

Providing resources – setting clear expectations and providing resources

 

Moderator:

Lisa Dethridge, Research Fellow, RMIT University

Panellists:

Hani Arab, CIO, Seymour Whyte

River Nygryn, CISO, HammondCare

Naveen Sharma, Head of Information Security, Superloop

Cyber-attacks are getting more regular and sophisticated, often they go undetected. Improving security posture is an ever-growing priority; however, as organizations continue to struggle with remediation, this gives adversaries more opportunities to exploit not just vulnerabilities but also identity-related issues and misconfigurations. Join this session to learn how organizations mature their security posture by looking at their environment through the lens of an attacker, giving them a common language for discussing, and prioritising measurable risk reduction.

• Importance of human factor to cyber security and why most cyber awareness efforts fail
• Tailoring security awareness programs to address cyber risks and business priorities
• Strategies to influence behaviour and create a cyber-safe culture

Panellists:

Oliver Sebastian, Director, Information Technology, Landcom

Bradley Busch, Non-Executive Director, Shire Christian School

Sophia Barbour, Cyber Awareness and Intelligence Lead, Commonwealth Superannuation Corporation

Due to the constant evolution of our internal networks and in the face of an unforgiving threat landscape, Security Operations teams are constantly looking at new ways to enhance their visibility to better anticipate cyber threats. This session will explore the importance of how clarity of goals, visibility of your attack surface, and cyber threat intelligence can be helpful in better focusing your cyber security defences.

Cybersecurity can seem like an unrewarding career. Preventing breaches depends on a variety of factors, including the company's risk-appetite, senior management buy-in and adequate budgets. If the company is not hacked, whether you have a robust and mature cyber strategy or just luck, you're just doing your job. But if it is does, the cyber team often gets the blame. It's essential for CISOs to ensure their teams are motivated and engaged. During this interview, we will review KPIs and discuss successful ways to ensure the wellbeing of the team and prevent burnout.

Interviewer:

Chirag Joshi, Founder & CISO, 7 Rules Cyber

Interviewee:

Jan Zeilinga, CISO, James Cook University

Continue your conversations in a fun and entertaining Wine Tasting Competition to discover different ranges and categories of some of Australia’s best wines.

• Uncover what lies ahead - a brief guide outlining key initiatives, strategic imperatives and the challenges that CISOs must navigate
• Deepen your understanding of the vision of the 2023-2030 Australian Cyber Security Strategy to empower you with actionable strategies to craft a path to success
• Learn about the key challenges and success factors identified for the strategy, including the need for long-term commitment, flexibility, and alignment with global allies

Cloud and AI are empowering organisations to meet their business goals quickly and effectively, however, also presents a tectonic shift for cyber security teams. Today, CISO’s are forced to enable the adoption of Cloud and AI use cases at the speed of dev, requiring new operating models to continue to protect their environments and eliminate critical risks. Join this session to learn how you can enable your team to build faster in the cloud, ensuring security, Dev and DevOps can work together in a self-service model built for the scale and speed of your cloud and AI developments.

• Exploring the importance of security architecture
• Several misconceptions about what security architects do
• 3 important jobs of security architect and how they differ
• Making it easy and fast for business

Designing a cybersecurity operating model with people, processes, and technology at the core of your strategy is key. How to factor in the business strategy into the operating model, and how to take your business requirements as part of that process. During this session, we’ll explore strategies to:

• Build a well-developed program that supports and is tailored to the organisation’s needs
• Create a well-designed program with cooperation and support from stakeholders and management
• Develop effective metrics and KPIs for program design, implementation, and management performance assessment

Secrets such as APIs, tokens, valid and stolen credentials act as keys to unlock protected resources. They are the leading threat vector for data exposures and breaches of enterprise SaaS applications. In this session, learn the anatomy of a SaaS breach and best practices to build a viable SaaS threat model.

Dive into a comprehensive exploration of strategic security planning amid the dynamic landscape of cyber threats. This session will discuss a useful framework of to-do’s for formulating a robust and future-oriented security strategies. By asking the right questions, we'll uncover critical insights and approaches that help your organisation anticipate and mitigate risk, thereby securing a more resilient future in an era of growing uncertainty.

• Identifying and mitigating API bugs and vulnerabilities
• The importance of doing API threat modelling early in the development process
• Addressing API-related compliance concerns and keeping up with changing security requirements
• Can AI improve Zero Trust of APIs?

• How security is changing and how to ideally address it
• The shift-left reality and how the solution didn't work
• The cost implications of a wrong security workflow
• How to make DevSecOps work, strategically 

Moderator:

Pablo Reys, Associate Director, DevSecOps National & Cyber Security, Optus

Panellists:

Chris Grisdale, Head of Information Security, hipages Group

Jess Thomas, Assistant Director Cyber Security Outreach, National Office of Cyber Security, Department of Home Affairs

Sam Mackay, Chief Information Security Officer, Department of Customer Service

• How to leverage GRC as a strategic framework to drive continuous improvement in your cyber security capabilities and overall resilience
• Successful practices to advanced techniques for aligning GRC initiatives with your business objectives and key risk indicators to maximise the impact of your cyber investments
• Sharing practical approaches to navigating the challenges of implementing cyber into GRC strategy

Moderator:

Lisa Dethridge, Research Fellow, RMIT University

Panellists:

Madhuri Nandi, Head of Security, Till Payments

Siddharth Rajanna, Head of Cyber Security, Bingo Industries

River Nygryn, CISO, HammondCare

Peter Brooks, Head of IT, Billbergia

• What are the key challenges organisations face when implementing identity access management?
• What are your recommendations to navigate these challenges?
• What does a successful approach look like
• How can IAM help safeguard organisations upgrading business operations, modernising aging infrastructure, and protecting network perimeters, and scaling up?

Moderator:

Paul dos Santos, Group Head of Information Security, SG Fleet AU

Panellists:

Sebastian Tymoszuk, CISO, Autosports Group

Ilya Polyakov, Head of Identity Management, NSW Department of Planning, housing and Infrastructure

Enrico Conte, CISO, IMB Bank

• Importance of having a team who’s well-prepared and well-rehearsed during incidents to go through crisis
• Reactive Incident response vs Proactive Incident response – how well organisation manage that and how well those tasks are defined and segregated among defensive teams
• How much can we trust AI in the incident response capability? What place do AI and automation have in incident response – is it possible to embed it to a place where you can trust them?
• Taking the communication component seriously – strategies to prepare and prevent reputational losses because of cyber incidents

Moderator:

Edwin Kwan, Head of Cyber Security 

Panellists:

Siddharth Rajanna, Head of Cyber Security, Bingo Industries

Jayden Le, Global Head of IT & Security, Zoomo

Simona Dimovski, Technology & Security Expert

In the ever-evolving landscape of cybersecurity, the path to leadership is often as unpredictable as the threats we face. In this presentation, we’ll explore successful ways to becoming an effective leader in a critical domain. Attendees will gain a deeper understanding of the strategic and operational adjustments required, the importance of rapid learning and adaptation, and the value of leveraging diverse experiences to build a resilient security posture.

Ransomware strategies because of the growing threat and potentially devastating consequences of attacks. With ransomware incidents increasing in frequency and cost, businesses aim to protect their valuable data, maintain operational continuity, avoid financial losses, and safeguard their reputation by implementing comprehensive prevention, detection, and response measures

Join us as we'll dissect a real-life cybersecurity breach, revealing the vulnerabilities exploited and the cascading consequences. We'll explore the attacker's methods, the organisation's response, and the aftermath. Most importantly, we'll extract crucial lessons to fortify our defenses and create a more resilient cybersecurity posture for the future.

• How the cybersecurity function can support the business to deliver key strategic goals
• Benefits of including cybersecurity as part of your organisation’s Environmental, social, and corporate governance (ESG) processes and frameworks

Cloud adoption is expanding rapidly, and with that expansion comes new complexities. The speed of growth and change in the cloud creates an ever-changing threat landscape. Wiz Research is at the forefront of the cloud's threat landscape and is behind the discovery of vulnerabilities like ChaosDB, ExtraReplica, AttachMe and OMIGOD. In this session, we will cover the major cloud threats recently seen by the Wiz Research team which includes supply chain risks, data exposure, API security threats, and attack patterns used by groups such as LAP$U$. This session summarizes key insights across customers, Wiz and third-party threat research, and numerous other sources

• Overview on the growing threats landscape and how it could impact our societies, businesses, and economies
• Bridging the talent gap for better security and resilience
• Advices for Australian organisations to support workforce training when adopting robust cyber security measures

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.

As the severity of scams and frauds increase and cybercrime becomes more sophisticate than ever, staying ahead of the game is critical. During this session, you’ll hear how cybersecurity is “front of mind” for one of Australia’s largest banks by investing in the right skills, creating robust defence and control systems, and employing effective detection and response plans.

Three-quarters of Australian CISOs see human error as their organisation’s biggest cyber vulnerability. What if there was a way to stop rolling the human dice every day?

Learn how organisations can leverage advanced behavioural science and automation for informed and near instantaneous decision-making on what is good and what is bad email. As well as removing the increasing burden that is placed on employees as a last line of defence.

In this session we will discuss:

• Account takeover techniques and measures that can be taken to help protect against them
• New insights and controls over protecting against supply chain attacks
• The accuracy of advanced behavioural data science in identifying anomalous behaviour

During this session, Brad will share his personal when he was seriously injured in a bike accident’ He’ll share lessons learned, why cyber security professionals shouldn’t blame the victim and how to help their friends and organisations recover from data breaches and cyber-attacks.

With the threat of cyber warfare becoming ever more serious, every organisation needs a “this is not a drill” cyber-first recovery plan. If cyberattackers targeted your organisation, the most likely business-crippling scenario would be a direct attack on Active Directory (AD)—the system that authenticates users and grants access to business-critical applications and services. AD has become a prime target for cybercriminals—implicated in 90% of the incidents Mandiant researchers investigate—because it has systemic vulnerabilities and because it gives attackers the means to unleash devastating malware.

The NotPetya attack that crippled Maersk in 2017 was a harbinger of the chaos to come. In this session, we’ll examine the action plan every organisation needs to execute to protect against a business-disrupting cyber incident.

• How long does an incident response take usually and what normally brings down the AD?
• How common is it that the Active Directory is used in a data breach ransomware scenario?
• What does ADFR require to be able to recover AD?

CISOs committed to creating risk awareness and building a cybersecurity driven culture are facing several challenges, from getting senior management buy-in, to implementing organisational change and engaging employees. During this session, you’ll explore:

• What are the biggest challenges when getting buy-in from top management?
• Successful ways of incorporating cybersecurity into the organisation’s risk management strategy
• How to encourage everybody to take ownership of cyber?
• Why leaders must be committed to continually improve their teams’ skills and knowledge in IT and cybersecurity – and how do to this?

Moderator:
Kevin Fleming, Chief Technology Officer, ExperstDirect

Panellists:

Frances Bouzo, CISO, Ampol

Anna Aquilina, CISO, UTS

Jo Stewart-Rattray, Chief Security Officer, Silverchain

Grant Lockwood, CISO, Virtus Health

Varun Acharya, CISO, Healthscope

• How to go about defining your Cyber Security Strategy?
• What metrics should you use to measure progress and success of the strategy?
• What frameworks should you consider when building the Cyber Security Strategy?
• What are example capabilities to consider?
• What does your roadmap look like?
• What budget will you be asking for per year based on the roadmap?
• How do you plan on operating these capabilities?

As more organisations look to align to the Essential Eight many are finding significant challenges around the aspects of removing Admin Privileges, Application Control and User Application Hardening. Yet as many organisations are finding, leveraging a modern Privilege Access Management solution can provide significant coverage across the requirements of the Essential Eight and more.

Join Scott Hesford, Director of Solutions Engineering, APJ, BeyondTrust, as he dives into some of the more challenging aspects of the Essential Eight and, bringing first-hand experience, shows you how you can solve many of the challenges you might be facing in adopting the Essential Eight. 

By attending this session, you will learn:

• How modern PAM helps organisations cover multiple aspects of the Essential Eight
• Where you can leverage the Essential Eight for your zero-trust journey
• Key questions to ask in consideration to Application Control and User Application Hardening

There’s a cyber superpower out there, but have you discovered them yet? If you’ve discovered them, have you brought them into the tent? When it all goes pear shaped, they’ll be the second call you make (after your boss!) When all is going well, you’ll want to speak to them regularly to drive strong security outcomes. Let me introduce them to you and share the why and how. You’ll want one too! 

Businesses have embraced digital to engage with their customers. As quickly as brands have delivered digital experiences, bad actors have been just as fast in figuring out how to use credential stuffing, account takeover, and other types of attacks to their advantage. Keeping pace in this rapidly evolving threat landscape requires businesses to look for innovative ways to build experiences that optimize both security and convenience. But, ensuring one doesn’t overshadow the other often requires multiple integrations and custom development that adds internal friction and slows down innovation. A customer identity strategy that expands beyond access management, but includes fraud detection and identity verification capabilities that can seamlessly be orchestrated together can eliminate integration challenges and drive innovation. Join this session to learn Ping Identity’s drag-and-drop approach to customer identity that streamlines bringing together all the tools a business needs to rapidly build, test and optimize end-to-end customer journeys.

• How to effectively translate threat to risk to the board and the teams
• Human-issue in risk management – improving culture through intelligence models
• Eliminating risks by improving your asset x threat x vulnerability model – hype or reality?

• How the lack of understanding and false sense of security impacts your cloud journey
• How save your data really is when you move to the cloud?
• What factors you must consider to ensure you are getting a reliable, secure product
• Strategies to trust and rely on your providers with a full, clear picture of what you are getting as part of your contract

Securing the cloud is a never-ending task that becomes more challenging each year as clouds accrue new features and functionality. The same can be said for the ever increasing responsibilities and mandates expected of CISOs, including driving the probability of intrusions, data exfiltration, ransomware, etc., to effectively zero. With new technologies and tools come great opportunities for businesses; however, if they are not used appropriately and securely, they can do more damage than good. In this session we will address the elephant in the room: how can CISO’s do more with less, while ensuring the integrity of their resilience based security architecture, and prepare for enterprise obstacles and opportunities ahead.

In a world where the pressure to deliver new and innovative ICT capability is only ever growing, and the threat actors are also increasingly sophisticated and pervasive, how can companies ensure they meet these challenges whilst still ensuring cyber resilience? During this interactive discussion, hear challenges and benefits of SOC Automation, explore experiences and lessons learned, and discuss different ways of improving and driving efficiency of your SOC.

With the growth of the digital services industry and AI technologies, data has arguably become one of the most valuable economic resources of the modernized economy. However, it is also becoming increasingly the most regulated and riskiest to handle.

The emergence of the GDPR in Europe, which is based on a set of comprehensive principles and obligations for data controllers, extra-territorial application, and strict enforcement mechanisms has been followed by countries and jurisdictions around the world passing similarly prescriptive data privacy and protection laws all with their own unique requirements.

Today more than 200+ countries have passed data privacy and protection laws which keep getting more complex and demanding - countries like New Zealand, Indonesia, and India are now also morphing these regulations into Data Protection and Privacy requirements including for Sensitive Data. Australia is also embarking on its own uplifts to Privacy Laws.

The scope of responsibilities for data controllers under these global data privacy and protection laws are also growing - with many modern

Thus, organizations in APAC are encountering experiences in which they are seeing Data Sovereignty Laws as well as banking regulations around PII and MetaData that require audit and compliance at cloud scale.

We will explore the organizational impacts we are seeing across the region in meeting these challenges.

• The key impacts and considerations for organizations who are impacted by the merger of PI and SI into multiple regulations
• Technology is being developed and adopted to help organizations to manage these regulations at scale and where possible autonomously
• An overlap of roles and responsibilities across Policy, Classification, and Protection is occurring and the adoption of cloud and multicloud is accelerating this

• Exploring the most common industry security standards and cloud control framework
• How to choose the right standard and bring it to life in your cloud practices
• Striving for on-going compliance - when independent control assurance is needed?

In a world where the information age is at its zenith, with hundreds of thousands of applications being launched every day, the use and demand for application programming Interfaces (APIs) has increased significantly. Powered by open web technologies, APIs have transformed interdependence and partnerships between various commercial enterprises and sectors, allowing them to extend their offerings through in-app connections. With increased API usage, however, comes with it complications -- a major one being security. 
In this session, cyber security experts from Orca Security, Daniel Keidar and Scott van Kalken, will share how the company’s first patented agentless cloud security technology helps security teams identify and address API misconfigurations and security risks across a multi-cloud environment.

Gil Geron, Co-Founder, Orca Security

Daniel Keidar, Associate Vice President, Orca Security

Scott van Kalken, Senior Systems Engineer, Orca Security

It's said that smooth seas never make skilled sailors. If you're a cyber security leader, the good news then is that you definitely don't have "smooth seas" to reckon with. The challenging times presented by increasing connectivity, speed of business transformation, evolution of cyber threats and ever rising expectations can and do overwhelm even the best amongst us.  
This unique session will focus on providing cyber leaders with tangible, real-world tips to build the right mindset, emotional intelligence and differentiating skills that will allow them to deliver massive value to their organisations and optimise their own well-being. 

• Understanding cyber risks in a quantifiable way
• How to demonstrate the value of risks to the executive management
• What are the biggest challenges when getting buy-in from top management?
• Communication effectiveness: putting yourself in the boss’ shoes and delivering the right message

• How can CISOs speak the CEOs’ language?
• What does the board expect from CISOs when evaluating and reporting inherent and evolving risks?
• How can the board support CISOs in conducting a cybersecurity mission & strengthening their posture?
• Working together in mastering the company’s digital governance & risk management practices
• Exploring challenges and opportunities to adopt a secure-by-design approach in the business

Panellists:

Greg Sawyer, CEO, CAUDIT

Walter Kmet, CEO, Macquarie University Hospital

Vasyl Nair, CEO, Mine Super

Faizal Janif, Executive Advisory Board Member, AISA

To be successful, today’s CISO needs to bring more than their security acumen to the table. The role has expanded exponentially to address executive and board concerns, endless business challenges and customer and product confidence. While positive outcomes are the goal, it is critical for CISOs to work with full transparency to protect the business and themselves. In this session Gail will share best practices from her experience negotiating the evolving role of the CISO in an expanding threat landscape.

• How has the threat landscape evolved in Australia?
• How malicious cyber activities are impacting organisations across the country?
• What strategies can organisations adopt to create robust cyber security measures to prevent incidents and exploitations?
• Government, industry, academia and citizens working in collaboration to safeguard our country and communities

• The Evolution of Ransomware – How did we get here and what is next
• Understanding the risks and potential costs of attacks
• Exploring successful techniques to improve organisations’ ransomware protection posture

• Building security from scratch – incorporating people, process, and technology into your programs
• Strategies to improve your teams’ skills and knowledge in IT and cybersecurity
• Exploring how innovative technologies can help your company achieve adaptability and resilience

Join us to hear how to deter attackers, apply similar new techniques that the world’s biggest companies, like Adobe, Snap, PayPal, are using, and adapt your strategies to deliver measurable cost savings.

During the session, we’ll discuss:

• How criminals are conducting account takeovers and credential stuffing attacks that bypass MFA SMS toll fraud, and more to monetise CISOs’ own security defenses against themselves
• How attackers overcame MFA and how we worked with a top gaming merchant to prevent it
• A tour of the modern areas where adversaries share techniques and learn, the latest networks in play, and other threats, like SMS Toll Fraud and much more.

• How do you build a security program in 2023?  How has it changed from recent years?
• People, process, and technology – what do you need to incorporate into your program?
• What does ‘good enough’ look like and how do we measure it?  Risk, regulation, and strategy – making them all fit together

During this interactive discussion, Sam Hewett will guide the group to share key challenges and ways to overcome one of the most critical issues cybersecurity professionals are facing – mental health.

Supply chain can be the weakest risk of your digital assets. During this presentation, we’ll explore good practices for data protection, data governance, fraud prevention and third-party risks to ensure your supply chain is secure.

Cyber Security Programs are challenged by the sprawl of devices, device types, and the quantity of solutions continues to skyrocket and environments only grow more siloed and complex.
But there’s good news: Asset data can now be harnessed to transform your cyber security program. Today’s “asset intelligence” moves from a spreadsheet approach to an API-driven, rich and always up-to-date view into all assets via integrations of existing solutions, data correlation at scale, and querying capabilities to find and respond to gaps. Join this session to learn how asset intelligence improves security hygiene, allocate resources, accelerate incident responses and remediates gaps.

This session is designed for cybersecurity leaders who are currently implementing Zero Trust architecture models. Join us to hear common challenges and explore ways to overcome them. Key discussion points:

• The evolution of Zero Trust
• What are the key challenges you are trying to overcome
• How to develop a roadmap and implementing specific initiatives to your projects
• Discover effective ways to build a zero-trust security framework
• Identify key components of a zero-trust model to protect the current environment

During this session, we’ll explore various methods utilised in building a stronger, more secure company to prepare and protect against cybercrime. Richard will share his experiences of what has worked and hasn’t worked over the years and how getting certified really helped the organisation maturity journey.

How will you overcome a cyber-attack on your organisation?

In our rapidly-evolving digital world, cyber skills are critical to ensure reasonable, appropriate and informed business decisions can be made at an executive level.

In less than an hour, you can learn how

We will lead participants through an interactive cyber-attack, which includes ‘live’ news reports and calls for quick responses and decision making. Our user friendly physical boardgame is the centrepiece of the Gamification experience, designed to help participants better understand the cyber security application. The game facilitates open discussion in a fast-paced, fun and memorable environment, an innovative way to introduce cyber security into an organisation’s security awareness training and to complement routine computer-based education.

In a collaborative project, the Cyber Security Cooperative Research Centre (CSCRC), CSIRO’s Data61, Government of Western Australia through the Office of Digital Government, with the support of Edith Cowan University, have created an interactive board game to raise awareness and encourage critical thinking about how to prepare and respond to a ransomware attack. 

Facilitators:

Helge Janicke, Research Director, Cyber Security Cooperative Research Centre

Carl Celedin, Project Manager, Cyber Security Cooperative Research Centre

Join Splunk's Regional Director for Security, as he takes us through cyber predictions wins and losses of 2022 and looks forward into 2023 for Splunk's Data Security predictions. During this presentation you will hear more about ransomware, cyber-crime-as-a-service, Supply chain and Hiring cyber talent. All of this plus a little bit of fun with Open AI

• Exploring the challenges and opportunities for improvement
• What information should be given to the board?
• Quite the technical jargons – what the board won’t listen to and what they will shift attention to
• Developing and mastering your skills of communicating with the board

NSW has added cyber education to school curriculum, and secondary students will learn in ‘smart city sandbox’. The 10-week course was development between NSW Department of Education, Cyber Security NSW, and industry firms including MCB Business Partners and Core Electronics. During this session, you’ll get inspired on how the project came about, and what the profession can expect for 1000s of kids every year doing this course in NSW schools.

Join our interactive wrap-up discussion to share your key take-aways from CISO Sydney 2023 and hear how your peers will be address their key learnings moving forward.

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.