CISO Perth schedule

As the severity of scams and fraud increases and cybercrime becomes more sophisticate than ever, staying ahead of the game is critical. During this session, you’ll hear what a successful cybersecurity journey and transformation look like at one of Australia’s largest banks.

Cameron delves into the realm of upstream supply chain attacks, examining the latest regulatory developments worldwide. He then explores proactive measures organizations can adopt to thwart malware infiltration into their Software Development Life Cycle (SDLC), along with strategies for staying compliant with upcoming regulations.

Digital identity is a key enabler for secure, agile, accessible and evolving digital services. In a world where cyber threats are constantly evolving and customers demand seamless online experiences, CISOs play a vital role in leading and delivering digital identity programs that meet the needs of both the organisation and their stakeholders. 
Robbie Whittome, CISO of Curtin University, will share his journey and insights on how he successfully led the delivery of a transformational digital identity program for his organisation. He will also discuss the role of partners in improving success outcomes and return on investment. 

Social Engineering attacks, in the form of phishing, business email compromise, and ransomware attacks are becoming ever more commonplace. The number of cyberattacks that start by manipulating a human into allowing access to protected systems or sensitive information steadily increases.
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defence. This session will help you better understand how you can keep your users on their toes with security top of mind. It will also include a product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform, which will show how easy it is to train and phish your users:

• Send fully automated simulated phishing attacks, using thousands of customisable templates with unlimited usage.
• Train your users with access to the world's largest library of always-fresh awareness training content.
• AI-driven phishing and training recommendations based on your users' phishing and training history.
• Use assessments to gauge proficiency of your users in security knowledge and security culture attitudes.
• Easy user management using Active Directory or SCIM integration.

By consolidating threat feeds from a global source of intel, businesses can swiftly adapt security configurations to counter emerging risks. This streamlined approach simplifies security management across diverse systems, empowering proactive defense against evolving cyber threats. Join us as we explore how this integration enhances organizational resilience and fortifies digital assets against today's dynamic threat landscape.

• How to overcome legacy challenges when compliance costs become too great
• Strategies to overcoming the increase of cyber risk to industrial control.
• Adopting cybersecurity strategies across your ICT (industry control systems)
• Effectively managing vulnerabilities of OT and IoT devices
• Key cybersecurity considerations of networks, mobile and the cloud

Panel moderator:

Helen McLeish, Chief Cybersecurity Officer, East Metropolitan Health Service

Panellists:

Paul Karan, Cybersecurity Advisor, Roy Hill

Raymond Griffiths, Cyber Defence and Resilience Manager, Wesfarmers Chemicals, Energy & Fertilisers

Ian McMurray, IT & Cyber Security Manager, DDH1 Limited

Waqar Sabir, Cyber Security Governance, Risk & Compliance, South32

Spencer Lai, Cyber, Risk and Security Principal, CITIC Pacific Mining 

• Lifting IAM security and preventing identity proliferation from become a ripe area for bad actors
• You’re only as strong as your weakest part – mirroring cross-sectors practices to mitigate common issues

In an ideal world, security would be considered at the initial stages of project delivery, with adequate budget and resource allocation for reasonable in-built protection against malicious actors. But in real life, security is often an afterthought, leading to a lack of commitment to compliance and exhausted budgets, making it impossible for patching systems and incident response actions to keep the organisation secured. During this session, we’ll explore why organisations must shift how they implement security and take a security-by-design approach seriously in the project delivery lifecycle.

Extensive knowledge of assets that need to be secured is foundational for any effort to secure any type of asset. It’s no surprise that the Security of Critical Infrastructure Act 2018 (SOCI) addresses this in its initial requirements and recommendations.

When an Asset Intelligence platform is implemented as the bedrock of a cyber security initiative asset information is continuously collected, aggregated, correlated and analysed making all subsequent activities easier.

Join me to learn what constitutes an Asset Intelligence platform and how specific capabilities optimise every step of the process to compliance.

Having an effective incident declaration process in place is key when developing your compliance strategy and meeting critical infrastructure regulations and standards. During this session, we’ll explore:

• Managing lack of clarity of SOCI Act and SoNS by developing documented interpretation of the frameworks
• Good practices defining and fine-tuning incident declaration processes and response plans
• How to identify what your organisation is doing right and what needs improvement
• Effective ways to advance your maturity model

Panel Moderator:

Michelle Ribeiro, Head of Cybersecurity Community, APAC, Corinium

Panellists:

Yusuf Denath, Manager Cyber Security, Child and Adolescent Health Service, WA Health

Nathan Kelly, Cyber Security Manager, Synergy

Prashant Singh, State Branch Chair WA, IT Service Management Forum (itSMF) & CSO30 Award Winner 2023

In the era of increasing cyber threats, the security of our networks, data and systems has become paramount. With each passing day, cyber threats are becoming ever more sophisticated, posing significant risks to governments, businesses and individuals alike. To safeguard our public and private infrastructure against these ever-evolving threats, it is crucial to embrace two fundamental concepts: Cyber Resilience and Zero Trust Architecture.

During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

Misdirected email is one of the simplest and most significant sources of data loss.

Most organisations have little, if any visibility into the risk of sensitive data loss from misdirected emails, which can lead to negative business impacts on reputation, compliance, and employee productivity.

Join us as we dive into the multi-faceted impacts to your organisation and explain how to leverage the power of artificial intelligence (AI) to stop sensitive data loss from emails being sent to the wrong recipients.

Join us to learn about:

• How you can stop sensitive data loss from misdirected emails in just days
• Building the business case to stop misdirected emails with behavioural AI

Governance is the foundation of strong and effective cybersecurity strategy. During this panel, we’ll explore how to embrace governance as an enabler for cyber maturity, and how implementing a structured, risk-based, management system helps to optimise the organisation’s cybersecurity programs.

• How can the GRC better support the cyber function?
• What are the challenges incorporating cybersecurity into the organisation’s governance, risk and compliance strategies?
• Compliance burden: successfully navigating through CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, NIST and Essential 8

Panel moderator:

Joshua Qwek, Cyber Security Architect, Wesfarmers Chemicals, Energy & Fertilisers

Panellists:

Vito Forte, CIO, Edith Cowan University

Karen Owens, Cybersecurity Coordinator, WA, AEMO

Madeleine Trezise, Cyber Security Risk and Compliance Manager, Laing O'Rourke

This talk will focus on the need to reinvent the way cloud security is done by bridging intelligence from runtime to build time - leveraging a ״shift-right״ security approach and runtime insights for a dynamic, modern cloud-native security that effectively consolidates Devs, Sec & Ops. Explore how this contextual analysis from runtime to build time provides end-to-end visibility, highly accurate risk prioritization and real-time threat detection and response.

Cythera’s began providing sovereign managed security services over 5 years ago.   In 5 minutes, Craig will share the 5 key security outcomes that customers should seek from their managed security providers.

Ever felt like someone was playing mind games with you? Within the digital space, cybercriminals are the ultimate masters of manipulation. They understand exactly what makes us tick, using our feelings and instincts to get what they're after, including sensitive information. This presentation uncovers their cunning strategies, exposing how they employ psychology to pull unsuspecting victims into their traps. From exploiting our fears to painting a picture of urgency, we'll uncover the psychological biases that cybercriminals use to deceive and defraud. By understanding their playbook, you'll be better equipped to outsmart their schemes and safeguard your organisation.

• Speaking the board and senior management’s language to raise importance of cybersecurity
• What is expected from CISOs when evaluating and reporting risks to the board?
• How can the C-Suite collaborate to ensure technology measures and controls are aligned with the company’s security needs?
• The power of joining forces to ensure security strategies meet business strategies
• How to become a ‘security champion’ and get senior management to be advocates for your projects

Moderator:

Cecily Rawlinson, Director, WA Cyber Security Innovation Hub

Panellists:

Stuart Smith, Assistant Director-General, ASD

Jon Fowler, ICT General Manager, MMA Offshore

Steve Woods, Manager ICT Security, Risk & Compliance, Department of Justice

How will you overcome a cyber-attack on your organisation?
In our rapidly evolving digital world, cyber skills are critical to ensure reasonable, appropriate and informed business decisions can be made at an executive level.
We will lead participants through an interactive cyber-attack, which includes ‘live’ news reports and calls for quick responses and decision making. Our user friendly physical boardgame is the centrepiece of our Gamification experience, designed to help participants better understand the cyber security application. The game facilitates open discussion in a fast-paced, fun and memorable environment, an innovative way to introduce cyber security into an organisation’s security awareness training and to complement routine computer-based education.
In a collaborative project, the Cyber Security Cooperative Research Centre (CSCRC), CSIRO’s Data61, Government of Western Australia through the Office of Digital Government, with the support of Edith Cowan University, have created an interactive board game to raise awareness and encourage critical thinking about how to prepare and respond to a ransomware attack.