CISO Perth schedule

Three-quarters of Australian CISOs see human error as their organisation’s biggest cyber vulnerability. What if there was a way to stop rolling the human dice every day?

Learn how organisations can leverage advanced behavioural science and automation for informed and near instantaneous decision-making on what is good and what is bad email. As well as removing the increasing burden that is placed on employees as a last line of defence.

In this session we will discuss:

• Account takeover techniques and measures that can be taken to help protect against them
• New insights and controls over protecting against supply chain attacks
• The accuracy of advanced behavioural data science in identifying anomalous behaviour

• Exploring how the SOCI Act Reforms are affecting your organisation moving forward
• Better understanding companies’ obligations and exemptions
• Further clarification on contingency act and stepping power
• Overview of new plans and approaches to the reform

• How security is changing and how to ideally address it
• The shift-left reality and how the solution didn't work
• The cost implications of a wrong security workflow
• How to make DevSecOps work, for real

• Building security from scratch – incorporating people, process, and technology into your programs
• Strategies to improve your teams’ skills and knowledge in IT and cybersecurity
• Exploring how innovative technologies can help your company achieve adaptability and resilience

Recent breach activity has highlighted some significant control gaps, bad practices, and lack of diligence inside organisations. It is important for organisations to remember that they are custodians of customer data, not owners, and must treat this sensitive data accordingly. This talk will discuss some of the issues that have been revealed by recent breach activity and some actionable recommendations to help organisations prevent similar occurrences.

• Key challenges of OT and IT and how it affects your overall organisational cybersecurity
• What you need to consider in your security planning
• How to improve your visibility of vulnerabilities in a complex, converged environment, and enhance incident detection and response

• Understanding how IT is converging with OT and how to protect them in the network
• How to overcome the increase of cyber risk to industrial control?
• Adopting cybersecurity strategies across your ICT (industry control systems)
• Key cybersecurity considerations of networks, IoT devices security, mobile and the cloud

Moderator:

Cecily Rawlinson, Director, WA Cyber Security Innovation Hub

Panellists:

Michael Fairclough, Cybersecurity Operations Manager, Bunnings

Divya Dayalamurthy, Cybersecurity Lead, Arc Infrastructure

Dan Benporath, Deputy Global CISO, APM

Marius Stackevicius, Cybersecurity Specialist, BGC Australia

• How to go about defining your Cyber Security Strategy?
• What metrics should you use to measure progress and success of the strategy?
• What frameworks should you consider when building the Cyber Security Strategy?
• What are example capabilities to consider?
• What does your roadmap look like?
• What budget will you be asking for per year based on the roadmap?
• How do you plan on operating these capabilities?

Cloud adoption is expanding rapidly, and with that expansion comes new complexities. The speed of growth and change in the cloud creates an ever-changing threat landscape. Wiz Research is at the forefront of the cloud's threat landscape and is behind the discovery of vulnerabilities like ChaosDB, ExtraReplica, AttachMe and OMIGOD. In this session, we will cover the major cloud threats recently seen by the Wiz Research team which includes supply chain risks, data exposure, API security threats, and attack patterns used by groups such as LAP$U$. This session summarizes key insights across customers, Wiz and third-party threat research, and numerous other sources.

The implementation of Secure Access Service Edge (SASE) has become a challenge for many organizations, especially in the current economic environment. In this roundtable discussion, we will explore the challenges and opportunities for successful SASE implementation.
Discussion Points:

• Understanding the benefits and challenges of SASE implementation
• Aligning IT goals with desired business outcomes
• Strategies for ensuring the security and flexibility of SASE solutions in a remote work environment

• How the cybersecurity function can support the business to deliver key strategic goals
• "Villains" who turned heroes - shifting the mindset and improving awareness
• Embracing business growth with secure innovation at the core of your strategies

During this session, we’ll explore different journeys in building an application security program from the ground-up. We’ll explore the key challenges, dos and don’ts, ideas and solutions in an inspiring and engaging conversation.

Moderators:

Riduanul Shahria, Application Security Lead, Fortescue Metals Group

SaaS security sounds simple, but it can mean a lot of things to different people and it can be argued that there are multiple components to this topic. 
Join Nicholas McKenzie from Netskope for this session as he explores:

• The various pillars of SaaS security and how these components needed to be taken into account when assessing SaaS security holistically for an organisation
• Recommended approaches and examples on how to address these pillars
• And a proposed model for attendees to consider with their security program evolution

In a world where the pressure to deliver new and innovative ICT capability is only ever growing, and the threat actors are also increasingly sophisticated and pervasive, how can companies ensure they meet these challenges whilst still ensuring cyber resilience? During this interactive discussion, hear challenges and benefits of SOC Automation, explore experiences and lessons learned, and discuss different ways of improving and driving efficiency of your SOC.

Moderators:

Neel Goradia, Cyber Security Analyst, Alcoa

Tim Orr, Cyber Security Training and Awareness Manager, CommBank

During this session, we’ll explore the challenges many organisations face with complex threats and how threat modelling processes can help you protect what other tools can’t see.

• Creating efficient risk assessment, monitoring and processes
• Refining the enterprise’s risk metrics to identify hidden and complex exploit points
• Improving cyber risk management performance through effective security by design approaches

• Importance of human factor to cyber security and why most cyber awareness efforts fail
• Tailoring security awareness programs to address cyber risks and business priorities
• Strategies to influence behaviour and create a cyber-safe culture

• How AI is being used in cybersecurity now and in the future
• What trends are we looking from a security perspective?
• Understanding the risks and implications of offensive AI and how it will change our threat landscape
• How CISOs can be prepared for potential risks
• Strategies to use AI in cyber-defence

• Strategies to raise awareness of the cyber security industry
• Getting people to join the cyber security industry
• How can Executives or CISO’s support and what can be done to increase more awareness?
• What can be done in the short term and long term?

• Understanding cyber risks in a quantifiable way
• How to demonstrate the value of risks to the executive management
• What are the biggest challenges when getting buy-in from top management?
• Communication effectiveness: putting yourself in the boss’ shoes and delivering the right message

Moderator:

Arnold Wong, Fellow, ACS

Panellists:

Krista Bell, Senior Manager Data, Governance & Strategy, Beyond Bank Australia

Madeleine Trezise, Cyber Security Risk and Compliance Manager, Laing O’Rourke

Rob Wiggan, Cyber Security Advisory, WTW

• Application security design
• API security design
• Automated code reviews
• Application security pre-prod review

• DevOps – how has it evolved in the last 5 years?
• How the rise of DevSecOps is impacting businesses across Australia
• What it means to your teams and your organisation from a practical standpoint
• DevSecOps automation tools – hype or reality?

• Exploring how IT delivery is evolving
• Enabling speed, quality & security with DevOps
• Strategies to embed security into your digital delivery journey
• Exploring effective ways of designing your DevSecOps roadmap

• What security measures can be applied when using DevOps strategies?
• What approaches can be employed to prioritise these security measures?
• How can you and your team make effective assessments?
• The tools are there for a while – what are the cultural challenges of advancing your maturity model and how to address them?

During this session, we’ll explore how security teams can scale by empowering developers to create secure applications, including the use of modern cloud technologies that are used to deploy and run application workloads.

During this interactive discussion, our panellists will discuss common challenges, share perspectives, and propose ideas and solutions to key challenges. Key discussion points include:

• What good and bad looks like for different organisations
• What are you measuring against? Do you have a benchmark?
• How do you know what you are measuring – and is that what you should be measuring?
• How to build metrics and understand what will lead you to effectiveness and success
• Final thoughts and conclusions

Moderator:

Jo Stewart-Rattray, Chief Security Officer, Silverchain

Panellists:

Ashwin Pal, Partner, Cybersecurity and Privacy Services, RSM Australia

Kevin Fleming, Chief Technology Officer, ExperstDirect

During this session, we’ll explore different journeys in building a security culture and the impact of a successful developer upskilling program. We’ll explore how important culture is in an effective security program and how to influence it, get executive buy-in, hire the right people, balance technology vs. humans, measure the efficacy and impact - and how to have a bit of fun with it too!

• Ensuring your engineers are delivering high quality products
• How to make security and safety an aspect of quality engineering
• Strategies to embed security and safety to engineering as a perception of quality assurance

Join Kevin Fleming for a light-hearted presentation designed for developers to help improve their code readability and performance.

During this interactive session, our expert moderator will turn to the audience to discuss how much engineering teams across organisations are involved in building software vs. how much they should be. Join us and share your thoughts, ideas and concerns around the security challenges associated with software and infrastructure, the challenges of building it in the blockchain – and ideas to overcome them.

• How shifting left can improve efficiency of your DevOps and address security at every stage of the production process
• Defining what DevOps needs security to do
• Could we go all the way with shifting left?
• Successful ways of integrating security throughout the entire process
• Overcoming challenges of policies for compliance
• SAST vs. DAST – what are the differences and how to combine them

When building great user experience design, how can engineers and security leaders design great experienced in the lead to high compliance? How can they affect behavioural economics and behavioural psychology? How can they help users, develops, and end-users to behave the right way? Join this expert-moderated session to answer these – and many other – questions along with your peers.

• Overview on the growing threats landscape and how it could impact our societies, businesses, and economies
• Bridging the talent gap for better security and resilience
• Advices for Australian organisations to support workforce training when adopting robust cyber security measures

A CISO role goes far beyond a technical information assets and technology security role. With increased demand for risk, compliance, and governance skills, their role continues to evolve and require executive management capabilities. During this session, we will unveil a simple powerful process to awaken CISOs leadership and life skills.

• Successful practices combining cybersecurity and data protection to comply with increased data privacy regulations
• How to adopt secure digital identity and mitigate privacy rights risks
• Embedding the necessary protections into your identity verification systems
• Implementing architecture systems that reduces overcollection during identity verification

• How the cybersecurity function can support the business to deliver key strategic goals
• "Villains" who turned heroes - shifting the mindset and improving awareness
• Embracing business growth with secure innovation at the core of your strategies

During this session, we’ll explore strategies to increase cybersecurity awareness and get board-level buy-in. Join us session and get invaluable insights that will help you create risk awareness, drive change, and build a cybersecurity driven culture.

As the severity of scams and frauds increase and cybercrime becomes more sophisticate than ever, staying ahead of the game is critical. During this session, you’ll hear how cybersecurity is “front of mind” for one of Australia’s largest banks by investing in the right skills, creating robust defence and control systems, and employing effective detection and response plans.

During this session, Brad will share his personal when he was seriously injured in a bike accident’ He’ll share lessons learned, why cyber security professionals shouldn’t blame the victim and how to help their friends and organisations recover from data breaches and cyber-attacks.

CISOs committed to creating risk awareness and building a cybersecurity driven culture are facing several challenges, from getting senior management buy-in, to implementing organisational change and engaging employees. During this session, you’ll explore:

• What are the biggest challenges when getting buy-in from top management?
• Successful ways of incorporating cybersecurity into the organisation’s risk management strategy
• How to encourage everybody to take ownership of cyber?
• Why leaders must be committed to continually improve their teams’ skills and knowledge in IT and cybersecurity – and how do to this?

Panellists:

Frances Buozo, CISO, Ampol

Anna Aquilina, CISO, UTS

Grant Lockwood, CISO, Virtus Health

• How to go about defining your Cyber Security Strategy?
• What metrics should you use to measure progress and success of the strategy?
• What frameworks should you consider when building the Cyber Security Strategy?
• What are example capabilities to consider?
• What does your roadmap look like?
• What budget will you be asking for per year based on the roadmap?
• How do you plan on operating these capabilities?

• Building a culture of security resilience – the marriage of technology and capability
• Beyond the SIEM alert – pivoting towards a threat hunting mindset
• The well-read security analyst – the value of threat intelligence in a world that won’t stay still

During this session, we’ll explore the challenges many organisations face with complex threats such as Insider Threats, what companies of all sizes can do to identify the blindspots, and how a SOC platform can help you protect what other tools can’t see.

• Creating efficient risk assessment, monitoring and response processes
• Refining the enterprise’s risk metrics to identify hidden and complex exploit points
• Improving cyber risk management performance through effective governance

Identity and Access Management (IAM) has traditionally been a specialty field within cybersecurity; technical expertise in its own right. However, more teams have emphasised identity as companies accelerated investment in digital transformation. Identity is the fabric that connects your assets together: people, devices, applications, APIs, etc. Without the right identity capabilities, digital transformation projects will fail to reach their potential. Identity orchestration enables organisations to design and optimise user experiences rapidly. Orchestration allows the execution of experiences without complex integrations or high development costs. 

Join Steve Dillon, the Head of APAC Architecture at Ping Identity, as he delivers a hands-on demonstration of Ping Identity’s innovative identity orchestration platform: PingOne DaVinci.

• How to effectively translate threat to risk to the board and the teams
• Human-issue in risk management – improving culture through intelligence models
• Eliminating risks by improving your asset x threat x vulnerability model – hype or reality?

• How the lack of understanding and false sense of security impacts your cloud journey
• How save your data really is when you move to the cloud?
• What factors you must consider to ensure you are getting a reliable, secure product
• Strategies to trust and rely on your providers with a full, clear picture of what you are getting as part of your contract

Most of the breaches in the cloud happen due to misconfiguration issues caused by human errors. During this session, we will explore the most common challenges engineers face when configuring the cloud through a series of case studies packed with lessons learned. Key discussion points include:

• Cloud is built by humans – exploring ways of minimising misconfiguration challenges
• Advocating for mindset, processes and tolling changes when adopting the cloud
• How DevSecOps implementation can influence your cloud
• Getting the right partners and stakeholders to consult and advise you when configuring the cloud

• How well do you and your teams understand what you have and what you’ve signed up for?
• Clarifying the responsibilities and obligations of your company vs. your cloud provider
• Exploring good practices for MSP (Managed Services Provider) compliance
• Getting the full picture and managing third-party risks and implications outside the cloud

• Exploring successful strategies to advance your infrastructure before moving to the cloud
• What are the challenges of replicating what you used to do in physical datacentres when shifting to the cloud?
• How can that be a problem and how to prevent making it more accessible to the global world?
• How can these steps help you advance your cloud maturity levels?

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.

It's said that smooth seas never make skilled sailors. If you're a cyber security leader, the good news then is that you definitely don't have "smooth seas" to reckon with. The challenging times presented by increasing connectivity, speed of business transformation, evolution of cyber threats and ever rising expectations can and do overwhelm even the best amongst us.  
This unique session will focus on providing cyber leaders with tangible, real-world tips to build the right mindset, emotional intelligence and differentiating skills that will allow them to deliver massive value to their organisations and optimise their own well-being. 

• Understanding cyber risks in a quantifiable way
• How to demonstrate the value of risks to the executive management
• What are the biggest challenges when getting buy-in from top management?
• Communication effectiveness: putting yourself in the boss’ shoes and delivering the right message

• How can CISOs speak the CEOs’ language?
• What does the board expect from CISOs when evaluating and reporting inherent and evolving risks?
• How can the board support CISOs in conducting a cybersecurity mission & strengthening their posture?
• Working together in mastering the company’s digital governance & risk management practices
• Exploring challenges and opportunities to adopt a secure-by-design approach in the business

Panellists:

Greg Sawyer, CEO, CAUDIT

Walter Kmet, CEO, Macquarie University Hospital

Vasyl Nair, CEO, Mine Super

Faizal Janif, Senior Vice President and Head of Cyber Advisory, APAC, Marsh

To be successful, today’s CISO needs to bring more than their security acumen to the table. The role has expanded exponentially to address executive and board concerns, endless business challenges and customer and product confidence. While positive outcomes are the goal, it is critical for CISOs to work with full transparency to protect the business and themselves. In this session Gail will share best practices from her experience negotiating the evolving role of the CISO in an expanding threat landscape.

• How has the threat landscape evolved in Australia?
• How malicious cyber activities are impacting organisations across the country?
• What strategies can organisations adopt to create robust cyber security measures to prevent incidents and exploitations?
• Government, industry, academia and citizens working in collaboration to safeguard our country and communities

• The Evolution of Ransomware – How did we get here and what is next
• Understanding the risks and potential costs of attacks
• Exploring successful techniques to improve organisations’ ransomware protection posture

• Understanding how IT is converging with OT and how to protect them in the network
• How to overcome the increase of cyber risk to industrial control?
• Adopting cybersecurity strategies across your ICT (industry control systems)
• Key cybersecurity considerations of networks, IoT devices security, mobile and the cloud

Panellists:

Jo Stewart-Rattray, Chief Security Officer, Silverchain

• Building security from scratch – incorporating people, process, and technology into your programs
• Strategies to improve your teams’ skills and knowledge in IT and cybersecurity
• Exploring how innovative technologies can help your company achieve adaptability and resilience

Join us to learn from others’ “mistakes” by reviewing real-life incidents in different environments. What are the common pitfalls? How many falls into common mistakes, and which could be devastating to an organization? See how different tools and practices can help advance your security posture.

• How do you build a security program in 2023?  How has it changed from recent years?
• People, process, and technology – what do you need to incorporate into your program?
• What does ‘good enough’ look like and how do we measure it?  Risk, regulation, and strategy – making them all fit together

During this session, David will share his experiences on how to elevate your organisations cyber posture through an effective information security program. Join him to learn some tips on where to start your journey, the importance of quick wins and key lessons learnt.

Supply chain can be the weakest risk of your digital assets. During this presentation, we’ll explore good practices for data protection, data governance, fraud prevention and third-party risks to ensure your supply chain is secure.

This session is designed for cybersecurity leaders who are currently implementing Zero Trust architecture models. Join us to hear common challenges and explore ways to overcome them. Key discussion points:

• The evolution of Zero Trust
• What are the key challenges you are trying to overcome
• How to develop a roadmap and implementing specific initiatives to your projects
• Discover effective ways to build a zero-trust security framework
• Identify key components of a zero-trust model to protect the current environment

Supply chain can be the weakest risk of your digital assets. During this presentation, we’ll explore good practices for data protection, data governance, fraud prevention and third-party risks to ensure your supply chain is secure.

During this session, we’ll explore various methods utilised in building a stronger, more secure company to prepare and protect against cybercrime. Richard will share his experiences of what has worked and hasn’t worked over the years and how getting certified really helped the organisation maturity journey.

This session is designed for cybersecurity leaders who are currently investing in Zero Trust architecture models or planning to do this in the near future. Join us for a hands-on discussion where you will share challenges and explore solutions on:

• How to develop a roadmap and implementing specific initiatives to your projects
• Discover effective ways to build a zero-trust security framework
• Identify key components of a zero-trust model to protect the current environment

In a world where the pressure to deliver new and innovative ICT capability is only ever growing, and the threat actors are also increasingly sophisticated and pervasive, how can companies ensure they meet these challenges whilst still ensuring cyber resilience? During this interactive discussion, hear challenges and benefits of SOC Automation, explore experiences and lessons learned, and discuss different ways of improving and driving efficiency of your SOC.

• What trends are we looking from a security perspective?
• Understanding the risks and implications of offensive AI and how it will change our threat landscape
• How CISOs can be prepared for potential risks
• Strategies to use AI in cyber defense

• Exploring the challenges and opportunities for improvement
• What information should be given to the board?
• Quite the technical jargons – what the board won’t listen to and what they will shift attention to
• Developing and mastering your skills of communicating with the board

Join us for a wrap-up interactive discussion to share your thoughts and hear the key take-aways other participants have from the two days. Our expert facilitator will offer you and the group an opportunity to review what you are planning to implement when you go back to your organisation.