Thursday 28 April
08:20
Register; grab a coffee. Mix, mingle and say hello to peers old and new.
Register; grab a coffee. Mix, mingle and say hello to peers old and new.
April 28 | 08:20 - 08:50
Speaking:
08:50
Welcome from Corinium and the Chairperson
Speaking:
Arnold Wong
Fellow and National Treasurer, ACS
Welcome from Corinium and the Chairperson
April 28 | 08:50 - 09:00
Speaking:
09:00
Opening Keynote Presentation: Remaining Secure when Physical and Cyber Converge
- How the convergence of OT and IT affects your overall organisational cybersecurity
- What you need to consider in your security planning
- Improving your visibility of vulnerabilities in a complex, converged environment, and enhancing incident detection and response
Speaking:
Andrew Woodward
Executive Dean, School of Science, Edith Cowan University and Acting Director, ECU Security Research Institute
Opening Keynote Presentation: Remaining Secure when Physical and Cyber Converge
April 28 | 09:00 - 09:25
- How the convergence of OT and IT affects your overall organisational cybersecurity
- What you need to consider in your security planning
- Improving your visibility of vulnerabilities in a complex, converged environment, and enhancing incident detection and response
Speaking:
09:25
Winning the moment, losing the day
When a threat actor broke into the network of Sitel, it could have been a good story for Okta. Our preventative and detective controls frustrated and inhibited the threat actor. But our response to the incident was stunted. APJ CSO Brett Winterford talks through the processes that - with the benefit of hindsight - should have turned this “near miss” into a non-event.
Speaking:
Brett Winterford
Regional CISO, Okta
Winning the moment, losing the day
April 28 | 09:25 - 09:50
When a threat actor broke into the network of Sitel, it could have been a good story for Okta. Our preventative and detective controls frustrated and inhibited the threat actor. But our response to the incident was stunted. APJ CSO Brett Winterford talks through the processes that - with the benefit of hindsight - should have turned this “near miss” into a non-event.
Speaking:
09:50
Morning Coffee and Connect
Morning Coffee and Connect
April 28 | 09:50 - 10:15
Speaking:
10:45
Maximising Vendor Relationships to Backfill the Cyber Security Skill Shortage
- Shifting how internal stakeholders view Vendors
- Strategies to maximise Vendor value and minimise cost
- When to engage with and not to engage with Vendors
- Operational example of maximising Vendor relationships to backfill the Cyber Security skill shortage
Speaking:
Gavin Ryan
Global Head of Information Security, Navitas
Maximising Vendor Relationships to Backfill the Cyber Security Skill Shortage
April 28 | 10:45 - 11:10
- Shifting how internal stakeholders view Vendors
- Strategies to maximise Vendor value and minimise cost
- When to engage with and not to engage with Vendors
- Operational example of maximising Vendor relationships to backfill the Cyber Security skill shortage
Speaking:
11:10
Threat Actors are Targeting Your Active Directory: What Should You Do?
Microsoft’s Active Directory (AD) is the foundation for most organisation’s identity and access control system. Staff log in to their workstations and applications using AD, and their access to applications and other resources is usually controlled through AD group memberships.
For most organisations, AD “just works” and is considered part of the infrastructure. However - now that you have opened your networks to the cloud, remote workers, and the public internet in general, threat actors are targeting your AD for reconnaissance, lateral movement, credential theft and as the primary way to gain complete dominance over your network. In this talk, Gil Kirkpatrick will outline some of the ways attackers target AD and how you can apply the NIST Cybersecurity Framework to improve AD security, detect attacks, and recover quickly from a cyber disaster.
Speaking:
Gil Kirkpatrick
Chief Architect, Semperis
Threat Actors are Targeting Your Active Directory: What Should You Do?
April 28 | 11:10 - 11:35
Microsoft’s Active Directory (AD) is the foundation for most organisation’s identity and access control system. Staff log in to their workstations and applications using AD, and their access to applications and other resources is usually controlled through AD group memberships.
For most organisations, AD “just works” and is considered part of the infrastructure. However - now that you have opened your networks to the cloud, remote workers, and the public internet in general, threat actors are targeting your AD for reconnaissance, lateral movement, credential theft and as the primary way to gain complete dominance over your network. In this talk, Gil Kirkpatrick will outline some of the ways attackers target AD and how you can apply the NIST Cybersecurity Framework to improve AD security, detect attacks, and recover quickly from a cyber disaster.
Speaking:
11:35
Understanding Your Attack Surface
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu
- Understand your own environment
- Determine strengths & weaknesses
- Do you know your “Crown Jewels”?
- Understand attack paths to your “Crown Jewels”
- Have an in-depth understanding of threat actor TTPs
- Recognise why attacks succeed
- Tactical strategies to consider
- Key Takeaways
Speaking:
Andrew Macready
Cybersecurity Operations Manager, Woodside Energy
Understanding Your Attack Surface
April 28 | 11:35 - 12:00
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu
- Understand your own environment
- Determine strengths & weaknesses
- Do you know your “Crown Jewels”?
- Understand attack paths to your “Crown Jewels”
- Have an in-depth understanding of threat actor TTPs
- Recognise why attacks succeed
- Tactical strategies to consider
- Key Takeaways
Speaking:
12:00
Why DevOps Need Software Supply Chain Assurance
Open-source libraries have become an essential part of almost all modern applications. Without open-source, software development would be stuck in the slow lane. Not “reinventing the wheel” each time you need certain functionality in an app saves you time and effort, and as a result, open-source isn’t going away anytime soon. If anything, it’s becoming more and more widespread. But there’s a certain amount of risk that comes with using open-source components, modules and libraries. Today, it’s increasingly important to protect yourself from these risks.
In this presentation, we will discuss the importance and prevalence of open-source software as well as the ways you can protect yourself from its attendant risks and licensing issues. The goal is to catch issues early before they can become fatal.
Speaking:
Mark Priebatsch
Regional Director, ANZ, Checkmarx
Why DevOps Need Software Supply Chain Assurance
April 28 | 12:00 - 12:25
Open-source libraries have become an essential part of almost all modern applications. Without open-source, software development would be stuck in the slow lane. Not “reinventing the wheel” each time you need certain functionality in an app saves you time and effort, and as a result, open-source isn’t going away anytime soon. If anything, it’s becoming more and more widespread. But there’s a certain amount of risk that comes with using open-source components, modules and libraries. Today, it’s increasingly important to protect yourself from these risks.
In this presentation, we will discuss the importance and prevalence of open-source software as well as the ways you can protect yourself from its attendant risks and licensing issues. The goal is to catch issues early before they can become fatal.
Speaking:
12:25
Fireside Chat: How Accountants, Engineers, Educators and Health and Safety Specialists Transition and Excel in Cyber Roles
During this discussion, you’ll learn about how to support career transitions to InfoSec & Cyber, from other professions. Explore how diversified skills and capabilities acquired in other professions can be used to strengthen your workforce strategy and fill roles. These inspiring journeys shared by the panelists will include their insights into what hiring managers and talent acquisition teams can do to support career transitioners. You’ll also hear real-life experiences on how to plan and prepare for a career transition.
Speaking:
Alice White
Security Training Manager, Atlassian and Perth Chapter Lead, AWSN
Steven Lee
Pentester, Bunnings
Meidi Van der Lee
Security Analyst, REA Group
Vidhu Bhardwaj
Perth Chapter Lead, AWSN
Ryan Faulds
Perth Chapter Lead, AWSN
Fireside Chat: How Accountants, Engineers, Educators and Health and Safety Specialists Transition and Excel in Cyber Roles
April 28 | 12:25 - 13:00
During this discussion, you’ll learn about how to support career transitions to InfoSec & Cyber, from other professions. Explore how diversified skills and capabilities acquired in other professions can be used to strengthen your workforce strategy and fill roles. These inspiring journeys shared by the panelists will include their insights into what hiring managers and talent acquisition teams can do to support career transitioners. You’ll also hear real-life experiences on how to plan and prepare for a career transition.
Speaking:
1:00
Lunch Break! Connect and Converse
Lunch Break! Connect and Converse
April 28 | 13:00 - 14:10
Speaking:
TRACK A - InfoSec Talks
2:10
Interactive Case Study: Implementing Effective Ransomware Protection
- An overview of the growth of ransomware attacks and how organisations are being impacted
- Understanding the threat actors targeting Australian organisations
- How organisations can prepare for ransomware protection
- Exploring successful cases of improving organisations’ ransomware protection posture
Speaking:
Richard Asch
Head of Cyber Security, Western Power
Interactive Case Study: Implementing Effective Ransomware Protection
April 28 | 14:10 - 14:45
- An overview of the growth of ransomware attacks and how organisations are being impacted
- Understanding the threat actors targeting Australian organisations
- How organisations can prepare for ransomware protection
- Exploring successful cases of improving organisations’ ransomware protection posture
Speaking:
TRACK B - Solutions Clinic
2:10
Solutions Clinic: Leading in Crisis – Creating Effective Detection, Response and Recovery Plans
Sophisticated hackers are often attacking silently, making it harder for organisations to realise that they’ve suffered a breach. Ensuring your company has an effective threat management strategy is critical, but how you manage the team during a crisis to respond to and recover from events is even more important. During this session, we will explore best-in-class ways to implement successful detection, response and recovery plans.
Speaking:
Sagi Shahar
Senior Manager, Penetration Testing, CommBank
Dune Sookloll
Cyber and Information Security Officer, Horizon Power
Solutions Clinic: Leading in Crisis – Creating Effective Detection, Response and Recovery Plans
April 28 | 14:10 - 14:45
Sophisticated hackers are often attacking silently, making it harder for organisations to realise that they’ve suffered a breach. Ensuring your company has an effective threat management strategy is critical, but how you manage the team during a crisis to respond to and recover from events is even more important. During this session, we will explore best-in-class ways to implement successful detection, response and recovery plans.
Speaking:
TRACK A - InfoSec Talks
2:45
Keynote Presentation: Stopping Attacks, Not Your Business: AI & Autonomous Response
With cyber-attackers continuously searching for new ways to outpace security teams, it can lead to a struggle to fight back without disrupting business operations. Join Darktrace’s Jarryd Pagonis, Regional Director in this session where he explores the benefits of Autonomous Response as a must-have that goes beyond ‘defense’. Includes real-world threat finds and attack scenarios
Speaking:
Jarryd Pagonis
Regional Director, Darktrace
Keynote Presentation: Stopping Attacks, Not Your Business: AI & Autonomous Response
April 28 | 14:45 - 15:20
With cyber-attackers continuously searching for new ways to outpace security teams, it can lead to a struggle to fight back without disrupting business operations. Join Darktrace’s Jarryd Pagonis, Regional Director in this session where he explores the benefits of Autonomous Response as a must-have that goes beyond ‘defense’. Includes real-world threat finds and attack scenarios
Speaking:
TRACK B - Solutions Clinic
2:45
Solutions Clinic: Zero Trust Architecture – Truly Imperative, or just Buzzword?
During this session, we’ll discuss how the implementation of a Zero Trust architecture can impact the organisation’s operating model, and what are the considerations of these strategies into your future and targeted operating model.
Speaking:
Arthur Van Der Merwe
Information Security & Industry Compliance Manager, Australian Payments Network
Andrew Woodward
Executive Dean, School of Science, Edith Cowan University and Acting Director, ECU Security Research Institute
Solutions Clinic: Zero Trust Architecture – Truly Imperative, or just Buzzword?
April 28 | 14:45 - 15:20
During this session, we’ll discuss how the implementation of a Zero Trust architecture can impact the organisation’s operating model, and what are the considerations of these strategies into your future and targeted operating model.
Speaking:
TRACK A - InfoSec Talks
3:20
Interactive Cas Study: Security Implications of Data Governance and AI
Our increasing reliance on data creates a variety of data governance challenges. During this session, we’ll explore cases studies and common scenarios to address the security issues presented by data governance and AI.
Speaking:
Krista Bell
Senior Manager Data Governance, Beyond Bank
Interactive Cas Study: Security Implications of Data Governance and AI
April 28 | 15:20 - 15:55
Our increasing reliance on data creates a variety of data governance challenges. During this session, we’ll explore cases studies and common scenarios to address the security issues presented by data governance and AI.
Speaking:
TRACK B - Solutions Clinic
3:20
Solutions Clinic: How the Convergence of your OT and IT Affects Cybersecurity
As operational technology (OT) becomes more connected, the growing number of devices and endpoints offer a larger attack surface and create more vulnerabilities. Securing this space is no easy task but there is an opportunity to go beyond minimum compliance requirements and improve your overall security posture.
Speaking:
Nenad Sušić
Risk Business Partner, Rio Tinto
Divya Dayalamurthy
Cyber Security Lead, Arc Infrastructure
Solutions Clinic: How the Convergence of your OT and IT Affects Cybersecurity
April 28 | 15:20 - 15:55
As operational technology (OT) becomes more connected, the growing number of devices and endpoints offer a larger attack surface and create more vulnerabilities. Securing this space is no easy task but there is an opportunity to go beyond minimum compliance requirements and improve your overall security posture.
Speaking:
3:55
Afternoon Coffee and Connect
Afternoon Coffee and Connect
April 28 | 15:55 - 16:25
Speaking:
4:25
Keynote of Success: Is Diversity the Missing Link to Cyber Evolution?
During this session, we’ll explore the diversity and inclusion challenges facing the Australian cybersecurity community, and how that can be the answer to drive cultural change, fill the talent gap and achieve your organisation’s cybersecurity goals.
Speaking:
Cecily Rawlinson
Director, WA AustCyber Innovation Hub
Keynote of Success: Is Diversity the Missing Link to Cyber Evolution?
April 28 | 16:25 - 16:40
During this session, we’ll explore the diversity and inclusion challenges facing the Australian cybersecurity community, and how that can be the answer to drive cultural change, fill the talent gap and achieve your organisation’s cybersecurity goals.
Speaking:
4:40
The Future of Email Security
Speaking:
Tim Bentley
Country Manager, ANZ, Abnormal Security
The Future of Email Security
April 28 | 16:40 - 16:55
Speaking:
4:55
Fireside Chat: Strengthening your Culture & Bridging the Talent Gap
- Encouraging everyone to embrace cybersecurity as shared responsibilities
- Exploring opportunities to develop new talents
- Investing in your teams’ skills and capabilities
- Strengthening security strategies through your most valuable asset – people
Speaking:
Cecily Rawlinson
Director, WA AustCyber Innovation Hub
Karen Owens
CISO, Western Australia Police Force
Jo Stewart-Rattray
Chief Security Officer, Silver Chain Group
Fireside Chat: Strengthening your Culture & Bridging the Talent Gap
April 28 | 16:55 - 17:30
- Encouraging everyone to embrace cybersecurity as shared responsibilities
- Exploring opportunities to develop new talents
- Investing in your teams’ skills and capabilities
- Strengthening security strategies through your most valuable asset – people
Speaking:
5:30
Close of Conference
Close of Conference
April 28 | 17:30 - 17:35
Speaking:
5:35
CISOs Cocktail Reception & Networking - Continue the conversations in a fun and entertaining way.
CISOs Cocktail Reception & Networking - Continue the conversations in a fun and entertaining way.
April 28 | 17:35 - 19:00