CISO Perth schedule

In this 5-minute networking session, the goal is to connect with three new people. Have fun!

Western Australia’s new cyber policies are reshaping expectations around accountability, resilience, and information sharing across all sectors. This keynote presentation explores how to close the gap between policy ambition and operational reality.

• What WA’s policy shift means across public, private, and SME sectors
• Turning compliance goals into practical resilience
• Building capability and culture to match new expectations
• Opportunities for collaboration across the state’s cyber ecosystem

In a cyber crisis, technical controls matter, but leadership defines the outcome. This panel explores how leaders navigate crises, communicate effectively, and manage operational and technical risk.

• Who do you call first when a cyber incident hits? How do you prioritise action?
• How do leaders balance immediate response with long-term reputation and trust management?
• Are playbooks useful in practice, or do they get ignored in real incidents

Panellists:

Joel Earnshaw Senior Manager Cyber Security Perenti

Simi Das IT Audit, Risk and Compliance Manager Wilson Group

Nicholas Putra Manager Cyber Security Department of Creative Industries, Tourism and Sport 

Harnessing global threat intelligence allows organisations to move from reactive defence to proactive threat mitigation. This session will demonstrate how consolidating and operationalising threat feeds can improve security agility, enhance visibility across systems, and drive a more resilient cyber security posture.

Cybercriminals exploit weak segmentation to move laterally across networks, increasing the impact of breaches. This session will break down real-world attack patterns, revealing how organisations can disrupt lateral movement and reduce the success of cyber threats.

This panel explores how organisations embed secure behaviours, transform awareness into action and sustain change over time. Join us as panellists share practical examples and relatable stories, offering attendees simple, actionable habits to strengthen their teams’ cyber resilience.

• How do organisational culture and human behaviour influence cyber resilience?
• How do you embed secure behaviours into everyday work so they feel natural rather than forced?
• How can organisations measure the real impact of security awareness efforts and adjust over time?
• How do you encourage staff to see themselves as defenders rather than vulnerabilities?
• What’s one simple habit you wish every employee would adopt to improve cyber resilience?

Panellists:

Sheavy Kaur CISO RAAFA WA

Tim Orr Senior Manager Security Awareness CBA

Rebecca Moonen Security & Privacy Influence and Cyber Safety Outreach Manager NBN

Neel Goradia Cyber Security Lead PLS

Mark O'Brien GM Digital Technology & Innovation (CIO) CITIC Pacific Mining 

Cloud environments move faster than human teams can monitor. Misconfigurations, identity risks, and lateral movement often unfold in minutes, not hours. This session will explore how automation is being embedded into cloud-native security operations from real-time detection of anomalies to automated remediation of misconfigurations and credential misuse. Learn how leading organisations are reducing dwell time, accelerating incident response, and maintaining resilience at cloud speed. 

As AI adoption accelerates, leaders face the challenge of setting clear boundaries, not only around what AI should and shouldn’t do, but also around who holds responsibility for its oversight.

• Where does AI sit across the organisation?
• How should accountability be shared between security, risk, data, and business teams?
• What tasks can AI be trusted with, and where must human oversight remain non-negotiable?
• How can organisations prevent over-reliance, ensure explainability, and avoid ethical or operational pitfalls?

Moderator:

Mia Araminta Cybersecurity Resilience South32

Panellists:

Nigel Elders CIO The Perth Mint

Sameera Bandara Head of APAC IT Programmed

Steven Paice Head of Cyber Security South Metropolitan Health Service 

A quick, 5-minute dive into the key findings from Cythera’s latest CISO survey, highlighting the top trends and insights shaping the future of cyber security leadership.

Join us for a live, gamified session that puts you in the CISO’s seat to make tough budget decisions. Working in teams, you will debate, prioritise, and justify your spending choices. This hands-on session discusses how strategy, culture, and risk tolerance shape security outcomes.

This session explores how to embed security thinking into broader organisational decision-making from procurement and product to HR and finance and build a culture where shared responsibility drives better security outcomes.

This practical case study shows how resilience was strengthened across a multi campus K–12 environment, offering lessons that resonate far beyond the education sector. It highlights the decisions, trade offs, and shifts in thinking required to manage sensitive data at scale, and explores how privacy and AI governance now shape strategy for any organisation navigating complex, people centred digital transformation.

Digital trust is being redefined as identity threats grow more complex. From deepfakes and impersonation attacks to the rapid rise of non-human identities, the identity landscape is evolving. This session explores what these changes mean for verification and control and how security leaders can adapt their strategies to safeguard trust in a world where not every identity is who or what it claims to be.

As supply chains expand, the question is no longer if a third-party breach will occur, but how far it will spread. This session explores how cyber leaders can strengthen resilience across complex ecosystems by accepting that breaches will happen and focusing on limiting the blast radius, finding practical ways to renegotiate contracts and turning security requirements into enforceable commitments.

When critical systems can’t be patched, security becomes an exercise in precision. This session looks at how to safeguard ageing or vendor-locked environments without breaking availability or safety, using smart risk assessment, layered controls, segmentation, and monitoring to keep vulnerabilities contained.

DLP is evolving fast in the era of AI offering new capabilities, but also new risks. This session shares case studies on how organisations are deploying DLP alongside AI tools to protect sensitive data without stifling productivity. Explore practical lessons, from policy design and user adoption to monitoring, governance, and incident response in AI-enabled environments.

IEC 62443 offers a robust framework for securing industrial automation systems, but many organisations struggle to translate its comprehensive guidance into actionable steps. This session bridges the gap between theory and implementation, focusing on practical and scalable risk assessments to define appropriate security levels and build a sustainable foundation for operations. 

This session examines how to implement continuous AI risk monitoring — from identifying vulnerabilities in AI models and data pipelines to detecting misuse and drift. Learn how to combine automation, governance, and human oversight to safeguard high-value systems against evolving AI threats.

With ASD outlining Australia’s direction on post-quantum cryptography, organisations are being urged to prepare now for the transition to quantum-resilient security. This session unpacks what this will mean in practice and where to start.

• How to ensure you are asking the right questions of your internal teams and third parties
• What a realistic post-quantum migration roadmap looks like for organisations
• Where to start with balancing interoperability, performance, and compliance demands

What if your next cyber incident isn’t a system failure, but human fatigue or overload? Human energy is a critical, often overlooked control that shapes decision-making and risk outcomes. Burnout, alert fatigue, and constant context-switching quietly increase the likelihood of errors and breaches. In this session, Dinda draws on behavioural science and leadership psychology to reframe burnout as a core cyber vulnerability and offers leaders practical strategies to turn resilience into a measurable advantage for both people and performance.

As organisations continue shifting services, data, and operations to cloud and as-a-service models, one truth has become unavoidable: identity is now the foundation of cyber strategy. Knowing who has access to what, verifying intent, and being able to respond quickly has replaced the traditional perimeter as the anchor of effective security. 

This closing session brings together two practitioners, each with different perspectives, to have a candid conversation about executing a cyber strategy today. The discussion will focus on the practical shifts organisations must make to stay resilient in a rapidly changing threat and technology landscape. We will explore:

• What has changed in cyber strategy over the past few years and what surprisingly hasn’t
• Which fundamentals organisations must return to, even as environments grow more complex
• Where bold innovation is now required, particularly in identity, automation, and resilience engineering
• The critical markers of an effective strategy

Speakers:

Andrew Bullen Manager Cyber Security St John WA