CISO Perth schedule

In this 5-minute networking session, the goal is to connect with three new people. Have fun!

Western Australia’s new cyber policies are reshaping expectations around accountability, resilience, and information sharing across all sectors. This keynote presentation explores how to close the gap between policy ambition and operational reality.

• What WA’s policy shift means across public, private, and SME sectors
• Turning compliance goals into practical resilience
• Building capability and culture to match new expectations
• Opportunities for collaboration across the state’s cyber ecosystem

In a cyber crisis, technical controls matter, but leadership defines the outcome. This panel explores how leaders navigate crises, communicate effectively, and manage operational and technical risk.

• Who do you call first when a cyber incident hits? How do you prioritise action?
• How do leaders balance immediate response with long-term reputation and trust management?
• Are playbooks useful in practice, or do they get ignored in real incidents

Moderator:

Niraj Naidu ANZ Regional CTO Rubrik

Panellists:

Simi Das IT Audit, Risk and Compliance Manager Wilson Group

Nicholas Putra Manager Cyber Security Department of Creative Industries, Tourism and Sport 

Data security has been around for decades, and yet, it still feels like an unsolvable puzzle. Legacy technologies are typically resource-intensive, find just a small portion of companies’ sensitive data, and produce a ton of false positives. The impact to operations is often so significant that businesses never move their DLP out of monitoring mode.
•    Why traditional approaches to data security have failed
•    How AI and context are revolutionizing data security
•    Where to maximize the value of your existing security investments
•    What you can do to secure your Gen AI rollouts
With the right strategy and technology, you can transform your data from a liability to a well-managed asset.

Data is growing at nearly four times the rate of IT budgets, forcing security teams to rethink how they manage telemetry. In this session we explore why the traditional “index everything” model is breaking down, and how modern architectures using telemetry pipelines and data tiering can restore control. Learn how organisations are reducing costs while improving visibility and investigation speed.

This panel explores how organisations embed secure behaviours, transform awareness into action and sustain change over time. Join us as panellists share practical examples and relatable stories, offering attendees simple, actionable habits to strengthen their teams’ cyber resilience.

• How do organisational culture and human behaviour influence cyber resilience?
• How do you embed secure behaviours into everyday work so they feel natural rather than forced?
• How can organisations measure the real impact of security awareness efforts and adjust over time?
• How do you encourage staff to see themselves as defenders rather than vulnerabilities?
• What’s one simple habit you wish every employee would adopt to improve cyber resilience?

Moderator:

Tim Orr Senior Manager Security Awareness CBA 

Panellists:

Sheavy Kaur CISO RAAFA WA

Rebecca Moonen Security & Privacy Influence and Cyber Safety Outreach Manager NBN

Neel Goradia Cyber Security Lead PLS

Mark O'Brien GM Digital Technology & Innovation (CIO) CITIC Pacific Mining 

Cloud environments move faster than human teams can monitor. Misconfigurations, identity risks, and lateral movement often unfold in minutes, not hours. This session will explore how automation is being embedded into cloud-native security operations from real-time detection of anomalies to automated remediation of misconfigurations and credential misuse. Learn how leading organisations are reducing dwell time, accelerating incident response, and maintaining resilience at cloud speed. 

As AI adoption accelerates, leaders face the challenge of setting clear boundaries, not only around what AI should and shouldn’t do, but also around who holds responsibility for its oversight.

• Where does AI sit across the organisation?
• How should accountability be shared between security, risk, data, and business teams?
• What tasks can AI be trusted with, and where must human oversight remain non-negotiable?
• How can organisations prevent over-reliance, ensure explainability, and avoid ethical or operational pitfalls?

Moderator:

Mia Araminta Cybersecurity Resilience South32

Panellists:

Nigel Elders CIO The Perth Mint

Sameera Bandara CIO Programmed

Steven Paice Head of Cyber Security South Metropolitan Health Service 

Dave Deviren Head of Group IT McIntosh Group  

Most breaches don’toccur because a tool failed. They occur because ownership, context, or responsebroke down. Despite unprecedented investment in cyber security technology, manyorganisations remain vulnerable. This presentation explores why, now more thanever, tools alone are not enough, and how human judgement, clear ownership, anddecisive action ultimately determine security outcomes.

Join us for a live, gamified session that puts you in the CISO’s seat to make tough budget decisions. Working in teams, you will debate, prioritise, and justify your spending choices. This hands-on session discusses how strategy, culture, and risk tolerance shape security outcomes.

AI is accelerating faster than ever and so are the risks. As organisations race to adopt generative AI, sensitive data is becoming the unintended fuel feeding these models. In this session, we’ll break down how modern AI systems ingest and learn from corporate information, where the hidden exposure points are, and what leading APAC organisations are doing to stay in control. You’ll leave with practical strategies to safeguard your data, enforce boundaries around AI usage, and unlock value without becoming the next cautionary tale. If your business is embracing AI, this is the playbook you need before the appetites grow.

This practical case study shows how resilience was strengthened across a multi campus K–12 environment, offering lessons that resonate far beyond the education sector. It highlights the decisions, trade offs, and shifts in thinking required to manage sensitive data at scale, and explores how privacy and AI governance now shape strategy for any organisation navigating complex, people centred digital transformation.

Digital trust is being redefined as identity threats grow more complex. From deepfakes and impersonation attacks to the rapid rise of non-human identities, the identity landscape is evolving. This session explores what these changes mean for verification and control and how security leaders can adapt their strategies to safeguard trust in a world where not every identity is who or what it claims to be.

When critical systems can’t be patched, security becomes an exercise in precision. This session looks at how to safeguard ageing or vendor-locked environments without breaking availability or safety, using smart risk assessment, layered controls, segmentation, and monitoring to keep vulnerabilities contained.

Almost every connection on the Internet begins with a DNS request. This session demonstrates how Infoblox Protective DNS stops threats at the moment of intent, blocking access to malicious infrastructure before connections are established. Discover how a pre-emptive DNS-based security strategy dramatically shrinks attack surfaces while protecting users, devices, and networks everywhere they operate.

IEC 62443 offers a robust framework for securing industrial automation systems, but many organisations struggle to translate its comprehensive guidance into actionable steps. This session bridges the gap between theory and implementation, focusing on practical and scalable risk assessments to define appropriate security levels and build a sustainable foundation for operations. 

As artificial intelligence evolves from generating insights to executing actions, organisations are entering a new era of autonomous digital operations. Agentic AI systems can now initiate workflows, access systems, and make decisions at machine speed—introducing a new governance risk: the gradual and often invisible expansion of machine authority across enterprise environments. Drawing on lessons from aviation safety systems and financial market automation, this keynote explores why autonomy must be matched with explicit boundaries, accountability, and runtime control. It argues that managing AI safely is not simply a model problem, but a governance and control-plane challenge—one that requires identity, policy enforcement, and continuous verification to ensure autonomous systems operate within defined limits. The organisations that succeed with AI will not be those that move fastest, but those that embed disciplined control of autonomy from the outset.

As supply chains expand, the question is no longer if a third-party breach will occur, but how far it will spread. This session explores how cyber leaders can strengthen resilience across complex ecosystems by accepting that breaches will happen and focusing on limiting the blast radius, finding practical ways to renegotiate contracts and turning security requirements into enforceable commitments.

As AI agents, deepfakes and automated attacks outpace traditional IAM, organisations face a widening identity trust gap. Drawing on Ping Identity’s State of Trust research, this session examines how to move from static authentication to continuous, verified trust - helping security leaders assess their current posture and apply practical, risk-adaptive IAM patterns over the next 12–24 months.

What if your next cyber incident isn’t a system failure, but human fatigue or overload? Human energy is a critical, often overlooked control that shapes decision-making and risk outcomes. Burnout, alert fatigue, and constant context-switching quietly increase the likelihood of errors and breaches. In this session, Dinda draws on behavioural science and leadership psychology to reframe burnout as a core cyber vulnerability and offers leaders practical strategies to turn resilience into a measurable advantage for both people and performance.

With ASD outlining Australia’s direction on post-quantum cryptography, organisations are being urged to prepare now for the transition to quantum-resilient security. This session unpacks what this will mean in practice and where to start.

• How to ensure you are asking the right questions of your internal teams and third parties
• What a realistic post-quantum migration roadmap looks like for organisations
• Where to start with balancing interoperability, performance, and compliance demands

This session looks at how AI-driven threatdetection can streamline SOC workflows, prioritise the right incidents, andsurface actionable insights without adding to analyst fatigue. Hear lessonsfrom actual deployments on balancing automation with human expertise tostrengthen detection and response.

As organisations continue shifting services, data, and operations to cloud and as-a-service models, one truth has become unavoidable: identity is now the foundation of cyber strategy. Knowing who has access to what, verifying intent, and being able to respond quickly has replaced the traditional perimeter as the anchor of effective security. 

This closing session brings together two practitioners, each with different perspectives, to have a candid conversation about executing a cyber strategy today. The discussion will focus on the practical shifts organisations must make to stay resilient in a rapidly changing threat and technology landscape. We will explore:

• What has changed in cyber strategy over the past few years and what surprisingly hasn’t
• Which fundamentals organisations must return to, even as environments grow more complex
• Where bold innovation is now required, particularly in identity, automation, and resilience engineering
• The critical markers of an effective strategy

Speakers:

Shana Uhlmann GM Technology Perth Airport 

Rob Labbé CEO & CISO-in-Residence Mining and Metals ISAC