CISO Brisbane schedule

During this 5-minute networking session, participants can build their network. Have fun!  

• Aligning security initiatives with business objectives and board priorities.
• Defining measurable outcomes to demonstrate the effectiveness of cyber programs.
• Embedding a culture of resilience: Driving accountability, visibility, and proactive risk management across the enterprise.
• Preparing for emerging technologies, regulatory pressures, and increasingly sophisticated threats for a future-ready leader.

Moderator

Martin Holzworth Chief Information Security Officer UnitingCare Queensland 

Panellists

Mick McHugh Chief Information Security Officer Virgin Australia
Danielle Pentony Chief Information Security Officer Australian Digital Health Agency  

Modern infrastructure is now driven by automation, pipelines, machine identities and AI-assisted engineering. This session explores how organisations can embed identity, secrets management and policy enforcement directly into infrastructure delivery to reduce static credentials, govern AI-assisted changes, and ensure every infrastructure change is validated, controlled and auditable before reaching production.

Speakers

Andrew Brydon
APJ Field CTO Leader
HashiCorp

Malik Ayub
Practice Lead, Security & AI Governance
DevOps1

•  Boards expect security to enable innovation not just prevent breaches. How must CISO adapt to lead this shift? 
  
• Showcase how cyber resilience can move beyond compliance to become a strategic advantage.
• Explain the link between resilience, customer trust, and competitive positioning.
• Demonstrate practical steps for embedding resilience into business growth strategies.

AI is rapidly becoming one of the biggest drivers of productivity and innovation in the enterprise — and one of the fastest-growing sources of data security risk. As copilots, assistants, and public AI tools become integrated into daily work, sensitive data is flowing into systems that most security teams can’t fully see, understand, or control.

The problem is that traditional data security controls were never built for this. In fact, many organizations were already struggling to operationalize data security before AI accelerated the challenge. The good news? AI isn’t just creating the problem — it’s also enabling a smarter, more effective way to solve it.

In this session, attendees will learn:

• Why AI has become one of the fastest-growing and least visible sources of enterprise risk
• How GenAI is creating new exposure points for sensitive data
• Why legacy data security tools have failed to keep up — and why AI is making those gaps harder to ignore
• How context-aware, AI-driven data security can deliver more accurate visibility, stronger controls, and real-time enforcement
• What organizations can do to enable AI innovation without expanding their risk surface

Attendees will leave with a clearer understanding of how AI is reshaping data security — and how they can use that same technology to gain control, minimize exposure, and support safer AI adoption across the business.

Moderator 

Brooke Nicoll Regional Sales Manager Rubrik

Speakers

Stuart Low Business Information Security Advisor Telstra

Nikki Peever Director Cyber Security CAUDIT

Darron Richardson Director, Digital Resilience and Operations (CISO) Southern Cross University

Security and IT teams are facing a structural challenge: data volumes are growing far faster than budgets, and AI is accelerating both the creation and consumption of telemetry. Many organisations are responding with implicit trade-offs, reducing retention, dropping data sources, or limiting visibility, creating blind spots that weaken both security operations and AI-driven detection.

Employees increasingly rely on AI to manage workloads, often outside approved channels. Sensitive data is pasted into prompts, shadow tools appear, and new exfiltration paths emerge. How should we focus on enabling safe adoption while maintaining trust and protecting business-critical data?

• Identify role-specific AI risks by mapping how each team uses data, handles sensitive information, and interacts with AI tools.
• Design tiered access models that balance productivity with risk tolerance across functions with different regulatory and data sensitivities.
• Embed practical micro-training so employees understand safe AI use within the context of their day-to-day tasks.
• Monitor usage patterns to catch early signs of unsafe behaviour or shadow AI adoption before it creates broader business exposure.

Moderator

Anna Clive GM - Data, Digital & Innovation RACQ

Speakers

James Court Chief Security Officer Cleanaway Waste Management

Jane Hogan France Senior Manager Cyber Security Allianz Australia

Peter Baussmann Chief Technology Officer Airlock

• Unpack why traditional awareness programs fail to deliver measurable impact.
• Showcase practical frameworks that embed security awareness into daily workflows.
• Demonstrate how to tailor awareness initiatives to different roles and risk profiles.
• Highlight metrics and methods for tracking behavioural change and reducing human risk.

Effective cyber governance goes hand-in-hand with robust cyber hygiene. This panel brings together senior CISOs and governance experts to discuss how organisations can embed accountability, oversight, and practical security practices into daily operations. Communicating cyber risks, hygiene gaps, and compliance readiness at the leadership level. Lastly, discussing metrics to track both governance effectiveness and hygiene adherence across teams by translating policies into daily practices that prevent breaches and minimise human error.

Moderator 
Qamar Raza PhD GRC Function Head Bayside Health

Speakers

Paul Bilic Group Head of Cyber Operations  Domino’s

Akshay Gupta Head of Cyber Applications & Governance CleanCo Queensland

As AI agents, deepfakes and automated attacks outpace traditional IAM, organisations face a widening identity trust gap. Drawing on Ping Identity’s State of Trust research, this session examines how to move from static authentication to continuous, verified trust - helping security leaders assess their current posture and apply practical, risk-adaptive IAM patterns over the next 12–24 months.

• Executing a 5-year strategic plan to modernise airport operations and enable future-ready innovation.
• Embedding cybersecurity as a foundational pillar to support scalable, compliant transformation.
• Uplifting core infrastructure across multiple airports to create a secure, resilient baseline.
• Aligning cross-functional teams to accelerate delivery while maintaining strong cyber governance.

As AI reshapes how organisations operate, the data underneath it has never been more exposed — or more valuable. In this fireside chat Anuj Anand, Ausenco’s CIO shares how they're rethinking data security with Cyera, to keep pace with AI adoption, cloud expansion, and evolving compliance demands — and what it takes to build a security posture that can grow alongside the business.

Speakers

Marcin Zyman
Enterprise Account Executive
Cyera

Anuj Anand
CIO
Ausenco 

• Demonstrate how SOCI compliance strengthens cyber and operational resilience.
• Explain the collaborative approach to integrating IT, OT, and business teams through development, implementation and ongoing management of the CIRMP.
• Highlight lessons learned from embedding cyber and the CIRMP into broader enterprise risk management.
• Showcase practical steps for continuous improvement of the CIRMP and using Essential Eight adoption as the base control framework.

In the modern enterprise responding to cyber threats is harder than ever. Even the largest businesses with vast resources are getting breached.

In this session we'll discuss a new approach to detect and respond faster, to help keep enterprises running even when a breach occurs, and how we can stay one step ahead of the most advanced threat actors.

Modern organisations depend on deep, interconnected SaaS and cloud ecosystems that few fully understand. Most security programs still overlook the components inside vendor products, the AI tools staff use daily, and the opaque fourth-party services that create silent exposure. This panel unpacks how to build visibility and reduce blast radius when suppliers fail.

Speakers

Gabriela Guiu-Sorsa Cyber Security Resilience Manager Cyber Security Champions of Tomorrow

Rohan Dwyer Head of Information Security Sunwater

As AI‑driven threats compress the time between vulnerability discovery and exploitation, organisations need more than visibility - they need the ability to detect, prioritise, and remediate risk at machine speed. This session will outline how Qualys enables security teams to become Mythos‑ready through a unified, data‑driven approach to exposure management.

• AI‑Speed Detection: Leverage machine‑speed vulnerability detection and a unified inventory of internal and external assets to stay ahead of attackers.
• Hyper‑Prioritisation: Focus on what truly matters by combining threat intelligence, business context, and asset criticality, while validating exploitability against existing controls.
• Zero‑Day Remediation: Respond to zero‑days with operational resilience, using automated patching, mitigation, and continuous validation to shrink exposure windows.

• Safety vs. Security considerations amongst critical infrastructure.
• Secure by Design for OT systems and managing enterprise risk.
• Integration of service providers into the cyber operations ecosystem.
• Scalable incident response and enabling crisis management.

• Navigating the rapid rise of AI-driven attacks and sophisticated cyber threats.
• Building agile cyber security strategies while fostering team resilience in times of uncertainty.
• Balancing risk management with innovation to drive organizational growth and trust.

Most breaches don’t occur because a tool failed. They occur because ownership, context, or response broke down. Despite unprecedented investment in cyber security technology, many organisations remain vulnerable. This presentation explores why, now more than ever, tools alone are not enough, and how human judgement, clear ownership, and decisive action ultimately determine security outcomes.

• Explain why threat intelligence is critical for proactive defense in today’s dynamic threat landscape.
• Showcase how organisations can integrate threat intelligence into decision-making and incident response.
• Demonstrate practical use cases for automation and AI in accelerating threat analysis.
• Highlight strategies for prioritising intelligence to focus on the most exploitable vulnerabilities.