CISO Brisbane schedule

Depending on the report you read, 82% to 95% of cyber incidents are directly related to human error. The evolution of Security Awareness Training is now moving towards Engagement and Security Culture, also referred to as human risk management and human layer protection. Historically the IT Department has been responsible for cybersecurity. The attack vector has increased exponentially over the last ten years with technological developments, increased internet speed, accessibility, the growth of mobile devices and, more recently, the move to remote working have meant that cybersecurity is literally on the move as we take our devices everywhere. As a result, the responsibility when it comes to cybersecurity has spread from IT to literally everyone in an organisation. This comes with challenges and frustrations with employee engagement and security awareness training programs. Are people not completing the training? Not reporting phishing emails? Still not understanding that cybersecurity is everyone’s responsibility.

• Streamlining your controls to avoid duplicative effort and align them with business objectives
• Influencing stakeholders to ensure a more business focused approach to cybersecurity
• Proactively managing for changes in the environment to ensure continuous compliance
• Building cyber risk awareness and culture to influence change 

Cybersecurity leaders continue to make significant progress in combatting identity threats.
As cybercriminals leverage AI, existing identity controls are struggling to keep up.
In this session we’ll uncover research on the state of AI adoption for identity security.
And you’ll discover how to shift toward intelligent, dynamic identity security controls.

Working in cybersecurity can seem like an uphill battle, a daily unrelenting, and often thankless grind.

Preventing breaches is a team effort that depends primarily on the dedication and wellbeing of your cybersecurity professionals. Sure, factors like the company's risk appetite and senior management's commitment play a role, but the real key is having an engaged and motivated cyber team. Throwing money at the problem with big budgets is no substitute for having the right people in place.

That's why it's crucial for CISOs to keep their teams happy, motivated, and engaged. During this interview, Stephen Bennett will be grilled by one of his own team members, Peter Johnsson, and will share the challenges and the successful strategies to ensure the wellbeing of the team and work towards preventing burnout. Because let's face it, a happy cyber warrior is an effective cyber warrior – and we could all use a few more of those in this crazy digital world.

Speakers:

Stephen Bennett, CISO, Domino’s

Peter Johnsson, Group Head of Cyber Services, Domino’s

In the dynamic realm of digital transformation, organisations face the challenge of harmonising swift software delivery, transformative AI technologies, and robust security protocols. This session delves into the symbiotic relationship among DevSecOps, AI, and Value Stream Management (VSM) to navigate this intricate balance. Explore the integration of VSM and AI to elevate DevSecOps methodologies, empowering organisations to fortify their security stance adeptly. Join us to unlock a seamless delivery pipeline, fortified security, and enhanced business value amidst the ever-evolving threat landscape.

• Sharpening standards and compliance practices
• Assessing the cost-impact of compliance from a strategic perspective
• Complying with CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, NIST and Essential 8
• Sharing information and intelligence to support the wider ecosystem
• How do industry and boards keep up with all the government led changes such as SoNs and the multiple reporting obligations across various government regimes?

Panel moderator:

Lisa Dethridge, Senior Research Fellow, RMIT University

Panellists:

Johnny Serrano, Head of ICT, Thiess

Sharon Kalsi, Senior Manager - Technology Resilience & Operational Risk, Bank of Queensland

Gabriela Guiu-Sorsa, Information Security Principal Advisor, GRC, Queensland Fire and Emergency Services

Pearse Courtney, Cyber Project Manager, AEMO

Due to the constant evolution of our internal networks and in the face of an unforgiving threat landscape, Security Operations teams are constantly looking at new ways to enhance their visibility in order to better anticipate cyber threats. This session will explore the importance of how enhanced detection and response capabilities, visibility of your attack surface, and cyber threat intelligence can be helpful in better focusing your cyber security defences.

• Build a well-developed program that supports and is tailored to the organisation’s needs
• Create a well-designed program with cooperation and support from stakeholders and management
• Develop effective metrics and KPIs for program design, implementation, and management performance assessment

• Setting up your cyber programs from scratch
• Getting buy-in from the board and steering committee
• Deciding on the most suitable techniques to implement a successful program
• How to ensure internal stakeholders understand the objectives and needs of security controls
• Defining metrics and adopting assurance frameworks
• Uplifting your program’s maturity by focusing on continuous improvement

This session explores the importance of implementing Essential Eight strategies, particularly in light of the expanded scope and security obligations introduced by the SOCI Act reforms in 2021/22. Especially relevant for critical infrastructure sectors, Sam highlights common security pitfalls such as macro security risks and the need for proper multi-factor authentication (MFA).

• Having an effective incident declaration process in place is key when developing your compliance strategy and meeting critical infrastructure regulations and standards. During this session, we’ll explore:
• Managing lack of clarity of SOCI Act and SoNS by developing documented interpretation of the frameworks
• Good practices defining and fine-tuning incident declaration processes and response plans
• How to identify what your organisation is doing right and what needs improvement
• Effective ways to advance your maturity model

Panel moderator:

Lisa Dethridge, Senior Research Fellow, RMIT University

Panellists:

Jack Cross, Associate Director, Information Security, Queensland University of Technology

Alvin Rubyono, Head of Security Engineering and Operations, Origin Energy 

Pearse Courtney, Cyber Project Manager, AEMO

As we explore leveraging threat intelligence, machine learning, and AI for proactive protection, learn how consolidating vendors and platforms simplifies operations while enhancing visibility and efficiency.

Join us to unlock new strategies for bolstering cybersecurity resilience and how Cloudflare can revolutionise cybersecurity.

As cyber threats grow in complexity, traditional Security Operations Centres (SOCs) struggle to keep up. There are a record number of CVEs forcing organisations to scramble to keep up, and the impact of ransomware grows wider with each incident. This talk explores how integrating Generative AI, Machine Learning (ML), and automation can transform SOCs, enhancing threat detection, response, and mitigation. We will examine the limitations of current SOCs and how Generative AI can improve threat hunting and threat detection. The role of ML in predictive analytics and anomaly detection will be discussed, highlighting specific Gen AI architecture that enhances security operations. Practical applications of automation, including automated incident response and workflow orchestration, will be showcased through real-world case studies. Attendees will learn how to evolve their SOCs into advanced defence hubs, capable of tackling modern cyber threats with agility and precision. 

• Effective ways to educate – engaging diverse people with cybersecurity and online safety
• People centric – adopting an in-person tone and using real-life examples of how a cyberattack can impact everyone’s lives
• Relevant – what’s in it for them and why they should care
• Providing resources – setting clear expectations and providing resources

Panel moderator:

Jason Murrell, Independent Chair, Cyber Security Certification Australia (CSCAU)  

Panellists:

Shannon Jurkovic, CISO, Australian Retirement Trust

Kat McCrabb, CISO, Brisbane Catholic Education

Andrew McMutrie, Head of Security (ANZ & Asia), Corporate Travel Management

Charles McDermid, Senior Manager, Cyber GRC, Bank of Queensland

Mariya Novakova, Advisor Cyber Security Risk, Rio Tinto

While high-profile spyware like Pegasus by NSO Group has captured international attention, the widespread and often occurrence of mobile device and mobile application attacks in Australia often goes under reported. This session will give special insight into real world mobile attack events that affected Australian organisations in the past year, discussing the impacts, learnings on how they happened, and what could have been done to prevent them. 

• Assessing the status of your incident response capability: when should you perform read-through, table-top, and red team exercises?
• How can pen-testing and vulnerability management be most effective?
• What are the challenges and benefits of CMDB from an IM perspective?
• Incident Management Systems – benefits of EDR systems, IDPS, and other managed incident strategies
• Reactive Incident response vs Proactive Incident response – how well organisation manage that and how well those tasks are defined and segregated among defensive teams

Panel moderator:

Lisa Dethridge, Senior Research Fellow, RMIT University

Panellists:

Sadeed Tirmizey, CISO, Seqwater

Michael Poezyn, CSO, Derivco

Alvin Rubyono, Head of Security Engineering and Operations, Origin Energy

Lama Tayeh, Founder, LULUMPR

Join Tim Hartman as he share’s the Infoblox response to the Australian Government’s Cyber Security Strategy paper. Leveraging industry insights and collaborative consultations, the paper underscores a vision for a secure and resilient digital future for Australia. Tim will discuss best practices pertaining to the implementation of controls aligned with the six identified ‘Shields,’ contributing to a comprehensive and effective cybersecurity posture. He will also provide insights on how Infoblox’s threat protection at scale can help organisations achieve their cybersecurity goals.

Key strategies and best practices for Boards to navigate and manage a cyber crisis to ensure business continuity and organisational resilience in both short and long terms.

During this session, Tim Eichmann will share his experiences developing and implementing a 10-years cybersecurity program to ensure Queensland is cyber-ready for the Brisbane 2023 Summer Olympics. He’ll discuss the need to create a strategic roadmap to support the enterprise’s plan to advance its cyber maturity.