-
CISO BRISBANE 2024 - AGENDA
-
07:20
Cyber Leaders Private Breakfast (Invite Only)
-
08:00
Register; grab a coffee. Mix, mingle and say hello to peers old and new.
-
08:20
Welcome from Corinium and the Chairperson
-
08:30
Opening Keynote: Australia’s Cyber Security Strategy and the work of the CSRCU
Will Hood - Assistant Director - National Office of Cyber Security, Department of Home Affairs
-
08:55
Cybersecurity is everyone's responsibility: How to communicate this message effectively across the organisation
Joe Gillett - Head of Australia and New Zealand - KnowBe4
Depending on the report you read, 82% to 95% of cyber incidents are directly related to human error. The evolution of Security Awareness Training is now moving towards Engagement and Security Culture, also referred to as human risk management and human layer protection. Historically the IT Department has been responsible for cybersecurity. The attack vector has increased exponentially over the last ten years with technological developments, increased internet speed, accessibility, the growth of mobile devices and, more recently, the move to remote working have meant that cybersecurity is literally on the move as we take our devices everywhere. As a result, the responsibility when it comes to cybersecurity has spread from IT to literally everyone in an organisation. This comes with challenges and frustrations with employee engagement and security awareness training programs. Are people not completing the training? Not reporting phishing emails? Still not understanding that cybersecurity is everyone’s responsibility.
-
09:20
Cyber strategy – creating robust and future-oriented frameworks
Dieter Schutte - Head of Cybersecurity - Super Retail Group
Dive into a comprehensive exploration of strategic security planning amid the dynamic landscape of cyber threats. This session will discuss a useful framework of to-do’s for formulating a robust and future-oriented security strategies. By asking the right questions, we'll uncover critical insights and approaches that help your organisation anticipate and mitigate risk, thereby securing a more resilient future in an era of growing uncertainty.
-
09:45
Mitigating Risk to the #1 Target for Attackers: Your Enterprise Identity System
The foundational component of a modern security architecture is a secure identity system. And though most organizations are thinking "cloud first", identity doesn't start in the cloud - it starts on premises. And overwhelmingly that on-premises identity system is Microsoft’s Active Directory (AD).
AD is involved in more than 90% of all cyberattacks today because when it's compromised it gives attackers near-total control over your IT systems. And once crippled by a cyberattack, it requires an average of two weeks to rebuild and regain trust manually - while your business is down.
In this session, we will review:- Why AD is such a target
- How you can increase operational resilience of this mission critical identity system by
- Mitigating attacks against your AD
- Significantly reducing its recovery time objective (RTO)
-
10:10
A risk-based approach to cybersecurity
Clayton Brazil - Head of Cyber and Information Security - WorkCover Queensland
- Streamlining your controls to avoid duplicative effort and align them with business objectives
- Influencing stakeholders to ensure a more business focused approach to cybersecurity
- Proactively managing for changes in the environment to ensure continuous compliance
- Building cyber risk awareness and culture to influence change
-
10:35
Get refreshed! Mingle
-
11:05
On-stage interview: Nurturing the Welfare of your Cyber Teams
Working in cybersecurity can seem like an uphill battle, a daily unrelenting, and often thankless grind.
Preventing breaches is a team effort that depends primarily on the dedication and wellbeing of your cybersecurity professionals. Sure, factors like the company's risk appetite and senior management's commitment play a role, but the real key is having an engaged and motivated cyber team. Throwing money at the problem with big budgets is no substitute for having the right people in place.
That's why it's crucial for CISOs to keep their teams happy, motivated, and engaged. During this interview, Stephen Bennett will be grilled by one of his own team members, Peter Johnsson, and will share the challenges and the successful strategies to ensure the wellbeing of the team and work towards preventing burnout. Because let's face it, a happy cyber warrior is an effective cyber warrior – and we could all use a few more of those in this crazy digital world.
Speakers:
Stephen Bennett, CISO, Domino’s
Peter Johnsson, Group Head of Cyber Services, Domino’s
-
11:30
Integrating DevSecOps and Value Stream Management for AI-Driven Software Development Velocity
Rob Williams - Senior Solutions Architect - GitLab
In the dynamic realm of digital transformation, organisations face the challenge of harmonising swift software delivery, transformative AI technologies, and robust security protocols. This session delves into the symbiotic relationship among DevSecOps, AI, and Value Stream Management (VSM) to navigate this intricate balance. Explore the integration of VSM and AI to elevate DevSecOps methodologies, empowering organisations to fortify their security stance adeptly. Join us to unlock a seamless delivery pipeline, fortified security, and enhanced business value amidst the ever-evolving threat landscape.
-
11:55
Panel: Compliance burden – How much regulation is too much?
- Sharpening standards and compliance practices
- Assessing the cost-impact of compliance from a strategic perspective
- Complying with CPS 234, CPG 234, CPG 235, and other standards such as ISO27001, NIST and Essential 8
- Sharing information and intelligence to support the wider ecosystem
- How do industry and boards keep up with all the government led changes such as SoNs and the multiple reporting obligations across various government regimes?
Panel moderator:
Lisa Dethridge, Senior Research Fellow, RMIT University
Panellists:
Kat McCrabb, CISO, Brisbane Catholic Education
Johnny Serrano, Head of ICT, Thiess
Gabriela Guiu-Sorsa, Information Security Principal Advisor, GRC, Queensland Fire and Emergency Services
Pearse Courtney, Cyber Project Manager, AEMO
-
12:30
Building a cybersecurity program from scratch – dos and don’ts
Fabian Llanos Lopez - Head of Cybersecurity & Risk - Compass Group Australia
- Build a well-developed program that supports and is tailored to the organisation’s needs
- Create a well-designed program with cooperation and support from stakeholders and management
- Develop effective metrics and KPIs for program design, implementation, and management performance assessment
-
12:55
VIP IAM Luncheon (Invite Only)
-
12:55
Lunch and networking
-
Track A: Critical Infrastructure
-
13:55
Improving your cyber programs and uplifting maturity
Glenn Dickman - Director of Cyber Security - Griffith University
- Setting up your cyber programs from scratch
- Getting buy-in from the board and steering committee
- Deciding on the most suitable techniques to implement a successful program
- How to ensure internal stakeholders understand the objectives and needs of security controls
- Defining metrics and adopting assurance frameworks
- Uplifting your program’s maturity by focusing on continuous improvement
-
14:20
Asset Intelligence: The Bedrock of Cyber Security
TBC - Senior representative - Fujitsu
Extensive knowledge of assets that need to be secured is foundational for any effort to secure any type of asset. It’s no surprise that the Security of Critical Infrastructure Act 2018 (SOCI) addresses this in its initial requirements and recommendations.
When an Asset Intelligence platform is implemented as the bedrock of a cyber security initiative asset information is continuously collected, aggregated, correlated and analysed making all subsequent activities easier.
Join me to learn what constitutes an Asset Intelligence platform and how specific capabilities optimise every step of the process to compliance.
-
14:45
Panel: Relying upon your CI incident response plans
- Having an effective incident declaration process in place is key when developing your compliance strategy and meeting critical infrastructure regulations and standards. During this session, we’ll explore:
- Managing lack of clarity of SOCI Act and SoNS by developing documented interpretation of the frameworks
- Good practices defining and fine-tuning incident declaration processes and response plans
- How to identify what your organisation is doing right and what needs improvement
- Effective ways to advance your maturity model
Panel moderator:
Lisa Dethridge, Senior Research Fellow, RMIT University
Panellists:
Jack Cross, Associate Director, Information Security, Queensland University of Technology
Alvin Rubyono, Head of Security Engineering and Operations, Origin Energy
Pearse Courtney, Cyber Project Manager, AEMO
-
15:10
Zero Trust in Critical Infra: from Cyber Conscious to Cyber Resilient
TBC - Senior representative - Cloudflare
How cyber leaders in critical infrastructure organisations are adopting Zero Trust Segmentation as a simple way to not only protect themselves and the public interest from immediate and evolving threat, but also to strategically balance innovation and cyber risk. Rethinking security architectures for modern platforms that run critical infrastructure and economy vital systems - from conscious reaction to resilient anticipation.
-
15:35
Cyber security AI adoption Roadmap: Mapping out the threat landscape and a Risk based approach to controls
Ryan Nera - BISO - Telstra
-
Track B: Business Enabler
-
13:55
In-Depth Security – Adopting risk-based frameworks and guidelines
Heinrich Viljoen - Head of IT Governance & Cyber Security - Youi Insurance
- Setting up your cyber programs from scratch
- Getting buy-in from the board and steering committee
- Deciding on the most suitable techniques to implement a successful program
- How to ensure internal stakeholders understand the objectives and needs of security controls
- Defining metrics and adopting assurance frameworks
- Uplifting your program’s maturity by focusing on continuous improvement
-
14:20
Setting security strategy by navigating the threat landscape
TBC - Senior representative - SentinelOne
One of the aims of a security program is to address the risk associated with the ‘threat landscape’ faced by an organisation. But what is a threat landscape? In this talk, we will discuss some approaches on how to characterise and map the threat landscape, derive an organisational risk profile, and set objectives for a workable security program. We’ll look at how the characterisation of the threat landscape aligns with the desirable characteristics of a security program. This approach has a strategic focus and guarantees an optimal security spend in terms of product selection, implementation, and operational parameters for the program.
-
14:45
Fireside chat: Educate, educate, educate – simple steps to improve accountability across the business
- Effective ways to educate – engaging diverse people with cybersecurity and online safety
- People centric – adopting an in-person tone and using real-life examples of how a cyberattack can impact everyone’s lives
- Relevant – what’s in it for them and why they should care
- Providing resources – setting clear expectations and providing resources
Panellists:
Shannon Jurkovic, CISO, Australian Retirement Trust
Darron Richardson, CISO, Southern Cross University
Kat McCrabb, CISO, Brisbane Catholic Education
Andrew McMutrie, Head of Security (ANZ & Asia), Corporate Travel Management
Jane Hogan France, Senior Manager Cyber Security, Allianz Australia
Charles McDermid, Senior Partner Operational Risk, Technology, Bank of Queensland
Mariya Novakova, Advisor Cyber Security Risk, Rio Tinto
-
15:10
Bringing stakeholders together for a successful Zero Trust journey
TBC - Senior representative - Zimperium
- How to develop a roadmap and implementing specific initiatives to your projects
- Discover effective ways to build a zero-trust security framework
- Identify key components of a zero-trust model to protect the current environment
-
15:35
A Day in the Life: What the first 100 days in the CISO role looks like
Rob Wiggan - Experienced CISO -
-
16:00
Get refreshed! Mingle
-
16:20
Panel: Overcoming common IM challenges
- Assessing the status of your incident response capability: when should you perform read-through, table-top, and red team exercises?
- How can pen-testing and vulnerability management be most effective?
- What are the challenges and benefits of CMDB from an IM perspective?
- Incident Management Systems – benefits of EDR systems, IDPS, and other managed incident strategies
- Reactive Incident response vs Proactive Incident response – how well organisation manage that and how well those tasks are defined and segregated among defensive teams
Panel moderator:
Lisa Dethridge, Senior Research Fellow, RMIT University
Panellists:
Sadeed Tirmizey, CISO, Seqwater
Michael Poezyn, CSO, Derivco
Alvin Rubyono, Head of Security Engineering and Operations, Origin Energy
-
16:45
Governing Through a Cyber Crisis – Strategies for Boards
Gaurav Vikash - Head of Security and Risk, APAC - Axon Enterprise
Key strategies and best practices for Boards to navigate and manage a cyber crisis to ensure business continuity and organisational resilience in both short and long terms.
-
17:10
Roadmap to maturity – a strategic approach to advance security
Tim Eichmann - Principal Cyber Security Architect - Queensland Police Service
During this session, Tim Eichmann will share his experiences developing and implementing a 10-years cybersecurity program to ensure Queensland is cyber-ready for the Brisbane 2023 Summer Olympics. He’ll discuss the need to create a strategic roadmap to support the enterprise’s plan to advance its cyber maturity.
-
17:35
Event Close and Cocktail Reception & Networking
-
18:00
Cyber Leaders Private Dinner (Invite Only)
Not Found