Mark Priebatsch, Regional Director Australia & New Zealand, Checkmarx

This overview will walk you through the essential steps in establishing a pragmatic privacy and cybersecurity program alignment for a business, starting with ways to identify goals, communicate with the executive teams, align and partner with IT, privacy asset valuation, threat and vulnerability assessments, environmental considerations (cloud, IoT, distributed workforce), control selection, incident response, people and cybersecurity, and program management.

Chris Moschovitis, Author, “Privacy, Regulations, and Cybersecurity: The Essential Planning Guide” (US)

• Exploring common and out-of-sight cybersecurity risks of third party management
• Understanding and addressing the cyber risks behind them
• Challenges presented by third party identity management – and how to overcome it
• How to ensure your organisation is complying with CDR rules when adopting this approach

Grae Meyer-Gleaves, CISO, Hollard

Security breaches in the cloud usually don’t exploit a single misconfiguration or vulnerability but rather a toxic combination of multiple issues that in isolation wouldn’t raise a red flag given the tons of alerts security teams already get. In this session, we’ll discuss five common toxic combinations across internet exposure, identities and entitlements, software vulnerabilities, and misconfigurations that when combined represent an attacker's pathway to a breach.

Matt Preswick, Enterprise Solutions Engineer, APJ, Wiz

An inspiring keynote, showcasing how you can tap into and grow your resilience to overcome life's challenges, and enhance your leadership skills to lead people through the darkest of times. Daryl Elliott Green will walk you through his extraordinary life experience and the obstacle course he navigated over the decades which followed, after he was ambushed on duty and shot in the face from less than a metre away as a 27-year-old police officer.

Daryl Elliott Green, TWICESHOT.com

During this session, Brad will share his personal when he was seriously injured in a bike accident’ He’ll share lessons learned, why cyber security professionals shouldn’t blame the victim and how to help their friends and organisations recover from data breaches and cyber-attacks.

Bradley Busch, CISO, Tyro Payments

Open-source libraries have become an essential part of almost all modern applications. Without open-source, software development would be stuck in the slow lane. Not “reinventing the wheel” each time you need certain functionality in an app saves time and effort, and as a result, open-source isn’t going away anytime soon. If anything, it’s becoming more and more widespread. But there’s a certain amount of risk that comes with using open-source components, modules, and libraries. Today, it’s increasingly important to protect yourself from these risks.

In this session, we will discuss the importance and prevalence of open-source software as well as the ways you can protect yourself from its attendant risks and licensing issues. The goal is to catch issues or threats ahead of time before they can become fatal.

Michael Pogrebisky, Technical Director, Checkmarx

• An overview of the growth of ransomware attacks and how organisations are being impacted
• Understanding the risks and complications of the amended Privacy Act and Notifiable Data Breach scheme
• Can cyber insurance support the fight against ransomware?
• Exploring successful cases of improving organisations’ ransomware protection posture

Mandy Turner, Senior Manager Cyber Security Operations Centre, The University of Queensland

Today, Zero Trust is no longer a theoretical idea—it’s an active initiative for virtually every company with a digital footprint. However, many organisations still have a long way to go to truly reap the rewards of an advanced Zero Trust security architecture with just under half of APAC organisations having a defined Zero Trust security initiative in place today (The State of Zero Trust Security 2022, Okta).

Join this session to discover:

• What should your Zero Trust 'North Star' be?
• Hear this year's top security strategy takeaways
• Unpack the five phases of Zero Trust Maturity
• Where does your business sit on the Maturity curve, and what does it mean for your security strategy

James Darwin, Senior Solutions Engineer, Okta

During this session, David will discuss the risks and potential costs of ransomware attacks, and how organisations can prepare for ransomware protection and response. Join him and explore effective practices to strengthen your organisation’s resilience.

David Chantler, Director of Information Security and Technology Risk, Queensland Treasury Corporation

Three-quarters of Australian CISOs see human error as their organisation’s biggest cyber vulnerability. It only takes one employee to click on a bad email to compromise your organisations entire network. Actors know what the weakest link is and they’ve long since shifted to exploiting the human. What if there was a way to stop rolling the human dice every day?

Learn how organisations can leverage advanced behavioral science and automation for informed and near instantaneous decision making on what is good and what is bad email. As well as removing the increasing burden that is placed on employees as a last line of defence.

Join this session to understand:

• How behavioural data science from the ad-tech world is being used to baseline normal in order to find what is abnormal
• New insights and controls over protecting against supply chain attacks
• Account takeover techniques and measures that can be taken to help protect against them

Tim Bentley, Regional Director APAC, Abnormal Security

• What the Security Legislation Amendment (Critical Infrastructure) Bill 2021 means for your business
• What do you need to know to about Positive Security Obligations and Government Assistance reforms?
• What to do next if your company is part of the expanded coverage of specific entities
• How well do these regulations address cybersecurity risks?

Panel moderator:

Mark Priebatsch, Regional Director Australia & New Zealand, Checkmarx

Panellists:

Jason Anderson, CISO, Australian Retirement Trust

Nikki Peever, Director, Cybersecurity Program, CAUDIT

Grae Meyer-Gleaves, CISO, Hollard

• What is cyber insurance and what is it for?
• What you need to know about insurance underwriting for your business
• What are the key considerations for organisations when thinking about cyber insurance?
• Adopting cyber insurance as part of your risk management strategy
• Strategies to be specific about your company’s needs to get premiums down

Rob Wiggan, Cyber Specialist, Willis Towers Watson

Tim Hartman, Head of Solution Architects, Infoblox Australia and New Zealand

During this session, Professor Helge Janicke will share research-based strategies to increase cybersecurity awareness and get board-level buy-in. Join his session and get invaluable insights that will help you create risk awareness, drive change, and build a cybersecurity driven culture.

Helge Janicke, Research Director, Cyber Security Cooperative Research Centre

• How can CISOs speak the CEOs’ language
• What does the board expect from CISOs when evaluating and reporting inherent and evolving risks?
• How can the board support CISOs in conducting a cybersecurity mission & strengthening their posture?
• Working together in mastering the company’s digital governance & risk management practices
• Exploring challenges and opportunities to adopt a secure-by-design approach in the business

Panel moderator:

Jo Stewart-Rattray, CSO, Silver Chain

Panellists:

David Bunker, Strategy Consultant and Director

Tony Kitzelmann, CISO, Airservices Australia

Jason Anderson, CISO, Australian Retirement Trust