AppSec & DevSecOps Sydney schedule

In this 10-minute networking session, the goal is to connect with three new people. Let the questions on the screen spark your conversation. Enjoy the opportunity to expand your network!  

• Emphasise the importance of tech leaders influencing organisational change through trusted partnerships in DevSecOps.
• Positioning security partners to embed robust security practices throughout the development lifecycle.
• Explore strategies for driving organisational change by enhancing visibility of collaborative DevSecOps efforts.
• Transform the approach to build a resilient cyber security culture and create a cohesive, security-focused environment. 

Amidst rapid technological change, safeguarding digital assets is paramount. This session outlines crucial strategies for herding and securing "digital cattle," emphasising robust security. It delves into growing cloud reliance, compliance, and governance for trust. Furthermore, it covers the vital role of software supply chain management in vulnerability mitigation. Join us in crafting a comprehensive approach for digital asset protection in today's dynamic landscape.

• Discussing how embedding security within DevOps practices boosts operational efficiency and strengthens application security.
• Aligning strategies to create a cohesive security approach that supports overarching business goals.  
• Discovering how AppSec integrates with DevSecOps to achieve measurable business outcomes, such as reduced risk and faster delivery.
• Gain insights into designing an effective roadmap for technology adoption and cultural transformation to maximise the impact of AppSec and DevSecOps.

• How can we secure the entire software development and supply chain lifecycle through integrated DevSecOps, AppSec practices, and robust container security measures?
• What strategies can mitigate risks and threats at every stage of the SDLC through continuous evaluation and improvement driven by DevSecOps practices?
• How can operational efficiency be enhanced and compliance streamlined with effective automation strategies in governance?
• In what ways can we address vulnerabilities in software supply chains and containerised environments with comprehensive, layered security approaches?

Panellists:

Chethana Krishnakumar, Software Technology Lead, Centre for Population Genomics

Hitesh Jamb, DevSecOps and Test Practice Lead, APA Group

Yashaswini Prabhudev, Security Engineering Manager, AGL  

In the dynamic realm of digital transformation, organisations face the challenge of harmonising swift software delivery, transformative AI technologies, and robust security protocols. This session delves into the symbiotic relationship among DevSecOps, AI, and Value Stream Management (VSM) to navigate this intricate balance. Explore the integration of VSM and AI to elevate DevSecOps methodologies, empowering organisations to fortify their security stance adeptly. Join us to unlock a seamless delivery of pipeline, fortified security, and enhanced business value amidst the ever-evolving threat landscape.

• Defining clear AppSec objectives and goals, aligning them with business priorities for both yearly and quarterly plans.
• Implementing security practices throughout the development lifecycle for custom applications while evaluating and securing third-party applications.
• Establishing a roadmap for integrating security measures, allocating resources, and managing risks associated with both off-the-shelf and custom-developed applications.
• Monitoring effectiveness through metrics and KPIs, adapting strategies based on new threats and evolving business needs.

• Analyse how QA/QE teams can adapt to the DevSecOps culture, emphasising collaboration between development, security, and operations.
• Highlight the shift-left approach in testing, where QA is involved early in the development process to identify security vulnerabilities.
• Discuss strategies for fostering a security-first mindset within QA teams and how it impacts the software development lifecycle.10

The swift integration of open source in software development has exposed vulnerabilities in the software supply chain, necessitating a smartly automated solution for security and compliance to safeguard entry points into software factories. The intersection of DevOps, Security, and now AI has elevated the importance of effectively managing and securing the software supply chain, posing significant complexity for Organisations. 

• Discover how to enhance AppSec through modern cloud technologies and effective frameworks.
• Learn how to scale security efforts by empowering teams, improving processes, and leveraging advanced metrics.
• Discuss practical approaches to communicate risks and needs associated with AppSec with stakeholders and advance maturity across your organisation.

Cameron delves int30o the realm of upstream supply chain attacks, examining the latest regulatory developments worldwide. He then explores proactive measures Organisations can adopt to thwart malware infiltration into their Software Development Life Cycle (SDLC), along with strategies for staying compliant with upcoming regulations.

• Integrate DevSecOps principles into platform engineering to enhance security across all stages of the development lifecycle.
• Discuss the importance of aligning workflows, enhancing automation, and fortifying security measures to create a cohesive platform for software delivery.
• Exploring how Security as Code (SaC) empowers proactive cyber security measures within the development pipeline
• Highlight the need to strike a balance between experimentation and pragmatism to ensure alignment with organisational goals and augment DevSecOps strategies.

Join industry leaders as they delve into the essential skills required for secure coding and the training methodologies that can effectively impart these skills.

• Addressing the limitations of traditional security testing tools such as SAST and DAST.
• Highlighting the importance of proactive coding practices as the last line of defence.
• Discussing the effective secure coding training for developers to recognise and mitigate security risks from the ground up.

Moderator:

Anusha Srinivasan Practice lead - Quality Engineering WooliesX

Panellists:

Alistair Clarkson, Head of DevSecOps, Service NSW

Maryam Shoraka, Cyber Security Operations Manager, NSW Department of Communities and Justice

Having an effective incident declaration process in place is key when developing your compliance strategy and meeting critical infrastructure regulations and standards. During this session, we’ll discuss best-practice defining and fine-tuning incident declaration processes and response plans, identify what your organisation is doing, and brainstorm strategies to advance your maturity model.

Panel moderator:

Michael Bromley, Founder and CEO, VentureSpark

Panellists:

Thomas S. Breeden, Supervisory Special Agent, FBI

Himanshu Anand, Head of Technology, Cyber Threat Management, Tabcorp

• How the cybersecurity function can support the business to deliver key strategic goals
• Benefits of including cybersecurity as part of your organisation’s Environmental, social, and corporate governance (ESG) processes and frameworks

Cloud adoption is expanding rapidly, and with that expansion comes new complexities. The speed of growth and change in the cloud creates an ever-changing threat landscape. Wiz Research is at the forefront of the cloud's threat landscape and is behind the discovery of vulnerabilities like ChaosDB, ExtraReplica, AttachMe and OMIGOD. In this session, we will cover the major cloud threats recently seen by the Wiz Research team which includes supply chain risks, data exposure, API security threats, and attack patterns used by groups such as LAP$U$. This session summarizes key insights across customers, Wiz and third-party threat research, and numerous other sources

• Overview on the growing threats landscape and how it could impact our societies, businesses, and economies
• Bridging the talent gap for better security and resilience
• Advices for Australian organisations to support workforce training when adopting robust cyber security measures

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.

As the severity of scams and frauds increase and cybercrime becomes more sophisticate than ever, staying ahead of the game is critical. During this session, you’ll hear how cybersecurity is “front of mind” for one of Australia’s largest banks by investing in the right skills, creating robust defence and control systems, and employing effective detection and response plans.

Three-quarters of Australian CISOs see human error as their organisation’s biggest cyber vulnerability. What if there was a way to stop rolling the human dice every day?

Learn how organisations can leverage advanced behavioural science and automation for informed and near instantaneous decision-making on what is good and what is bad email. As well as removing the increasing burden that is placed on employees as a last line of defence.

In this session we will discuss:

• Account takeover techniques and measures that can be taken to help protect against them
• New insights and controls over protecting against supply chain attacks
• The accuracy of advanced behavioural data science in identifying anomalous behaviour

During this session, Brad will share his personal when he was seriously injured in a bike accident’ He’ll share lessons learned, why cyber security professionals shouldn’t blame the victim and how to help their friends and organisations recover from data breaches and cyber-attacks.

With the threat of cyber warfare becoming ever more serious, every organisation needs a “this is not a drill” cyber-first recovery plan. If cyberattackers targeted your organisation, the most likely business-crippling scenario would be a direct attack on Active Directory (AD)—the system that authenticates users and grants access to business-critical applications and services. AD has become a prime target for cybercriminals—implicated in 90% of the incidents Mandiant researchers investigate—because it has systemic vulnerabilities and because it gives attackers the means to unleash devastating malware.

The NotPetya attack that crippled Maersk in 2017 was a harbinger of the chaos to come. In this session, we’ll examine the action plan every organisation needs to execute to protect against a business-disrupting cyber incident.

• How long does an incident response take usually and what normally brings down the AD?
• How common is it that the Active Directory is used in a data breach ransomware scenario?
• What does ADFR require to be able to recover AD?

CISOs committed to creating risk awareness and building a cybersecurity driven culture are facing several challenges, from getting senior management buy-in, to implementing organisational change and engaging employees. During this session, you’ll explore:

• What are the biggest challenges when getting buy-in from top management?
• Successful ways of incorporating cybersecurity into the organisation’s risk management strategy
• How to encourage everybody to take ownership of cyber?
• Why leaders must be committed to continually improve their teams’ skills and knowledge in IT and cybersecurity – and how do to this?

Moderator:
Kevin Fleming, Chief Technology Officer, ExperstDirect

Panellists:

Frances Bouzo, CISO, Ampol

Anna Aquilina, CISO, UTS

Jo Stewart-Rattray, Chief Security Officer, Silverchain

Grant Lockwood, CISO, Virtus Health

Varun Acharya, CISO, Healthscope

• How to go about defining your Cyber Security Strategy?
• What metrics should you use to measure progress and success of the strategy?
• What frameworks should you consider when building the Cyber Security Strategy?
• What are example capabilities to consider?
• What does your roadmap look like?
• What budget will you be asking for per year based on the roadmap?
• How do you plan on operating these capabilities?

As more organisations look to align to the Essential Eight many are finding significant challenges around the aspects of removing Admin Privileges, Application Control and User Application Hardening. Yet as many organisations are finding, leveraging a modern Privilege Access Management solution can provide significant coverage across the requirements of the Essential Eight and more.

Join Scott Hesford, Director of Solutions Engineering, APJ, BeyondTrust, as he dives into some of the more challenging aspects of the Essential Eight and, bringing first-hand experience, shows you how you can solve many of the challenges you might be facing in adopting the Essential Eight. 

By attending this session, you will learn:

• How modern PAM helps organisations cover multiple aspects of the Essential Eight
• Where you can leverage the Essential Eight for your zero-trust journey
• Key questions to ask in consideration to Application Control and User Application Hardening

There’s a cyber superpower out there, but have you discovered them yet? If you’ve discovered them, have you brought them into the tent? When it all goes pear shaped, they’ll be the second call you make (after your boss!) When all is going well, you’ll want to speak to them regularly to drive strong security outcomes. Let me introduce them to you and share the why and how. You’ll want one too! 

Businesses have embraced digital to engage with their customers. As quickly as brands have delivered digital experiences, bad actors have been just as fast in figuring out how to use credential stuffing, account takeover, and other types of attacks to their advantage. Keeping pace in this rapidly evolving threat landscape requires businesses to look for innovative ways to build experiences that optimize both security and convenience. But, ensuring one doesn’t overshadow the other often requires multiple integrations and custom development that adds internal friction and slows down innovation. A customer identity strategy that expands beyond access management, but includes fraud detection and identity verification capabilities that can seamlessly be orchestrated together can eliminate integration challenges and drive innovation. Join this session to learn Ping Identity’s drag-and-drop approach to customer identity that streamlines bringing together all the tools a business needs to rapidly build, test and optimize end-to-end customer journeys.

• How to effectively translate threat to risk to the board and the teams
• Human-issue in risk management – improving culture through intelligence models
• Eliminating risks by improving your asset x threat x vulnerability model – hype or reality?

• How the lack of understanding and false sense of security impacts your cloud journey
• How save your data really is when you move to the cloud?
• What factors you must consider to ensure you are getting a reliable, secure product
• Strategies to trust and rely on your providers with a full, clear picture of what you are getting as part of your contract

Securing the cloud is a never-ending task that becomes more challenging each year as clouds accrue new features and functionality. The same can be said for the ever increasing responsibilities and mandates expected of CISOs, including driving the probability of intrusions, data exfiltration, ransomware, etc., to effectively zero. With new technologies and tools come great opportunities for businesses; however, if they are not used appropriately and securely, they can do more damage than good. In this session we will address the elephant in the room: how can CISO’s do more with less, while ensuring the integrity of their resilience based security architecture, and prepare for enterprise obstacles and opportunities ahead.

In a world where the pressure to deliver new and innovative ICT capability is only ever growing, and the threat actors are also increasingly sophisticated and pervasive, how can companies ensure they meet these challenges whilst still ensuring cyber resilience? During this interactive discussion, hear challenges and benefits of SOC Automation, explore experiences and lessons learned, and discuss different ways of improving and driving efficiency of your SOC.

With the growth of the digital services industry and AI technologies, data has arguably become one of the most valuable economic resources of the modernized economy. However, it is also becoming increasingly the most regulated and riskiest to handle.

The emergence of the GDPR in Europe, which is based on a set of comprehensive principles and obligations for data controllers, extra-territorial application, and strict enforcement mechanisms has been followed by countries and jurisdictions around the world passing similarly prescriptive data privacy and protection laws all with their own unique requirements.

Today more than 200+ countries have passed data privacy and protection laws which keep getting more complex and demanding - countries like New Zealand, Indonesia, and India are now also morphing these regulations into Data Protection and Privacy requirements including for Sensitive Data. Australia is also embarking on its own uplifts to Privacy Laws.

The scope of responsibilities for data controllers under these global data privacy and protection laws are also growing - with many modern

Thus, organizations in APAC are encountering experiences in which they are seeing Data Sovereignty Laws as well as banking regulations around PII and MetaData that require audit and compliance at cloud scale.

We will explore the organizational impacts we are seeing across the region in meeting these challenges.

• The key impacts and considerations for organizations who are impacted by the merger of PI and SI into multiple regulations
• Technology is being developed and adopted to help organizations to manage these regulations at scale and where possible autonomously
• An overlap of roles and responsibilities across Policy, Classification, and Protection is occurring and the adoption of cloud and multicloud is accelerating this

• Exploring the most common industry security standards and cloud control framework
• How to choose the right standard and bring it to life in your cloud practices
• Striving for on-going compliance - when independent control assurance is needed?

In a world where the information age is at its zenith, with hundreds of thousands of applications being launched every day, the use and demand for application programming Interfaces (APIs) has increased significantly. Powered by open web technologies, APIs have transformed interdependence and partnerships between various commercial enterprises and sectors, allowing them to extend their offerings through in-app connections. With increased API usage, however, comes with it complications -- a major one being security. 
In this session, cyber security experts from Orca Security, Daniel Keidar and Scott van Kalken, will share how the company’s first patented agentless cloud security technology helps security teams identify and address API misconfigurations and security risks across a multi-cloud environment.

Gil Geron, Co-Founder, Orca Security

Daniel Keidar, Associate Vice President, Orca Security

Scott van Kalken, Senior Systems Engineer, Orca Security

It's said that smooth seas never make skilled sailors. If you're a cyber security leader, the good news then is that you definitely don't have "smooth seas" to reckon with. The challenging times presented by increasing connectivity, speed of business transformation, evolution of cyber threats and ever rising expectations can and do overwhelm even the best amongst us.  
This unique session will focus on providing cyber leaders with tangible, real-world tips to build the right mindset, emotional intelligence and differentiating skills that will allow them to deliver massive value to their organisations and optimise their own well-being. 

• Understanding cyber risks in a quantifiable way
• How to demonstrate the value of risks to the executive management
• What are the biggest challenges when getting buy-in from top management?
• Communication effectiveness: putting yourself in the boss’ shoes and delivering the right message

• How can CISOs speak the CEOs’ language?
• What does the board expect from CISOs when evaluating and reporting inherent and evolving risks?
• How can the board support CISOs in conducting a cybersecurity mission & strengthening their posture?
• Working together in mastering the company’s digital governance & risk management practices
• Exploring challenges and opportunities to adopt a secure-by-design approach in the business

Panellists:

Greg Sawyer, CEO, CAUDIT

Walter Kmet, CEO, Macquarie University Hospital

Vasyl Nair, CEO, Mine Super

Faizal Janif, Executive Advisory Board Member, AISA

To be successful, today’s CISO needs to bring more than their security acumen to the table. The role has expanded exponentially to address executive and board concerns, endless business challenges and customer and product confidence. While positive outcomes are the goal, it is critical for CISOs to work with full transparency to protect the business and themselves. In this session Gail will share best practices from her experience negotiating the evolving role of the CISO in an expanding threat landscape.

• How has the threat landscape evolved in Australia?
• How malicious cyber activities are impacting organisations across the country?
• What strategies can organisations adopt to create robust cyber security measures to prevent incidents and exploitations?
• Government, industry, academia and citizens working in collaboration to safeguard our country and communities

• The Evolution of Ransomware – How did we get here and what is next
• Understanding the risks and potential costs of attacks
• Exploring successful techniques to improve organisations’ ransomware protection posture

• Building security from scratch – incorporating people, process, and technology into your programs
• Strategies to improve your teams’ skills and knowledge in IT and cybersecurity
• Exploring how innovative technologies can help your company achieve adaptability and resilience

Join us to hear how to deter attackers, apply similar new techniques that the world’s biggest companies, like Adobe, Snap, PayPal, are using, and adapt your strategies to deliver measurable cost savings.

During the session, we’ll discuss:

• How criminals are conducting account takeovers and credential stuffing attacks that bypass MFA SMS toll fraud, and more to monetise CISOs’ own security defenses against themselves
• How attackers overcame MFA and how we worked with a top gaming merchant to prevent it
• A tour of the modern areas where adversaries share techniques and learn, the latest networks in play, and other threats, like SMS Toll Fraud and much more.

• How do you build a security program in 2023?  How has it changed from recent years?
• People, process, and technology – what do you need to incorporate into your program?
• What does ‘good enough’ look like and how do we measure it?  Risk, regulation, and strategy – making them all fit together

During this interactive discussion, Sam Hewett will guide the group to share key challenges and ways to overcome one of the most critical issues cybersecurity professionals are facing – mental health.

Supply chain can be the weakest risk of your digital assets. During this presentation, we’ll explore good practices for data protection, data governance, fraud prevention and third-party risks to ensure your supply chain is secure.

Cyber Security Programs are challenged by the sprawl of devices, device types, and the quantity of solutions continues to skyrocket and environments only grow more siloed and complex.
But there’s good news: Asset data can now be harnessed to transform your cyber security program. Today’s “asset intelligence” moves from a spreadsheet approach to an API-driven, rich and always up-to-date view into all assets via integrations of existing solutions, data correlation at scale, and querying capabilities to find and respond to gaps. Join this session to learn how asset intelligence improves security hygiene, allocate resources, accelerate incident responses and remediates gaps.

This session is designed for cybersecurity leaders who are currently implementing Zero Trust architecture models. Join us to hear common challenges and explore ways to overcome them. Key discussion points:

• The evolution of Zero Trust
• What are the key challenges you are trying to overcome
• How to develop a roadmap and implementing specific initiatives to your projects
• Discover effective ways to build a zero-trust security framework
• Identify key components of a zero-trust model to protect the current environment

During this session, we’ll explore various methods utilised in building a stronger, more secure company to prepare and protect against cybercrime. Richard will share his experiences of what has worked and hasn’t worked over the years and how getting certified really helped the organisation maturity journey.

How will you overcome a cyber-attack on your organisation?

In our rapidly-evolving digital world, cyber skills are critical to ensure reasonable, appropriate and informed business decisions can be made at an executive level.

In less than an hour, you can learn how

We will lead participants through an interactive cyber-attack, which includes ‘live’ news reports and calls for quick responses and decision making. Our user friendly physical boardgame is the centrepiece of the Gamification experience, designed to help participants better understand the cyber security application. The game facilitates open discussion in a fast-paced, fun and memorable environment, an innovative way to introduce cyber security into an organisation’s security awareness training and to complement routine computer-based education.

In a collaborative project, the Cyber Security Cooperative Research Centre (CSCRC), CSIRO’s Data61, Government of Western Australia through the Office of Digital Government, with the support of Edith Cowan University, have created an interactive board game to raise awareness and encourage critical thinking about how to prepare and respond to a ransomware attack. 

Facilitators:

Helge Janicke, Research Director, Cyber Security Cooperative Research Centre

Carl Celedin, Project Manager, Cyber Security Cooperative Research Centre

Join Splunk's Regional Director for Security, as he takes us through cyber predictions wins and losses of 2022 and looks forward into 2023 for Splunk's Data Security predictions. During this presentation you will hear more about ransomware, cyber-crime-as-a-service, Supply chain and Hiring cyber talent. All of this plus a little bit of fun with Open AI

• Exploring the challenges and opportunities for improvement
• What information should be given to the board?
• Quite the technical jargons – what the board won’t listen to and what they will shift attention to
• Developing and mastering your skills of communicating with the board

NSW has added cyber education to school curriculum, and secondary students will learn in ‘smart city sandbox’. The 10-week course was development between NSW Department of Education, Cyber Security NSW, and industry firms including MCB Business Partners and Core Electronics. During this session, you’ll get inspired on how the project came about, and what the profession can expect for 1000s of kids every year doing this course in NSW schools.

Join our interactive wrap-up discussion to share your key take-aways from CISO Sydney 2023 and hear how your peers will be address their key learnings moving forward.

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.

In the highly competitive age of digital transformation financial service organizations are facing accelerated urgency to improve their customer and employee experience while simultaneously reducing operating costs, and managing risk and compliance.

To meet these competing demands on their business, these organizations are racing to deploy deep learning to achieve a new competitive edge by optimizing their back office operations with intelligent document processing, personalizing their customer experience with cutting edge NLP models, and reducing fraud and risk using state-of-the-art deep learning.

AI is here and delivering new capabilities to help businesses solve large and complicated challenges. Join Bob Gaines to learn what that means for your business and how deep learning is helping organizations:

• Achieve higher compliance, faster and with lower costs • Dramatically improve Customer Experience • Reduce time to value from years to weeks

Sergio Rego is a customer engineer at SambaNova Systems where he helps clients deploy purpose-built, deep learning solutions in weeks rather than years. Sergio started his career in financial services, where he worked in strategy; active and index management; and product design and management. Sergio also served as a senior data scientist and team manager for a system integrator where he helped federal government agencies deploy ML and AI solutions.