CISO Executive Network schedule

In this 10-minute networking session, the goal is to connect with three new people. Let the questions on the screen spark your conversation. Enjoy the opportunity to expand your network!

Digital transformation has brought about a paradigm shift in the way enterprises conduct business, with applications becoming the cornerstone of every industry. However, this shift comes with its risks, particularly for the software supply chain.

Enterprises now must secure hundreds or even thousands of applications while ensuring the security of modern development practices. Traditional approaches to application security, such as shifting left, are no longer sufficient. Instead, AppSec needs to shift everywhere to ensure security without slowing down development.

During this session, learn more about:

• Trends in application development driving the need to shift everywhere.
• Best practices for applying application security testing at every point in the SDLC.
• How to bring developers into your AppSec program to not just find vulnerabilities, but also fix them.

In this presentation, we address the critical challenges posed by supply chain attacks and third-party risks, highlighting their potential financial, reputational, and operational impacts on organisations. We delve into the anatomy of supply chain attacks, emphasising the importance of robust risk assessment, due diligence, and continuous monitoring of third-party activities. Tailored mitigation strategies, including rigorous supplier vetting and adherence to Australian security standards, are crucial for enhancing resilience against these threats. By fostering awareness and implementing proactive measures, CISOs can effectively lead their organisations in mitigating evolving supply chain risks and safeguarding against cyber threats.

This year, we will see tectonic shifts in cybersecurity due to the impact of artificial intelligence on the adaptability and velocity of cyberattacks, and on identity and provenance. This is also occurring at a time when companies will start transitioning their cryptography to quantum-safe algorithms. The intersection of these two trends makes attention to digital trust a necessity. In this session we’ll discuss key trends in digital trust during the coming year.

• Discussing the significance of conducting risk assessments to identify critical assets and allocate limited resources judiciously, focusing on high-value targets.
• Exploring the cost-effective use of open-source security tools and solutions, such as intrusion detection systems (IDS) and security information and event management (SIEM) platforms.
• Highlighting the value of integrating threat intelligence feeds into security operations to enhance threat detection and response capabilities without substantial costs.
• Emphasising the role of employee training in reducing the attack surface by enhancing their knowledge of cybersecurity best practices and threat recognition.

Moderator:

Iain Hart, Group Head of Enterprise Risk, Crown Resorts

Panellists:

• Daniel Aldam, CISO, Keolis Downer
• Peter Gay, Head of Cyber Security, Transgrid
• Derek Chen, Head of IT Security & Governance, Team Global Express

The rapid pace of the cloud introduces a growing attack surface spanning multiple clouds, multiple architectures (containers, serverless, and VMs) and thousands of cloud technologies. Join us as we take a deeper look into common cloud attack paths from initial access to internal exposure and isolation breakout. This session will cover strategies for how organisations can approach prevention, including a playbook for how security and development teams can control risks together across the pipeline.

• Fostering engagement and awareness across all departments, transcending traditional IT boundaries, and emphasising the importance of cyber hygiene.
• Understanding organisational thought patterns, conversations, and behaviour concerning risk, to tailor awareness and education strategies for a security-conscious culture alignment.
• Integrating cybersecurity into the organisational journey positioning as a strategic asset rather than a mere compliance requirement

Moderator:

Gaurav Vikash, Head of Security & Risk, Axon 

Panellists:

• Sam Mackay, CISO, NSW Department of Customer Service
• Peter Gay, Head of Cyber Security, Transgrid
• Roxanne Pashaei, CISO, NSW Rural Fire Service
• Doug Hammond, CISO, Uniting

Cloud attacks are fast. After finding an exploitable asset, malicious actors need less than 10 minutes to execute an attack. While preventive controls are common in cloud environments, no organization can stay safe without a threat detection and response program for addressing zero-day exploits, insider threats, and other malicious behavior. Join our session to learn and discover how to stay ahead of the evolving threat landscape by acknowledging the realities of modern attacks, identifying areas of improvement, and pushing your cloud security programs forward.

As cybersecurity threats continue to evolve, organisations must promote cybersecurity conversations and nurture talent. Join Daminda, Sophia and Adrian from CSC as they share their experiences and insights to address these challenges. The presentations focus on empowering employees through education and communication to fortify defences and exploring innovative strategies for attracting, retaining, and nurturing cybersecurity professionals, ultimately driving organisational cyber maturity.

Speakers:

• Daminda Kumara, CISO
• Adrian Kazias, Senior Manager Cyber Defence & Resilience
• Sophia Barbour, Cyber Awareness and Intelligence Lead

• Delving into the intricacies of harnessing AI for dynamic adaptive countermeasures, including threat modelling, predictive analytics, and automated incident response orchestration.
• Discussing the potential risks associated with AI in cybersecurity, such as AI-generated phishing emails and malware attacks, adversarial attacks, data poisoning, data privacy concerns, and the need for robust model explainability and interpretability.
• Channelling AI's capabilities to amplify value realisation, enrich critical processes, empower internal capacity, streamline operations, bolster the effectiveness of existing controls, and ultimately fortify the security posture amidst an ever-evolving threat panorama.

Panellists:

Brad Flanagan, Head of Cyber Security, Essential Energy

• Precisely aligning cybersecurity initiatives with strategic objectives, presenting proposals within the strategic context, demonstrating business relevance, and effectively communicating their impact to the board.
• Discussing the pivotal role of CISO in guiding boards in comprehending cyber security responsibilities and fulfilling their obligations in cybersecurity governance and risk management.
• Ensuring cybersecurity at the forefront of the board's decision-making, fostering a culture of cyber risk awareness, and driving the necessary investments to strengthen your organisation’s security posture.

Panellists:

• Simon Smith, CIO, Pallion
• Anna Aquilina, CISO, University of Technology Sydney
• Vishwanath Nair, Former CISO NSW Electoral Commission