Our mission is to equip you with the skills and information you need, so we start each Edge event with refined feedback from ADAPT local research and data gathered from 1,000s of C-level surveys. This will help you validate and compare your position and security strategies with the rest of Australia.
Matt Boon now leads our advisory practice distilling this data, having recently joined ADAPT after an 18-year career with Gartner. He will present some unique findings, and chair CISO Edge 2019.
Digital technologies are powerful in that they accelerate the velocity of business, transform constituent experiences and spawn new business models. On the other hand, they also drive an exponential increase in the pace of regulations, attack surfaces and the capabilities of malicious threat actors. Digital technologies are a formidable force for the progress of humanity, but they also magnify digital risk. As organisations have failed to demonstrate cyber-resilience and competency in managing privacy and integrity of data, there is a growing erosion of trust in technology. Restoring trust is not about eliminating risk, but about understanding, prioritising and managing it.
Global Expert: As Principal Deputy CIO for the US Department of Defence and formerly CIO for the US Navy, Carey has championed transformation, strengthened cybersecurity, and led policy for millions of personnel and multi-Billion dollar budgets. Now serving as the VP & GM Global Public Sector Solutions for RSA, Carey integrates teams to connect technologies to solve customer information challenges in the Global Public Sector. As a recognised technical and business leader in enterprise cybersecurity, he engages senior leadership in the public sector globally to define their solutions.
Many CISOs and Heads of IT Security have evolved from a lifetime of technical expertise, and then must improve business and leadership soft skills to overcome new people challenges. If 75% of a CISO’s time is spent on stakeholder and team management tasks, the major role is to convince stakeholders to come on the journey, to manage up to the ExCo, across the line of business, and manage down to mass staff engagement and uptake.
What are the best methods to communicate security programs and risk to the board and C-suite?
- How to evolve your executive acumen?
- Building skills like resilience and an agile mindset
- Dealing with Politics and Detractors
- Setting realistic goals aligned with enterprise maturity levels
- Collaborating on Board level standards and regulations such as CPS 234
Formerly leading cyber strategy at Qantas and Transport NSW, Jinan is one of Australia’s leading security analysts, and moderates a C-suite panel to explore how to deliver on the needs of C-level executives and peers.
Data volumes will only increase as will privacy challenges in turn. How do we leverage the potential of data to improve the delivery of products, services and programs when facing restrictive policies and legislation? What if open data sharing led to efficiency and services which enabled a safer society, or protect the weak? Can we share data and still protect the individual?
The drive to produce an open-source product that can quantify the risk that any given dataset poses for the identification of an individual is a global problem every developed country is facing, and a solution we all seek. Australia could lead the way. What is the role of the CISO in enabling data value?
Regarded as a thought leader in Australia’s Digital Economy, Ian is the CEO and Chief Data Scientist of the New South Wales Data Analytics Centre. With 25 years’ experience in IT, Ian has led organisations delivering products and outcomes that have impacted hundreds of millions of people globally.
Email. Meetings. Social media. Endless pings and dings. We live in a world littered with digital distraction and temptation. When we need to do focused, impactful, and deeper work, protecting that time is precious. For security leaders, under relentless pressure – being efficient is mission critical.
Join Amantha as she takes you through the latest productivity research from psychology and neuroscience. Explore the evidence-based strategies that will help you transform your work habits, turbo charge your output, and optimise your work hours.
Choose your preferred roundtable to participate in a moderated discussion led by leading business and industry analyst.
Digital risk management is the next cyber security frontier and it is everyone’s business. How can you navigate the risks of cloud transformation and manage third-party risk? How can you break down business and security siloes? How can you enable a dynamic workforce to innovate freely and safely? Join Shawn Edwards, RSA’s Global Chief Security Officer, for a closed-door discussion.
New research into cyber risk and digital transformation shows that Australian organisations place the highest importance on improving employee productivity, as well as enhancing business resilience. However, enabling staff and third parties to access data off-site is the greatest threat to organisations from a cyber-security perspective. In the rush to ‘digitally transform’ does your business place innovation over cybersecurity?
During this roundtable, you’ll explore with peers the tension between what organisations seek to achieve through their digital transformation efforts, their concerns about the risks created by their ambitions, and how well placed they are to solve them.
- How do you confidently manage the cybersecurity risks inherent in your digital strategy?
- What are your top three most important factors for minimising cyber security risk?
- How do you elevate the cyber security discussion to deliver lasting value through strategic security programs tightly aligned to corporate ambitions?
- How do you successfully strike a balance between innovation and cybersecurity?
The topic will be focused on risk automation. In light of the royal commission and other high profile failings in FSI, it’s obvious that current methods of controlling risk are not working and neither are the processes put in place to test those controls. This is because business processes and systems are all still very siloed and constantly changing, so it’s impossible to monitor everything and address issues with any kind of scale, efficiency or completeness.
- Can automating risk and compliance simplify processes and increase engagement for non -risk professionals?
- How can continuous monitoring help avoid or prevent a repeat of the conduct failures witnessed through the Royal Commission?
- How can companies better leverage data that they already capture across their business and IT landscape to automate how they monitor risk and compliance?
As applications, users and devices evolve, it has become unrealistic to rely on a traditional “secure the perimeter” model, and trust that nothing will get in or out. What you need to deploy and manage is being redefined, with a shifting attack surface, operating across a wider area, at increasing volume. We’ll discuss best practice for taking security to the edge, to enable your digital business transformation.
Over the last decade or so we have seen a dramatic shift in the security landscape. As more and more of an organisations valuable assets are moved online security has changed from a ‘nice to have’ to a strategic imperative.
But many security practices feel like they were conceived in a very different era under very different circumstances and are now often failing to respond to the number one weaknesses in most organisations networks, people.
It is time to look at how we might do things differently. What would it mean for our security functions to genuinely consider the people in their networks? That encourages understanding, skill development and responsibility? What would we do differently and what might the benefits be?
In a world where technology is increasingly pervasive and the risks and challenges of information security are growing every day this a challenge that can no longer be ignored.
With CPS 234 and rules for oversight, senior executives have deeper personal risk and accountability for security. Often though, IT teams lack common language and frames of reference to translate tech to the ex-co in business relevant terms. This can lead to frustration and disempowerment at the C-suite, who simply want to know what you want them to do. We have passed the times of shock and awe and now need to give our leadership teams the practical tools and knowledge for all to succeed.
- What is the most compelling business talk?
- The simple things to take back to the management team
- How to instil executive management responsibility and board level buy in
- Balancing business responsibility for ICS risk
- The situation has changed, but have we?
Reporting directly to Standard Chartered Bank’s CISO in the UK, Ellie flies in from Singapore with 25 years of IT and Risk communications management experience having managed projects and teams across multiple countries, regions and cultures. This session will be a standing interview with opportunity for audience interaction.
In a 24 hour user world security awareness, culture and training must empower people with the skills they need to be safe at work and at home.
How is security impacting on the broader business-as-usual functions of your organisation? And how can you work with your colleagues to make cyber a conscious responsibility and natural first-response of every employee within your business?
An intimate panel of cross industry experts come together to discuss techniques, tips and tools on how to:
- Gain visibility to combat entrenched business cultures
- Recognise the skills and capabilities within the security team and broader business required to ensure the highest levels of security awareness and capability
- Manage security, digital transformation and automation: Do employees understand how their individual actions can impact organisational security?
- Avoid security fatigue across your organisation
- Create diverse, engaging and practical training programs
Choose your preferred roundtable to participate in a moderated discussion led by a leading business and industry analyst.
Trust is fast emerging as a key competitive differentiator. But the siloed and reactive view of risk management prevalent today is no longer enough to guarantee the integrity needed to build trust. Organisations need to adopt a proactive, future-facing and fully integrated approach to risk that gives them the confidence to encourage innovation.
If Chapter 1 for organisations undertaking digital transformation was about experimentation, chapter 2 is now about enterprise-driven reinvention. So what role does Security play in this? This new chapter, characterised by multi-cloud environments and digital and artificial intelligence at scale, underpinned with trust, provides organisations with the opportunity to build-in security and privacy by design and not as an afterthought. Attend this roundtable to learn more about IBM’s point of view on Chapter 2 and to discuss:
- Your perspectives on Chapter 2 – what you think your chapter 2 looks like and how security will play in this
- What is your cloud strategy and how are you embracing security as part of your cloud journey?
- If you had a platform where you could orchestrate business scenarios, what would your top 3 be?
With the exponential cyber threats being experienced by organisations around the world and Australia, the need to maintain the security efficacy is paramount to protect and detect.
This needs to be assessed and performed throughout the lifecycle of the investment in cybersecurity to minimise the risk to the business.
This discussion will analyse and debate best practice for:
- Establishing a relevant security strategy for your organisation
- Forming an effective solution and procurement plan
- Developing an end-to-end, Total Cost of Ownership for your investments
- Leveraging system integration to simplify security solutions without compromising effectiveness
Endpoint Security is a critical piece of technology in an organisations security architecture. The vendor landscape is noisy and confusing with the on-going debate of prevention vs detection and A.I functionality. In this discussion, the topics will cut through that noise and focus in on how to assess the maturity of A.I solutions, scalability and how to practically and effectively implement a next-generation endpoint strategy; including why highly effective prevention without the reliance on cloud, enables streamlined, clear, autonomous and active detection and response.
CSOs and CISOs both have the same mission, to protect their organisation from outside threats. These threats are converging even though the defences against them may still operate separately, and we are seeing a shift and convergence of the CSO and CISO roles.
From a customer and user viewpoint, security is security. Is the CISO or CSO role an incomplete function if it doesn’t include physical or IT security within the remit? Can one person lead the whole function including physical security, executive security protection, cyber security, privacy, fraud, and third party risk?
To accomplish their respective goals, both parties are defending against are the same threats viewed through different lenses. Can the views, opinions, needs and requirements of both the CSO and the CISO create potential conflict?
What is the best way to create a mutually accepted view of threats, their potential business impact and what role the teams play in addressing the risk?
- Ways to bridge the communications gap.
- Modern enterprise security risk assessment and management.
- Developing a converged approach to identifying and addressing risks and budgets
- How to arrange budgets, programs and tools to make the team as agile as the threats?
- If one leads, what happens to the other?
“What CISOs Want?” – LIVE podcast recording at ADAPT CISO Edge, then broadcast globally.
David’s popular US podcast series has hosted some of the world’s top CISOs and candidly explores the relationships, tactics and hype between vendors and CISOs. With a series of 5-minute segments such as “What’s worse?” and “Please enough, no more!” the sessions are entertaining whilst engaging on specific topics that security leaders need addressed and examining the mutual dependency and conflict that exists between buyers and sellers of cybersecurity products and services. Whether you’re a CISO or a wannabe CISO, the series delivers inside tips on how to manage a security team, and how to focus your precious resources to create a secure environment for your employees and customers. Veteran tech journalist and personality David will fly in from San Francisco to record the podcast live at CISO Edge.