Agenda
Tuesday, 9 April 2024
“The Implications of AI & Ensuring Top-Down Cyber Leadership”
Please note that 1:1 meetings will be running throughout the day.
Registration & Check-In
Secure your seat and table of 7 peers in the keynote room.
Welcome to the 8th Security Edge: 2024 Will Be a Pivotal Year for Security Leadership
Jim Berry - CEO & Founder at ADAPTSecurity is in the spotlight more than ever in 2024, bringing new opportunities as well as risks.
With Australia under high profile attack, the Government dreams of national cyber resilience with evolving legislation – while our organisations chase digital growth and agility for their dispersed workforces, driving the focus on verification, compliance, and trust.
Meanwhile AI and Quantum computing start to scale the threats, but also new ways to protect our data, people, and customers.
This makes 2024 a pivotal year for Security leadership.
To reach goals of protection, preparation, resilience, and trust – we must ensure that security leadership and culture comes from the top down.
Join the community at ADAPT Security Edge, bringing together our regional enterprise and government cyber heroes to connect, learn and inspire in these challenging times.
Our theme, debated by over 25 experts and 130 local security leaders, will define a powerful day’s agenda, codifying the latest research and lessons learned for memorable and practical ways to lead teams, give organisational direction, and improve capabilities.
ADAPT Research: Collective Insights from CIO, CFO, CDO & Security Executive Surveys
Matt Boon - Senior Research Director at ADAPTADAPT’s research and advisory team reveal the latest local fact-based insights, based upon over 1,000 detailed surveys of our region’s executive leaders. Showing the core findings distilled from your aggregated pre-event surveys and those of your executive CFO, Digital and CIO peers on their drivers, aims and opinions on security strategy. Also comparing the investment priorities, resource allocation and unique challenges of the Australian CISO for you to benchmark and validate your thinking.
Get an Edge: Making the Most of Your Day
Tenar Larsen - Head of People & Performance, Executive ProgramsDisruption and Resilience facing the Advanced Persistent Threats: Be Faster Than the Lion Chasing You
Byron Connolly - Head of Programs & Value Engagement at ADAPT Tom Kenyon - CEO at Internet 2.0While Australia faces its share of challenges in the cyber security domain, it is far from vulnerable. With a strategic focus on resource optimisation and technical education, our nation is well-positioned to strengthen its cyber defences.
This is critical, considering the steadily intensifying threat environment – including that of State Actors. As example, the recent i-soon leak suggests China’s implicit involvement in extensive cyber warfare conducted by its private enterprises on Government and critical infrastructure on a global scale.
Tom joins us for a candid discussion of the latest and most advanced threats:
- Why is geopolitics important? How does it relate to hacking? What you need to know and do?
- How to improve the underutilisation or misdirection of existing resources.
- How can Australian governments and others disrupt the hackers?
As one of the few Australian cyber software companies, Internet 2.0 was the only Australian company brought in to the White House CRi (counter ransomware initiative). They produced software to facilitate hunting the hunters. They are deployed in US Government agencies and currently helping Ukraine in the cyber war against Russia, while planning forward to assist in protecting the upcoming US election.
We're in Unchartered Territory: Risk to Resilience for Australian CISOs in 2024
Andrew Philp - Director, Platform Strategy ANZ at Trend MicroIn today’s unchartered territory driven by AI advancements, stricter national legislations, and economic unease, what are the key metrics for enhancing enterprise-wide resiliency? How are CISOs prioritising transparency and effective communication whilst assessing their risk appetite and posture in these unpredictable times? Join Andrew, a seasoned cybersecurity professional, as he leverages his extensive experiences to explain exactly how to construct a proactive roadmap to go from risk reduction through to facilitating seamless board communication.
Morning Break: Refreshments, Snacks & Connections
Cyber Future: AI, Quantum, and Beyond
Claudine Ogilvie - Former CIO at Jetstar, Director Digital & Data at Compass APAC, active Board Member Yvette Lejins - Former CISO at Jetstar & AscianoAs security professionals, you know that the cyber landscape is constantly changing and challenging. You need to stay ahead of the curve and anticipate the next wave of threats and opportunities.
AI, ML and Quantum technologies will shape the future of cyber security – as tools for enhancing cyber capabilities and as targets for cyber-attacks.
Claudine and Yvette will discuss how to prepare not only your technology investments but also your people, your leadership, and your board. Suggesting how to ask the right questions now to navigate the cyber future, as well as how to prepare now for Quantum threats.
Claudine has led IT strategy to the board level and is a leader on the threats and opportunities of Quantum technologies in business. Yvette was most recently the AP CISO for Proofpoint, consulting their largest APAC clients, and brings a wealth of experience and use cases from several industries.
Attack Trends - How Phishing as a Service and AI have Revolutionised Email Bourn Attacks
Matt Berry - APAC Field CTO at Abnormal SecurityPhishing-as-a-Service is now a thing. It’s cheap, cloud managed and comes with support. It side-steps MFA and allows criminals into your Microsoft, Google, Apple and Github accounts. Combine this with Generative AI and now threat actors have sophisticated phishing attacks with cleverly crafted language at their fingertips.
In this talk, I’ll show real examples of the threats coming from Ph-a-a-S and examples of how Gen-AI is being used to develop sophisticated attacks. I’ll also discuss how good AI can be used to fight bad AI and the onslaught of cleverly crafted phishing.
Securing the SaaS Apps of the Future
Brett Winterford - APJ CSO at OktaAn outsized number of impactful security incidents continue to arise from session-stealing malware and phishing campaigns. We know how to defend against “stealer” malware on managed devices: by preventing devices with poor posture from reaching sensitive assets.
We know how to defend against AiTM phishing attacks: by requiring phishing resistant authenticators. It’s because of these innovations that most adversaries target the unmanaged devices of employees and contractors. Can we also thwart the theft and replay of session tokens at the application level?
In this presentation, Okta APJ CSO Brett Winterford provides a short list of requirements every CSO should start demanding from application vendors to dramatically reduce the value of stolen tokens.
ADAPT Executive Insight Roundtables
Attend your pre-selected roundtable to participate in a peer discussion with confidence under Chatham House Rule moderated by an ADAPT analyst with subject matter experts.
Lessons Learned Helping Protect Australians as the Nation's Leading Telco
Clive Reeves - Deputy Chief Information Security Officer at TelstraAs Australia’s leading telecommunications and technology company, Cyber Security is at the forefront of everything Telstra does. It’s not just about implementing security measures; it’s about designing, building, and managing security for its vast global network using a range of technologies and controls, and integrating cyber security seamlessly into every aspect of its organisation.
As a critical infrastructure provider, Telstra continuously invests in its security capabilities, to help stay ahead of new security threats. At the heart of its comprehensive security capability is the operation of a well-established Security Operations Centre (SOC), harmonising IT/OT environments, and advancing the implementation of organisation wide zero trust, supported by cutting edge SASE technology.
Join our Deputy CISO in this private roundtable to delve into our transformational journey, gain insights from our experiences and explore the evolving strategies for mitigating sophisticated threats in today’s landscape.
Debate how to:
- Affect change in a large organisation and present the story.
- Lock down data without compromising CX.
- Position security at the front of transformation and change.
- Move SASE and Zero Trust beyond a concept.
Strengthening Bonds with your Board and Business to Enhance Risk Resilience
James Lewis - Solutions Engineer at DiligentIn a world of continually expanding IT Risks, CISO’s can feel like the frequent bearers of bad news for boards. Building a secure and trusted organisation is the goal, but with resources stretched and legacy systems and processes getting in the way, achieving this is proving difficult for many IT teams.
Recognising that tone starts at the top, many security leaders are embracing IT Risk Management technology to control the narrative when reporting to their boards and the broader business on their cyber risk posture. Automation, intuitive dashboards and powerful analytics not only simplifies complex information but also empowers CISOs to deliver valuable insights that resonate with executives. CISO’s can deliver greater transparency, accountability and insights for better long-term outcomes and at the same time improve the perception of security teams.
Join Diligent as we explore how technology can be a catalyst for positive change, facilitating more digestible and impactful boardroom and business reporting. Discover the best ways to foster improved relationships within the business, paving the way for long-term success in building a resilient and secure organisation.
Are You Ready to Adopt a New Cloud Security Operation Model?
Matt Preswick - Enterprise Solutions Engineering at WizSuccessful cloud security strategy needs to evolve to meet the changing needs of the business and growth of the cloud. As cloud infrastructure adoption continues to soar in the ANZ region, organisations are rethinking their approach to cloud security to reduce risk, ensure compliance with regulation, and enable the organisation to innovate with AI. Cutting-edge security teams are developing new strategies and initiatives to increase their company’s agility through security and move from slowing the business to accelerating it. Join an exclusive leadership roundtable with Australian cybersecurity leaders as we discuss and share insights on simplifying your security stack and using a new cloud security operation model.
In this session, participants will share strategies and stories:
- Improve your cloud security by democratising it across your organisation.
- Reduce tool sprawl to drive better security outcomes and help team adopt emerging technologies.
• Prepare and respond to new regulatory requirements hitting the region.
The Evolution of Security Awareness Training: The Critical Elements you must have in Place to Ensure Success
Joe Gillett - Director at KnowBe4Successful Security Awareness Programs include ongoing, relevant and engaging training and awareness with an opportunity to apply new skills and knowledge with simulated social engineering activities.
The evolution of these programs results in changing behaviour with the ultimate goal of creating a security culture. Whether you call it security culture or human risk management, the steps to take and levers to pull can be complex and sometimes out of the focus area of IT Professionals.
During this session, Joe Gillett and team will share real-life examples with actionable guidance, giving attendees the advantage they need to ensure their program succeeds, create a security culture, and mitigate human risk.
Peer Networking Seated Lunch
ADAPT Executive Insight Roundtables
Attend your pre-selected roundtable to participate in a peer discussion with confidence under Chatham House Rule moderated by an ADAPT analyst with subject matter experts.
API Security, where do the Risks Lie in our Increasingly Distributed Workplace?
Dominic Lovell - Senior Solutions Engineering Manager at AkamaiApplications run our world and your business. They also introduce security vulnerabilities that multiply as we become ever more connected.
This interactive Roundtable with an ADAPT Analyst and front line insight from Akamai will discuss:
- Automating protections and customisation to your organisation’s threat landscape
- Going beyond the OWASP API Security Top 10, can leveraging machine learning provide higher detection accuracy?
- Tactics to ensure your applications remain available even during attacks.
Unleashing Cryptoagility: A Blueprint for Modernising PKI Solutions
Jeremy Rowley - Chief Information Security Office at DigiCertIn the ever-evolving landscape of digital transformation, organisations are facing unprecedented challenges in securing and scaling their cryptographic infrastructure. Yet the need for crypto agility has never been more critical as companies grapple with risks posed by advanced technologies such as AI, emerging threats like Post Quantum Cryptography (PQC), and the complex web of compliance mandates, management hurdles, and technology transformations.
Join a lively roundtable discussion with a panel of your peers to gain actionable strategies as we explore:
- Reducing IT resource burdens and costs through centralised certificate management
- Preventing costly business outages and addressing potential security vulnerabilities
- Building private and public trust while eliminating human error
Don’t miss this opportunity to learn best practices and elevate your organization’s cryptographic resilience. Be part of the conversation that prepares for a quantum-safe future and shapes the future of secure digital landscapes.
Efficiency vs. Risk: Striking the Right Balance with GenAI
Asanga Wanigatunga - RVP, Sales at Snyk Lawrence Crowther - Head of Solutions Engineering at SnykGenerative AI coding tools are revolutionising software production and fundamentally transforming the way developers work. But the productivity gains of AI-generated code come with a potential downside: the inadvertent introduction of vulnerabilities into software products.
Are vulnerability risks in AI-generated code being overlooked in favour of going fast? What can you do to help the business go at speed, safely?
Join this interactive roundtable discussion to discuss how to effectively address these modern security risks and ways to empower developers to enhance application security effectiveness.
Afternoon Break
An opportunity to meet with other attendees and build your network
Executive Panel: How To Ensure Security Is Led From the Top?
Peter Hind - Principal Research Analyst at ADAPT Maryam Bechtel - CISO at AGL Anna Aquilina - CISO at University of Technology Sydney Tony Vizza - Executive Director, Cybersecurity at KordaMenthaAustralia’s goal is to become a leading cyber-secure country by 2030. This means strategies and capabilities to harden our nation, so Australia becomes an unwelcome operating environment for cyber criminals. What are they? How do we help reach this goal, starting with our organisational front line?
Debating:
- The latest Legislation landscape and impact planning
- Effective Cyber Security Metrics, Maturity Measurement and Reporting.
- Cyber Crisis Preparation and Risk visibility across the organisation
- Operational Resilience: How to be fit-for-purpose to Recover from the inevitable?
- Storytelling – how to build a narrative of change and lead with a common language?
- Tactics to ensure that Cyber leadership comes from the top
How to Raise the Profile of Security Risk in your Business?
Byron Connolly - Head of Programs & Value Engagement at ADAPT Chris Klingenspor - Senior Vice President of International Security and Security Risk at EquifaxJoining us in person from USA is Chris Klingenspor, SVP of International Security and Security Risk for Equifax. He is responsible for leading all regional security programs, managing the relationship between the security team and Equifax’s global business operations, also Security M&A due diligence and integration.
Prior to Equifax, Chris worked for Visa, a global leader in digital payments. There he served as VP and Head of Information, Governance, Risk, and Compliance, managing IT and cybersecurity initiatives for Visa and its subsidiaries. Before that at IBM, he managed IT security, controls, and compliance programs for the company and its new business ventures.
We welcome open questions from the group while debating how to raise the profile of security risk, the team and people involved – so they are not seen as blockers, so they have more influence – and how to be better at persuasion?
A Global Perspective on Australia's Cyber Posture
Jamil Farshchi - Global CISO at Equifax Byron Connolly - Head of Programs & Value Engagement at ADAPTJamil is one of the most prevalent and influential CISOs on the planet – outspoken and well versed with Australia’s challenges. He sees Australia at the tip of the spear, as criminals practice and optimise their attacks on AU targets, to then launch on US. His advice is for us to be elite at sharing, as well as at cyber protection.
Jamil joined Equifax in the aftermath of one of the most consequential data breaches in history. During his tenure, he’s led an unprecedented $1.5 billion transformation and has now built what is regarded as one of the most advanced, effective, and transparent cybersecurity and privacy programs in business today.
Prior to Equifax, Farshchi was CISO of The Home Depot, CISO of Time Warner, VP of Global Information Security for Visa, CISO of the Los Alamos National Laboratory, and Deputy Chief Information Assurance Officer of NASA. He’s also an advisor to the FBI.
In a candid interview, Jamil will discuss:
- Collaboration: At every level — vendors, governments, NGOs and beyond.
- Transparency: Moving past the outdated “security by obscurity” paradigm.
- Top Risks: Worrying trends across the security landscape, and how to mitigate them.
Closing Comments
Security Edge Peer Networking Drinks
An opportunity to stay, mingle and meet other attendees over drinks and food.