5 November 2020 | Hyatt Regency, Sydney
Security Edge Agenda 2020
AGENDA
Register Interest Print Agenda
Secure your seat on a table of 4 peers in the keynote room.
A lot has happened since we last gathered at a physical event. Security Edge, will take you and your peers on a practical journey to overcome the key challenges around your role in managing people, delivering digital resilience and enabling organisational agility.
ADAPT’s research and advisory leadership team open with valuable local fact-based insights, based upon 10,000 conversations and over 1,000 detailed surveys of our region’s executive digital and IT leaders. Matt reveals the core findings of the distillation of your pre-event survey data – and that of your other C-level peers.
When the dictionary people get together later this year to pick the word that most defines 2020, they’ll have a competition on their hands: “coronavirus,” “covid,” “pivot,” “defund,” and of course “unprecedented.” The evidence is in: we live in truly uncertain times.
To prepare for a future that is largely unknown, Security leaders are building flexibility and adaptability into both their technology and their teams. For leaders, top-down mandates have been replaced with a distinctly people-centred approach that engages teams and stakeholders to play a more active, participatory role in shaping change that sticks.
In this insightful, practical session, Lucy will share their secrets for breaking down walls, re-writing the rules, and leading change in a completely new way – one which equips your organization to transform while ensuring that your team view change as a personal opportunity, rather than a threat.
We will explore ‘operational empathy’ – the ability to listen and ask questions in order to absorb the views, needs, and wants of others in a meaningful way. All too often, some leaders’ inclination is to jump in and find solutions. While this serves well in many instances, we’ll look at the value of slowing down – especially with cross-functional teams and stakeholders – in order to analyse the situation more broadly and provide context to them.
By using a recent example of change from your own day-to-day, participants will gain empathy for the team going through change as well as other human factors that make change hard.
“50% of my time is in evangelism and then the rest is the other 100% of the CISO specific things I need to do!”
Our global keynote guest is CISO for RBI – the parent company to Burger King, Popeyes, and Tim Hortons. Shawn is responsible for establishing the strategic direction, instituting comprehensive programs, and leading the Global IT security and compliance for corporate, supply chain, restaurant, and consumer technology along with building a thorough consumer privacy framework across the parent company and three iconic brands. He will join us for a live video interview and Q&A to debate execution to the modern challenges of a CISO.
Governance, Risk, and Compliance (GRC) and security is on the agenda of the board of directors’ meetings for every public company. Learn key lessons from ServiceNow’s CISO Ben de Bont on successfully reporting to the board.
A recent consultation paper from the Department of Home Affairs highlighted the increasing breadth of what must be now be considered critical infrastructure.
As well as traditional sectors like Energy, Transport and Communications, the report calls for the same approach to be applied to sectors such as Banking, Data Storage and Education.
Increasing interconnectivity delivers efficiencies and economic benefits, however without the proper safeguards, this interdependence allows for potential vulnerabilities and cascading disruption across our economy, security and sovereignty.
The report calls for leaders in all industry sectors to work together on building security practices, policies and laws that bolster security and resilience of this ever broadening critical infrastructure.
This panel will discuss the physical, personnel, supply chain and cyber security challenges presented by the digital transformation in our essential services, touching on recent incidents such as compromises in Parliamentary, University and corporate networks. Plus recent natural disasters and impacts of COVID-19.
Intelligently matched opportunities connecting the right people at the right time for the right reasons.
Attend your pre-selected roundtable to participate in a peer discussion moderated by an ADAPT analyst with subject matter experts.
Both public and private sectors are in a constant state of defence. They continue to be faced with new and advanced cyber-attacks that increase the overall risk to citizens and customers. Bringing together cyber risks and operational risks is key to improving an enterprise risk management strategy and resulting operational resilience. While cyber related operational risk has traditionally focused on how to avoid foreseeable catastrophic events, operational cyber resiliency is achieved by having the ability to absorb and rapidly respond to such events, and to further learn and adapt to them. Our session will focus key challenges and practical steps in achieving cyber resilience.
Discussion points/questions
- Coupling operational risk management approaches with cyber incident response
- Taking a risk-based approach to cyber risk assessment, prioritisation and response
- Improving hygiene in business behaviours, preparedness and accountability around incidents
- Automation in incident response – moving beyond the hype and uncovering genuine process opportunities
Digitally led Business Transformation is a necessary but huge undertaking for any organisation. The process can be especially challenging for those in more traditional industries with substantial workforces that depend on an unusually high level of security to protect their product and customers. Add to this the new complexity of remote working, and the associated risks increase substantially. All of this poses significant challenges to organisations, including:
- Increased data transparency
- Enabling remote teams
- Controlling remote data storage
- Collaborating with external teams
Security is fundamentally broken. Too many point solutions are creating too much complexity; too many misconfigurations are creating too many holes for the bad guys to slip through. In this roundtable we will discuss the potential of a future where standalone security tools have become obsolete.
We will ask the questions:
- What happens when the tools have all gone?
- How did we get to a place where they were no longer needed?
- What replaces them?
- How do security and technology teams operate now?
- Are we succeeding without them?
Much of a security leader’s job is spent in stakeholder management, managing up and down the organisation. More often than not it includes C-level and board level presentations. Too often this is just to confirm “”Are we safe? Are we compliant?””. The risk of this is the Board and CFO may think it is somewhere where the investment can stop.
A modern leader needs the business and soft skills to own the room, the ability to position cyber as an investment, and in today’s market the skill to secure the space to experiment, fail fast, test and learn.
Two former CIOs and current board members join us live to share their insights, tips and lessons learned.
Too many organisations only talk about Cyber as Risk – and being ‘under control’ – and ‘creating safety’. What we should be doing is positioning Cyber as competitive advantage – using cyber to get results and make behaviours better. We need to think of Cyber as ‘Competitive computing’ and enabling innovation.
But in our current climate how do we take the organisation on this journey? People can be fearful and resistant to change – and leading them and your team is challenging, especially remotely.
- Enabling cyber culture across a distributed remote first workforce.
- What opportunities arise through these changes?
- The challenges of measuring behaviour.
- How to make Australia a nation of cyber innovation?
Securing the invisible perimeter – Cyber Resilience Strategies for third-party ecosystems Aparna Sundararajan - Senior Research Strategist at ADAPT
Since the lockdown, 12% of organisations have replaced their offshore partners with domestic partners on a permanent basis” – ADAPT COVID-19 survey
Has your third-party ecosystem changed? What should you be cautious about?
Your third-party ecosystem is the extended arm of your organisation. An increasingly digitally connected ecosystem of partners, contractors and service providers brings higher chances for fraud, breaches and security challenges. This is now exacerbated by COVID-19 and international geo-political situation. How can CROs and CISOs ensure a secure perimeter while enabling the organisation to work with a broader third party ecosystem?
In July, ADAPT conducted research to understand the current state of third-party risk mitigation strategies adopted by CISOs, CSOs, CROs and CIOs of the top Australian organisations. Having interviewed some of our region’s top security leaders for a special report – this session will highlight the key findings followed by an open discussion on the most effective strategies in managing and mitigating third party risk.
Intelligently matched opportunities connecting the right people at the right time for the right reasons.
Attend your preselected roundtable to participate in a peer discussion moderated by ADAPT analysts with subject matter experts.
Rapid growth in the digital economy has prompted organisations to facilitate the creation and exchange of information to new channels, partners, and developers with the goal of unlocking new business value.
At the same time bad actors have doubled down on seeking vulnerabilities and weaknesses in APIs and Web Apps. Recent extortion campaigns show that DDoS attacks will never go away. Newer threats continue to increase in sophistication, evolving in recent years to include bot attacks and in-browser threats. Join this discussion about how web application and API protection has evolved over the years, where it’s going, and how to prepare for emergent threats.
With the acceleration of digital transformation and cloud adoption increasingly on the rise, businesses are transitioning to multi and hybrid cloud environments at an incredible rate. It has never been more important to create a strong, unified cloud security strategy – and it’s never been more difficult!
While a multi and hybrid cloud strategy has many benefits, it also presents challenges. Many organisations are struggling to secure their environments due to lack of real time visibility, control and effective understanding of risk.
Join us for a discussion on best practices for securing and protecting your multi and hybrid cloud environment and how to: Conduct effective security investigations and analysis across multi cloud services; Gain end to end visibility for better investigation, alerting, remediation and reporting; Normalise and manage data to better analyze and detect threats; Control costs and scale security as demands of the business grow.
The need for end to end visibility across environments has never been more important to identify, investigate and respond to internal and external threats in real time.
In the wake of one of the world’s largest and most well-known data breaches in corporate history, Jamil Farshchi, was brought in to overhaul Equifax’s information security posture, to transform the company’s data protection program and to instil a security-conscious culture through the organisation.
Three years in to that Security Transformation program, Jamil shares his lessons, war stories and suggested framework for other to leverage.
Jamil is no stranger to managing the fallout of a crippling data breach, having been brought into Home Depot to restore growth and value for its shareholders following a 2014 breach that cost the company nearly US$237 million. With Jamil’s help, Home Depot’s sales grew to roughly 7% YoY in the three years following the attack and trust levels with customers were restored.
Jamil has fortified Equifax’s security program and governance framework, cultivated talent on the frontlines and created a hyper-secure culture with emphasis on protecting consumers’ sensitive personal information.
Jamil’s information will be actionable for any sized organisation – not technical or investment heavy.
We ask Jamil to share his war stories and advice.
- What are the 5 (non tech) questions you should ask to check if you have an effective cyber program?
- How to win allies and build trust through partnerships – then how to foster them?
- Why it matters to share lessons learned? Why should companies be open about their security strategy?
- Why a CISO must ask: ‘Is the organisation thinking deeply about risk? How do you build the right culture of risk?
- Culture? Does security have the right level of visibility in the org?
- What lessons were learned from C-19?
- Why should people be more active on their national point of view?
Based in our keynote room – an opportunity to mingle and meet other attendees, compliant to physical distancing.