Security Edge Agenda 2020

A lot has happened since we last gathered at a physical event. Security Edge, will take you and your peers on a practical journey to overcome the key challenges around your role in managing people, delivering digital resilience and enabling organisational agility.

ADAPT’s research and advisory leadership team open with valuable local fact-based insights, based upon 10,000 conversations and over 1,000 detailed surveys of our region’s executive digital and IT leaders. Matt reveals the core findings of the distillation of your pre-event survey data – and that of your other C-level peers.

When the dictionary people get together later this year to pick the word that most defines 2020, they’ll have a competition on their hands: “coronavirus,” “covid,” “pivot,” “defund,” and of course “unprecedented.” The evidence is in: we live in truly uncertain times.

To prepare for a future that is largely unknown, Security leaders are building flexibility and adaptability into both their technology and their teams. For leaders, top-down mandates have been replaced with a distinctly people-centred approach that engages teams and stakeholders to play a more active, participatory role in shaping change that sticks.

In this insightful, practical session, Lucy will share their secrets for breaking down walls, re-writing the rules, and leading change in a completely new way – one which equips your organization to transform while ensuring that your team view change as a personal opportunity, rather than a threat.

We will explore ‘operational empathy’ – the ability to listen and ask questions in order to absorb the views, needs, and wants of others in a meaningful way. All too often, some leaders’ inclination is to jump in and find solutions. While this serves well in many instances, we’ll look at the value of slowing down – especially with cross-functional teams and stakeholders – in order to analyse the situation more broadly and provide context to them.

By using a recent example of change from your own day-to-day, participants will gain empathy for the team going through change as well as other human factors that make change hard.

“50% of my time is in evangelism and then the rest is the other 100% of the CISO specific things I need to do!”

Our global keynote guest is CISO for RBI – the parent company to Burger King, Popeyes, and Tim Hortons. Shawn is responsible for establishing the strategic direction, instituting comprehensive programs, and leading the Global IT security and compliance for corporate, supply chain, restaurant, and consumer technology along with building a thorough consumer privacy framework across the parent company and three iconic brands. He will join us for a live video interview and Q&A to debate execution to the modern challenges of a CISO.

Governance, Risk, and Compliance (GRC) and security is on the agenda of the board of directors’ meetings for every public company. Learn key lessons from ServiceNow’s CISO Ben de Bont on successfully reporting to the board.

A recent consultation paper from the Department of Home Affairs highlighted the increasing breadth of what must be now be considered critical infrastructure.
As well as traditional sectors like Energy, Transport and Communications, the report calls for the same approach to be applied to sectors such as Banking, Data Storage and Education.

Increasing interconnectivity delivers efficiencies and economic benefits, however without the proper safeguards, this interdependence allows for potential vulnerabilities and cascading disruption across our economy, security and sovereignty.
The report calls for leaders in all industry sectors to work together on building security practices, policies and laws that bolster security and resilience of this ever broadening critical infrastructure.

This panel will discuss the physical, personnel, supply chain and cyber security challenges presented by the digital transformation in our essential services, touching on recent incidents such as compromises in Parliamentary, University and corporate networks. Plus recent natural disasters and impacts of COVID-19.

Intelligently matched opportunities connecting the right people at the right time for the right reasons.

Security is fundamentally broken. Too many point solutions are creating too much complexity; too many misconfigurations are creating too many holes for the bad guys to slip through. In this roundtable we will discuss the potential of a future where standalone security tools have become obsolete.

We will ask the questions:

• What happens when the tools have all gone?
• How did we get to a place where they were no longer needed?
• What replaces them?
• How do security and technology teams operate now?
• Are we succeeding without them?

Much of a security leader’s job is spent in stakeholder management, managing up and down the organisation. More often than not it includes C-level and board level presentations. Too often this is just to confirm “”Are we safe? Are we compliant?””. The risk of this is the Board and CFO may think it is somewhere where the investment can stop.

A modern leader needs the business and soft skills to own the room, the ability to position cyber as an investment, and in today’s market the skill to secure the space to experiment, fail fast, test and learn.

Two former CIOs and current board members join us live to share their insights, tips and lessons learned.

Too many organisations only talk about Cyber as Risk – and being ‘under control’ – and ‘creating safety’. What we should be doing is positioning Cyber as competitive advantage – using cyber to get results and make behaviours better. We need to think of Cyber as ‘Competitive computing’ and enabling innovation.

But in our current climate how do we take the organisation on this journey? People can be fearful and resistant to change – and leading them and your team is challenging, especially remotely.

• Enabling cyber culture across a distributed remote first workforce.
• What opportunities arise through these changes?
• The challenges of measuring behaviour.
• How to make Australia a nation of cyber innovation?

Since the lockdown, 12% of organisations have replaced their offshore partners with domestic partners on a permanent basis” – ADAPT COVID-19 survey

Has your third-party ecosystem changed? What should you be cautious about?

Your third-party ecosystem is the extended arm of your organisation. An increasingly digitally connected ecosystem of partners, contractors and service providers brings higher chances for fraud, breaches and security challenges. This is now exacerbated by COVID-19 and international geo-political situation. How can CROs and CISOs ensure a secure perimeter while enabling the organisation to work with a broader third party ecosystem?

In July, ADAPT conducted research to understand the current state of third-party risk mitigation strategies adopted by CISOs, CSOs, CROs and CIOs of the top Australian organisations. Having interviewed some of our region’s top security leaders for a special report – this session will highlight the key findings followed by an open discussion on the most effective strategies in managing and mitigating third party risk.

Intelligently matched opportunities connecting the right people at the right time for the right reasons.

With the acceleration of digital transformation and cloud adoption increasingly on the rise, businesses are transitioning to multi and hybrid cloud environments at an incredible rate. It has never been more important to create a strong, unified cloud security strategy – and it’s never been more difficult!

While a multi and hybrid cloud strategy has many benefits, it also presents challenges. Many organisations are struggling to secure their environments due to lack of real time visibility, control and effective understanding of risk.

Join us for a discussion on best practices for securing and protecting your multi and hybrid cloud environment and how to: Conduct effective security investigations and analysis across multi cloud services; Gain end to end visibility for better investigation, alerting, remediation and reporting; Normalise and manage data to better analyze and detect threats; Control costs and scale security as demands of the business grow.

The need for end to end visibility across environments has never been more important to identify, investigate and respond to internal and external threats in real time.

We ask Jamil to share his war stories and advice.

• What are the 5 (non tech) questions you should ask to check if you have an effective cyber program?
• How to win allies and build trust through partnerships – then how to foster them?
• Why it matters to share lessons learned? Why should companies be open about their security strategy?
• Why a CISO must ask: ‘Is the organisation thinking deeply about risk? How do you build the right culture of risk?
• Culture? Does security have the right level of visibility in the org?
• What lessons were learned from C-19?
• Why should people be more active on their national point of view?

Based in our keynote room – an opportunity to mingle and meet other attendees, compliant to physical distancing.