13 - 14 August, 2019 | Mercure Resort, Hunter Valley Gardens, NSW, Pokolbin, Hunter Valley, NSW

Exchange Day 1: Tuesday 13th August 2019


7:15 am - 8:00 am Breakfast & Registration


8:00 am - 8:10 am Chairperson's Opening Remarks

Case Study

8:10 am - 8:40 am How ANZ NZ Are Creating Cyber Resilience Through An Award Winning Cyber Awareness Program

In November 2018, Tony and his team were awarded the Best Security Awareness Campaign in NZ at the iSANZ awards. Since then, there has been a continued focus on the internal cyber ambassadors program, given the importance of educating both internal staff members and customers when it comes to protecting an organisation from cyber threats. In this session, hear Tony dive into:
  • The what, how and why of their cyber ambassadors programme
  • How ANZ NZ are gaining insights into posed cyber threats and how these inform the programme
  • The keys to maintaining an educated, cyber-smart organization
Tony Arnold, Head of Technology and Information Security at ANZ New Zealand

Tony Arnold

Head of Technology and Information Security
ANZ New Zealand

Panel Discussion

8:40 am - 9:10 am How to Build Internal Cyber Capability To Address The Skills Shortage In The Market

Australia is going through a cyber security skills drought, with a low-supply, high-demand environment for cyber skill sets becoming increasingly present. The nature of cyber skills needed by the industry is fast changing. Therefore, the focus of many organisations now is not just obtaining the correct skill sets, but sourcing the right personalities who can be continuously trained in the relevant areas of cyber security to embellish the teams’ capabilities. With this in mind, this session will see Siva discuss how Information Security Professionals are:
  • Identifying the right people to put into the cyber program
  • Keeping the learning syllabus up to date to ensure right skills are developed
  • Retaining existing staff whilst recruiting and up-skilling new talent
Siva Sivasibramanian, Chief Information Security Officer at Optus

Siva Sivasibramanian

Chief Information Security Officer

Case Study

9:10 am - 9:50 am Leveraging Integrated Threat Intelligence To Drive Improved Security Decisions

The race to keep up with emerging threats has driven a proliferation of security solutions, which has left often under-resourced security teams struggling with a growing array of point products and independent static security controls with no orchestration between them. In this session, Garrett deep dives into:
• Why orchestration is essential to scaling security team capabilities
• Methods for integrating your security tools and processes
• How to automate routine tasks, work smarter and respond faster, strengthening your cyber resilience


9:50 am - 10:20 am Morning Tea & Networking Break

BrainWeave & Business Meetings

10:20 am - 11:20 am BrainWeave™ - User Behavior, Analytics, AI and Deep Learning: The Future of Cyber Security

In this round table discussion, deep dive into bleeding-edge topics surrounding the future of cyber security in an increasingly digitised world. Engage with your peers on topics such as:
  • Mitigating advanced and automated cyber threats
  • Leveraging next-generation capabilities to enhance IT Security detection and response
  • The future of the cyber space and other preventative cyber methods
Steven Cvetkovic, Chief Information Security Officer at Swinburne University of Technology

Steven Cvetkovic

Chief Information Security Officer
Swinburne University of Technology

10:20 am - 10:50 am One-to-One Business Meetings

10:50 am - 11:20 am One-to-One Business Meetings

Case Study

11:20 am - 11:50 am Leveraging Business Insights and New Technologies to Optimize Security Operations Across The Board

As the Australian Digital Health Agency becomes more mature, advanced technologies such as ML and AI are being introduced to optimise security operations. But with the adoption of new technology also comes the potential for new risk which needs to be effectively managed to maintain secure operations. In this session, learn how Marianne and her team are managing the balance by applying the right tools and strategies.

·         Implementing new technology to streamline security operations while effectively managing risk
·         Investing in solutions that deliver on expectations and that are appropriate to your level of organizational maturity
·         Automating low-value tasks to minimize resources whilst still maintaining a human-touch in high-value tasks
·         Effectively measuring and reporting the impact of technology to maintain full visibility over your security operations

Marianne Cologon, Director Cyber Security Operations at Australian Digital Health Agency

Marianne Cologon

Director Cyber Security Operations
Australian Digital Health Agency

BrainWeave & Business Meetings

11:50 am - 12:20 pm BrainWeave™ - Awareness Training: Is Virtual Reality the Next-Gen Training Tool?

Compliance training is a necessary part of all organisations, and for a good reason – it ensures that employees are educated on laws, regulations and policies that apply directly to their day-today responsibilities. Let’s face it though, it can be boring, bland and disengaging. So how do you make awareness training a process that not only actively educates employees, but is something they enjoy? What are the tools to getting people engaged? What does the board need to see in order to invest in more exciting education tools? Is Virtual Reality the answer?

11:50 am - 12:20 pm One-to-One Business Meetings

12:20 pm - 12:50 pm One-to-One Business Meetings


12:50 pm - 1:50 pm Lunch & Networking Break

Case Study

1:50 pm - 2:20 pm Protecting Employee's Through Cyber Security Initiatives

Safety is written into the very DNA of cyber security teams across the globe, driving them to defend and protect their organisation against IT threats and compromises. But what happens to cyber teams when the definition of a cyber threat extends past that of a corporate issue, morphing into an issue that can fatally impact human life? Following a workplace accident in 2017, Boral are dealing with this first hand. In this session, Daminda will deep-dive into:
·         IT-OT use cases to protect the lively hood of employees: Smart Cameras and IoT Trucks
·         The risk that IT-OT exposes to business security
·         Driving end-to-end security process across the whole business process
·         Testing the success of cyber defense through internal hackathon’s
Daminda Kumara, Head of Cybersecurity at Boral Ltd

Daminda Kumara

Head of Cybersecurity
Boral Ltd

2:20 pm - 2:50 pm Data Ownership: Leadership, Challenges, and Data Governance

In some organisations, there is a general perception that privacy and IT security teams are responsible for all privacy and security risks, and thus responsible for any breach or compromise. It is important that guidelines are put in place to clarify exactly who is responsible for data, including the risks that surround it. In this session, hear Scott discuss:
  • Defining, Enabling and Empowering Data Owners
  • Implementing use-cases and ‘what-if’ scenarios to highlight the importance of risk management
  • Changing the security mind-set through both a top-down, bottom-up approach
Scott Hawkins, Manager Cyber Security, Risk and Assurance at Mater Group

Scott Hawkins

Manager Cyber Security, Risk and Assurance
Mater Group

BrainWeave & Business Meetings

2:50 pm - 3:50 pm BrainWeave™ - Achieving Cyber Security Outcomes with Network Defence and Response

In this brainweave, discuss:
• The Mirage of Endpoint Security – why an EDR-only strategy doesn’t work
• Insider threat detection: why moving threat detection from the gateway to the network core simply isn’t an option
• Ubiquitous TLS: the threat, the benefit and how to manage both
• Tool exhaustion: let’s start focusing on reducing risk not buying more tools
• Network design (defensible, fast and reliable – you can achieve all three)

2:50 pm - 3:20 pm One-to-One Business Meetings

3:20 pm - 3:50 pm One-to-One Business Meetings


3:50 pm - 4:20 pm Afternoon Tea and Networking Break

4:20 pm - 4:50 pm The Business Of IT In The Age Of Cyber Security

To effectively anticipate and mitigate cyber-risk in today’s complex business environment, technology leaders need to adjust their core management processes, their fundamental design paradigms, and their threat detection and response capabilities. These can be difficult to understand and hard to manage, especially when operations span multiple countries,morganisations and service providers. In this session, Peter will touch on:
• Key changes needed across these three dimensions to address the emerging cyber threat landscape
• Key management actions that leaders can pursue to ensure their key business capabilities remain fit-for-purpose in the face of changing market and regulatory forces
• Key changes necessary to manage hybrid IT landscapes (both on-prem and cloud), and the movement of workloads between the two
Peter Haviland, Head of Strategy and Architecture at Australia Post

Peter Haviland

Head of Strategy and Architecture
Australia Post

4:50 pm - 5:20 pm Unpacking The Cyber Tool-Kit: The Critical Need For A Strong Cyber Culture

Despite organisations continuously investing in security tools , the number of data breaches worldwide has continued to increase year-on-year. Why? What is the integral missing piece in your security tool kit and how can it be addressed to ensure a stronger cyber culture across A/NZ? In this session, follow Ray as he covers:
  • What a technically trained leader means for the business
  • Assessing the capabilities of your cyber tool-kit
  • Reaching outside the cyber team from broader skill sets
  • A look at how NZ is driving security culture and lessons learned so far
Ray Chow, Head of IT Risk and Security at New Zealand Post

Ray Chow

Head of IT Risk and Security
New Zealand Post

BrainWeave & Business Meetings

5:20 pm - 6:20 pm BrainWeave™ - Leveraging Metrics and Reporting To Gain A Deeper Insight Into The Threat Landscape of Your Organisation

Improving metrics and reporting not only makes vital business insights readily available but also more digestible. In this session, cover:
• Improving the reporting system to be more human-friendly
• Ensuring vital information remains secure
• Finding a common language between the business team and the tech team
Robert Wiggan, Director Information Security at Queensland University of Technology

Robert Wiggan

Director Information Security
Queensland University of Technology

5:20 pm - 5:50 pm One-to-One Business Meetings

5:50 pm - 6:20 pm One-to-One Business Meetings