13 - 14 August, 2019 | Mercure Resort, Hunter Valley Gardens, NSW, Pokolbin, Hunter Valley, NSW

Exchange Day 2: Wednesday 14th August 2019


7:15 am - 8:00 am Breakfast & Registration


8:00 am - 8:10 am Chairperson's Opening Remarks

Case Study

8:10 am - 8:40 am How Tabcorp Combined Two Security Silo’s Through An Organisational Restructure

In late 2017, Tabcorp Holdings and Tatts Group combined to create a world-class, diversified gambling entertainment group. Not only did this double the size and the scope of the business, but also brought together two disparate and operationally diverse security teams. With the combined knowledge between them, Tabcorp is lifting the InfoSec bar with each new security process. In this session, hear Brendan deep-dive into:
  • Creating the next-generation security team and standardized security processes across two security silos
  • Getting the executives thinking about security by implementing new approaches from policy all the way down to governance level
  • Maintaining a flexible and agile team to deal with organisational restructures whilst upholding the strong security function
Brendan Smith, Chief Information Security Officer at Tabcorp

Brendan Smith

Chief Information Security Officer

Panel Discussion

8:40 am - 9:20 am CHIEF PANEL: Third Party Risk Management: Getting An Accurate Understanding of Suppliers, Clients and Partners True Risk Mitigation Capability

With cyber breaches rapidly increasing in both number and complexity, organisations are re-assessing the security strength of existing and potential suppliers, clients and partners. In such a fast-paced environment, getting a clear understanding of your partner’s capability, and in a timely manner, is vital to the security of the organization. In this panel, hear three industry experts discuss:
• How to minimize steps in the vetting process and move partnerships from A to Z quickly
• How to maintain ownership of sensitive data and increasing visibility of third party systems
• The risk and mitigation of risk when dealing with suppliers, clients and partners
• Related parties and third-parties – the new high risk attack vector
• The importance of remembering the ‘people’ side of cyber security - strengthening the human relationship between partnerships
Andy Chauhan, Chief Information Security Officer at Ausgrid

Andy Chauhan

Chief Information Security Officer

Steven York, Chief Information Security Officer at Bank of Queensland

Steven York

Chief Information Security Officer
Bank of Queensland

Jonathan Yaron, Chief Executive Officer at Accellion

Jonathan Yaron

Chief Executive Officer

BrainWeave & Business Meetings

9:20 am - 10:20 am BrainWeave™ - From Framework To Solutions: Third-Party Risk Assessment Collaboration

A number of challengers lay ahead with business relationships becoming more dynamic and integrated. Data sharing and custodianship, APRA/PCI/NIST requirements, and general good risk management practices are all demanding due diligence cyber security processes. In this BrainWeave, have an open discussion on:
  • How sharing information can help meet demands for the overwhelming number of assessments required;
  • Why frameworks are operated to the constraints of existing organisations
  • How to achieve solutions for all parties with a repeatable and traceable assessment process
  • The business value of supplier assessments and how to refocus your team on business risk

9:20 am - 9:50 am One-to-One Business Meetings

9:50 am - 10:20 am One-to-One Business Meetings


10:20 am - 10:50 am Morning Tea & Networking Break

10:50 am - 11:30 am Increasing Agility and Reducing Risk through Automation

As enterprises embrace digital transformation and adopt new technologies such as cloud-based services, software-defined networks, microservices and containers, the IT and cloud environments become increasingly complex and vulnerable to attack. At the same time, DevOps practices are driving an explosion in network connectivity changes. To keep up with change demands, security mandates, and industry compliance requirements, organizations must turn to automation. Tufin Orchestration Suite takes a policy-centric approach to security by automating firewall, policy and application changes with centralized management across heterogeneous hybrid IT infrastructure.

In this discussion, we will walk you through the network security automation journey with a six-step maturity model to reach the ultimate goal of application driven zero-touch automation across physical networks, SD-WAN, and public cloud.

BrainWeave & Business Meetings

11:30 am - 12:30 pm BrainWeave™ - Critical Factors In Securing A Successful Cyber Security Outsourcing Deal

One of the greatest challenges faced by Cyber Security Teams is how to secure an Outsourcing or Offshoring deal. Whether it be as a cyber security professional embedding outsourced cyber security controls, or as a security services owner implementing security services. In this BrainWeave, discuss with your peers the top 5 critical success factors that are necessary in a successful outsourcing deal.

Andy Chauhan, Chief Information Security Officer at Ausgrid

Andy Chauhan

Chief Information Security Officer

11:30 am - 12:00 pm One-to-One Business Meetings

12:00 pm - 12:30 pm One-to-One Business Meetings


12:30 pm - 1:30 pm Lunch & Networking Break

Case Study

1:30 pm - 2:00 pm How Bank of Queensland are BOQ-ifying the NIST Framework To Accurately Measure Cyber Capabilities

The NIST framework is generally accepted as the leading best-practice framework across the Cyber Security landscape. Although designed with the purpose of arranging resources to be easily digestible by both the board and IT department, it is not a one-size-fits-all fix. Intricate details of an organisation may be missed if the NIST framework is followed too closely. In this session, hear how BOQ have:
  • Personalized the NIST framework to accurately measure the success of their cyber security capabilities
  • Improved discussion with the board as a result of improved metrics and reporting
  • Gained a deeper understanding of where their cyber gaps and strongest coverage lie
Steven York, Chief Information Security Officer at Bank of Queensland

Steven York

Chief Information Security Officer
Bank of Queensland

2:00 pm - 2:30 pm Developing an Effective Response to Australia’s Security Regulations: The GDPR and NDB Scheme

A year and a half on from Australia’s double-regulation hit, which saw EU’s General Data Protection Regulation and Australia’s Notifiable Data Breach Scheme come into effect, many CISO’s are still searching for the right approach to ensure organisational compliance. This session will see Steven look at:
  • Identifying organisational risks and pain-points in regards to regulation compliance
  • Understanding the critical paths to compliance – why do I need my data and how do I document my reasons for it?
  • Maintaining compliance without reducing the ability to collect and store data relevant to business analytics
Steven Cvetkovic, Chief Information Security Officer at Swinburne University of Technology

Steven Cvetkovic

Chief Information Security Officer
Swinburne University of Technology


2:30 pm - 2:40 pm Chairman's Closing Remarks and End of Exchange