13 - 14 August, 2019 | Mercure Resort, Hunter Valley Gardens, NSW

Exchange Day 2: Wednesday 14th August 2019


7:15 am - 8:00 am Breakfast & Registration


8:00 am - 8:10 am Chairperson's Opening Remarks

Case Study

8:10 am - 8:40 am How Tabcorp Combined Two Security Silo’s Through An Organisational Restructure

In late 2017, Tabcorp Holdings and Tatts Group combined to create a world-class, diversified gambling entertainment group. Not only did this double the size and the scope of the business, but also brought together two disparate and operationally diverse security teams. With the combined knowledge between them, Tabcorp is lifting the InfoSec bar with each new security process. In this session, hear Brendan deep-dive into:
  • Creating the next-generation security team and standardized security processes across two security silos
  • Getting the executives thinking about security by implementing new approaches from policy all the way down to governance level
  • Maintaining a flexible and agile team to deal with organisational restructures whilst upholding the strong security function
Brendan Smith, Chief Information Security Officer at Tabcorp

Brendan Smith

Chief Information Security Officer

Panel Discussion

8:40 am - 9:20 am Cyber Security Privacy Panel

Modern-day organisations are becoming increasingly complex in both operations and governance, and with data becoming strongly embedded in each and every moving part, it can be difficult to know who owns what security process. With that in mind, this panel will deep-dive into all things privacy, including:
  • Selling privacy to the board and gaining executive buy-in
  • Clarifying who owns what
  • Understanding where your data is kept and what security process surround it to prevent insider threat
  • Expanding your scope to include insight into privacy policies within your supply chain

BrainWeave & Business Meetings

9:20 am - 10:20 am BrainWeave™ - From Framework To Solutions: Third-Party Risk Assessment Collaboration

A number of challengers lay ahead with business relationships becoming more dynamic and integrated. Data sharing and custodianship, APRA/PCI/NIST requirements, and general good risk management practices are all demanding due diligence cyber security processes. In this BrainWeave, have an open discussion on:
  • How sharing information can help meet demands for the overwhelming number of assessments required;
  • Why frameworks are operated to the constraints of existing organisations
  • How to achieve solutions for all parties with a repeatable and traceable assessment process
  • The business value of supplier assessments and how to refocus your team on business risk

9:20 am - 9:50 am One-to-One Business Meetings

9:50 am - 10:20 am One-to-One Business Meetings


10:20 am - 10:50 am Morning Tea & Networking Break


BrainWeave & Business Meetings

12:20 pm - 1:20 pm BrainWeave™ - Critical Factors In Securing A Successful Cyber Security Outsourcing Deal

One of the greatest challenges faced by Cyber Security Teams is how to secure an Outsourcing or Offshoring deal. Whether it be as a cyber security professional embedding outsourced cyber security controls, or as a security services owner implementing security services. In this BrainWeave, discuss with your peers the top 5 critical success factors that are necessary in a successful outsourcing deal.

Andy Chauhan, Chief Information Security Officer at Ausgrid

Andy Chauhan

Chief Information Security Officer

10:40 am - 11:10 am One-to-One Business Meetings

11:10 am - 11:40 am One-to-One Business Meetings


1:20 pm - 2:20 pm Lunch & Networking Break

Case Study

2:20 pm - 2:50 pm How Bank of Queensland are BOQ-ifying the NIST Framework To Accurately Measure Cyber Capabilities

The NIST framework is generally accepted as the leading best-practice framework across the Cyber Security landscape. Although designed with the purpose of arranging resources to be easily digestible by both the board and IT department, it is not a one-size-fits-all fix. Intricate details of an organisation may be missed if the NIST framework is followed too closely. In this session, hear how BOQ have:
  • Personalized the NIST framework to accurately measure the success of their cyber security capabilities
  • Improved discussion with the board as a result of improved metrics and reporting
  • Gained a deeper understanding of where their cyber gaps and strongest coverage lie
Steven York, Chief Information Security Officer at Bank of Queensland

Steven York

Chief Information Security Officer
Bank of Queensland

2:50 pm - 3:20 pm Developing an Effective Response to Australia’s Security Regulations: The GDPR and NDB Scheme

A year and a half on from Australia’s double-regulation hit, which saw EU’s General Data Protection Regulation and Australia’s Notifiable Data Breach Scheme come into effect, many CISO’s are still searching for the right approach to ensure organisational compliance. This session will see Steven look at:
  • Identifying organisational risks and pain-points in regards to regulation compliance
  • Understanding the critical paths to compliance – why do I need my data and how do I document my reasons for it?
  • Maintaining compliance without reducing the ability to collect and store data relevant to business analytics
Steven Cvetkovic, Chief Information Security Officer at Swinburne University of Technology

Steven Cvetkovic

Chief Information Security Officer
Swinburne University of Technology


3:20 pm - 3:30 pm Chairman's Closing Remarks and End of Exchange