Cyber Security Part 2: Operating in the New Normal

Main Virtual Event: 8th September 2020
Government Focus Day: 9th September 2020
9:20 am - 1:00 pm (AEST) | Free to Attend

Virtual Summit Day One: 8 September 2020

9:20 am - 9:30 am Opening Remarks

9:30 am - 10:00 am Achieving Cyber Resilience By Maturing Your Ability To Absorb & Rapidly Respond To Cyber Risks For The New Normal

Guy Newell - APJ Regional Manager, Office of the CISO, ServiceNow
Brian Spring - Security Solutions Specialist, A/NZ, Service Now

Public and private sector are and should be in a constant state of defence. They continue to be faced with new and advanced cyber-attacks that increase the overall risk to citizens and customers. Bringing together cyber risks and operational risks is key to improving an enterprise risk management strategy and resulting operational resilience. While cyber related operational risk has traditionally focused on how to avoid foreseeable catastrophic events, operational cyber resiliency is achieved by having the ability to absorb and rapidly respond to such events, and to further learn and adapt to them. Our session will focus key challenges and practical steps in achieving cyber resilience.

img

Guy Newell

APJ Regional Manager, Office of the CISO
ServiceNow

img

Brian Spring

Security Solutions Specialist, A/NZ
Service Now

10:00 am - 10:30 am Leveraging Machine Learning To Improve Agility In Detection and Response Around Cyber Breach Risks/DLP As User Behaviours Constantly Change In The “New Normal”

Stephane Fichet - VP, Head of Data Protection, Remediation & Investigation Team, BNP Paribas

Machine learning and data analytics promise tremendous scope for improving infosec programs with over 90% of cyber attacks caused by a lack of data-driven understanding and monitoring of cyber hygiene. In this session, Stephane will reflect on his experiences with leveraging ML at BNP Paribas to improve detection of breaches and DLP risks as Covid-19 made understanding staff behaviors challenging as they shed the following of standard work procedures and protocols in a remote-work operating model. In this session, learn about:

  • Understanding structural and skillset changes necessary to mature your traditional infosec team into one reliant on automation and analytical services
  • Using machine learning – considerations with developing this capability and avoiding developer bias in detection
  • Updating incident management and remediation processes to changing/new staff behaviors through remote working
  • Improving staff hygiene and practices by taking a solution-oriented response that balances DLP outcomes without impacting business outcomes

img

Stephane Fichet

VP, Head of Data Protection, Remediation & Investigation Team
BNP Paribas

10:30 am - 11:00 am Zero Trust Architecture: Must-Dos and Common Pitfalls To Avoid For A Secure A Truly Digital Operating Environment

Sami Laine - Director Technology Strategy, Okta

Zero trust is often being touted as the solution to the sudden expansion in the cyber security perimeter that remote working has brought about. Lack of control over networks and end points and complexities with identity authentication are just a few of the big rocks any CISO today is having to think about. In this session, hear how to create a mature, scaled zero trust environment in their organisation to understand:

  • What are the key steps necessary to building a strong foundation for zero trust?
  • What are the key bottlenecks you’ve had to overcome with enabling and scaling this approach? (Technical and non technical)
  • Is there something you’d do differently based on your implementation experience?
  • What are the next steps you’ll take with maturing your zero trust framework?


img

Sami Laine

Director Technology Strategy
Okta

11:00 am - 11:20 am Break

11:20 am - 11:50 am Lessons Learned About Cyber Security Maturity & The Threatscape From Australia’s Last 6 Months In Lockdown

Glenn Maiden - Director of Threat Intelligence, Fortiguard Labs Australia
  • We have now had 6 months of living with Covid. Many, if not most organisations have effectively setup architectures to allow staff to work remotely. In the initial rush to move staff to remote access, many in the security industry painted a picture of doom and gloom. In this session we will explore if the initial fears were founded. Did threat actors significantly change their MO? Overall, did we expose our sensitive data to breach in the changes? How are we going with the benefit of 20/20 hindsight?
img

Glenn Maiden

Director of Threat Intelligence
Fortiguard Labs Australia

11:50 am - 12:20 pm Developing A Fit For Purpose Third Party Risk Management Framework and Controls To Detect And Manage Risks Amplified By Covid-19 And Remote Workforces

Barry Magsanay - Global Head of Information Security & Americas IT Services, Treasury Wine Estates Global
Bashir Semkula - IT Security, Architecture & Governance Manager, University of New England

Most infosec teams today have been thinking hard about third party risk (TPR) management as their organisation transitions to the new "normal" that we'll adopt likely post Covid-19 too. Traditional surveys and frameworks are not going to be fit for purpose anymore in this environment and in this talk, see panelists will reflect on their professional experiences to share insights around:

·        What gaps in your TPR did you uncover through your Covid-19 experience?

·        How are you changing controls and governance over cyber risks & third party risks for the future?

·        What are some ways you’re trying to improve how TPRs are quantified and understood by the business?

·        How do you seek to improve quality and speed of data collection across your third party environments?

·        What steps are you taking to enable an automated, continuous monitoring approach to TPRs?

img

Barry Magsanay

Global Head of Information Security & Americas IT Services
Treasury Wine Estates Global

img

Bashir Semkula

IT Security, Architecture & Governance Manager
University of New England

12:20 pm - 12:50 pm Improving Quantification, Measurement & Prioritisation of Technology Risks In A Rapidly Expanding & Digitising Threatscape

Neha Malhotra - VP, Cybersecurity Program Manager, Credit Suisse

As organisations accelerate digital transformation programs, with a consequent expansion within emerging technologies, they are constantly exposing their organisations to digital IT risk. With limited budgets and an expanding threat environment and risk landscape to secure, this session will see Neha Malhotra reflect on to share insights around:

  • Balancing digital transformation with digital resilience by advancing cyber risk management from Security to Resilience
  • Re-designing traditional frameworks to improve how technology and cyber risks should be defined and measured
  • Re-thinking ways to improve quantification of various technology risks in dollar terms for appropriate funding and resource prioritisation
  • Overcoming challenges with bringing risk and cyber security functions together
img

Neha Malhotra

VP, Cybersecurity Program Manager
Credit Suisse

12:50 pm - 1:00 pm Closing Remarks