Public and private sector are and should be in a constant state of defence. They continue to be faced with new and advanced cyber-attacks that increase the overall risk to citizens and customers. Bringing together cyber risks and operational risks is key to improving an enterprise risk management strategy and resulting operational resilience. While cyber related operational risk has traditionally focused on how to avoid foreseeable catastrophic events, operational cyber resiliency is achieved by having the ability to absorb and rapidly respond to such events, and to further learn and adapt to them. Our session will focus key challenges and practical steps in achieving cyber resilience.

Guy Newell

APJ Regional Manager, Office of the CISO
ServiceNow

See Bio

Brian Spring

Security Solutions Specialist, A/NZ
Service Now

See Bio

Machine learning and data analytics promise tremendous scope for improving infosec programs with over 90% of cyber attacks caused by a lack of data-driven understanding and monitoring of cyber hygiene. In this session, Stephane will reflect on his experiences with leveraging ML at BNP Paribas to improve detection of breaches and DLP risks as Covid-19 made understanding staff behaviors challenging as they shed the following of standard work procedures and protocols in a remote-work operating model. In this session, learn about:

• Understanding structural and skillset changes necessary to mature your traditional infosec team into one reliant on automation and analytical services
• Using machine learning – considerations with developing this capability and avoiding developer bias in detection
• Updating incident management and remediation processes to changing/new staff behaviors through remote working
• Improving staff hygiene and practices by taking a solution-oriented response that balances DLP outcomes without impacting business outcomes
• 
  

Stephane Fichet

VP, Head of Data Protection, Remediation & Investigation Team
BNP Paribas

See Bio

Zero trust is often being touted as the solution to the sudden expansion in the cyber security perimeter that remote working has brought about. Lack of control over networks and end points and complexities with identity authentication are just a few of the big rocks any CISO today is having to think about. In this session, hear how to create a mature, scaled zero trust environment in their organisation to understand:

• What are the key steps necessary to building a strong foundation for zero trust?
• What are the key bottlenecks you’ve had to overcome with enabling and scaling this approach? (Technical and non technical)
• Is there something you’d do differently based on your implementation experience?
• What are the next steps you’ll take with maturing your zero trust framework?

Sami Laine

Director Technology Strategy
Okta

See Bio

• We have now had 6 months of living with Covid. Many, if not most organisations have effectively setup architectures to allow staff to work remotely. In the initial rush to move staff to remote access, many in the security industry painted a picture of doom and gloom. In this session we will explore if the initial fears were founded. Did threat actors significantly change their MO? Overall, did we expose our sensitive data to breach in the changes? How are we going with the benefit of 20/20 hindsight?

Glenn Maiden

Director of Threat Intelligence
Fortiguard Labs Australia

See Bio

Most infosec teams today have been thinking hard about third party risk (TPR) management as their organisation transitions to the new "normal" that we'll adopt likely post Covid-19 too. Traditional surveys and frameworks are not going to be fit for purpose anymore in this environment and in this talk, see panelists will reflect on their professional experiences to share insights around:

·        What gaps in your TPR did you uncover through your Covid-19 experience?

·        How are you changing controls and governance over cyber risks & third party risks for the future?

·        What are some ways you’re trying to improve how TPRs are quantified and understood by the business?

·        How do you seek to improve quality and speed of data collection across your third party environments?

·        What steps are you taking to enable an automated, continuous monitoring approach to TPRs?

Barry Magsanay

Global Head of Information Security & Americas IT Services
Treasury Wine Estates Global

See Bio

Bashir Semkula

IT Security, Architecture & Governance Manager
University of New England

See Bio

As organisations accelerate digital transformation programs, with a consequent expansion within emerging technologies, they are constantly exposing their organisations to digital IT risk. With limited budgets and an expanding threat environment and risk landscape to secure, this session will see Neha Malhotra reflect on to share insights around:

• Balancing digital transformation with digital resilience by advancing cyber risk management from Security to Resilience
• Re-designing traditional frameworks to improve how technology and cyber risks should be defined and measured
• Re-thinking ways to improve quantification of various technology risks in dollar terms for appropriate funding and resource prioritisation
• Overcoming challenges with bringing risk and cyber security functions together

Neha Malhotra

VP, Cybersecurity Program Manager
Credit Suisse

See Bio