What’s Happening, and When

All times listed on the agenda are Eastern Standard Time.

7:45 - 8:45

Breakfast briefing (Invite only)


Registration and networking


Presentation: Beating the bad actors – actioning IT security strategies

Protecting your organisation from the many types of threats is becoming an increasingly difficult task, especially given tightening budgets and a skills shortage. This scene-setting talk examines the key trends taking place in IT security.


Case study: REDSPICE: An integrated approach to security – and what it will mean for your organisation

Run by the Australian Signals Directorate, REDSPICE is an ambitious national programme that sets out to reinforce Australia’s cybersecurity. As ASD scales the programme and invests in advanced technologies and analytics capabilities, what will this mean for the nation’s government organisations, critical infrastructure and private businesses as they battle increasingly sophisticated or persistent cyber-attacks? How will they benefit long-term from the ambitions of REDSPICE?


Presentation: Keeping the security threat in the C-suite’s line of sight

Recent, well publicised security breaches have highlighted the importance that good security policies, technologies and professionals play in reducing risk to an organisation. But time blurs memories. How do chief information security officers enhance or maintain board-level support for security policies and ensure that these flow throughout the organisation – particularly when the company is international with its headquarters overseas?


Panel: Know your enemy – Intrusion prevention in a changing threat landscape

Identifying and protecting against incoming security threats requires a multi-layered approach. Protection must prevent opportune and advanced persistent threats, and include your organisation and supply chain. What processes and technologies need to be in place? This panel will investigate the continually evolving threat landscape, key lines of defence and the importance of governance frameworks, especially in a period when budgets are being squeezed.


Panel: Safeguarding the organisation through cyber hygiene best practices

While advanced security technologies can be an attractive investment option, risk can be minimised by adopting best-practice approaches to basic cybersecurity. This panel focuses on those basics, how to avoid excessive controls that hinder business productivity – and opens doors to vulnerabilities as employees seek workarounds – and provides practical examples of cyber hygiene adopted by the panel, including the policies that ensure security is at the heart of the organisation.


Networking break


Panel: Overcoming the talent shortage – smart strategies to plug the skills gap

Organisations report that skilled security professionals are in short supply, making the market competitive and contributing to spiralling wages. What approaches are organisations using to retain or retrain talent to tackle these shortages? What smart ideas are CISO’s introducing to make their company stand out, particularly if their pay structure does not allow them to compete with the industry’s top payers?


Best practice: Regulation compliance – getting internal buy-in

The government has strengthened and extended regulations such as SoCI to protect industries and organisations from bad actors. Preparedness requires planning and buy-in from the board-level downwards, and in many cases also impacts the supply chain. This talk will outline a best practice approach to attaining ongoing robust regulation compliance.


Best practice: Stress testing security plans

As security threats evolve, so must preparedness for major incidents. This talk will examine ways to truly stress test a security policy, developing muscle memory for the organisation and identifying any weaknesses before a major breach exposes a company, its critical data and its reputation.


Case Study: Does security as a service outsource risk?

Criminals are increasingly taking an As-A-Service approach to distributing the tools for different types of cyberattack. But if IT security is an organisational risk, it is not one that should be fully outsourced. As cybercrime or ransomware as a service evolves, what implications does this have for As A Service approaches to security provision? Does an AAS approach result in a faster response to protection or create new risk for the CISO?




Panel: What corporate technologies pose the biggest security risk?

Technologies such as the cloud, APIs, IoT, AI (and ChatGPT) can all pose security implications for the CISO, particularly as cybercrime techniques advance. This panel will examine the types of threats these technologies expose an enterprise to and how they are transforming security provision and the risk environment. It also explores how CISOs will navigate the challenge of protecting against today’s threats vs preparing for potential future threats new technologies introduce.


Interview: Implementing advanced monitoring technologies

As company networks become more complex it changes thinking around where the edge of the network exists, and creates additional IT security challenges, particularly where on- and off-premise infrastructure must be protected. Techniques such as security information and event management monitoring is becoming more advanced, using AI and machine learning to detect potential threats. This interview will look at the advanced monitoring techniques and tools that CISOs can employ to give them real-time visibility across their network.


Case study: Using zero trust network access to protect company assets

As organisations transform their infrastructure to allow anytime, always access approaches to work, securing the network becomes more difficult. A zero-trust approach to access across the network will provide more security than traditional approaches, but is a challenge to deploy correctly. Who should be involved in a zero trust project rollout, and what are the best approaches to getting user buy-in and to implementing the technology?


Networking break


Case study: Setting up a passwordless authentication system

Compromised credentials represent a significant percentage of security breaches. The next stage of zero trust is to switch to passwordless authentication, which is harder to crack than traditional passwords. Like zero trust systems, the technology comes with benefits and challenges. This case study will focus on best practice approaches to implementing passwordless authentication, its advantages, the hurdles to be aware of and whether it could be right for your organisation.


Best Practice: Preventing data analytics from becoming a security vulnerability

Increasingly organisations are reliant on predictive data analytics and dashboards accessed by wifi-connected distributed devices for decision making. People want insights based on ever more data without delay. How do organisations make sure the competing demands of anytime, anywhere, any device data access meets the stringent security requirements to protect that valuable data and comply with regulations such as where the information is stored?


Panel: Fit-for-purpose security in distributed data environments

While vendors push the advantages of a cloud-first environment, many companies are not ready for their data to exist in such an environment. This can create disconnects between an organisation’s desired data management strategy and the realities of protecting valuable – and often personal – information that may be distributed across devices, departments or territories. Data sovereignty rules can add another layer of complexity. This panel will highlight the playbook for avoiding data sprawl that creates undue risk for the CISO, showcasing the benefits of having measurable, good quality data loss prevention procedures, tools and governance in place.



Agenda subject to change.