CISO Canberra schedule

In this 10-minute networking session, the goal is to connect with three new people. Let the questions on the screen spark your conversation. Enjoy the opportunity to expand your network!

Private Sector and Government organisations face the dual challenge of maintaining stringent data compliance while ensuring rapid data access to drive innovation. Learn about how two of Australia's key Financial Services organisations tackled delivering continuous compliance all while positively impacting development teams.

Learn how to integrate a continuous compliance framework, discover actionable strategies, and explore the latest tools and technologies. Designed for cybersecurity professionals and decision-makers, this session will equip you with the knowledge and tools to protect your organisation’s data, empower your teams to innovate securely and efficiently, and ultimately improve citizen experiences.

• Understand the current state of the threat landscape, including the most prevalent types of attacks, such as ransomware, phishing, and supply chain compromises
• Gain insights into the latest cyber threat trends, including the rise of ransomware, targeted phishing, and AI-driven attacks, and learn about new vulnerabilities impacting the nationwide and global landscape.
• Stay informed about the latest threat trends and adversary tactics, organisations can better prepare themselves to defend against increasingly sophisticated attacks. 
• Discover the knowledge and tools needed to enhance security posture, prioritise security investments, and foster a culture of proactive threat management.

• Discover how the Risk Operations Centre (ROC) elevates cyber security risk management.
• Understand key concepts such as Value at Risk (VAR) and Enterprise True Risk Management (ETM).
• Learn the “language of risk” for clearer assessment and communication of cyber threats.

• Recognising workplace realities that influence cybersecurity culture maturity.
• Explore principles to help you simplify cybersecurity engagement with your teams.
• Discover practical examples to lift cybersecurity culture and miminise the compliance burden on teams.

• Discuss the current state and challenges in building strong partnerships forged across public and private sectors to defend against sophisticated threat actors.
• Understand the importance of establishing trust and the impact of cultural change required for effective public-private collaboration.
• Explore communication and collaboration structures needed for effective information sharing and joint action.

Panel moderator:

Dan Haagman, Doctoral Security Researcher

Panellists:

Mitchell White, Chapter Lead Senior Cyber Security Specialist, Telstra

Professor Debi Ashenden, Director of the Institute for Cyber Security (IFCyber), UNSW

Jagdish Mehra, A/g CISO Cyber Security Division, Services Australia

Cybercriminals have moved to a “mobile-first” attack strategy. Why? because in many cases, mobile is an easy target. 

• Take a look at some recent data on mobile threats in our backyard and understand why Australia is the "global leader in mobile malware" 
• Explore the differences between "managing" and "securing" mobile devices and apps
• Discover how leading Australian Government Departments are closing the visibility gap on mobile

• Examine the cyber security challenges emerging from the integration of Artificial Intelligence in enterprise environments, particularly into the multifaceted risks, outcomes, and strategic responses essential in the current and future AI-driven cyber security realm.
• Explore AI-specific cyber security risks, the presentation reviews various threats, including sophisticated data breaches and manipulations of AI systems, data sets, mis/dis information and the dead internet.
• Illustrate a vivid picture of how AI, if compromised, can have far-reaching impacts on national security, economic stability, and international relations.
•  

• Explore the latest methods cybercriminals use to exploit human vulnerabilities to access sensitive information and compromise systems.
• Learn strategies to build organisational awareness and defences to mitigate the risks associated with social engineering.
• Discover how fostering a culture of cyber security awareness can empower employees reducing susceptibility to social engineering attacks and enhancing overall resilience.

• Get serious - and build the relationships before the incident.  Write the process and test the process
• On educating people: storytelling
• Creating an environment of being alert and not alarmed where people are encouraged to report.

Due to the constant evolution of our internal networks and in the face of an unforgiving threat landscape, Security Operations teams are constantly looking at new ways to enhance their visibility in order to better anticipate cyber threats. This session will explore the importance of how enhanced detection and response capabilities, visibility of your attack surface, and cyber threat intelligence can be helpful in better focusing your cyber security defences.

Matt will share a no-nonsense overview of how you can adopt zero trust principles to protect your applications and infrastructure including:

• Key dependencies to fulfil before starting a zero trust network transformation
• Key components of a zero trust technology stack and their roles in the overall solution
• Pragmatic policy design principles you can use to avoid “boiling the ocean” and get the most risk reduction for the least effort
• Aspects of zero trust architecture of most benefit to knowledge worker and customer service provision use cases prevalent in the public sector

• Explore the critical challenges posed by supply chain attacks and third-party risks, including potential financial, reputational, and operational impacts on organisations.
• Delve into the anatomy of supply chain attacks, emphasising the importance of robust risk assessment, due diligence, and continuous monitoring of third-party activities.
• Discuss tailored mitigations strategies to effectively lead organisations in mitigating evolving supply chain risks.

• Understand what ASD services are available for government uplift
• Explore practical strategies for bolstering incident response plans and advancing cyber security maturity
• Hear case studies and insights into commonwealth cyber uplift

Take a journey through the operational environments of 2024, exploring evolving threat vectors and the essential measures required to secure and enable a resilient nation. 

• Implement practical strategies and methodologies to achieve a high maturity level with the Essential 8 framework, showcasing key steps and milestones.
• Address real-world challenges and mitigate significant gaps and risks that persisted despite achieving high maturity, highlighting effective solutions and adjustments.
• Overcome resource constraints and effectively apply Essential 8 controls in a smaller government department, including innovative approaches to managing limited staff and budget.

• Understand the critical role that human behaviour and organisational culture play in effective cybersecurity
• Discover techniques for fostering a security-conscious mindset and encouraging proactive cyber hygiene practices
• Explore methods for measuring the impact of security awareness initiatives and continuously improving the cyber-aware culture
• Gain insights into real-world case studies and best practices to equip employees with the knowledge, skills and motivation to be active participants in safeguarding the organisation

Panel moderator:
Elizabeth Kinuthia, Assistant Director, Cyber Security Governance, Risk and Assurance, ACT Government

Panellists:

Andrew Dimech, Infrastructure Manager, ING Australia

Sarah Luscombe, CISO, Luscombe Solutions Australia

Philip Wagner, Senior Cyber Security Advisor, Department of Prime Minister and Cabinet