CISO New Zealand schedule

In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network!

This one-on-one conversation delve into stories behind the decisions, inflection points and leadership lessons that have shaped their journey. From earning trust and building influence to navigating complexity under pressure, the dialogue explores what they might approach differently today and what they still stand by. More than frameworks and controls, this session reveals how the CISO role is defined by the judgement calls that matter, focusing on the personal side of leadership in one of the most high-stakes positions in any organisation.

Today, staying ahead of cyber threats requires a proactive and adaptive approach. This session will focus on how organisations can optimise threat detection, response, and attack surface management to enhance visibility and build more resilient security operations.

This panel unpacks where organisations are truly using AI, what’s working, what isn’t, and how leaders are separating hype from value in practical, risk-aligned ways.

• How would you assess the current level of AI implementation within your organisation?
• What challenges have you encountered in adopting AI, and how have you addressed them?
• What are the key criteria and considerations for evaluating AI technologies as part of a holistic cyber risk management strategy?  
• What indicators or benchmarks should organisations consider evaluating the effectiveness of AI-driven cyber defence initiatives?

Moderator:

Jason Wood Chair ISACA Auckland

Panellists:

Deepak Veerasamy CISO Kainga Ora

Andy Pace Network & Information Security Manager MediaWorks  

Drawing on frontline reporting and incident trends, NCSC (formerly CERT) outlines the current state of New Zealand’s threat landscape covering what’s changing, what’s persistent, and what’s coming next. This session offers clarity on the risks facing Kiwi organisations and where leaders should focus attention to stay ahead.

• The latest threat activity observed across sectors and systems
• Patterns in attacker behaviour, tactics, and target profiles
• Strategic implications for detection, response, and sector-wide resilience 

Security leaders are under pressure to secure AI-driven cloud environments at the speed of development. This session unpacks strategies for integrating security seamlessly into AI and cloud workflows, ensuring protection while enabling business agility.

Risk can’t just be understood — it must shape decisions, drive priorities, and speak the language of the business. This panel discusses the keys to embed risk thinking into decision-making, repositioning as a powerful tool for alignment, influence, and long-term value.

• How are leading CISOs reframing cyber risk as business risk?
• What does effective risk communication look like – up, down, and across the organisation?
• How are leading CISOs using risk to manage conflicting prioritise and budget constraints?

• What does good cyber risk governance look like; how it will leave your teams feeling empowered?

Moderator

Kavita Chetty Senior Manager Technology Risk NZAA

Panelists

Ronald Chung Head of Risk (Information, Technology & Cyber Security) BNZ

Laura Marshall Head of Information Security LIC

Richard Harrison Head of Cyber & Architecture Foodstuffs SI 

Harnessing global threat intelligence allows organisations to move from reactive defence to proactive threat mitigation. This session will demonstrate how consolidating and operationalising threat feeds can improve security agility, enhance visibility across systems, and drive a more resilient cyber security posture.

A cyber-conscious mindset and security-aware culture are non-negotiable. It is not just about ticking boxes with e-learning or phishing tests. Real success is when people instinctively make safer choices and even share tips with family and friends. That’s when culture truly sticks. This session explores practical ways to embed that mindset and turn everyday behaviours into security habits.

Cybercriminals exploit weak segmentation to move laterally across networks, increasing the impact of breaches. This session will break down real-world attack patterns, revealing how organisations can disrupt lateral movement and reduce the success of cyber threats. 

Cyber incidents don't stay confined to the SOC — they quickly become whole-of-business events. This session explores how security leaders are aligning technical response with executive-level crisis management to ensure clarity, speed, and coordination when it matters most.

• The anatomy of cyber disruption from a senior leadership lens – what makes it uniquely difficult?
• How to build "muscle memory" for high-pressure response (beyond the plan)
• Bridging the gap between security experts and executive decision-makers

As corporate and operational environments become increasingly interconnected, securing the corporate infrastructure is essential for building a resilient operational framework. This session will explore strategies to mitigate risks, protect critical assets, and ensure business continuity through a strong security foundation. 

Tick-box compliance is no longer enough. This presentation explores how organisations are moving beyond policy-driven approaches to build real and measurable cyber capability through their GRC functions. Learn how embedding technical thinking into risk frameworks, reporting and decision-making helps turn intent into action and drives stronger security outcomes.

APIs, tokens, and compromised credentials continue to be the top threat vector for SaaS applications. In this session, we’ll explore how attackers gain access, why these breaches often remain undisclosed, and what steps you can take to implement a proactive SaaS security model.

Join Adarsh as he shares how security operations were enhanced within a critical infrastructure environment. This session will explore strategies for increasing log visibility in high-risk areas, aligning threat intelligence with detection workflows, and validating coverage through adversary simulation. It will also cover the application of structured frameworks to guide detection engineering, the use of meaningful metrics to track progress, and practical approaches to overcoming operational challenges.

AI is becoming a practical tool for detecting and validating threats at speed. This session explores how organisations are using AI to reduce alert fatigue, support overburdened analysts, and improve time to detection. Learn where AI is delivering real value, what pitfalls to avoid, and how to build trust in machine-led decisions. 

This session explores how to embed security thinking into broader organisational decision-making from procurement and product to HR and finance and build a culture where shared responsibility drives better security outcomes.

As organisations move to SaaS and cloud native or hybrid models, identity has become the new security boundary and a frequent source of risk when transitions expose gaps attackers are quick to exploit. This session explores the key questions CISOs should be asking, including:

• What’s really changing in how we manage and secure identity?
• What have we seen go wrong and how can it be avoided?
• Are we thinking clearly about trust, privilege, and lifecycle in cloud-based environments?
• How do we reduce complexity while maintaining control?

As DevSecOps evolves, AI and automation are redefining security operations, enabling proactive, self-managing security frameworks. This session will examine the benefits and challenges of autonomous DevSecOps, offering insights into how organisations can transition towards a continuous and self-sustaining security model. 

Cyber resilience doesn’t stop at the enterprise boundary — especially in a sector reliant on seasonal staff, contractors, and legacy tech. Join Bryan as he shares how one of Australasia’s largest horticulture businesses manages cyber risk across a complex, distributed operation.

• Managing cyber security across a sprawling, seasonal, and third-party-reliant operation
• Tackling the “unsexy” risks: shared passwords, insecure remote access, outdated SCADA/PLC systems
• Setting up vendor controls, contract guardrails, and alignment with business risk appetite
• Cultivating cyber awareness in an industry where IT is often invisible — until something breaks.

This fireside chat explores what defines an effective cyber strategy in the New Zealand context — from aligning with business priorities and building resilience to uplifting sector capabilities and navigating a lighter regulatory environment. A forward-looking conversation on what matters most now, and what’s next.

Ransomware remains one of the most disruptive threats with attackers adapting faster than many defences. This session explores practical strategies for prevention, early detection and effective response. Learn how to reduce impact, strengthen readiness and close the gaps that make organisations vulnerable to modern ransomware campaigns. 

New Zealand’s flexible, trust-based approach to cyber security has long been seen as a strength — but is it enough? With rising threats and growing interdependence, this panel explores whether the time has come for stronger, enforceable regulation, and what a proportionate, uniquely Kiwi model might look like.

• Is voluntary compliance still working or are gaps widening across sectors?
• What would smarter, targeted regulation look like? vs. more red tape?
• Should New Zealand follow Australia’s lead with sector-specific obligations such as SOCI Act?

Moderator:

Rebecca Holdsworth Head of Privacy & Responsible AI One NZ

Panellists:

Kavita Chetty Senior Manager Technology Risk NZAA

Deepak Veerasamy CISO Kainga Ora

Andrew Parker Head of Cyber Security Ryman Healthcare

Scott Shearman CISO House of Travel  

Bridging the gap between strategy and execution is one of the hardest parts of cyber leadership. This session explores how to turn high-level plans into clear, achievable actions that deliver measurable outcomes. From prioritisation and stakeholder alignment to delivery roadmaps and metrics that matter, it’s about making cyber real across the organisation. 

This session explores how AI is reshaping security operations, from advanced threat detection to automated response, while addressing the critical challenge of data security in AI-driven environments.

• How AI enhances data-centric security strategies to prevent breaches and insider threats.
• Best practices for securing sensitive data in AI-powered applications and workflows.
• Navigating evolving regulations and ethical considerations in AI-driven security. 

This panel explores how security leaders are navigating supply chain complexity, driving uplift among vendors with varying levels of maturity, and balancing commercial relationships with the need for assurance.

• How are you gaining visibility into third-party and SaaS risk across your ecosystem?
• How are you evolving vendor assessments to keep up with the pace of procurement and onboarding?
• Where should organisations draw the line between shared responsibility and direct control?
• How can mitigation strategies be tailored to address financial, reputational and operational risks linked to third-party vulnerabilities?

Panellists:

Eli Hirschauge Head of Info Security ANZ

Andrew Parker Head of Cyber Security Ryman Healthcare 

Digital trust is being redefined as identity threats grow more complex. From deepfakes and impersonation attacks to the rapid rise of non-human identities, the identity landscape is evolving. This session explores what these changes mean for verification and control and how security leaders can adapt their strategies to safeguard trust in a world where not every identity is who or what it claims to be. 

Cyber security investment is a balancing act. The goal isn’t to spend more, it’s to spend wisely. This panel explores how security leaders are aligning investment with actual risk, avoiding overengineering, and prioritising what matters most. From risk assessments to board conversations, it's about building fit-for-purpose capability that protects what counts without paying for the platinum package when the essentials will do.

• How do you prioritise investment toward high-value areas without overinvesting in low-risk domains?
• What metrics or KPIs help demonstrate whether security spend is driving real impact?
• How can you balance the need for thorough evaluation with the urgency of fast-moving threats?
• What are the key challenges in securing board support and how do you respond when the answer is no?

Panellists:

Alistair Vickers CIO Horizon Energy Group

Ashley Archibald CISO Natural Hazards Commission

Marek Jawurek Head of Cyber Security Advisory Ampol 

This panel explores the expanding ecosystem of cyber decision-makers — from heads of risk and GRC to operations leads, architects, and advisors — who are driving impact without necessarily holding the top title. Hear how they’re shaping strategy, building capability, and influencing outcomes across diverse career paths.

• What leadership roles are emerging beneath or alongside the CISO?
• How can professionals grow influence without chasing a title?

• How can organisations recognise and support non-linear career growth?

Moderator:

Michael Karich Deputy CISO University of Auckland

Panellists:

Ronald Chung Head of Risk (Information, Technology & Cyber Security) BNZ

Lakshya Mehra National Security Awareness and Phishing Lead Health NZ 

This panel explores how security leaders are embedding a culture of cyber awareness across the organisation. From influencing behaviour to measuring impact, hear how organisations are moving beyond annual training to create lasting engagement and shared responsibility.

• How does human behaviour and organisational culture influence the effectiveness of cyber security practices?
• What strategies can foster a security-conscious mindset and encourage proactive digital habits?
• How can organisations measure the real impact of security awareness efforts and adjust over time?
• What does it take to turn employees into active defenders of your cyber environment?

Moderator:

Lakshya Mehra National Security Awareness and Phishing Lead Health NZ

Panellists:

Ronnie Rahman Head of Cyber & Risk Hamilton City Council

Brad Ward Able Head of Digital Security & Assurance Mitre 10

Scott Shearman CISO House of Travel  

Innovation and security are often seen as opposing forces, but the most successful organisations find ways to balance both. This dialogue brings together forward-thinking cyber security leaders to explore how to foster creativity while maintaining the rigour needed to safeguard organisations.

• What does an innovation mindset mean to you as a cyber leader and how have you applied it in practice?
• How do you create space for experimentation and bold ideas in environments where minimising risk is the norm?
• Can you share a moment where thinking differently led to a shift in your cyber strategy, tooling, or team culture?

Speakers:

Shawn Wang Head of Cybersecurity Governance Risk & Architecture Spark

Kane Narraway Head of Enterprise Security Canva