-
CISO AUCKLAND - DAY ONE
-
08:20
Register; grab a coffee. Mix, mingle and say hello to peers old and new.
-
08:35
Ngāti Whātua Ōrākei - Mihi Whakatau
- Te Aroha Grace -
-
08:50
Welcome from Corinium and the Chairperson
-
09:00
Ministerial Keynote: Embracing opportunities in the digital economy by strengthening NZ’s security posture
The Hon. Chris Penk - Minister for Building and Construction - Associate Minister of Defence
-
09:25
The Best Kept Secret in Security
Jamie Wright - Field CTO ANZ - HashiCorp
Credentials, API tokens, certificates, keys. All of these secrets are growing at a rapid rate as we work towards building least privilege patterns. This proliferation introduces significant challenges for visibility, lifecycle, and user experience, and poses significant risk when they fall into the hands of bad actors. In this talk, Jamie Wright, Field CTO ANZ for HashiCorp looks at the necessary shifts that you need to make to keep your secrets safe. -
09:50
Aligning cyber and business strategies – Mission: Impossible?
Brett Williams - General Manager, Cyber Security - Bank of New Zealand
Dive into a comprehensive exploration of strategic security planning amid the dynamic landscape of cyber threats. This session will discuss a useful framework of to-do’s for formulating robust and future-oriented security strategies. By asking the right questions, we'll uncover critical insights and approaches that help your organisation anticipate and mitigate risk, thereby securing a more resilient future in an era of growing uncertainty.
-
10:15
Get refreshed! Mingle
-
10:45
Presenting Cybersecurity to Boards and Senior Executive Teams
David Eaton - Project Director, Operational Planning - KiwiRail
During this presentation, we will explore how cybersecurity can be prepared to present to Boards and Senior Management in simple and effective terms. Join us for insights on how to shift the presentation of cybersecurity away from technical jargon and controls to risk frameworks, policy & mitigation that Boards understand.
-
11:10
Staying ahead of the emerging threats curve
As the threat landscape evolves, so does the motivation driving threat actors’ behaviours. This session explores the transformational power of aligning technology risk with your core business strategy, forging a shield against emerging risks. Join us to discuss the importance of effectively managing enterprise-scale cybersecurity risks, including the intricate web of third-party and supply chain considerations.
-
11:35
How robust cybersecurity programs improve the resilience of your organisation
Alistair Vickers - CISO - Horizon Energy Group
- Build a well-developed program that supports and is tailored to the organisation’s needs
- Create a well-designed program with cooperation and support from stakeholders and management
- Develop effective metrics and KPIs for program design, implementation, and management performance assessment
-
12:00
Setting security strategy by navigating the threat landscape
One of the aims of a security program is to address the risk associated with the ‘threat landscape’ faced by an organisation. But what is a threat landscape? In this talk, we will discuss some approaches on how to characterise and map the threat landscape, derive an organisational risk profile, and set objectives for a workable security program. We’ll look at how the characterisation of the threat landscape aligns with the desirable characteristics of a security program. This approach has a strategic focus and guarantees an optimal security spend in terms of product selection, implementation, and operational parameters for the program.
-
12:25
Keynote Panel: Advancing your cyber maturity through GRC
- Sharpening standards and compliance practices for MBIE regulated industries
- Assessing the cost-impact of compliance from a strategic perspective
- Complying with CCCFA regulations, and other standards such as ISO27001 and NIST
- Sharing information and intelligence to support the wider ecosystem
Panellists:
Eli Hirschauge, Head of Info Security, ANZ
Laura Ross, Head of Cybersecurity Strategy & Architecture, Vodafone New Zealand
Jean-Pierre Walle, Group Manager Security Assurance, Te Whatu Ora Health New Zealand
Dane Maslen, CISO, Kami
-
13:00
Lunch and networking
-
TRACK A:
-
14:00
Speed Networking – Making new connections!
During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!
-
14:10
Overview of the AI Cyber Security for the latest ISO42001:2023
Adwin Singh - Domain Lead, CISO Office - Inland Revenue Te Tari Taake
The Information Technology — Artificial intelligence — Management system is the world’s first AI management system standard, providing valuable guidance for this rapidly changing field of technology. It addresses the unique challenges AI poses, such as ethical considerations, transparency, and continuous learning. For organizations, it sets out a structured way to manage risks and opportunities associated with AI, balancing innovation with governance and benefits are.
- Framework for managing risk and opportunities
- Demonstrate responsible use of AI
- Traceability, transparency, and reliability
- Cost savings and efficiency gains
-
14:35
Attack Trends - How Phishing as a Service and Gen AI have Revolutionised Email Bourn Attacks
Antonio Rancan - Senior Sales Engineer - Abnormal Security
Phishing-as-a-Service is now a thing. It's cheap, cloud managed and comes with support. It side-steps MFA and allows criminals into your Microsoft, Google, Apple and Github accounts. Combine this with Generative AI and now threat actors have sophisticated phishing attacks with cleverly crafted language at their fingertips.
In this track session, I'll show real examples of the threats coming from Ph-a-a-S and examples of how Gen-AI is being used to develop sophisticated attacks. I'll also discuss how good AI can be used to fight bad AI and the onslaught of cleverly crafted phishing. -
15:00
Panel: Bringing cyber to the steering committee, senior management and the board’s attention
- Effective ways to influence boards and senior management on how security is aligned with the business goals
- Engaging the Steering Committee: How to get cross-functional representatives to be security cheerleaders
- The power of joining forces to assess risks, implement security controls, and ensure tech infrastructure is compliant to regulations
Panellists:
Julie Watson, CIO & CISO, WorkSafe New Zealand
Deepak Veerasamy, Head of Information Security and Infrastructure Modernization, AIA New Zealand
Nick Tucker, Head of Information Security, The Co-operative Bank
Andrew Meyer, Head of Information Security, NZ Super Fund
-
15:25
Secure as a Value Centre
During this session, we will discuss the value a CISO brings across the enterprise.
- Being able to show risks that were picked up and prevented
- Being able to show a reduction of risky behaviours though monitoring, behaviour adjustment and enforcement
- Reporting on attacks stopped
- Reducing time to remediate
- Consistent policy deployment (reduced time, clear protection)
- Integration into automation reducing engineering hours
- Consistent protection across clouds and lifetime of platforms
-
TRACK B:
-
14:00
Speed Networking – Making new connections!
During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!
-
14:10
Cultivating a cyber-safe workforce: Tailored awareness and behavioural strategies
- Importance of human factor to cyber security and why most cyber awareness efforts fail
- Tailoring security awareness programs to address cyber risks and business priorities
- Strategies to influence behaviour and create a cyber-safe culture
- Account takeover techniques and measures that can be taken to help protect against them
- The accuracy of advanced behavioural data science in identifying anomalous behaviour
-
14:35
Delivering security of applications and APIs
- Identifying and mitigating API bugs and vulnerabilities
- The importance of doing API threat modelling early in the development process
- Addressing API-related compliance concerns and keeping up with changing security requirements
- Can AI improve Zero Trust of APIs?
-
15:00
Panel: Cyber Risks for Critical Infrastructure Operators
- Understanding how IT is converging with OT and how to protect them in the network
- How to overcome the increase of cyber risk to industrial control?
- Adopting cybersecurity strategies across your ICT (industry control systems)
- Managing vulnerability for OT/IoT devices
- Key cybersecurity considerations of networks, mobile and the cloud
Panellists:
Aaron McKeown, CISO, Vector Limited
Jenni McNeil, Head of Information Security, Contact Energy
Tracey Saunders, General Manager Digital Transformation, Aurora Energy
Matthew Ireland, Chief Digital Officer, Alpine Energy Group Limited
Craig Adams, VP of Products, Rapid7
-
15:25
Fortifying your Security Operations with Enhanced Visibility
Due to the constant evolution of our internal networks and in the face of an unforgiving threat landscape, Security Operations teams are constantly looking at new ways to enhance their visibility to better anticipate cyber threats. This session will explore the importance of how clarity of goals, visibility of your attack surface, and cyber threat intelligence can be helpful in better focusing your cyber security defences.
-
15:55
Get refreshed! Mingle
-
16:10
Reducing App Risk at scale at pace
Craig Adams - VP of Products - Rapid7
The landscape of software development is rapidly evolving, and with it, new challenges. Developers are tapping into the power of Cloud Native Software and Generative AI to accelerate value creation but are also unwittingly ramping up potential vulnerabilities faster than ever before. During this session, we’ll explore the obstacles ahead along with strategies to turn these challenges into opportunities for security and efficiency.
-
16:35
Creating big impacts with small cybersecurity teams
Pia Lange - Information Security Manager - Sharesies
-
17:00
Cybersecurity as a Business Enabler: Strategies for Success
Rameez Bhat - Principal Security Consultant - Spark
- Overview of the threat landscape
- Importance of cybersecurity beyond mere compliance
- How robust cybersecurity practices can drive business growth
- Integrating cybersecurity goals with overall business strategy
- Metrics and KPIs to demonstrate cybersecurity effectiveness
- Cybersecurity as a continuous journey, not a destination
-
17:25
Closing Remarks
-
17:30
Day One Close and CISOs Cocktail Reception & Networking
Not Found
-
CISO AUCKLAND - DAY TWO
-
07:20
Cyber Leaders Private Breakfast
(Invite Only) -
08:20
Register; grab a coffee. Mix, mingle and say hello to peers old and new.
-
08:50
Welcome from Corinium and the Chairperson
-
09:00
Governing Through a Cyber Crisis – Strategies for Boards
Gaurav Vikash - Head of Security and Risk, APAC - Axon Enterprise
Key strategies and best practices for Boards to navigate and manage a cyber crisis to ensure business continuity and organisational resilience in both short and long terms.
-
09:25
Developing cyber programs from the ground up
Designing a security operating model with people, processes, and technology at the core of your strategy is key. How to factor in the business strategy into the operating model, and how to take your business requirements as part of that process.
-
09:50
Keynote: What Happens When a Breach Happens – Lessons from a Real-Life Data Breach
Andy Pace - Network & Information Security Manager - MediaWorks
-
10:15
Get refreshed! Mingle
-
10:45
A Fresh Approach?
Roger Temple - CISO - PGG Wrightson
- Bad guys are making an ever-increasing quantity of money
- Are we getting it right
- Do organisations need a fresh approach to InfoSec
- What we should expect from the board and C-suites; it’s a 2-way street
- Can the governments lend a hand
-
11:10
Security integration with DevOps and DevSecOps
- Exploring the pros and cons of development frameworks from a security perspective
- How IT delivery is evolving and what it means for security
- Enabling speed, quality & security with DevOps
- Strategies to embed security into your digital delivery journey
- Effective ways for DevSecOps roadmap design
-
11:35
Strategizing and Modernising Information Governance, Risk and Compliance for today effective cyber resilience
Toh Shang Yee - Head of Information Security (CISO) - MCIS Insurance Berhad (Malaysia)
-
12:00
Quantum Leap: Fortifying your defenses for the post-Quantum Era
Quantum computing's disruptive potential demands proactive planning to mitigate cybersecurity threats. This session explores quantum timelines, impacts, and strategic measures undertaken by forward-thinking organisations. Gain insights to craft a robust migration strategy, fortifying your defenses against the quantum revolution.
-
12:25
Panel: Embracing AI with confidence – leveraging the benefits while mitigating the risks
- What trends are we looking from a security perspective?
- Understanding the risks and implications of offensive AI and how it will change our threat landscape
- How CISOs can be prepared for potential risks
- Strategies to use AI in cyber defence strategies
Panellists:
Michael Karich, Deputy CISO, The University of Auckland
Andy Pace, Network & Information Security Manager, MediaWorks
Tahira Begum, Information Security GRC Lead, Fidelity Life
Tony Allwood, Cyber Security Manager, Silver Fern Farms
Tim Hartman, Head of Solutions Architect - ANZ, Infoblox
-
13:00
Lunch
-
14:00
Measuring the effectiveness of security programs and uplifting maturity
James Blair - Group Manager, Technology & Security - Todd Corporation
During this presentation, James Blair will walk you through the Top 10 things Todd did to move from low to above average from a cybersecurity maturity perspective from a business strategy perspective. Key points include:
- Getting buy-in from the board and steering committee
- Deciding on the most suitable techniques to implement a successful program
- How to ensure internal stakeholders understand the objectives and needs of security controls
- Defining metrics and adopting assurance frameworks
- Uplifting your program’s maturity by focusing on continuous improvement
-
14:25
Comparing challenges and benefits of on-premises and Cloud-based SIEM
On-premises SIEM (Security Information and Event Management) offers control and customisation but faces deployment challenges, costs, and scalability issues. Cloud-based SIEM provides scalability, accessibility, and cost-efficiency but raises customisation and data privacy concerns. Join us to explore the optimal SIEM deployment strategy tailored to your organisation's unique requirements, budget, security needs, and compliance mandates. -
14:50
Panel: Exploring best practice preparing, managing, and responding to incidents
- Assessing the status of your incident response capability: when should you perform read-through, table-top, and red team exercises?
- How can pen-testing and vulnerability management be most effective?
- What are the challenges and benefits of CMDB from an IM perspective?
- Incident Management Systems – benefits of EDR systems, IDPS, and other managed incident strategies
- Reactive Incident response vs Proactive Incident response – how well organisation manage that and how well those tasks are defined and segregated among defensive teams
Panellists:
Grant Anthony, CISO, Orion Health
Andrew Meyer, Head of Information Security, NZ Super Fund
Jon Edney, Head of Cybersecurity & Privacy, Tuatahi Fibre
Andrew Menet, Information Security Manager, Auckland Airport
Mohammed Irfaan, IT Infrastructure Manager, T&G Global
-
15:25
Get refreshed! Mingle
-
15:55
Practical approach to security operations and incident management
- Strategies to uplift your incident response readiness through table-top and crises exercises
- Creating documented procedures, consistent and easy to understand for relevant stakeholders –you’ll need them ready-to-go in case of an incident
- Incorporating board and executive management into IR – what do they need to know and do?
- Take-aways and lessons learned – reviewing what went according to plan and what can be improved
-
16:20
Cultivating a cyber-safe workforce: Tailored awareness and behavioural strategies
- Importance of human factor to cyber security and why most cyber awareness efforts fail
- Tailoring security awareness programs to address cyber risks and business priorities
- Strategies to influence behaviour and create a cyber-safe culture
- Account takeover techniques and measures that can be taken to help protect against them
- The accuracy of advanced behavioural data science in identifying anomalous behaviour
-
16:25
Close of CISO Auckland 2023
Not Found