CISO New Zealand schedule

Credentials, API tokens, certificates, keys. All of these secrets are growing at a rapid rate as we work towards building least privilege patterns. This proliferation introduces significant challenges for visibility, lifecycle, and user experience, and poses significant risk when they fall into the hands of bad actors. In this talk, Jamie Wright, Field CTO ANZ for HashiCorp looks at the necessary shifts that you need to make to keep your secrets safe.

During this presentation, we will explore how cybersecurity can be prepared to present to Boards and Senior Management in simple and effective terms. Join us for insights on how to shift the presentation of cybersecurity away from technical jargon and controls to risk frameworks, policy & mitigation that Boards understand.

In this session, Jack will empower you with a number of important considerations including risks involving new form of technology to enable business (such as using ML & AI) and the best way to utilise and secure them. Attending CISOs will walk out with the following takeaways:

• The use of ML & AI in business, cybersecurity and its challenges
• Challenges around securing data and architecture
• Pinpoint vulnerabilities within your organisation's security stack
• Enable business growth through informed cybersecurity investments based on the latest research and CISO priorities.

Navigating through Disaster Recovery (DR), Business Continuity Plans (BCP), Crisis Management Plans, Incident Response Plans & Playbooks, Tabletop Exercises, and Annual Simulations can be daunting for any organisation. With so many components to consider, it’s easy to feel overwhelmed. But what are the essentials that truly make a difference?

This presentation will highlight common pitfalls to avoid and offer practical guidance for establishing an effective Incident Management framework, including:

• Actionable strategies for building a scalable and cohesive incident management capability.
• Often overlooked factors and stakeholders crucial to successful incident response.
• Tips for effective exercising and training to ensure readiness.

The presentation examines the current cybersecurity landscape, highlighting the value of the Mitre framework as a universal language to communicate, measure, and improve security. By analysing trends and major threat actors, it becomes clear that many attack techniques, particularly around initial access, are commonly repeated. This raises the crucial question of how organizations can leverage this visibility to drive meaningful progress and better defend against these persistent threats.

• Why is GRC relevant to us
• Complying with regulations, and other standards - what are the challenges that needs to be overcome?
• Examine how regulatory requirements vary across industries. and what value can we extract from these approaches?

Panel moderator:

Gunjan Bhaskar, Security GRC Analyst, Spark

Panellists:

Eli Hirschauge, Head of Info Security, ANZ

Laura Ross, Head of Cybersecurity Strategy & Architecture, One NZ

Jean-Pierre Walle, Group Manager Security Assurance, Te Whatu Ora Health New Zealand

Dane Maslen, CISO, Kami

The foundational component of a modern security architecture is a secure identity system. And though most organizations are thinking "cloud first", identity doesn't start in the cloud - it starts on premises. And overwhelmingly that on-premises identity system is Microsoft’s Active Directory (AD).
AD is involved in more than 90% of all cyberattacks today because when it's compromised it gives attackers near-total control over your IT systems. And once crippled by a cyberattack, it requires an average of two weeks to rebuild and regain trust manually - while your business is down.
In this session, we will review:

• Why AD is such a target
• How you can increase operational resilience of this mission-critical identity system by
• Mitigating attacks against your AD
• Significantly reducing its recovery time objective (RTO)

During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

The Information Technology — Artificial intelligence — Management system is the world’s first AI management system standard, providing valuable guidance for this rapidly changing field of technology. It addresses the unique challenges AI poses, such as ethical considerations, transparency, and continuous learning. For organizations, it sets out a structured way to manage risks and opportunities associated with AI, balancing innovation with governance and benefits are.

• Framework for managing risk and opportunities
• Demonstrate responsible use of AI
• Traceability, transparency, and reliability
• Cost savings and efficiency gains

Phishing-as-a-Service is now a thing. It's cheap, cloud managed and comes with support. It side-steps MFA and allows criminals into your Microsoft, Google, Apple and Github accounts. Combine this with Generative AI and now threat actors have sophisticated phishing attacks with cleverly crafted language at their fingertips.

In this track session, I'll show real examples of the threats coming from Ph-a-a-S and examples of how Gen-AI is being used to develop sophisticated attacks. I'll also discuss how good AI can be used to fight bad AI and the onslaught of cleverly crafted phishing.

• Effective ways to influence boards and senior management on how security is aligned with the business goals
• Engaging the Steering Committee: How to get cross-functional representatives to be security cheerleaders
• The power of joining forces to assess risks, implement security controls, and ensure tech infrastructure is compliant to regulations

Moderator:

Manasa Goud, Security & Compliance Analyst, Spark

Panellists:

Julie Watson, CIO & CISO, WorkSafe New Zealand

Deepak Veerasamy, Head of Information Security and Infrastructure Modernization, AIA New Zealand

Andrew Meyer, Head of Information Security, NZ Super Fund

Ron Chemler, Programme Manager - All of Government Services Delivery, Digital Public Service System Transformation, Department of Internal Affairs

During this session, we will discuss the value a CISO brings across the enterprise.  

• Being able to show risks that were picked up and prevented
• Being able to show a reduction of risky behaviours though monitoring, behaviour adjustment and enforcement
• Reporting on attacks stopped
• Reducing time to remediate
• Consistent policy deployment (reduced time, clear protection)
• Integration into automation reducing engineering hours
• Consistent protection across clouds and lifetime of platforms

During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

• Discover how the Risk Operations Centre (ROC) elevates cyber security risk management
• Understand key concepts such as Value at Risk (VAR) and Enterprise True Risk Management (ETM)
• Learn the “language of risk” for clearer assessment and communication of cyber threats

• Understanding how IT is converging with OT and how to protect them in the network
• How to overcome the increase of cyber risk to industrial control?
• Adopting cybersecurity strategies across your ICT (industry control systems)
• Managing vulnerability for OT/IoT devices
• Key cybersecurity considerations of networks, mobile and the cloud

Moderator:

Chirag Joshi, Founder & CISO, 7 Rules Cyber

Panellists:

Aaron McKeown, CISO, Vector Limited

Jenni McNeil, Head of Information Security, Contact Energy

Tracey Saunders, General Manager Digital Transformation, Aurora Energy

Craig Adams, VP of Products, Rapid7

Due to the constant evolution of our internal networks and in the face of an unforgiving threat landscape, Security Operations teams are constantly looking at new ways to enhance their visibility in order to better anticipate cyber threats. This session will explore the importance of how enhanced detection and response capabilities, visibility of your attack surface, and cyber threat intelligence can be helpful in better focusing your cyber security defences.

• Overview of the threat landscape
• Importance of cybersecurity beyond mere compliance
• How robust cybersecurity practices can drive business growth
• Integrating cybersecurity goals with overall business strategy
• Cybersecurity as a continuous journey, not a destination

Jason Wood, Chair of the Board and Past President, ISACA Auckland & Managing Director, Triple Ledger Limited

Phil Coster, Associate Business Partner, Triple Ledger Limited 

As the cybersecurity landscape evolves, organisations face the dual challenge of managing tighter budgets while striving to maintain robust protection. This session explores how strategic approaches to complementing your internal team are essential in a world where platform consolidation is becoming the norm. Phil will delve into how organisations can navigate the complexities of integrating various cybersecurity solutions, ensuring seamless collaboration between platforms, and maximising the value of AI-driven security. The discussion will also address the human element, considering the growing reliance on contractors and their impact on team dynamics and tightening budgets. Join us to uncover strategies for building a resilient, integrated cybersecurity posture that leverages 24/7 service models to strengthen and support your existing teams. This session is designed for senior cyber executives looking to stay ahead of the curve in a rapidly changing environment.

Key strategies and best practices for Boards to navigate and manage a cyber crisis to ensure business continuity and organisational resilience in both short and long terms.

• What trends are we looking from a security perspective?
• Understanding the risks and implications of offensive AI and how it will change our threat landscape
• How CISOs can be prepared for potential risks
• Strategies to use AI in cyber defence strategies

Moderator:

Tony Allwood, Cyber Security Manager, Silver Fern Farms

Panellists:

Michael Karich, Deputy CISO, The University of Auckland

Joseph Carson, CISO, Delinea

Andy Pace, Network & Information Security Manager, MediaWorks

Tim Hartman, Head of Solutions Architect - ANZ, Infoblox

Cyber incidents are increasingly becoming a question of when not if. In this presentation, we'll examine some of the lessons learned from others who have been through an incident and what you, as a cyber security leader, can do to make the most of the opportunity for your business to come back stronger than ever.

During this presentation, James Blair will walk you through the Top 10 things Todd did to move from low to above average from a cybersecurity maturity perspective from a business strategy perspective. Key points include:

• Getting buy-in from the board and steering committee
• Deciding on the most suitable techniques to implement a successful program
• How to ensure internal stakeholders understand the objectives and needs of security controls
• Defining metrics and adopting assurance frameworks
• Uplifting your program’s maturity by focusing on continuous improvement

• Assessing the status of your incident response capability: when should you perform read-through, table-top, and red team exercises?
• How can pen-testing and vulnerability management be most effective?
• What are the challenges and benefits of CMDB from an IM perspective?
• Incident Management Systems – benefits of EDR systems, IDPS, and other managed incident strategies
• Reactive Incident response vs Proactive Incident response – how well organisation manage that and how well those tasks are defined and segregated among defensive teams

Moderator:

Chirag Joshi, Founder & CISO, 7 Rules Cyber

Panellists:

Grant Anthony, CISO, Orion Health

Andrew Meyer, Head of Information Security, NZ Super Fund

Andrew Menet, Information Security Manager, Auckland Airport

Mohammed Irfaan, HO of Cyber Security, T&G Global