Event Agenda
15th – 16th September, 2026 // Sydney, Australia
Overarching Theme: The Maturity Shift: Moving from Compliance to Resilience
| Day 1 // 15th September 2026 08:50 – 17:20 |
|
 |
08:00Registration & Coffee |
 |
08:50Opening Address |
 |
09:00Panel Discussion: Sovereign Risk: How Do We Counter the Effects of Geopolitical Volatility on ANZ Cyber Security? As global volatility intensifies, geopolitical tension has become an operational reality for Australian and New Zealand organisations. In this expert panel discussion, we explore how instability impacts our cyber security, the knock-on effect for our relationship with global vendors, and what officials and security leaders must do now to protect against future shifts in global alliances. . • How are global tensions manifesting as direct threats to Australian and New Zealand enterprise networks? • Can we identify and mitigate sovereign risk within our technology stacks and third-party partnerships? • How can the private sector better align with the ASD’s “Five Eyes” intelligence and “Secure by Design” mandates to create a collective defence? . – Dr. Tom Gao, Chief Technology and Digital Services Officer, City of Sydney – Adam Byrne, Group CSO, The Adecco Group – Amritha Shetty, Senior Manager – Technology & Cyber Security Governance Risk & Compliance, The Lottery Corporation . |
|
09:40Presentation: The New Frontline: Leveraging Cyber Intel to Mitigate Macro-Geopolitical Risks As geopolitical friction escalates, private enterprises increasingly face sophisticated nation-state threats and secondary collateral damage. This session explores how to transform macro-geopolitical insights into a proactive defence strategy. We move beyond headlines to examine how shifting international relations dictate specific cyber TTPs. By bridging the gap between global intelligence and the SOC, we empower security leaders to anticipate shifts in the threat landscape before they manifest as breaches. . • Correlate regional conflicts with specific threat actor profiles and their preferred attack vectors • Convert high-level geopolitical “noise” into high-fidelity, actionable indicators for your security team. • Translate complex global risks into clear, business-centric narratives for board-level reporting. . . |
 |
10:20Networking Break |
|
11:00Presentation: Zero-Hour Protection: Leveraging AI to Stop Breaches Before They Begin When threats evolve in milliseconds, relying on traditional signatures means waiting to be breached. In this session, we explore the shift from reactive security to a predictive, AI-driven posture designed to neutralise “Zero-Day” exploits before execution. We will examine how neural networks and behavioural analytics create a digital immune system, identifying the subtle indicators of compromise that legacy tools overlook. . • Move from pattern-matching to AI-driven detection of polymorphic malware • Implement autonomous “circuit breakers” to isolate threats instantly • Reduce false positives to focus analysts on high-value investigations . |
 |
11:30Case Study: Architecting Trust: A Case Study in AI Governance As organisations race to integrate Generative AI, the boundary between innovation and risk has never been thinner. In this case study session, our expert speaker moves beyond theoretical frameworks to provide a candid look at how a leading enterprise successfully implemented its AI governance structure. We will explore the journey from managing “Shadow AI” to establishing a robust, scalable environment that prevents data leakage whilst empowering users. . • Learn how we moved from reactive AI bans to a proactive, risk-based governance model • Hear practical techniques for monitoring and securing sensitive corporate data within third-party GenAI tools • Define the roles of Security, Legal, and IT in building a sustainable AI Oversight Committee . – Gaurav Vikash, Head of Security and Risk – APAC, Axon . |
|
12:00Presentation: The Invisible Frontline: Seeing Your Organisation Through an Adversary’s Eyes With many threats going under the radar, what you can’t see will hurt you. This session demonstrates how External Attack Surface Management (EASM) uncovers hidden vulnerabilities and shadow IT. Learn to think like a threat actor, identifying exposed digital assets and closing critical security gaps before they are exploited. . – Senior Expert, Airlock Digital . |
|
12:10Presentation: SOC 3.0: Anticipating the Future of Threat Detection and Response The Security Operations Centre is at an inflection point. While threats are becoming increasingly sophisticated and automated by Generative AI, traditional SOC models often struggle with alert fatigue, manual processes, and skills gaps. In this session, we provide a roadmap towards SOC 3.0 for security leaders to navigate this evolution, outlining the necessary changes to remain resilient against next-generation attacks. . • Implementing XDR and AI for threat prediction and autonomous response • Automate tasks to reduce alert fatigue and improve MTTD/MTTR • Benchmark SOC maturity and planning infrastructure investment for human-AI collaboration . |
 |
12:40Lunch |
|
13:40Presentation: Horizon 2: Australia’s Sovereign Response to Global Threat Shifts As we enter the second horizon of the 2023–2030 Australian Cyber Security Strategy, the regional threat landscape has shifted from theoretical risk to persistent operational pressure. This keynote outlines how the Australian Government is scaling national capabilities to protect digital sovereignty. We will explore the transition to a “whole-of-nation” resilience model, focusing on the evolution of the Six Shields. Discover how state-led initiatives are hardening critical infrastructure and fostering a coordinated defence against increasingly sophisticated state-sponsored and transnational cyber adversaries currently targeting the region. . • Hear a deep dive into the 2026–2028 priorities for scaling cyber maturity across the Australian economy • See how the government is supporting local industry to reduce dependency on high-risk vendors and secure the national supply chain • Gain insights into the latest collaborative efforts between the ASD, Home Affairs, and the private sector to disrupt threats in real-time . . |
|
14:10Presentation: Understand Your Risk Factors with Penetration Testing Whilst vulnerability assessment methods are an essential component of a robust cyber security strategy, we cannot overlook the unique benefits of penetration testing to safeguard your digital assets. Here we will highlight the value of penetration testing and other offensive security testing methods you can employ in your company to thoroughly understand your risk. . • Gain a comprehensive analysis of your security posture • Ensure compliance with requirements, such as SOCI and GDPR • Take a dynamic approach to identifying and understanding your risk factor . |
|
14:40Presentation: Orchestrating Defence: Leveraging SIEM/SOAR for Seamless IT and Security Operations Convergence This essential session explores the strategic use of SIEM and SOAR platforms to break down the silos between IT Operations and Security teams. Learn how establishing a unified operating model enhances workflows, automates repetitive tasks, and ensures security findings are remediated rapidly and effectively across the enterprise. We will detail best practices for platform integration, creating high-value automation playbooks, and maximising the return on your security technology stack. . • Transition from reactive ticketing and manual triage to a fully orchestrated defence • Designing high-impact SOAR playbooks that automate key detection and response processes • Measure and maximise the operational efficiency (ROI) of your converged security platform . . |
|
15:10Presentation: Unseen Dangers: Navigating the Cyber Security Risks of Dark Data In today’s cyber landscape, dark data has emerged as an intricate challenge, accentuated by the untapped potential of threat intelligence. While copious amounts of threat intelligence are at organizations’ disposal, many find themselves ill-equipped with the security tools needed to harness this vital information, relegating essential insights to the realm of dark data. In this session, we delve into vital technological advancements that empower organizations to embark on threat hunting within the vast expanses of dark data. . • Understand the intricacies of dark data in the cybersecurity landscape • Dive into the latest advancements, such as AI and EDR systems, for effective threat hunting • Learn about practical applications, challenges, and strategies for navigating the complexities of dark data and threat intelligence . |
|
15:40Networking Break |
 |
16:10Roundtables: T1. What Do We Do When Tech Fails? . T2. Are We Building Cloud Systems that are Too Fast to be Defended? . T3. Can We Secure Our Data in the GenAI Era? . |
|
16:50Case Study: The Employee Advantage: How We Drove Measurable Behavioural Change Through CISO-Led Security Education Despite the best efforts, the human factor remains the biggest risk factor for cyber attacks. In this CISO-led case study, our speaker demonstrates a successful transformation to an active, measurable security culture, proving that people can be your strongest defence layer. We will explore the strategic decisions used to change employee behaviour at scale. . • Devise strategies for gamification and continuous, relevant training and campaigns, using measurable behavioural change, not just click rates • Tailor content and messages for high-risk roles, ensuring there are mitigations against data loss • Hear different techniques for continuous reinforcement of good cyber hygiene practices . – Adrian Kazias, Senior Manager, Cyber Defence & Resilience, Commonwealth Superannuation Corporation . |
|
17:20Closing Remarks |
 |
17:30Drinks Reception |
| Day 2 // 16th September 2026 08:50 – 17:20 |
|
|
08:15Registration & Coffee |
|
08:50Opening Address |
|
09:00Panel Discussion: Security Vs Resilience: Are We Focusing Too Much on 'If' and Not Enough on 'When' We Will Get Breached? For a long time, we have been focused on preventative measures to keep attackers out. Yet even the most sophisticated defenses can be bypassed. The critical question facing modern leadership is no longer just how to prevent an intrusion, but how to ensure the business continues to function while under fire. In this expert panel discussion, we bring together industry leaders to debate the balance between Cyber Security (the art of prevention) and Cyber Resilience (the art of survival). . • Has our obsession with being “unhackable” actually made us more vulnerable to a total system collapse? • How do we architect systems that allow for localised failures without compromising the entire enterprise? • How do we train executives and boards to view a breach not as a binary failure of IT, but as a manageable business risk? . – Deepthi Nair, Director, Cyber Security & Information Management, Yooralla – Jess Thomas, Assistant Director, Cyber Security Engagement NSW/ACT, National Office of Cyber Security, Australian Department of Home Affairs – James Kearney, Executive Manager Cyber,Commonwealth Bank . |
|
09:40Presentation: The Double-Edged Sword: Defending Against (and With) Agentic AI In 2026, the rise of Agentic AI has fundamentally altered the cyber landscape. These autonomous systems do not merely follow scripts; they reason, adapt, and pivot, allowing adversaries to launch sophisticated, self-correcting attacks at machine speed. To survive, organisations must evolve from manual oversight to an “AI-versus-AI” defensive posture. This session explores the dual nature of agentic technology. We examine how to secure non-human identities against malicious agents while simultaneously leveraging autonomous defenders to outpace threats. Join us to learn how to integrate these powerful tools into your security architecture without sacrificing human governance or control. . • Identify and disrupt autonomous reasoning chains used by nation-state AI swarms. • Deploy autonomous agents to automate complex incident response and real-time threat hunting • Implement robust “kill switches” and guardrails to maintain oversight of your non-human workforce . |
|
10:10Networking Break |
 |
10:50Fireside Chat: Security by Design: Integrating Technology Safely into Your Enterprise Architecture Emerging technologies, including sophisticated Cloud services, AI, and distributed architectures, offer immense opportunities but simultaneously introduce profound security and compliance challenges. In this session, we address how to embed security early and proactively manage these risks. Learn how security teams can collaborate with innovation units to safeguard emerging environments, ensuring regulatory adherence is built into your enterprise architecture from the outset, turning technological evolution into a competitive advantage rather than an unmanaged liability. . • How do we create future-proof security governance frameworks that adapt to new technology? • Are there any practical methods you’ve found for safeguarding large-scale public Cloud and AI/ML adoption? • What is the best way to integrate compliance and security into the innovation and development lifecycle? . – Faz Rahman, Head of Information Security, NOW Finance . |
|
11:20Presentation: The Automated Advantage: Scaling Cyber Resilience to Outpace Sophisticated Adversaries The volume and velocity of cyber attacks have surpassed the limits of human-only intervention. To maintain a robust security posture, organisations must move beyond manual workflows and embrace an automated advantage. In this session, we explore how to scale cyber resilience by integrating intelligent automation into the core of your defensive architecture. We will examine how to transform reactive security operations into a high-velocity, self-healing ecosystem. By automating the identification, enrichment, and neutralisation of threats, security teams can effectively outpace sophisticated adversaries while reclaiming the time needed for high-level strategic threat hunting and risk management. . • Drastically reduce MTTR by automating Tier-1 incident response and containment • Eliminate alert fatigue by using intelligent filtering to prioritise high-fidelity signals over background noise • Implemente automated “playbooks” that adapt security controls in real-time based on emerging geopolitical threat intelligence . |
|
11:50 Case Study: Strengthening the Chain: A Case Study on Third-Party IT Security Assessment As we all know, your security is only as strong as its weakest link. In this case study session, our expert speaker offers a candid deep-dive into the practicalities of auditing third-party IT vendors. We will examine the transition from “tick-box” compliance to a proactive risk strategy, navigating vendor transparency and remediating critical vulnerabilities before they impact your perimeter. .
. |
|
12:20Presentation: Securing Data in the GenAI Era Explore trends in AI usage over the past few years and understand which groups are adopting AI fastest, what types of data they are inputting, and what tools they are using, both sanctioned and unsanctioned. Then pivot to how to identify and protect against sensitive data being misused with AI tooling. . |
|
12:30Presentation: Beyond the Network Edge: Implementing the 'Never Trust, Always Verify' Model The traditional network perimeter is obsolete. In this session, our expert speaker provides a practical roadmap for architecting a true Zero Trust security model, moving beyond implicit trust to explicit, continuous verification for every user, device, and workload. We will examine the strategic steps for phased implementation across hybrid environments, covering identity governance, microsegmentation, and policy enforcement.
. |
|
13:00Lunch |
|
14:00 Presentation: From Control Assurance to Consequence Management: What Actually Happens When the Controls Fail? In the high-stakes landscape of cyber security, the true test of resilience isn’t the strength of your controls, but how the organisation responds when they inevitably fail. In this session, we explore the reality of the post-failure lifecycle. Our expert speaker will take us through the transition from control assurance to consequence management, dissecting the operational, financial, and reputational fallout of security breaches. .
. |
|
14:30Fireside Chat: Security as a Shared Responsibility: Building Bridges Between IT and SecOps The disconnect between IT Operations (uptime) and Security (risk) often creates friction, delays, and critical vulnerabilities. In this session, our speaker offers a practical blueprint for transforming security into an integrated, shared responsibility across your organisation. We explore how to dismantle silos and implement a true SecOps culture. . • How do we establish unified communication and collaborative workflows, and align KPIs so both teams own cyber risk and efficiency? • What methods have you found to integrate security testing and response directly into IT deployment pipelines? • How can we train IT staff on security principles and SecOps staff on operational constraints? . – Sanja Petrovic, General Manager, Cyber Security & Governance, HUB24 . |
|
15:00Presentation: Force Multipliers: Integrating SIEM and SOAR for Rapid Incident Response In a rapidly developing threat landscape, speed is crucial. In this session, we explore the transformative power of aligning SIEM with SOAR to create a truly agile SOC. Wew will move beyond the “noise” of traditional logging, demonstrating how to bridge the gap between detection and action. We will examine a real-world implementation where automated playbooks replaced manual triage, drastically reducing MTTR. . • Learn how to turn disparate security data into a coordinated, automated defence that scales without increasing headcount. • Hear best practices for synchronising SIEM alerts with SOAR workflows for seamless incident handling • Identify key metrics and ROI indicators used to justify the investment in automated response capabilities . |
|
15:30Networking Break |
|
16:00Presentation: Securing the Future: Upskilling and Cross-Skilling as a Defence Strategy The most sophisticated security stack is ineffective without the human intelligence to drive it. In this session, we discuss the acute cyber security skills gap by shifting the focus from external recruitment to internal talent evolution. We will explore how security leaders can build resilient, high-performing teams by implementing structured upskilling and cross-skilling programmes. . • Build a roadmap for transitioning IT generalists into specialised security roles, reducing reliance on a volatile hiring market. • Identify transferable skills within IT and DevOps teams to create robust internal security pipelines • See how investing in continuous professional development reduces long-term recruitment costs and “brain drain” • Build a “security-first” mindset across the organisation through collaborative and inclusive cross-training initiatives . – Marco Figueroa, Senior Manager, Cyber Security, Risk and Compliance, Australian Institute of Company Directors . |
|
16:30Group Discussion: Breaking the Burnout Cycle: Time for a Reset? Join this interactive group discussion session with the whole audience with our expert moderator as we consider these questions. . • Why is burnout so prevalent in cyber security roles and what impact can it have on both the individual and the organisation? • What practical strategies can help to reduce burnout in cyber security? • How do we prioritise sustainability as much as resilience in our cyber security teams? • What does a burnout-resistant cyber security culture look like? . |
|
17:10Closing Remarks |
|
17:20End of Conference |
