Mustafa Sadiq, Head of Cyber Security Operations, healthAlliance
During this session, NCSC’s senior representative will provide an overview on how malicious cyber activities are rapidly evolving in New Zealand, and how organisations can adopt robust cyber security measures to prevent incidents and exploitations.
Mike Jagusch, Manager Mission Enablement, National Cyber Security Centre
During the Equifax 2017 Data Breach (which exposed the sensitive information on 146 million US consumers), Graeme Payne was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was human error and technological failure. Graeme would later be identified as “the human error”. During this session, he’ll explore how the lessons learned from major cybersecurity breaches, including the Equifax 2017 Data Breach, can be applied to your company to “test and improve” your cybersecurity posture.
Graeme Payne, Author, The New Era of Cybersecurity Breaches: A Case Study and Lessons Learned (US)
Security breaches in the cloud usually don’t exploit a single misconfiguration or vulnerability but rather a toxic combination of multiple issues that in isolation wouldn’t raise a red flag given the tons of alerts security teams already get. In this session, we’ll discuss five common toxic combinations across internet exposure, identities and entitlements, software vulnerabilities, and misconfigurations that when combined represent an attacker's pathway to a breach.
Matt Preswick, Enterprise Solutions Engineer, APJ, Wiz
Colin James, GM Cybersecurity (CISO), Fletcher Building
Being a CISO is hard...allocating finite resources to an apparent infinite amount of risk is daunting to say the least. Grant debunks some of the myths in information security by suggesting we lean out and rethink our approach to common security challenges businesses face.
Grant Anthony, CISO, Orion Health
With the threat of cyber warfare becoming ever more serious, every organisation needs a “this is not a drill” cyber-first recovery plan. If cyberattackers targeted your organisation, the most likely business-crippling scenario would be a direct attack on Active Directory (AD)—the system that authenticates users and grants access to business-critical applications and services. AD has become a prime target for cybercriminals—implicated in 90% of the incidents Mandiant researchers investigate—because it has systemic vulnerabilities and because it gives attackers the means to unleash devastating malware.
The NotPetya attack that crippled Maersk in 2017 was a harbinger of the chaos to come. In this session, we’ll examine the action plan every organisation needs to execute to protect against a business-disrupting cyber incident.
Key takeaways:
CISOs committed to creating risk awareness and building a cybersecurity driven culture are facing a number of challenges, from getting senior management buy-in, to implementing organisational change and engaging employees. During this session, our panellists will share their experiences on:
Panel Moderator:
Mustafa Sadiq, Head of Cyber Security Operations, healthAlliance
Panellists:
Alistair Vickers, CISO, Tu Ora Compass Health New Zealand
Graeme Payne, Author, The New Era of Cybersecurity Breaches: A Case Study and Lessons Learned (US)
Ray Chow, Senior Manager Cyber Security Advisory, Westpac New Zealand
Join us to learn about trends and observations from thousands of cloud environments. What are the common pitfalls, How many fall into common mistakes, and which could be devastating to an organisation?
See how the cloud allows a new generation of innovation in security tools to provide better comprehensive security with complete coverage and full context.
We will show and explain how an agentless approach to cloud security can tackle these challenges and allows organisations to be fast and pragmatic about security.
Daniel Keidar, Vice President, Orca Security
Scott van Kalken, Systems Engineer, Orca Security
Roger Temple, Information Security & Infrastructure Manager, PGG Wrightson
Leverage ‘Ahead of Time’ Intelligence to Tackle Supply Chain Vulnerabilities
Open-source libraries have become an essential part of almost all modern applications. Without open-source, software development would be stuck in the slow lane. Not “reinventing the wheel” each time you need certain functionality in an app saves time and effort, and as a result, open-source isn’t going away anytime soon. If anything, it’s becoming more and more widespread. But there’s a certain amount of risk that comes with using open source components, modules, and libraries. Today, it’s increasingly important to protect yourself from these risks.
In this session, we will discuss the importance and prevalence of open-source software as well as the ways you can protect yourself from its attendant risks and licensing issues. The goal is to catch issues or threats ahead of time before they can become fatal.
Mark Priebatsch, Regional Director, Australia & New Zealand, Checkmarx
Real-life story: Bridging the cybersecurity talent gap
During this session, Ann will share her cyber security journey, how she transitioned careers from a developer background, and how that benefits her in current roles. Key discussion points:
• Bridging the talent gap - exploring opportunities to hire new talents
• Building your skills and capabilities
• “All-In-One” Diversity: drive change, fill the gap and consider more women in cybersecurity
Ann Babuji, Ambassador, New Zealand Network for Women in Security (NZNWS)
The future of email security
Three-quarters of CISOs see human error as their organisation’s biggest cyber vulnerability. What if there was a way to stop rolling the human dice every day?
Learn how organisations can leverage advanced behavioural science and automation for informed and near instantaneous decision-making on what is good and what is bad email. As well as removing the increasing burden that is placed on employees as a last line of defence.
In this session we will discuss:
Chris Partsafas, Senior Enterprise Account Manager A/NZ, Abnormal Security
Group discussion: Zero Trust – Hype or Reality?
Many organisations today are looking to Zero Trust to better protect critical assets, but struggle to cut through the jargon and marketing smoke. In this session explore how to prevent crippling breaches through proactive controls and simplify the journey to Zero Trust.
Moderator:
Hayley Morris, Manager Technology Risk & Enablement, Accident Compensation Corporation
During this session, we will discuss the risks and potential costs of ransomware attacks, and how organisations can prepare for ransomware protection and response. Join us and explore effective practices to strengthen your organisation’s resilience.
Moderators
Hinne Hettema, Cyber Operations Lead, Mainfreight
Mustafa Sadiq, Head of Cyber Security Operations, healthAlliance
During this presentation, Paul Macpherson will walk through how the Reserve Bank of New Zealand strengthened their vulnerability management capabilities over the last 18 months. Join him to learn the challenges he overcame, what he achieved, and the key considerations he would suggest to those going through a similar journey.
Paul Macpherson, CISO, Reserve Bank of New Zealand
Rudo Tagwireyi, CISO, University of Canterbury
Jason Wood, President, ISACA Auckland
Panel moderator:
Mustafa Sadiq, Head of Cyber Security Operations, healthAlliance
Panellists:
Aaron McKeown, CISO, Vector Limited
Jonathan du Preez, Information Security Manager, Meridian Energy
Matthew Ireland, Technology Strategy Manager, Alpine Energy
Mitch Farrell, Enterprise Account Manager, Wiz
Gabriel Akindeju, Managing Consulting Director & Chief Security Officer, Risk Consult
Static and siloed security tools are no longer enough to overcome modern and sophisticated attacks. With challenges going beyond what is human-scalable, enterprises must redefine their strategy through intelligent and automated tools to ensure their systems, critical data and people are protected.
Moderators:
Ross Wakelin, InfoSec Technical Lead, Airways
Austin Chamberlain, Scientist - Cyber Security, Defence Technology Agency