CISO AUCKLAND

Mustafa Sadiq, Head of Cyber Security Operations, healthAlliance

During this session, NCSC’s senior representative will provide an overview on how malicious cyber activities are rapidly evolving in New Zealand, and how organisations can adopt robust cyber security measures to prevent incidents and exploitations.

Mike Jagusch, Manager Mission Enablement, National Cyber Security Centre

During the Equifax 2017 Data Breach (which exposed the sensitive information on 146 million US consumers), Graeme Payne was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was human error and technological failure. Graeme would later be identified as “the human error”. During this session, he’ll explore how the lessons learned from major cybersecurity breaches, including the Equifax 2017 Data Breach, can be applied to your company to “test and improve” your cybersecurity posture.

Graeme Payne, Author, The New Era of Cybersecurity Breaches: A Case Study and Lessons Learned (US)

Security breaches in the cloud usually don’t exploit a single misconfiguration or vulnerability but rather a toxic combination of multiple issues that in isolation wouldn’t raise a red flag given the tons of alerts security teams already get. In this session, we’ll discuss five common toxic combinations across internet exposure, identities and entitlements, software vulnerabilities, and misconfigurations that when combined represent an attacker's pathway to a breach.

Matt Preswick, Enterprise Solutions Engineer, APJ, Wiz

• Building security from scratch – incorporating people, process, and technology into your programs
• Exploring ongoing and new threats from the transition to remote and digital
• How to encourage everybody to take ownership of security?
• Strategies to improve your teams’ skills and knowledge in IT and cybersecurity
• Exploring how innovative technologies can help your company achieve adaptability and resilience

 Colin James, GM Cybersecurity (CISO), Fletcher Building

Being a CISO is hard...allocating finite resources to an apparent infinite amount of risk is daunting to say the least. Grant debunks some of the myths in information security by suggesting we lean out and rethink our approach to common security challenges businesses face.

Grant Anthony, CISO, Orion Health

With the threat of cyber warfare becoming ever more serious, every organisation needs a “this is not a drill” cyber-first recovery plan. If cyberattackers targeted your organisation, the most likely business-crippling scenario would be a direct attack on Active Directory (AD)—the system that authenticates users and grants access to business-critical applications and services. AD has become a prime target for cybercriminals—implicated in 90% of the incidents Mandiant researchers investigate—because it has systemic vulnerabilities and because it gives attackers the means to unleash devastating malware. 
The NotPetya attack that crippled Maersk in 2017 was a harbinger of the chaos to come. In this session, we’ll examine the action plan every organisation needs to execute to protect against a business-disrupting cyber incident. 

Key takeaways:

• Cyberattack risk is real—and rising (according to the “Allianz Risk Barometer,” a global survey, cyberattacks are the #1 greatest risk that organisations face today)
• Most attacks involve gaining control of the identity system—and AD is the identity system used by 90% of businesses—so hardening AD can significantly improve security posture
• Clear and straightforward action steps you can take to reduce your AD risk profile include
• Identifying and addressing common AD security gaps
• Continuously monitoring your AD environment for evidence of in-progress attacks
• Developing a tested AD disaster recovery plan that will recover your entire AD forest to a known-secure state in hours (or minutes)

CISOs committed to creating risk awareness and building a cybersecurity driven culture are facing a number of challenges, from getting senior management buy-in, to implementing organisational change and engaging employees. During this session, our panellists will share their experiences on:

• What are the biggest challenges when getting buy-in from top management?
• How to encourage everybody to take ownership of cyber?
• Why leaders must be committed to continually improve their teams’ skills and knowledge in IT and cybersecurity – and how do to this?

Panel Moderator:

Mustafa Sadiq, Head of Cyber Security Operations, healthAlliance

Panellists:
Alistair Vickers, CISO, Tu Ora Compass Health New Zealand

Graeme Payne, Author, The New Era of Cybersecurity Breaches: A Case Study and Lessons Learned (US)

Ray Chow, Senior Manager Cyber Security Advisory, Westpac New Zealand

Join us to learn about trends and observations from thousands of cloud environments. What are the common pitfalls, How many fall into common mistakes, and which could be devastating to an organisation?
See how the cloud allows a new generation of innovation in security tools to provide better comprehensive security with complete coverage and full context.
We will show and explain how an agentless approach to cloud security can tackle these challenges and allows organisations to be fast and pragmatic about security.

Daniel Keidar, Vice President, Orca Security

Scott van Kalken, Systems Engineer, Orca Security

• A changing global privacy landscape - where does NZ sit?
• Culture of change – how do we change the mindset on data privacy?
• How are you handling it? Do you organisations have the right approach to data privacy?
• Implementing systems and processes that reduce overcollection

Roger Temple, Information Security & Infrastructure Manager, PGG Wrightson

• Engagement and building profile
• NIST Cyber Security Framework alignment as a useful benchmark to measure capability maturity
• Measuring effective metrics to enable confidence and support
• Driving a business-focused governance committee to challenge and advocate for improved security outcomes

Leverage ‘Ahead of Time’ Intelligence to Tackle Supply Chain Vulnerabilities
Open-source libraries have become an essential part of almost all modern applications. Without open-source, software development would be stuck in the slow lane. Not “reinventing the wheel” each time you need certain functionality in an app saves time and effort, and as a result, open-source isn’t going away anytime soon. If anything, it’s becoming more and more widespread. But there’s a certain amount of risk that comes with using open source components, modules, and libraries. Today, it’s increasingly important to protect yourself from these risks. 
 
In this session, we will discuss the importance and prevalence of open-source software as well as the ways you can protect yourself from its attendant risks and licensing issues. The goal is to catch issues or threats ahead of time before they can become fatal.

Mark Priebatsch, Regional Director, Australia & New Zealand, Checkmarx

Real-life story: Bridging the cybersecurity talent gap 
During this session, Ann will share her cyber security journey, how she transitioned careers from a developer background, and how that benefits her in current roles. Key discussion points:
•    Bridging the talent gap - exploring opportunities to hire new talents
•    Building your skills and capabilities 
•    “All-In-One” Diversity: drive change, fill the gap and consider more women in cybersecurity

Ann Babuji, Ambassador, New Zealand Network for Women in Security (NZNWS)

The future of email security

Three-quarters of CISOs see human error as their organisation’s biggest cyber vulnerability. What if there was a way to stop rolling the human dice every day?

Learn how organisations can leverage advanced behavioural science and automation for informed and near instantaneous decision-making on what is good and what is bad email. As well as removing the increasing burden that is placed on employees as a last line of defence.

In this session we will discuss:

• Account takeover techniques and measures that can be taken to help protect against them
• New insights and controls over protecting against supply chain attacks
• The accuracy of advanced behavioural data science in identifying anomalous behaviour

 Chris Partsafas, Senior Enterprise Account Manager A/NZ, Abnormal Security

Group discussion: Zero Trust – Hype or Reality?
Many organisations today are looking to Zero Trust to better protect critical assets, but struggle to cut through the jargon and marketing smoke. In this session explore how to prevent crippling breaches through proactive controls and simplify the journey to Zero Trust.

Moderator:
Hayley Morris, Manager Technology Risk & Enablement, Accident Compensation Corporation

During this session, we will discuss the risks and potential costs of ransomware attacks, and how organisations can prepare for ransomware protection and response. Join us and explore effective practices to strengthen your organisation’s resilience.

Moderators
Hinne Hettema, Cyber Operations Lead, Mainfreight

• Creating efficient risk assessment, monitoring and response processes
• Refining the enterprise’s risk metrics to identify hidden and complex exploit points
• Improving cyber risk management performance through effective governance
  
  

Mustafa Sadiq, Head of Cyber Security Operations, healthAlliance

During this presentation, Paul Macpherson will walk through how the Reserve Bank of New Zealand strengthened their vulnerability management capabilities over the last 18 months. Join him to learn the challenges he overcame, what he achieved, and the key considerations he would suggest to those going through a similar journey.

Paul Macpherson, CISO, Reserve Bank of New Zealand

• Exploring opportunities to develop new talents
• Investing in your teams’ skills and capabilities
• Strengthening security strategies through your most valuable asset – people
• “All-In-One” Diversity: drive change, fill the gap and achieve goals

 Rudo Tagwireyi, CISO, University of Canterbury

• Explore some global regulator expectations focused on New Zealand and Australia through the eyes of cybersecurity legislation
• Explore challenges faced by companies trying to address common third-party information cybersecurity risks
• Understand control frameworks that address how to mitigate or minimise the information cybersecurity risks
• Future-proof cybersecurity posture and implement continuous assessments

Jason Wood, President, ISACA Auckland

• IoT
• Block chain
• Quantum computing

• Understanding how IT is converging with OT and how to protect them in the network
• How to overcome the increase of cyber risk to industrial control?
• Adopting cybersecurity strategies across your ICT (industry control systems)
• Key cybersecurity considerations of networks, IoT devices security, mobile and the cloud 

Panel moderator:
Mustafa Sadiq, Head of Cyber Security Operations, healthAlliance

Panellists:
Aaron McKeown, CISO, Vector Limited
Jonathan du Preez, Information Security Manager, Meridian Energy 
Matthew Ireland, Technology Strategy Manager, Alpine Energy

Mitch Farrell, Enterprise Account Manager, Wiz

• Could security drive value creation and protection of created value? If yes, how?
• Could security professionals drive effective and efficient security investment strategies? If yes, how?
• Is there a way to harmonise Technology Risk Management and Security Strategies, as well as Security Operations, into a unified Value Management Strategies?

Gabriel Akindeju, Managing Consulting Director & Chief Security Officer, Risk Consult

• How AI is being used in cybersecurity now and in the future
• What trends are we looking from a security perspective?
• Understanding the risks and implications of offensive AI and how it will change our threat landscape
• How CISOs can be prepared for potential risks
• Strategies to use AI in cyber defense

Static and siloed security tools are no longer enough to overcome modern and sophisticated attacks. With challenges going beyond what is human-scalable, enterprises must redefine their strategy through intelligent and automated tools to ensure their systems, critical data and people are protected.

Moderators:

Ross Wakelin, InfoSec Technical Lead, Airways

Austin Chamberlain, Scientist - Cyber Security, Defence Technology Agency