Master of Ceremony - Keith Howard - CISO - Cyber Security & Risk - Suncorp Group.
Time
Session
Speaker
08:30 - 09:00
Arrival and Coffee
80 Ann St, (Heritage Lanes), Brisbane
09:00 - 09:15
Acknowledgement of Country and Housekeeping
09:15 - 9:45
Security2Cure Update
Zane Jarvis
09:45 - 10:30
Keynote: How to socially engineer compliance for your security program
In the world of cybersecurity, social engineering is often seen as a threat vector; a tool used by attackers to exploit human psychology. But what if we turned that tactic on its head? This talk explores how principles of social engineering and behavioural science, particularly nudge theory, can be harnessed to drive meaningful engagement and compliance within your security program. We'll dive into the psychology behind decision-making, examine how subtle environmental and cultural cues can shift user behaviour, and outline practical strategies for achieving normative compliance. Whether you're launching a new policy or trying to reduce shadow IT, this session will equip you with a smarter, more human-centred approach to influencing security culture.
10:30 - 11:00
​How I Learned to Stop Worrying and Love Third Party Cyber Security Incidents
Third party cyber security incidents are like a hot potato - no one wants to deal with them. But they are, in fact, a gift for internal incident response teams. Not only are they an opportunity to develop and hone incident management skills, but even more importantly, they give you the means to establish your place in the organisation as a trusted and reliable incident management function. I’ll talk about my experiences using third party security incidents as a way to uplift internal incident response capability.
11:00 - 11:30
Morning Tea
11:30 - 12:00
Burnout in Cybersecurity – How Anarchism may help you
"Burnout has been on the rise for the last 15 years. Given the challenges in cybersecurity, regardless if you are a Pentester, Analyst, Engineer, PM, Consultant, Risk or Team Manager you will have been under stress. This talk investigates what takes people from stress to burnout, and how questioning assumed or real authority and adopting an anarchist community approach can help prevent and recover from it. The talk will demystify what burnout is and what it isn’t. It will describe the factors contributing to burnout, symptoms that can be observed by yourself and others, and will include real examples from myself and other people who went through rehabilitation with some recovering and some not. There will be real life examples of the mental and physical connection and what weird and astonishing forms this can take. Examples: Some very fit people couldn’t cycle 200m when burned out, an architect could work for 5 minutes and then couldn’t do primary school level calculations anymore, some weren’t able to remember triple digit numbers for 3 seconds, etc. I’ll start with a content warning as some examples can be distressing as the talk shows people at the end of their strength and who subsequently hit emotional and physical rock bottom. What people will take home is a better understanding of their own reactions to stress and potential burnout, learn how to look out for warning signs in their colleagues, team members, and managers, and learn how some anarchist principles can be used for good. The principles include questioning authority, mutual aid, self-management, and mutual decision making – sounds almost like the original agile spirit. I’ll end on a hopeful note and with some work and management practices that support people long term."
12:00 - 12:30
Best practices for containing AWS resources during incident response
Learn best practices for implementing isolation controls for AWS resources and accounts during security events. Through practical scenarios, discover effective approaches for isolating Amazon EC2 instances, AWS Lambda functions, and Amazon ECS containers. Explore comprehensive strategies for account-level isolation including identity, resource, and network controls. This session provides guidance on implementing isolation controls as part of your response procedures. Leave with actionable patterns for strengthening your AWS incident response capabilities.
12:30 - 13:30
Lunch
13:30 - 14:00
Nanotechnology for early and precise monitoring of cancer and the
human immune system.
Nanotechnology is the study of very small structures which cannot be detected by the human eye alone. It forms part of many objects and materials used by people every day but also provides a key advantage in biomedical research and diagnostics. Nanotechnology has revolutionised the sensitive and precise tracking of small molecules that are strongly influential in the development of diseases like cancer, providing better alternatives for cancer detection, tumour differentiation and treatment monitoring. Its benefits have also spilled over into deepening the understanding of the respiratory infection COVID-19 and long-COVID. Specifically, it has helped clarify the role of the human immune system in patients with different infection severity alongside the later effects of the lingering virus on potential heart damage. Despite these striking discoveries, these diagnostics still need further development to make them more bedside applicable and accessible to various people across the country.
14:00 - 14:30
Be a better manager by observing the bad ones
My experience from being in the military where you are taught to lead and then how that is applied to the corporate roles I've been in. The pros and cons and what is missing from both. How organizations no matter the size can equip their people better which drives better culture.