Master of Ceremony - Keith Howard - CISO - Cyber Security & Risk - Suncorp Group.
Time
Session
Speaker
08:30 - 09:00
Arrival and Coffee
10 Shelley St, Barangaroo, Sydney
09:00 - 09:15
Acknowledgement of Country and Housekeeping
09:15 - 9:45
Security2Cure Update
Zane Jarvis
09:45 - 10:30
Keynote:
Topic Pending
10:30 - 11:00
Pending Approval
11:00 - 11:30
Morning Tea
11:30 - 12:00
What I learnt from my North Korean Penpal
"Is the DPRK (Democratic People's Republic of Korea/North Korea) Remote IT Worker campaign overhyped? Why should I care? What even is a Chollima? This rapidly evolving campaign combines insider threat, nation-state actor sophistication and financially motivated cybercrime into one big Kim Jong-Un sized threat. We will dive into recent recruitment tactics of westerners as well as the job application processes used by the DPRK and what we can learn from doing some good ol’ fashioned intelligence gathering - sliding into their Discord DMs. No idea what any of this means? Perfect, the talk will cover relevant context and history with his campaign. Got a pretty good grasp on this and other DPRK activity? Amazing, the talk will cover some newly identified infrastructure, as well as freshly changing victimology and techniques. Come and learn how you can protect yourself and your business from this unique but prevailing threat."
12:00 - 12:30
Can we do this? Learning to Say "Yes" without burning everything Down.
"As infosec folks, we’ve had it drilled into us: security comes first. We live it, breathe it, and build our kingdoms on it. We write the rules, enforce the policies, and when someone dares ask for a workaround? We scoff. When they don’t understand why MFA needs to be painful? We laugh (internally, of course). But here’s the thing, being the department of “no” doesn’t scale, and it definitely doesn’t win friends. In a world of fast-moving tech, cloud everything, and business units doing whatever they want, we need to evolve. Joining a healthcare provider has somewhat reframed my reflexes. I've had to find a way to say yes, or be OK with the least worst option. I'll share some of my experiences, challenges, successes, and security sins I've had to endure over the last 6 months."
12:30 - 13:30
Lunch
13:30 - 14:00
Cyber Insurance
Long has Cyber Insurance and Cyber security been at odds. One telling us to not worry about the risk of breach as they will cover all the costs and the other telling you that you don’t need insurance as their product, service, strategy will prevent it. We all know that neither is correct, and we need a combination of the two. The challenge organisations have is how much risk to prevent and how much to transfer to insurance. I will talk about what cyber insurance is, what are the best security controls to use and discuss what a combined product could be to help organisations get the best of both worlds.
14:00 - 14:30
Relax, it will definitely happen. Digital estate planning.
Unfortunately, death comes for us all. Having recently had too much to do with serious illness and death Alex has learned a lot about what to do and what not to do to prepare for when the inevitable happens. How can you make the process easier for your loved ones as they try to unpick the details of your digital life and move forward whilst they are in the midst of the most intensely horrible and stressful time of their lives? We do things because they are "security best practice" but often, all we're doing is putting those who love us through extra layers of pain, when all we were trying to do was show how smart and "good at security" we were. This presentation will not feature tradition "thought leadership best practice" advice. It will stick to the real world. Where things are messy and there are tears and anxiety. Relax, it definitely will happen and it's time we talked about it.