ANZ Summit
Virtual Summit February 16 - 17, 2022
Organizations from Australia and New Zealand have been dealing with the biggest cyber-attacks in 2021, falling victim to hackers from around the globe. The region saw increased ransomware, crypto mining, phishing, and supply chain attacks, along with massive data leaks and expensive ransomware pay-outs targeting large and medium enterprises. As CISOs continue to modernize their security program to adapt to the changes and changing threat landscape, the governments of Australia and New Zealand have evolved a comprehensive strategy, a Ransomware Action Plan to help tackle this challenge. Join our summit to gain insights from the cybersecurity thought leaders on the key aspects of 'zero trust', IAM, Ransomware, privacy, fraud, payments, IoT, cryptocurrency, endpoint protection, cloud security, and more that help you build better cybersecurity resilient enterprise in 2022.
ISMG's geo-targeted, industry-specific, and topic-driven agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Dr. Tim Nedyalkov
Technology Information Security Officer
Commonwealth Bank of Australia
Vidhu Bhardwaj
Lecturer – Networking & Cybersecurity
South Metropolitan TAFE
Dr. Siva Sivasubramanian
CISO
Optus
Amit Chaubey
Deputy Chair-AISA Sydney & Head-Cyber Risk & Compliance
Ausgrid
Tom Daniewski
CISO
Federal Court of Australia
David Geber
Head of Information Security
AUB Group
Daniel Pludek
Global CTO
Kip McGrath
John Kindervag
Senior Vice President-Cybersecurity Strategy
ON2IT
Vrijesh Pandey
Former Senior Director-Global Network and Security Operations
Singtel
Geetha Nandikotkur
Managing Editor & Conference Chair, Asia & Middle East
ISMG
Gabriel T. Akindeju
CISO
Waikato District Health Board
Nicki Doble
Executive Technology Adviser
Cover-More Group
Paul Prokop
Enterprise Security Engineer
LogRhythm
Jo Stewart Rattray
Vice President-Communities and CISO
Silver Chain Group
Dirk Hodgson
Director-Cybersecurity
NTT Ltd
Krishnamohan Kasi
Vice President, Business and IT audits
BNP Paribas
Kasi is vice president, business and IT audit with BNP Paribas. He has 20 years of experience driving various initiatives across multiple cybersecurity domains. He effectively brings together strategic business goals, security frameworks, tools, technology, and teams with special focus...
Suparna Goswami
Associate Editor
ISMG
Ram Vaidyanathan
Cybersecurity expert
ManageEngine, a division of Zoho Corporation Pty Ltd.
Tony Jarvis
Director of Enterprise Security (APJ)
Darktrace
View Agenda
Keynote: Establishing a Secure Digital Future in 2022: Are Enterprises on the Right Track?

The enterprises across Australia and New Zealand are encouraged to invest in the infrastructure needed to build a secure and robust platform for business transformation and support the digital economy. Given the increased cyberattacks that the region witnessed in 2021, security practitioners have a massive task in securing their digital future. 

The keynote discusses if enterprises are ready to face new challenges, and, 

  • Emerging cybersecurity challenges in the region 
  • Equipping enterprise security with the right tools and technologies 
  • Building a comprehensive enterprise cybersecurity strategy 
  • 09:30 AM
  • 09:59 AM
Plenary: Winning Your Cyberwar With Zero Trust
John Kindervag, Senior Vice President-Cybersecurity Strategy, ON2IT

’Zero trust’ revolutionizes network security architecture: it is data-centric and designed to stop data breaches. The ‘zero trust’ concept also adds a layer of agility to modern networks that is impossible to do in traditional network designs. These 21st-century networks have been adopted by government entities and large enterprises worldwide.  

In this plenary session, John will discuss: 

  • Why ‘zero trust’ concept is a critical part of your cybersecurity strategy
  • How to achieve your tactical and operational goals with ‘zero trust’ 
  • Demonstrate how ‘zero trust will not only transform your network security but function as a business enabler, by focusing on the top business objectives 
John  Kindervag
  • 09:45 AM
  • 10:14 AM
  • 10:15 AM
  • 10:44 AM
Track A
Paul  Prokop
Tech Spotlight: Building an Effective Security Program with Limited Resources
Paul Prokop, Enterprise Security Engineer, LogRhythm

Some organizations have a 24x7 security operations center (SOC) with teams of dedicated analysts monitoring for threats around the clock, while some organizations are deep in the trenches of building out their security program. Whether you have a formal SOC, are in the weeds of building or optimizing your security program, the desired outcome to detect and respond to threats fast remains. 

The session will discuss:

  • Best practices for an effective security program 
  • 7 steps to building a successful security program with limited resources  
  • How a NextGen SIEM solution is the ideal technology for building a SOC    
  • 10:15 AM
  • 10:44 AM
Track B
Tony Jarvis
Tech Spotlight: Stopping Ransomware with Autonomous Response
Tony Jarvis, Director of Enterprise Security (APJ), Darktrace

New strains of ransomware are leaving organizations vulnerable, and security teams often cannot respond proportionately to an attack, leading to cyber disruption across the organization.  
Join Tony Jarvis, Darktrace’s Director of Enterprise Security (APJ), as he unpacks some of today’s most advanced ransomware threats. Learn how Self-Learning AI understands the organization to reveal every stage of a ransomware attack – and takes targeted, autonomous action to stop the threat in its tracks.

This presentation will discuss:
· Recent ransomware threat trends, including double extortion and RDP attacks
· How "Autonomous Response" takes action to contain an emerging attack, even when security teams are out of office
· Real-world examples of ransomware detected– including a zero-day witnessed recently

Applying Right Defenses in Fighting Ransomware Attacks
Ram Vaidyanathan, Cybersecurity expert, ManageEngine, a division of Zoho Corporation Pty Ltd.

Ransomware attacks are becoming all-pervasive across organizations not limited to any region. The security teams need to be conscious of the five stages of its attack pattern—be it initial exploitation, installation, backup destruction, encryption, and extortion. What are some of the tactics attackers use to accomplish the goals, and what are some effective defense techniques security teams need to adopt in fighting ransomware intrusions?

The session will discuss:

  • Elaborating the five-stage ransomware exploitation process
  • A proactive response to ransomware attacks
  • Applying the right defense techniques in detecting and protecting from such attacks
Ram  Vaidyanathan
  • 10:45 AM
  • 11:14 AM
  • 11:30 AM
  • 11:59 AM
Track A
Tom  Daniewski
How to Build a Proactive Cyber Crisis Management Plan against Attacks?
Tom Daniewski, CISO, Federal Court of Australia

Security leaders say that effective cyber crisis management is primarily a proactive approach to building enterprise resiliency. The strategy to make the resiliency align the security, data protection, and tools with business priorities and enterprise risks. Do you agree that security teams need to build better resonance with regulations, frameworks, standards, controls, and threats for effective cyber crisis management? How do you make that empathy, alignment, trust, and collaborative environment and integrate with people, process, and technology to prepare for the crisis?  

The session will discuss:  

  • How to build an advance cyber defense against anticipatory attacks
  • What kind of tools and technologies can be used in preparing for your defenses
  • How do CISOs orchestration the cyber crisis management plan 
  • 11:30 AM
  • 11:59 AM
Track B
Daniel  Pludek
Jo  Stewart Rattray
Two-Way Street: A Cybersecurity Debate between CTO vs. CISO-Where is the Disagreement?
Daniel Pludek , Global CTO, Kip McGrath
Jo Stewart Rattray, Vice President-Communities and CISO, Silver Chain Group

Almost all CISOs across regions have a single most significant challenge of getting the necessary funding to support their cybersecurity programs. Are security leaders creating value for business and part of technology innovation?: Is the CTO function aligned with security in driving innovation? Meeting the Expectations. Where is the Disconnect? 

The session discusses how to get a CTO and the CISO on a common goal to facilitate the continued success of their organization. Where is the disconnect?

  • 12:00 PM
  • 12:29 PM
Track A
Gabriel  T. Akindeju
Building a Strategic Risk Model to Drive Business Value
Gabriel T. Akindeju, CISO, Waikato District Health Board

As CISOs, we play key bridging roles between corporate leadership at the very senior levels, and the security organisation.  We need to be able to see the bigger picture and link that to the everyday realities of security and other IS professionals that are the engine room of the enterprise.  It is a very delicate balancing act.  How then, do we maintain this balance and ensure we do not get lost in the details and yet be able to maintain the integrity of the profession?  This calls for a paradigm shift in how we manage technology related business risk.  We need to evolve a strategic value risk model that provides business value and enables optimization of risk profile, maximization of risk posture, improves agility and maximisation of the efficiencies of key controls across the enterprise. 

The session will discuss:  

  • Could security professionals define, maintain, and deliver effective Security Strategy? If yes, how?  
  • Is there a way to harmonize risk management and security strategies, as well as security operations, into a unified value management strategy?  
  •  Could security drive value creation and protection of created value? If yes, how?  
  • 12:00 PM
  • 12:29 PM
Track B
Vidhu  Bhardwaj
How to Maintain Security when Machines Interact with Each Other
Vidhu Bhardwaj, Lecturer – Networking & Cybersecurity, South Metropolitan TAFE

When striking a deal in person or with  a third-party, we often ask for a documented agreement that can assist in maintaining confidentiality, integrity, and availability of the systems and infrastructure. The biggest challenge for CISO today is to establish security when the machines are talking to each other and also in a siloed environment, especially because of the relentless surge in cyberattacks against the systems and networks.

The session will discuss how to establish and maintain security when communication is happening over the network and:  

  • Bridging the network security gaps
  • Use of the right technologies and tools to establish security
  • Mechanics of maintaining the network Security-Use case scenario
  • 12:45 PM
  • 01:14 PM
Track A
Amit Chaubey
Supply Chain Attacks: Are Enterprises Able to Detect and Respond?
Amit Chaubey, Deputy Chair-AISA Sydney & Head-Cyber Risk & Compliance , Ausgrid

We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider that cannot be ruled out as it is a significant intrusion of the entire ecosystem. The supply chain attacks ushers in the risk: supplier vulnerabilities which the common cause of compromise. Keeping a watchful eye on suppliers' security status – always knowing the risks they bring in – is an essential part of building resilience and response. 

The session will discuss: 

  • How to respond to software-associated supply chain attacks?
  •  Intersection of DevOps and security 
  • Security by design approach to secure software applications and evaluating the third-party products 
  • 12:45 PM
  • 01:14 PM
Track B
Dr. Tim  Nedyalkov
Krishnamohan  Kasi
Vrijesh Pandey
Demystifying SASE: A Practitioner's Approach to Secure the Hybrid Workforce
Dr. Tim Nedyalkov , Technology Information Security Officer , Commonwealth Bank of Australia
Krishnamohan Kasi, Vice President, Business and IT audits, BNP Paribas
Vrijesh Pandey, Former Senior Director-Global Network and Security Operations, Singtel

The need for enhanced business agility and secure remote access to support digital transformation has led to adopting the secure access service edge, or SASE, model among enterprises, the phrase coined by Gartner in 2019.  
Some say CISOs now don't have to procure individual discrete security solutions and tie them into the network security layer; instead, they can source from one logical place using the SASE security model. What kind of changes do you need to bring in the operational procedures to take advantage of the centralized control that SASE drives?  

The session will discuss:  

  • Factors to consider in the SASE adoption;  
  • Is SASE a rip and replace approach; how to leverage existing security investment
  • The biggest roadblock in implementing SASE
  • 01:15 PM
  • 01:29 PM
Track A
Dr. Siva  Sivasubramanian
Lessons from Log4j's Zero-Day Vulnerability: Effective Mitigation Techniques
Dr. Siva Sivasubramanian, CISO, Optus

For many security teams, it's been all hands-on deck since the Apache Log4j zero-day vulnerability recently came to light. The vulnerability, CVE-2021-44228, is part of the open-source Log4j 2 software library. Its component, used for logging events, is part of tens of thousands of deployed applications and cloud-based services affecting organizations across geographies.

Experts say that the security threat posed by the bug is "about as serious as it gets," and organizations are now racing to try and identify their risks and exposure levels.

The session will discuss:  

  • The modus operandi of such vulnerabilities
  • Lessons for CISOs from this incident
  • Cybersecurity response and risk mitigation techniques
  • 01:15 PM
  • 01:29 PM
Track B
How to Establish an Effective Risk-Based Discussion with the Board

Building relationships with business unit leaders and driving a practical risk-based discussion with the board is critical in making informed risk decisions. Experts say there is an order of magnitude difference between the number of top- and bottom-performing CISOs who meet with these higher-impact stakeholders frequently.

The daunting task for CISOs is the uncertainty around the reporting of significant risks, including just what represents a 'significant' risk, which challenges many organizations today. Can you question the management and boards regarding how strategy affects risk and vice versa and their best approach to risk and discuss risk management in a meaningful and productive way?

The session will discuss:

  • Criteria for integrating risk information into decision making
  • Educating and evaluating of board members to measure strategic decisions on a risk parameter
  • Use case scenario to understand risk appetite and value at risk
Stop the Ransomware Menace: Bridging Backup Gaps
Dirk Hodgson, Director-Cybersecurity, NTT Ltd
David Geber, Head of Information Security, AUB Group

Defending against ransomware attacks has been a massive challenge for CISOs. With enterprise backups becoming targets for cybercriminals, it has further intensified. It has escalated further.
In ransomware attacks, cybercriminals attack through the backups because they know that security practitioners rely on backups to save themselves after a ransomware attack. Questions also raise around the recovery and response process capabilities. 
What needs to change as CISOs experience increasing hacking burnout in preventing such malware intrusions? Can they operationalize technology in their prevention and incidence response mechanism to address ransomware issues?

The panel will discuss:

  • Building an effective incidence response and investigation mechanism 
  • How do deal with recovery response process in the event of an attack 
  • Taking a tactical and strategic approach to battling ransomware and protecting backups
Dirk Hodgson
David Geber
  • 01:30 PM
  • 01:59 PM

Organizations from Australia and New Zealand have been dealing with the biggest cyber-attacks in 2021, falling victim to hackers from around the globe. The region saw increased ransomware, crypto mining, phishing, and supply chain attacks, along with massive data leaks and expensive ransomware pay-outs targeting large and medium enterprises. As CISOs continue to modernize their security program to adapt to the changes and changing threat landscape, the governments of Australia and New Zealand have evolved a comprehensive strategy, a Ransomware Action Plan to help tackle this challenge. Join our summit to gain insights from the cybersecurity thought leaders on the key aspects of 'zero trust', IAM, Ransomware, privacy, fraud, payments, IoT, cryptocurrency, endpoint protection, cloud security, and more that help you build better cybersecurity resilient enterprise in 2022.
ISMG's geo-targeted, industry-specific, and topic-driven agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Dr. Tim Nedyalkov
Technology Information Security Officer
Commonwealth Bank of Australia
Vidhu Bhardwaj
Lecturer – Networking & Cybersecurity
South Metropolitan TAFE
Dr. Siva Sivasubramanian
CISO
Optus
Amit Chaubey
Deputy Chair-AISA Sydney & Head-Cyber Risk & Compliance
Ausgrid
Tom Daniewski
CISO
Federal Court of Australia
David Geber
Head of Information Security
AUB Group
Daniel Pludek
Global CTO
Kip McGrath
John Kindervag
Senior Vice President-Cybersecurity Strategy
ON2IT
Vrijesh Pandey
Former Senior Director-Global Network and Security Operations
Singtel
Geetha Nandikotkur
Managing Editor & Conference Chair, Asia & Middle East
ISMG
Gabriel T. Akindeju
CISO
Waikato District Health Board
Nicki Doble
Executive Technology Adviser
Cover-More Group
Paul Prokop
Enterprise Security Engineer
LogRhythm
Jo Stewart Rattray
Vice President-Communities and CISO
Silver Chain Group
Dirk Hodgson
Director-Cybersecurity
NTT Ltd
Krishnamohan Kasi
Vice President, Business and IT audits
BNP Paribas
Kasi is vice president, business and IT audit with BNP Paribas. He has 20 years of experience driving various initiatives across multiple cybersecurity domains. He effectively brings together strategic business goals, security frameworks, tools, technology, and teams with special focus...
Suparna Goswami
Associate Editor
ISMG
Ram Vaidyanathan
Cybersecurity expert
ManageEngine, a division of Zoho Corporation Pty Ltd.
Tony Jarvis
Director of Enterprise Security (APJ)
Darktrace

View Agenda
Keynote: Establishing a Secure Digital Future in 2022: Are Enterprises on the Right Track?

The enterprises across Australia and New Zealand are encouraged to invest in the infrastructure needed to build a secure and robust platform for business transformation and support the digital economy. Given the increased cyberattacks that the region witnessed in 2021, security practitioners have a massive task in securing their digital future. 

The keynote discusses if enterprises are ready to face new challenges, and, 

  • Emerging cybersecurity challenges in the region 
  • Equipping enterprise security with the right tools and technologies 
  • Building a comprehensive enterprise cybersecurity strategy 
  • 09:30 AM
  • 09:59 AM
Plenary: Winning Your Cyberwar With Zero Trust
John Kindervag, Senior Vice President-Cybersecurity Strategy, ON2IT

’Zero trust’ revolutionizes network security architecture: it is data-centric and designed to stop data breaches. The ‘zero trust’ concept also adds a layer of agility to modern networks that is impossible to do in traditional network designs. These 21st-century networks have been adopted by government entities and large enterprises worldwide.  

In this plenary session, John will discuss: 

  • Why ‘zero trust’ concept is a critical part of your cybersecurity strategy
  • How to achieve your tactical and operational goals with ‘zero trust’ 
  • Demonstrate how ‘zero trust will not only transform your network security but function as a business enabler, by focusing on the top business objectives 
John  Kindervag
  • 09:45 AM
  • 10:14 AM
  • 10:15 AM
  • 10:44 AM
Track A
Paul  Prokop
Tech Spotlight: Building an Effective Security Program with Limited Resources
Paul Prokop, Enterprise Security Engineer, LogRhythm

Some organizations have a 24x7 security operations center (SOC) with teams of dedicated analysts monitoring for threats around the clock, while some organizations are deep in the trenches of building out their security program. Whether you have a formal SOC, are in the weeds of building or optimizing your security program, the desired outcome to detect and respond to threats fast remains. 

The session will discuss:

  • Best practices for an effective security program 
  • 7 steps to building a successful security program with limited resources  
  • How a NextGen SIEM solution is the ideal technology for building a SOC    
  • 10:15 AM
  • 10:44 AM
Track B
Tony Jarvis
Tech Spotlight: Stopping Ransomware with Autonomous Response
Tony Jarvis, Director of Enterprise Security (APJ), Darktrace

New strains of ransomware are leaving organizations vulnerable, and security teams often cannot respond proportionately to an attack, leading to cyber disruption across the organization.  
Join Tony Jarvis, Darktrace’s Director of Enterprise Security (APJ), as he unpacks some of today’s most advanced ransomware threats. Learn how Self-Learning AI understands the organization to reveal every stage of a ransomware attack – and takes targeted, autonomous action to stop the threat in its tracks.

This presentation will discuss:
· Recent ransomware threat trends, including double extortion and RDP attacks
· How "Autonomous Response" takes action to contain an emerging attack, even when security teams are out of office
· Real-world examples of ransomware detected– including a zero-day witnessed recently

Applying Right Defenses in Fighting Ransomware Attacks
Ram Vaidyanathan, Cybersecurity expert, ManageEngine, a division of Zoho Corporation Pty Ltd.

Ransomware attacks are becoming all-pervasive across organizations not limited to any region. The security teams need to be conscious of the five stages of its attack pattern—be it initial exploitation, installation, backup destruction, encryption, and extortion. What are some of the tactics attackers use to accomplish the goals, and what are some effective defense techniques security teams need to adopt in fighting ransomware intrusions?

The session will discuss:

  • Elaborating the five-stage ransomware exploitation process
  • A proactive response to ransomware attacks
  • Applying the right defense techniques in detecting and protecting from such attacks
Ram  Vaidyanathan
  • 10:45 AM
  • 11:14 AM
  • 11:30 AM
  • 11:59 AM
Track A
Tom  Daniewski
How to Build a Proactive Cyber Crisis Management Plan against Attacks?
Tom Daniewski, CISO, Federal Court of Australia

Security leaders say that effective cyber crisis management is primarily a proactive approach to building enterprise resiliency. The strategy to make the resiliency align the security, data protection, and tools with business priorities and enterprise risks. Do you agree that security teams need to build better resonance with regulations, frameworks, standards, controls, and threats for effective cyber crisis management? How do you make that empathy, alignment, trust, and collaborative environment and integrate with people, process, and technology to prepare for the crisis?  

The session will discuss:  

  • How to build an advance cyber defense against anticipatory attacks
  • What kind of tools and technologies can be used in preparing for your defenses
  • How do CISOs orchestration the cyber crisis management plan 
  • 11:30 AM
  • 11:59 AM
Track B
Daniel  Pludek
Jo  Stewart Rattray
Two-Way Street: A Cybersecurity Debate between CTO vs. CISO-Where is the Disagreement?
Daniel Pludek , Global CTO, Kip McGrath
Jo Stewart Rattray, Vice President-Communities and CISO, Silver Chain Group

Almost all CISOs across regions have a single most significant challenge of getting the necessary funding to support their cybersecurity programs. Are security leaders creating value for business and part of technology innovation?: Is the CTO function aligned with security in driving innovation? Meeting the Expectations. Where is the Disconnect? 

The session discusses how to get a CTO and the CISO on a common goal to facilitate the continued success of their organization. Where is the disconnect?

  • 12:00 PM
  • 12:29 PM
Track A
Gabriel  T. Akindeju
Building a Strategic Risk Model to Drive Business Value
Gabriel T. Akindeju, CISO, Waikato District Health Board

As CISOs, we play key bridging roles between corporate leadership at the very senior levels, and the security organisation.  We need to be able to see the bigger picture and link that to the everyday realities of security and other IS professionals that are the engine room of the enterprise.  It is a very delicate balancing act.  How then, do we maintain this balance and ensure we do not get lost in the details and yet be able to maintain the integrity of the profession?  This calls for a paradigm shift in how we manage technology related business risk.  We need to evolve a strategic value risk model that provides business value and enables optimization of risk profile, maximization of risk posture, improves agility and maximisation of the efficiencies of key controls across the enterprise. 

The session will discuss:  

  • Could security professionals define, maintain, and deliver effective Security Strategy? If yes, how?  
  • Is there a way to harmonize risk management and security strategies, as well as security operations, into a unified value management strategy?  
  •  Could security drive value creation and protection of created value? If yes, how?  
  • 12:00 PM
  • 12:29 PM
Track B
Vidhu  Bhardwaj
How to Maintain Security when Machines Interact with Each Other
Vidhu Bhardwaj, Lecturer – Networking & Cybersecurity, South Metropolitan TAFE

When striking a deal in person or with  a third-party, we often ask for a documented agreement that can assist in maintaining confidentiality, integrity, and availability of the systems and infrastructure. The biggest challenge for CISO today is to establish security when the machines are talking to each other and also in a siloed environment, especially because of the relentless surge in cyberattacks against the systems and networks.

The session will discuss how to establish and maintain security when communication is happening over the network and:  

  • Bridging the network security gaps
  • Use of the right technologies and tools to establish security
  • Mechanics of maintaining the network Security-Use case scenario
  • 12:45 PM
  • 01:14 PM
Track A
Amit Chaubey
Supply Chain Attacks: Are Enterprises Able to Detect and Respond?
Amit Chaubey, Deputy Chair-AISA Sydney & Head-Cyber Risk & Compliance , Ausgrid

We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider that cannot be ruled out as it is a significant intrusion of the entire ecosystem. The supply chain attacks ushers in the risk: supplier vulnerabilities which the common cause of compromise. Keeping a watchful eye on suppliers' security status – always knowing the risks they bring in – is an essential part of building resilience and response. 

The session will discuss: 

  • How to respond to software-associated supply chain attacks?
  •  Intersection of DevOps and security 
  • Security by design approach to secure software applications and evaluating the third-party products 
  • 12:45 PM
  • 01:14 PM
Track B
Dr. Tim  Nedyalkov
Krishnamohan  Kasi
Vrijesh Pandey
Demystifying SASE: A Practitioner's Approach to Secure the Hybrid Workforce
Dr. Tim Nedyalkov , Technology Information Security Officer , Commonwealth Bank of Australia
Krishnamohan Kasi, Vice President, Business and IT audits, BNP Paribas
Vrijesh Pandey, Former Senior Director-Global Network and Security Operations, Singtel

The need for enhanced business agility and secure remote access to support digital transformation has led to adopting the secure access service edge, or SASE, model among enterprises, the phrase coined by Gartner in 2019.  
Some say CISOs now don't have to procure individual discrete security solutions and tie them into the network security layer; instead, they can source from one logical place using the SASE security model. What kind of changes do you need to bring in the operational procedures to take advantage of the centralized control that SASE drives?  

The session will discuss:  

  • Factors to consider in the SASE adoption;  
  • Is SASE a rip and replace approach; how to leverage existing security investment
  • The biggest roadblock in implementing SASE
  • 01:15 PM
  • 01:29 PM
Track A
Dr. Siva  Sivasubramanian
Lessons from Log4j's Zero-Day Vulnerability: Effective Mitigation Techniques
Dr. Siva Sivasubramanian, CISO, Optus

For many security teams, it's been all hands-on deck since the Apache Log4j zero-day vulnerability recently came to light. The vulnerability, CVE-2021-44228, is part of the open-source Log4j 2 software library. Its component, used for logging events, is part of tens of thousands of deployed applications and cloud-based services affecting organizations across geographies.

Experts say that the security threat posed by the bug is "about as serious as it gets," and organizations are now racing to try and identify their risks and exposure levels.

The session will discuss:  

  • The modus operandi of such vulnerabilities
  • Lessons for CISOs from this incident
  • Cybersecurity response and risk mitigation techniques
  • 01:15 PM
  • 01:29 PM
Track B
How to Establish an Effective Risk-Based Discussion with the Board

Building relationships with business unit leaders and driving a practical risk-based discussion with the board is critical in making informed risk decisions. Experts say there is an order of magnitude difference between the number of top- and bottom-performing CISOs who meet with these higher-impact stakeholders frequently.

The daunting task for CISOs is the uncertainty around the reporting of significant risks, including just what represents a 'significant' risk, which challenges many organizations today. Can you question the management and boards regarding how strategy affects risk and vice versa and their best approach to risk and discuss risk management in a meaningful and productive way?

The session will discuss:

  • Criteria for integrating risk information into decision making
  • Educating and evaluating of board members to measure strategic decisions on a risk parameter
  • Use case scenario to understand risk appetite and value at risk
Stop the Ransomware Menace: Bridging Backup Gaps
Dirk Hodgson, Director-Cybersecurity, NTT Ltd
David Geber, Head of Information Security, AUB Group

Defending against ransomware attacks has been a massive challenge for CISOs. With enterprise backups becoming targets for cybercriminals, it has further intensified. It has escalated further.
In ransomware attacks, cybercriminals attack through the backups because they know that security practitioners rely on backups to save themselves after a ransomware attack. Questions also raise around the recovery and response process capabilities. 
What needs to change as CISOs experience increasing hacking burnout in preventing such malware intrusions? Can they operationalize technology in their prevention and incidence response mechanism to address ransomware issues?

The panel will discuss:

  • Building an effective incidence response and investigation mechanism 
  • How do deal with recovery response process in the event of an attack 
  • Taking a tactical and strategic approach to battling ransomware and protecting backups
Dirk Hodgson
David Geber
  • 01:30 PM
  • 01:59 PM

Speaker Interviews

February 16 - 17, 2022

ANZ Summit