CSO Perspectives Roadshow 2017 CSO Perspectives Roadshow 2017

Speakers

INTERNATIONAL - Mark Loveless "Simple Nomad"

Senior Security Researcher at Duo Security

Mark Loveless aka Simple Nomad has worked for software and hardware vendors in the security space, as well as in IT and security for large Fortune 500 companies. He has spoken at numerous security conferences worldwide including Defcon, Blackhat, Shmoocon, RSA, and has been quoted for his security and privacy views via numerous online, print, and television media outlets including Wired, Washington Post, CNN, and many others.Mark Loveless is a Duo Labs researcher who also goes by the name Simple Nomad on the interwebs. He is not overly paranoid in spite of the fact that evil alien robots are stealing his luggage when he travels.

INTERNATIONAL - Jeff Lanza

Retired FBI Agent (USA)

Jeff was head of operations security for the Kansas City FBI and a graduate of the world renowned John E. Reid School of Interviewing and Interrogation. He is a certified FBI instructor and has trained numerous government agencies and corporate clients on how to handle the media tricks that the national television personalities such as Connie Chung and Chris Hansen used on him during his near two decades as a crisis communicator with the FBI.
In addition to his latest book, Jeff authored speeches for FBI executives and has been published in The Kansas City Star, Ingram’s Magazine and on the FBI National Web site. Jeff was recruited by the FBI from Xerox Corporation, where he was a Computer Systems Analyst. He has an undergraduate degree in Criminal Justice from the University of New Haven (Connecticut) and a Masters Degree in Business Administration from the University of Texas.

Benjamin Schroeter

Head of Security Strategy & Architecture Cyber Security

Ben is the Head of Security Strategy and Architecture at Woolworths. Before joining Woolworths in January 2016 he worked for IBM, Dell and KPM in a variety of technical and security architecture roles in various geographies. His industry experience ranges from Financial Services, Telecommunications, Automotive Industry over to Retail.

He is responsible for leading the security architecture practice and overseeing a variety of Cyber Security and IT projects. The projects in the Cyber Security space among others include Identity & Access Management, Security Incident and Event Management, Vulnerability Management, Secure Gateway replacement and uplifting a Security Operating Centre.

Ben likes to challenge existing behaviours and practices to ensure the right combination of cyber security risk mitigation as well as tangible business benefits are met.

Steve Ingram

Asia Pacific Cyber Lead, PwC

Steve specialises in technology and cyber services, and has lead a number of engagements providing clients with global response capabilities with a base in Melbourne and operational hubs in Houston, New York City, London, Johannesburg and Bangalore.

Prior to joining the PwC partnership in 2004, Steve was a General Manager with the Commonwealth Bank of Australia (CBA), where he was responsible for fraud and security related intelligence and risk management.

Samantha MacLeod

GM Cyber Security, ME Bank

Samantha is an accomplished professional with more than 18 years’ experience supporting business strategies through technology enablement. She has a passion for Security, Technology Risk & Governance. As the General Manager of Cyber Security, Samantha is accountable for ensuring that ME’s security practices are integrated throughout the organisation and viewed as a strategic opportunity for a digital bank. Samantha’s Cyber Security team ensures that the organisations digital assets, and customers’ information, are secured through appropriate technology use within the emerging threat landscape. She is focused on supporting ME through adaptive security and by disrupting traditional security approaches. Prior to joining ME, Samantha was the APAC Director of IT Risk Solutions in the GE Capital global technology team and a Director at Oracle Corporation. Samantha is an advocate of Women in IT and Women in Leadership. She is the chair of ME’s Women in Digital and Technology Forum and involved with a number of organisations and institutions advocating for cultural diversity in technology.

Alicia Peters

Digital Evidence Practitioner, Digital Forensics – Australian Federal Police

Alicia is a Digital Evidence Practitioner with Digital Forensics at the Australian Federal Police. After completing a Bachelor of Information Technology at the University of Southern Queensland, Alicia started her full-time tech career at the Australian Taxation Office in Canberra using her technical expertise to support the Internal Audit and Internal Fraud sections. During this time, Alicia attend a presentation about the emerging field of Computer Forensics. She then started additional tertiary study in this field. While completing this study, Alicia was offered a position with Digital Forensics at the AFP. As part of her role, she provides Digital Forensic support to ACT Policing investigations and also to AFP National Policing investigations. She has also been involved in major international operations, as well as assisting other government organisations and overseas law enforcement agencies with Digital Forensic training. She will be celebrating 10 years of service with the AFP this year.

Duncan Alderson

Senior Manager, Cyber and Forensics, PwC Australia

Duncan is a Senior Manager within PwC Australia’s Cyber Security practice. He has over 15 years experience in Cyber Security and is the lead for the Cyber Strategy & Architecture team. He has worked in United Kingdom, Abu Dhabi, Singapore, Indonesia and Australia
During this time he has worked with many household names on multinational projects, designing, implementing and testing large scale networks in Corporate and ISP environments and implementing security solutions in enterprise and operational networks.
In the past 5 years he has specialised within the Energy, Utilities and Mining sector, specifically focused on Cyber Security in Operational Technology environments and was the lead author to PwC’s Securing operational technology assets thought leadership paper.

Asaf Ahmad

CISO, Fire & Rescue NSW

I have had challenging role in information security management and implementing IT Projects. In the last 15 years, my experience has been in information security management, governance and management of enterprise IT, IT risk management, developing a compliance and assurance program, applying ITIL in establishing and improving IT processes, implement ISO 27001, Disaster Recovery, Business continuity and providing information security advice and assurance to business.

In doing so, I have also developed IT and Information Security strategy and currently implemented IT Governance framework.

My experience stretch across all areas of IT, continuously maturing, developing security architecture, and carrying out security assessment for cloud hosting, SaaS, IaaS, PaaS, outsourcing, BYOD, Work from Anywhere, social networking, and developing policies.

Mark Gregory

Leader, Network Engineering Research Group, RMIT

Mark Gregory was born in Melbourne Australia. He went to Guildford Grammar School in Western Australia where he matriculated in 1979 and moved to the Royal Military College Duntroon as an Australian Army officer candidate. He graduated from the Royal Military College Duntroon in 1983 as an officer in RAEME. He completed a BEng (Elec)(Hons) in 1984 at the UNSW (Royal Military College), a MEng in 1992 at RMIT University and a PhD in 2008 at RMIT University. Mark is currently a Senior Lecturer focusing on Network Engineering and Internet Privacy and Security in the School of Engineering at RMIT University in Melbourne Australia and has published more than 100 refereed papers. He is the Managing Editor of the Australian Journal of Telecommunications and the Digital Economy and General Co-Chair of the IEEE technically co-sponsored International Telecommunication Networks and Applications Conference. He is a Fellow of Engineers Australia and a Senior Member of the Institute of Electrical and Electronics Engineers Inc. Mark has been the founding director of several companies that provide consulting and IT services.

Ian Yip

Director, Cyber Security, Ernst & Young

Ian Yip is a Director in EY’s Cyber Security Advisory practice. He has worked with organisations globally on Cyber Security initiatives and projects, particularly in the areas of Security Strategy, Identity & Access Management, Data Protection, Threat Management, Security Governance, Risk & Compliance, and API Management. He has held a variety of leadership, advisory, sales, marketing, product management and consulting roles across Europe and Asia Pacific in some of the world’s leading companies, including EY, IBM, CA Technologies and NetIQ. In addition to being a published author in Identity, Access & Security Management, Ian is often quoted in the press, has written articles for major publications and delivered keynotes at events across the Asia Pacific region.

Leon Fouche

National Leader, Cyber Security, BDO

Leon is an experienced ICT professional specialising in cyber security, cloud and technology risk advisory services. He has more than 20 years’ experience delivering a wide range of business and IT projects, ranging from strategy development through to system implementations across Australia, Europe and Africa.

Leon often works with company Boards and the C-suite where he helps them understand the cyber threats and risks that impact their business and the strategic activities required to manage these risks. He also works with technical teams to help them understand the security vulnerabilities and technical security gaps in their organisations’ systems and processes, and the remediation activities required to address them.

Dr Sally Ernst

CEO and Cofounder, Cyber Security Networks (UK & Australia)

Dr Sally Ernst has a rare and enriched background blending prominent industry research, business leadership, entrepreneurship, board governance, creativity, innovation, investment band government exposure in an international context. Some related press links can be found here.

Sally is currently co-founder and MD of the UK and Australian Cyber Security Networks, which focus on holistic immunity from cyber threats. It does this through strategic internet security innovation; and, by engaging organisations at Board/ owner level to help them understand cyber security in the context of their business and its interconnected ecosystem, decide how to protect their organizational assets in that context, and act on those decisions.

Facilitating the CSNs track-record of engagement with organisations at Board and Company Director level in the UK and Australia, Sally has held Board roles in both countries, including WebCentral Complex , The London Entrepreneurial Exchange (Chaired at the time by Sir Richard Branson), CloudStaff , The Institute of Management Consultants , and Entrepreneurs’ Organisation UK-London, where she increased female membership by a third during her term as Chair.

Dr Sally Ernst's full bio

Professor Vijay Varadharajan

Director: Advanced Cyber Security Research Centre, Microsoft Chair Professor in Innovation in Computing

Vijay Varadharajan is currently Professor and Microsoft Chair in Innovation in Computing at Macquarie University (2001-todate). He is also the Director of Advanced Cyber Security Research Centre (ACSRC). Before this he was Dean/Head of School of Computing and IT at University of Western Sydney (1996-2000).

Vijay was on the Board of International Advisors of TCPA, USA, originally formed by HP, Microsoft, Intel, Sun and Compaq. Now TCPA is known as TCG and TCPA security specification is currently being in products endorsed by numerous companies. Vijay is a founding member of the Trustworthy Computing Academic Advisory Board (Microsoft, USA) (announced by Bill Gates in July 2002), is a member of the SAP International Security Advisory Board (SAP Corporation, Germany/Germany) and is a member of SAP Next Business and Technology Board (USA). He is also a member of the Australian Government’s Peak Security Advisory Body, ITSEAG, for the Ministry of Broadband, Communications and Digital Economy, Australia. Vijay is a member of the Australian Academy of Science National Committee on Information and Communication Systems. In April 2014, Vijay has been appointed to the ICT Advisory Panel in the NSW Government. Recently in May 2015, he has been appointed to the Cyber Security Task Force (CSTF) in India, which has been created upon the recommedndation of the Prime Minister of India. Previously he has acted as an Expert in Security for the European Union and for the UK Dept. of Trade and Industry. He has also acted as consultant and architect for several projects in computing, financial and telecom organizations in the UK, US and in Australia. He has been the Technical Board Director of Computer Science at Australian Computer Society (1999-2006), and a member of the Board of Studies NSW Australian Government 2005-2012. Vijay was a member of the Australian Research Council (ARC) ARC College of Experts in Engineering, Mathematics and Informatics in 2011 for 3 years.

Vijay has published more than 400 papers in International Journals and Conferences, has co-authored and edited 10 books on Information Technology, Security, Networks and Distributed Systems and have held 3 patents. His research work over the years has contributed to the development of several successful secure commercial systems in the areas of Secure Distributed Applications, Secure Network Systems, Security Tools, Secure Mobile Systems as well as Cryptographic and Smart Card based Systems and secure financial, telecom and medical solutions. His current areas of research interest include Cloud Computing Security, Internet of Things Security, Big Data and Distributed Applications Security, Malware and Security Attacks, Software Security, Trusted Computing, Internet Security, Wireless and Mobile Networks Security, Secure E-Commerce, Security Architectures, Security Policies, Models and Protocols. He has supervised successfully over 33 PhD and 10 Masters Research students in UK and Australia. He was awarded MQ University’s Supervisor of the Year in 2003.

John Haig

Head of Security, Risk & Compliance, Dun & Bradstreet ANZ

John is a Cyber Security leader with a career spanning more than 15 years.

His experience began from deep technical roots in hands-on SME operational roles and has progressed through to senior leadership where he has built & managed high performing teams to deliver outcomes across the Technology, Telecom, Financial, Retail, & Logistics industries.

John is best known for his key roles at Australia Post, NBN, and now Dun & Bradstreet ANZ. His accomplishments include establishment and management of the SOC (Security Operations Centre) for NBN where he was able to deliver an effective cyber security defence capability to prevent, detect, respond, and remediate cyber threats, and Australia Post where his leadership was instrumental in delivering scalable, secure, and flexible operational capability in a period of rapid transformation.

As Head of Security, Risk & Compliance at Dun & Bradstreet ANZ, John heads up the Security Operations, IT Security Risk & Compliance, & Infrastructure Operations functions delivering an extensive cyber security & infrastructure uplift program which is transforming the way Dun & Bradstreet ANZ deliver security & operational capabilities within the business and how it interacts with its customers.

He has a passion for technology, security and cyber awareness. John is also an advocate for greater information sharing across organisations and strongly believes we are stronger in numbers.

Christine Miller

One of 3 National Directors and a Canberra Co-Lead Australian Women in Security (AWSN)

For the past 11 years, Chris has specialised in business continuity management and crisis communications, managing both traditional and social media. She has worked in Australian governments, businesses and a major not-for-profit organisation ranging in size from 2 to more than 20,000 employees. As Principal Consultant, Business Continuity Manager, B4Crisis, Chris works closely with security, property, HR, communications and ICT, especially their disaster recovery plans, cyber-risks and cyber strategies. She has written and facilitated ransomware exercises. These exercises provide technical IT challenges as well as challenging business leaders and media, public relations and communications teams.

She has presented more than 60 conference papers and webinars in Australia and internationally. Chris has a passion to train and work with organizations to, prepare for a crisis, manage during and after through a business disruption and conduct lessons learnt or after action reviews to enhance business resilience.

Alex Nehmy

Enterprise Information Security Manager at SA Power Networks

Alex is the Enterprise Information Security Manager at SA Power Networks, which is the Electricity Distributor for South Australia. SA Power Networks builds and maintains the poles, wires and substations that deliver power reliably and safely to 850,000 customers. In his role, Alex has provided leadership in the development of a foundational cyber security capability bridging Information Technology and Operational Technology.

With 15 years’ experience in dedicated cyber security roles, Alex brings a passionate and dynamic approach to ensuring a cyber security program prudently addresses business risk.

Prior to joining SA Power Networks, Alex built the University of Adelaide’s cyber security group, consulted nationally and internationally for KPMG and worked for a global telecommunications organisation in London.

Hai Tran

Chief Information Security Officer, Western Australia Police

Hai Tran is the Chief Information Security Officer for WA Police. His information security expertise extends across range of industry sectors including higher education, telecommunications, technology, state and federal government.

Pieter van der Merwe

Chief Information Security Officer, Woolworths Group

Pieter is an experienced information security professional currently fulfilling the role of Chief Information Security Officer for Woolworths Limited. Pieter has over 17 years’ experience in Information Security across a number of geographies and in various capacities and disciplines including cryptography, network security, security architecture, information risk management, security consulting and operations. Pieter is able to engage stakeholders across the corporate spectrum and articulate the need for information security clearly.

Pieter prides himself in taking a practical approach to information security, and is constantly searching for ways to derive the most value out of his current investment in security processes and technologies. This philosophy has enabled Pieter to successfully lead the deployment of a number of security practices and projects throughout his career.

Silas Barnes

Group Chief Information Security Officer, Virgin Australia Group

Silas is an experienced information security executive specialising in enterprise security strategy and information risk management. With over a decade of operational security experience working with companies including IBM, Symantec and the Department of Defence, Silas currently serves as Chief Information Security Officer for Virgin Australia Group. Outside the office, Silas dedicates time to researching for weaknesses in both mainstream software and embedded systems, and has been credited with discovering several 0-day vulnerabilities in consumer devices and widely used application software. A regular competitor in “Capture The Flag” hacking competitions held both nationally and internationally, Silas and his industry crew most recently won the coveted 2016 KiwiCon 10 CTF competition in Auckland, New Zealand.

Adnene Guabtni

Senior Research Scientist, Data61/CSIRO

Adnene Guabtni is a Senior Research Scientist at Data61. He has over 9 years of experience in Research and Development solving practical problems through excellent technical research on Cloud Computing, Cyber Security, Big Data and Web Information Technologies. Currently, Adnene is managing the IOkeeper project at Data61, where he is working on new technologies that help protect data privacy while using public cloud services to store and share data online. His research interests orbit around the “cloud consumer” and include security enforcement for cloud users, cloud monitoring from a consumer perspective, and productivity gains using cloud-based applications. He also builds on previous experience in Service Oriented Computing and Business Process Management.

Tom Pieterse

Manager, Cyber Security, Ernst & Young

Tom is a Manager in Ernst & Young’s Cyber Security Advisory practice and is responsible for developing cyber security operating models, enterprise security designs and architectures, security transformation program roadmaps and defining business cases for cyber.
Tom has been the IT Security Manager for a large global retailer and works with companies to help them understand their investment in cyber and how to apply a balanced approach to cyber risk management. His role often requires research into the latest security trends in advanced-threat defence, pragmatic mobile device security, security virtualisation, cloud security, Security as a Service (SaaS) and threat intelligence.

Erica Hardinge

Head of Security Enablement (acting), ANZ

Erica is responsible for developing the global strategy for raising security awareness and influencing behaviour change across 55,000+ employees and customers with reach extending over ANZ’s 30+ geographies. This involves applying Change Management methodology to demonstrate the case for change to engage staff and customers empowering them to make secure choices.
Erica has been applying interdisciplinary approaches to what was traditionally purely a communications role for over 10 years, with prior roles in HR providing the basis for her approach. During this time Erica has observed growing interest and support for the Security Awareness function, with staff now increasingly recognising the personal need for cyber safe behaviours. The function has evolved from compliance based communications and training through to strategic approaches to facilitate a secure Human Perimeter. Through Erica’s vast experience she has seen the importance of the right language, clear individual action and personal relevance as the key ingredients in driving a leading education and awareness program.
As an active member of the global Security Awareness community, Erica is well positioned to draw upon international approaches to further benefit ANZ’s program. More recently, in collaboration with other leading Australian organisations, Erica co-launched the Security Influence and Trust group for Awareness professionals in the Australasia region.
Erica completed her MBA qualification at Melbourne Business School in 2008 following earlier completion of a Bachelor in Arts and Science at Melbourne University, with a focus on Behavioural Sciences, including Criminology, contributing to her passion to help staff become cyber safe.

David Carroll

CTO, Adelaide City Council

Working for Adelaide City Council, David is charged with strategically investing in the technology and related infrastructure that is to deliver on the City’s Strategic Plan 2020. Technology and infrastructure are fundamental cornerstones in driving Adelaide to become one of the worlds leading Smart Cities.

He has an insatiable passion for technology and ICT Infrastructure being done right the first time, working to ensure it delivers not only the business benefits, but also is as agile as possible whilst still performing well into the future returning benefits far beyond its original purpose.

The KISS principle, systems architecture and solution design – built for now and into the future are key underlying themes in his success.

Yvonne Sears MSc, CIPM, CISM

Co-Founder, GRC Management Services

With 17 years experience in risk, working for public and private sector companies throughout the UK and Australia, Yvonne is able to bring a diverse and pragmatic approach to the table.

​Highly qualified, with a MSc in Information Security and Computer Crime, an Advanced Award in Law, is a Certified Information Privacy Manager (CIPM) a Security Manager (CISM) and holds a MBCI.

Her passion is clearly in the field of business continuity, privacy and information security. She has seen over 16 organisations through ISO 27001 Certification, has written and delivered public training on business continuity and is now co-founder of an Adelaide based consulting company GRC Management Services.

​An advocate for sharing knowledge and mentoring Yvonne has been supporting industry throughout the UK and Australia through special interest groups.

She has been on the ISACA Board (Adelaide) as Certification Director (2012-2016), a Global Knowledge Chair for the IAPP Adelaide Chapter (2014-2016) and an advisor in the UK for the Society of IT Managers and London Borough’s specifically in regard to the sharing of sensitive personal data between agencies.

Lucy Liu

Senior Manager – Information Risk, PwC

Lucy has recently joined PwC as a Senior Manager – Information Risk, and is an experienced Information Security professional, with 14 years’ experience in the industry. Lucy has extensive experience and a wide-ranging knowledge and skill set in security management and governance, security strategy and assurance, risk assessment, audit and compliance review, capability maturity assessment, identity and access management and cloud security assessment, with a particular emphasis on assessing, design and implementing and maintaining information security management system based on industry good practices including Australian Standards AS/NZS ISO/IEC 27001 & 27002, NIST Cybersecurity Framework and ISO 31000 Risk Management framework.

Lucy has previously worked in various industry sectors including oil and gas, financial services, insurance, mining, consulting services and Government, and holds a number of security certifications including CISSP, CISM, CISA and SCF (SABSA Chartered Security Architect).

Dr Malcolm R Pattinson

Senior Research Fellow, Human Aspects of Cyber Security (HACS) Research Group, The University of Adelaide Business School

Dr Malcolm Pattinson is currently a Senior Research Fellow in the University of Adelaide’s Business School. Over the last decade, his work has been dedicated to teaching and research in the domain of Information and Cyber Security, particularly in regard to the behaviour of computer users and how it impacts on organisational security. He is an integral member the multi-disciplinary Human Aspects of Cyber Security (HACS) Research Group, which has conducted research projects relating to: susceptibility of phishing email recipients; social engineering techniques of hackers; risk perceptions and behaviours of employees; cognitive aspects and personality traits of computer users; and the information security awareness of individuals. He is also co-chair of the international Human Aspects of Information Security and Assurance (HAISA) conference and will be hosting the November 2017 HAISA conference in Adelaide, Australia.

James Adams

Cyber Security Governance & Assurance Specialist, Bankwest

James is an experienced IT Risk professional specialising in Governance and Compliance. He holds a BSc in Cyber Security and has been consulting, auditing and advising in the Cyber Risk space for the past 6 years, most recently at Bankwest (part of the CBA Group). Prior to Bankwest James worked for Deloitte where he managed a team on long-term secondment to the Risk and Assurance group of a large Government department in Canberra, led a review of a credit union’s security model for one of their major applications and managed and executed numerous other large external audit engagements. Typically James’ involvement is as an IT expert, liaising directly with IT managers/CFOs and CIOs and their teams to ascertain the current-state of controls. This has often involved being required to design and test automated and manual controls to confirm the operating effectiveness of those controls.

Tamsyn Harris

Head of Fraud Risk Strategy, Financial Crime Unit, ANZ

Tamsyn has over 19 years experience in Financial Crime and Risk Management and is currently the Head of Fraud Risk Strategy for ANZ Banking Group. She and her team are responsible for driving fraud risk, strategy and governance across ANZ.

Tamsyn has also held positions with Barclays Bank in London and in Audit and consultancy firms in Australia where she successfully implemented fraud detections systems, developed and ran fraud operations functions, conducted sensitive reviews on behalf of Audit Committees and Boards and audits and consulting reviews in public and private sectors companies.

Tamsyn is a Chartered Accountant, Associate Member of the Certified Fraud Examiners and has a Graduate Certificate in Fraud Investigation.

Helaine Leggat

Co-founder and Director, Information Legal Pty Ltd

Helaine Leggat is one of a few people in the world to hold a bachelor of law degree together with CISSP, CISM, CIPP and CIPP/IT Credentials. Helaine has specialised in information (cyber) law, information security, information governance and information privacy since 2000 and has provided services to public and private sector organisations globally across all sectors.

In 2012 she settled in Melbourne where she co-founded Information Legal, a uniquely differentiated risk and advisory service founded on a belief that cyber law is empowering and that it is essential to know your rights.

Her current energies are directed at establishing recognition of new norms in Cyberspace, including the adoption of active defence and the development of international law and ethics in support of a continuing rules-based global order.

Stephan Fourie

IT Manager, SKYCITY Adelaide

Stephan Fourie is the IT Manager for SKYCITY Adelaide and is part of the SKYCITY Entertainment Group ICT Leadership Team as well as the SKYCITY Adelaide Senior Leadership Team.
Stephan has been in the ICT industry for 21 years and worked for large corporate companies like: – Orange Business Services in the UK with a presence in more than 220 countries – Sun International in South Africa who operates 28 casino’s and hotels – Ardent Leisure who owns Dreamworld, Whitewater World, Goodlife Healthclubs, AMF & Kingpin Bowling, Hypoxi, Skypoint and Main Event Entertainment in the US – SKYCITY Entertainment Group who operates the casino’s in New Zealand, Adelaide and Darwin
Stephan has a technical background with skills and knowledge across all areas of ICT

Ty Miller

Director, Threat Intelligence

Over the past decade, Ty Miller has developed an impressive portfolio demonstrating his vast experience and accomplishments. This has allowed him to become a well-known and highly respected specialist within the IT Security industry, not only in Australia but around the world.

He has trained up the likes of FBI, US Department of Defence, Australian Department of Defence, Cisco, VMware, Australian Taxation Office, and a number of intelligence agencies. Ty Miller is the only individual in Australia who get invited each year to run their advanced security training at the prestigious Black Hat USA security conference.

Ty was selected amongst Australia’s leading security specialists to establish and run the CREST penetration testing exams as the standard for the Australian Government. Ty was selected above all other security companies as the representative for NSW. Ty was a co-author of the highly popular security book “Hacking Exposed Linux 3rd Edition”, developed a cutting edge attack technique that allowed him to remotely bypass all security controls to attack internal servers from the Internet, and has been engaged to enhance some of the most elite specialist security products with his advanced attack concepts and skills, including developing the “DNS Covert Channel” feature of the highly popular commercial exploit framework “Core IMPACT”.

Paras Shah

Practice Lead, Strategic Advisory, Vital Interacts

Paras has over sixteen years’ experience in business and technology consulting. He has offered consulting and advisory services to a wide ranging commercial, public sector, educational and not-for-profit organisations to solve business and technology problems in areas such as Business and IT strategic planning, Risk management, Governance, IT capability maturity assessment, Management systems, Information security, Privacy, Business continuity, and Process improvements.

He started his career as a Chartered Accountant and ventured into the field of Information Technology as an Auditor in 2001. He leveraged his understanding of finance and cost accounting principles across large IT implementation and outsourcing projects.

Paras is a Certified Trainer and Certification Assessor for Management Systems Certifications and accredited trainer for COBIT5 and Organisation Change Management trainings. He has trained over 400 professionals for IT Certification across Australia, Asia South, Middle East and India.

Daisy Sinclair

Founder, Cyber8Lab Pty Ltd

Daisy has more than twelve years combined professional experience in International Cooperation, Information Security, Business development, Project Management, and is currently rolling out a hands-on Cyber Attack-Response Drill (CARD) program.

She is a Certified Cyber Defender Associate (CCDA) and has been involved in cybersecurity projects such as International Investigation of Cyberattack, Child Online Protection Program and Cyber Drill. All these projects were implemented to promote national and international cooperation between stakeholders and countries as well as to enhance their capability in mitigating risk and issues pertaining to collaboration in the cybersecurity arena.

Daisy holds a Foundation Certification in Information Security (FCIS) and is currently a member of the High Technology Crime Investigation Association (HTCIA), the Australian Information Security Association (AISA) and the Australian Women in Security Network (AWSN), Western Australia.

Doug Hammond

Chief Information Security Officer, Technology Strategy & Operations, Inland Revenue

Doug Hammond has been in the Information Security profession for over 20 years in multiple industries including Aviation, Financial Services, Telecommunications, Consulting Services and Government. Doug is passionate about Risk Management, Governance, Strategy and Policy.

Marise Alphonso

IT Governance Officer, The Salvation Army

Currently in the role of IT Governance Officer at The Salvation Army based in Melbourne, Marise has a background in software development and transitioned into the area of Governance, Risk and Compliance under two years ago. Her interest in GRC stemmed from classes taken during her Master’s program. Her current role involves work within the areas of information security, IT-related business risk and audit initiatives. Since commencing her role, she has been involved in various security-related activities such as reviewing vendor security requirements for business projects, raising security awareness, liaison during vulnerability assessments and establishing organisation-wide IT policies. Her focus is on building an information security program from the ground up tailored to the business objectives of The Salvation Army as well as gaining an understanding of IT Governance processes with the intention of improving their maturity.

Dr Iqbal Gondal

Associate Professor

Dr Iqbal Gondal’s research interests are: wireless networks, sensor networks, remote machine condition monitoring, information fusion, social networks and network analytics. He has published two book chapters and over 127 refereed conference and journal papers. According to Google Scholar, his publications have been cited over 621 times, with an H-index of 10 and G-index of 20. To date he has successfully supervised twelve and is currently supervising five PhD students. He is also the recipient of Best Paper award in an international conference. He has received commendation from Vice-Chancellor and Pro Vice-Chancellor (Learning and Teaching) for his excellent teaching in Monash. He has served in the capacity of Director of postgraduate studies for six years, member faculty board, member of Monash academic board and Director of ICT Strategy for the faculty in Monash.

Prior to joining Monash, he worked in a capacity of a research fellow and a senior software systems engineer for seven years in Singapore and Australia with Delphi (GM), Singapore Manufacturing Technology (SimTech) and other industries. He has experience in network design and development, project management, System design and integration, SCADA, intelligent techniques, adaptive systems and wireless switches for financial services. He is a member of IEEE (USA), Communication Society (USA) and Engineers Australia.

Sarah Hufnagel

‎Cyber Risk Services, Risk Advisory, Deloitte

Sarah works full-time within Deloitte’s Cyber Security practice, and is a Brisbane Branch Lead for Australian Women in Security Network. Through her work with Deloitte and building on a justice and information management background, she has completed security work across a variety of industries, with a focus on public sector and health care, particularly regarding strategy and privacy.
Sarah has long had a passion for encouraging diversity and engagement with women in technical fields, and has previously led diversity initiatives while completing a dual degree at Queensland University of Technology, and engaged as a diversity representative through Deloitte at university and school events.

Dr Suresh Hungenahally

Chief Information Security Officer (CISO) & Cyber Security Lead

Dr. Hungenahally is the Chief Information Security Officer and Cyber Security Lead at CommTel Network Solutions. Specialising in security management he is a leading expert and security strategist in Operational Technology (OT) and Information Technology (IT). Focused on securing information assets, he delivers business outcomes by providing strategic alignment and best practices to secure an organisation.

Dr. Hungenahally has twenty years of experience in both the public and private sectors, highlighted by key leadership roles including CISO of the Victorian Government (Australia) and CIO of Cendant Australasia. Additionally he has had success in key executive leadership roles for the Victorian Government, Griffith University, Tarong Energy, Queensland Electricity Commission, Concept Energy Solutions, Toll Holdings, Brisbane City Council, Queensland Government, Telstra Corporation, KPMG consulting, National Australia Bank, Capgemini, Australian Defence and the Australian Tax office.

Combined with his passion for innovative and creative problem solving, he delivers value by providing expert advice to senior executives in the areas of Infrastructure Cyber Security, Information Security Governance Risk and Compliance, Controls Implementation, Security Analytics Intelligence, Enterprise Search, BPM, IT Management and Leadership Training. With an understanding the long term value of solutions, he delivers value by managing business risks and delivering program outcomes, with a defined and positive ROI (Return on Investment).

Andrew van der Stock

Principal Security Consultant, Threat Intelligence

Andrew van der Stock is an acknowledged leader of the application security field, with over 15 years application security experience in Australia and the USA, and over 20 years’ experience in the IT and System Administration fields.

Andrew joined OWASP in 2002, and continued sharing his passion for information sharing by participating in and then leading the Developer Guide project, culminating in the OWASP Guide to Building Secure Software 2.0 in 2005. He led the OWASP Top 10 2007 effort, initiated and led the OWASP ESAPI for PHP effort, currently leads the OWASP Developer Guide project, and is a key contributor to the OWASP Proactive Controls. Andrew is lead author of the OWASP Application Security Verification Standard 2.0. He is the long-time moderator of the Symantec SecurityFocus webappsec mailing list.

Andrew is currently on the global Board of Directors of OWASP, and has previously held the Executive Director position at OWASP and been a member of the OWASP Global Chapters Committee.

Francis Kaitano

Security Manager, IAG NZ

Francis is a security leader and strategist with over a decade and half cyber security experience spanning, governance, strategy, risk management, consulting, architecture, operations and management in various industry sectors. He is passionate about the role of cyber security in innovation and how leadership can influence or transform modern and future businesses. In recent years Francis has been delving into the field of Cyber Security Anthropology. Francis is an active contributor in the cyber security industry, and a future thought leader in cyber security resilience in a digital world.

Francis is a Member of the New Zealand Institute Of Directors(MINSTD), and holds a number of industry certifications (CISSP, CISM, ITIL, MCP, SCF).

Mandy Turner

Brisbane Branch Executive, Australian Information Security Association

Mandy Turner has had a varied career ranging from musician, photographer, artist, and fraud investigator. She currently works full time in an IT security role in the Australian Government, is studying a degree full time in dementia care, is an artist and musician and is also actively involved in a variety of volunteer roles. She is the branch executive for the AISA Brisbane branch and proudly supports the Australian Women in Security Network as their blog manager. She is passionate about encouraging diversity, creativity and inclusiveness in the infosec industry.

Michelle Weatherhead

General Manager of Commercial Solutions Sales, BAE Systems Applied Intelligence

Michelle was born and grew up in Wellington, New Zealand.

She has over 15 years’ experience in the cyber security and anti-financial crime industry.

A globally experienced professional, she has worked with corporations across Europe, United Kingdom and the Asia Pacific to implement a variety of business defence solutions to detect security incidents, identify fraud and manage Anti Money Laundering obligations.

A passionate promoter of Diversity and Inclusion she supports many initiatives to encourage awareness and improvements to equality.

Michelle is a national director of the Australian Women in Security Network and holds a bachelor of Science and a bachelor of Commerce and Administration from the Victoria University of Wellington.

William Yeoh

Director of International and Engagement, Department of Information Systems and Business Analytics, Faculty of Business and Law, Deakin University

Dr William Yeoh is the Director of Australia’s first IBM Centre of Excellence in Business Analytics at Deakin University. He received his PhD from University of South Australia. His research are supported by various funding bodies and have appeared in high-tier journals (including A* & A journals) and most competitive top five Information Systems conferences. Moreover, his mentored team was crowned the World Champion at the 2016 IBM Watson Analytics Global Competition held in Las Vegas. He was also the recipient of Deakin’s Vice Chancellor Award and the internationally-competitive IBM Faculty Award. Dr Yeoh is the current Editor-in-Chief of the International Journal of Business Intelligence Research.

Sharmila Packiaraja

ICT Cyber Security Manager, Kinetic IT

Sharmila is the ICT Cyber Security Manager in the Northern Territory for Kinetic IT, an enterprise solutions provider servicing large and complex environments across industry sectors, including government, corporate, resources and utilities. In her current role as ICT Cyber Security Manager on a Government contract Sharmila provides advice on policies and procedures around Systems, People and Security. Sharmila has more than a decade of IT experience in a variety of industries including financial services, retail and government covering roles in Information Security, Project Consulting and Risk Management.

Sharmila also holds the position of Branch Executive (Darwin Branch) for the Australian Information Security Association (AISA) where she is responsible for bringing security professionals of the region together and connecting them with the wider security community across the nation. One of her passions is building partnerships between the local ICT industry and local communities, with the aim of improving community security awareness and the capability of the local ICT industry.

Having experienced workplace discrimination in the ICT industry herself, Sharmila is also passionate about women in leadership, gender diversity and women in Science, Technology, Engineering and Mathematics (STEM) and participates in school programs encouraging girls and young women to take up careers in the ICT industry/Security.

Diego del Hoyo

Senior Consultant, Security Policy & Compliance, Westpac

Diego has over 25 years’ experience in varied Information Technology roles, and has been involved since 2000 in Information Security, with focus on security risk management and governance. He had exposure across varied industries, with most of his career in Financial Services. He is member of AISA, ISACA, and ISC2; and holds the certifications CISM, CRISC and CISSP.

Cathryn Ayliffe

Owner/Director, Bellap Consulting

After having completed a degree majoring in Applied Mathematics and Computer Science, Cathryn began her career in Oil and Gas.
Her early years saw her working in various programming and technical positions which included the role of Infrastructure Manager at a pharmaceutical company. She later moved into a large consulting firm where she was promoted to senior management roles, and in 2004, Cathryn became the co-founder of a new business in South Australia, Blue Crystal Solutions.
After leaving Blue Crystal, she held many Program, Project Management and consulting roles in Adelaide and Melbourne where she managed numerous software projects. This included managing major infrastructure projects for a large mining company. The consulting roles, mainly in service management, introduced her to ISMF and critical incident management, and importantly the overlap that occurs with security in this area.
Cathryn has also worked on Business Continuity and Disaster Recovery, and has also set up an ISMS. Cathryn has extensive experience in risk management and compliance, and enjoys project roles that enable her to support a team to deliver a major outcome.
She is currently working as a Senior Project Manager for a South Australian Government Department.

Stephen Kraemer

Head of Information Security, Ports of Auckland

Steve Kraemer is Head of Information Security at of New Zealand’s busiest shipping port located in Auckland. Steve’s 25 years of experience in technology and leadership include assignments with Oracle USA and Australia, the US State Department and tours on the Antarctic continent. He holds a MS in Computer Information Systems from Regis University, Denver, and a BA, in Philosophy from St. Thomas University, Houston.

Cheryl Middlekoop

Head of Op Risk and Compliance, TSO and Central Functions, ANZ New Zealand

Cheryl has worked in Financial Services for 30 years, with experience in Technology, Operating Risk and Information Security. She has worked on mergers and large change programmes, which is where she started in Information Security. Cheryl is currently Head of Operational Risk and Compliance for the Chief Operation Officer at ANZ, and is passionate about developing Women in Technology.

Mark Jones

CEO, Enex Carbon

Mark is the CEO of Enex Carbon, a sister company to Enex TestLab. Enex Carbon looks beyond the traditional security technology and processes and focuses on the human behaviours that contribute to an effective information security posture.

Mark has been in the field of information technology for 18 years, 16 of which have been specifically focused on the delivery of information security and technology risk management services. His areas of speciality include the design and deployment of information security strategy, implementation of information security management frameworks and management of risks specific to technology. He’s also had experience on the other side of the table as the owner of a boutique information security consulting firm.

Mark has successfully delivered services to clients in finance, utilities, telecommunications, government, and commercial sectors across the Asia-Pacific, United Kingdom , Europe and North America.

Mark is a Member of the Australian Institute of Company Directors (MAICD), Certified Information Security Manager (CISM) and Certified Information Systems Security Professional (CISSP). He is also the Co-Founder of the Day of the Month Club, an information security professionals networking group with hundreds of members Australia wide.

David Holmes

Worldwide Security Evangelist, F5 Networks

David Holmes is an evangelist for F5 Networks’ security solutions, with an emphasis on distributed denial of service attacks, cryptography and firewall technology. He has spoken at conferences such as RSA, InfoSec and Gartner Data Center. Holmes has authored white papers on security topics from the modern DDoS threat spectrum to new paradigms of firewall management. He has a regular column at SecurityWeek Magazine and also contributes to the industry publications DarkReading, Wired Online, SCMagazine, and Network World. Since joining F5 in 2001, Holmes has helped design system and core security features of F5’s Traffic Management Operating System (TMOS) with four patents pending. Prior to joining F5, Holmes served as Vice President of Engineering at Dvorak Development. Holmes has over 25 years of experience in security and product engineering and has contributed to security-related open source software projects such as OpenSSL and ssldump. Follow David Holmes on twitter @dholmesf5.

Matt Tett

Managing Director of Enex Testlab & CSO MC

Matt Tett is the Managing Director of Enex TestLab, an ISO 9001 certified and ISO 17025 accredited independent testing laboratory with over 25 years history and a heritage stemming from RMIT University.

He is responsible for establishing and overseeing all eight operational divisions, delivering successful projects to 92 industry sectors across a number of global markets. He has a deep technical background in networking and security, and combines this with decades of high-level senior management and global business development.

Matt holds the following security certifications in good standing CISSP, CISM, CSEPS and CISA.

Panel Sponsors

Security Wave Sponsors

Product Demo Booths

Exhibitors

Survey Sponsors

Lanyard Sponsors

Product Demo Booths

Security Wave Sponsors

Survey Sponsors

Lanyard Sponsors

Adelaide

Date/Time

Tuesday, 14th Mar 2017 8:00 a.m. - 5:00 p.m.

Venue

Stamford Plaza Adelaide 150 North Terrace Adelaide SA Australia

Perth

Date/Time

Thursday, 16th Mar 2017 8:00 a.m. - 5:00 p.m.

Venue

Crown Perth Crown Ballroom 3
Great Eastern Highway Burswood WA Australia

Melbourne

Date/Time

Tuesday, 21st Mar 2017 8:00 a.m. - 5:00 p.m.

Venue

Grand Hyatt 123 Collins Street Melbourne VIC Australia

Brisbane

Date/Time

Thursday, 23rd Mar 2017 8:00 a.m. - 5:00 p.m.

Venue

Stamford Plaza Brisbane Edward St & Margaret St Brisbane City QLD Australia

Sydney

Date/Time

Tuesday, 28th Mar 2017 8:00 a.m. - 5:00 p.m.

Venue

Sheraton on the Park Sydney 161 Elizabeth St Sydney NSW Australia

Wellington

Date/Time

Monday, 3rd Apr 2017 8:00 a.m. - 5:00 p.m.

Venue

Museum of New Zealand Te Papa Tongarewa 55 Cable St Te Aro Wellington Wellington New Zealand

Sponsored by

  • VMware
  • F5 Networks
  • VMware
  • Ivanti
  • Sophos
  • LogRhythm
  • Cisco
  • Enex Carbon
  • Sophos
  • ContentKeeper
  • LastPass
  • Juniper Networks
  • InfoSec Marketplace
  • VMware
  • SAI Global
  • F5 Networks
  • Ivanti
  • IDG SMS
  • Mimecast
  • RSA
  • Rapid7
  • Gigamon
  • SailPoint
  • VMware
  • F5 Networks
  • Cisco
  • VMware
  • Ivanti
  • LogRhythm
  • Sophos
  • LastPass
  • Juniper Networks
  • ContentKeeper
  • VMware
  • IDG SMS
  • InfoSec Marketplace
  • Sophos
  • Mimecast
  • Ivanti
  • F5 Networks
  • Gigamon
  • Rapid7
  • SailPoint
  • F5 Networks
  • VMware
  • Cisco
  • Ivanti
  • LogRhythm
  • VMware
  • Sophos
  • InfoSec Marketplace
  • RSA
  • F5 Networks
  • IDG SMS
  • Juniper Networks
  • SAI Global
  • Ivanti
  • LastPass
  • Sophos
  • VMware
  • Mimecast
  • ContentKeeper
  • Gigamon
  • Rapid7
  • SailPoint
  • VMware
  • F5 Networks
  • Cisco
  • Sophos
  • Ivanti
  • LogRhythm
  • VMware
  • Juniper Networks
  • InfoSec Marketplace
  • SAI Global
  • IDG SMS
  • VMware
  • Mimecast
  • Sophos
  • Ivanti
  • ContentKeeper
  • F5 Networks
  • LastPass
  • Gigamon
  • Rapid7
  • SailPoint
  • VMware
  • F5 Networks
  • Cisco
  • LogRhythm
  • Ivanti
  • Sophos
  • VMware
  • ContentKeeper
  • IDG SMS
  • Juniper Networks
  • LastPass
  • SAI Global
  • Sophos
  • F5 Networks
  • InfoSec Marketplace
  • VMware
  • RSA
  • Mimecast
  • Ivanti
  • Gigamon
  • Rapid7
  • SailPoint
  • F5 Networks
  • VMware
  • Cisco
  • Ivanti
  • VMware
  • LogRhythm
  • Sophos
  • Mimecast
  • Ivanti
  • SAI Global
  • VMware
  • LastPass
  • F5 Networks
  • InfoSec Marketplace
  • Sophos
  • Juniper Networks
  • IDG SMS
  • ContentKeeper
  • Gigamon
  • Rapid7
  • SailPoint