10:10 AM – 10:45 AM 
Keynote: The Changing Role of the CSO
Darren Kane, CSO, nbn Australia

The old adage “there is no ‘i’ in ‘team’” is taking on new meaning in the evolving office of the CSO, where the “I” is going away, and the “team” is changing. Darren Kane’s candid and unplugged keynote will explore the growing responsibilities of CSOs, how this evolution is impacting who should be part of security teams, key domains CSOs should be concerned about, and how to best prepare for the future. He’ll argue that at the end of the day, it’s all about the people.

10:45 AM – 11:15 AM 
Cyber-Physical Damage
Julian Gutmanis, Principal Threat Analyst, Dragos

Throughout the last decade, various threat groups have focused R&D capabilities on the ability to cause real-world, physical damage through the exploitation of cyber physical systems.  Capabilities are being included in offensive cyber-warfare strategies and have already been seen as preferential to traditional weapons strikes.  As attacker capabilities increase, we must also increase our awareness of the attackers and prepare defenses for when they come knocking.
This presentation will provide an overview of several incidents that have bridged the cyber-physical gap, resulting in real-world consequences to the safety and stability of physical systems.

11:15 AM – 11:45 AM  
Cyber Resilience: Understanding Supply Chain Risks with Practical Examples
Murray Goldschmidt, COO, Sense of Security Pty Ltd, and Katie Dartnell, Security Consultant, Sense of Security Pty Ltd

Most organisations are part of an intricate supply chain that may not be so evident until you assess it as a cross-section. Supply chain attacks are increasing at an alarming rate. We describe the most common attacks that leverage vectors from relationships across Services, Software Development and the consumption of Subscriptions Services, all of which abuse established channels of trust. We also provide a case study of how an organisation averted the calamity of loss of their entire workforce platform through a supply chain invoked vulnerability.

11:45 AM – 12:20 PM
Tales From the Front Line 
Nick Klein, Director, Klein & Co   

There is no shortage of lessons to be learned from breaches—before, during, and after the “incident.”  This session takes you into the heart of the battlefield, sharing informative and at times entertaining real life war stories that explore how Australian companies are dealing with cyber breaches since mandatory notification was introduced, what they’ve learned, what makes a successful response, and what mistakes are still being made, with plenty of practical advice to put into effect shared along the way.

1:20 PM – 1:55 PM
Security Governance: Building a Framework and Establishing Trust
Dr. Reem F. Al-Shammari, Team Leader Information Security, CISO, Kuwait Oil Company

The Oil & Gas industry plays a critical role in Kuwait’s national economy, an industry heavily targeted nationally and regionally by global threat actors. The Oil and Gas industry consists of upstream, midstream, and downstream companies that must all be protected as part of the national critical infrastructure. The opportunity to have a common Cyber Security Framework between the leading National O&G companies held significant value. This session details the journey in building consensus on common security objectives and the development of a unified governance framework for the Kuwaiti Oil & Gas sector (based on leading industry practices such as NIST, ISO 27001, etc.), providing a way to standardize the required cyber security practices, assess current cyber security maturity and a roadmap to strengthen the ultimate cyber security posture for the sector.

1:55 PM – 2:30 PM
ICS Security: Why People and Culture Matter Most 

Robert DiPietro, Partner, Cyber Security Lead for Critical Infrastructure & Operational Technology, PwC Australia

Effective technologies and well developed processes are very important to protecting organizations, but now more than ever it’s about the people…as individuals, teams, and the workers who are harnessing technology and process to do their work. How do you create a culture that helps your diverse team to effectively communicate across pieces of the organization —notably across the IT and OT divide - that haven't traditionally been connected? How do you embed a culture of 'cyber safety' to protect critical systems and people against the dynamic threat environment we currently face? This session, rich with examples and takeaways, focuses on the human factor and how to build and lead your team for near and longer term success.

2:30 PM – 3:05 PM  
Panel: Regulation and Legislation – The Pace of Change and Unintended Consequences

  • Leonard N. Kleinman, Chief Cyber Security Advisor, RSA International (APJ and EMEA) 


  • Narelle Devine, CISO, Australian Government Department of Human Services
  • Tony Kitzelmann, General Manager & CISO, Information Technology and Cyber Security Branch, Infrastructure Operations Division, Australian Digital Health Agency

The field of cybersecurity has seen enormous change in regulations in the last few years. There is greater emphasis on privacy, security and directives towards safeguarding IT systems. A patchwork of rules and regulations have developed in response to the evolving cyber threat but what does this mean for organisations and leaders of business? How do you keep pace? We are only beginning to see the potential extent of fines companies could face for non-compliance to regulation and what are some of the un-intended consequences and impact?

3:30 PM – 4:30 PM
Launch Pad Competition

  • James Cameron, Partner, Airtree Ventures
  • Narelle Devine, CISO, Australian Government Department of Human Services
  • Eddie Sheehy, Investor & Entrepreneur

RSAC Launch Pad gives early stage startups a platform to share their brilliant industry solutions. The three finalists compete in a Shark Tank®-style format to try to convince panel of venture capital investors and CISOs that their product has strong potential for success.