13 - 14 August, 2019 | Mercure Resort, Hunter Valley Gardens, NSW

Exchange Day 2: Wednesday 14th August 2019


7:30 am - 8:20 am Breakfast & Registration


8:20 am - 8:30 am Chairperson's Opening Remarks

Case Study

8:30 am - 9:00 am How Tabcorp Combined Two Security Silo’s Through An Organisational Restructure

Brendan Smith - Chief Information Security Officer, Tabcorp
In late 2017, Tabcorp Holdings and Tatts Group combined to create a world-class, diversified gambling entertainment group. Not only did this double the size and the scope of the business, but also brought together two disparate and operationally diverse security teams. With the combined knowledge between them, Tabcorp is lifting the InfoSec bar with each new security process. In this session, hear Brendan deep-dive into:
  • Creating the next-generation security team and standardized security processes across two security silos
  • Getting the executives thinking about security by implementing new approaches from policy all the way down to governance level
  • Maintaining a flexible and agile team to deal with organisational restructures whilst upholding the strong security function

Brendan Smith

Chief Information Security Officer

Panel Discussion

9:00 am - 9:40 am Cyber Security Privacy Panel

Modern-day organisations are becoming increasingly complex in both operations and governance, and with data becoming strongly embedded in each and every moving part, it can be difficult to know who owns what security process. With that in mind, this panel will deep-dive into all things privacy, including:
  • Selling privacy to the board and gaining executive buy-in
  • Clarifying who owns what
  • Understanding where your data is kept and what security process surround it to prevent insider threat
  • Expanding your scope to include insight into privacy policies within your supply chain

BrainWeave & Business Meetings

9:40 am - 10:40 am BrainWeave™ - From Framework To Solutions: Third-Party Risk Assessment Collaboration

A number of challengers lay ahead with business relationships becoming more dynamic and integrated. Data sharing and custodianship, APRA/PCI/NIST requirements, and general good risk management practices are all demanding due diligence cyber security processes. In this BrainWeave, have an open discussion on:
  • How sharing information can help meet demands for the overwhelming number of assessments required;
  • Why frameworks are operated to the constraints of existing organisations
  • How to achieve solutions for all parties with a repeatable and traceable assessment process
  • The business value of supplier assessments and how to refocus your team on business risk

9:40 am - 10:10 am One-to-One Business Meetings

10:10 am - 10:40 am One-to-One Business Meetings


10:40 am - 11:10 am Morning Tea & Networking Break

Case Study

11:10 am - 11:40 am Protecting Employee's Through Cyber Security Initiatives

Daminda Kumara - Cyber Security Lead, Boral
Safety is written into the very DNA of cyber security teams across the globe, driving them to defend and protect their organisation against IT threats and compromises. But what happens to cyber teams when the definition of a cyber threat extends past that of a corporate issue, morphing into an issue that can fatally impact human life? Following a workplace accident in 2017, Boral are dealing with this first hand. In this session, Daminda will deep-dive into:
  • IT-OT use cases to protect the lively hood of employees: Smart Cameras and IoT Trucks
  • The risk that IT-OT exposes to business security
  • Driving end-to-end security process across the whole business process
  • Testing the success of cyber defense through internal hackathon’s

Daminda Kumara

Cyber Security Lead

BrainWeave & Business Meetings

10:40 am - 11:40 am BrainWeave™ - Leveraging Metrics and Reporting To Gain A Deeper Insight Into The Threat Landscape of Your Organisation

Improving metrics and reporting not only makes vital business insights readily available but also more digestible. In this session, cover:
  • Improving the reporting system to be more human-friendly
  • Ensuring vital information remains secure
  • Finding a common language between the business team and the tech team

10:40 am - 11:10 am One-to-One Business Meetings

11:10 am - 11:40 am One-to-One Business Meetings


12:40 pm - 1:40 pm Lunch & Networking Break

Case Study

1:40 pm - 2:10 pm How Bank of Queensland are BOQ-ifying the NIST Framework To Accurately Measure Cyber Capabilities

Steven York - Chief Information Security Officer, Bank of Queensland
The NIST framework is generally accepted as the leading best-practice framework across the Cyber Security landscape. Although designed with the purpose of arranging resources to be easily digestible by both the board and IT department, it is not a one-size-fits-all fix. Intricate details of an organisation may be missed if the NIST framework is followed too closely. In this session, hear how BOQ have:
  • Personalized the NIST framework to accurately measure the success of their cyber security capabilities
  • Improved discussion with the board as a result of improved metrics and reporting
  • Gained a deeper understanding of where their cyber gaps and strongest coverage lie

Steven York

Chief Information Security Officer
Bank of Queensland


2:10 pm - 2:20 pm Chairman's Closing Remarks and End of Exchange