Dive into the minds shaping the AdelaideSEC program. Here you'll find a snapshot of each presentation including location, speaker details and presentation overview.
The presentation hub drop down menu is designed for you to access the content by clicking on the presentation name.
Time: 10:45am - 11:25am
Location: Hall C
Speakers: Nathan Morelli, Yvonne Sears, Alex Nehmy with facilitator Scarlett McDermott
Overview:
Join us for a thought-provoking fireside chat with three AISA Fellows as they share candid insights, hard-won lessons, and personal reflections from the frontlines of cyber security. With decades of combined experience across various sectors, our panellists will discuss the evolving threat landscape, challenges overcome, and the key ingredients for building resilience in today’s fast-changing environment.
Whether you’re a seasoned professional or just starting out in cyber, this session offers a rare opportunity to hear directly from some of Australia’s most experienced security leaders. Expect honest stories, practical advice, and a forward-looking discussion on the future of cyber security.
Time: 10:45am - 11:25am
Location: Hall D
Speaker: Zoe Adams, Team Lead, Security Operations Centre, SA & ACT CyberCX
Overview:
Security Operations has long been taught through a lens of tooling and procedures - how to write a query, follow a runbook, and operate a SIEM - but this approach often overlooks the most important skill: how to think.
In this session, Zoe Adam, Security Operations Team Lead at CyberCX, challenges the traditional, tool-first approach to analyst training and shares a blueprint for building high-performing, thinking-driven security teams. You'll explore why surface-level workflows lead to burnout and missed signals, and how reframing training around adversary behaviour, investigative curiousity, and real-world ambiguity produces analysts, who don't just react - they reason.
Whether you're a SOC leader, a trainer, or an analyst ready to level up, this talk will give you practical strategies to rewire your team culture, rethink your metrics, and teach the mindset that matters - moving beyond alert triage into truly proactive defence.
Time: 10:45am - 11:25am
Location: Gilbert Suite
Speaker: Bob Smart, Principal Consultant & Founder, Lotis
Overview:
In an era of escalating cyber threats, organisations diligently implement and layer over security solutions. But what happens when these protectors become the point of failure? This session challenges the conventional view of cybersecurity as a back-office function, arguing it should be considered a mission-critical operation. We'll explore high-impact incidents where security software like EDR or WAF/CDN inadvertently caused widespread outages, revealing the "disabling nature" of our own defences.
Drawing on recent CISO survey insights on how Australian financial institutions are approaching cyber in their APRA CPS 230 operational risk management programs, we'll examine approaches to plan for response to those disruptions, the prevailing views on cybersecurity's criticality for overall business operations and the challenges faced. This includes supply-chain governance of material service providers and complex issues like the concentration risks when a single security or cloud provider can create broad and lasting impacts. The discussion will extend to resilience and recovery strategies for security solutions themselves (e.g. security configurations, SIEM log data). We'll delve into the ISO 28000:2022 standard for supply chain security and show how it can augment existing risk and security frameworks for enhanced resilience.
With Australia being on regulatory forefront globally with the SOCI Act and APRA's CPS 230, even non-regulated entities can learn and reap benefits for improved internal cyber functions and supply chain in the increasingly complex and turbulent world. Join and become a champion for more resilient cybersecurity defences.
Time: 10:45am - 11:25am
Location: Gilbert Suite
Speaker: Bob Smart, Principal Consultant & Founder, Lotis
Overview:
In an era of escalating cyber threats, organisations diligently implement and layer over security solutions. But what happens when these protectors become the point of failure? This session challenges the conventional view of cybersecurity as a back-office function, arguing it should be considered a mission-critical operation. We'll explore high-impact incidents where security software like EDR or WAF/CDN inadvertently caused widespread outages, revealing the "disabling nature" of our own defences.
Drawing on recent CISO survey insights on how Australian financial institutions are approaching cyber in their APRA CPS 230 operational risk management programs, we'll examine approaches to plan for response to those disruptions, the prevailing views on cybersecurity's criticality for overall business operations and the challenges faced. This includes supply-chain governance of material service providers and complex issues like the concentration risks when a single security or cloud provider can create broad and lasting impacts. The discussion will extend to resilience and recovery strategies for security solutions themselves (e.g. security configurations, SIEM log data). We'll delve into the ISO 28000:2022 standard for supply chain security and show how it can augment existing risk and security frameworks for enhanced resilience.
With Australia being on regulatory forefront globally with the SOCI Act and APRA's CPS 230, even non-regulated entities can learn and reap benefits for improved internal cyber functions and supply chain in the increasingly complex and turbulent world. Join and become a champion for more resilient cybersecurity defences.
Time: 11:30am - 12:10pm
Location: Hall C
Speaker: Derek Grocke, Founder, Madrock Advisory
Overview:
In today’s complex threat landscape, traditional security awareness programs are no longer enough. Real resilience comes from turning passive knowledge into active response. This session explores how hands on simulation, cyber range exercises, and operational scenario-based learning are reshaping security education and building organisational muscle memory, from the boardroom to the shop floor/field.
Derek Grocke draws on his experience across Defence, government, manufacturing and regulated industries to introduce how the principles of reinforcement learning, human performance in cyber contexts, and immersive training models can work for you. Attendees will gain insights into how process simulation and cyber range environments can uplift workforce readiness, improve decision making under pressure, and drive cultural change across all levels of an organisation.
If you’re looking to move beyond compliance and into true capability development, this session will show you what it takes to build a future ready cyber resilient workforce.
Time: 11:30am - 12:10pm
Location: Hall D
Speaker: Rob Linton, Senior Developer, Senetas
Overview:
In-Stack WAF in Six Weeks: How Two Engineers Built an AI-Assisted Security Platform in Their Spare Time. This session presents a real-world case study of how two engineers — working nights and weekends — used generative AI to design and build FrontHouse, a fully operational, Git-native Web Application Firewall (WAF) tailored for modern developer workflows.
Over six weeks, the team used AI not only for rapid code generation, but to co-design detection logic, automate infrastructure, generate documentation, and define a new WAF category: the In-Stack WAF — a security layer embedded directly into the app stack, CI/CD pipeline, and Git repo.
Time: 11:30am - 12:10pm
Location: Gilbert Suite
Speaker: Andrew Philip, Field CISO ANZ, Trend Micro
Overview:
In an industry captivated by new threats and shiny solutions, the security programs that earn long-term backing aren't the loudest — they're the most predictable. This session makes the business case for “boring security”: repeatable processes, consistent metrics, and risk narratives that resonate with executive decision-makers.
By aligning security reporting with business expectations, security leaders not only gain credibility — they also create the conditions for smarter hiring, sustained investment, and strategic influence.
Boring doesn’t mean basic — it means building a foundation leadership can count on.
Time: 1:15pm - 1:55pm
Location: Hall C
Panel session: Facilitated by Emily Wingard, Senior Manager, Cyber Capability and Engagement with panellists,
Overview:
Cyber threats continue to grow more complex, more coordinated and more consequential, the risks facing local, state and commonwealth government agencies are not just technical, they’re operational, reputational and societal.
This session will explore how these interconnected tiers of government can and must work together to reduce cyber risk and build collective resilience across South Australia. Drawing on recent incidents, emerging trends and the latest in cyber risk management, the panel will discuss the shared challenges and opportunities in defending the public sector and citizen services, as well as how we can collectively strengthen our cyber security posture across the state. .
Time: 1:15pm - 1:55pm
Location: Hall D
Speaker: Andrew McDonnell, Cyber Security Engineer, SAAB Australia
Overview:
If you are in application security, and keep up by reading blogs, watching hacking videos or attend typical sessions at a conference, chances are it will be about some of SAST or DevSecOps or CVEs or bug tracking systems, or “shift left”, or complaining about software developers. Or if a success story, it relates to software where the product is intended to connect to the Internet, or has had a relatively short life, or a large team is dedicated to software security, etc. And there are plenty of resources about rolling appsec programs…
However, not all software runs on a typical IT system, or is continually internet connected. Sometimes the code base can be traced back over decades, and have old languages. There can be a myriad of factors specific to what you are trying to protect where the well worn path to the usual blogs, videos or tutorials, are less useful. And often overlooked, the hardest part is dealing with the people and teams trying to get their own jobs done, and navigating the processes that organisations run on to achieve your security objectives.
In this talk I’ll share some lessons and advice I’ve learned over the years, in navigating complex and ambiguous situations in companies both large and small, whilst working to improving product development security: such as how to extract a repeatable processes from chaos; realising when patience is a virtue; identifying when a security process is sufficiently fit for purpose, even if you think it could be better; and how to come to terms with the fact that your job is less about technology and more about diplomacy, after all security teams exist to support the business!
Time: 1:15pm - 1:55pm
Location: Gilbert Suite
Speaker: Karl Sellman, CISO, Flinders University
Overview:
As threats continue to evolve and change, organisations often find themselves chasing the latest technologies, trends and controls in a continuous cycle to mitigate risks to an evolving digital landscape. This approach then lends organisations to chase a defence in depth approach and if inappropriately managed create investment challenges with boards often asking how much funding is enough.
It was only a few years ago that cyber risk was front of mind and organisation's senior managers were tasked with addressing this issue. As cyber security incidents and data breaches now become normalised, how can cyber leaders and practitioners continue to have focus and the resources needed to keep organisations, their operations, digital assets, staff and customers safe and secure?
This session will call out different considerations in establishing an adaptive strategy that can build trust with managers and board members irrespective of the industry or organisation that cyber leaders and professionals find themselves in.
Time: 2:00pm - 2:40pm
Location: Hall C
Speaker: Bronwyn Furse, Partner, Thomson Geer
Overview:
Coming Soon
Time: 2:00pm - 2:40pm
Location: Hall D
Speaker: Sean Park, Principal Threat Researcher, Trend Micro
Overview:
As businesses increasingly rely on AI agents to automate everything from document handling to data analysis, new and often invisible security gaps are emerging. This session reveals real-world vulnerabilities found in production-grade AI systems, including OpenAI’s ChatGPT and similar platforms. We walk through three critical attack paths that bypass traditional defenses:
- Code Execution Risks – How unvalidated input and sandbox misconfigurations in AI tools can lead to persistent code execution and infrastructure compromise.
- Data Leakage via AI Inputs – How malicious content embedded in images or documents can trigger AI agents to leak sensitive data through indirect prompt injection.
- AI-Native Supply Chain Risks – How a single vulnerable component, like an MCP database server, can be exploited through crafted prompts to compromise downstream systems and trusted analytics workflows.
Time: 2:00pm - 2:40pm
Location: Gilbert Suite
Speaker: Yvonne Sears, Founding Director, Ele8 Resilience
Overview:
Are your third-party risk assessments giving you a false sense of security?
In today’s connected business environment, organisations are drowning in vendor risk assessments yet still getting blindsided by issues that questionnaires alone can't uncover. Traditional approaches often give a false sense of assurance, ignoring the shared responsibilities and internal control gaps that significantly shape real-world risk.
This session will challenge the checkbox mindset and introduce a more strategic way to evaluate third-party relationships. We'll explore the difference between vendor-owned, client-owned, and shared controls, and how understanding these distinctions is essential to building a truly resilient supply chain.
Backed by practical tools, this session is ideal for professionals looking to mature their third-party risk management approach and translate assessments into meaningful action.
Time: 2:45pm - 3:25pm
Location: Hall D
Speaker: James Duncan, Technical Director, Australian Cyber Security Centre
Overview:
Application Control has long been one of the Australian Cyber Security Centre's (ACSC) most essential strategies for mitigating cyber threats. Despite being one of the most well-known mitigation strategies, real-world implementations often fall short of their intended security outcomes. This presentation explores the practical realities of application control-from its origins to its current role in modern enterprise security. We'll test the ACSC's guidance on application control and how thoes recommendations stack up agaisnt adversarial testing.
Drawing from real-world security assessments, we'll demonstrate common evasion techniques, including script-based execution, trusted binary abuse, and memory-resident payloads. Finally, we'll offer practical strategies for improving your application control solutions. Whether you're in a blue team, red team, or managerial role, this talk will provide actionable insights to help you strengthen one of the most implemented but misunderstood defensive security layers.
Time: 2:45pm - 3:25pm
Location: Gilbert Suite
Speaker: Hazel Chesters, Consultant, Friday Initiatives
Overview:
Every organisation wants better security. Most buy more tools. But few stop to ask the most critical question: what exactly are we protecting? In this session, Hazel Chesters challenges the default approach of tool-driven security and lays out a practical, data-first method to improve risk posture, vendor alignment and compliance outcomes. Hazel will show how ignoring data, leads to misconfigured controls, noisy dashboards and false confidence.
She'll explain how starting with a clear understanding of your data exposes where you're really vulnerable, and how that insight changes everything: from procurement, to architecture, to legal alignment. She'll walk through real-world examples of consulting engagements that surface hidden exposure, challenge vendor assumptions, and refocus security on the value of content, not just the containers it lives in. If you don't know what you've got, you'll spend money protecting the wrong things, or nothing at all.
Australian Information Security Association (AISA) Ltd
Level 8, 65 York Street, Sydney NSW 2000 | 02 8076 6012 | ABN: 18 171 935 959
Copyright © 2025 AISA Sec Days All Rights Reserved