2023 Schedule

Keynote

Hack the five senses: make security part of people’s DNA
Cyber Security has had a pretty good run in the last ten years. We’ve gotten the ear of boards and executives and we’ve improved organisational controls. But in a world of competing priorities, tightening budgets, and sexy technologies like AI, will cyber security get pushed to the background? And how do we retain organisational focus on security when risks are constantly evolving and increasing but people are already overwhelmed with their ‘day jobs’?
 

Bianca Wirth - CISO 
Bianca Wirth has over 25 years’ experience in IT and security, and she has consulted to over 200 companies from a diverse range of industries and government in this time. She has worked for Microsoft and KPMG, developed her own successful consulting business and guest lectured on security at universities. Bianca is currently the Cluster CISO at NSW Department of Planning & Environment.

Eating SLSA on your chips: A guide to supply chain security
We’ve all got dependencies and they probably are third party. So let’s talk about securing those. Turns out there’s a framework for that! SLSA. We will explore it together and come up with actionable steps to implement it as well as talk about how we can parse it.

Ben Gittins 
Ben has been in the tech industry for 10 years and has held roles that range from sysadmin to security engineer. He currently works as a senior security engineer at Canva leading the Supply Chain security effort. He has a varied educational background that includes computer science, cybersecurity, political science and of course vendor certifications.

Break

Leveraging Threat Intelligence to Unlock Additional Security Funding
Facing growing security threats with limited security budgets? Learn how Threat Intelligence, paired with impactful storytelling, can be a game-changer, identifying new attack vectors and securing more funds. I'd love the opportunity to share how to turn Threat Intelligence into a budgetary ally.

Maxime Cousseau

Maxime is a cyber security leader with strong business acumen mixed with top-tier technical expertise. He has forged his expertise from experiences across various industries including Banking, Fintech, Crypto, Telco, Online Retail, and Government. 

Underpinned with over 15 years of cyber security expertise and certified by way of a Masters of Information Technology in Networking, CISM and OSCP (amongst others), Maxime focuses on building robust information security capabilities from the ground up, designed to not only tackle cyber-specific challenges but also complement and empower business objectives.

His comprehensive approach to security, combined with his passion and expertise, has established Maxime as a trustworthy advisor to executives on cybersecurity matters and a respected figure among his peers.

Maxime is also an author, former international Judo athlete and serial entrepreneur. He is the co-founder of RedBelts, a tailored virtual CISO consulting company.

Unmasking Modern DOS Attacks: Exploring Logical Attack Techniques and Defence Strategies.
Master Modern Denial of Service Attacks. Explore logical attacks, and cutting-edge techniques bypassing firewalls. Uncover undetectable DOS threats from application logic vulnerabilities. Real-world cases expose the crippling impact on businesses. Join to defend against these devastating attacks!

​Abhijeet Singh

Abhijeet Singh is a cybersecurity expert with a passion for securing digital assets and currently working in a start-up "Cult.fit". Abhijeet specializes in vulnerability assessment and penetration testing of various applications, network and cloud security, and enjoys automating security tasks.
Abhijeet is working on various cloud security projects to detect and monitor any misconfigurations in cloud infra. He has published tools to scan a few of the cloud services like route53 and s3 buckets for vulnerabilities. He has also developed one of many "initial.sh" script wiz used for the reconnaissance purpose on targets with interactive mode.

​

Linux anti-forensics - Rediscovering the old-school

In this presentation, Linux anti-forensic TTPs are demonstrated along with threat hunting and detection ideas. I will use real life examples of threat actor activities I have dealt with first hand when investigating compromises on critical (telecommunication) infrastructure.

Robert Byrne
Robert is a principal security specialist hosted in the global competence center for security within the Ericsson CTO office. Bringing 17 years of experience in telecommunication engineering and information security, Robert holds cross functional roles, spending his time performing vulnerability assessments and incident response activities that touch Ericsson's product and services portfolio. Robert holds a double degree in Engineering and Computer science and is Offensive Security OSCP and (ISC)2 CISSP certified.

Lunch

Supply chain risk management best practices
In this talk, Tulin and Natasha delve into the essential practices for overseeing and controlling suppliers and service providers, drawing insights from recent breaches. With organisations increasingly relying on third-party collaborations in core business functions, we'll explore how regulatory expectations have surged in third and fourth-party risk management and the potential threats that supplier vendors pose to an organisation.

Natasha Basukoski | Tulin Sevgin

​

​

Spy in the real like movies: unthinkable intrusion methods by Pandas in their territory
In 2023, we investigated that Chinese APT actors were started from highly unique and sophisticated infection methods at branch offices in China! We are eager to share this talk because these will have an impact not only on Australia and Japan but also all global businesses operating within China.

Hajime Yanagishita | Suguru Ishimaru | Yusuke Niwa

Hajime Yanagishita is a security researcher at MACNICA, his major areas of research include APT campaign tracking and malware analysis. Some of his work has been presented at several security conferences such as JSAC2018, JSAC2021, JSAC2022, HITCON Pacific 2018 and CONFidence 2020.

Yusuke Niwa is a senior security researcher at ITOCHU Cyber & Intelligence (ICI), protecting the cyber security of ITOCHU and its group companies as a member of ITOCHU CSIRT(ITCCERT). He also specializes in researching and analyzing emerging threat trends such as email spam, APT attacks and cybercrime. Prior to joining ITCCERT, he worked as a security analyst for Symantec in threat monitoring for the APAC region. He has had the opportunity to present at JSAC2020, JSAC2021, JSAC2022 and GReAT Ideas Green Tea Edition (2021) conferences and is a contributor to MITRE ATT&CK v9.  CISSP, GCFA, GCFR, GREM, GCIH and GCIA.

Suguru Ishimaru: In 2023, He entered ITOCHU Cyber & Intelligence Inc. (ICI) as a senior cybersecurity researcher to analyze malware, to research Advanced Persistent Threat (APT), to review security solutions and to handle incident response for protecting ITOCHU group. Before moving to ICI, he worked as a senior researcher at Global Research and Analysis Team (GReAT) in Kaspersky for around 15 years. Based on his investigation, he posted some technical blogs in Securelist | Kaspersky’s threat research and reports  and made presentations in several security conferences such as AVTokyo, HITCON pacific, HITCON, JSAC 2018, FIRST TC Bali, Internet Week, HITCON community, Botconf, Objective by the sea and GReAT Ideas Green Tea Edition.

Break

Expert Panel - Q&A

How open standards will revolutionise international cooperation in the years to come

Industrial control systems with security gaps pose a danger. Attacks on networks not only cause economic damage, but can also have an impact on the health of employees. Who is responsible when a critical vulnerability becomes known? Every company should define a fixed contact person and make their contact details easy to find, e.g. with the international standard RFC 9116. The benefits for manufacturers, operators and security researchers are growing rapidly through combination with other compatible open specifications, such as CSAF and SPDX (ISO/IEC 5692). Recommendations for action and vulnerabilities in dependent libraries can be detected automatically. Thus, it is possible to react more quickly and with fewer resources. 
Jonas Stein
Jonas Stein works as a scientist at the Institute for Occupational Safety and Health of the DGUV. He lead the DGUV's Security Working Group and the IFA's Industrial Security Laboratory, which conducts accident investigations, tests and certifications, as well as research projects. In the DGUV's Security Working Group, the German accident insurance institutions have developed a joint strategy on industrial security. The expert committee produces free practical aids on current issues for member companies and supports the development of new technical rules on industrial safety and European regulations. https://cert.dguv.de/

Mastering Enterprise Cyber Security: Leveraging Threat Intelligence for Risk Mitigation 

The presentation shares real-world insights into uncovering weak points, security gaps, and misconfigurations using threat intelligence. It showcases successful analytical methods and emphasises metrics for reporting to operational risk committees and the board.

Dr. Blaz Ivanc

With over 16 years of experience in cyber defence, Dr. Blaz Ivanc is a visionary leader and a proven expert in the field of information security. Dr. Ivanc served as the Group CISO at NLB d.d., one of the leading banking groups in Southeast Europe. He also has extensive experience in securing European public safety data interoperability infrastructures and mission-critical systems supported by European Commission security funds, as well as in conducting cyber intelligence research and teaching at prestigious institutions. Dr. Ivanc is passionate about mentoring young professionals, sharing his insights and knowledge, and advancing the cyber defence industry.