2019 ASIAL Security Conference

Welcome by MC and overview of the day's program.

Peter Johnson

ASIAL

Most definitions of integrated risk management (IRM) will help you win buzzword bingo, but they won't tell you about what IRM actually is, or how to apply it. This presentation is about understanding and applying IRM in the real world; the world of issues such as climate change, unprecedented population, geopolitical instability, the internet of things, and artificial intelligence.

Julian Talbot

SRMBOK

Jacinta Carroll will provide an overview of the global and regional security environment, including the extraordinary confluence of security threats and influences that reach into all aspects of our society and economy, and explore what this means for Australian organisations.

Jacinta Carroll

Deakin University

Facing a rapidly changing risk environment, security leaders are finding themselves more and more at the centre of critical operational decision-making. The key question many are asking themselves is: What can I do to evolve my risk mitigation strategy beyond 2022? Join Dataminr’s Luke Coley Senior Director APAC for an exploration into some of the major themes shaping the future of the security industry including cyber-physical risks, types of security models and frameworks, and remaining resilient in the face of new and unexpected challenges and change. Key learnings: Demonstrating the strategic value of your security function and the value of real-time information to coordinate fast, cross-functional responses to emerging risks and crises.

Luke Coley

Dataminr

The current climate has exacerbated our need for knowledge of emerging technologies, none more than AI. Dr Wallace presents the state of the market for AI, IoT, cybersecurity and 5G and shares how organisations should think about the Digital Transformation of their current operations and people. What are the risks and unintended consequences of operating in this new world? Does the technology sector have our best interest at heart? Dr Wallace discusses the role of big tech, the good and the bad, and how the 'Ethical Leader' must emerge.

Catriona Wallace

Gradient Institute

Digital technologies are continuing to reshape industries and the services they offer. As a result, many organisations are embarking on digital transformation initiatives with strategic business goals to deliver better customer experiences, improve operational efficiency and/or create new revenue models. But large-scale digital transformations are not easy and very few are successful. Successful digital transformation is holistic. Leaders have a critical role to play in providing direction and empowering employees but a top-down approach alone won’t work. Ultimately, digital transformation is about behavioural change, above all else and you need to position this within the context of the benefits for all your stakeholders - customers, employees and partners. How does your change effort future-proof your people’s skills to make them more valuable to your clients and /or customers and in their careers? Answering the ‘So what?’ will help pave the way for success.

Vishy Narayanan

PWC

In this session, Troy Heland, leading the network operations team at Verizon’s Asia-Pacific Security Operations Center, will outline a five point approach for building and sustaining a SOC that not only detects potential threats but properly positions you to respond effectively and efficiently to actual cyber security incidents. In this presentation, Troy will draw on insights from the latest Data Breach Investigations Report from Verizon, exploring the key cyber trends and the evolution of the threat landscape.

A year after the release of the ASIAL Security 2025 report it is important to see where we are, where we are going, and what we still need to do to get there as a security industry!

As the role performed by the private security industry as part of Australia’s national security mix grows, building industry capability and capacity is an important priority. This session will discuss what is needed to achieve a high standard of security industry service delivery across Australia.

Bryan de Caires

ASIAL

Cameron Smith

NSW Police Force

John Yates

Scentre Group

In the session, Hamish Hansford will discuss the protection of Critical Infrastructure in Australia.

Hamish Hansford

Department Of Home Affairs, Australian Government

Insight into the important role standards play in the security field.

Anna Harris

Office Of The Victorian Information Commissioner

Welcome by MC and overview of the day's program.

Large scale attacks instigated by botnets continue to be a worldwide scourge with little signs of abating. From ad frauds and the spread of ransomware to the harvesting of banking credentials, botnet variants, techniques and tactics have continued to evolve following each significant takedown over the years. What does a large-scale attack look like and who are the threat actors? How have the attacker's techniques evolved over the years and have our authorities, private organisations and legislations been effective in helping us win the fight? This talk will provide a perspective from a global antivirus company to help answer these questions.

Stephen Kho

Avast

Cybercrime starts with people and ends with people. That stuff in the middle called technology has a role to play, but don’t let it dictate the terms.

Darren Kane

nbn™ Co

Matthew Riley

Transgrid

While those working in risk management have always lived and breathed the finer details of governance, risk management and risk-based assurance, today’s security leaders, managers and executives have never been more aware of the need for and importance of managing risk effectively with functioning frameworks and systems to plan for and respond to risk. This presents an unprecedented opportunity for the risk management discipline – how do we capitalise and take the approach harnessed over the last two decades to the next level?

From the global shift to remote working to digital transformation, supply chain resilience to international and economic upheaval, the notable shift in individual risk tolerance to national risk management and global security, the way risk is managed at the program, enterprise, industry and national level will strongly shape enterprise continuity, performance, and ultimately an organisation’s resilience beyond anything witnessed before.

In this session, Aerosafe’s Chief Executive Officer Kimberley Turner will draw on her international experience of advising governments, national leaders, risk professionals, industry regulators, Boards, Risk and Audit Committees from some of the world’s largest organisations to present “Key Considerations” for risk and security professionals to take their approach to enterprise risk management to the next level. Reflecting on recent engagement with global defence, aviation, infrastructure and finance, and healthcare sectors, Kimberely will present on the foundations required to ensure enterprise risk management is primed for the challenges and opportunities that lay ahead in the interconnected, transparent and fast changing global security environment.

Kimberley Turner

Aerosafe Risk Management

Why insiders should worry you and what you can do about them.

Nick de Bont

Thales Australia

The case study will outline the strategies undertaken by the Sydney Local Health District in partnership with our staff, that kept our community, our patients and our staff safe during COVID-19.

Dr Teresa Anderson

Sydney Local Health District, Nsw Health

What does the future of the built environment look like and how do we need to adapt the security response to meet the new challenges?

Sara Trimboli

Aurecon Group

An exploration into how consideration of the entrepreneurial tendencies exhibited by criminals and terrorists led to the development of standards for forced entry protection referred to within Australian Standard SA HB 188:2021 and an explanation of the different threats addressed by standards referred to within the Australian handbook for protection against terrorism and extreme violence.

Richard Flint Msyl

BRE Global Limited (incorporating LPCB) - UK

A brief history of mitigation against Vehicle Borne Improvised Explosive Devices and Vehicles As Weapons protection. This session will include:
- New and innovative Solutions
- Case studies from Australia and the UK
- Effective mitigation strategies - why quality matters

Paul Jeffrey

Perimeter Security Suppliers Association

The challenges facing Organisers, Stadiums, Police and Security at Major Events are likely to increase in complexity and scope as global strategic trends continue to influence the theatre wide operational environment of Major Events. "A Safe and Secure Event is not a coincidence it is deliberate."

Andrew Cooke

FIFA Womens World Cup 2023 AUS and NZL

An insight into how organized crime syndicates make money and launder it through businesses.

Stephen, the former Facebook CEO for ANZ, who helped guide Facebook’s unprecedented rise from quirky Silicon Valley start-up to media and technology titan. Stephen is Australia’s most authoritative voice on digital disruption, transformation, culture & leadership, whose experience at the heart of Silicon Valley is truly unparalleled. Stephen will enlighten us about the future of security, AI and data.

Stephen Scheeler

Omniscient

The panel will be discussing implications arising from the Security of Critical Infrastructure (SoCI) white paper, published by the Australian Security Research Centre in partnership with the Department of Home Affairs, which outlines the need for effective risk management and security planning.

Dr Gavriel Schneider

Risk 2 Solution Group

Jim Anderson

Department of Home Affairs

Leanne Close

Risk 2 Solution Group

Roanne Monte

Armatec Global Pty Ltd

• The importance of forging stronger relationships between business, government and the security industry
• Hostile reconnaissance – developing programs to deny, detect and deter an attack

Assistant Commissioner Mark Walton

Counter Terrorism and Special Tactics, NSW Police Force

Colin Green

Counter Terrorism And Special Tactics, NSW Police Force

ISO31000, the international standard for risk management, may not be a perfect tool but it provides a universal methodology for ensuring security planning has a rational and defensible basis.

Its application should ensure credible risks are being appropriately managed rather than having people plan for ‘worst case scenarios’. Operational solutions should not attempt to erase any and all risk – that is delusional, profligate and can cause severe resource stresses.

It is necessary to mitigate any risk ratings that are assessed at High or above down to Medium or, preferably, down to Low – not to try and reduce all risks to Very Low.

Neil will talk to some case studies involving complex risk issues that have impacted security for international major events and critical infrastructure projects. Some successes and some failures

Neil Fergus

Intelligent Risks Pty Ltd (ir)

In this interactive session, we will discuss:
· How to achieve buy-in for Resilience and Security projects and budgets.
· Practical tips from the facilitator's worldwide experience in engaging top management and achieving their continued support.
· Includes sharing between participants regarding the 'rock on your Resilience/Security road'.
· How to translate Resilience and Security into business benefits and opportunities, to engage all levels in the organisation.

Rinske Geerlings

Business As Usual

Tomas Gilmartin

Business As Usual

This session will share insights from Arctic Wolf Lab’s cybersecurity research relevant to Australian businesses, highlighting the do’s and don’ts in navigating the cybersecurity environment. The session will compare global vs local differences identified in the research and will provide practical advice for small and medium sized businesses on steps they can take to address their cyber risk.

Steven Hunter

Arctic Wolf

ChatGPT and similar AI models are here to stay. ChatGPT burst onto the cyber landscape in November 2022 and has gone from strength to strength since with a seemingly endless amount of possibilities it is much more than just a fun tool to teach you how to get a peanut butter sandwich out of a VCR. Microsoft, Google, Amazon and many other big name IT companies are investing significant money and resources into this technology and as more and more possibilities become reality the cost savings and consumer user experience is becoming an impossible benefit to ignore. However, while humanity remains preoccupied with the pursuit of what is achievable, we have yet to properly pause and reflect on whether we should proceed, and what the associated risks and hazards may be. Despite significant advancements in AI, we have made only marginal strides in comprehending its technical and ethical risks. AI poses a hugely powerful opportunity but as Spiderman’s Uncle Ben would say with great power comes great responsibility.

Troy Heland

Verizon Business Group

Robotic Process Automation (RPA) is a general class of enterprise software technologies that handle repetitive and rule-based tasks without human intervention. Some experts predict that RPA could eliminate up to 35 percent of current jobs by 2035. And yet these tools have had minimal penetration into the physical security world, largely owing to the physical nature of security tasks. However, actual physical robots offer a compelling way to bridge the cyber-physical divide. In this talk, we will examine the ways in which large enterprises are adopting robots and RPA to automate, enhance, and extend their overall coverage – as well as how to automate other workflows through the intelligent integration of existing tools such as cameras and access control.. We will look at specific capabilities such as: automated alarm response, automated door checks and closures, safety observation tours, enhanced security audits and noise reduction.

Dr Travis Deyle

Cobalt Robotics

Cloud video surveillance is the fastest growing trend in physical security today. Major markets around the world are adopting cloud video surveillance, but at varying rates. Why has the security industry been slow to adopt cloud? What’s the best way for enterprise organizations to take advantage of today’s changing dynamic? Join entrepreneur and inventor Dean Drako (founder of Barracuda Networks, Eagle Eye Networks, Drako Motors) for a keynote address as he explores these questions. He examines why global enterprise and security decision makers are opting for true cloud cybersecurity via subscription instead of hiring IT personnel, how true cloud systems can deliver advanced AI functionality at minimal cost, and what’s on the horizon in the next five years for businesses that make the move to cloud, and those that don’t.

Dean Drako

Eagle Eye Networks

Headlines in the news each day highlight the vulnerability of Australian consumers and businesses to cyber-attacks and devastating data exposures. Why are we still facing these issues, how can we solve them, who is responsible for fixing these issues and who exactly are the hackers?
Importantly, what new challenges can we expect to face as a society in the next five to ten years?
Being cyber security resilient isn’t about spending lots of money, it is about changing our behaviours to trust less, thinking more about our vulnerabilities and the government ensuring the things we use are safe while also protecting our privacy.

Damien Manuel

AISA

While it has been recognised for some time that cyber is the fifth domain of warfare alongside air, sea, land, and space. The Russian/Ukraine conflict has brought to the forefront the importance of cyber operations in modern day warfare, be that destructive cyber-attacks, cyber espionage or cyber influence operations. For many, this is the first time that the combination of kinetic and cyber operations has been observed operating in concert on a public stage, moreover, the introduction and participation of non-state actors, such as technology companies, has brought a new dimension to conflict in the interconnected world. In this session, Mark will provide an overview of the observations and lessons learnt from Microsoft’s engagement in the grey-zone of the conflict.

Mark Anderson

Microsoft Australia & New Zealand

This presentation will focus on robotics in Australia, the adoption of robots and where drones and security robots are being used and by whom.

Nicci Rossouw

Robotics Australia Group

AI (Artificial Intelligence) has long been regarded as a potential source of business innovation. With the enablers now in place, organisations are starting to see how AI can multiply value for them – especially in security and cyber security.
AI has the potential to cut costs while introducing new levels of consistency, speed and scalability to business processes. However, before investing in AI, it is essential to ensure you have identified the right challenge to determine the appropriate resources required to overcome that challenge.
This panel discussion will discuss the five most important steps to maximising the use of AI within your organisation.

1) Identifying real-world challenges
Too often, organisations spend vast amounts of time and energy solving the wrong problems. How do you identify the challenges that have the most significant impact on your business?

2) Defining AI versus video analytics
With so many new organisations seeking to take advantage of the explosive growth in AI, how do you determine which new solutions offer the benefits of AI versus sophisticated video analytics?

3) What does AI enable you to do?
Based on the marketing hype, one could be forgiven for believing that AI is a panacea to the world’s problems. The reality is quite different. To ensure you are getting the greatest return on investment, you must first understand the limits and capabilities of current AI systems, what they can do and how they do it.

4) Measuring return on investment.
It is one thing to identify a challenge and apply an AI solution. But how do you ensure that your solution has an enduring, positive impact on your organisation?

5) Understanding the ethical, regulatory, and legal issues relating to Artificial Intelligence.
Technology leaders of tomorrow need to understand issues of fairness, privacy, accountability, and transparency in this emerging technology to develop appropriate policy settings for effective use across society.

John Bigelow

Interactive Media Solutions

Aaron Terrey

Vixels Pty Ltd

Michael Lang

NVIDIA

Patrick Elliott

Visualcortex