Program

ACSC_2016_Speakers_251

Conference Program

Note – subject to change.

Speakers and presentations will be added as they officially register.

Tuesday 14 March

1800-1930 Welcome Reception and early registration
National Convention and Exhibition Centre

Wednesday 15 March

0850-0900 Welcome and Housekeeping
0900-0930 Dr Deborah Frincke
National Security Agency
CyberSecurity Challenges
⬣⬣
0930-1000 Michael Sentonas
CrowdStrike
1000-1005 Change over
Royal Theatre Ballroom Bradman Theatrette Fitzroy Room Murray Room Menzies Theatrette Nicholls Theatrette Sutherland Theatrette
1005-1030 Chris Mohan
Telstra
How to Explain a Data Breach to Your Boss

🎞
Domenico Perre
Splunk
Hey Active Directory got Some Honey?
⬣⬣
🎞
Douglas Brown
Red Hat
Proven Zero Day – Mitigation & Detection Without Third-Party Tools
⬣⬣⬣
🎞
Andrew Wurster
Atlassian
Mail Model: Making Email Analysis Sexy Again with AWS
⬣⬣
🎞
Andre Fucs De Miranda
Macquarie
Government

Logging at Scale: Doing More With Less
⬣⬣⬣
🎞
Awaiting official registration Glenn Maiden
Cisco
The 10 things I hate about Cyber Security

🎞
Dr Vanessa Teague
University of Melbourne
Election Security
⬣⬣
🎞
1030-1100  Morning Tea
1100-1155 Awaiting official registration Wayne Ronaldson
Datacom TSS
Red Teaming You Must go Beyond the Limits
⬣⬣
Maarten
Van Horenbeeck

Fastly
Incident Management at the Edge
⬣⬣
🎞
Shaun Vlassis
Salesforce
No Free Lunch : Challenges faced with security log analysis
⬣⬣
🎞
Adam Shostack
Leadership Lessons from Grand Moff Tarkin

🎞
Trevor Jay
Red Hat
F/IR, & Loathing: Containers, Forensics, & Incident Response
⬣⬣
🎞
David Lacey
IDCARE
The Psychology of Cybercrime

🎞
Dr Alex Zelinsky
Department of Defence
Building Cyber Resilience Through Partnerships
⬣⬣
1155-1200 Change over
1200-1225 Alastair MacGibbon
Prime Minister & Cabinet
Cyber Security Strategy – where are we going?

🎞
Paul Nevin
Cybermerc
Using Deception for Proactive Defensive Cyber Operations
⬣⬣
🎞
Charlotte Wood
Australian Criminal Intelligence Commission
Florian Ruechel
Atlassian
The Web of Cloud: When Companies Interconnect

🎞
Oren Koriat
Check Point
Left to Their Own Devices

🎞
David Chatterton
Aconex
A Devsecops Journey to Achieve Scale-Able Security & Compliance
⬣⬣⬣
🎞
Andre McGregor
Tanium
Metrics That Matters: Risk Scoring Your Users and Systems
⬣⬣⬣
🎞
Joseph Yuen
Defence Science & Technology Group
Challenges in Military Cyber Threat Projection
⬣⬣
🎞
1225-1330 Lunch
1330-1425 Wade Alcorn
Alcorn Group
Here be Cyber Dragons!

Chris Eagle
Skool of Root
Behind the Scenes Building DARPA’s Cyber Grand Challenge
⬣⬣
🎞
Ben Wilson
FireEye
Exploit to Exfil – Emerging Techniques for Persistence, Lateral Movement
⬣⬣
1330-1455
Catherine Pearce
Cisco
Gaslighting with Honeypits & Mirages: Destroying Discovery to Deplete Attackers
⬣⬣
🎞
William Peteroy
IceBrg
Make Threat Intelligence Great (Again)
⬣⬣
🎞
Laura Bell
Safestack
Simplicity, Complexity & Security
⬣⬣
🎞
Debbie Fuzy
& Adam Janik
Australia Post
Ransomware Simulation – A Study in Augmenting Corporate Phishing Programs

🎞
Prof Angelos Keromytis
Defence Advanced Research Projects Agency
Transparent Computing Infrastructure: Knowing what our systems are Doing, and why
⬣⬣
1425-1430 Change over Change over
1430-1455 Dr Alana Maurushat
University of New
South Wales
Security Vulnerability Markets, Exploit Brokers & International Backdoors – Legal?

🎞
Chathura Abeydeera
Deloitte
State in the Dark
⬣⬣⬣
🎞
Awaiting official registration David Cottingham
Airlock Digital
Haystack of Needles: Finding Bad Actors
⬣⬣⬣
🎞
Arun Raghu
Hivint
The Cloud Security Challenge

🎞
Michael Shatter
RSM Australia
Does Your Investment in Security Deliver Value?

🎞
Linda Finch
Defence Science & Technology Laboratory
Trustworthy Systems: Minding your own business!
Pt 1
⬣⬣
🎞
1455-1525 Afternoon Tea
1525-1550 Lynn Moore
Department of Immigration & Border Protection
Moving “Cyber Security” from cult status to the mainstream. Why diversity matters and change is inevitable
1525-1650
Aaron Hackworth

SecureWorks
Hunting the Threat
⬣⬣
Awaiting official registration Sarah Brown (NATO) & Dhia Mahjoub (Opendns)
Investigating Rogue Hosting Providers from the Network and the Field
⬣⬣
🎞
Ashley Deuble
(Griffith University)
and Tim Lane
(Southern Cross University)
Cyber Security Intelligence Sharing in the Australian Higher Education Sector

🎞
OJ Reeves
Beyond Binary
Penetration Testing? You’re doing it wrong

🎞
Alfonso De Gregorio
Zeronomicon
Vulnerabilities & Ethics – A Code of Ethics for the Private Sector

🎞
Linda Finch
Defence Science & Technology Laboratory
Trustworthy Systems: Minding your own business!
Pt 2
⬣⬣
🎞
1550-1555  Change Over  Change Over
1555-1650 Kate McInnes
Telstra
Human vs Machine: A Source Code Review Challenge
⬣⬣
Australian Signals Directorate Antti Kurittu
National Cyber
Security Centre Finland
Kirjuri – An Open-Source Digital Forensic Evidence Item Management Platform
⬣⬣
🎞
Andrew Blaich
Lookout
Mobile Espionage in the Wild: Pegasus & Nation-State Level Attacks
⬣⬣
🎞
Kylie Peak
Independent Contractor
Virtual Network Security
⬣⬣⬣
🎞
Dennis Moreau
VMware
Security Analytics & the Modern Datacentre – Addressing Security Complexity
⬣⬣
🎞
Panel Session
1700-1800 Women Practitioner Networking Event
Gallery Foyer, National Convention Centre
1830-2300 ACSC Conference Dinner
QT Canberra

 

Thursday, 16 March

0850-0900 Day 2 Open
0900-0930 ACSC Leadership Panel
Clive Lines (Australian Signals Directorate), Michael Scotton (Australian Cyber Security Centre), David McLean (Australian Federal Police), David Campbell (CERT Australia) & Charlotte Wood (Australian Criminal Intelligence Commission)
Royal Theatre
Josh Goldfarb
FireEye
Analytics: The Next Frontier

🎞
Ballroom
0930-0935 Change over
Royal Theatre Ballroom Bradman Theatrette Fitzroy Room Murray Room Menzies Theatrette Nicholls Theatrette Sutherland Theatrette
0935-1030 Rob Sloan
Dow Jones
The Times They Are A Changin’: The Future of the Incident Detection and Response Industry

🎞
Abdrahmane Diarra
German Federal Criminal Police
Operation Dragnet

Eric Cornelius
Cylance
Prevention is Possible
⬣⬣
Harsha Banavara & Jeff Farago
Schneider Electric USA
Securing the ‘Industrial Internet of Things’ Supply Chain
⬣⬣
🎞
Andre McGregor
Chris Hallenbeck
Tanium
Fighting Through Breach Fatigue
⬣⬣
🎞
Joe Jarzombek
Synopsys
Software supply chain management: Reducing Attack Vectors and Enabling DevOps
⬣⬣
Brett Williams
Carbon Black
Lurking in the V-Shadows
⬣⬣⬣
🎞
Adrian Turner
Data61
1030-1100  Morning Tea
1100-1155 Patricia McMillan
Patricia McMillan
& Associates
Creating a Culture of Cyber Security

🎞
Daniel Plohmann
Informatik 4
Malpedia
⬣⬣⬣
🎞
Craig Davies
Australian Cybersecurity Growth Centre
Australia has a Cyber Growth Network – What’s Next

🎞
Phil Burdette
SecureWorks
Defensive Evasion: How APT Adversaries Bypass Security Controls
⬣⬣⬣
Kevin Manderson
BAE Systems
Responding to a Malware Outbreak
⬣⬣⬣
🎞
Murray Goldschmidt
Sense of Security
Advanced Security Automation for DevOps
⬣⬣⬣
🎞
1100-1255
Stephen Ridley &

Margaret Carlton Foss
Senrio
The Insecurity of Industrial Things

🎞
Awaiting official registration
1155-1200 Change over Change over
1200-1225 Dr Tobias Feakin
Department of Foreign Affairs & Trade
Global in Perspective, Regional in Focus: An Australian Agenda for International Cyber Affairs
Miah Hammond-Errey
Deakin University
State sponsored disinformation campaigns and cyber-attacks: uncovering a new synergy?

🎞
Madeleine Dove
University of Canberra
Should Australia Introduce Online Self-Defence Laws?

🎞
Simon Howard
ZX Security
The Future of Open Source Intelligence

🎞
Vern Boyle
Northrup Grumman
The Next Strategic Technology Advancement for Continued Allied Military Dominance
⬣⬣
🎞
Awaiting official registration Erin Kenneally
Department of Homeland Security
Department of Homeland Security Cyber Security Risk Research & Development
⬣⬣
🎞
1225-1330 Lunch
1330-1425 Kjell Christian Nilsen
Norwegian Health Network
Norwegian HealthCERT – Incidents & What We’ve Done
⬣⬣
Australian Federal Police
Placing the Suspect Behind the Keyboard: A case study into the challenges in proving identity in criminal investigations
Zoë Rose
Schillings Partners
Secure communications: It’s not just about the tech
⬣⬣
🎞
1330-1455
Donald ‘Mac’ McCarthy

myNetWatchman
Your Data? It’s in there! The Emerging Threat of Distributed Credential Replay Attacks
⬣⬣
Christopher Butera
US-CERT
Defending Democracy: Preparation and Coordination in a National Election
⬣⬣
🎞
Peter Hannay
Edith Cowan University
Crime as a Service – An Examination of Darknet Service Offerings
⬣⬣
Paul Black (Federation University) & Dr Arun Lakhotia (University of Louisiana at Lafayette)
Life after Yara
⬣⬣⬣
🎞
Dr Patrice Godefroid
Microsoft Research
Fuzzing @ Microsoft – A Research Perspective

1425-1430 Change over Change over
1430-1455 Alexander Hogue
Atlassian
Politely socially engineering IRL using sneaky magician techniques

🎞
Paul McKitrick & Terry MacDonald
ICEBRG
Automating Information Exchange – the policy factor

Ajoy Ghosh
Alcheme
Influencing Agency Behaviour by Insuring for Cyber Events

🎞
Kate Carruthers
University of New South Wales
Case Study: Implementing Data Governance & ISMS in a University
⬣⬣
🎞
Oren Koriat
Check Point
Hummingbad, Behind the Scenes of the Biggest Mobile Malware Campaign
⬣⬣
🎞
David Campbell
CERT Australia
Government and business working together on cyber security

🎞
Dr Gideon Creech
University of New South Wales
Mitigating Control-Flow Hijack with Dereferenced Function Pointers
⬣⬣⬣
1455-1525 Afternoon Tea
1525-1620 Justin Myers
NCIS
Cyber Integration: Lessons Learned at NCIS

🎞
Casey Ellis
Bugcrowd
An Unlikely Romance: The Current State of Bug Bounties
⬣⬣
🎞
Timothy O’Sullivan
Defence Export Controls
Information Security Technology & Export Controls

🎞
Earl Carter
Cisco Talos
Driving Attacker Innovation: A Tale of Three Ransomware Variants
⬣⬣
🎞
Frode Hommedal
Telenor
The Cyber Threat Intelligence Matrix: An Attacker Eviction Red Pill
⬣⬣
🎞
Mark Chaffe
Independent Consultant
Old man yells at cloud: stories of so called “big data” and “devops”
⬣⬣⬣
Christian Frichot
SalesForce
(App)Sec from the Trenches

🎞
Panel Session
1620-1625  Change Over
1625-1700 Stéphane Lenco
Airbus
(Security) Inception – changing the security image
⬣⬣
🎞
1700-1705  Conference Close

Key

⬣ = Very little technical knowledge required
⬣⬣ = Some technical knowledge is assumed
⬣⬣⬣ = Largely technical and/or detailed content aimed at technicians

🎞 – Presentation will be made available to attendees following the conference