Cloud Security Melbourne schedule

In this 5-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network!  

Cloud security has matured across architecture, application defence and incident response. But are we truly reducing the likelihood of incidents, or simply becoming more efficient at handling them? This panel explores how prevention and response influence each other across the cloud lifecycle.

• How do architecture and design choices help prevent incidents rather than just speed up recovery?
• Where does application defence struggle to keep up with fast cloud delivery?
• How does incident response adapt when multi cloud increases complexity?
• Are cyber security leaders effectively closing the loop between incidents and future controls?

Moderator:

Niall McCarthy Engineering Director & Incident Management Leader

Panellists:

Usman Sultan Senior Cyber Security Architect CleanCo Queensland

Abdullah Muhammad Application Defence Manager Bupa

Jumar Pando Head of Cyber Security Local City Council

APIs, tokens, and compromised credentials continue to be the top threat vector for SaaS applications. In this session, we’ll explore how attackers gain access, why these breaches often remain undisclosed, and what steps you can take to implement a proactive SaaS security model.

As organisations migrate, modernise, and expand across cloud, SaaS, and hybrid environments, responsibility is increasingly fragmented between platform teams, security, IT, and the business. This panel brings together cloud and security leaders to challenge assumptions around shared responsibility, governance models, and decision-making in complex cloud environments.

• Where does cloud security ownership really sit today?
• Which cloud security decisions must be centralised — and which should not?
• What responsibility still falls through the cracks during migration?
• When do guardrails enable speed, and when do they slow it down?
• How do you know cloud security is working beyond compliance?

Moderator:

Kavita Chetty Senior Manager, Technology Risk NAB

Panellists:

James Galbraith Cloud Services Manager APA Group

Kanik Sachdeva Security Engineering Manager Medibank

James Byrne Head of Cyber Security & Architecture Ampol  

Cloud environments move faster than human teams can monitor. Misconfigurations, identity risks, and lateral movement often unfold in minutes, not hours. This session will explore how automation is being embedded into cloud-native security operations from real-time detection of anomalies to automated remediation of misconfigurations and credential misuse. Learn how leading organisations are reducing dwell time, accelerating incident response, and maintaining resilience at cloud speed.

When your cloud goes down and the nearest help is a 4-hour flight away, you figure out very quickly what actually matters. This session draws on real experience securing aviation infrastructure across the Pacific, a region where misconfiguration isn’t a compliance finding, it’s a safety event. No hyperscaler support office. No IR retainer. No second chances. What that environment forces you to build is a different kind of discipline, one that large enterprises with large budgets rarely develop. We’ll cover what constraint teaches you about cloud security that tooling never will.

As cloud adoption accelerates, managing and securing digital assets is more critical than ever. This session explores strategies for ensuring robust security, maintaining compliance, and strengthening governance. We’ll also examine how software supply chain management plays a key role in mitigating vulnerabilities, providing a comprehensive approach to securing your organisation’s digital landscape.

Most organisations don’t know how many APIs they have in production — or who’s calling them. This session explores automated API discovery, continuous monitoring, and runtime protection techniques that help teams identify shadow APIs, detect credential abuse, and prevent data exfiltration before it spreads.

Generative AI is transforming how employees interact with sensitive data, often faster than organisations can control. This panel explores how to prevent accidental data exposure, enforce access policies, and balance security with productivity in an AI-driven cloud environment.

• How do you stop sensitive data from leaving the organisation via AI tools?
• Which controls actually work to prevent accidental misuse?
• How can teams enable employees safely without creating a culture of surveillance?

Moderator:

Bernadeth Lucanas Cloud, Data, AI, & Cyber Security Expert

Panellists:

Priya Balasekaran IT Risk Analyst Kmart Australia

Rue Maharaj Specialist – Cybersecurity Defence Management Melbourne Water 

Cloud configurations change faster than policies can keep up. This session shows how drift creates security gaps, demonstrates tools and automation for continuous monitoring, and provides techniques to enforce policies at scale.

Machine identities such as service accounts, API keys, and automation scripts now outnumber humans in many cloud environments. Yet they often operate unchecked, holding broad privileges and creating hidden risk. This session explores practical strategies to detect, govern, and secure non-human identities, reducing risk while enforcing least privilege and stronger cloud trust.

Traditional cloud security focuses on detecting bad code but AI-driven threats now exploit intent, bypassing tools and oversight. As adoption accelerates, gaps in governance, compliance and risk control are widening. This closing keynote shares three practical moves cloud defenders can take to mind the gap: defining clear boundaries for agentic AI, enforcing human in the loop controls and deploying defensive AI. Walk away with actionable guidance to secure AI systems based on behaviour and intent, not just code.