Cyber Security - the Leadership Imperative 2017

3 May, 2017
Norton Rose Fulbright, Level 18, Grosvenor Place, 225 George Street,


Cyber Security - the Leadership Imperative 2017

3 May, 2017
Norton Rose Fulbright, Level 18, Grosvenor Place, 225 George Street,


Cyber Security - the Leadership Imperative 2017

3 May, 2017
Norton Rose Fulbright, Level 18, Grosvenor Place, 225 George Street,


Addressing the role that government, businesses and education play in developing a pathway for qualified cyber-strategic leaders

Reaching a national consensus and identifying the 'sweet spot' of qualifications that would allow to build a quality accreditation program has proven to be very difficult due to the current, ad hoc, decentralised approach to cyber security workforce development.

Cyber Security – the Leadership Imperative forum aims to start a comprehensive debate on the role that education, government and businesses play in developing cyber-strategic leaders ready to tackle the challenges of tomorrow.

Join federal and state government cyber security leaders together with business leaders from major ASX listed companies for a morning of much needed discussions on a national scale on the standardisation and formal training of cyber-strategic leaders.

Why Attend?
In times of change and volatility where cyber threats are increasing in scope and complexity, there is a resounding call for leadership. Today's business leaders must govern their organisations to instill best practice in security strategy, leadership, disruption, and business resilience.

Attendees will have privileged access to insights into current cyber leadership challenges, trends and cases and lessons from other professional disciplines and rare Q&A time with our speakers.

Who will be there?
CEOs, CIOs, CISOs, Chief Risk Officers from the private and public sectors



Registration and welcome breakfast


Opening remarks by James Riley, Editorial Director,


Ministerial Address

Senator the Hon Arthur Sinodinos AO, Minister for Industry, Innovation and Science, Australian Government


Integrating Cyber Strategy Into The Business Strategy - What Do Senior Executives Need to Master To proactively Manage, Evaluate, and respond?

Craig Davies, Chief Executive Officer, Australian Cyber Security Growth Network


Collaboration and coordination - Establishing a layered approach for sharing information among different industries

Steve Ingram, Asia Pacific Cyber Lead, PwC


Transferring skills between the public sector and the private sector to build security into business and operational processes

Sandra Ragg, Assistant Secretary Cyber Policy, Department of the Prime Minister and Cabinet


Cyber Strategy As Business Strategy: Toward Proactive And Collaborative Prevention, Detection And Response

Maria Milosavljevic, Chief Information Security Officer, NSW Government


Panel Discussion: Building and empowering a high-performing cyber team - how to get them out of their technical comfort zone and into the leadership zone


Avi Schechter, Chairman, CyberGym



Craig Davies, Chief Executive Officer, Australian Cyber Security Growth Network

Sandra Ragg, Assistant Secretary Cyber Policy, Department of the Prime Minister and Cabinet

Nick Abrahams, Partner & APAC Technology Practice Leader, Norton Rose Fulbright

Maria Milosavljevic, Chief Information Security Officer, NSW Government 

Andrew Bycroft, Chief Executive Officer, The Security Artist


Morning Tea



Overview Of The Threat Horizon - The Latest Challenges From IoT, AI And Cyber Warfare And The Ensuing Cyber Skills Gap

Rachael Falk, Director Technology, Security and Strategy, .au Domain Administration


Building A Curriculum For Cyber Security Leaders

Helaine Leggat, Director, Australian Information Security Association (AISA)



In Conversation: Successful Leadership Philosophies In Guiding An Organisation's Security Program

Stuart Mort, Director Cyber Security, Optus

Anthony Kitzelmann, Chief Information Security Officer, Australian Digital Health Agency


Addressing The Cyber Talent Shortage - What Are The Critical Factors Organisations Are Prioritising To Build A Quality Cyber Team?

Sally Ernst, Chief Executive Officer, Australian Cyber Security Network


Panel Discussion: Should We Professionalise The Nation's Cyber Security Workforce? Agree Or Disagree?

Is cyber security too broad and diverse to be treated as a single profession?
Is cyber security still too new a field in which to introduce professionalisation standards? Is it is changing too rapidly to impose standards today?
Is it really possible to create a development plan and career path in both civilian and military workforces?
Would professionalisation impose additional barriers to entry in the cybersecurity industry and inadvertently screen out suitable candidates? Are the most talented individuals in cyber security self-taught?

Garry Barnes, Former Board Director, ISACA  and Practice Lead, Governance Advisory, Vital Interacts



Andrew Johnson, Chief Executive Officer, Australian Computer Society, ACS

Helaine Leggat, Director, Australian Information Security Association (AISA)

Leonard Kleinman, Chief Cyber Security Advisor (APJ), RSA 

Skeeve Stevens,  Chief Futurist, FutureSumo and former hacker, the 'Optik Surfer'

Rachael Falk, Director Technology, Security and Strategy, .au Domain Administration

Patrick Gray, Host, Risky.Biz and national contributor, ABC Radio 


Event Partners

The Security Artist

Supporting Partners


Official Event Host

Norton Rose Fulbright

Speaker Bios

Hon. Arthur Sinodinos

Hon. Arthur Sinodinos

Minister for Industry, Innovation and Science

Arthur Sinodinos first entered the Australian Senate in October 2011 and was appointed Shadow Parliamentary Secretary to the Leader of the Opposition in September 2012, a position he held until the election of the Abbott Government. He served as Assistant Treasurer from September 2013 to December 2014.

From September 2015 to January 2016, Minister Sinodinos served as Cabinet Secretary in the Turnbull Government. In this role, Minister Sinodinos was a Cabinet-level minister assisting the Prime Minister in ensuring the proper process and functioning of the Government. On 24 January 2017, Minister Sinodinos was sworn in as Minister for Industry, Innovation and Science. The Minister comes to the portfolio with the goal of developing an innovation ecosystem that drives productivity and creates the jobs of the future.

One of the Minister’s key focuses in this space is to encourage a culture of collaboration – between industry, researchers and academia – in order to develop brilliant Australian ideas into commercial realities.

Sandra Ragg

Sandra Ragg

Assistant Secretary, Cyber Policy, Department of the Prime Minister and Cabinet

In August 2014, Sandra assumed the role of Assistant Secretary Cyber Policy in the Department of the Prime Minister and Cabinet leading cyber security policy development. She was a key architect of Australia’s Cyber Security Strategy and has responsibility for whole-of-government cyber policy coordination and international cyber security strategy.

Prior to this, Sandra led the Australian Government Security Vetting Agency which provides centralised personnel security vetting services for Australian Government agencies and industry partners.  She delivered a major organisational transformation agenda within the Agency, including through the delivery of strengthened business governance, change management programs, ICT delivery and people strategies.

Sandra has also led the Department of Defence Security Policy and Plans Branch, with responsibilities for strategic planning for Defence's future security capability; shaping the security policy agenda; enabling secure ICT services; developing a security governance framework and building partnerships with defence industry on security.

Sandra has spent most of her professional career with the Department of Defence. She began as a graduate and worked in a range of intelligence and security operational, analytic and leadership roles. Sandra also spent a year as the Chief Executive Assistant to the Secretary of Defence.

Craig Davies

Craig Davies

Chief Executive Officer, Australian Cyber Security Growth Network

Prior to joining the Australian Cyber Security Growth Network, Craig was Head of Security for Atlassian where he lead the security program supporting all aspects of Atlassian’s business from product security, to their Cloud operations and the protection of Atlassian itself.

Before joining Atlassian, Craig was at CSO of Cochlear Ltd. He started his career in Financial Services, initially with the Commercial Bank of Australia, then Westpac Banking Corporation, where he worked across the organisation in Retail Banking, Legal Services and the Westpac IT Group.

Craig is passionate about the importance of people in security programs, and the role of security leaders in delivering pragmatic solutions that support business growth.

Craig has 20+ years experience in Cyber security and has worked in a number of fields including Infrastructure operations and management, security architecture, and website development and operations.

Dr. Maria Milosavljevic

Dr. Maria Milosavljevic

Chief Information Security Officer, NSW Government

Dr Maria Milosavljevic is the newly appointed Chief Information Security Officer for NSW Government (GCISO) and an Adjunct Professor at the University of Canberra. In her new role, Dr Milosavljevic will work across the NSW government and consult with industry leaders and research groups, as well as Commonwealth, state and overseas governments to ensure a collaborative approach to cyber security. She will develop standards with NSW government agencies to streamline their approach to cyber security.

Prior to moving to NSW Government, Dr Milosavljevic was the CIO and CISO of AUSTRAC where she led the creation of leading-edge data analytics / AI technology and an Innovation Hub for the Fintel Alliance, a world-first public-private partnership between AUSTRAC and its public and private sector partners. As the CIO and CISO at the Australian Crime Commission she was the key driver in the establishment of the National Criminal Intelligence Fusion Capability which won several awards including an iAward and an Australian Computer Society (ACS) Digital Disrupter Award.

Dr Milosavljevic completed a PhD in Artificial Intelligence on a prestigious scholarship from the Microsoft Research Institute, graduated from ANU with an Executive Masters of Public Administration from the Australia and New Zealand School of Government (ANZSOG), and is a graduate from the Australian Institute of Company Directors (AICD). As a data scientist, Dr Milosavljevic has developed several world-first and award-winning solutions to difficult problems in the private and public sector throughout her 25 year career. She has also published widely and has been a keynote speaker for a range of conferences globally. 

Andrew Johnson

Andrew Johnson

Chief Executive Officer, Australian Computer Society, ACS

Andrew Johnson is the Chief Executive of ACS – the professional association for IT in Australia.  His career has seen Andrew work in a diverse range of markets across the Asia Pacific region and includes developing accreditation and certification frameworks. In his time at the ACS he has delivered significant growth results in the workforce planning and development, SFIA and education areas.

In 2013 he authored ACS’ Skills Whitepaper identifying profiles for common ICT job roles in 2013 that has subsequently been downloaded in over 70 countries. The skills profiles provide invaluable benchmarking data to compare the skills profile of your workforce with that of the broader ICT sector. Such analysis supports human capital strategic planning by informing areas to target in both recruitment plans and workforce development plans.



Helaine Leggat

Helaine Leggat

Director, Australian Information Security Association (AISA)

Helaine Leggat is one of a few people in the world to hold a bachelor of law degree together with CISSP, CISM, CIPP and CIPP/IT Credentials. Helaine has specialised in information (cyber) law, information security, information governance and information privacy since 2000 and has provided services to public and private sector organisations globally across all sectors. 

In 2012 she settled in Melbourne where she co-founded Information Legal, a uniquely differentiated risk and advisory service founded on a belief that cyber law is empowering and that it is essential to know your rights. 

 Helaine’s professional affiliations and memberships are numerous, and include her appointment as a Member of the Expert Network for the Australian Department of Industry and Science and inclusion in the Ducere Global Faculty of thought leadership. Her understanding of the relationships between people, information technology, global business and international imperatives lie at the heart of Information Legal strategy. 

 Her current energies are directed at establishing recognition of new norms in Cyberspace, including the adoption of active defence and the development of international law and ethics in support of a continuing rules-based global order. 

Steve Ingram

Steve Ingram

Partner, PwC Chief Information Security Officer, Australian Digital Health Agency

Cyber touches every aspect of today’s digital landscape, from social media to cloud technology, mobile and much more. It has become an integral part of our business, social and civic lives - everyone in all layers of society, voluntarily or not, is impacted by Cyber.

Our vision is to protect business, people and society from cyber risks, enabling them to realise their objectives and potential. We have combined our information security, forensics, technology risk and projects capability to provide holistic cyber services. From cyber strategy and architecture, security testing, investigations, remediation through to vendor and project management, our team is focused on pragmatic outcomes. Combined with deep technical capability both onshore and offshore, and operating on a 24/7 basis, we eliminate key-man risk and provide a scalable and global model.


Dr. Sally Ernst

Dr. Sally Ernst

Chief Executive Officer, Australian Cyber Security Network

Dr Sally Ernst has an MBA, Doctorate, and over 15 years specialised experience in corporate digital innovation in a multi-national context. Sally has held several local and international Board and Advisory roles, a number of internet and security-related technology investments and consultancies, and authored a highly rated cyber security publication for executives. Sally has further variously led and collaborated on a number of global and local innovation, entrepreneurship and cyber security research initiatives and speaking engagements.

Passionate about cyber security, Sally has applied her considerable experience and diverse, interdisciplinary network to developing new strategies, under programs that have been described as ground breaking in the way they approach the complex issue of cyber security, and act as a catalyst for management to understand the threat and implement strategies to reduce the potential to be victimised. In this process Sally underscores the innovation opportunity available to us of growing our digital economy while making it safer.

Sally is currently co-founder of the Australian Cyber Security Network and the UK Cyber Security Network, author of highly-rated cyber security book for business Gotcha!, investor in CloudStaff which she also co-founded, Advisory Board Member of Your Digital File, and sits on the Boards of the Association of Certified Fraud Examiners (Brisbane Chapter) and the Australia-Israel Chamber of Commerce (Queensland Chapter).

Avi Schechter

Avi Schechter

Non-Executive Chairman of the Board , CyberGym

Avi Schechter is one of the leading technology managers in Israel with over 20 years of experience in global technology management. Mr. Schechter previously served as senior vice president in Amdocs (NASDAQ: DOX), a $9 billion market cap Israeli technology company and global leader. 

 Mr Schechter earned a Master of Science, Information Technology Systems, from the TelAviv University Recanati School of Business.

 He was previously based in Melbourne with Amdocs Australia for five years and has been responsible for Amdocs' cyber strategy and intellectual property protection. 


Len Kleinman

Len Kleinman

Chief Cyber Security Advisor (APJ), RSA

Len  has over 25 years of experience in the information technology industry, with an early focus on Oracle CASE, network operations and database administration. His current focus is to work with executives and business stakeholders to make security a strategic priority that translates into business value.

For the last 14 years, Len has worked in senior roles in IT security at the Australian Tax Office, including governance and risk, compliance, and the IT Security Advisor role. 

In his most recent role as Senior Director of the Vulnerability Management and Research team (VMR), Len contributed to the development, implementation and review of cyber security strategy.  Focus areas included specialist advice and policy on a range of business and technical activities, strategic and operational planning, service provider engagement, contingency and incident response, and threat intelligence.

During this time, Len developed one of the leading technical security teams in Australian Federal Government delivering a range of specialist technical services encompassing:

Len is the current Branch Executive for the Canberra chapter of the Australian Information Security Association (AISA), a member of the Global Digital Infrastructure Alliance, and sits on The Harvard Group Advisory Council. He has qualifications in Information Systems, Management, Tax Administration Law and Risk Management.

Rachael Falk

Rachael Falk

Director of Technology, Security and Strategy, .au Domain Administration (auDA)

Rachael is the Director of Technology, Security and Strategy at the .au Domain Administration (auDA).  In this senior role, Rachael provides strategic guidance and advice on cyber security for auDA. This role is responsible for ensuring that the online environment is perceived as a safe and trusted. Rachael is collaborating with other key industry advisors on how auDA can become more proactive in the cyber security ecosystem. In this role, Rachael has significant interaction with a range of government, industry, and academic stakeholders.  

Prior to this, Rachael was at Telstra Corporation Limited and held many roles during her 14 years there.  Most recently, she led Telstra’s Cyber Influence capability.  This team, sitting within Telstra’s Security Operations Group, was the first dedicated team of its kind within Telstra to establish and drive a cyber security culture within the company.  Rachael also co-developed the Five Knows of Cyber Security, an easy and accessible approach to cyber security that can be effectively used to manage cyber security risk from the Board down. 

Before moving into cyber security, Rachael was a lawyer at Telstra for 10 years. During part of her career as a lawyer she was also seconded to Telstra’s Corporate Affairs group to act as a legal spokesperson.  

Rachael is a published author having written several articles for the CBS publication, Zdnet as well as two chapters in the Forbes- Palo Alto Australian publication of Navigating the Digital Age- The Definitive Cybersecurity Guide for Directors and Officers.  Rachael is also a presenter on cyber security and risk for the ANU’s National Security College Executive and Professional Development Program.


Nick Abrahams

Nick Abrahams

Partner & APAC Technology Practice Leader, Norton Rose Fulbright

Nick is a corporate technology lawyer based in Sydney. He is deeply involved in the Australian technology sector as a lawyer, adviser, non-executive director, former Dotcom entrepreneur and investor. He has worked on over $3 Billion of TMT-related transactions since 2012. He recently wrote the best-selling book Digital Disruption in Australia – A Guide for Entrepreneurs, Investors & Corporates. 

He is widely recognised for his breadth of knowledge and understanding of all aspects of technology, media and telecommunications. He regularly advises on tech-related M&A, cloud, IT procurement, outsourcing, IT/IP issues, internet and telecommunications matters, media regulation, content and privac

Andrew Bycroft

Andrew Bycroft

Chief Executive Officer, The Security Artist

With more than two decades of experience, Andrew has provided expert advice on combating cyber crime to some of the most respected brands throughout the Asia-Pacific region. In that time, Andrew has recognised that, irrespective of the size of the organisation, the same principles apply for protecting an organisation from cyber crime and enabling it to thrive in the face of adversity.
An advocate for a means of reducing the cost of impact and cost of solving the growing cybercrime epidemic, Andrew is the pioneer of a new but proven methodology known as the Cyber Resilience Battle Plan®.

Regarded as a global thought leader on the rapidly changing future of cyber crime, Andrew is also highly sought after as a public speaker; a facilitator for, and member of, the Australian Institute of Company Directors; a member of the Risk Management Institute of Australasia; member of the Australian Information Security Association; and a member of the Information Security Audit and Controls Association. Andrew is the author of the book “The Cyber Intelligent Executive” a co-author of the upcoming book “Adapt or Die” and has also been asked by the Australian Institute of Company Directors to write a book titled “The Cyber Intelligent Director”.

Garry Barnes

Garry Barnes

Former ISACA board director and Practice Lead, Governance Advisory, Vital Interacts

Garry Barnes has over two decades of experience in information security, assurance, risk management and IT governance. He has worked with organisations across many industries, including the public sector, banking, health, education and transport. His achievements include delivering multi-year security partnerships, implementing numerous business-aligned security strategies, overseeing risk management during a substantial banking transformation, guiding organisations through to ISO 27001 certification, and overseeing multiple compliance, assurance and security testing programs. During his tenure in the NSW State Government, Barnes founded and served as chairman and committee member on a government forum for information security management.

Barnes also volunteers for ISACA, where he has held many roles including Board Director, Treasurer, member of ISACA’s Strategic Advisory Council and Credentialing and Career Management Board, and chair of the CISM Certification Committee. He has also participated in working groups to develop COBIT 5 and provided subject matter expert review of many ISACA publications. He is a past president of the Sydney Chapter of ISACA, and has also held various chapter roles including treasurer, and membership and certification director.

ISACA® ( helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of more than 140,000 professionals in 180 countries.

Patrick Gray

Patrick Gray

Host, Risky.Biz

Patrick is a security analyst and the producer and host of the Risky Business IT security podcast. Launched in February 2007, Risky Business has become a popular audio digest for infosec professionals both in Australia and all over the world. Prior to launching Risky.Biz, he wrote news articles and long-form features for various publishers, including, ZDNet Australia, The Sydney Morning Herald, The Age, The Bulletin (magazine), Australian Men's Style and more. He holds a BEng (Hons) Electronics from RMIT University in Melbourne.. 

Skeeve Stevens

Skeeve Stevens

Chief Futurist, Future Sumo

Skeeve Stevens is a Futurist, Reality Architect, Network Architect, Speaker and Author

Skeeve has the dubious honour of being the first computer hacker to go to prison in Australia. In 1995 under the moniker 'Optik Surfer' he became national headlines for an altruistic hack that exposed the lax security of an ISP of the day and ended up as case- law in the process. In 1999, he was sentenced to 3 years with a non-parole period of 18 months. Upon release, he was offered roles by multiple LEA's, but chose instead a different path.

Fast Forward 18 years and Skeeve has consulted to the governments, banks, and corporates in over a dozen countries in relation to Cyber Security, Critical Infrastructure Protection, Future Crime, National Infrastructure Strategy and much more. He has architected and built over 350 Internet Service Provider networks in the region.

Today, Skeeve and his business partner and wife Shanti Korporaal run a dozen companies across 3 countries with over 30 staff in the areas of Network Engineering, RFID/NFC, Virtual Reality, IoT, Human Enhancement (biohacking/transhumanism), Robotics, Coding, Futurist Consulting and more. In June they will launch two new ventures. A "Think Tank/R&D Facility" in Sydney CBD known as "Q-Branch" and also "SuperHuman" – a specialised service working with elite athletes using pre-cutting-edge technology.

But Skeeve's biggest passion is 'Future Crime' – or should we say, 'potentially any-time-now Crime'.  Skeeve researchers many forms of potential crimes using technology that is available today, what will be available soon, and blends them together to (hopefully) predict threats before they become well known.

Skeeve authors the 'Threat Matrix', a publication that theorizes Future and Near/Now potential risks to the general public, businesses, and critical infrastructure.

Stuart Mort

Stuart Mort

Director Cyber Security, Optus

Stuart has worked in the security field for over 20 years with experience in government, consulting and in a CISO role within a multinational. He has worked in information warfare, where he helped shape defence policy through extensive overseas work, IT security and information security. Stuart recently joined Optus as their Director Cyber Security to help strategic customers take advantage of Optus’s security portfolio in order to enhance their security baseline. Prior to Optus, Stuart was Oracle’s Vice President of Global Information Security, the Global head across all regions reporting into President level, with responsibility held by the CEO and overseeing – not reporting into – the CIO. He built Oracle’s information security strategy and also led the Investigations & Forensics Team and the Mergers & Acquisitions Security Team, which both brought unique security experiences. Stuart holds an Honours Degree in real time systems, a Master of Laws and is a Full Member of the Institute of Information Security Professional.

Tony Kitzelmann

Tony Kitzelmann

Chief Information Security Officer, Australian Digital Health Agency

Tony is the Chief Information Security Officer and General Manager for the Australian Digital Health Agencies Cyber Security Centre. Tony leads a team of Cyber Security professionals responsible for the security of the My Health Record Systems and the Agencies corporate networks. Tony holds numerous industry and academic qualifications and is currently studying a Masters in Cyber Security, Strategy and Diplomacy with UNSW.

Tony was previously employed as the Senior Cyber Security Executive and Chief Information Security Officer (APAC) at Lockheed Martin for five years from 2012. He was accountable for the strategic leadership and delivery of all corporate cyber security functions within the ASIA Pacific region and provided functional leadership to the various business lines in the region.

During Tony’s time at Lockheed Martin he successfully established and integrated two cyber security practices within the Australian Taxation Office and the Department of Defence Chief Information Officer Group. He was also a key senior leader on the CIOG CP bid team, resulting in a successful contract award worth over $790M.

Tony has previously been employed as the CrimTrac Chief Security Officer, CrimTrac Manager Background Checking Services, and Department of Defence’s National ICT Security Manager.

Scroll To Top