Welcome to the AWS Security Forum, Sydney. This year’s in-person event will bring together security leaders and experts from around the world to showcase how building securely is the path of least resistance. We will uncover how partners and customers have streamlined their security practices, ensuring a frictionless path to protect their organisations.
Three reasons to attend:
Actionable Insights. Engage with our speakers about what's top of mind for you, like responding to emerging threats, building a culture of security, and efficiently scaling your security processes with AI/ML.
Security Expertise. Partners featured in the Expo have achieved AWS Security Competencies, which means they have proven abilities to support you in scaling your security efforts.
Real-life use cases. Hear how AWS Partners and customers, from startups to enterprise-level businesses, have successfully integrated AWS security services.
Arrival, Sponsor Expo and Networking
9:30am - 12:30pm
9:30am - 9:45am Welcome and opening remarks Speaker: Phil Rodrigues, Head of Security APJ, AWS
9:45am - 10:15am Keynote - Secure by design: how AWS builds foundational security into our services.
Speaker: Paul Vixie, Deputy CISO, AWS
10:15am - 10:45am Customer and AWS panel session This panel session will delve into building securely and how organisations are doing this today. Speaker: Jess
Modini, Senior Technologist, AWS
10:45am - 11:15am Morning tea
11:15am - 11:35am Fireside chat with Culture Amp and Snyk Craig Penfold, SVP Engineering at Culture Amp and Snyk delve into the world of security-focused engineering teams, exploring the need, the
challenges, and the journey towards integrating security at every step of the engineering process. Speakers: Craig Penfold, SVP Engineering, Culture Amp Lawrence Crowther, Head of Solutions Engineering APJ, Snyk
11:35am - 11:55am Fireside chat with Australian Red Cross Lifeblood and Wiz Callum Nelson, CISO at Australian Red Cross Lifeblood, and Wiz talk about the journey to democratising cloud security:
putting control in the hands of application teams through culture change and gamification which has resulted in a more resilient security posture.
Speakers: Callum Nelson, Director of Cyber Security (CISO), Australian Red Cross Lifeblood Maria Papas, APJ Enterprise Business Manager, Wiz
11:55am - 12:15pm Fireside chat with Canva and SentinelOne Raymond Schippers, Head of Detection and Response at Canva and SentinelOnetalk about safeguarding their workforce and
infrastructure allowing them to simplify cloud operations.
Speaker: Raymond Schippers, Head of Detection and Response, Canva
12:15pm Closing remarks and morning wrap up Speaker: Phil Rodrigues, Head of Security APJ, AWS
This track empowers leaders to drive a culture of building securely from the top down.
Learn from AWS and customers on the non-technical aspects of leading a secure organisation of builders to help build skills you can take back to your organisation.
2:00pm - 2:40pm The importance of Secure by Design Now more than ever, it is crucial for technology manufacturers and government customers to make Secure by Design a focal point of
product design, development processes, purchasing and integration activities.
To accomplish Secure by Design manufacturers need to prioritise the integration of security principles as a critical prerequisite to consider, alongside features and speed to market.
Equally, government customers should be aware of what to look for in products to ensure they are built using secure-by-design principles.
This presentation will provide guidance of how Secure by Design can be implemented in products and development lifecycles, particularly for those using AWS products.
Speakers: Jayden Cooke, Technical Director, ACSC Secure Design and Architecture John
Hildebrandt, Principal Solutions Architec, AWS
2:45pm - 3:25pm Building better using risk and regulation Customers in all industries face growing cyber-threats and increasing regulatory scrutiny.
This talk distills risk and regulatory insights from working with financial services (FS) customers and applies them to help ISVs develop their offerings.
A key insight is that FS regulators are OPEN to critical systems running on AWS.
This talk applies whether you are directly regulated, sell to regulated customers, or are not regulated at all.
3:30pm - 3:45pm Journeying from compliance to risk management in the cloud Applications deployed in the cloud need to be highly available, reliable, and high-performing to keep business moving forward
However, with faster development pipelines and release speeds, coupled with ever increasing compliance demands - come new impacts on business risk.
In this lightning talk, hear from Trend Micro as we discuss the journey of enterprise security that helps manage compliance while identifying threats and managing the risk profile.
We'll talk about key challenges around consolidating multiple risk management sources and streamlining toolsets and processes. Partner: Anthony Edwards, Principal Security Engineer, Trend Micro
3:45pm - 4:20pm Afternoon tea
4:20pm - 5:00pm How AWS built the Security Guardians program, a mechanism to distribute security ownership
Security teams play a critical role in ensuring that new services, products, and
features are built and shipped securely to customers.
However, since security teams are in the product launch path, they can form a bottleneck if organisations struggle to scale their security teams to support their growing product development teams.
In this session, you will learn how AWS developed a mechanism called the Security Guardians, to scale security processes and expertise by distributing security ownership between security teams and builder teams.
Speaker: Mitch Beaumont, Principal Solutions Architect,
Audience: Technical Session Format: Presentation
This track will show you the way to reinforce the security of the software that you build in the cloud.
Join us if you are an application developer, DevOps engineer or any builder who wants to level up their security skills and become a security champion.
2:00pm - 2:40pm Rethinking the "Sec" in DevSecOps for modern architectures Using third-party or open-source software components can help reduce cost, speed up time to market, and free staff up to
engage in more innovative and value-adding activities.
But how can organizations ensure that third-party software and development processes are secure? And what is the “right way” to evaluate the security of software packages? A holistic DevSecOps approach applies best practices and tools from the early stages of the software development
life-cycle to continuous delivery, continuous testing, and continuous scanning and monitoring.
This presentation will evaluate the AWS service offerings such as AWS Security Hub, AWS Organizations, AWS IAM, plus popular third-party tools.
Speakers: Maria Sokolova, Senior Solutions Architect, AWS Gerald Bachlmayr, Principal Cloud Architect,
2:45pm - 3:25pm Building securely with AI & ML In this session, learn how modern tools can improve your development workflow and security when building applications in the cloud.
You can use AWS Toolkit within your IDE of choice to access AWS environments, and leverage tools such as Amazon CodeWhisperer to provide AI-powered coding recommendations when developing applications.
In addition, Amazon CodeGuru can identify vulnerabilities in code, provide recommendations on how to fix the identified vulnerabilities, and track the status of the vulnerabilities until closure.
Speakers: Paul Kukiel, Enterprise Solution Architect, AWS Matt Coles, Principal Engineer, AWS
3:30pm - 3:45pm How SaaS provider Playvox is Scaling Securely across multiple Geo's Global SaaS provider Playvox shares their evolution and the criticality of expanding their security engineering and
continuous network monitoring in tandem with their growth.
Discover how Playvox's security team and culture strategy has facilitated the development of a scalable security approach aligned with their business expansion.
Playvox has been able to meet customer requirements during their international growth by simultaneously implementing security practices that maximise the ability for their engineering teams to build faster and securely.
Speaker: Cheyne Wagner, SVP of Global
Engineering Partner: REDBEAR IT
3:45pm - 4:20pm Afternoon tea
4:20pm - 5:00pm A new open-source tool to help improve your threat modeling Threat modeling helps you identify security issues early, understand your security requirements, and delight your customers
by building secure products and services.
Join this session to learn the basics of threat modeling and to see a new open-source tool released by AWS to help you through the process of producing a threat model.
The tool is useful during the ‘What can go wrong?’ step by helping you brainstorm and consistently compose useful threats, and during the ‘Did we do a good enough job?’ step to show how you can improve and raise the bar for security in your application.
Speaker: Darran Boyd, Principal Security Solutions Architect, AWS
Audience: Technical Session Format: Hands-on Lab
2:00pm - 5:00pm Security Builder Workshop The builder's workshop will give you an opportunity to learn how to aggregate, ingest and analyse security log data and events in a multi-account environment.
Attendees will dive deeper, hands-on, into building a solution to ingest and analyse logs from AWS security services like Amazon GuardDuty, Amazon Inspector and AWS Security Hub.
Attendees will learn how to use AWS-native services like Amazon S3, Amazon Athena and Amazon QuickSight to query and visualise security log data building insights into their security posture.
The workshop will include a demo of the capabilties of Amazon Security Lake in centralising security log data and events.
This session is a hands-on workshop, attendees will be provided with sandbox AWS accounts and should bring their own laptops.
Audience: Technical Session Format: Hands-on Lab
2:00pm - 5:00pm Security Developer Workshop The developer's workshop will give you an opportunity to exercise AppSec controls in a sample code deployment pipeline.
Attendees will be provided with sandbox AWS accounts to setup an Automated Release Pipeline to deploy an insecure Web Application.
Through the workshop, attendees will review common security risks and integrate with Security Tools/Processes in the release pipeline, shifting left with security.
This session is a hands-on workshop, attendees will be provided with sandbox AWS accounts and should bring their own
Paul Vixie Deputy CISO, AWS
Phil Rodrigues Head of Security APJ, AWS
Jess Modini Senior Technologist, AWS
Rhys Evans Head of Security ANZ, AWS
In partnership with:
Tuesday, 19 September 2023
9:00 AM – 5:30 PM
ICC Sydney, 14 Darling Dr, Sydney NSW 2000 (view map)
Pre-event Registration is now closed. Please register onsite at ICC Sydney on Tuesday 19 September.