Build securely in a rapidly evolving landscape

Welcome to the AWS Security Forum, Sydney. This year’s in-person event will bring together security leaders and experts from around the world to showcase how building securely is the path of least resistance. We will uncover how partners and customers have streamlined their security practices, ensuring a frictionless path to protect their organisations.

Three reasons to attend:

  • Actionable Insights. Engage with our speakers about what's top of mind for you, like responding to
    emerging threats, building a culture of security, and efficiently scaling your security processes with
  • Security Expertise. Partners featured in the Expo have achieved AWS Security Competencies, which
    means they have proven abilities to support you in scaling your security efforts.
  • Real-life use cases. Hear how AWS Partners and customers, from startups to enterprise-level businesses, have successfully integrated AWS security services.


Time Session
8:30am Arrival, Sponsor Expo and Networking
9:30am - 12:30pm

9:30am - 9:45am
Welcome and opening remarks

Speaker: Phil Rodrigues, Head of Security APJ, AWS

9:45am - 10:15am
Keynote - Secure by design: how AWS builds foundational security into our services.

Speaker: Paul Vixie, Deputy CISO, AWS

10:15am - 10:45am
Customer and AWS panel session

This panel session will delve into building securely and how organisations are doing this today.

Speaker: Jess Modini, Senior Technologist, AWS

10:45am - 11:15am
Morning tea

11:15am - 11:35am
Fireside chat with Culture Amp and Snyk
Craig Penfold, SVP Engineering at Culture Amp and Snyk delve into the world of security-focused engineering teams, exploring the need, the challenges, and the journey towards integrating security at every step of the engineering process.

Craig Penfold, SVP Engineering, Culture Amp
Lawrence Crowther, Head of Solutions Engineering APJ, Snyk

11:35am - 11:55am
Fireside chat with Australian Red Cross Lifeblood and Wiz
Callum Nelson, CISO at Australian Red Cross Lifeblood, and Wiz talk about the journey to democratising cloud security: putting control in the hands of application teams through culture change and gamification which has resulted in a more resilient security posture.


Callum Nelson, Director of Cyber Security (CISO), Australian Red Cross Lifeblood
Maria Papas, APJ Enterprise Business Manager, Wiz

11:55am - 12:15pm
Fireside chat with Canva and SentinelOne
Raymond Schippers, Head of Detection and Response at Canva and SentinelOne talk about safeguarding their workforce and infrastructure allowing them to simplify cloud operations.

Speaker: Raymond Schippers, Head of Detection and Response, Canva

Closing remarks and morning wrap up

Speaker: Phil Rodrigues, Head of Security APJ, AWS

12:30pm Lunch and Sponsor Expo
2:00pm - 5:00pm Breakout Stream (Join one of the below):

Audience: Business/Security Executive
Session Format: Presentation

This track empowers leaders to drive a culture of building securely from the top down. Learn from AWS and customers on the non-technical aspects of leading a secure organisation of builders to help build skills you can take back to your organisation.

2:00pm - 2:40pm
The importance of Secure by Design
Now more than ever, it is crucial for technology manufacturers and government customers to make Secure by Design a focal point of product design, development processes, purchasing and integration activities. To accomplish Secure by Design manufacturers need to prioritise the integration of security principles as a critical prerequisite to consider, alongside features and speed to market. Equally, government customers should be aware of what to look for in products to ensure they are built using secure-by-design principles. This presentation will provide guidance of how Secure by Design can be implemented in products and development lifecycles, particularly for those using AWS products.

Jayden Cooke, Technical Director, ACSC Secure Design and Architecture
John Hildebrandt, Principal Solutions Architec, AWS

2:45pm - 3:25pm
Building better using risk and regulation
Customers in all industries face growing cyber-threats and increasing regulatory scrutiny. This talk distills risk and regulatory insights from working with financial services (FS) customers and applies them to help ISVs develop their offerings. A key insight is that FS regulators are OPEN to critical systems running on AWS. This talk applies whether you are directly regulated, sell to regulated customers, or are not regulated at all.

Speaker: Julian Busic, Senior Security Architect, AWS

3:30pm - 3:45pm
Journeying from compliance to risk management in the cloud
Applications deployed in the cloud need to be highly available, reliable, and high-performing to keep business moving forward and competitive. However, with faster development pipelines and release speeds, coupled with ever increasing compliance demands - come new impacts on business risk. In this lightning talk, hear from Trend Micro as we discuss the journey of enterprise security that helps manage compliance while identifying threats and managing the risk profile. We'll talk about key challenges around consolidating multiple risk management sources and streamlining toolsets and processes.
Anthony Edwards, Principal Security Engineer, Trend Micro

3:45pm - 4:20pm
Afternoon tea

4:20pm - 5:00pm
How AWS built the Security Guardians program, a mechanism to distribute security ownership

Security teams play a critical role in ensuring that new services, products, and features are built and shipped securely to customers. However, since security teams are in the product launch path, they can form a bottleneck if organisations struggle to scale their security teams to support their growing product development teams. In this session, you will learn how AWS developed a mechanism called the Security Guardians, to scale security processes and expertise by distributing security ownership between security teams and builder teams.

Speaker: Mitch Beaumont, Principal Solutions Architect, AWS

Audience: Technical
Session Format: Presentation

This track will show you the way to reinforce the security of the software that you build in the cloud. Join us if you are an application developer, DevOps engineer or any builder who wants to level up their security skills and become a security champion.

2:00pm - 2:40pm
Rethinking the "Sec" in DevSecOps for modern architectures
Using third-party or open-source software components can help reduce cost, speed up time to market, and free staff up to engage in more innovative and value-adding activities. But how can organizations ensure that third-party software and development processes are secure? And what is the “right way” to evaluate the security of software packages? A holistic DevSecOps approach applies best practices and tools from the early stages of the software development life-cycle to continuous delivery, continuous testing, and continuous scanning and monitoring. This presentation will evaluate the AWS service offerings such as AWS Security Hub, AWS Organizations, AWS IAM, plus popular third-party tools.

Maria Sokolova, Senior Solutions Architect, AWS
Gerald Bachlmayr, Principal Cloud Architect, Cuscal

2:45pm - 3:25pm
Building securely with AI & ML
In this session, learn how modern tools can improve your development workflow and security when building applications in the cloud. You can use AWS Toolkit within your IDE of choice to access AWS environments, and leverage tools such as Amazon CodeWhisperer to provide AI-powered coding recommendations when developing applications. In addition, Amazon CodeGuru can identify vulnerabilities in code, provide recommendations on how to fix the identified vulnerabilities, and track the status of the vulnerabilities until closure.

Paul Kukiel, Enterprise Solution Architect, AWS
Matt Coles, Principal Engineer, AWS

3:30pm - 3:45pm
How SaaS provider Playvox is Scaling Securely across multiple Geo's
Global SaaS provider Playvox shares their evolution and the criticality of expanding their security engineering and continuous network monitoring in tandem with their growth. Discover how Playvox's security team and culture strategy has facilitated the development of a scalable security approach aligned with their business expansion. Playvox has been able to meet customer requirements during their international growth by simultaneously implementing security practices that maximise the ability for their engineering teams to build faster and securely.

Speaker: Cheyne Wagner, SVP of Global Engineering

3:45pm - 4:20pm
Afternoon tea

4:20pm - 5:00pm
A new open-source tool to help improve your threat modeling
Threat modeling helps you identify security issues early, understand your security requirements, and delight your customers by building secure products and services. Join this session to learn the basics of threat modeling and to see a new open-source tool released by AWS to help you through the process of producing a threat model. The tool is useful during the ‘What can go wrong?’ step by helping you brainstorm and consistently compose useful threats, and during the ‘Did we do a good enough job?’ step to show how you can improve and raise the bar for security in your application.

Speaker: Darran Boyd, Principal Security Solutions Architect, AWS

Audience: Technical
Session Format: Hands-on Lab

2:00pm - 5:00pm
Security Builder Workshop
The builder's workshop will give you an opportunity to learn how to aggregate, ingest and analyse security log data and events in a multi-account environment. Attendees will dive deeper, hands-on, into building a solution to ingest and analyse logs from AWS security services like Amazon GuardDuty, Amazon Inspector and AWS Security Hub. Attendees will learn how to use AWS-native services like Amazon S3, Amazon Athena and Amazon QuickSight to query and visualise security log data building insights into their security posture. The workshop will include a demo of the capabilties of Amazon Security Lake in centralising security log data and events.

This session is a hands-on workshop, attendees will be provided with sandbox AWS accounts and should bring their own laptops.

Audience: Technical
Session Format: Hands-on Lab

2:00pm - 5:00pm
Security Developer Workshop
The developer's workshop will give you an opportunity to exercise AppSec controls in a sample code deployment pipeline. Attendees will be provided with sandbox AWS accounts to setup an Automated Release Pipeline to deploy an insecure Web Application. Through the workshop, attendees will review common security risks and integrate with Security Tools/Processes in the release pipeline, shifting left with security.

This session is a hands-on workshop, attendees will be provided with sandbox AWS accounts and should bring their own laptops.

5:00pm Networking Drinks

Featured Speakers

Paul Vixie

Paul Vixie
Deputy CISO, AWS

Phil Rodrigues

Phil Rodrigues
Head of Security APJ, AWS

Jess Modini

Jess Modini
Senior Technologist, AWS

Rhys Evans

Rhys Evans
Head of Security ANZ, AWS

Australian RedCross Lifeblood
Culture Amp

In partnership with:




Trend Micro


DoiT International
Arctic Wolf
Check Point
Sumo Logic



Event Details

Date: Tuesday, 19 September 2023
Time: 9:00 AM – 5:30 PM
Venue: ICC Sydney, 14 Darling Dr, Sydney NSW 2000 (view map)
Pre-event Registration is now closed. Please register onsite at ICC Sydney on Tuesday 19 September.