<img height="1" width="1" style="display:none" alt="" src="https://www.facebook.com/tr?id=367542720414923&amp;ev=PageView&amp;noscript=1">

    Not Found

  • AppSec & DevSecOps Melbourne

  • 08:20

    Register; grab a coffee. Mix, mingle and say hello to peers old and new.

    Arrow
  • 09:00

    Welcome from Corinium and the Chairperson

    Arrow
  • 09:10
    Connect _Network-1

    Speed Networking – Making new connections!

    Arrow

    In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network! 

  • 09:20
    Tara Whitehead

    Redefining Success in DevSecOps & AppSec: Inspire Change, Deliver Value

    Tara Whitehead - Security Engagement Manager - MYOB

    Arrow
    • Explore strategies to position DevSecOps and AppSec as catalysts for cultural and operational transformation, fostering a security-first mindset across teams.
    • Learn to identify, implement, and leverage key performance indicators (KPIs) and frameworks that measure the effectiveness and business impact of DevSecOps and AppSec initiatives.
    • Discover how to address observability challenges, overcome adoption hurdles, and drive continuous innovation to deliver measurable value in security and operational resilience.
  • 09:45
    Paridhi

    Bridging DevSecOps and LLMs: Intelligent Security Orchestration Across the SDLC

    Paridhi Jha - Head of AL and ML - EBOS Group

    Arrow

    The integration of Large Language Models (LLMs) is rapidly transforming security practices throughout the Software Development Lifecycle (SDLC). This session will explore how we can leverage LLMs to create intelligent security orchestration, moving beyond traditional DevSecOps approaches. The session will delve into key areas such as:

    • LLM-Powered Code Analysis: Examine how LLMs are revolutionising static and dynamic analysis, enabling deeper vulnerability detection and significantly faster remediation workflows.
    • Automated Security Policy Enforcement:Discuss how LLMs can automate the enforcement of security policies, ensuring consistent security practices across all development stages.
    • Developer Empowerment through LLM-Driven Security Guidance: Explore how LLMs can provide real-time, contextual security guidance directly to developers, effectively shifting security left and fostering a proactive security culture within development teams.
    • Practical Applications and Future Trends: Showcase real-world examples and discuss the exciting future potential of LLMs in shaping the next generation of SDLC security strategies.
  • 10:10
    Partner-1

    Delivering security of applications and APIs

    Senior representative - - Gitlab

    Arrow
    • Identifying and mitigating API bugs and vulnerabilities
    • The importance of doing API threat modelling early in the development process
    • Addressing API-related compliance concerns and keeping up with changing security requirements
    • Can AI improve Zero Trust of APIs? 
  • 10:35
    Keynote-1

    Building a New Platform Engineering Capability through DevSecOps

    Rishabh Sharma - Director – Strategy, Design & Architecture -

    Arrow
    • Integrate DevSecOps principles into platform engineering to enhance security across all stages of the development lifecycle.
    • Discuss the importance of aligning workflows, enhancing automation, and fortifying security measures to create a cohesive platform for software delivery.
    • Exploring how Security as Code (SaC) empowers proactive cyber security measures within the development pipeline
    • Highlight the need to strike a balance between experimentation and pragmatism to ensure alignment with organisational goals and augment DevSecOps strategies.
  • 11:00
    Break-1

    Get Refreshed! Mingle

    Arrow
  • 11:30
    Partner-1

    Taming the Digital Herd: Securing Cloud, Compliance, and the Software Supply Chain

    Arrow
    As cloud adoption accelerates, managing and securing digital assets is more critical than ever. This session explores strategies for ensuring robust security, maintaining compliance, and strengthening governance. We’ll also examine how software supply chain management plays a key role in mitigating vulnerabilities, providing a comprehensive approach to securing your organisation’s digital landscape.
  • 11:55
    Panel Discussion-1

    Panel: Securing the Software Supply Chain from Development to Deployment

    Arrow
    • How can organisations embed security into the software supply chain while aligning with regulatory frameworks?
    • What strategies mitigate risks across the SDLC without slowing innovation?
    • How can teams secure open-source components, CI/CD pipelines, and containerised environments?
    • How do we align security policies with DevSecOps to balance governance and agility?
    • What are the biggest challenges in balancing speed, security, and compliance, and how can they be addressed?

    Moderator:

    David Luchi Head of Information Security Wesfarmers OneDigital

    Panellists:

    Bastian Goonewardena Senior Security DevSecOps Engineer Origin Energy

    Arun Degala Group GM Software Development & Platform Engineering Crown

    Uday Korlimarla Application Security Architect UniSuper

  • 12:30
    Partner-1

    Integrating DevSecOps and Value Stream Management for AI-Driven Software Development Velocity

    Arrow
    Explore how integrating DevSecOps with Value Stream Management accelerates AI-driven software development. This session delves into aligning security, efficiency, and innovation to streamline workflows, reduce risks, and maximise development velocity in AI-centric environments.
  • 12:55
    Lunch_ Dinner-1

    Lunch

    Arrow
  • 13:55
    Maryam Shoraka

    Securing Both Worlds: Holistic Approaches to Protect Off-the-Shelf and Custom Apps

    Arrow
    • Defining clear AppSec objectives and goals, aligning them with business priorities for both yearly and quarterly plans.
    • Implementing security practices throughout the development lifecycle for custom applications while evaluating and securing third-party applications.
    • Establishing a roadmap for integrating security measures, allocating resources, and managing risks associated with both off-the-shelf and custom-developed applications.
    • Monitoring effectiveness through metrics and KPIs, adapting strategies based on new threats and evolving business needs.
  • 14:20
    Partner-1

    AppSec Optimized! AppSec Consolidation Whilst Building Culture

    Arrow

    With the software supply chain becoming more complex due to developments like the rise of AI and increasing regulatory pressure, many organisations are struggling to keep pace. In this discussion, learn how to remove complexity and ease the resource strain associated with securing modern software through consolidation initiatives.

  • 14:45
    Panel Discussion-1

    Panel: Empowering Developers to Make Secure Coding a Core Competency

    Arrow

    Join industry leaders as they delve into the essential skills required for secure coding and the training methodologies that can effectively impart these skills.

    • How can we integrate secure coding into a developer’s core skill set, making it a natural part of their development workflow?
    • What are the limitations of traditional security testing tools like DAST and SAST, and how can developers overcome these challenges to ensure comprehensive application security?
    • What are the most effective strategies to shift a developer's mindset towards viewing security as a responsibility throughout the entire development lifecycle?
    • What tangible benefits can developers gain from mastering secure coding, and how can organisations effectively communicate this value?

    Moderator:

    David Luchi Head of Information Security Wesfarmers OneDigital

    Panellists:

    Tim Baird, Senior Manager – DevOps, AIA Australia

  • 15:20
    Break-1

    Get Refreshed! Mingle

    Arrow
  • 15:50
    Rujuta Raval

    From Good to Great: Scaling Security Maturity in Your Organisation

    Rujuta Raval - Former Security Engineer – Global Security Operations - ex-GPC Asia Pacific

    Arrow
    • Discover how to enhance AppSec through modern cloud technologies and effective frameworks.
    • Learn how to scale security efforts by empowering teams, improving processes, and leveraging advanced metrics.
    • Discuss practical approaches to communicate risks and needs associated with AppSec with stakeholders and advance maturity across your organisation.
  • 16:15
    Keynote-1

    AI Security Governance Demystified: Frameworks, Implementation and Challenges

    Arrow
    • Explore real-world experiences, challenges, and lessons learned in building an AI security governance framework.
    • Explores how key standards and frameworks (ISO 42001, ISO 27001, NIST CSF 2.0, ISO 27028, OWASP Top 10 – AI Risks, CSA Controls Catalog) fit together to enhance AI security.
    • Showcases an overarching governance framework, an ISO 42001-compliant AIMS Manual, and an AISecOps Capability Operating Model. 
  • 16:40

    Chairperson's Closing Remarks

    Arrow
  • 16:50

    Close of AppSec & DevSecOps Melbourne 2025

    Arrow