AppSec & DevSecOps Melbourne schedule

In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network! 

• Explore strategies to position DevSecOps and AppSec as catalysts for cultural and operational transformation, fostering a security-first mindset across teams.
• Learn to identify, implement, and leverage key performance indicators (KPIs) and frameworks that measure the effectiveness and business impact of DevSecOps and AppSec initiatives.
• Discover how to address observability challenges, overcome adoption hurdles, and drive continuous innovation to deliver measurable value in security and operational resilience.

The integration of Large Language Models (LLMs) is rapidly transforming security practices throughout the Software Development Lifecycle (SDLC). This session will explore how we can leverage LLMs to create intelligent security orchestration, moving beyond traditional DevSecOps approaches. The session will delve into key areas such as:

• LLM-Powered Code Analysis: Examine how LLMs are revolutionising static and dynamic analysis, enabling deeper vulnerability detection and significantly faster remediation workflows.
• Automated Security Policy Enforcement:Discuss how LLMs can automate the enforcement of security policies, ensuring consistent security practices across all development stages.
• Developer Empowerment through LLM-Driven Security Guidance: Explore how LLMs can provide real-time, contextual security guidance directly to developers, effectively shifting security left and fostering a proactive security culture within development teams.
• Practical Applications and Future Trends: Showcase real-world examples and discuss the exciting future potential of LLMs in shaping the next generation of SDLC security strategies.

• Identifying and mitigating API bugs and vulnerabilities
• The importance of doing API threat modelling early in the development process
• Addressing API-related compliance concerns and keeping up with changing security requirements
• Can AI improve Zero Trust of APIs? 

• Integrate DevSecOps principles into platform engineering to enhance security across all stages of the development lifecycle.
• Discuss the importance of aligning workflows, enhancing automation, and fortifying security measures to create a cohesive platform for software delivery.
• Exploring how Security as Code (SaC) empowers proactive cyber security measures within the development pipeline
• Highlight the need to strike a balance between experimentation and pragmatism to ensure alignment with organisational goals and augment DevSecOps strategies.

As cloud adoption accelerates, managing and securing digital assets is more critical than ever. This session explores strategies for ensuring robust security, maintaining compliance, and strengthening governance. We’ll also examine how software supply chain management plays a key role in mitigating vulnerabilities, providing a comprehensive approach to securing your organisation’s digital landscape.

• How can organisations embed security into the software supply chain while aligning with regulatory frameworks?
• What strategies mitigate risks across the SDLC without slowing innovation?
• How can teams secure open-source components, CI/CD pipelines, and containerised environments?
• How do we align security policies with DevSecOps to balance governance and agility?
• What are the biggest challenges in balancing speed, security, and compliance, and how can they be addressed?

Moderator:

David Luchi Head of Information Security Wesfarmers OneDigital

Panellists:

Bastian Goonewardena Senior Security DevSecOps Engineer Origin Energy

Arun Degala Group GM Software Development & Platform Engineering Crown

Uday Korlimarla Application Security Architect UniSuper

Explore how integrating DevSecOps with Value Stream Management accelerates AI-driven software development. This session delves into aligning security, efficiency, and innovation to streamline workflows, reduce risks, and maximise development velocity in AI-centric environments.

• Defining clear AppSec objectives and goals, aligning them with business priorities for both yearly and quarterly plans.
• Implementing security practices throughout the development lifecycle for custom applications while evaluating and securing third-party applications.
• Establishing a roadmap for integrating security measures, allocating resources, and managing risks associated with both off-the-shelf and custom-developed applications.
• Monitoring effectiveness through metrics and KPIs, adapting strategies based on new threats and evolving business needs.

With the software supply chain becoming more complex due to developments like the rise of AI and increasing regulatory pressure, many organisations are struggling to keep pace. In this discussion, learn how to remove complexity and ease the resource strain associated with securing modern software through consolidation initiatives.

Join industry leaders as they delve into the essential skills required for secure coding and the training methodologies that can effectively impart these skills.

• How can we integrate secure coding into a developer’s core skill set, making it a natural part of their development workflow?
• What are the limitations of traditional security testing tools like DAST and SAST, and how can developers overcome these challenges to ensure comprehensive application security?
• What are the most effective strategies to shift a developer's mindset towards viewing security as a responsibility throughout the entire development lifecycle?
• What tangible benefits can developers gain from mastering secure coding, and how can organisations effectively communicate this value?

Moderator:

David Luchi Head of Information Security Wesfarmers OneDigital

Panellists:

Tim Baird, Senior Manager – DevOps, AIA Australia

• Discover how to enhance AppSec through modern cloud technologies and effective frameworks.
• Learn how to scale security efforts by empowering teams, improving processes, and leveraging advanced metrics.
• Discuss practical approaches to communicate risks and needs associated with AppSec with stakeholders and advance maturity across your organisation.

• Explore real-world experiences, challenges, and lessons learned in building an AI security governance framework.
• Explores how key standards and frameworks (ISO 42001, ISO 27001, NIST CSF 2.0, ISO 27028, OWASP Top 10 – AI Risks, CSA Controls Catalog) fit together to enhance AI security.
• Showcases an overarching governance framework, an ISO 42001-compliant AIMS Manual, and an AISecOps Capability Operating Model.