AppSec & DevSecOps Melbourne schedule

In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network! 

• Explore strategies to position DevSecOps and AppSec as catalysts for cultural and operational transformation, fostering a security-first mindset across teams.
• Learn to identify, implement, and leverage key performance indicators (KPIs) and frameworks that measure the effectiveness and business impact of DevSecOps and AppSec initiatives.
• Discover how to address observability challenges, overcome adoption hurdles, and drive continuous innovation to deliver measurable value in security and operational resilience.

What does DevSecOps success really look like beyond the buzzwords? In this candid fireside chat, we unpack the metrics, mindsets, and practical shifts that drive meaningful, measurable change across security and engineering.

Tara Whitehead - Security Engagement Manager - ex-MYOB

Maryam Shoraka - Head of OT Cyber Security Operations - Sydney Trains

In a world of increasing regulatory pressure and evolving threats, organisations often struggle to scale DevSecOps without compromising on compliance. Fragmented toolchains, inconsistent policies, and manual processes slow teams down and increase risk.

This session explores how a unified compliance approach within your DevSecOps can drive development velocity while maintaining security and audit readiness. You'll learn how to enable faster, secure delivery by shifting compliance left, automating policies and evidence, enhancing visibility, and aligning cross-functional teams.

Whether you're modernising legacy workflows or scaling existing DevSecOps environments, this session will explore how integrated compliance can fuel continuous improvement and innovation.

Serverless architectures are fast, scalable, and cost-efficient — but they also redefine how we approach security. In this session, we’ll explore what breaks, what stays the same, and what needs to evolve in your AppSec strategy when building serverless applications.

• Understand the new serverless attack surface
• Avoid common security pitfalls in function-based apps
• Apply identity, policy, and least privilege effectively
• Build secure, event-driven applications without slowing delivery

In an era where developers assume full app ownership and binaries are the single source of truth, securing the software supply chain is paramount. This session, 'From Vulnerabilities to Vigilance: DevSecOps Evolution,' addresses the escalating threats, from malicious packages and 0-day exploits to the alarming rise of attacks targeting ML models.In this session, JFrog's Senior Solutions Engineer, Shani Levy, will demonstrate why traditional scanning methods often fall short, frequently missing critical zero-day malicious models and generating high false positives. Discover how JFrog's deep binary analysis and research-backed detectors offer unparalleled vigilance, enabling you to uncover threats and truly secure your software from development to production.

• How can organisations embed security into the software supply chain while aligning with regulatory frameworks?
• What strategies mitigate risks across the SDLC without slowing innovation?
• How can teams secure open-source components, CI/CD pipelines, and containerised environments?
• How do we align security policies with DevSecOps to balance governance and agility?
• What are the biggest challenges in balancing speed, security, and compliance, and how can they be addressed?

Moderator:
Tim Baird, Senior Manager – DevOps, AIA Australia
Panellists:
Kris Pickering Principal Enterprise Architect – Cyber Security, Identity & Distributed Cloud Coles 
Simon Scaife Mobile Security Sales Leader Zimperium

In this fireside chat moderated by Bugcrowds own TISO, Sajeeb Lohani, our guests will share how they leverage the ingenuity of the ethical hacking community, "the crowd", bringing them into their Appsec workflows

• How crowdsourced security augments traditional Appsec.
• Different ways of utilising the elite skills of the "crowd" for high impact risk reduction.
• How to obtain consensus and buy-in from application team leaders and legal teams.
• Crawl, Walk, Run approach by starting with a "Private" Bug Bounty and how it differs to traditional Public Bug Bounties.

Moderator:

Sajeeb Lohani TISO Bugcrowd

Panellists:

Neha Malik Head of Product Security REA Group

Andrew Morton Head of IT GRC & Assurance at CW Retail Chemist Warehouse 

For organisations born in the cloud or seeking to adopt modern technologies like containers, Kubernetes, and Serverless architectures, shifting security left is foundational. It empowers engineering teams to collaborate effectively with security teams, and effectively prevent common risks associated with the cloud. But how can this be achieved when security and engineering teams often have transactional relationships? Join this session for real-world case study of how Roller is bringing DevSecOps together with Wiz.

Speakers:

Daniel Kreitals Solutions Engineer Wiz

APIs are the arteries of digital business. Securing them in the age of AI, Edge-Native and evolving threat vectors is no longer optional — it's existential.  Today, I’ll unpack how we're unlocking value, embracing AI and hardening the software supply chain — with a lens on APIs and DevSecOps.

Join industry leaders as they delve into the essential skills required for secure coding and the training methodologies that can effectively impart these skills.

• How can we integrate secure coding into a developer’s core skill set, making it a natural part of their development workflow?
• What are the limitations of traditional security testing tools like DAST and SAST, and how can developers overcome these challenges to ensure comprehensive application security?
• What are the most effective strategies to shift a developer's mindset towards viewing security as a responsibility throughout the entire development lifecycle?
• What tangible benefits can developers gain from mastering secure coding, and how can organisations effectively communicate this value?

Moderator:

David Luchi Head of Information Security Flybuys

Panellists:

Tim Baird Senior Manager – DevOps AIA Australia

Priya Sharma Chapter Lead Principal-Software Engineering-COE ex-Telstra

Medha Mishra Senior Application Security Engineer PaperCut Software

James Galbraith Network & Cloud Security Engineering Lead - Cyber Defence APA Group 

• Discover how to enhance AppSec through modern cloud technologies and effective frameworks.
• Learn how to scale security efforts by empowering teams, improving processes, and leveraging advanced metrics.
• Discuss practical approaches to communicate risks and needs associated with AppSec with stakeholders and advance maturity across your organisation.

As machine learning moves from prototype to production, security often struggles to keep pace. This session explores how MLSecOps offers a structured approach to embedding security, privacy, and governance throughout the AI/ML lifecycle — from data ingestion and model training to deployment and monitoring. Drawing on standards and frameworks such as ISO 42001 and the OWASP Top 10 for AI, we’ll examine practical methods to reduce risk without slowing innovation. The aim is not to bolt on controls after the fact, but to build systems where resilience is designed in.