AppSec & DevSecOps Melbourne schedule

In this 5-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network! 

Security teams are split: should we embed security early in the SDLC or rely on AI to detect and fix vulnerabilities faster? This interactive debate explores the trade-offs, risks, and real-world impact. No easy answers, just insights to challenge how you secure modern delivery pipelines.

• Can AI replace secure coding practices, or is developer education irreplaceable?
• Are AI tools creating hidden risks, or do traditional processes slow innovation?
• How do you balance human judgement, automation, and team accountability in modern DevSecOps?

Facilitator:

Angelina Liu Account Executive Aikido

Speakers:

Kalpana Venkatesan Senior DevSecOps Engineer Kmart Australia

Thilina Senevirathna Technical Lead Cloud & Application Security Reece Group

Sara Gray Senior Product Security Manager Atlassian

Ransomware remains one of the most disruptive threats with attackers adapting faster than many defences. This session expliores practical strategies for prevention, early detection and effective response. Learn how to reduce impact, strengthen readiness and close the gaps that make organisations vulnerable to modern ransomware campaigns. 

Application security is often mentioned in compliance frameworks, but does it actually get integrated into risk management processes? This panel examines the disconnect between GRC requirements and engineering reality, and how teams can close the gap.

• Why are AppSec risks still overlooked in many GRC frameworks?
• How can compliance obligations become actionable for developers without creating friction?
• What metrics or reporting approaches best link AppSec outcomes to business impact?
• Should GRC professionals and engineers collaborate differently to improve adoption and visibility?

Panellists:

Jugal Nayal Application Security Specialist Data Capture Experts  

As software delivery accelerates, compliance can’t be an afterthought. This session explores how leading teams embed automated controls into CI/CD pipelines, translating governance into code. Learn practical approaches to scaling compliance across DevSecOps workflows—without slowing innovation or compromising security.

This session explores how security controls behave in live delivery environments. From blocked pipelines to last minute risk escalations, the release function often sees where DevSecOps design does not match operational reality. The speaker shares how controls were redesigned to reduce friction while improving risk clarity and release predictability.

AI is transforming the way organisations approach offensive security. Rather than relying solely on periodic, human-led exercises, AI can simulate adversaries at scale and in real time, continuously probing for weaknesses that traditional methods may miss. This session will explore how AI is being applied to red teaming, the opportunities it creates for faster feedback within DevSecOps pipelines, and the safeguards required to ensure these simulations remain accurate, ethical, and effective. 

The static nature of traditional threat modeling approaches fail to capture the fluid attack surfaces of cloud-native ecosystems and AI-integrated workflows. This session introduces MAESTRO, a dynamic threat modeling framework designed for multi-agent systems, continuously evolving environments. Using real-world examples, it shows how to embed security into AI lifecycle and CI/CD pipelines addressing IAM complexity, misconfigurations, supply chain risks, and emergent threats - enabling DevSecOps teams to build resilient, adaptive, and secure AI systems by design.

Speakers:

Owais Khan Senior Cyber Security Architect EnergyAustralia

Rakesh Sharma Chief Advisor CYAIFI (Cyber & Artificial Intelligence for Future Impact) 

This panel explores how organisations manage security beyond the code they own. Panellists share how they maintain visibility, enforce standards and reduce risk across APIs, microservices and SaaS integrations.

• What blind spot in an API, SaaS, or dependency later turned into a security issue?
• Where have ownership gaps caused problems, and how did you fix them in practice?
• What security approach sounded good on paper but failed once teams had to move fast?

Panellists:

Luke Bampton Application Security Lead Monash University

Medha Mishra Lead Application Security Engineer Wrkr

Ibrahim Mohammed DevSecOps Design & Assurance Manager Insignia Financial 

 As cloud adoption accelerates, managing and securing digital assets is more critical than ever. This session explores strategies for ensuring robust security, maintaining compliance, and strengthening governance. We’ll also examine how software supply chain management plays a key role in mitigating vulnerabilities, providing a comprehensive approach to securing your organisation’s digital landscape.  

This session explores how AI/ML is being applied within DevSecOps pipelines supporting the Lifeblood Donate Blood app and the internal Lifeblood platforms behind it. We’ll focus on practical ways AI is being used to increase test coverage, enhance security, streamline delivery, and introduce smarter governance, along with insights from applying these approaches in a production environment.

• Leveraging AI to enhance security and pipeline efficiency
• Balancing automation with regulated governance in DevSecOps
• Insights from scaling AI across customer and internal platforms

Security teams debate whether engineers respond better to incentives or enforcement. This session explores approaches for motivating secure coding practices in fast-moving DevSecOps teams.

• Do incentives work better than mandatory rules and policies to drive secure behaviour, or vice versa?
• Are there examples where culture alone improved security outcomes more than policies?
• How do metrics and recognition influence engineering decisions day-to-day?