Zak Siddiqui
Zak Siddiqui is the Co-Founder at KELSIEM based in Sydney, Australia. He spends his time helping companies define and achieve their security goals using next-generation technologies. Unsatisfied by existing SIEM products, Zak embarked on a project to come up with something better, faster, and cheaper. As Co-Founder and Chief Software Architect of KELSIEM, he helped build and launch KELSIEM REALTIME SECURITY, a managed cloud SIEM service. Zak enjoys tinkering and exploring new technologies to embrace the future, break existing paradigms, and sharing his journey with others.

How to proactively perform a CxO-targeted “Security Practices and Capability Review” based on ISO 27000 and the Capability Maturity Model - Zak Siddiqui

Tutorial - Wednesday (Verandah Room)

This is a practical workshop on how to proactively perform a Security Practices and Capability Review based on ISO 27000 and the Capability Maturity Model. At the end of this workshop, attendees will be able to do the following for their organisation: * Demonstrate a business case for expanding the Information Security team. * Systematically assess IT security capabilities and practices; * Utilise the findings to build capability to support InfoSec agility. * Identify relevant gaps between existing Information Security posture and world’s best practice.

The approach taken will consider both strategic and tactical efforts, or in other words a blend of both “proactive improvement” and “keeping the lights on”. By the end of this session, attendees will be capable of performing a full review and present a 50-page, data-rich and compelling case for resources, funding, and staff. The deliverable includes: * Executive Summary for CEO, CIO, CFO * A Summary of Findings for the Leadership Team. * A Detailed description of findings. * Mapping of capability gaps to job descriptions. * Key Recommendations

Cyber Risk Insurance and Logging Requirements for Forensics - Zak Siddiqui, Fergus Brooks

Talk - Thursday (Hinterland Room)

This talk focuses on reducing your brand and reputational risk by understanding how incident response works as part of your overall Cyber Risk Insurance strategy. It also discusses the best way to engage with the Risk and Audit Committee to work security into your organisations's overall Risk Management Strategy.