The theme for this year’s conference is ‘the expanding impact of hostile tech’. As people rely more on technology, they are also more subject to unintended - even hostile - consequences. Combined with the increasing complexity of technology, the need for mature risk management and security practices has never been greater.
Agenda - Day 1
Monday | September 13| 2:00pm - 4:00pm AEST
Workshops are at full capacity.
How not to make the news - agile threat modelling
Track 1 facilitators: Kelsey van Haaster & Vishal Srivastava | Track 2 facilitators: Archana Khanal & Robin Doherty
When developing user stories for a new product or feature, stories for security requirements are all too often an afterthought or not considered at all. However, the real challenge is that from the stakeholder perspective, security is not viewed as a priority. In this interactive session, learn how to influence your stakeholders and help them understand the importance of security. We'll show you how to facilitate a threat modelling workshop with stakeholders to help identify risks and turn them into playable user stories.
Agenda - Day 2 (Talks)
Tuesday | September 14 | 9:30am - 3:50pm AEST
9:30am - 9:40am
9.40am - 10.20am
Keynote: Digital trust and the architecture of participation
In 2005, Tim O’Reilly coined the phrase “architecture of participation”, a Web 2.0 concept that pivoted the web away from a “publishing” metaphor to one of “participation”. Over thirty years later, Sir Tim Berners-Lee (the creator of Web 1.0) is back with a new perspective on the architecture of participation - one that is personal, privacy-based, and most strikingly, identity-based. His new decentralized approach to participation reintroduces the idea of digital trust back into our lives at a time when it is deeply needed and conspicuously absent. In this keynote, Scott will give pragmatic examples of digital trust that exemplify this new emerging era of the web and advise on how digital trust can be a competitive advantage for early adopters.
10.20am - 11.00am
Guest keynote: Tech for people, not users, and the role of human rights in design
The term ‘hostile tech’ makes us think of the growing pile of tech scandals - from Cambridge Analytica to Robodebt - but from the perspective of users, technology can be hostile when it works exactly as it is supposed to. So what defines hostile tech might depend not only on who has designed it, but how it is experienced. Technology that entrenches power structures and bigotry is not the fault of users, but a problem for which designers must take responsibility. By thinking about design decisions through a human rights lens - focusing on empowerment, public participation and accountability - we can avoid contributing to a digital dystopia. Our guest keynote speaker, Lizzie O’Shea, will talk about the many ways a human rights-based approach to technology can be put into practice.
11.00am - 11.20am
11.20am - 12.00pm
Building a secure data platform: why good design and security go hand in hand
Harmeet Sokhi & Kiru Samapathy
More data is being collected, stored, processed and exchanged than ever before. With wider access to all data sets beyond a specific domain and businesses leaning towards data-driven decision making, the risk of data breaches is at an all-time high. This session will introduce how to leverage data classification to design a secure data platform and how this can be extended to protect data based on risk levels.
12.00pm - 12.40pm
Lunch Break (includes guided meditation)
12.40pm - 1.20pm
Passwordless: a story of risk, protection and excellent UX
Kelsey van Haaster
Dump your password and improve your security. The combined use of a password management system and multi-factor authentication might give us hope that our corporate assets are no longer protected by the same password someone used on their favourite shopping site, but unfortunately, things are never that simple. Passwordless authentication is one exciting way forward. In this session, Kelsey will share her experience introducing passwordless login at Thoughtworks.
1.20pm - 2.00pm
Trust teams but verify: compliance as code done right
Effy Elden & Eugene Kariba
How can organizations enable developers to deliver secure and compliant software without becoming a bottleneck for innovation and a drain on team morale? As a relatively new area, Compliance as Code offers a potential solution to this challenge. In this talk, Effy and Eugene will discuss the various aspects of Compliance as Code, including the benefits, challenges and common pitfalls.
2.00pm - 2.20pm
2.20pm - 2.50pm
The psychology of security - why we make mistakes
When it comes to security, human error accounts for many data breaches. But have you ever wondered why we make mistakes in the first place? Is it really human error or something else going on? Based on first hand research and established behavioural research, Diana will share why this happens. Topics include how to think about people and security, security in teams, and the strategies to help reduce the risks.
2.50pm - 3.20pm
The **** we've seen
Barely a day goes by without another security incident hitting the news. Many legacy systems are ridden with vulnerabilities and, even as digital businesses accelerate, the threats continue to evolve at an ever increasing rate. Yet, the majority of these incidents could have been avoided if they had followed a deceptively simple principle. Join Peter as he shares their (almost true) stories of security gone wrong and how to mitigate the risks.
3.20pm - 3.50pm
Come meet our speakers and have your hard hitting questions answered.