location_city Melbourne schedule Dec 5th 03:20 - 03:50 PM AEST place Grand Ball Room 1

When you experience a breach as a tech organisation, it is how you respond, and what you learn from it, that matters most.

We invested heavily in security at PageUp, even going through the ISO 27001 certification process, including having a very active Information Security Governance Committee and a robust security incident response plan -- however -- until May, a security incident was something that you prepared for, but always happened to other organisations.

These days, cyber attacks are a fact of life: it is now a question of when, not if, they will happen to your organisation. That mindset switch has many implications to culture, technology and investment.

We often hear about security incidents from industry experts, academics and commentators in the media. This is a valuable opportunity to share my personal experience with my peers. In this talk, I’ll take you through the key lessons we have learned as an organisation and how we’re implementing this mindset switch.


Outline/Structure of the Talk


  • Overview of the security incident
  • Our team’s experience of the breach in the following days, weeks and months
  • Lessons we’ve learned
  • How we are shifting our security architecture, culture and processes in the post-incident world.

Learning Outcome

Attendees will gain an insight into the security incident response process from a CTO’s perspective and understand the lessons learnt.

Target Audience

CTOs will benefit from this talk. If you want to know how to approach breach scenarios from someone who has experienced it first hand, then this is the talk for you.

Prerequisites for Attendees


schedule Submitted 4 years ago