Ireland Sydney

Welcome to COSAC's second annual event in Asia-Pacific, hosting the SABSA APAC Congress. For 2018, COSAC will be held in Sydney for the first time. 

Our agenda has been selected by previous COSAC participants to ensure sessions are unique, timely, cater for the participative COSAC ethos and deliver value for experienced security practitioners. 

Thursday 6th December 2018

09:30 - 10:00 Delegate Registration & Coffee

11:40 Morning Coffee
16:10 Afternoon Coffee

Workshop W1

10:00 1st COSAC APAC Design-Off Speaker(s): William Schultz,

William Schultz

Principal Security Architect, Vanderbilt University Medical Centre (USA)

Bill Schultz is security architect who has worked in the Information Technology field for over 14 years, with s focus on Enterprise Architecture, Security Architecture, Risk Management & Compliance. Bill has built security programs, risk management programs, and developed strategic architectures and technical system architectures. Bill has led risk management & security architecture initiatives to build secure systems that comply with Federal, Healthcare, or PCI Standards. 
Jason Kobes

Jason Kobes

Principal Cyber Architect, Northrop Grumman (USA)

Jason Kobes works as a Principal Cyber Architect & Research Scientist in Washington, DC for Northrop Grumman Corporation. Jason has over 20 years of experience concentrated in information systems design analytics, business/mission security architecture, enterprise risk management, information assurance research, and business consulting. Jason has a Master's of Science in Information Assurance (MSIA) and a Bachelor's of Science in Computer Science from Iowa State University. 

This year we are bringing the highly successful Security Architecture Design-off to COSAC APAC! In the spirit of hack-a-thons, this competition was born out of a desire to provide a venue for security architects to apply their skills in a safe environment. This is a unique competition format that uses real clients, scenarios and deliverables to see which team will reign supreme! Whether you are a seasoned enterprise architect or security architect, or just looking to try something different to build and enhance your skills, this session will provide a unique opportunity to prove and hone your architecture chops. Many practitioners come out of self-study or training armed with new skills, but struggle with applying them in complex situations and under tight time frames. Not to mention, there may be a limited number of practitioners in their organization (or region for that matter) to learn from. The primary goals for this session are to build relationships with other practitioners, to learn from each other on different ways to apply techniques to solve problems, and setup situations where we can creatively apply and adapt our skills. This is not a session where you will sit and listen to a presenter telling you how to do something.

Past attendees of the COSAC - Ireland Design-off have marked this as one of the highlights of the conference and we hope you will leave feeling the same way. Each year we feature a unique customer and problem set to provide context for the activities. This year we have several tweaks planned based on feedback from past attendees that we think will further enhance the experience!

Teams are made of people with different skill sets and skill levels, and team members will be actively engaging each other and trying to find the best way to meet the challenges. This is not a competition in using a specific formal methodology or framework (although they will definitely come in handy), but is meant to be an exercise in applying these techniques in a ways that most effectively meet the client’s needs. The activity will involve skills in listening to clients, applying risk management, demonstrating business value, and effectively communicating with the client. There can be only one winning team, however all participants will learn from the experience. Where else can you see how different groups of high level security practitioners apply their skills to address the same problem? That said, you will want to win this! The winning team members not only get bragging rights, but will be announced on the SABSA LinkedIn group, and each member will receive a personal acknowledgment on their LinkedIn Page congratulating them on their achievement!

A few of the hardest problems SABSA architects face are working alone, and getting started where there are challenges. These design workshops not only build teams from people who may have never worked together before, they challenge the groups to quickly overcome challenges to deliver actionable architecture quickly. It can be done; this activity proves it.

Workshop W2

10:00 2nd Annual APAC international Roundtable Security Forum Speaker(s): John O'Leary

John O'Leary

President, O'Leary Management Education (USA)

John O'Leary, CISSP, is President of O’Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. John was the recipient of the 2004 COSAC award.

The 2018 iteration of the COSAC APAC International Forum will be a microcosm of the COSAC experience:

  • Seasoned security veterans trading ideas and opinions based on real experience in real situations
  • Practitioner heavyweights offering and defending their opinions, but ever-willing to help others and learn from each other
  • Trenchant analysis of recent security-related events and trends from perspectives illuminated by knowledge and experience

The moderator posits real-life scenarios, asks a question or two about relevant issues, then tries to not get in the way so that participants may discuss topics, opinions and actions freely and subject their ideas to the scrutiny and analysis of all the experiential wisdom in the room.

Even at its COSAC Ireland inception, back in the pre-cloud, pre-Ransomware, pre-GDPR, pre-Cambridge Analytica and pre-IoT era, the overriding premise for the Forum was that “the most significant benefit of attending any conference or session is the chance to compare notes, strategies and techniques with others who are similarly situated and facing the same types of problems every day.”

That’s still just as true in Australia and New Zealand in late 2018. We’ve been facing some truly original problem scenarios, ones that could keep us busy 24/7 seeking viable solutions or workarounds. But we can’t devote all our time and resources to new issues because old ones keep rearing their heads and roaring, perhaps with updated verbiage and at different decibel levels from their original manifestations.

What makes the Forum so valuable is learning from the hard-earned skills, fortitude and wisdom of others who have run this gauntlet, perhaps several times, are facing similar challenges and know how to avoid or survive the tomahawks.

The Forum also gives us a chance to articulate our own issues and collect reactions from genuine practitioners rather than consultants looking for a lucrative engagement or to sell a specific product.

Come join us. Help solve the information security problems of the world and develop unerring (we hope) predictions for the future.

13:30 - 14:30 Lunch

Dinner & Networking

18:00 Drinks Reception
18:30 Dinner