AppSec and DevSecOps Summit Melbourne 2024

The Melbourne AppSec & DevSecOps Summit 2024, organised by Clutch Events, was a cornerstone event that united cybersecurity experts, software developers, industry leaders, and government representatives to advance application security and integrate security practices within the software development lifecycle. 

The Agenda

The event opened with Cole Cornford's keynote "10 Lessons from 10 Years in AppSec," where he shared insights from a decade in application security, emphasizing the evolution toward proactive, integrated security frameworks. Craig Dent from Snyk followed with "Policy at the Core: Infusing DevOps with Security," discussing how automating security policies within DevOps ensures consistent enforcement and reduces misconfigurations.

A panel featuring Steve Stojanovski, Neha Malik, and Bari Singh explored "Security Modernisation at Enterprise Scale," addressing challenges in implementing modern security practices across large enterprises with diverse technologies and distributed teams. After a networking break, attendees participated in "The AppSec Scenario," an interactive session involving real-world problem-solving.

In "How I Solved..." sessions, Tara Whitehead of MYOB discussed implementing secure builds with SAST without disrupting development teams, Toby Amodio of Fujitsu covered embedding security by design into development pipelines, and Vishal Ghariwala of SUSE addressed securing Kubernetes workloads effectively.

Post-lunch, Ken Johnson and Seth Law delivered the international keynote "AppSec: Origins to Innovations," tracing the evolution of application security and exploring future innovations like AI-assisted security tools. Matt Jones of elttam presented "A Tale of Adaptive Code-Assisted Security Testing," showcasing how custom tooling enhances security assessments.

The event concluded with "The Great Debate: Is Shift Left Dead?" featuring Paul McCarty, Toby Amodio, Cole Cornford, and Ken Johnson debating the relevance of the Shift Left approach in today's cybersecurity landscape.

Audience

The 140 strong audience included:

• Heads of Cyber from Belong, Diversa Trustees, Telstra and more
• Heads of Application Security from REA Group, Sportsbet, Origin Energy and more
• Senior engineers from NBNCo, Country Road, MYOB and more

‍Speakers Included:

• Ken Johnson, Co-Founder & Podcast Host, DryRun Security
• Seth Law, Founder, Principal Consultant, Redpoint Security
• Cole Cornford, Founder & CEO, Galah Cyber
• Craig Dent, Senior Solutions Engineer, Snyk
• Steve Stojanovski, Head of Engineering, Belong
• Neha Malik, Head of Application Security, REA Group
• Bari Singh, General Manager – SE&IT, Strategy and Technology Transformation, Telstra
• Tara Whitehead, Security Engagement Manager, MYOB
• Toby Amodio, Director and Government Cyber Delivery Lead, Fujitsu
• Vishal Ghariwala, Senior Director & CTO, Asia Pacific, SUSE
• Matt Jones, Partner, elttam
• Paul McCarty, Founder, SourceCodeRED & GitHax
• Toby Amodio, Director and Government Cyber Delivery Lead, Fujitsu
• Cole Cornford, Founder & CEO, Galah Cyber
• Ken Johnson, Co-Founder & Podcast Host, DryRun Security

‍Sponsors Included:

• Snyk
• Galah Cyber
• Suse
• Sonatype
• Orca Security
• Synopsys
• Veracode
• Akamai
• Secure Code Warrior
• Software Hub

Testimonials

• I enjoyed the format: small tables, debate with online voting
• Excellent event as what I have come to expect from Clutch Events

Summary

This conference held significant importance for the contemporary and future Australian business and government sectors as it directly addressed the escalating need for enhanced cybersecurity amid rapid digital transformation. With Australian organisations increasingly adopting new technologies, securing software applications has become more critical than ever. The knowledge exchanged and partnerships formed at AppSec & DevSecOps Melbourne are anticipated to influence industry best practices, inform policy making, and promote a culture where security is integral to development processes, thereby strengthening Australia's overall cybersecurity framework.