From uniform policing to cyber security - decisions at 20 do not need to determine your life's career journey!

Talk - Career journey

Talk on the career journey of Mastercard’s Regional Security Manager. From a police officer in the UK and Australia into the private sector.


James Spalding

Achieving Supply Chain Security on a Budget

Talk - Supply Chain Security

Have you ever wondered about how to set up a supply chain security practice in an organization, or curious about the supply chain security of your own packages? If yes, then this is the talk for you! This talk explores the importance of supply chain security, the evolving threat landscape, and cost-effective solutions for managing these risks.

We will discuss approaches to identify and classify risks in software projects and endpoints, along with the use of practical tools and strategies for mitigation. We will also cover developing tailored incident response plans and techniques for selling supply chain security initiatives to board members and leadership, emphasizing compliance, collaboration, risk reduction and return on investment.

Key takeaways will provide comprehensive guidance on setting up your supply chain security practice, implementing effective strategies, and showcasing its value to leadership.

Join us for an engaging talk that will empower you to become a supply chain security hero, even on a limited budget.


Sajeeb Lohani, Ben Christian

Dreaming of auto-magical dependency updates

Talk - Web Application Security

Modern day apps include hundreds or thousands of third party dependencies. While SBOMs promise to make it easier for us to know what dependencies we have, it doesn’t auto-magically do our dependencies upgrades which remains a largely manual effort.

In this talk, we explore the limitations of SBOMs and common gaps in the dependencies discovered by commercial and OSS tools. We continue to evaluate existing auto-PR features of Github Dependant, Snyk, etc and identify the complaints and issues your Software Engineering teams will encounter while using these, including ‘death by a thousand PRs’, broken builds, (regressions to) immutable builds, etc.

We finally introduce Renovate, a tool from that is available under both free and commercial models. We see how it helps address these challenge and how it can make regularly upgrading your dependencies a little bit easier.


Andy Vermeulen

Bridging the Gap for Future Professionals

Talk - Information Technology

Embarking on a cybersecurity career? Join me for a talk on seamlessly transitioning from a cybersecurity degree to a thriving profession.

In a rapidly evolving cybersecurity landscape, skilled professionals are in high demand. But bridging the gap between theory and practice can be daunting. Discover actionable strategies to equip yourself with the skills and mindset needed for success


Montii Abid

GRC - An Intro to Governance, Risk and Compliance

Talk - GRC

Discover the world of Governance, Risk, and Compliance (GRC) with Cam La in this informative talk. Gain valuable insights into the fundamental concepts of GRC and its significance in today’s dynamic landscape. Cam brings her expertise from a range of infosec domains to shed light on the crucial role GRC plays in bridging the gap between domains, to help support an organisation’s cybersecurity posture.


Cam La

Rabbit holes into privacy



Jenny Yang

Getting into and excelling within cybersecurity!

Career Panel - Infosec

This panel will bring together diverse professionals to shed light on the different ways to get into infosec. The panel includes experts with startup, corporate, consulting, and unconventional backgrounds, offering invaluable perspectives on career trajectories. Topics covered include personal career decisions, choosing between offensive, defensive, or policy roles, and the essential skills required for success in a corporate cybersecurity environment. Gain insights into career choices and effective communication strategies in the cybersecurity realm!



Unravelling Lumma Stealer: Hands-on Malware Analysis

Workshop - Malware Analysis

Jump in on this workshop to learn malware analysis using real-world scenarios, focusing on analysing the Lumma Stealer malware. Through practical exercises, you will analyse malware behavior, Wireshark dumps, and use other techniques to uncover useful information. This workshop equips attendees with valuable skills related to cyber investigation and response, and will give you many threads to pull on to learn more! Ideal for 2nd and 3rd-year students seeking to get into in malware analysis.


Sharath Shamachar

Dashboards and Duct Tape: An Industry Introduction to Incident Response

Workshop - Cyber Security Incident Response

When your organisation suspects a cyber security incident may be afoot, there are many moving parts to co-ordinate to ensure that you and your team can put their best feet forward and rise to the challenge of identifying, analysing, containing and eradicating the attack, and everything else that a major incident can throw at you. Participants will work through a realistic Incident Response Table Top Exercise (TTX) that is reflective of a real-world incident and can expect to improve their understanding of incident response processes, be more confident, and better prepared for the inevitable.


Jamie McPherson, Queen Aigbefo, Tai Tran

Fuzzing: automated edge case searching

Workshop - Vulnerability Research and Zero Days

Writing tests for mission critical software is an important part in mitigating potential vulnerabilities, however there are many edge cases that can’t easily be conceived or spotted by us programmers, so that’s where fuzzing comes in. It is reported that Google has found over 25,000 bugs in Chrome alone via fuzzing, and another 36,000 in other open source projects that they make use of. In this workshop, we will demonstrate live how to set up fuzzing on a basic Rust project (allowing the audience to follow along), and catch multiple security vulnerabilities along the way.

Engage with this talk

Google's resources on fuzzing

UTS Programmers' Society

Alex's security journey: a cautionary tale

life story/cautionary tale

Wow, you are trying to figure out how to study or even find gainful employment in security, and I have recently studied and found gainful employment in security. Perhaps we can make something happen, talk business, have your people talk to my people? In this talk I will calmly and coherently walk you through my story of not knowing what security is, being vaguely interested, being REALLY interested, and then a thrilling Act 3 conclusion where I show you all the things I think are cool about it.



Using malware to destabilise a country

Threat Intel & IR

In this talk, you’ll learn about the high impact and profitable malware incident that affected Colonial Pipeline in 2021. This deep dive will touch on the technical details and show the real world consequences of cyber attacks. Come with us to learn what failed, what lessons we can learn from this, who are the people behind it and what else they’ve been up to.



Active Directory Hacking Speedrun!

Network Security

A fast and furious run through as many AD/Windows Domain attacks as possible, focusing on only the most critical information for pentesters and hackers.


Alexei Doudkine

The mind is the battleground - Human cognition in cyber security

The Human Factor

Trusted users within an organisation responding to phishing emails remain the most common form of cyber-breach. A single click by a staff member can overcome the most stringent of technical defences allowing attackers access to otherwise secure systems. Therefore an effective defence against attackers using social-engineering tactics requires an understanding the human within the system - and specifically the cognitive processes that users deploy in making cyber security related decisions.\n\nThis talk will introduce the problem of human behaviour in cyber security, touch on the major theoretical models of human decision making and then delve into a case study of Employees within a major Australian bank.


Dan Conway

Introduction to Capture The Flag (CTF)


Introduction to Capture Flag (CTF) will run through the basics of all things CTF: Why we play them, where you find them and how to get started? We will also cover a couple of basic challenges from DownUnderCTF 2021. This talk should hopefully give you the confidence to try DownUnderCTF 2022 and all future CTFs :)


Max Caminer + DUCTF Crew

Practical RSA Cryptanalysis


RSA Cryptography is ubiquitous on the internet and a fundamental part of our daily lives but many, even in cybersecurity have only a vague understanding of how it works. Did you know its based on relatively straightforward mathematics? Did you know that there are series of simple ways you can tell if it has been used incorrectly in a way that compromises it?

In this talk we intend to describe how RSA works in simple terms. We will also describe some common RSA implementation mistakes, how you can spot them and why they might be interesting to know about for a cybersecurity student or professional. We’ll go on to give practical steps on how you can break RSA when used incorrectly and how that has been demonstrated in the real world at scale on the internet.

This talk is for Students or professionals with an interest in math and or math in security CTF players who mostly skip the cryptography category Security engineers who want to know more about RSA for use during application security reviews


Kris Hunt

Incident Response: A practical beginners guide to phishing

Incident Response

Phishing emails are ever present and come in many forms. Especially in large environments how do you scale your response and effort to ensure you’re resolving these security risks without dedicating your life to phishing.


Ian Szklinski

What to do once you compromise a developer's account

CI/CD security

Alex’s talk will be about what CI/CD pipeline runners are and how widespread they are in the systems we use, like GitHub, as well as cover the risk they pose to organisations. His talk will then discuss and provide examples on how red teams abuse these mistakes, and briefly explain what organisations should look out for so they can better protect themselves.


Alex Hill

Easy(-to-break) Anti-Cheat

Game Security

Online video games have always had the a hidden battle that exists similarly to the cybersecurity world: the battle between devs and cheaters. Anti-cheats are the cheat code to preventing cheaters from gaining advantages in games. But anti-cheats aren’t perfect.

This talk will provide an overview of anti-cheats, and go in-depth through a method of gaining code execution in an Easy Anti-Cheat protected game.


George Dan

Introduction to Web3 hacking: hunt, reverse engineer and fix a smart contract vulnerability

Web3 Security

Web3 security is a whole new world where we should re-learn and change our perspective on AppSec. In this session, I will introduce Decentralised Apps (dApp) from security angle. I will then go under the hood of a dApp (Solidity) vulnerability and reverse engineer a security vulnerability. I will conclude with ways to effectively eliminate the vulnerability.


Pedram Hayati

The Art of Threat Detection: Literally the last line of defence.

Network Security

You can’t respond to what you don’t catch. Threat detection is a vital security function that is both fun and exciting! Come on a journey with me to explore the art and joy of finding badness in networks. This talk will explore the systems, methodologies, and processes behind security detection engineering. You’ll get a chance to see how a detection rule is completed from start to finish. Who knows, if the demo works you may even see the detection rule in action during the presentation ;-) !

Engage with this talk

Detection in Depth by Joshua Prager

Darsh Shah

The kids are not alright: How some Millennials and Gen Zers are cybersecurity liabilities

Network Security

The generally accepted stereotype is that younger generations are more tech savvy; however, younger individuals are far more reckless in their browsing behavior. What does this mean for individuals and consumers alike? How you leap into a digital first world and succeed?


Laura-Rose Carbone

Embedded Device Hacking 101: A story of 2 root shells with Nokia' s 5G router

Web Application Security

Have you ever wondered how secure that router your ISP provided you actually is? Or how you might go about evaluating a device like that?

This talk is an introduction to embedded device hacking spanning both software and hardware techniques.

As a case study, we looked into the security of Nokia produced 5G routers deployed as a part of Optus’ 5G home broadband packages.

Attendees should walk away with the knowledge to begin looking at embedded devices around them and an increased level of distrust/paranoia.


Victoria Cheng, Tiara Wong, Eddie Zhang

Getting into AppSec

Web Application Security

Companies are increasingly turning to software engineering to solve their business challenges. As security professionals, we need to help our engineers design and operate secure systems. But the pathway into Application Security isn’t clear and most people I know have stumbled into it accidentally, or from an adjacent discipline.

This talk will give an overview about what ‘AppSec’ is, the types of things you’ll be doing to secure software applications and help engineers, and steps you can take to prepare yourself for a career in this space.


Cole Cornford

The Journey to The Self-Driving SOC

SecOps and Automation

Twenty years ago, few believed self-driving cars could happen yet they’re here. Will the same principles pave the way towards self-driving security? Sean Duca explores what an autonomous SOC looks like, why it’s needed and how getting there requires a revolution in innovation. Sean will also detail potential pitfalls along the way.


Sean Duca