Agenda day 1
Tuesday, 25 August 2020, Sandton Convention Centre

Plenary Session

Opening remarks from the chairperson

Michael Avery , Michael Avery, Anchor, Classic Business FM

Keynote The impact of Covid 19 on cybersecurity

Charl van der Walt , Charl van der Walt, chief strategy officer, SensePost (part of Orange Cyberdefense)

Keynote Security as a business enabler: Making the business case for security

Jo Stewart-Rattray , Jo Stewart-Rattray, director of Information Security & IT Assurance, BRM Advisory (Australia)

The hardest thing a chief information security officer ever has to do is to convince the business that security is there to be both an enabler and to protect the organisation, its employees and products using the right tools, education and collaboration. Collaboration and co-operation are essential, as is forming a strong relationship with colleagues from across the business, the board and the risk and assurance committee to ensure security is seen as an enabler to the market context in which the business operates. This often includes educating those at the highest level within the organisation using diplomacy and understanding. In this presentation, you will be introduced to the business model for information security, as well as hearing about practical, pragmatic approaches to positioning security as an enabler in a range of industry settings, from healthcare to heavy manufacturing and high-end tourism.


Keynote Africa, the Internet and cyber security

Dr Kenneth Geers , Dr Kenneth Geers, senior fellow, ambassador, NATO Cyber Centre (Mozambique)

Africa is a massive continent that encompasses more than 50 countries, 1 billion people and 30 million square kilometres. This presentation examines how the Internet has changed African geopolitics, from domestic elections to international relations, and considers the impact of cyber space on African crime, human rights, revolution and war. Geers will examine key technological and socioeconomic indicators to see how African nations (individually and collectively) compare with the rest of the world. There will be a special focus on Africa’s unique characteristics, challenges and contributions – to the Internet, cyber space and cyber security.

Keynote Lessons from failure: How cyber security professionals can learn from analytic mistakes in other fields

George Beebe , George Beebe, vice president and director of studies, Center for National Interest (USA)

One of the most difficult challenges that cyber security professionals face is to anticipate and counter attacks by adversaries. The implications of failure are often enormous. But the odds against success are stacked by the inherent uncertainties in any complex system, the unpredictability of human behaviour, and the cognitive biases to which all analysts are prone, regardless of their area of expertise. Nonetheless, there is good news: Cyber specialists can learn lessons from past failures that increase their odds of success. In this eye-opening interactive talk, former CIA senior executive George Beebe shows how to apply those lessons in practical ways:

• The process of becoming an expert in a field also makes experts less able to anticipate disruptions to the normal course of events.

• To reduce their risks of surprise, cyber security professionals should learn lessons from mistakes made by experts in other fields.

These lessons include:

• Seeking alternative explanations for emerging developments;

• Looking to disconfirm rather than to support plausible analytic hypotheses; and

Attempting to see things through the eyes of potential adversaries.


Track One: Strategy and user awareness

This track takes a strategic look at how to raise awareness of cyber security throughout your business and encourage a culture shift whereby all employees take responsibility for security. Incident response at a strategic level and the changing role of security professionals will also be discussed.

Welcome by Track Chair

Craig Rosewarne , Craig Rosewarne, managing director, Wolfpack Information Risk

Case Study Increasing user awareness and developing an ongoing user training programme

Celia Mantshiyane , Celia Mantshiyane, CISO, Coca-Cola Beverages Africa

Panel Discussion How do you create a culture shift towards embracing security in your organisation?

Jo Stewart-Rattray , Jo Stewart-Rattray, director of Information Security & IT Assurance, BRM Advisory (Australia)
Robin Barnwell, head: security strategy, Standard Bank
Celia Mantshiyane, CISO, Coca-Cola Beverages Africa
Blaise Ntwali, information security analyst, Capitec Bank
Patrick Ryan, managing director, Mobius Consulting


Case Study Cybersecurity incident response – development, adoption, simulation

Angela Henry , Angela Henry, business information security officer, RMB
Raymond du Plessis, senior managing consultant, Mobius Consulting

In this talk Angela Henry and Raymond du Plessis will present on developing an effective incident management process. Worldwide cyberattacks are exponentially on the rise and many organisations are not ready to respond to an attack. Angela and Raymond will present on the steps you can follow to improve your organisations readiness to respond to a major cybersecurity incident. The talk will focus on the fact that a cybersecurity incident is not only an Information Security issue, it is an organisational-wide issue that requires the involvement of various business functions across the organisation to effectively deal with a cybersecurity incident. The talk will also include tips on developing and adopting a practical process that is applicable to your organisation, and lessons learnt from running simulation exercises.

Carpe diem - Seizing the security advantage! How to benefit from the ongoing transformation of security’s role in the workplace

Steve Jump , Steve Jump, head: Corporate Information Security Governance, Telkom

If you overhear someone talking about how they plan to address digitisation in their business, or they show you their plan for when 4IR happens, don’t laugh until you have thought about your own plans. The reality today is that if your business is not online, it is in trouble. If your customers cannot buy from you 24x7, they are already buying from your competitors.

The old way of thinking was to build your IT to support your business needs. The same applied to Web sites and databases to collect and mine your customers’ data. In this old world, security was often (always?) an afterthought, and probably included adding a password. But in today’s business environment, if you do plan on staying in business long enough to see what tomorrow actually looks like, you will have considered how the role of information security has made your business more agile, helped you prevent cyber-related outages and kept fraudsters away from both your own data, and from your customers’ data.

You haven’t? Then you really need to hear this. Security is not an add-on, it is a foundation for safe business, ensuring your new ideas can be published and accessed instantly, without concern; ensuring your customers can not only see that you are trustworthy, but you can prove it; making sure that your data stays your data, that your products stay yours until sold, and that your customer data remains just that – the data of your customers. And here is the part that your competitors do not want you to hear – the way you invest in security influences every other aspect of any technology you use, and it makes it better and cheaper to run.

Closing remarks from the chair and close of conference Day One

Track Two: GRC, Privacy and Regulation

This track will provide an update on data privacy and the legislation designed to enforce it, both local and global. It also examines how to integrate cyber risk into your information risk strategy. 

Welcome by Track Chair

Update on data privacy legislation in SA: When will PoPIA come into effect?

Adv. Pansy Tlakula , Adv. Pansy Tlakula, Chairperson, Information Regulator of South Africa

  • What is the latest status of POPIA? When is it expected to become fully operational?
  • What are the challenges of implementing POPIA and how are they being overcome?
  • How will POPIA be enforced once it comes into effect?
  • What can organisations do now to start aligning their business and governance processes with the Act?

Comparing the pros and cons of data protection and privacy legislation and the need for a global response

Susi du Preez , Susi du Preez, InfoSec engineer, Impact IT & Risk Services

Privacy law refers to the laws that deal with the regulation, storing, and using of personally identifiable information of individuals, which can be collected by governments, public or private organisations, or other individuals. This presentation will explore why a global effort is important to make our privacy and data safe and why a silo approach is not the answer internationally. Susi will explain what the major countries have in place regarding privacy acts (e.g. GDPR, POPIA) and how they compare. She will also discuss the African continent and how we as a global community can make our privacy and data safe again.

  • Why a privacy act?
  • Why a global effort?
  • How do privacy acts compare with each other internationally?
  • Where are African countries with privacy acts?
  • Revealing a comparison study between privacy acts, which highlights the strictest act yet (released in January 2020)


Reimagining your threat landscape in order to provide a business relevant view on your information risks

Emmerentia du Plooy , Emmerentia du Plooy, head of Information Risk Governance, Standard Bank

So often our threat landscapes are informed by the best threat intelligence we can put our hands on, or how wide our research took us. They tend to focus on threat events and threat actors and becomes a discussion topic when we want to scare our audience. Let's face it, ransomware sounds scary no matter how you look at it. But what if we are so busy analysing our threat landscape that we miss what is right in front of us? The aim of this presentation is to offer you an alternative perspective. One that starts by acknowledging what information we have in our organization because without it we cannot determine how to protect it:

  • Reimagining a list of threats facing our organisations and putting our information at risk
  • How these threats can influence or shift your risk management approach and ultimately improve your resilience

Data privacy and ethics

Yvette du Toit , Yvette du Toit, associate director, PwC

Closing remarks from the chair and close of Day One

Gold Sponsor

Silver Sponsors

Bronze Sponsors

Display Sponsors