As the world marches forward into 2024, the ever-evolving realm of application and cloud security presents both pioneering prospects and intricate complexities. In September, the Melbourne AppSec and DevSecOps Summit stands as your indispensable gateway to navigate, negotiate, and nurture strategies in this ever-vital domain.

This paramount event congregates Australia’s top-tier software and security experts, offering profound insights into themes that mould the current application and cloud security panorama:

  • Software Supply Chain Risk: Delving into the risks associated with software sourcing and managing them proficiently.
  • Developer Training and Engagement: Cultivating an environment where developers are equipped, involved, and inspired.
  • Continuous Threat Modelling: Up-to-the-minute strategies for persistently evaluating and mitigating threats.
  • AI-Driven Software Assurance: Leveraging artificial intelligence for proactive software security.
  • Software Delivery Governance: Ensuring systematic and secure processes in software delivery pipelines.
  • App, Cloud, and Product Security: Comprehensive strategies for safeguarding today's digital assets.

Featuring a line-up of esteemed professionals and visionaries from the security sphere, the summit guarantees illuminating dialogues and unparalleled networking occasions. The insights and experiences shared will enable you to hone your security postures, fostering resilience and excellence in your establishment.

Unravel, unite, and uplift your security strategies at the Melbourne AppSec and DevSecOps Summit 2024. Boost your security prowess and be at the forefront of the application and cloud security revolution.

Fortify your security stance with precision. Register today!


Eldar Marcussen
Head of Offensive Security

Tara Whitehead
Security Engagement Manager

Cole Cornford

Founder & CEO

Neha Malik
Head of Application Security

Ken Johnson
Co-Founder & Podcast Host

Seth Law
Founder, Principal Consultant

Steve Stojanovski
Head of Engineering


Matt Jones


Paul McCarty

SourceCodeRED & GitHax

Toby Amodio
Director and Government Cyber Delivery Lead


Arrival & Registration


Welcome & Ice-Breaker Exercise


Opening Keynote:
10 Lessons from 10 Years in AppSec

In this keynote, we dive into Cole's decade of AppSec experiences, highlighting the pivotal lessons learned and strategies developed to counter evolving cyber threats. The session will explore the transformation of AppSec practices in response to changing technologies and threat landscapes, emphasising the importance of an integrated, proactive security approach.

We will uncover the journey of AppSec evolution, from early reactive measures to today's sophisticated DevSecOps methodologies. This exploration will provide attendees with a comprehensive understanding of how to build resilient and adaptive security frameworks within their organisations. Key takeaways will focus on actionable insights, innovative trends, and practical strategies for enhancing application security.

Items to be covered include:

  • Understanding how application security has transformed over the last decade, including shifts in threats and technology advancements.
  • Key strategies for embedding security within the development lifecycle, highlighting collaboration between security and development teams.
  • Developing forward-thinking AppSec measures, focusing on risk assessment, continuous monitoring, and incident response to build a robust security environment.                                             

Cole Cornford, Founder & CEO - Galah Cyber


Policy at the Core: Infusing DevOps with Security

Policy as Code in DevSecOps is about treating security and compliance policies with the same level of automation, integration, and version control as application code. This approach helps organisations ensure that security and compliance requirements are consistently met throughout the software development and deployment lifecycle, reducing the risk of security misconfigurations and compliance violations for your applications.

  • Exploring how security and compliance policies can be integrated into DevOps practices using automation, to ensure consistent application across the software development lifecycle.
  • Discussing methods and tools for automating security and compliance checks within the CI/CD pipeline, minimising the risk of misconfigurations and violations.
  • Highlighting the importance of using version control for policy as code to facilitate collaboration among development, security, and operations teams, ensuring up-to-date and consistent enforcement of security standards

Pas Apicella, Principal Solutions Engineer - Snyk


Security Modernisation at Enterprise Scale

Steve Stojanovski, Head of Engineering - Belong
Neha Malik, Head of Application Security - REA Group


Morning Tea & Networking


Audience Activity:
The AppSec Scenario

In this innovative session, attendees will be faced with a series of scenarios that they may face in their roles. Attendees will discuss the possible courses of action with their peers to consider the ramifications of each option before logging their own course of action. 

Results will be tallied and analysed by our session facilitator and results will impact the way the group moves through the activity.

Will we collectively choose the right course of action?


How I Solved.... 
Breaking Builds Without Breaking Hearts: the journey to building secure builds with SAST

Tara Whitehead, Security Engagement Manager - MYOB


How I Solved.... 
Rethinking Input Validation

The concept of input validation as a security control is at least 20 years old, and it is time to reflect on how it is used, its limitations and whether it is still relevant to application security and secure software development anymore. Join me in reviewing input validation under a few different lenses to see if we should still be making this recommendation.

Eldar Marcussen, Head of Offensive Security - SEEK


How I Solved.... 

Peter Lees, Principal Solution Architect - SUSE


Roundtable Discussions:

  1. Securing Cloud Architecture
  2. Optimising DevSecOps Integration
  3. AI in DevSecOps + AppSec
  4. DevOps Incident Response
  5. Managing Supply Chain Risks
  6. API Security and Management
  7. Security in CI/CD
  8. Serverless Security


Lunch & Exhibition


International Keynote:
AppSec: Origins to Innovations

Join Seth Law & Ken (“cktricky”) Johnson on a journey through the evolution of Application Security (AppSec) and what this means for our future. In this engaging talk, the duo will explore  significant milestones in AppSec, starting from early research in the 1960s, the release of JavaScript in the mid-90s, the discovery of exploits such as SQL Injection, to the modern innovations that are reshaping the field today.

Key highlights include:

  • Historical Timeline: A detailed overview of notable markers in Application Security history, including the introduction of Agile, DevOps, OWASP, and more.
  • Tool Evolution: An examination of how security tools have evolved from basic DAST to sophisticated combinations of SAST, SCA, SBOM, and ASPM, including emerging trends in auto-threat modelling and auto-remediation.
  • Process Evolution: Insights into the changing strategies in prevention, testing, threat modelling, and training, highlighting the shift from security expert-driven processes to developer-focused and AI-assisted approaches.
  • Innovations in AI: A deep dive into the current capabilities and limitations of AI in AppSec, debunking common myths, and showcasing practical applications such as automated design reviews, threat modelling, and secure coding assistants.
  • Future Opportunities: A look at how roles in security are transforming, the potential for AI to enhance security practices, and the importance of adapting to new methodologies like "Shift Smart."

By understanding the past and embracing the future, we can better prepare for the evolving landscape of application security. This talk is a must-attend for anyone interested in the intersection of security, development, and innovation.

Ken Johnson, Co-Founder & Podcast Host - DryRun Security
Seth Law, Founder, Principal Consultant - Redpoint Security


A Tale of Adaptive Code-Assisted Security Testing

When conducting code-assisted security tests there's a lot of things to consider, from understanding the unique requirements and circumstances of the project itself, through to being up to speed and across the relevant technology stacks, threats, and best practices.

This talk will look at how we've invested in research and engineering to develop our own tooling and automation to help us scale, adapt, and evolve to meet the demands of performing security assessments for a mix of customers.

This talk will then provide demos of tools we've built and also community projects we find helpful, then finish on how you could also adopt these tools and approaches for your own products and processes. 

Matt Jones, Partner - elttam


The Great Debate:
Is shift left dead?

Join industry experts to rigorously examine the relevance and effectiveness of the Shift Left approach in today’s cybersecurity and development environments.

  • Debate the practicality and impact of integrating security early in the development lifecycle, evaluating whether this approach still holds value amidst rapidly evolving technology landscapes.
  • Argue over the challenges and diminishing returns that may arise from early security integration, discussing if newer methodologies or paradigms could better serve modern development and security needs.
  • Explore potential advancements or alternative strategies that could revitalise or replace the Shift Left concept, aiming to enhance security protocols without compromising development speed and innovation.

Paul McCarty, Founder - SourceCodeRED & GitHax
Toby Amodio, Director and Government Cyber Delivery Lead - MF & Associates
Cole Cornford, Founder & CEO - Galah Cyber


Event Closed

  • Chief Information Security Officer
  • Heads of Application Security
  • DevSecOps Leaders
  • Application Security and DevSecOps Architects and Engineers
  • Cybersecurity Engineering Leaders
  • Cloud Security Directors
  • Heads of DevOps and Engineering
  • Security Product Managers
  • Senior AppSec Manager
  • Senior DevSecOps Manager
  • Senior Cybersecurity Manager
  • Senior DevOps Manager
  • Senior Cloud Security Manager
  • Senior Engineering Manager
  • Senior Product Security Manager

Our line-up of Partners will be announced early 2024!


Are you interested in sponsoring the AppSec & DevSecOps Summit Melbourne 2024?

Find out more here or get in touch with Danny Perry to secure your spot now, as each of our events is highly limited to 8 sponsors.

Danny Perry
Director of Sales


P: 0423 984 435