May 8, 2025
8:30am - 3:00pm
Dockside

Sydney AppSec & DevSecOps Summit 2025

Join us in May to strengthen your development process with cutting-edge security practices. Connect with experts, explore automation, secure containers, and gain practical insights through interactive sessions and real-world case studies.

Check out last year's event

Sydney AppSec & DevSecOps Summit 2025

Join us at the AppSec and DevSecOps Summit to fortify your software development lifecycle.

We're bringing together developers, security experts, and industry leaders to seamlessly integrate security into every step of your development process.

Discover best practices for shifting left, automating security, and managing open-source risks. Explore how to improve DevSecOps adoption, secure containers and microservices, and weigh in on the debate: automation vs. manual testing. Engage in interactive sessions, real-world case studies, panel discussions, and debates to stay ahead of the latest trends in application security.

Key Themes:

  • Integrating Security into the Software Development Lifecycle
  • Shift Left Strategies
  • Application Breach Response
  • Automating Security Processes
  • Managing Open Source Risks
  • Improving DevSecOps Adoption
  • Container and Microservices Security
  • Automation vs. Manual Testing: What Works Best


Who Should Attend?


Developers, DevOps engineers, security professionals, IT leaders, and anyone eager to enhance their understanding of application security and DevSecOps practices.

Don't miss this chance for a day of learning, innovation, and collaboration at the AppSec and DevSecOps Summit.

Our Speakers

Anne-Marie Charett

Anne-Marie Charett

Group Owner - Principal Automation
Glen Whitaker

Glen Whitaker

E2E Platform Automation Group Owner
Cole Cornford

Cole Cornford

Chief Executive Officer
Scott Contini

Scott Contini

AppSec Manager
Sara Gray

Sara Gray

Senior Product Security Manager
Jon-Anthony de Boer

Jon-Anthony de Boer

Product Security Lead
Dan Draper

Dan Draper

Chief Executive Officer
Sean Burford

Sean Burford

Principal Security Engineer
Christopher Langton

Christopher Langton

Co-Founder and Chief Technology Officer
Sareh Emami

Sareh Emami

Principal Product Security Engineer
Peter Lees

Peter Lees

Head of Solution Architecture
Craig Dent

Craig Dent

Staff Solutions Engineer
Simon Harloff

Simon Harloff

Director of Product Management
Cameron Townshend

Cameron Townshend

Principal Architect
Nishit Nair

Nishit Nair

Senior Sales Engineer
Shikhar Singh

Shikhar Singh

Principal Sales Engineer

Agenda

8:30 AM
Registration, Coffee and Breakfast Refreshments

Join us earlier for barista-made coffee and breakfast refreshments courtesy of Snyk!

No items found.
9:25 AM
Patching Dependency Management, Modernising the Approach to Securing External Libraries

External libraries and frameworks fuel modern application development. Equally, dependencies are a known source of security risk and often leave organisations vulnerable to breaches and compliance issues. Existing software composition analysis tools are stuck in the past. They overwhelm developers with false positives, interrupt their workflows, and otherwise make it difficult to keep up with the codeashians. In this talk, Cole Cornford will cover the latest innovations to reduce this toil and get you and your organisation up to date. Or at least to n-1. Key Takeaways include:

  • The existing state of SCA and why we need to change
  • How reachability and cross-correlation can reduce toil
  • Streamlining the patching process and escaping circular dependencies
  • Managing transitive risk with virtual patching
  • Risks with adopting innovative tech
Cole Cornford
Chief Executive Officer, Galah Cyber
9:45 AM
Unsolved Problems in Application Security
Craig Dent
Staff Solutions Engineer, Snyk
10:15 AM
Panel Discussion: Overcoming Cultural Barriers to DevSecOps Adoption

Even with the best tooling and processes, DevSecOps efforts can stall if teams haven’t bought into a culture of collaboration and shared responsibility. This panel explores how leaders can break down silos, align objectives, and nurture a security-aware mindset across development, operations, and security teams.

  • Bridging the cultural divide between legacy security practices and rapid development cycles.
  • Encouraging cross-functional collaboration and championing a “one-team” ethos.
  • Reinforcing accountability and ownership of security across every stage of the software lifecycle.
  • Scaling DevSecOps initiatives through leadership support, continuous learning, and open

Anne-Marie Charett
Group Owner - Principal Automation, Telstra
Dan Draper
Chief Executive Officer, CipherStash
Sareh Emami
Principal Product Security engineer, Atlassian
Simon Harloff
Director of Product Management, Secure Code Warrior
10:45 AM
How I Solved… Mitigate Automated Threats with Advance Bot Protection and Security Analyst Services
Shikhar Singh
Principal Sales Engineer, Thales
Nishit Nair
Senior Sales Engineer, Thales
11:00 AM
Morning Tea & Networking
No items found.
11:30 AM
Interactive Audience Activity: Responding to a Real-Time Application Breach

An interactive session where attendees collaborate to handle a simulated security breach in a live application, focusing on rapid response and mitigation.

No items found.
11:50 AM
How I... Navigate New trends and Challenges in Enterprise AI

The risks in open-source AI models mirror those in traditional open-source libraries, including vulnerabilities, malicious code and licensing issues, while also introducing unique challenges when consuming the models. This talk will delve into the complexities of these risks, examining the challenges they pose and the importance of understanding them in today’s AI-driven landscape.

Cameron Townshend
Principal Architect, Sonatype
12:10 PM
How I Solved... Cryptography Mismanagement By Engineers

Even the most capable developers can fall prey to hidden pitfalls when integrating cryptography into applications. This demo session shines a spotlight on common missteps—from poorly implemented encryption libraries to dangerous key management shortcuts—and illustrates how to prevent these errors in your own code.

  • Identifying classic cryptographic mistakes that put data at risk
  • Pinpointing faulty assumptions in encryption key management and usage
  • Demonstrating real-world consequences of cryptographic misconfigurations
  • Sharing proven best practices to embed robust encryption throughout the development cycle

Scott Contini
AppSec Manager, Nine
12:25 PM
Panel: Shifting Left... Embedding Security from Code to Deployment

Discussing strategies for integrating security testing and practices early in the development process to prevent vulnerabilities.

  • How do you quantify the ROI of shifting security left, and what metrics actually matter to the business and engineering teams?
  • How can teams integrate early security practices without slowing down agile development and continuous delivery pipelines?
  • What strategies have worked in breaking down silos between security and engineering to foster a shared responsibility mindset?

Peter Lees
Head of Solution Architecture, SUSE
Sean Burford
Principal Security Engineer, Telstra
Christopher Langton
Co-Founder and Chief Technology Officer, Vulnetix
12:55 PM
Roundtable Discussions

Select a topic of discussion and engage in an interactive roundtable discussion with a group of your like-minded peers.

No items found.
1:45 PM
Lunch & Networking
No items found.
2:35 PM
Keynote: SecDevOps: Bridging Security and Speed in Modern Development

Adopting a DevOps mindset often amplifies delivery speed, but it can leave security lagging behind. This session explores how to embed security considerations directly into the DevOps pipeline, balancing rapid iteration with robust protection against emerging threats.

  • Integrating security controls from the earliest phases of code and infrastructure design
  • Automating checks and tests to maintain security posture at DevOps velocity
  • Defining clear accountability where Dev, Ops, and Security teams intersect
  • Transforming cultural barriers into collaborative opportunities for holistic, secure releases

Jon-Anthony de Boer
Product Security Lead, Transmax
2:55 PM
The Great Debate: Automation vs. Manual Testing: What's the Right Balance in AppSec?

A lively debate on the effectiveness of automated security tools versus manual testing methods in ensuring application security.

Sara Gray
Senior Product Security Manager, Atlassian
Glen Whitaker
E2E Platform Automation Group Owner, Telstra
Cole Cornford
Chief Executive Officer, Galah Cyber
3:45 PM
Event Closed
No items found.

Past Speaker Highlights

No items found.

Who Attends?

Chief Technology Officer

Chief Information Security Officer

Head of Application Security

Head of DevSecOps

Head of Cybersecurity

VP Engineering

Product Security Director

DevOps Director

Developer Experience Manager

Release and Environment Manager

Platform Engineering Director

Software Engineering Manager

Cybersecurity Engineering Director

API Security Manager

Testing Manager

Our event sponsors

For sponsorship opportunities, please get in touch with Danny Perry, danny@clutchgroup.co

Past Sponsors

No items found.

Event Location

Dockside

2 Wheat Rd, Sydney NSW 2000
Sydney AppSec & DevSecOps Summit 2025

Frequently Asked Questions

No items found.

Get In Touch

Contact our event team for any enquiry

Danny Perry

Director of Sales
For sponsorship opportunities.
danny@clutchgroup.co

Lili Munar

Director of Client Relations
For guest and attendee enquiries.
lilibeth@clutchgroup.co

Ben Turner

Director of Conference Production
For speaking opportunities & content enquiries.
ben@clutchevents.co

Taylor Stanyon

Director of Operations
For event-related enquiries.
taylor@clutchgroup.co