Sydney Cloud Security Summit 2025

As cloud infrastructure grows in complexity and scale, organisations must rethink their security approach by focusing on the people behind the technology. A human-centric strategy strengthens resilience, promotes a security-first culture, and ensures smarter responses to evolving threats in the cloud landscape.  

• How to embed a security-first culture through human behavior, awareness, and accountability
• Managing third-party and supply chain risks within multi-cloud and hybrid environments
• The power of transparency during cyber inciiverdents to build trust with customers and stakeholders
• Using AI and automation to support—not replace—critical human judgment in cloud security operations

As organisations expand across hybrid and multi-cloud infrastructures, the complexity of managing cyber risk intensifies. This keynote explores strategies to gain comprehensive visibility, prioritise vulnerabilities based on risk, and implement effective remediation across diverse environments.

• The evolving nature of Bot, DDoS, and Layer 7 application attacks — and why they continue to succeed
• Architecting a consistent security inspection and enforcement layer at the edge, independent of origin infrastructure
• Leveraging DevOps tools like Terraform and GitHub to automate the deployment of security controls as part of the CI/CD pipeline

From AI integration to multi-cloud sprawl and ephemeral workloads, Australian organisations are facing a new set of cloud security challenges. This panel brings together security leaders across industries to discuss how they’re adapting their strategies to stay ahead of emerging threats and evolving regulatory pressure.

• What cloud threats are gaining traction across Australia right now
• Why AI, serverless, and multi-cloud are exposing new security blind spots
• How local teams are balancing innovation with risk—without slowing down delivery
• What capabilities, tools, and talent Australian orgs are prioritising for the future

In this innovative session, attendees will be faced with a series of scenarios that they may face in their roles. Attendees will discuss the possible courses of action with their peers to consider the ramifications of each option before logging their own course of action. 

Results will be tallied and analysed by our session facilitator and results will impact the way the group moves through the activity.

Will we collectively choose the right course of action?

Whether you’re a small organisation moving to the cloud for the first time or a larger company under budget pressure, smart, cost-effective security decisions can make all the difference. This session shares practical ways to protect cloud environments without sacrificing effectiveness.

• Choosing the right mix of SaaS, PaaS, IaaS, and open-source for value and security
• Prioritising spend on controls that deliver the biggest risk reduction
• Stretching limited budgets with automation and built-in cloud security tools

In today’s dynamic cloud environments, maintaining security posture and meeting compliance requirements is a continuous challenge. In this session, we’ll explore how Vanta enables organisations to build a truly compliant cloud by providing real-time visibility into cloud security posture, automating preventive controls, and continuously collecting the evidence needed for audit readiness. Learn how Vanta simplifies frameworks like SOC 2, ISO 27001, Essential Eight, NIST and other security frameworks—turning posture into prevention, and prevention into proof.

One exposed Lambda shouldn’t lead to a full cloud breach. This panel shares how teams are enforcing tighter roles, networks, and service boundaries.

• What flat cloud environments look like (and why they’re dangerous)
• How attackers move laterally across over-permissioned roles
• Real-world examples of blast radius failures
• Segmentation strategies across IAM, VPCs, and accounts

Choose 1 topic to join on the day!

1. Enhanced Strategies for Monitoring and Remediation of Cloud Misconfigurations
2. Who's in Your Cloud and What Can They Do?
3. Secure Your Identity Infrastructure from Insider Threats
4. From Compliance Burden to Business Enabler: Scaling Cloud Security with Confidence
5. ‍
6. Fixing Multi-Cloud Identity Sprawl
7. Securing Temporary Cloud Credentials in CI/CD Pipelines
8. Controlling Third-Party Access to Cloud and SaaS
9. Mapping Cloud Controls to Compliance Requirements

Put your cloud security knowledge to the test in this fast-paced quiz covering real-world threats, key concepts, and emerging trends. Compete for bragging rights—and a $500 voucher—as the top scorer takes the crown.

‍

Most cloud provider security certifications teach technology concepts, such as identity & access management, policy enforcement, and secrets management.But few cover cloud governance, threats, compliance frameworks, and stakeholder lingo well. CCSP rounds out your toolkit with more strategic pillars.

• Cloud provider certification versus provider-agnostic security concepts
• Understanding the broader picture of cloud security
• Improved stakeholder communication

As cloud sprawl accelerates, teams face a trade-off between agility and control. This think tank explores whether it’s time to consolidate, simplify, and standardise—or double down on layered defenses to manage complexity.

• Is multi-cloud making security harder than it needs to be?
• Should we centralise controls or decentralise responsibility?
• What’s the right balance between developer freedom and guardrails?
• How leading orgs are designing for simplicity and security