Sydney Cloud Security Summit 2025

AI systems like chatbots and agent models are booming—but traditional cloud security doesn’t see the threats they bring. Learn how one team adapted their security program to protect AI from emerging risks.

• Why AI workloads introduce new types of risks (e.g. prompt injection, agent misuse)
• Why traditional tools miss these threats entirely
• How to monitor what’s going in and out of LLMs
• Lessons from securing inference pipelines and vector databases

Enterprise applications are deployed across a wide range of cloud environments, each with their own security controls of various capabilities. In the meantime, the threat landscape for web applications has become increasingly sophisticated, and has seen common threats like Bot, DDoS, and Application attacks persist and grow in complexity.

• The evolving nature of Bot, DDoS, and Layer 7 application attacks — and why they continue to succeed
• Architecting a consistent security inspection and enforcement layer at the edge, independent of origin infrastructure
• Leveraging DevOps tools like Terraform and GitHub to automate the deployment of security controls as part of the CI/CD pipeline

From AI integration to multi-cloud sprawl and ephemeral workloads, Australian organisations are facing a new set of cloud security challenges. This panel brings together security leaders across industries to discuss how they’re adapting their strategies to stay ahead of emerging threats and evolving regulatory pressure.

• What cloud threats are gaining traction across Australia right now
• Why AI, serverless, and multi-cloud are exposing new security blind spots
• How local teams are balancing innovation with risk—without slowing down delivery
• What capabilities, tools, and talent Australian orgs are prioritising for the future

In this innovative session, attendees will be faced with a series of scenarios that they may face in their roles. Attendees will discuss the possible courses of action with their peers to consider the ramifications of each option before logging their own course of action. 

Results will be tallied and analysed by our session facilitator and results will impact the way the group moves through the activity.

Will we collectively choose the right course of action?

Securing access in the cloud is one thing — scaling it across teams and platforms without constant manual oversight is another. In this talk, Kenny shares how he designed and implemented a scalable IAM guardrail solution that automates permission boundaries, enforces policy consistency, and reduces risk across CBA’s cloud environments.

‍

You deployed with Terraform—but did the cloud environment change after that? This demo shows how to spot and fix drift between IaC and real cloud state.

• Why drift happens (and how it leads to risk)
• Tools for detecting changes not in your repo
• How to automate drift correction
• Building trust in your security baselines

One exposed Lambda shouldn’t lead to a full cloud breach. This panel shares how teams are enforcing tighter roles, networks, and service boundaries.

• What flat cloud environments look like (and why they’re dangerous)
• How attackers move laterally across over-permissioned roles
• Real-world examples of blast radius failures
• Segmentation strategies across IAM, VPCs, and accounts

Choose 1 topic to join on the day!

1. Securing AI Workloads in the Cloud
2. Detecting Threats in Short-Lived Cloud Workloads
3. Stopping Cloud-Native Ransomware
4. Managing Secrets in the Cloud at Scale
5. Fixing Multi-Cloud Identity Sprawl
6. Securing Temporary Cloud Credentials in CI/CD Pipelines
7. Controlling Third-Party Access to Cloud and SaaS
8. Mapping Cloud Controls to Compliance Requirements

Put your cloud security knowledge to the test in this fast-paced quiz covering real-world threats, key concepts, and emerging trends. Compete for bragging rights—and a $500 voucher—as the top scorer takes the crown.

‍

Finance wants to cut costs—security wants to protect. This keynote explores how one team justified controls like logging, backups, and monitoring in a cost-cutting world.

• Which controls get cut first—and why it’s risky
• Talking security in financial language
• Metrics that justify spend (MTTR, data loss, breach cost)
• How to work with FinOps, not against them

As cloud sprawl accelerates, teams face a trade-off between agility and control. This think tank explores whether it’s time to consolidate, simplify, and standardise—or double down on layered defenses to manage complexity.

• Is multi-cloud making security harder than it needs to be?
• Should we centralise controls or decentralise responsibility?
• What’s the right balance between developer freedom and guardrails?
• How leading orgs are designing for simplicity and security