Dockside
May 8, 2025
9:00am - 3:00pm

Sydney AppSec & DevSecOps Summit 2025

Join us in May to strengthen your development process with cutting-edge security practices. Connect with experts, explore automation, secure containers, and gain practical insights through interactive sessions and real-world case studies.

Register Now
View Agenda
Sydney AppSec & DevSecOps Summit 2025
Sydney AppSec & DevSecOps Summit 2025

Join us at the AppSec and DevSecOps Summit to fortify your software development lifecycle.

We're bringing together developers, security experts, and industry leaders to seamlessly integrate security into every step of your development process.

Discover best practices for shifting left, automating security, and managing open-source risks. Explore how to improve DevSecOps adoption, secure containers and microservices, and weigh in on the debate: automation vs. manual testing. Engage in interactive sessions, real-world case studies, panel discussions, and debates to stay ahead of the latest trends in application security.

Key Themes:

  • Integrating Security into the Software Development Lifecycle
  • Shift Left Strategies
  • Application Breach Response
  • Automating Security Processes
  • Managing Open Source Risks
  • Improving DevSecOps Adoption
  • Container and Microservices Security
  • Automation vs. Manual Testing: What Works Best


Who Should Attend?

Developers, DevOps engineers, security professionals, IT leaders, and anyone eager to enhance their understanding of application security and DevSecOps practices.

Don't miss this chance for a day of learning, innovation, and collaboration at the AppSec and DevSecOps Summit.

Register Now

Program Highlights

12+

Speakers

10+

Sessions

150+

AppSec & DevSecOps Leaders

1

Track

Our Speakers

Anne-Marie Charett

Anne-Marie Charett

Group Owner - Principal Automation
Maryam Shoraka

Maryam Shoraka

Head of Cyber Security Operations
Cole Cornford

Cole Cornford

Chief Executive Officer
Scott Contini

Scott Contini

AppSec Manager
Jon-Anthony de Boer

Jon-Anthony de Boer

Product Security Lead
Matt Flannery

Matt Flannery

Associate Director of Offensive Security
Dan Draper

Dan Draper

Chief Executive Officer

Agenda

9:00am
Arrival & Networking
No items found.
9:30am
Keynote: API Security: The New Frontier

APIs are the lifeblood of modern apps, but as they open doors for rapid innovation, they can also leave us wide open to threats. In this session, we’ll jump into why securing APIs is the next big frontier for AppSec and DevSecOps pros, sharing real-world pitfalls and easy wins to help you stay ahead.

  • Unpacking why APIs are prime targets and how attackers exploit them
  • Building a strong API security framework with robust authentication and monitoring
  • Handling the wild west of third-party integrations without compromising security
  • Driving a security-first culture that keeps pace with accelerated API development cycles
Matt Flannery
Associate Director of Offensive Security, Service NSW
9:50am
Panel Discussion: Overcoming Cultural Barriers to DevSecOps Adoption

Even with the best tooling and processes, DevSecOps efforts can stall if teams haven’t bought into a culture of collaboration and shared responsibility. This panel explores how leaders can break down silos, align objectives, and nurture a security-aware mindset across development, operations, and security teams.

  • Bridging the cultural divide between legacy security practices and rapid development cycles.
  • Encouraging cross-functional collaboration and championing a “one-team” ethos.
  • Reinforcing accountability and ownership of security across every stage of the software lifecycle.
  • Scaling DevSecOps initiatives through leadership support, continuous learning, and open

Anne-Marie Charett
Group Owner - Principal Automation, Telstra
Dan Draper
Chief Executive Officer, CipherStash
10:20am
Morning Tea & Networking
No items found.
10:50am
Interactive Audience Activity: Responding to a Real-Time Application Breach

An interactive session where attendees collaborate to handle a simulated security breach in a live application, focusing on rapid response and mitigation.

No items found.
11:10am
How I Solved... Threat Modelling in State Government

As state governments bring more services online, the risk of breaches and disruptions grows significantly. This demonstration session walks through a realistic scenario of threat modeling in the public sector, showcasing how to reveal vulnerabilities, prioritise mitigation, and maintain public trust in a high-stakes environment.

  • Mapping out governmental systems and critical assets to conduct effective threat modeling
  • Identifying unique attack vectors that target public services and infrastructure
  • Translating threat modeling insights into actionable security tasks that bolster resilience
  • Aligning threat modeling outcomes with compliance mandates and citizen trust objectives

Maryam Shoraka
Head of Cyber Security Operations, NSW Department of Communities and Justice
11:25pm
How I Solved... Cryptography Mismanagement By Engineers

Even the most capable developers can fall prey to hidden pitfalls when integrating cryptography into applications. This demo session shines a spotlight on common missteps—from poorly implemented encryption libraries to dangerous key management shortcuts—and illustrates how to prevent these errors in your own code.

  • Identifying classic cryptographic mistakes that put data at risk
  • Pinpointing faulty assumptions in encryption key management and usage
  • Demonstrating real-world consequences of cryptographic misconfigurations
  • Sharing proven best practices to embed robust encryption throughout the development cycle

Scott Contini
AppSec Manager, Nine
11:40am
Panel: Shifting Left... Embedding Security from Code to Deployment

Discussing strategies for integrating security testing and practices early in the development process to prevent vulnerabilities.

Cole Cornford
Chief Executive Officer, Galah Cyber
12:10pm
Roundtable Discussions

Select a topic of discussion and engage in an interactive roundtable discussion with a group of your like-minded peers.

No items found.
1:00pm
Lunch & Networking
No items found.
2:00
Patching Dependency Management, Modernising the Approach to Securing External Libraries

External libraries and frameworks fuel modern application development. Equally, dependencies are a known source of security risk and often leave organisations vulnerable to breaches and compliance issues. Existing software composition analysis tools are stuck in the past. They overwhelm developers with false positives, interrupt their workflows, and otherwise make it difficult to keep up with the codeashians. In this talk, Cole Cornford will cover the latest innovations to reduce this toil and get you and your organisation up to date. Or at least to n-1. Key Takeaways include:

  • The existing state of SCA and why we need to change
  • How reachability and cross-correlation can reduce toil
  • Streamlining the patching process and escaping circular dependencies
  • Managing transitive risk with virtual patching
  • Risks with adopting innovative tech

Cole Cornford
Chief Executive Officer, Galah Cyber
2:20pm
Keynote: SecDevOps: Bridging Security and Speed in Modern Development

Adopting a DevOps mindset often amplifies delivery speed, but it can leave security lagging behind. This session explores how to embed security considerations directly into the DevOps pipeline, balancing rapid iteration with robust protection against emerging threats.

  • Integrating security controls from the earliest phases of code and infrastructure design
  • Automating checks and tests to maintain security posture at DevOps velocity
  • Defining clear accountability where Dev, Ops, and Security teams intersect
  • Transforming cultural barriers into collaborative opportunities for holistic, secure releases

Jon-Anthony de Boer
Product Security Lead, Transmax
2:40pm
The Great Debate: Automation vs. Manual Testing: What's the Right Balance in AppSec?

A lively debate on the effectiveness of automated security tools versus manual testing methods in ensuring application security.

Cole Cornford
Chief Executive Officer, Galah Cyber
3:30pm
Event Closed
No items found.

Who Attends?

Chief Technology Officer

Chief Information Security Officer

Head of Application Security

Head of DevSecOps

Head of Cybersecurity

VP Engineering

Product Security Director

DevOps Director

Developer Experience Manager

Release and Environment Manager

Platform Engineering Director

Software Engineering Manager

Cybersecurity Engineering Director

API Security Manager

Testing Manager

Benefits For Attendees

4.7 / 5

average overall rating from attendees at our events.

94%

of attendees rate our content as “Extremely Relevant”.

100%

of attendees would recommend attending a Clutch Event to a colleague.

Our event sponsors
For sponsorship opportunities, please get in touch with Danny Perry, danny@weareclutch.com.au

Event Location

Dockside

2 Wheat Rd, Sydney NSW 2000
Sydney AppSec & DevSecOps Summit 2025

FAQs

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

No items found.

Get In Touch

Contact our event team for any enquiry

Danny Perry

Director of Sales
For sponsorship opportunities.
danny@weareclutch.com.au

Lili Munar

Director of Client Relations
For guest and attendee enquiries.
lilibeth@weareclutch.com.au

Ben Turner

Director of Conference Production
For speaking opportunities & content enquiries.
ben@weareclutch.com.au

Taylor Stanyon

Director of Operations
For event-related enquiries.
taylor@weareclutch.com.au