Agenda

Day One | Monday | 23 March 2026

8:10

Registration & Morning Refreshments    

8:30

Opening Karakia

8:50

Chairperson’s Opening Address 

Andrew Choat, Chief Information Security Officer, MTF Finance

9:00

International Keynote: Building trust and resilience at the General Bank of Canada through unifying risk, cybersecurity, & innovation

Unifying compliance, risk, GRC and cybersecurity under one framework to mend fragmentation, streamline governance and cut recovery time objectives by half
How implementing AI-driven monitoring and automated control checks improved accuracy, reduced manual workloads, and delivered a 70% increase in due diligence efficiency
Moving beyond the illusion of preparation by embedding shared ownership of resilience across team, proving that true readiness depends on collaboration, not isolated planning
Turning risk and cybersecurity into a strategic partner through speaking the language of the business, building bridges and fostering a culture of collaboration

Adam Ennamli, Chief Risk Officer, General Bank of Canada

10:10

Panel: AI-driven attacks: Adapting defences for phishing, identity & access in 2026

How is AI accelerating phishing, impersonation, and identity exploitation, and what do real-world attacks look like in 2026?
How can organisations leverage AI-powered detection and zero-trust frameworks without creating siloed tools that fail to integrate?
What role do cohesive vendor ecosystems and human-centric awareness play in complementing technical controls and sustaining resilience?

Moderator: Andrew Choat, Chief Information Security Officer, MTF Finance

Panellists:

Duncan Hills, Chief Information Security Officer, Fletcher Building

Laura Ross, Chief Information Security Officer, One NZ

Nick Tucker, Head of Information Security, The Co-operative Bank

11:10

Morning Tea

11:40

Panel: From cost avoidance to business value: Changing the cyber conversation in the boardroom

How can security leaders position cybersecurity as a driver of trust, growth, and innovation rather than a sunk cost or compliance exercise?
What are the most effective ways to translate risk into financial, customer, or competitor outcomes that boards truly understand?
How can secure-by-design or shift-left practices not only improve security but also save money and create business value?

Moderator: Andrew Choat, Chief Information Security Officer, MTF Finance

Panellists:

Richard Harrison, Chief Information Security Officer, Foodstuffs South Island

Scott Shearman, Chief Information Security Officer, House of Travel

Marek Jawurek, Head of Cyber Security Advisory, Ampol

Alastair Miller, General Manager Network & Security, Genesis Energy

12:20

Session delivered by Airlock Digital

12:40

Panel: Beyond the perimeter: Securing third & fourth-party risks across the supply chain

How do you define the real scope of your supply chain?
How do you respond to breaches in third or fourth parties that affect you?
How can business impact analysis strengthen continuity in supply chains?
How do you rebuild trust with vendors after a cyber incident?

Moderator: Andrew Choat, Chief Information Security Officer, MTF Finance

Panellists:

Tony Allwood, Head of Cyber Security, Silver Fern Farms

Laura Marshall, Head of Information Security, Livestock Improvement Corporation

Eddy Pereira, General Manager – Supply Chain, Fisher & Paykel Healthcare

John-Paul Sikking, Head of Cyber Protection, Bank of New Zealand

1:20

Networking Lunch

2:10

Interactive Breakouts:

During this session, attendees will have the opportunity to attend 2 x 30-minute interactive breakout sessions of their choice

Breakout A: Enhanced API Security - Discuss strategies to secure APIs against misuse, data leakage, and integration vulnerabilities
Breakout B: Cloud Security - Explore how to strengthen posture management and reduce misconfiguration risk across hybrid environments
Breakout C: Securing the SaaS Landscape - Share approaches to controlling SaaS sprawl, managing access, and improving visibility
Breakout D: Data Loss Prevention & Encryption -Examine practical steps to protect sensitive data and prevent insider or accidental loss
Breakout E: Managing the Risks of Generative AI - Debate how to balance innovation with governance and mitigate emerging AI-driven threats
Breakout F: Vulnerability Management & Penetration Testing - Discuss continuous testing methods to prioritise and remediate high-impact vulnerabilities

3:10

Afternoon Tea

3:50

Interactive workshop: Mapping future patterns: From emerging risks to resilient strategies

Identify emerging risks and digital threats that could shift the security landscape
Explore potential risks outside the traditional business context, geopolitical, social, and environmental factors that intersect with cyber ecosystem
Collaborate with peers to test threat-scenarios and share pattern strategies

Key takeaways for participants:

A practical, repeatable method for assessing emerging risks with patterns
Exposure to peer perspectives on future threats
Actionable insights to bring back to boards and leadership teams when discussing resiliency beyond current state

Facilitators:

Adwin Singh, Head of Cyber Security, Inland Revenue

Kyle Wong, Cyber Security Technology Specialist - CISO Office, Inland Revenue NZ

4:10

Panel: The human firewall: Upskilling for resilience & building a cyber-ready culture

Embedding security awareness and behavioural change across the workforce and supply chain
Ensuring executive-level security priorities don’t get “lost in translation” across organisational layers
Creating incentives and upskilling programs that transform human risk into human defence

Moderator: Andrew Choat, Chief Information Security Officer, MTF Finance

Panellists:

Shivali Kukreja, Head of Risk & Compliance, nib Insurance

Sukhjit Gill, Head of Risk, Compliance & Regulatory Affairs, Southern Cross Health Insurance

Sarah Penman, Director of Enterprise Information Security, National Cyber Security Centre

Sam Johnstone, Group IT Security Manager, Fulton Hogan

4:50

Chairperson’s closing address

5:00

Networking drinks & end of summit day one

Day Two | Tuesday | 24 March 2026

8:20

Registration & morning refreshments

8:50

Chairperson’s Opening Address 

Andrew Choat, Chief Information Security Officer, MTF Finance

9:00

Keynote: From hype to control: Does AI demand a new security framework?

Understanding how attackers are using AI today (phishing, impersonation, automation) versus exaggerated narratives
Why AI should be treated as one of the many organisational risks, not an existential threat, and how to frame this for the Board
Practical steps to monitor AI threats, building credibility with Executives, and integrating AI risks into existing governance practices

Tony Arnold, Chief Information Security Officer, TSB Bank

9:50

Fireside chat: Beyond defence: The CISO as enterprise growth leader

Moving from defenders to strategists, shaping enterprise vision beyond security
Embedding cyber awareness into culture to unlock innovation & trust
Demonstrating how security drives revenue, resilience & long-term value

Moderator: Andrew Choat, Chief Information Security Officer, MTF Finance

Panellists:

Eli Hirschauge, Head of Information Security, ANZ

Darren Beattie, Head of Information Security, Tower Insurance

Nadia Yousef, Country Manager for NZ, CISO Lens

Paul Macpherson, Chief Information Security Officer, Reserve Bank of New Zealand

10:50

Morning Tea

Converged CIO & CISO Leadership Summit

11:20

Fireside chat: CIO & CISO in practice: Healthy tension, shared accountability:

How do you tell real artificial intelligence risks from hype, and decide when to adopt or hold back on new technologies?
When your priorities clash on budgets, innovation speed, or risk appetite, how do you resolve disagreements while keeping trust?
What works best when presenting technology and cyber risks to the Board in business terms they understand?
Why is credibility so important, and how do you avoid sounding like you are crying wolf with Executives?
How do you balance culture and awareness with the technical controls needed for resilience?

Moderator: Paul Natac, Chief Information Officer & Deputy Chief Executive Officer, Provident Insurance Limited

Panellists:

Roxanne Salton, Chief Information & Digital Officer, TSB New Zealand

Tony Arnold, Chief Information Security Officer, TSB New Zealand

12:00

Presentation: Ctrl + Alt + Culture: How security & digital fluency fuel business transformation

Positioning IT and security not as back-office functions but as enablers of enterprise-wide business transformation
Recruiting beyond traditional IT pipelines and developing talent from across the business to create diverse, high-performing teams
How working closely with cybersecurity has strengthened trust and credibility across the wider business

Nicholas Fourie, Vice President & Chief Information Officer, Fisher & Paykel Healthcare

12:50

Unconference Sessions: Peer-Led Roundtable Discussions

Delegates will split into peer-led groups to discuss key challenges within the digital and security world under Chatham House rules

Topic A: Making data work for people, AI & business

Caroline Wishart, Head of Information Management, Fonterra

Topic B: Fine-tuning your cyber response & building crisis leadership across the executive & board

Laura Jury, Resilience Business Consultant, Air New Zealand

Topic C: Embedding security culture – turning awareness into a strategic asset

Alan Fraser, Team Lead – Security Awareness & Education, Xero

Topic D: Modernising legacy systems by turning technical debt into a platform for innovation

Trevor Delany, Chief Digital & Innovation Officer, The Real Estate Institute of New Zealand

Topic E: Building future-ready teams – upskilling as the engine of transformation

Tanya Dednam, Head of Digital, Centreport

Topic F: Positioning security as a strategic business enabler & securing buy-in from the board

Alastair Miller, General Manager Network & Security, Genesis Energy

Topic G: Harnessing international lessons to prepare for emerging cyber regulation

Steve Smith, Chief Security Officer, Transpower NZ

1:30

Lunch & Networking

2:30

Presentation: Positioning security as a strategic enabler

Translating technical metrics into narratives boards can act on
Determining “what's enough” for your organisation without overspending or underserving risk
How CIOs and CISOs can ensure security priorities don’t get lost across organisational layers
Positioning security not just as a defence mechanism but as a strategic lever that enables transformation and confidence

Jenni McNeil, Head of Information Security, Contact Energy

3:00

Fireside chat: Lessons from the frontline: Leading through a cyber attack

Hear first-hand experiences of CIOs and CISOs who have led their organisations through major cyber incidents
Unpack the toughest lessons from restoring operations, managing stakeholders, and rebuilding trust under pressure
Explore practical steps leaders can take now to strengthen preparedness and turn crises into catalysts for resilience

Moderator: Paul Natac, Chief Information Officer & Deputy Chief Executive Officer, Provident Insurance Limited

Panellists:

Andrew Ramsay, Chief Information Officer, T&G Global

Sonny Taite, Director of Innovation & AI, Former CIO, Te Whatu Ora Health

3:40

Peer-to-peer reflection: Turning summit lessons into a roadmap

Delegates break into small peer groups to distil the day’s content into action. What will you implement in the next 6 months? What’s achievable in 12 months? Facilitators will capture key themes, creating a “community playbook” that ensures the summit drives tangible change beyond the room

Moderator: Paul Natac, Chief Information Officer & Deputy CEO, Provident Insurance Limited

Agenda

Day One | Monday | 23 March 2026

​

​

​

8:10

Registration & Morning Refreshments

​

8:30

Opening Karakia

​

8:50

Chairperson’s Opening Address

​

9:00

International Keynote: Building trust and resilience at the General Bank of Canada through unifying risk, cybersecurity, & innovation

​

10:10

Panel: AI-driven attacks: Adapting defences for phishing, identity & access in 2026

​

11:10

Morning Tea

​

11:40

Panel: From cost avoidance to business value: Changing the cyber conversation in the boardroom

​

12:20

Session delivered by Airlock Digital

​

12:40

Panel: Beyond the perimeter: Securing third & fourth-party risks across the supply chain

​

1:20

Networking Lunch

​

2:10

Interactive Breakouts:

​

3:10

Afternoon Tea

​

3:50

Interactive workshop: Mapping future patterns: From emerging risks to resilient strategies

​

4:10

Panel: The human firewall: Upskilling for resilience & building a cyber-ready culture

​

4:50

Chairperson’s closing address

​

5:00

Networking drinks & end of summit day one

Registration & Morning Refreshments    

Chairperson’s Opening Address 