Agenda

Day One | Monday | 23 March 2026

8:10

Registration & Morning Refreshments    

8:30

Opening Karakia

8:40

Chairperson’s Opening Address 

Andrew Choat, Chief Information Security Officer, MTF Finance

8:50

International Virtual Keynote: Building trust and resilience at the General Bank of Canada through unifying risk, cybersecurity, & innovation

Unifying compliance, risk, GRC and cybersecurity under one framework to mend fragmentation, streamline governance and cut recovery time objectives by half
How implementing AI-driven monitoring and automated control checks improved accuracy, reduced manual workloads, and delivered a 70% increase in due diligence efficiency
Moving beyond the illusion of preparation by embedding shared ownership of resilience across team, proving that true readiness depends on collaboration, not isolated planning
Turning risk and cybersecurity into a strategic partner through speaking the language of the business, building bridges and fostering a culture of collaboration

Adam Ennamli, Chief Risk Officer, General Bank of Canada

10:00

Panel: AI-driven attacks: Adapting defences for phishing, identity & access in 2026

How is AI accelerating phishing, impersonation, and identity exploitation, and what do real-world attacks look like in 2026?
How can organisations leverage AI-powered detection and zero-trust frameworks without creating siloed tools that fail to integrate?
What role do cohesive vendor ecosystems and human-centric awareness play in complementing technical controls and sustaining resilience?

Moderator: Andrew Choat, Chief Information Security Officer, MTF Finance

Panellists:

Duncan Hills, Chief Information Security Officer, Fletcher Building

Laura Ross, Chief Information Security Officer, One NZ

Lakshya Mehra, National Security Awareness and Phishing Lead, Health New Zealand Te Whatu Ora

11:00

Morning Tea

11:30

Fireside chat: From cost avoidance to business value: Changing the cyber conversation in the boardroom

How can security leaders position cybersecurity as a driver of trust, growth, and innovation rather than a sunk cost or compliance exercise?
What are the most effective ways to translate risk into financial, customer, or competitor outcomes that boards truly understand?
How can secure-by-design or shift-left practices not only improve security but also save money and create business value?

Moderator: Andrew Choat, Chief Information Security Officer, MTF Finance

Panellists:

Richard Harrison, Chief Information Security Officer, Foodstuffs South Island

Alastair Miller, General Manager Network & Security, Genesis Energy

12:10

Challenging your Beliefs: How foundational controls significantly reduce risk

AI‑driven threats and ransomware are rising, revealing that faster detection doesn’t always reduce risk. Frameworks like CIS and NIST now emphasize foundational, preventative controls such as Application Allowlisting. This session explores why allowlisting isn’t as difficult as assumed and offers practical insights into what effective security will look like in the coming years.

Josh Schwarz, Senior Sales Engineer, Airlock Digital

12:40

Panel: Beyond the perimeter: Securing third & fourth-party risks across the supply chain

How do you define the real scope of your supply chain?
How do you respond to breaches in third or fourth parties that affect you?
How can business impact analysis strengthen continuity in supply chains?
How do you rebuild trust with vendors after a cyber incident?

Moderator: Andrew Choat, Chief Information Security Officer, MTF Finance

Panellists:

Tony Allwood, Head of Cyber Security, Silver Fern Farms

Laura Marshall, Head of Information Security, Livestock Improvement Corporation

Eddy Pereira, General Manager – Supply Chain, Fisher & Paykel Healthcare

1:10

Networking Lunch

2:00

Interactive Breakouts:

During this session, attendees will have the opportunity to attend 2 x 30-minute interactive breakout sessions of their choice

Breakout A: Beyond cost-cutting: The CIO’s blueprint for turning tech investment into real business value

Kevin Robinson, Partner, ARA Digital, Ex-Chief Information Officer, NZ Health

Zahid Arain, General Manager, Technology Business Management Council APAC, TBM Council, Ex-Finance Executive, eHealth and Transport for NSW

Alistair Mascarenhas, Partner – Ara Digital, Ara Digital Limited

Breakout B: Beyond the AI POC graveyard – from experiments to enterprise value

Frank Handerhan, Engagement director, Data & AI, HSO, ANZ

Breakout C: From AI pilots to production: The integration gap that’s stalling your AI ROI

John Deeb, Field Chief Technology Officer, Workato

Lem Prestage, Group IT Manager, Southbase Construction

Breakout D: From POCs to Production: Turning AI experiments into real business value

Raji Haththotuwegama, National Solutions Advisor – Data, AI and Apps, Canon Business Service

Breakout E: The hidden cost of tool sprawl: Simplifying IT without losing capability

Pablo Muñoz, Marketing Director, NinjaOne

Breakout F: The necessary evil: Why staff avoid process mapping and SOPs

Sean Wallace, VP Sales and Community, Flowingly

Breakout G: Securing every identity from AD to AI

Chris Russell, Area Vice President – Australia & New Zealand, Silverfort

3:00

Afternoon Tea

3:40

Interactive workshop: Mapping future patterns: From emerging risks to resilient strategies

Identify emerging risks and digital threats that could shift the security landscape
Explore potential risks outside the traditional business context, geopolitical, social, and environmental factors that intersect with cyber ecosystem
Collaborate with peers to test threat-scenarios and share pattern strategies

Key takeaways for participants:

A practical, repeatable method for assessing emerging risks with patterns
Exposure to peer perspectives on future threats
Actionable insights to bring back to boards and leadership teams when discussing resiliency beyond current state

Facilitators:

Adwin Singh, Cyber Security Domain Lead – CISO Office, Inland Revenue

Kyle Wong, Cyber Security Technology Specialist - CISO Office, Inland Revenue NZ

4:10

Panel: The human firewall: Upskilling for resilience & building a cyber-ready culture

Embedding security awareness and behavioural change across the workforce and supply chain
Ensuring executive-level security priorities don’t get “lost in translation” across organisational layers
Creating incentives and upskilling programs that transform human risk into human defence

Moderator: Andrew Choat, Chief Information Security Officer, MTF Finance

Panellists:

Shivali Kukreja, Head of Risk & Compliance, nib NZ

Sukhjit Gill, Head of Risk, Compliance & Regulatory Affairs, Southern Cross Health Insurance

Sarah Penman, Director of Enterprise Information Security, National Cyber Security Centre

Sam Johnstone, Group IT Security Manager, Fulton Hogan

4:50

Chairperson’s closing address

5:00

Networking drinks & end of summit day one

Day Two | Tuesday | 24 March 2026

8:20

Registration & morning refreshments

8:50

Chairperson’s Opening Address 

Andrew Choat, Chief Information Security Officer, MTF Finance

9:00

Keynote: From hype to control: Does AI demand a new security framework?

Understanding how attackers are using AI today (phishing, impersonation, automation) versus exaggerated narratives
Why AI should be treated as one of the many organisational risks, not an existential threat, and how to frame this for the Board
Practical steps to monitor AI threats, building credibility with Executives, and integrating AI risks into existing governance practices

Tony Arnold, Chief Information Security Officer, TSB Bank

9.30 Bringing Context to Cybersecurity: Evolving to a Risk Surface Approach

Shifting from attack‑surface visibility to risk‑surface clarity so teams know which vulnerabilities truly matter
Prioritising based on real‑world remediation impact, using context, exploitability, and business relevance
Modernising vulnerability management by improving data quality, operational readiness, and embedding risk‑based decision‑making

Sam Salehi, Managing Director ANZ, Qualys

Darren Beattie, Head of Information Security, Tower Insurance

9:50

Fireside chat: Beyond defence: The CISO as enterprise growth leader

Moving from defenders to strategists, shaping enterprise vision beyond security
Embedding cyber awareness into culture to unlock innovation & trust
Demonstrating how security drives revenue, resilience & long-term value

Moderator: Andrew Choat, Chief Information Security Officer, MTF Finance

Panellists:

Eli Hirschauge, Head of Information Security, ANZ

Darren Beattie, Head of Information Security, Tower Insurance

Nadia Yousef, Country Manager for NZ, CISO Lens

Paul Macpherson, Chief Information Security Officer, Reserve Bank of New Zealand

10.30 Presentation: Vulnerability discovery and validation at scale with AI-driven penetration testing

Modern software moves faster than traditional penetration testing. Automated scanners create false positives, while manual validation delays remediation. The real challenge isn’t finding vulnerabilities, it’s proving which are exploitable and confirming fixes have removed the risk.

This session explores how AI-driven penetration testing enables continuous validation at scale. By eliminating false positives, retesting fixes in minutes, and embedding evidence-backed assurance into DevSecOps workflows, AI transforms security from a periodic check into a continuous, scalable capability.

Igor Portugal, Fractional Chief of Growth, Blacklock Security

10:50

Morning Tea

Converged CIO & CISO Leadership Summit

11:20

Fireside chat: CIO & CISO in practice: Healthy tension, shared accountability:

How do you tell real artificial intelligence risks from hype, and decide when to adopt or hold back on new technologies?
When your priorities clash on budgets, innovation speed, or risk appetite, how do you resolve disagreements while keeping trust?
What works best when presenting technology and cyber risks to the Board in business terms they understand?
Why is credibility so important, and how do you avoid sounding like you are crying wolf with Executives?
How do you balance culture and awareness with the technical controls needed for resilience?

Moderator: Paul Natac, Chief Information Officer & Deputy Chief Executive Officer, Provident Insurance Limited

Panellists:

Roxanne Salton, Chief Information & Digital Officer, TSB New Zealand

Tony Arnold, Chief Information Security Officer, TSB New Zealand

12:00

Presentation: Ctrl + Alt + Culture: How security & digital fluency fuel business transformation

Positioning IT and security not as back-office functions but as enablers of enterprise-wide business transformation
Recruiting beyond traditional IT pipelines and developing talent from across the business to create diverse, high-performing teams
How working closely with cybersecurity has strengthened trust and credibility across the wider business

Nicholas Fourie, Vice President & Chief Information Officer, Fisher & Paykel Healthcare

12.30 Presentation: Transformation That Delivers: Strategy, Sequencing, and the Power of the Right Partners

Turning ambition into execution: Balance ambition with risk, budget discipline, and organisational readiness
Avoiding the tech debt trap: modern platforms, secure foundations, and data as an asset
Choosing partners that elevate capability, not create dependency

Nancy Taneja, Chief Information Officer, Toyota New Zealand

Clare Thomas, Head of Operations and Delivery, Nodero

12:50

Lunch & Networking

1:50

Unconference Sessions: Peer-Led Roundtable Discussions

Delegates will split into peer-led groups to discuss key challenges within the digital and security world under Chatham House rules

Topic A: Making data work for people, AI & business

Caroline Wishart, Head of Information Management, Fonterra

Topic B: Fine-tuning your cyber response & building crisis leadership across the executive & board

Laura Jury, Resilience Business Consultant, Air New Zealand

Topic C: Embedding security culture – turning awareness into a strategic asset

Alan Fraser, Team Lead – Security Awareness & Education, Xero

Topic D: Modernising legacy systems by turning technical debt into a platform for innovation

Trevor Delany, Chief Technology Officer, Entrada Travel Group

Topic E: Building future-ready teams – upskilling as the engine of transformation

Tanya Dednam, Director of Transformation, Fire and Emergency NZ

Topic F: Positioning security as a strategic business enabler & securing buy-in from the board

Alastair Miller, General Manager Network & Security, Genesis Energy

Topic G: Harnessing international lessons to prepare for emerging cyber regulation

Steve Smith, Chief Security Officer, Transpower NZ

2:40

Presentation: Positioning security as a strategic enabler

Translating technical metrics into narratives boards can act on
Determining “what's enough” for your organisation without overspending or underserving risk
How CIOs and CISOs can ensure security priorities don’t get lost across organisational layers
Positioning security not just as a defence mechanism but as a strategic lever that enables transformation and confidence

Jenni McNeil, Head of Security and Infrastructure, Contact Energy

3:10

Afternoon tea & networking

3:30

Fireside chat: Lessons from the frontline: Leading through a cyber attack

Hear first-hand experiences of CIOs and CISOs who have led their organisations through major cyber incidents
Unpack the toughest lessons from restoring operations, managing stakeholders, and rebuilding trust under pressure
Explore practical steps leaders can take now to strengthen preparedness and turn crises into catalysts for resilience

Moderator: Paul Natac, Chief Information Officer & Deputy Chief Executive Officer, Provident Insurance Limited

Panellists:

Andrew Ramsay, Chief Information Officer, T&G Global

Sonny Taite, Director of Innovation & AI, Former CIO, Te Whatu Ora Health

4:00

Peer-to-peer reflection: Turning summit lessons into a roadmap

Delegates break into small peer groups to distil the day’s content into action. What will you implement in the next 6 months? What’s achievable in 12 months? Facilitators will capture key themes, creating a “community playbook” that ensures the summit drives tangible change beyond the room

Moderator: Paul Natac, Chief Information Officer & Deputy CEO, Provident Insurance Limited

Agenda

Day One | Monday | 23 March 2026

​

​

​

8:10

Registration & Morning Refreshments

​

8:30

Opening Karakia

​

8:40

Chairperson’s Opening Address

​

8:50

International Virtual Keynote: Building trust and resilience at the General Bank of Canada through unifying risk, cybersecurity, & innovation

​

10:00

Panel: AI-driven attacks: Adapting defences for phishing, identity & access in 2026

​

11:00

Morning Tea

​

11:30

Fireside chat: From cost avoidance to business value: Changing the cyber conversation in the boardroom

​

12:10

Challenging your Beliefs: How foundational controls significantly reduce risk

​

12:40

Panel: Beyond the perimeter: Securing third & fourth-party risks across the supply chain

​

1:10

Networking Lunch

​

2:00

Interactive Breakouts:

​

3:00

Afternoon Tea

​

3:40

Interactive workshop: Mapping future patterns: From emerging risks to resilient strategies

​

4:10

Panel: The human firewall: Upskilling for resilience & building a cyber-ready culture

​

4:50

Chairperson’s closing address

​

5:00

Networking drinks & end of summit day one

Registration & Morning Refreshments    

Chairperson’s Opening Address 