Jean-Baptiste Bres

Chief Information Security Officer

How to become a Fierce Female Leader in Cybersecurity Meetup

I am very excited to participate with Joss Howard at the very first Women in CyberSecurity Meetup next week! Hopefully I will be able to provide some insightful perspective to all!


Future of Security Conference, Sydney

Unfortunately this event has been cancelled due to the COVID-19 outbreak, but it will be rescheduled for later on this year. Stay safe and see you all in a few month!

I am very honoured to be one of the speakers at the next Future of Security conference in Melbourne on 24/03 and in Sydney on 26/03. I will be discussing the Australia Consumer Data Right (CDR), and how it can be used to champion privacy while spurring innovation.

On the 26/03 (Sydney), I will also be part of a panel discussing how emerging technologies are reshaping cyber security risks and controls, strategies to infuse security culture into financial services’ enterprise DNA with Wayne Bozza, Sarah O'Brien and Sumeet Kukar and Larkin Ryder.

Future of Security

CPS 234 NSW Morning Briefing

Thanks all for coming to our panel on strategies to prevent data breaches & improve incident response yesterday at the CPS 234 NSW morning briefing.
Thank you to Jason Anderson and Wayne Bozza for their insightfull perspectives. And thanks to Paul Schofield for his fantastic facilitation and direction.


CPS 234 NSW Morning Briefing

I am looking forward to be one of the speakers at the CPS 234 NSW Morning Briefing in Sydney on 20/02/2020 with 3 great experts: Neil Hopkins, Susie Costa and Wayne Bozza.

With the passing of the July 1st deadline, ARPA regulated entities must meet the mandatory Prudential Standard CPS 234. The Standards have been created to improve resilience against information security threats, and those entities need to put the correct implementation strategy in place to safeguard themselves in the information age.

A key objective is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.

Cyber Attack Conference Sydney 2019

I am very honoured to be one of the speakers at the upcoming Cyber Attack 2019 Conference in Sydney on October 17th. I will be facilitating a round table discussion on how to implement a security Bring Your Own Device (BYOD) policy.

Super Risk Symposium - Melbourne 14/08

I was honoured to be one of the speakers at the Super Risk Symposium organised by the AIST in Melbourne on 14/08.

It was a great session, on the impact of the new CPS 234 regulation, thanks to Rob Pickering who facilitated the debate and to Joss Howard and Matt O'Keefe for their great insights.


Super Risk Symposium - Melbourne 14/08

I am very honoured to be one of the speakers at the next Super Risk Symposium organised by the AIST in Melbourne on 14/08. I will be discussing being CPS compliant with 2 great experts: Joss Howard (Head of Risk Management and Governance Consulting, APAC, NCC Group) and Matt O'Keefe (Partner, KPMG).

Information security is all about risk management. With APRA’s CPS 234 framework now live, how do funds need to be secured and why? What is an acceptable risk? And what is the lasting impact if valuable data is compromised, exposed or unavailable?
This session will explore how funds are demonstrating compliance with the new prudential standard and the strategies being used in safeguarding systems against information security threats.

[Update] Info and tickets at

💡 Conference Transcript: Building an Information Security Policy Framework


Following my presentation on Building an Information Security Policy Framework at the "Implementing CPS 234" conference held in Sydney in May 2019, I received many requests to publish a transcript. Thank you all for your interest and for the large amount of feedback you shared with me. As promised, here is an augmented transcript of my presentation.

It covers an overview of what a Policy Framework is, and why it is an essential part of any Information Security program; the various existing frameworks used across the industry, their strengths and limitations; a methodology to create a flexible framework, supported by a risk assessment and a strong understanding of the assets owned by the institution and the threats they are exposed to; and an approach to define an adequate control set and how to prioritise its implementation.

Read More…

"Implementing CPS 234" conference

I am very proud and excited to be one of the key speakers at the "Implementing CPS 234" conference on 3rd May in Sydney.

I will be talking on how to build an information security policy framework that is agile to changing threats.