CISO Canberra schedule

In this 10-minute networking session, the goal is to connect with three new people. Let the questions on the screen spark your conversation. Enjoy the opportunity to expand your network!

As Australia transitions from Horizon 1 to Horizon 2 of the 2023–2030 Cyber Security Strategy, government systems play a foundational role in setting the security standard for the broader economy. This keynote reflects on the lessons learned from early implementation—what’s working, what’s been challenging—and outlines how the federal government is uplifting its own posture to build trust, improve interoperability, and support national resilience.

Today staying ahead of cyber threats requires a proactive and adaptive approach. This session will focus on how organisations can optimise threat detection, response, and attack surface management to enhance visibility and build more resilient security operations.

AI has become more adept at resembling human behaviour and quantum computing pushes the limits of what’s possible. It is critical to understand the vulnerabilities these emerging technologies introduce. This presentation explores how AI-driven innovations and disruptive technologies are reshaping risk, trust, and identity in the public sector and what today’s cyber leaders must do to prepare.

Harnessing global threat intelligence allows organisations to move from reactive defence to proactive threat mitigation. This session will demonstrate how consolidating and operationalising threat feeds can improve security agility, enhance visibility across systems, and drive a more resilient cybersecurity posture.

This panel explores the practical and legal realities of adopting AI in government without binding regulatory standards. Examining where risk and opportunity intersect, how organisations are applying voluntary frameworks, and why future AI regulations must reflect not just ethical intent, but technical reality ensuring accountability, transparency, and trust in the event of a cyber incident.

• Who is winning in the AI race – defenders or attackers?
• How does your organisation define AI? Gen AI, predictive models, automation etc
• What indicators or benchmarks can help evaluate AI readiness?
• How can you utilise frameworks to rightfully apply governance?
• What would meaningful regulation look like?

Moderator: 

Chui Yong A/FAS, CIO & CISO Department of Agriculture Fisheries and Forestry

Panellists:

Tony Castley CTO & CISO Department of Infrastructure, Transport, Regional Development, Communications and the Arts

Jamie Rossato CISO CSIRO

Krishna Bagla Manager Cyber Security Operations & Implementation NSW Education Standards Authority

Effective cyber defence requires more than just static controls. In this session, we’ll examine how real-time data empowers organisations to strengthen cyber hygiene, rapidly detect and respond to breaches, and streamline compliance initiatives to achieve higher Essential 8 Maturity levels.

This panel discusses considerations for ensuring secure, timely, and transparent information sharing between government agencies and external partners to build trust.

• What are the biggest barriers to securely sharing data across government agencies in a timely manner – technical, legal or cultural?
• Who owns the risk when data is shared, and how clear are those responsibilities in practice?
• What role should cyber and legal teams play in enabling secure data sharing, both internally and across third-party systems?
• What does good governance look like in a multi-stakeholder environment, and are we close to achieving it?

Panellists:

Dibya Sinha Assistant Director Cyber Security Transport Canberra City Services, ACT Government

Rose MacDonald Board member & Director Australian Risk Policy Institute

As the Indo-Pacific races toward digital transformation, Digital Public Infrastructure (DPI) such as digital ID, payments, and data exchange platforms, form the foundation of future economies and public services. But this foundation is only as strong as its cyber resilience. Drawing from a DFAT-funded project on DPI readiness, in partnership with The Quantum Hub (India), this presentation assesses cyber security readiness across digital economies, highlights cross-border digital threats, and discusses Australia’s role in strengthening regional cyber security through policy and partnerships.

Security leaders are under pressure to secure AI-driven cloud environments at the speed of development. This session unpacks strategies for integrating security seamlessly into AI and cloud workflows, ensuring protection while enabling business agility.

A cyber-conscious mindset and security-aware culture are non-negotiable. It is not just about ticking boxes with e-learning or phishing tests. Real success is when cyber security becomes second nature—when people instinctively make safer choices and even share tips with family and friends. That’s when culture truly sticks. This session explores practical ways to embed that mindset and turn everyday behaviours into security habits.

With increased digital capability comes increased risk and responsibility. Evolving cyber threats, complex compliance demands, and growing public scrutiny are placing more pressure than ever on public sector cyber leaders. This session explores how advancing your organisation’s cyber maturity can protect critical services, uphold trust in government systems, and support the secure delivery of digital transformation initiatives.

One of the critical challenges when organisations transition to a Zero Trust security model is the need to modernise legacy systems. Traditional security measures, such as firewalls, are no longer enough, and Zero Trust with micro-segmentation is essential to secure networks from the inside out. This session will explore the practical steps and strategies required to update ageing infrastructures while maintaining operational continuity.

As DevSecOps evolves, AI and automation are redefining security operations, enabling proactive, self-managing security frameworks. This session will examine the benefits and challenges of autonomous DevSecOps, offering insights into how organisations can transition towards a continuous and self-sustaining security model.

Everyone agrees that governance matters but what does good cyber governance actually look like in day-to-day public sector operations? This session unpacks how cyber governance takes shape beyond the policy, translating frameworks like PSPF and ISM into real decision-making, accountability, and operational clarity. Discover practical insights into what makes governance effective and what often gets in the way.

Cloud-native applications demand a new approach to security—one that AI is uniquely positioned to provide. This session will examine how AI-driven security solutions can mitigate risks throughout the software lifecycle, from secure coding practices to real-time threat detection.

Driving real investment and informed decisions, cyber leaders need to communicate cyber risk in terms that stakeholders understand the impact, likelihood, and cost. This panel examines a range of frameworks and methods to explore how to make cyber risk measurable, actionable, and meaningful and how to choose the right approach for your organisation.

• What does it mean to quantify cyber risk in a way that resonates with both technical and non-technical stakeholders?
• What are some of the most effective frameworks or models and how do you decide which one works best for your organisation?
• How can organisations move beyond generic risk scores and articulate the real financial impact of a cyber incident, including costs like reputational damage and public trust loss?
• How can quantifying cyber risk effectively drive investment in cyber security and help prioritise spending in a way that aligns with overall organisational strategy?

Panellists:

Jamie King CISO Australian Federal Police

Jagdish Mehra National Manager Cyber Strategy, Governance and Engagement Services Australia

Jonathan Dean Defence CISO Department of Defence

Nation-state cyber threats are growing in frequency and sophistication, increasingly targeting critical infrastructure and government systems. This panel will delve into the current challenges and necessary steps to strengthen coordination, improve threat intelligence sharing, and build a comprehensive approach to cyber resilience.

• What does a truly unified, nationwide cyber defence against state-based threats look like? How far are we from achieving it today?
• Where are the biggest coordination gaps between federal, state, and local entities?
• What improvements are needed in threat intelligence sharing and incident response protocols to strengthen intergovernmental collaboration?
• What structural, cultural, or policy changes would best enable a “whole-of-nation” approach to cyber resilience?
• What one action should your organisation prioritise in the next 12 months to improve national cyber coordination?

Panellists:

Jamie King CISO Australian Federal Police

Marnie Fraser Assistant Secretary Digital Strategy and Architecture; CISO Department of the Prime Minister and Cabinet

Continue the conversations in a fun and entertaining way.