CISO Canberra schedule

 During this 5-minute networking session, participants can build their network. Have fun!  

This keynote panel brings international and national perspectives together to help government cyber leaders make sense of global threat signals shaped by geopolitical tension, cross‑border crime, and coordinated activity.

• What are you seeing across borders that genuinely stands out right now?
• How are those patterns being understood within law enforcement and intelligence communities?
• Where do organisations tend to misjudge the significance of what they are seeing?
• How should government cyber leaders use these insights to inform action without overstating certainty or urgency?

Panelists:

Tori Lamb Assistant Secretary Cyber Affairs and Critical Technology Department of Foreign Affairs and Trade

Sandra Booth Assistant Commissioner Cyber & Special Investigations AFP

Mark Rysanek Cyber Liaison Officer Royal Canadian Mounted Police  

Cloud‑native infrastructure, automation, and dynamic access are changing how environments behave, but many security models still rely on assumptions built for slower, more static systems. This keynote explores which long‑held security assumptions are no longer holding, why this creates friction for CISOs, and how leaders are beginning to rethink security in environments defined by software, automation, and constant change.

This keynote explores what maturity looks like as cyber security capability is scaled across government under Horizon 2 of the 2023–2030 Cyber Security Strategy. It focuses on the expected level of operational maturity at this stage, how capabilities are being embedded into real environments, and the key delivery, integration, and coordination challenges that remain as agencies move from build to sustained operation.

Risk is no longer driven primarily by single control failures. It is amplified by interdependencies, overlapping platforms. unclear ownership and fragile integrations. This keynote explores how complexity itself has become the dominant risk multiplier in modern environments, and why CISOs are increasingly focused on reducing coupling and blast radius rather than maximising coverage. 

Shared platforms and common vendors continue to underpin government service delivery, but they also concentrate risk in ways that require clearer thinking about how much vendor diversity is enough.

• Where does efficiency in shared platforms become systemic risk?
• How should vendor risk be continuously re-evaluated beyond procurement cycles?
• How do we reduce concentration risk without impacting delivery speed or scale benefits?

Panellists:

Manohar Esarapu Chief Information & Innovation Officer City of Port Phillip

Ayman Essmat CIO Eurobodalla Shire Council

David Norwood CIO & Director Digital Health & Innovation Sydney Local Health District

Daminda Kumara CISO Commonwealth Superannuation Corporation  

The emergence of Mythos-class AI has permanently changed what defensible security means for government agencies. Attackers can now discover and exploit vulnerabilities at machine speed — making continuous, real-time visibility a baseline requirement, not best practice. This roundtable explores:

• How agencies can move from static compliance reports to continuously updated, executive-ready metrics
• What good looks like: patch status, remediation velocity, and control effectiveness
• How risk-based prioritisation helps leaders direct effort to where it matters most how agencies can reduce exposure and deliver stronger audit outcomes

This keynote explores what changes when cyber risk, incidents and spending decisions become matters of public visibility in local government. Drawing on three terms as Mayor of the City of Monash and more than two decades of experience in technology and cyber security, Cr Stuart James connects technical understanding with the realities of public accountability. The session examines transparency, media scrutiny, community expectations and service continuity when information is incomplete and public trust is at stake.

A cyber-conscious mindset and security-aware culture are non-negotiable. It is not just about ticking boxes with e-learning or phishing tests. Real success is when cyber security becomes second nature—when people instinctively make safer choices and even share tips with family and friends. That’s when culture truly sticks. This session explores practical ways to embed that mindset and turn everyday behaviours into security habits.

Identity is no longer just part of the architecture. It is becoming the architecture. As organisations adopt cloud, SaaS, remote work, and AI‑driven systems, identity increasingly determines how access is granted, monitored, and revoked. This session explores how security leaders are rethinking identity as a continuously operating system rather than a static control layer, and what this means for accountability, detection, and resilience in modern environments.

AI is being introduced into government cyber security environments alongside existing systems and responsibilities, raising questions about how much pressure it removes, how much it adds, and what it changes for teams in practice.

• How is AI changing day to day work and expectations for cyber teams?
• Where is pressure building on judgement, accountability, and capacity as AI use grows?
• What does this mean for the future pipeline of skills, roles, and experience in government cyber teams?

Moderator:

Krishna Bagla Manager Cyber Security Operations & Implementation NSW Education Standards Authority

Speakers:

Marc Karahasanoglu CISO NSW Rural Fire Service

Jakub Zvěřina Technical Program Lead for CyberPath ACS 

Machine identities now outnumber human identities through service accounts, APIs, workloads, and AI agents. Yet most identity programmes still treat them as secondary. This session focuses on how teams are inventorying, governing, and enforcing least privilege across non‑human identities, including rotation, lifecycle, and segmentation challenges across hybrid environments. 

AI is increasingly embedded in cyber security operations, but SOCs remain human-led in practice. This session explores where AI is genuinely improving visibility, telemetry analysis, and alert prioritisation, and where human judgement is still essential for effective detection and response in complex environments.

Moderator:

Krishna Bagla Manager Cyber Security Operations & Implementation NSW Education Standards Authority

Speakers:

Jessamy Perkins Principal Cyber Security Adviser Australian Government  

Rue Maharaj Specialist - Cybersecurity Defence Management Melbourne Water  

As data moves across SaaS, cloud, analytics pipelines, and AI systems, traditional DLP models break down. Effective protection now depends on classification, context, and continuous monitoring. This session focuses on how teams are technically enforcing data controls across modern data flows, including AI ingestion paths, backup systems, and shared datasets.

This case study explores Sydney Local Health District’s cyber security transformation within a highly interconnected healthcare environment, where resilience depends on shared systems, statewide platforms, and third-party dependencies across more than 200,000 connected devices. Key topics include:

• Managing shared ownership, visibility, and accountability across stakeholders
• Strengthening resilience in clinical and operational environments
• Navigating legacy systems and complex dependencies
• Balancing governance, continuity, and cyber maturity uplift

When breaches occur, the difference between disruption and containment is rarely speed alone. Network, workload, and identity segmentation increasingly determine how far an attacker can move. This session explores practical segmentation approaches that actually get deployed, including enforcement points and operational impact in complex environments.  

With ASD outlining Australia’s direction on post-quantum cryptography, this conversation focuses on how security leaders can interpret those signals, balance long‑horizon risk with current delivery pressures, and take sensible, proportionate steps without overstating urgency.

• How should security leaders think about the technical timeline for quantum risk without relying on speculative dates?
• What preparation makes sense today without overinvesting or diverting focus from current risks?
• What is one realistic step teams can take in the next 12 months to start preparing responsibly?

Speakers:

Tara Lie Information & Technology Governance Manager WA Department of Water and Environmental Regulation

Dr Muhammed Esgin Deputy Director, Post-Quantum Cryptography in the Indo-Pacific Program Monash University 

Roma Singh Portfolio Security Advisor VIC Department of Transport and Planning 

This keynote reflects on the expanding scope of CISO responsibility in today’s environment, where resilience, risk, workforce capacity, regulatory expectations, and evolving threat demands are converging under constrained operating conditions.

• What responsibilities are now realistically expected of CISOs beyond traditional cyber security leadership?
• Where is CISO effectiveness most under strain in today’s operating environment?
• What enables CISOs to sustain effective decision making under continuous pressure?

Continue the conversations in a fun and entertaining way.