BrisSEC Presentation Hub

Time: 10:45am - 11:25am

Location: Ascot Ballroom

Stream: People, Culture and Performance

Speakers: Dr Ivano Bongiovanni, General Manager, AUSCERT & Ashley Deuble, Manager, AUSCERT 

Overview:    

Have you ever wondered what the different cyber job titles mean? And how many are out there? And what does a 'day in the life' of cyber professionals look like? Stop wondering, we have the answers! Starting from a big 'bubble diagram' of all (well, almost all) existing cyber professions, we will show you the most common pathways across roles, seniority, organisational types and industry.

We will quickly move beyond the usual 'technical' vs 'non-technical' difference, to show you, for example, how different is to work for a demand-side organisation and for a vendor. We will explore how the changing context shapes tasks and required skills for cyber professionals, from government organisations, through start-up, to large corporations. In most cases, organisations shape cyber careers, not the other way around. Yet, a comprehensive overview like the one we will be presenting at Brissec simply does not exist.

Existing models like NICE, or the European Union's Cybersecurity Skills Framework, or ASD's Cyber Skills Framework are valid and well established. However, they are static, in that they focus on required competencies, skills and job description, they do not give details about context. And guess what, context in this space is what matters the most...

Our presentation will be dynamic: we will illustrate what to expect from moving from a junior role, say, in a corporate environment, to a similar role in a government organisation. We will highlight what is formally required in terms of skills and certifications, and what is informally very important in terms of attitude and personality. We will show what the pathway to CISO-ship can look like. We will discuss the mainly non-linear nature of the cyber career and talk about those cases in which people seem to have taken a 'step back', as their context has changed. We will offer insights on rarely debated topics such as "what career options outside of cyber are there for cyber professionals?".

This presentation will have something for everyone in the room: existing cyber professionals, people looking to change industry, or organisational remit, career-changer, aspiring leaders, students.

We have a combined experience of +25 years in the cybersecurity industry, across several roles. Our hands-on presentation will leverage this, and the multitude of 'stories' we have collected along the way.

Time: 10:45am - 11:25am

Location: Teneriffe Ballroom 

Stream: Risk, Regulation & Accountability  

Speaker: Andrew Longhorn, Senior Solutions Architect, TrendAI

Overview:    

AI adoption is accelerating—92% of enterprises deploy it today. Governance isn't. Only 18% have frameworks in place. This talk exposes why. The gap isn't technical; it's organizational. CIOs face competing mandates: accelerate adoption while ensuring compliance. CISOs inherit unvetted AI risks. Legal teams lack frameworks for technology that didn't exist when policies were written.

"The AI Policy Paradox: Why Enterprises Are Stuck in Governance Gridlock"

AI adoption is accelerating—92% of Australian and global enterprises deploy it today. Governance isn't. Only 18% have frameworks in place. This session explores why. The gap isn't technical; it's organisational. CIOs face competing mandates: accelerate adoption whilst ensuring compliance. CISOs inherit unvetted AI risks. Legal teams lack frameworks for technology that didn't exist when policies were written.

The regulatory clock is ticking. EU AI Act enforcement began August 2025 (penalties up to AUD$55 million+ per organisation). Singapore MAS mandatory guidelines took effect December 2024. Insurance companies are refusing AI breach coverage. Audit firms flag AI as a "critical unknown."

Using data from Deloitte-NASCIO and Ponemon, we'll unpack the C-suite's impossible position, then present a 3-step actionable framework to unblock governance gridlock.

Time: 10:45am - 11:25am

Location: Paddington Ballroom

Stream:  Staying Ahead of a Fast Moving Threat Landscape 

Speaker:  Dr Gowri Sankar Ramachandran, Cyber Security Researcher, QUT 

Overview: 

Software supply chain attacks are among the fastest-growing cybersecurity threats, with a 156% year-over-year increase and more than 700,000 malicious components identified in 2024. Attackers exploit trusted open-source repositories by injecting malware into popular software packages, affecting millions of downstream users. Traditional detection methods, such as metadata analysis and static code inspection, struggle to identify sophisticated attacks, including typosquatting, covert backdoors, dynamic payload generation, and multiphase malware hidden in dependency chains.

This presentation introduces a breakthrough approach using kernel-level monitoring to detect threats during package installation, the critical moment when malicious code activates. By leveraging eBPF (extended Berkeley Packet Filter) technology to observe system calls, network connections, file operations, and memory patterns in real time, this method successfully detects malware.

The research analysed over 14,000 Python packages and successfully identified and removed confirmed malware from the Python Package Index, which serves 1.8 billion daily downloads. Attendees will learn how runtime behavioural analysis detects what static tools miss, explore real-world case studies of discovered threats, and understand practical implementation strategies for cloud and enterprise environments. The talk concludes with emerging directions, including cross-ecosystem detection and enterprise security integration.

Time: 11:30am - 12:10pm

Location: Ascot Ballroom

Stream: People, Culture and Performance

Speaker: Felicity Abell, Change Management Specialist

Overview:    

In the race to secure the Sunshine State within an increasingly complex cyber threat landscape, technical solutions alone are not enough. Many cybersecurity initiatives fail not because the technology is flawed, but because people are not brought along the journey.

This session explores the human side of cyber security change and why a lack of care or understanding often results in resistance, disengagement, and failed outcomes. Drawing on over 20 years of experience delivering large-scale change in technical and cybersecurity environments, Felicity shares practical, real-world insights into what enables people to adopt and sustain change.

Using a proven change management framework as a guiding structure, the presentation walks through each stage of change, highlighting key actions that leaders, project teams, and practitioners can take to support people effectively at every step. Rather than focusing on theory, the session translates the framework into actionable steps that can be applied immediately in workplace change initiatives.

Attendees will gain a clearer understanding of why change stalls when people lack awareness or personal connection, how to build genuine engagement, and how to reinforce new ways of working so change is sustained over time. The session concludes with a call to action, encouraging participants to identify one practical step they can take back to their teams to improve change outcomes as early as the next day.

This presentation is ideal for anyone involved in delivering or supporting cyber security and technology change, including project team members, leaders, and professionals who may be asked to “get change done” without formal change management training.

Time: 11:30am - 12:10pm

Location: Teneriffe Ballroom

Stream:  Risk, Regulation & Accountability  

Speaker:  Darren Hopkins, Partner, McGrathNicol 

Overview:    

Cyber incident response is often described as a disciplined and controlled process: defined playbooks, clear ownership, and rehearsed execution. In reality, many of the most challenging cyber crises begin when those assumptions no longer apply. Control may already be lost, speed may matter more than certainty, and critical information may sit with third parties outside the organisation’s direct influence. In these moments, leaders discover that plans are necessary, but not sufficient; agility, judgement, and accountable decision‑making become the differentiators.

This interactive presentation explores the reality of responding to cyber crises where organisations are reacting rather than leading. Drawing on real‑world experience, the session focuses on incidents driven or shaped by third parties, including suppliers, service providers, managed platforms, and external threat actors, and how these conditions force leaders to move beyond static plans toward agile decision‑making. The central question is not “What does the playbook say?” but “What decision can we defend right now, given what we know, the risks we face, and the time we have?”

We will examine situations where time pressure, incomplete or conflicting information, and external dependencies fundamentally change how response decisions are made. These include third‑party breaches that rapidly become your organisation’s problem, supply‑chain compromises where evidence and timelines are controlled by others, and periods of heightened scrutiny where executives, legal teams, regulators, and customers demand clarity before facts are fully established. The session also addresses external claims, such as dark‑web leak postings and public allegations, that may prove false, exaggerated, or unrelated, but still demand a structured response. These scenarios highlight that response is not always about executing a predefined playbook; it is about making defensible choices when certainty is unavailable and delay carries its own risk.

Audience interaction through concise polling will surface how different choices influence outcomes as new information emerges. Rather than focusing on tools or technologies, the emphasis is on the concepts that enable effective response under pressure: clarity of roles, prioritisation when everything feels urgent, governance that enables speed without abandoning accountability, and communication that aligns technical reality with executive and stakeholder expectations. We will discuss practical mechanisms for operating in this grey zone: lightweight decision logs, pre‑agreed escalation thresholds, external counsel and insurer coordination, and structured “pause points” to reassess as signals change.

Aligned with the BrisSEC 2026 theme, The race to secure the Sunshine State, this session recognises that cyber security is a continuous contest, and that many organisations are forced to run critical stages of that race in someone else’s lane. Attendees will leave with practical insights to help them respond effectively when speed is essential, control is shared or limited, information is uncertain, and plans alone are not enough. The goal is a repeatable mindset: move fast, stay accountable, adapt with discipline, and make better decisions when it matters most.

Time: 11:30am - 12:10pm

Location: Paddington Ballroom

Stream:  Staying Ahead of a Fast Moving Threat Landscape 

Speaker: Adam McHugh, Cyber Security Specialist, Amentum 

Overview: 

The traditional "patch-or-perish" mantra is failing. Historically, defenders relied on a "grace period" between a vulnerability’s disclosure and its weaponisation. However, in 2026, the proliferation of Large Language Models (LLMs) and advanced reasoning engines has effectively collapsed this "Exploit Gap." 

With safeguards being bypassed and models being tuned for offensive diff-analysis, the time-to-exploit has dropped from weeks to minutes. When an adversary can generate a functional PoC faster than a Change Advisory Board can meet, the patching treadmill becomes a direct path to team burnout.

Time: 1:15pm - 1:55pm

Location: Ascot Ballroom

Stream: People, Culture and Performance

Speaker:  Matt Smit, Officer, ADF 

Overview: Coming soon

Time: 1:15 pm - 1:55 pm

Location: Teneriffe Ballroom

Stream: Risk, Regulation & Accountability  

Speakers: Alexander White,  Queensland’s Privacy Commissioner, Office of the Information Commissioner & Nicole Stephensen, Privacy Maven and Group Risk Manager, UnitingCare Queensland & Charlotte Davidson, Interim Chief Executive Officer, IDCARE.

Overview:      

In the fast-evolving world of cyber security, emerging technologies have made it more challenging than ever to maintain the principles of confidentiality, integrity, and availability (CIA). When it comes to personal information, cybersecurity is not only a business imperative, but also a legal requirement. Under the Information Privacy Act's Queensland Privacy Principle (QPP) 11 and the Commonwealth Privacy Act 1988's and the Australian Privacy Principle (APP) 11, organisations must take reasonable steps to protect the information.

Privacy Impact Assessments (PIAs) have emerged as a vital tool in this arena, helping organisations bridge the gap between privacy obligations and security objectives.

This panel will explore how PIAs—a strategic process designed to identify and mitigate privacy risks—play an essential role in enabling and enhancing the CIA triad. By assessing how personal information is collected, used, managed, and shared, PIAs provide organisations with a structured framework to identify vulnerabilities, analyse risks, and implement measures that both ensure privacy protections and strengthen overall organisational resilience.

Join experts from state and federal regulators as well as the private sector to discuss best practices and hard-learned lessons in privacy risk assessment.

Time: 1:15 pm - 1:55 pm

Location: Paddington Ballroom

Stream:  Staying Ahead of a Fast Moving Threat Landscape 

Speakers:  Atticus D’Mello, Security Researcher, Safety Net Cyber & Justin Keating, Director, Safety Net Cyber  

Overview: 

This research focuses on how an attacker approaches, studies, bypasses, and fully exploits a real-world system to achieve a specific objective. The use case examined in this presentation is Instagram’s account creation limitations. 

Instagram restricts how many accounts an individual can create to ensure its platform economy remains meaningful and resistant to manipulation. If an attacker can simultaneously control multiple accounts, they could misrepresent likes, manipulate users through false reports, and mass report innocent accounts until they are taken down.

Despite Instagram’s existing controls, we have identified notable vulnerabilities that allow a hacker with the right tools to bypass these protections. Through pen testing and controlled experimentation, we were able to deduce the five primary signals Instagram uses to track and limit individuals: networking, application, device, identity, and behaviour. Each identified control and tracking signal is supported by clear observations, demonstrating that a hacker does not need root access or a strong technical background to discover these mechanisms, only common sense and basic testing equipment. By utilising controlled mobile environments such as GraphenOS, temporary email and phone services, AI generated data, and proxy services, we were able to develop systems capable of misleading each of these signals.

These systems and tools will be demonstrated live, showing exactly how they bypass certain controls but not others. It will also be explained why some techniques work while others fail. This provides a rarely seen perspective of what an attacker observes and how they adapt. In addition, we identified two key vulnerabilities within Instagram’s internal systems that enable this account creation activity. Specifically, these relate to differences in policies around account creation versus account variation, as well as the option to accept photos as a form of identification.

Using this information, we developed a clear and detailed methodology that can almost completely bypass these controls. This methodology does not require a low-level understanding of Instagram, nor does it require advanced “hacking” techniques. Instead, it can be understood at a high level by individuals with a basic understanding of IT and security. This system will be demonstrated live with some redactions to prevent recreation. The audience will be taken through each control that is bypassed, with concepts shown step by step in real time. Preliminary results already indicate a success rate of over 90% using this attack vector.

While Niche, this use case highlights the constant battle between attackers and defenders. For every control a defender introduces, an attacker will work on a workaround. By identifying these vulnerabilities, it becomes clear how they can be mitigated. However, to reach this understanding, it’s necessary to put ourselves in the hacker’s shoes.

Time: 2:00 pm - 2:40 pm

Location: Ascot Ballroom

Stream: People, Culture and Performance

Speaker:  Jack Cross, CISO, QUT

Overview:    Cyber uplift is often described in terms of frameworks, tooling and maturity models — but the real story is far more human. Over the past four years, QUT has navigated one of the most significant security transformations in its history, shaped not only by a major ransomware incident but by a rapidly evolving threat landscape that now includes growing espionage pressures.

This presentation explores the journey through the lens of the “Five Ps”:

• People: why executive support was the easy part, and how the real challenge lay in helping overloaded IT teams and business units change how they work.

• Performance: how grounding every decision in risk reduction (not maturity for maturity’s sake) kept the program focused and credible.

• Projects: the contrast between a complex, debt‑laden IAM uplift and a clean‑slate SOC build, and what they taught us about choosing the right delivery approach.

• Pirates: how real‑world adversaries accelerated our delivery tempo and reshaped our priorities.

• Patience: the quiet discipline of staying the course, celebrating progress, and recognising that cultural change moves at the speed of people, not technology.

Time: 2:00 pm - 2:40 pm

Location: Teneriffe Ballroom

Stream:  Risk, Regulation & Accountability  

Overview:   CyberPath is an initiative driven from the 2023-2030 Australian Cyber Security Strategy exploring what a formally recognised Australian cyber profession could look like.

Its first major milestone, an Occupations Framework,  is due May 2026. This framework will set the national standard for cyber roles, laying the groundwork for recognised competencies, career pathways, and professional credentials across the sector.

Join this exclusive industry round-table to help shape the four foundational occupations proposed for national standardisation:

• Cyber Security Architect
• GRC  Specialist
• Information  Security Manager
• SOC Analyst
• 
  

This is your opportunity to challenge assumptions, share frontline perspectives, and directly influence how these critical roles are defined for the future of Australian cyber.

Time: 2:00pm - 2:45pm

Location: Paddington Ballroom

Stream:  Staying Ahead of a Fast Moving Threat Landscape 

Speakers:   Prof Robin Doss, Co-Director, Deakin Cyber Research Hub &
Dr Praveen Gauravaram, Principal Scientist, Tata Consultancy Services 

Overview: Physical Security is a key component of protecting and safeguarding critical infrastructure. Smart environments, including enterprise campuses, healthcare facilities, transport and utilities, increasingly rely on interconnected digital systems for security and access management. These environments are inherently dynamic, with users moving frequently between zones that require varying levels of authorisation. Traditional access control mechanisms authenticate users only at discrete checkpoints, typically upon entry, after which continuous verification is absent. This creates exploitable gaps that enable threats such as tailgating, credential theft, and unauthorised lateral movement within facilities. Such risks are particularly concerning in sensitive operational contexts, including hospitals, data centres, and industrial control sites.

NIST guidelines, including SP 800-12 and SP 800-53, explicitly highlight the importance of continuous verification, contextual validation, and real-time access monitoring as part of a defence-in-depth strategy for physical security. These standards emphasise that static, entry-point authentication must evolve toward continuous and adaptive assurance models that dynamically align access privileges with user context and behaviour.

In this talk, we explore the use of ambient intelligence to implement a continuous authentication and dynamic authorisation system by presenting a real-world proof of concept (PoC) and case study.  We will demonstrate how continuous authentication and dynamic authorisation could be enforced using ambient and contextual signals — such as location, proximity, and behavioural patterns — without introducing friction into operations. 

From an operation technology (OT) perspective, the value of the work lies in engineering safe access assurance patterns — particularly for environments where physical access, safety zones, and operational continuity are tightly coupled. The work will highlight how identity, access, and monitoring could be integrated as part of operational design, rather than bolted on afterward.

We will demonstrate the technology to show its feasibility and how decisions could adapt dynamically based on context, rather than relying on one-time authentication.  Designed as a modular and multi-modal system that enables persistent, context-aware verification of user identity across the facility lifecycle, the system integrates ambient intelligence with real-time sensor data fusion for enhanced situational awareness. The proof of concept leverages a heterogeneous network of off-the-shelf sensors, such as NFC readers, RFID tags, biometric scanners, and motion detectors, to continuously monitor user movement and enforce adaptive access control policies. 

Time: 2:40 pm - 3:25 pm

Location: Ascot Ballroom

Stream: People, Culture and Performance

Speaker:  Dr Meagan Copelin, Founder, Mental Rich

Overview:   Cyber security is often framed as a contest of tools, architectures, and control maturity. Yet adversaries consistently outpace even well-resourced organizations. The reason is not always technical deficiency. It is psychological predictability.

Threat actors do not need to defeat every control. They only need to understand how humans respond under pressure.

Adversaries exploit urgency bias, authority bias, cognitive overload, fragmented communication, automation overreliance, and performance strain. These patterns are stable, measurable, and scalable. While defensive systems evolve through governance cycles and procurement processes, human cognition remains the most consistently targeted surface in the digital threat landscape.

This session introduces a behavioral systems perspective on the cyber race. Drawing from behavioral health psychology and forensic cyberpsychology, it examines how psychological mechanisms shape incident response, executive decision-making, security culture, and AI-assisted environments. It explores how digital architectures and intelligent systems can unintentionally amplify cognitive shortcuts, overconfidence, and miscalibrated trust — particularly during high-stakes incidents.

Rather than positioning people as the weakest link, this session reframes human behavior as the decisive terrain where many security outcomes are determined.

Participants will explore:

• How adversaries leverage predictable cognitive patterns at scale

• Why automation bias and decision fatigue distort risk perception

• How organizational culture influences vulnerability under sustained threat activity

• The impact of compressed decision cycles on leadership judgment

• Practical ways to integrate behavioral risk awareness into governance and performance strategy

In a landscape where adversaries adapt faster than traditional control design, technical speed alone is insufficient. Sustainable advantage requires understanding the psychological conditions that either widen or close exposure gaps.

The race to secure Queensland’s digital future is not only about stronger tools, but about informed human performance under pressure. By integrating behavioral science into security culture and leadership practice, organizations can move from reactive containment toward anticipatory resilience.

The psychological edge is not an abstract concept. It is the difference between controls that exist on paper and controls that hold under stress.

Time: 2:40 pm - 3:25 pm

Location: Teneriffe Ballroom

Stream:  Risk, Regulation & Accountability  

Speaker: Wayne Pennington, Cyber Advisor

Overview:     

Critical infrastructure represents one of the most complex and high-stakes environments for cybersecurity professionals. Protecting these vital systems requires more than just technical acumen; it demands a delicate balance between modern security mandates and the rigid requirements of safety-critical operations.

In this session, Wayne shares a decade of frontline leadership experience, drawing on deep involvement in large-scale national infrastructure projects and the ongoing protection and uplift of legacy Operational Technology (OT) within highly regulated environments.

Time: 2:40pm - 3.25pm

Location: Paddington Ballroom

Stream:  Staying Ahead of a Fast Moving Threat Landscape 

Speaker:   Prof Craig Costello, QUT

Overview: Australia’s cyber community now has a concrete clock to work against: ASD guidance recommends adoption of post-quantum cryptography (PQC) by the end of 2030, with planning and migration starting well before then. At the same time, Queensland is investing heavily in quantum technologies and positioning itself as a national leader, so it’s inevitable that Queensland organisations will be asked, increasingly soon, “what’s your quantum-safe plan?”

This session is a practical, Queensland-focused roadmap for navigating the PQC transition without getting lost in hype or vendor pitches. We’ll cover (1) what actually breaks (and what doesn’t) when cryptography meets a cryptographically relevant quantum computer, (2) the “harvest now, decrypt later” reality that makes some data urgent today, and (3) the operational work that dominates real migrations: crypto inventories, dependency mapping, certificate/TLS touchpoints, procurement language, and staged rollouts. 

Attendees will leave with a simple set of actions they can start next week, plus a concrete way to brief executives and boards in plain language that matches the pressure of “the race to secure the Sunshine State.

Time: 2:40pm - 3.25pm

Location: Paddington Ballroom

Stream:  Staying Ahead of a Fast Moving Threat Landscape 

Speakers:   Prof Craig Costello, QUT

Overview: Australia’s cyber community now has a concrete clock to work against: ASD guidance recommends adoption of post-quantum cryptography (PQC) by the end of 2030, with planning and migration starting well before then. At the same time, Queensland is investing heavily in quantum technologies and positioning itself as a national leader, so it’s inevitable that Queensland organisations will be asked, increasingly soon, “what’s your quantum-safe plan?”

This session is a practical, Queensland-focused roadmap for navigating the PQC transition without getting lost in hype or vendor pitches. We’ll cover (1) what actually breaks (and what doesn’t) when cryptography meets a cryptographically relevant quantum computer, (2) the “harvest now, decrypt later” reality that makes some data urgent today, and (3) the operational work that dominates real migrations: crypto inventories, dependency mapping, certificate/TLS touchpoints, procurement language, and staged rollouts. 

Attendees will leave with a simple set of actions they can start next week, plus a concrete way to brief executives and boards in plain language that matches the pressure of “the race to secure the Sunshine State.

Time: 4:00pm - 5:00pm

Location: Ascot Ballroom

Speaker:  Milo Wilkinson

Overview:    Delve into the fascinating world of neuroscience and unravel the profound mysteries of your own mind in my keynote, 'Brain 101: Mental Agility = Resilience.' Despite all of us having a brain, only a handful truly comprehend its capabilities, necessities, and the secret to unlocking its peak performance. This presentation is set to change that. Engage in an exciting journey to discover your primal brain - the 'engine room' of your consciousness that silently influences over 90% of your decision making. 

Far from a traditional keynote, this session places you at the heart of the discovery process through an extraordinary real-world 'experiment.' You will be led through a series of experiences and insights that will make you question the power of your own mind and your own perception of reality. 

During this highly interactive session, we will shed light on the operations of the subconscious mind, revealing how its primal instincts and patterns shape our daily lives, decisions, and overall resilience. We will also explore practical strategies to hone your mental agility, a key factor in fostering resilience and achieving personal and professional success. This keynote will provide you with a unique blend of science, discovery, and practical applications, leading you to a deeper understanding of yourself and your limitless potential.