Dive into the minds shaping the PerthSEC program. Here you'll find a snapshot of each presentation including location, speaker details and presentation overview.
.
The presentation hub drop down menu is designed for you to access the content by clicking on the presentation name.
Time: 10:45am - 11:25am
Location: Crown Ballroom 1
Stream: Strategic leadership, risk, policy and regulations
Speaker: Commissioner Annelies Moens, Office of the Information Commissioner, Government of Western Australia
Overview:
Coming soon!
Time: 10:45am - 11:25am
Location: Crown Ballroom C&B
Stream: Building resilience
Speaker: Andrew Philp, Field CISO ANZ, Trend Micro
Overview:
In an industry captivated by new threats and shiny solutions, the security programs that earn long-term backing aren't the loudest — they're the most predictable. This session makes the business case for “boring security”: repeatable processes, consistent metrics, and risk narratives that resonate with executive decision-makers.
By aligning security reporting with business expectations, security leaders not only gain credibility — they also create the conditions for smarter hiring, sustained investment, and strategic influence.
Boring doesn’t mean basic — it means building a foundation leadership can count on.
Key Takeaways:
- Why boring security (think: consistency, not complacency) builds executive confidence
- How to quantify risk posture in a way that influences hiring and budget decisions
- Metrics that speak the board’s language — and how to surface them regularly
- Practical strategies for embedding cyber in enterprise planning without the hype.
Time: 10:45am - 11:25am
Location: Crown Ballroom A
Stream: The Human Element
Speaker: David Taylor, Senior Cyber Security Advisor, Bunnings
Overview:
The Model Context Protocol (MCP) is rapidly emerging as a foundational layer for enabling AI agents to interact with tools, data, and enterprise systems. As organisations adopt agentic AI to automate workflows and enhance decision-making, MCP becomes a critical interface—but also a potential attack surface.
This session introduces MCP and its role in tool-using AI agents, highlighting why its dynamic and evolving nature demands urgent cybersecurity attention. Attendees will gain a clear understanding of the risks associated with MCP, including supply chain vulnerabilities, tool poisoning, over-privileged access, and prompt injection.
Drawing from real-world implementation guidance, the talk outlines actionable strategies for securing MCP in corporate environments. Topics include authentication and access control, input validation, sandboxing, data protection, and monitoring. Whether you're deploying AI agents internally or integrating third-party MCP services, this session will equip you with the principles and practices needed to build resilient, trustworthy systems.
Time: 11:30am - 12:10pm
Location: Crown Ballroom 1
Stream: Strategic leadership, risk, policy and regulations
Speaker: Jacqui Laoustau, Executive Director, AWSN and Laki Koridylas, Deputy Director, CCSRI, RMIT University
Overview:
This presentation will present the key findings and recommendations from the most recent study looking at gender diversity in the Australian Cyber Security sector through a partnership between the Australian Women in Security Network (AWSN) and RMIT University Centre for Cyber Security Research & Innovation (CCSRI). Attendees will gain valuable insights into the effectiveness of gender-based initiatives and practical strategies for advancing gender equity in the cyber security workforce.
The Australian cyber security industry faces significant challenges, particularly in terms of skills shortages and a lack of diversity. To address the critical need for a more inclusive workforce, RMIT University, in partnership with the Australian Women in Security Network (AWSN), conducted a comprehensive study focused on the effectiveness of diversity programs in the sector.
The study was conducted in three stages:
• Stage 1 (2022–2023): Analysed Census data and sector-specific surveys to assess gender representation in the industry. Findings revealed a significant underrepresentation of women and highlighted potential benefits of increased diversity, such as enhanced innovation, strategic thinking, and problem-solving abilities. These results established a baseline understanding of gender disparities and emphasized the necessity for interventions to promote equity.
• Stage 2 (2024): Examined the reasons for women's departure from the cybersecurity workforce and explored strategies to improve their representation. Through literature reviews and interviews with former female cyber security professionals, the study identified key issues such as workplace culture, limited career advancement, and work-life balance hurdles. It concluded with 14 recommendations, including gender inclusivity training, initiatives to o encourage women's interest in cybersecurity, and support for gender pay gap audits.
• Stage 3 (2025). This stage is evaluating the impact of initiatives supporting women's participation and retention in the cyber security workforce. Building on insights from previous studies, we assessed the effectiveness of various diversity programs, such as mentoring, outreach, professional development, and networking. While also updating metrics on female participation in the sector using 2025 ABS data, the study identifies key success factors, areas for improvement, and best practices.
Time: 11:30am - 12:10pm
Location: Crown Ballroom C&B
Stream: Building resilience
Speaker: Edmound Repsevicius, Cyber Security Architect
Overview:
The Australian Federal Government has introduced the Critical Infrastructure Bill, 2020 into legislation raising the number of Systems of National Significance, SoNS from four sectors to eleven.
A significant portion of these sectors have OT Technology that must be protected from cyber attacks. IT & OT Convergence is still happening – organisations are still “hungry” for OT data to improve efficiencies by using IT based Data Analytics tools.
One method to reduce the ability of an IT incursion taking a foothold into OT/ICS systems is by implementing an OT DMZ. This presentation will cover a checklist of the Architectural Design Considerations that must be addressed by those who are protecting their organisations OT/ICS systems. It includes:
- Why have an OT DMZ?
- What are the components that make up a successful OT DMZ?
- Secure Authentication (2FA, tokens, Passwordless, FIDO2, internet connected?)
- Remote Access (portals, recording sessions?)
- Historians and Data Analytics tools
- Secure file transfer (inbound or outbound?)
Time: 11:30am - 12:10pm
Location: Crown Ballroom A
Stream: The Human Element
Speaker: Dinda Temperon, Head of Cyber Security Engineering, Insigna Financial
Overview:
We've built entire industries around patching systems - but who's patching the people defending them? Burnout is the silent breach no tool can stop. It drives human error, erodes judgement in crises, and leaves organisations exposed. Yet most leaders still treat it as a "wellbeing issue” rather than the security control failure it really is.
In this session, cyber leader and transformation coach Dinda Timperon reframes burnout as the next frontier of cyber resilience. She introduces the R.E.S.T. Framework - a practical model for leaders to:
Recognise burnout as a security risk by spotting early warning signs.
Equip teams with resilient workflows such as role rotation, resilience sprints, and simplified playbooks.
Sustain energy with measurable practices, tracking human resilience like any other control.
Thrive by leading in ways that protect people as the ultimate defence.
This is about cracking the complexity of human performance under fire — and why safeguarding your people is the most critical act of protecting the organisation.
Time: 1:15pm - 1:55pm
Location: Crown Ballroom 1
Stream: Strategic leadership, risk, policy and regulations
Speaker: Akhilesh Das, IT & Information Security Lead, XPON Technologies
Overview:
AI isn't just a new player in cyber warfare; it's completely changing the game. We're talking about incredibly targeted phishing attacks, deepfakes that are getting harder to spot, and AI exploits in supply chains that are adding layers of complexity for security leaders like yourselves. The old security handbooks? They're just not cutting it anymore the threats are evolving way too quickly.
That's why this session is all about equipping you with a solid battle plan for this new AI era. You'll learn how to conduct AI risk assessments that go deeper than just ticking compliance boxes. We're talking about uncovering the hidden vulnerabilities that really matter. Plus, we'll cover how to defend against those reputation-damaging deepfake attacks and manage the AI risks lurking within your third-party vendors, the ones that traditional reviews often miss. And, of course, we'll dive into the non-negotiables IAM, MFA, and Zero Trust and how you need to adapt them to stay ahead in this AI-powered world.
By the end of this session, you'll walk away with a strategic framework to future-proof your organisation. Think clear priorities, practical defences, and, most importantly, the confidence to lead through the complexity, instead of just reacting to it.
Time: 1:15pm - 1:55pm
Location: Crown Ballroom C&B
Stream: Building resilience
Speaker: Trevlyn Farrar, Assistant Manager Cyber Security, WA Health
Overview:
Year after year, the healthcare sector tops the charts as the most targeted industry for cyber attacks. The complexity of clinical environments, legacy systems, and life-critical operations makes resilience not just a goal—but a necessity.
In this session, Trevlyn Farrar shares how WA Health is cracking complexity through the development of a Cyber Incident Management Framework (CIMF) and a high-impact Simulated Cyber Incident (SCI) program. Designed for a federated health system, the CIMF provides a structured, scalable approach to incident response that bridges the gap between ICT, governance, and clinical operations. Attendees will be taken inside a recent simulation that tested the framework across executive, clinical, technical, and operational layers. The session will unpack how WA Health navigated decision paralysis, communication breakdowns, and operational disruption—while surfacing critical lessons in preparedness, coordination, and leadership.
This is a candid, boots-on-the-ground account of building cyber resilience in one of the most complex and high-risk sectors. Whether you're defending a hospital, a health network, or any critical infrastructure, this session offers practical insights you can apply immediately.
Time: 1:15pm - 1:55pm
Location: Crown Ballroom A
Stream: The Human Element
Speaker: Mark Barratt, Assistant Director - Enterprise Security and Risk, Western Australia Police Force
Overview:
Coming Soon
Time: 2:00pm - 2:40pm
Location: Crown Ballroom 1
Stream: Strategic leadership, risk, policy and regulations
Speaker: Lyal Collins, Senior Security Consultant, Aura Information Security
Overview:
Post quantum cryptographic algorithms have recently been standardised by the US NIST, and are already present in some software and firmware. Presence of a capability delivers minimal value unless its actually used. Security capabilities create even more value if less secure options are disabled.
The global retail payment industry took almost 2 decaded to disable 56-DES encryption and enforce much stronger 3DES encryption. This talk will discuss this history, challenges and lessons learned, along with other examples highlighting the need for startegic planning about critical but virtually invisible security controls.
This talk will cover
- My lived experience in migrating cryptographic solutions in standards and compliance environment
- Pragmatism about moving to PQC sooner rather than later
- Challenges some of us will face
- Driving the decision and investment choices, rather than these factors driving you
Time: 2:00pm - 2:40pm
Location: Crown Ballroom C&B
Stream: Building resilience
Panellists:
Overview:
Coming soon
Time: 2:00pm - 2:40pm
Location: Crown Ballroom A
Stream: The Human Element
Speaker: Carter Smith, Principal Security Consultant, CyberCX
Overview:
These days, it’s impossible to escape online advertisement. Advertisers are continually evolving ways to target and re-target potential customers. Some techniques are only known by people in the industry. Mobile AD Identifiers (MAIDs) are unique identifiers assigned to mobile devices for advertising purposes, offering digital marketers’ ways to re-target ads, across platforms. Each time you’re served an Ad, your MAID, along with identifying information, such as IP addresses, or exact geolocation are transmitted to the Ad server.
In this presentation, we explore the use of MAIDs for more nefarious use cases. We’ll look at how MAIDs can be used in Open-Source Intelligence (OSINT) investigations, deconstruct an app that uses a MAID provider’s SDK, and show you some real demonstrations of how scary online advertisement information can be.
Time: 2:45pm - 3:25pm
Location: Crown Ballroom 1
Stream: Strategic leadership, risk, policy and regulations
Speaker: Paresh Kerai, Senior OT Cyber Security Engineer, Exida
Overview:
The convergence of operational technology (OT) and information technology (IT) has heightened the vulnerability of industrial control systems (ICS) to cyber threats, making cyber risk a critical concern for process safety and operational resilience. Traditional risk management frameworks often neglect the dynamic nature of cyber threats, which can jeopardise functional safety and result in hazardous process conditions.
The presentation delves into integrating functional safety and cyber process hazard analysis (CyberPHA) methodologies to strengthen industrial cybersecurity risk assessments. It emphasises how cyber-induced failures can affect safety instrumented systems and other protective layers, elevating the risk of cascading failures in critical infrastructure. The discussion covers best practices for evaluating cyber risks in safety-critical environments, utilising CyberPHA methodologies to systematically identify and mitigate vulnerabilities in industrial automation and control systems (IACS).
Organisations can bridge the divide between traditional process safety and contemporary cyber risk management by aligning cybersecurity measures with IEC 61508, IEC 62443, and ISA/IEC 61511 standards. This strategy ensures that cyber-physical threats are incorporated into hazard and operability studies (HAZOPs), layer of protection analysis (LOPA), and safety lifecycle management, ultimately enhancing the resilience of industrial operations.
Time: 2:45pm - 3:25pm
Location: Crown Ballroom C&B
Stream: Building resilience
Panellists:
Overview:
In a world where cyber threats are escalating but budgets aren’t, security leaders are being asked to do more with less...often a lot less. Are we, as an industry, failing? Breaches persist, often due to trivial oversights, not because adversaries are more advanced, but because they exploit our limited capacity.
In our pursuit of maturity, control implementation, alert response, and stakeholder education and engagement, we risk becoming trapped in a cycle of overcommitment and under delivery. Few have the clarity, or courage, to confront this capacity challenge head-on. We must learn to work the priority, not just the problem.
Drawing from real-world experience across enterprise, public sector, and MSSP-style environments, this session is a candid exploration of how to run effective cyber security programs on minimal resources. We’ll share practical, low-cost strategies that deliver high-impact results. Expect war stories, lessons learned, and a few laughs, because cracking complexity doesn’t always require cracking the bank.
Time: 2:45pm - 3:25pm
Location: Crown Ballroom A
Stream: The Human Element
Speaker: Luisa Amanda, Senior Consultant, KPMG
Overview:
Deepfake scams are like strangers wearing the faces of people we trust, they don’t just mimic appearance, they mirror cultural expectations.
In two striking cases, Arup’s Hong Kong office was deceived by deepfakes impersonating senior executives, while U.S. retirees were lured into fake investments by videos of Elon Musk. These incidents show how attackers weaponise trust, exploiting cultural norms like respect for authority or admiration for public figures.
Just as our instincts are shaped by the culture we live in, so too are our vulnerabilities. In a world where seeing is no longer believing, resilience starts with understanding how culture can be used against us.
Australian Information Security Association (AISA) Ltd
Level 8, 65 York Street, Sydney NSW 2000 | 02 8076 6012 | ABN: 18 171 935 959
Copyright © 2025 AISA Sec Days All Rights Reserved