Event Agenda

The complex nature of governance in modern industrial environments leaves a critical question unanswered: Who is ultimately responsible for the security of our operational technology? Is it IT, OT, C-suite, or a shared responsibility? In this expert panel discussion, we will dissect the intricate web of governance and accountability in the realm of OT security, exploring the critical need for clear ownership and a unified strategy to defend against escalating cyber threats to critical infrastructure.
.
● How is IT/OT convergence impacting security roles and responsibilities?
● What are the best practices for establishing a robust governance framework that defines roles, responsibilities, and accountability for OT security?
● How do we manage cross-departmental collaboration and communication?
.
– Moderator: John Edwards, Chief Cyber Security Officer, East Metropolitan Health Service
– David Worthington, General Manager – Digital Security and Risk, Jemena
– Alfredo Urdaneta, Control System and SCADA Specialist Engineer – Utilities, Rio Tinto
– Ravi Malik, Principal Controls and OT Security Engineer, Stanwell Corporation Limited
– Prashant Singh, Manager, Cyber Security, Department of Education, Western Australia
– Tony Jarvis, VP Field CISO, Darktrace
– Charles Lim, Head of Digital Innovation & Security Solution, Yokogawa
– Darktrace
.

In order to secure their industrial control systems, many organizations focus solely on the “Machine”—the technology intended to defend the plant floor. However, in Operational Technology (OT), building the right machine is only a small part of the solution. To transform a security investment into a tangible business outcome, organisations must look beyond the product to the ecosystem that supports it.
Using the high-stakes world of Formula 1 racing as a framework, this session explores why even the most advanced cybersecurity tools fail without trained “Pit Crew” (People) and a rigorous “Race Strategy” (Process). We will move past the technical jargon to discuss a holistic methodology for Cyber-Physical Resilience.
.
– Michael Lagana, Director of Solution Engineering – APJ, Claroty
.

In this session, we challenge the assumption that the cloud model is unsuitable for OT environments, sharing how Woodside is leveraging a SASE framework to modernise and strengthen its OT security. We will demonstrate how a carefully planned and executed SASE framework is not an external risk but a powerful tool for moving industrial environments from a state of static, fragile defence to one of dynamic, resilient control. Learn the right way to leverage cloud-based security services without exposing critical OT assets.
.
● Understanding why you should consider adopting SASE in an OT context
● Learn how Woodside is using SASE to create a secure, software-defined network
● Understand the critical controls and safeguards we implemented to manage any additional attack surfaces introduced by SASE
● Get a practical roadmap on how to introduce SASE to your own OT environment
.
– Ricardo da Paz, Senior OT Cyber Security Lead / Cyber Technical Authority, Woodside Energy
– Jamal Shaheed, Operational Technology Engineer | Cyber, Woodside Energy
.

Securing Outdated Building Automation technology: building resilient systems explores modern threats such as phishing, zero-day vulnerabilities, and social engineering, alongside significant historical attacks on critical building and control systems. Knowing what operational technology you have and how to keep it safe and secure and improve your defence in depth strategy.
.
– Mark DeBrito, Cyber Security Business Consultant, Honeywell
.

Delve into a real-world case study on how to significantly improve the security posture of your OT environment with a focus on segmentation and segregation. In this session, our expert speaker provides a step-by-step account of a successful project, from initial assessment and planning to execution and post-implementation validation. We’ll cover the business drivers for the project, the technical challenges faced, and the key lessons learned.
.
● Understand how to create an accurate inventory of assets and network flows
● Design a segmentation and segregation architecture that aligns with business needs and security goals
● Navigate common hurdles like legacy systems, vendor constraints, and production-related risks
● Define and track KPIs to demonstrate a measurable increase in security maturity
.
– Witold Ryba, Regional IT Operations Manager – Australasia / China / Indonesia, Halliburton
.

This presentation delivers a wake-up call to OT security and engineering leaders: your most trusted technology stack may be your greatest vulnerability. Dr Christopher Beggs draws on decades of frontline experience to dismantle the myth that bigger budgets and more tools equal better OT security, exposing how “security theatre” and uniform controls breed dangerous complacency. Through vivid case studies, he compels leaders to abandon outdated mindsets and embrace adaptive processes, relentless training, and genuine IT-OT collaboration. If you believe your current approach is enough, prepare to be challenged. In critical infrastructure, only disruptive thinking delivers real protection.
.
– Dr Chris Beggs, Founder & Principal CEO (Global), SIS – Industrial Cyber Security
.

In July 2025, the Australian government officially adopted IEC 62443 as the national standard for securing OT in critical infrastructure. This move shifts the focus of hospital security from mere data privacy to physical patient safety. In this session, we outline a framework for adapting these industrial standards to the healthcare sector. By looking at a real life example of how the framework was applied in a hospital setting, delegates will understand how adaptable it really is, and see which lessons can be applied to their own contexts.
.
● Hear a case study and get in-depth analysis of how IEC 62443 could be applied in healthcare
● Draw comparisons to your industry and adapt the framework accordingly
● Learn how engineers and IT professionals can work under a single risk management framework
.
– Colin Renouf, CISO, Healius
.

As critical infrastructure enters an era of rapid expansion, resilience must evolve from a compliance obligation into a strategic capability. In this session, Shana Uhlmann and Volker Rath explore how major redevelopment programs demand flexible, composable architectures that avoid legacy constraints while preparing for emerging pressures such as AI, GPU‑driven compute, and increasingly complex cloud–on‑prem balancing. The discussion examines rising SOCI Act maturity, shifting regulatory expectations, and where customer–vendor friction is likely to intensify. The speakers also unpack persistent OT bottlenecks—whether they’re moving or multiplying—and outline the key questions leaders should ask to invest wisely across innovation, resilience uplift, and core operational stability.
.
– Volker Rath, Field CISO for Australia and New Zealand, Cloudflare
– Shana Uhlmann, General Manager Technology, Perth Airport
.

The mining industry is more reliant on digital technology than ever before. From automated haulage systems and remote monitoring to data analytics and supply chain logistics, operational efficiency and safety are deeply integrated with IT infrastructure. However, this digital transformation also exposes the industry to significant and evolving cybersecurity risks. In this session, we will delve into the critical importance of a robust cyber security framework for modern mining operations. We will explore the unique threats facing the sector, including attacks on OT systems, data theft, and intellectual property compromise.
.
● Learn the key vulnerabilities in mining’s digital and physical environments
● Adopt proactive strategies for threat detection and prevention in both IT and OT
● Hear a case study of successful cyber defense in the industry
.
– Sameera Bandara, Head of APAC IT, Programmed
.

Steve Simpson, WA State Manager at Triskele Labs, will briefly outline how organisations can prepare for and respond to cyber incidents in OT-connected environments, drawing on real-world incident response and digital forensics experience. This short introduction highlights Triskele Labs’ sovereign, Australian-based SOC capability and invites attendees to continue practical conversations around incident response, forensics and security operations with the team in the exhibition area
.
– Steve Simpson, WA State Manager, Triskele Labs

.

.
T1: Navigating the Future of Industrial Cyber Risks
– Steve Ingram, Member of the Board of Advisors, Cyble
.
T2: How Do You Manage the Security Risks at the IT/OT Network Boundary?
– Tim Jackson, Head of Solutions Engineering, Dull
.
T3: Who Do You Trust? Architecting OT Remote Access Under SOCI
– Aaron Finnis, Chief Strategy Officer, Identifly
.

Australia’s critical infrastructure is the backbone of its economy and national security. To safeguard these essential assets, regulation has been created, most notably with the SOCI Act, and more recently with the Cyber Security Act. With many organisations still struggling to understand what these laws mean for them, our expert panel from various critical sectors will attempt to demystify the complex compliance landscape, through the lens of OT security.
• What are the practical challenges and opportunities in implementing a cohesive security strategy that meets regulatory requirements?
• What are the latest amendments and what they mean for your organisation’s obligations?
• How do we interpret the industry-specific suggestions in the SOCI Act?
• What does the Cyber Security Act mean for OT security specifically?
.
– Moderator: Junaid Chaudhry, Security Architect, Public Transport Authority of Western Australia
– John Edwards, Chief Cyber Security Officer,East Metropolitan Health Service
– Duné Sookloll, CISO, Horizon Power
– Dane Hobson, Head of Cyber Security,Western Power
– Chad Madaffari, Manager – Cyber Security, Water Corporation
.

xIoT environments underpin modern operations across critical infrastructure. Despite increased awareness, regulation, and tooling, real-world risk still stems from broken fundamentals.
This talk cuts through the hype to examine the security basics that most impact xIoT risk in live environments. Using real-world data from global deployments, it shows how poor visibility, control, and accountability at the device layer allow risk to bypass segmentation, weaken zero trust, and undermine resilience. The session reframes xIoT security around first principles and why mastering fundamentals remains the most effective way to reduce operational and safety risk.
.
– Sonu Shankar, President and COO, Phosphorus
.

OT environments, managing national critical infrastructure like utilities and energy, face escalating cyber threats. The ASD presents crucial insights into the evolving OT threat landscape and introduces the robust Ci-Fortify initiative. This session outlines the essential security principles of this initiative, and protective measures required to defend Industrial Control Systems.
.
• Strengthen your security posture in preparation for crisis
• Learn how you can utilise Ci-Fortify to help protect your critical systems, and the prep work that is needed
• Achieve long term stability by minimising the impact of disruption
.
– Heidi Hutchison, Assistant Director General Cyber Uplift Branch | Cyber Security Resilience Division, Australian Signals Directorate (ASD)

With the increased convergence of IT and OT, user access management is now a key aspect of industrial security. Implementing a robust IAM framework is essential for mitigating insider threats to your OT network. This case study outlines our journey from a fragmented, insecure environment to a centrally managed, secure operational network. We will detail the step-by-step process of IAM implementation, highlighting the key decisions and technical solutions deployed.
.
• How to conduct a comprehensive assessment of OT assets, user roles, and access requirements to build a foundational understanding of the OT environment
• Hear about the criteria used to select an IAM solution that could handle the unique demands of OT
• Develop strategies for managing access during critical maintenance windows, ensuring production continuity
.
– Andrew Thyrd, Network and OT Security Manager, Sydney Airport
.

Australia’s critical infrastructure faces escalating, sophisticated threats, demanding a national strategy for resilience. In this session, we unpack the strategic response led by the Cyber and Infrastructure Security Centre (CISC) and the mandatory requirements of the SOCI Act 2018.
Join to gain vital insights to align your organisation’s security efforts with national security priorities.
.
• Hear about threat evolution and risk models targeting essential services
• Learn the CISC Framework for mandatory risk management programmes and security standards
• Understand the necessary OT security uplift to secure converged, modern OT environments
• Discover practical strategies for building resilience to ensure continuous service delivery and rapid recovery
.
– Brendan Dowling, Deputy Secretary Critical Infrastructure and Protective Security, Australian Department of Home Affairs
.

The promise of Industry 4.0 is to transform OT environments. In this session, we will guide attendees through the critical steps and best practices for adopting new and emerging technologies without compromising the safety and reliability of their operations. A session is designed for anyone involved in the digital transformation of industrial environments, join us to safely maximise your use of the latest tools in an OT context.
.
• Get up to speed with the latest technologies suited to your industrial environment
• Address concerns about adopting new tech by prioritising security
• Adopt a framework for safe integration… or develop your own!
.
– Penny Iverach, Senior Manager – Technology and Transformation, Port of Newcastle
.

This interactive workshop immerses participants in a realistic healthcare OT cyber incident, using a facilitated tabletop exercise to test executive decision-making, cross-team coordination and patient-safety trade-offs under pressure. We will highlight vulnerabilities unique to healthcare OT, including medical devices, building management systems, and clinical infrastructure. Participants will collaborate to assess impacts, prioritise responses, and strengthen incident‑handling risk mitigation strategies.
.
– Yusuf Denath, Manager Cyber Security and Acting Director of ICT, Child and Adolescent Health Service (CAHS)
.

For too long, the focus in OT cyber security has been primarily on tech and tools. While technology is essential, statistics consistently show that the majority of security incidents still trace back to human error or procedural failures. In this session, we put the spotlight back to the foundational controls: people and process. We will explore how to build a mature, sustainable OT security programme by integrating security ownership into the daily workflow of engineers, operators, and maintenance teams.
.
• Establish clear roles and responsibilities that make security an operational requirement, not an IT mandate
• Develop targeted training programs that resonate with the OT mindset and improve incident response
• Create a security-aware culture where safe operation and secure operation are viewed as two sides of the same coin
.
– Brad Flanagan, Head of Digital Operations and Security, Essential Energy
.

The split between IT and OT in mining rail creates substantial obstacles, leading to conflicting priorities and vulnerabilities that threaten our core mission: safe, predictable, and continuous mineral transport. In this session, we focus on the essential cultural and organisational convergence, moving beyond mere technology integration. We share our practical playbook for transforming these two distinct departments into one unified, high-performing rail team.
.
• Create shared goals, establish joint governance for cyber security, and implement skill-bridging programmes
• Learn how unifying your IT and OT workforce is the crucial first step toward fully realising the potential of digital rail, including predictive maintenance and future autonomous operations
.
– Kevin Lill, Principal OT Rail Optimisation, Rio Tinto
.

.
T1: Risk Mindset: How Do We Bring OT Teams Around on Cyber Security?
– Conrad Janerka, Cyber Security Architect, Synergy (Electricity Generation and Retail Corporation)
.
T2: Visibility Challenge: Are We Monitoring the Right Industrial Protocols?
– Chris O’Connor, Rail Systems Specialist Engineer Signals and Communications Rail Maintenance, Hancock Iron Ore
.
T3: What Level of Cyber Due Diligence is Required for OT Vendors?
– Huon Curtis, Member of the Supply Chain Resilience Expert Advisory Group, Australian Department of Home Affairs & Health Industry Outreach Lead & Telecommunications Sector Lead, CI-ISAC Australia
.