CISO Critical Infrastructure Melbourne schedule

During this 10-minute networking session, the aim of the game is to go and meet three people you don't already know. Use the questions on the screen to guide your conversation. Have fun!

Australia’s critical infrastructure is under sustained pressure - from increasingly sophisticated AI-enabled attacks to cascading risks across supply chains, and not to mention natural disasters. This is a call to action: How do we rapidly build real-world cyber-capability, not just policy? Explore the ways C-Suite leaders move beyond minimum compliance to invest in long-term operational resilience across critical infrastructure. Where are your capability gaps, and what happens now to secure Australia’s future?

• Integrate advanced threat detection and automation into existing infrastructure.
• Build trust and transparency with stakeholders through secure-by-design strategies.
• Reduce risk exposure with proactive monitoring and predictive intelligence. 

As PSPF obligations tighten and SOCI reforms deepen, critical infrastructure operators face growing pressure not only to comply but to prove the strength and maturity of their security practices. This keynote explores how to assess, strengthen, and sustain compliance confidence while embedding resilience across systems, people, and processes.

• Assess your current posture and understand where your capabilities lie, whether you’ve crossed the compliance threshold, and where the biggest uplift opportunities remain.
• Clarify the regulatory landscape: unpack how PSPF, SOCI, CIRMP, and emerging cyber rules overlap, and what they mean for executive accountability and governance.
• Link ownership to accountability to explore the “if I can touch it, I can own it” mindset to strengthen control over assets, systems, and risk exposure.
• Build a practical roadmaps that translates regulatory requirements into stronger, more adaptive security and operational continuity.

Panellists

Pearse Courtney Principal Sector Engagement - Energy Markets Cyber Coordination Australian Energy Market Operator (AEMO)

Anafrid Bennet CIO Greater Western Water   

• Identifying high-risk dependencies and vulnerabilities across your supply chain.
• Strengthening oversight and accountability through better risk frameworks and due diligence.
• Embedding cyber resilience into procurement, contracts, and third-party management processes.
• Applying proactive measures to contain and mitigate threats before they escalate.

• Integrate security tools for complete visibility across hybrid environments.
• Minimise business disruption through early risk identification.
• Harness real-time data for informed security decision-making. 

As global volatility intensifies, the stability of critical infrastructure supply chains is increasingly threatened by geopolitical destabilisations, concentrated vendors, and just-in-time models. Efficiency gains have come at the expense of resilience. This session explores how to safeguard essential services amid escalating disruption and regulatory pressure.

• Reassess procurement models to balance cost, resilience, and compliance while avoiding diminishing security returns.
• Collaborate with regulators and partners to strengthen transparency and oversight across volatile supply ecosystems.
• Evaluate geopolitical flashpoints and destabilisations to understand their cascading impacts on Australia’s critical infrastructure.
• Embed resilience into design, planning, and vendor management to withstand future shocks and disruptions.

Panellists

Helaine Leggat Non-Executive Director
CI-ISAC

Jen Stockwell National Security and Geopolitical Risk Principal Telstra

As AI reshapes threat detection, decision-making, and operational oversight, critical infrastructure leaders face a new challenge - how to harness automation without amplifying risk. This session explores how to embed AI responsibly into security and resilience frameworks.

• Leverage AI-driven analytics to detect, respond, and recover faster from complex threats.
• Integrate human oversight to ensure accountability and trust in automated systems.
• Balance innovation with compliance as AI regulations and ethical standards evolve.
• Build assurance frameworks that validate AI performance and mitigate model driven risk. 

• Identify and continuously monitor assets, protocols, and interdependencies across hybrid environments.
• Align cyber security, operations, and engineering around shared OT security goals.
• Continuously monitor assets, protocols, and interdependence across hybrid environments.

Speakers
David Worthington General Manager - Digital Security and Risk Jemena

Luke Ma Head of Technology Controls and Governance AIA Australia 

• Mitigate operational downtime risk during OT upgrades.
• Align OT security strategy with SOCI, NIS2, and sector mandates.
• Segment networks to contain potential breach impact.
• Deploy continuous monitoring to detect anomalous behaviour.

Modernising these assets requires a careful balance between commercial imperatives, operational continuity, and security assurance. This session explores how critical infrastructure operators can innovate with precision—protecting what matters while unlocking new value.

• Assess asset management practices to identify risk, commercial value, and tangible pathways to secure modernisation.
• Protect ageing OT systems that are increasingly connected yet remain essential to operations.
• Mitigate cyber-physical vulnerabilities arising from greater integration, visibility, and remote access.
• Integrate old and new technologies through phased strategies that minimise disruption and sustain resilience.

Panellists

Warwick Brown CISO Karoon Energy

Bilal Baig Senior OT Digital Security Specialist Coles Group 

• Identify compliance gaps that create exploitable vulnerabilities.
• Leverage technology to automate evidence collection and control validation.
• Collaborate with regulators to align on practical implementation.
• Measure security maturity improvements tied to compliance investments. 

• Prioritise investments that deliver the highest maturity uplift per dollar.
• Embed resilience into maturity roadmaps to ensure operational continuity.
• Building intelligent vulnerability management security controls.
• Develop leadership buy-in for long-term maturity investments.

Speakers

Rucha Gatti Associate Director – Resilience Risk NAB

• Aligning budget, training, and leadership priorities for security.
• Practical examples of industry-wide safety/security initiatives.
• Showcasing long-term cultural impact on resilience. 

• Encouraging early reporting without blame: frameworks that support trust and action.
• Detecting high-risk behaviours before they escalate.
• Aligning security, and compliance functions to respond effectively.
• Meeting legal and regulatory requirements for insider threat programs in critical sectors.

 In an era of relentless disruption, organisational resilience is defined by how quickly and effectively you can recover without compromising evidence, trust, or operations. This session unpacks the fundamentals of building resilience that protects assets, aligns stakeholders, and sustains business continuity under pressure. 

• Move from reactive recovery to proactive, adaptive continuity planning.
• Identify and mitigate operational risks before they escalate into crises.
• Design business continuity plans that integrate cyber, physical, and supply chain resilience.

This candid closing discussion brings together senior executives, CISOs, and government leaders to reflect on the day’s biggest insights - and what they’re taking back to the boardroom.

• How are you aligning security with business outcomes and operational risk?
• What’s your top priority for the next 90 days?
• What role should government, industry, and the boardroom each play?

Moderator

Tara Dharnikota Chief Information Security Officer Victoria University

Speakers

Sunil Patnaikuni Head of Technology ANZ 

Huon Curtis Health and Critical Sectors Lead CI-ISAC