Australia’s cyber workforce is facing critical skills shortages at the same time as the threat landscape grows in scale and complexity. Yet women remain significantly underrepresented across cyber roles, limiting the diversity of perspectives needed to address evolving risks. Boosting female participation is not simply a matter of equity—it is a strategic imperative for capability, innovation and resilience.

This session will explore:

• Unlock diverse thinking to strengthen problem-solving and innovation in cybersecurity.
• Close the skills gap by tapping into an underrepresented and capable talent pool.
• Boost performance through inclusive teams proven to deliver stronger outcomes.

The Australian Centre to Counter Child Exploitation (ACCCE) plays a pivotal role in safeguarding children from one of the most confronting threats in the digital age: online exploitation. As technology advances, so too do the methods used by offenders—requiring government, law enforcement and industry to continually evolve their defences.

This session will examine how the ACCCE is working to disrupt criminal networks, protect children and strengthen national cyber resilience through:

• Harnessing intelligence and analytics to proactively identify, monitor and disrupt online threats targeting children across digital platforms
• Enhancing cross-agency collaboration between law enforcement and cyber teams to respond faster and more effectively
• Exploring the role of emerging technologies — including AI and encrypted data analysis — in strengthening early threat detection and prevention efforts

Federal agencies are required to prove compliance while accelerating digital delivery. Yet traditional, audit-based approaches to IRAP, PSPF and Essential Eight compliance weren’t designed for today’s cloud-native environments. This session explores how teams can build compliance into every stage of development - turning constant audits into automated assurance.

Learn how leading agencies and partners are operationalising continuous compliance across cloud and containerised systems to strengthen their Secure-by-Design maturity and reduce manual overhead.

Key Takeaways:

• Practical ways to align Essential Eight controls to modern architectures.
• How to automate compliance evidence collection across CI/CD pipelines.
• Lessons from early adopters moving toward continuous assurance models.

As automation and artificial intelligence become embedded across the Australian Public Sector, the concept of identity now extends far beyond people. Modern government environments contain vast numbers of machine identities, APIs, service accounts and autonomous agents, each capable of accessing data, executing actions and influencing decisions.

While these non-human identities are critical to digital transformation, most operate without clear ownership, oversight or lifecycle management. Many agencies now manage more machine identities than human ones, yet few have established custodianship or governance frameworks to match. This creates significant challenges for auditability, accountability and public trust.

This session explores how Identity Security can provide the foundation for trusted and transparent automation within government. Drawing on practical examples, it examines how agencies can:

• Govern AI and machine identities through identity-based controls
• Achieve auditable AI decision making and continuous compliance
• Ensure every digital actor, human or non-human, is observable and accountable
• Enhance resilience and assurance without constraining innovation

Ultimately, trust in the digital state depends on knowing not just who has access, but what has access, and ensuring every human, system and AI agent operates under accountable, identity-driven governance.

Secure and trusted online services are fundamental to citizen confidence and effective government. From payments and licensing to healthcare and social services, government systems are becoming more connected, data-driven and AI-enabled, bringing both opportunities and new risks.

This panel will discuss:

• Ensuring security and usability in government digital transformation.
• Embedding security into citizen-facing digital platforms.
• Protecting sensitive government data from evolving cyber threats.

Jamie Rossato

Chief Information Security Officer, CSIRO

Dimitar Dimitrovski

Chief Information Officer, Fair Work Ombudsman

Zoe Thompson Facilitator

Director – Critical Infrastructure Resilience, Thales - Cyber Services

Australia is uniquely positioned to lead on the global cyber stage—leveraging a world-class research community, innovative public-private partnerships and a government agenda that prioritises both resilience and trust. Yet, as threat actors grow more sophisticated, the challenge is not just to keep pace, but to set the pace.

This panel will unpack:

• Positioning Australia as a leader in global cyber security.
• Investing in homegrown cybersecurity research and technology.
• Strengthening public-private partnerships to drive national resilience.

Anne-Louise Brown

Head of Strategy and Insights, Akin Agency and Former Director of Policy, Cyber Security Cooperative Research Centre

Daminda Kumara

Chief Information Security Officer, Commonwealth Superannuation Corporation

Judy Hurditch Facilitator

Managing Director and Principal Analyst, Intermedium

Key takeaways from this session:

• Understanding the impact of downtime when the unexpected happens
• What Strategies should you implement?
• What is the blueprint for success?

Government agencies rely on a complex network of suppliers, contractors and service providers. While these partnerships drive efficiency, they also introduce significant security risks.

Come prepared with your questions and real-world scenarios — This interactive session will explore practical strategies to identify, assess, and mitigate third-party risks, ensuring your supply chain remains secure and resilient.

• Assessing third-party dependencies to uncover hidden vulnerabilities.
• Strengthen procurement and compliance frameworks to enforce risk controls.
• Building resilience through continuous monitoring and shared intelligence.

In today’s complex environment, organisations and agencies face challenges that extend beyond individual capabilities. This session focuses on fostering collaboration and building capacity among partners with aligned goals. Participants will explore strategies to tackle shared challenges, maximise collective strengths, and uncover opportunities for joint innovation and impact.

Through discussion and knowledge sharing, attendees will gain practical insights into:

• Countering threats through collaboration.
• Building resilience by focusing on adaptive responses and policies.
• Fostering innovation by illuminating risks to intellectual property and critical and emerging technologies

A trusted future relies on effectively managing third-party dependencies within critical infrastructure operations, many of which remain unseen and underestimated.

To ensure resilience, we must take a comprehensive approach to security, spanning physical, cyber, supply chain, and personnel risks.

In this roundtable, we will explore:

• The current state of Critical Infrastructure and its evolving security landscape.
• The critical impact of third-party risks, highlighting sector-specific examples and the importance of a robust risk management framework.
• Strategies to prioritise supplier diversification, including the role of sovereign suppliers in enhancing national security.

As nationally significant operators, Critical Infrastructure providers must cultivate strong local partnerships with vendors, service providers, and industry leaders to build a more secure and resilient future.

• Engage with real-world challenges – Cyber-attacks on Federal agencies are increasing. How prepared is your organisation?
• Vote and debate – Share your stance on key cybersecurity issues and discuss solutions with peers.
• Turn insights into action – Explore AI-driven security and best practices to strengthen cyber resilience in your agency.
• What "Proactive Cybersecurity" measures do you take now?
• How well do you believe you are progressing to meet the 2023-2030 Australian Cyber Security Strategy from Home Affairs
• Could you show your Deputy Secretary/Minister a Cyber risk score across your organisation?

Non-Human Identities and automated systems are rapidly transforming public sector operations. However, as AI agents begin to initiate actions, make decisions and access sensitive data across government systems, the traditional concept of identity is no longer limited to people. This roundtable will explore how agencies can maintain accountability, transparency and control in an environment where both humans and machines are operating at speed and scale.

Discussion Themes

• How can agencies maintain clear lines of accountability as automated decision-making increases across programs and service delivery
• Do you have full visibility of who or what has access to your critical systems and data today
• Should AI agents be governed as identities with roles, attributes and permissions similar to human users
• How can explainability and auditability be embedded into AI enabled processes for compliance and assurance
• What safeguards are required before granting AI agents access to sensitive information or privileged actions
• What capability uplift will be required across the APS to govern machine scale access and identity risk
• Looking ahead to 2030 what does trusted automation and secure identity assurance look like across the Australian Government

• Unpack the 2025 Protective Security Policy Framework (PSPF) updates and what they mean for federal, state, and territory agencies.
• Explore new PSPF guidance on managing AI and other risks, adopting Zero Trust security, and preparing for quantum threats.
• Gain insights into potential government cyber security priorities, and changes under Horizon 2 of the Cyber Security Strategy.

As government agencies and firms providing software to the government agencies accelerate their adoption of cloud-native architectures and open source components, traditional compliance and assurance models are struggling to keep pace with modern software delivery.

In this roundtable, we will explore how to modernise regulatory guardrails to meet the realities of continuous delivery, open source dependencies, and cyber resilience, and how we can ensure that rules truly raise the security floor for both organisations and citizens.

Key Topics to Be Covered:

• Why it’s critical to account for cloud-native, DevSecOps paradigms
• Integrating supply chain security (SBOMs, provenance, cryptographic integrity) into compliance
• Balancing prescriptiveness vs flexibility in government security policy
• Measuring real security impact—how do we know regulation is making us safer?

Australia’s new Cyber Security Act 2024 and updated SOCI Act have raised the stakes for government agencies, with penalties of up to $50 million for non-compliance. Traditional defence-only strategies are no longer sufficient—federal agencies must shift to “breach-ready” architectures that ensure continuity of critical services during an attack.

This closed-door roundtable will explore how agencies can bridge the gap between policy frameworks and operational resilience. Participants will engage with an evidence-based approach to legislative compliance, risk reduction, and business continuity planning that leverages existing investments rather than requiring full infrastructure replacement.

Discussion Focus

• Meeting new compliance requirements with confidence
• Why EDR, NDR, and firewalls alone won’t keep services running
• Designing breach-ready architectures for minimum viability and rapid recovery
• Resource planning and implementation strategies

Key Benefits

Gain a clear roadmap to compliance, methodologies to maintain uptime during cyber incidents, strategies to minimise penalties and data risk, and cost-effective pathways to resilience.

AI is now a weapon in the hands of bad actors—creating self-morphing malware, automating breaches, and outpacing legacy defences. This session will show you how to embed AI in your security posture so you can stay ahead of evolving threats, protect exposed APIs, and boost resilience with limited resources.

• Explore how AI is being weaponised to evade traditional government cyber defences
• Unpack why AI adoption remains low despite rising threat levels
• Identify where your third-party APIs are most vulnerable to exploitation
• Discover how AI can offset the growing cyber skills shortage
• Learn how to integrate AI into your detection and response architecture

Everyone is worried about the front door. We’re worried about the back door. Because building cyber resilience across Australia doesn’t end when a device is retired. Cybersecurity matters from start to finish - so how are the nation’s governments, and enterprises addressing end of life cyber vulnerabilities in devices?And are we doing it right?

We’ll explore:

• The hidden risks in your end-of-life ICT equipment - who is left exposed, non-compliant, and vulnerable to attack.
• How do the right strategies on end-of-life decommissioning/disposal impact overarching government goals
  • ESG – Scope 3, Circularity, Sustainability
  • Reconciliation Action Plans
  • Indigenous Procurement