This event is now complete
Government Cyber Security Showcase Aotearoa
Registration and Networking Coffee
8:00 AM - 8:35 AM (35 mins)
Exhibition Area
Mihi Whakatau
8:35 AM - 8:45 AM (10 mins)
Rongomātāne Room A
Opening from Public Sector Network
8:55 AM - 9:05 AM (10 mins)
Rongomātāne Room A
Ministerial Address
9:05 AM - 9:15 AM (10 mins)
Rongomātāne Room A
Chair Opening
9:15 AM - 9:25 AM (10 mins)
Rongomātāne Room A
Lessons from Crisis and the Power of Storytelling
9:25 AM - 9:45 AM (20 mins)
When government faces a cyber crisis, effective communication can make all the difference. This session explores how storytelling can turn complex situations into moments of clarity, connection and confidence. Learn how public sector leaders are using narrative to guide teams through uncertainty, strengthen community trust and ensure key lessons endure long after the crisis has passed.
From this keynote attendees will gain insights into:
- Key learnings from responding to a nation-state cyber incident
- Practical steps for building resilience and improving incident response
- Using storytelling to engage executive teams and drive cyber security priorities
Rongomātāne Room A
Wanderings in Identity Land: A 30-Year Journey from Modems to Modern IAM
9:45 AM - 10:05 AM (20 mins)
After three decades navigating the complex terrain of identity management—from supporting Novell eDirectory at scale during Telecom NZ's dial-up explosion, through managing 15 million active accounts at Optus, to deploying SailPoint across Health NZ—I've learned that identity is the most misunderstood discipline in IT. It’s not login or access control; it’s lifecycle enablement. Through real-world lessons across telco, ISP and healthcare, this session explores why identity sits between IT, cyber, privacy and authorisation—and why that makes it everyone’s responsibility but no one’s job. Discover why systems of record matter more than platforms, how 80% automation is a feature not a failure, and how to position identity where it belongs: at the heart of every organisation.
Key Takeaways: Practical frameworks for identity governance, the 80/20 reality, systems of record primacy, and organisational positioning strategies
Rongomātāne Room A
Protecting government networks during crisis
10:05 AM - 10:35 AM (30 mins)
Government networks are critical infrastructure and during times of crisis—whether cyberattacks, natural disasters or large-scale emergencies—they face heightened risk. This panel brings together leading experts to explore strategies for maintaining network security, ensuring continuity of services and responding effectively under pressure.
Panelists will share practical insights in:
- How cyber threats escalate in natural disasters and emergencies.
- Strengthening digital infrastructure to support crisis resilience.
- Leveraging cross-agency coordination to improve response times and recovery efforts.
- Enhancing collaboration and support networks.
Exhibition Area
Morning Tea and Networking
10:35 AM - 11:10 AM (35 mins)
Rongomātāne Room A
Cyber security as a public service: Reframing security as a citizen right
11:10 AM - 11:30 AM (20 mins)
Cybersecurity is no longer just a technical issue—it’s a fundamental public service that protects citizens, communities, and trust in government. In this fireside chat, our experts will explore how security can be reframed as a citizen right, the responsibilities of public institutions and the innovative approaches needed to deliver safe and resilient digital services.
This discussion will revolve around:
- How cybersecurity impacts public trust in government services.
- Shifting from compliance-based security to a citizen-first approach.
- The importance of proactive transparency after breaches.
Rongomātāne Room A
Designing for Trust and Scale: How Cyber Partnerships Power Digital Transformation Across Government and Industry
11:30 AM - 11:50 AM (20 mins)
Cybersecurity is now a foundation of national capability. As digital transformation accelerates across government and industry, trust, resilience and productivity depend on how well security is embedded from the ground up. This session explores how public–private partnership enables system-wide transformation through aligned governance, strategic procurement and shared accountability.
Rongomātāne Room A
Understanding why government employees make risky security decisions
11:50 AM - 12:30 PM (40 mins)
Human behaviour remains one of the biggest factors in cybersecurity risk. Government employees, despite training and policies, sometimes make decisions that inadvertently compromise security.
This session explores:
- Discovering why people ignore cybersecurity warnings.
- Behavioural change strategies that have worked in public sector teams.
- Using gamification and incentives to reinforce secure behaviours.
Rongomātāne Room A
The silent threat: How legacy IT systems are opening the backdoor to cyber criminals
12:30 PM - 1:00 PM (30 mins)
Outdated and unsupported IT systems may be invisible risks, but they present one of the biggest vulnerabilities in government cybersecurity. Jonathan Wilkins discusses how legacy systems create pathways for cyber attackers, the challenges in modernising critical infrastructure, and strategies to mitigate these risks without disrupting essential services.
- The challenge of outdated infrastructure in local and state governments.
- Case studies on successful legacy system modernisation.
- Risk-based strategies for prioritising system upgrades.
Exhibition Area
Lunch and Networking
1:00 PM - 2:10 PM (70 mins)
Rongomātāne Room A
Roundtable 1: Future-Proofing New Zealand: Organisational Cyber Resilience Meets Supply Chain Security
2:10 PM - 3:10 PM (60 mins)
- Unlock strategic opportunities for New Zealand’s essential service providers to strengthen cyber and operational resilience across their supply networks
- Embrace the collective, cross-sector approach to managing physical and natural threats - building trust and agility in times of crisis
- Apply proven disaster responses capabilities to a broader, all-hazards framework that anticipates and adapts to emerging risks
Rongomātāne Room A
Roundtable 2: The Comfort Trap in NZ Government: How ‘Good Enough’ Exposes Critical Digital Services
2:10 PM - 3:10 PM (60 mins)
Government agencies often rely on overlapping tools and processes that create blind spots - leaving critical services vulnerable to first-move cyber-attacks. This roundtable explores practical ways to stop threats where they start. Leave with a 30‑day plan to:
- Reduce incident probability: Move critical controls earlier to prevent attacks.
- Protect citizen services: Implement guardrails that safeguard public-facing systems.
- Prove outcomes: Use policy, metrics, and reporting to demonstrate measurable improvements across agencies.
Rongomātāne Room A
Roundtable 3: The Best Defence is a Good Offence: Barriers and Solutions for Uniting Government Departments on Cyber Incident Management
2:10 PM - 3:10 PM (60 mins)
- Explore opportunities to prepare for incidents before they happen. What does good incident response look like?
- Discuss key insights gleaned from more than 500 significant cyber compromise event responses across the nation in the past year
- The most dangerous threats are coordinated and synchronised. What should be on your Cyber checklist for 2025?
Rongomātāne Room A
Roundtable 4: Defending Government Against Machine, AI, and B2B Threats
2:10 PM - 3:10 PM (60 mins)
As government agencies embrace digital transformation, new identity-driven risks are emerging across every layer of operations. Beyond human users, agencies now rely on thousands of machine identities, rapidly advancing AI agents, and a growing network of B2B partners—all of which expand the attack surface and introduce complex challenges for trust and security.
Join us at the Defending Government Against Machine, AI, and B2B Threats round table where we will explore how identity security must evolve to protect government’s most critical systems and data.
Some of the key points that we will cover include -
- Securing and governing machine identities across infrastructure and operational technology.
- Managing risks posed by agentic AI systems that act and decide independently.
- Strengthening resilience in the face of B2B and supply chain vulnerabilities.
Join us to learn how agencies can embed robust identity governance as a foundation for resilience, compliance, and citizen trust in the digital age.
Rongomātāne Room A
Roundtable 5: Why do companies get breached?
2:10 PM - 3:10 PM (60 mins)
- The average dwell time for an attacker is 9 months.
- If the attacker is already inside your bedroom, do you continue to do what you have done in the past by locking the windows and front door?
- Departments and enterprises need a paradigm shift in mindset. Presume breach, what would you do differently?
- How thinking about user experience can allow you to be more agile, secure, resilient (frictionless authentication)
Rongomātāne Room A
A scalable framework to improve AI governance and operational resilience
3:10 PM - 3:30 PM (20 mins)
As AI becomes increasingly integrated into government operations, ensuring responsible, secure and resilient use is paramount. This session explores a scalable framework for AI governance that balances innovation with risk management, compliance and ethical considerations.
Delegates will gain insights into:
- Governance: Policies and frameworks for responsible AI use.
- Technology: Infrastructure and tools supporting resilient AI deployment.
- Data: Quality, security, and management of data used in AI systems.
- People: Workforce skills, training, and cultural readiness for AI adoption.
- Ethics and Risk Management: Addressing ethical concerns, bias, and cybersecurity.
Rongomātāne Room A
Ethics in AI-driven government security: Navigating privacy, bias and risks
3:30 PM - 4:00 PM (30 mins)
AI is transforming government security, but with its power comes responsibility. In this session, we’ll explore how agencies can navigate ethical challenges—including privacy, bias and operational risk—while leveraging AI effectively.
Key areas of focus include:
- Use of AI in the New Zealand Government
- Lessons from recent NZ and global case studies on unintended consequences in AI-driven threat detection
- How to balance the need for proactive security with public trust, transparency, and the protection of civil liberties
Rongomātāne Room A
Closing remarks from chair
4:00 PM - 4:10 PM (10 mins)
