Government Cyber Security Showcase New South Wales
Registration, coffee and hellos
8:00 AM - 8:45 AM (45 mins)
Settle in, grab a coffee and meet a few friendly faces before we begin.
Welcome & How to Make the Most of Today
8:45 AM - 8:55 AM (10 mins)
A short welcome, plus a few quick tips to help you connect, share and get real value from the day. We’ll also run a couple of quick polls to see what everyone’s interested in and what people are working on right now.
State Scene Setter: Government Spending, Direction and Priorities
9:00 AM - 9:10 AM (10 mins)
A short briefing from the Chair to get everyone aligned, comfortable, and ready for a great day of ideas and connection.
The Future of Cyber Security in NSW
9:10 AM - 9:20 AM (10 mins)
Beyond the Breach: How CISO and CDAO Cooperation Can Drive Decision Assurance
9:20 AM - 9:40 AM (20 mins)
The next step in government reliability isn't just about protecting data; it’s about increasing trust in the decisions made from it. True "Decision Assurance" happens when security and data leaders stop working in silos and start building a single chain of trust. This session moves beyond simply reacting to security incidents; it offers a roadmap for NSW leaders to ensure that every government action is based on accurate, untampered, and high-quality information.
- The Integrity Chain: Shifting focus from "Is the system secure?" to "Is the decision accurate, unbiased, and untampered with?"
- The Unified Risk Register: Mapping frameworks to pivot executive conversations to mission-critical decision risks.
- The Decision Quarantine: Using CDAO-mapped data lineage to isolate "poisoned" insights and stop corrupted data from reaching AI models or policymakers.
- Logic-Based Detection: Treating shifts in data variance and distribution as high-priority security alerts to catch manipulation that firewalls miss.
- Context-Aware Guardrails: Building a "share-first" ecosystem where integrated metadata allows for high-velocity innovation without sacrificing integrity or governance.
Addressing the Growing Need for Robust Data Protection Strategies
9:40 AM - 10:00 AM (20 mins)
Digital Government Runs on Trust and Cyber Now Decides It
10:00 AM - 10:30 AM (30 mins)
NSW’s digital transformation agenda depends on citizen confidence in government systems. This session explores how cyber resilience has become central to public legitimacy, not just IT performance.
- Cyber resilience as a foundation of digital government
- Public expectations around transparency and accountability
- Rebuilding trust after disruption, not just restoring systems
Zero Trust: Beyond the Buzzword – Implementing Practical Solutions in NSW
10:30 AM - 10:50 AM (20 mins)
- Real-world applications of Zero Trust Architecture in public sector networks
- Overcoming the challenges of continuous authentication and identity verification
- Exploring the role of multi-factor authentication in mitigating insider threats
Morning Tea & Mingling
10:50 AM - 11:40 AM (50 mins)
It's time to grab a coffee - connect, recharge and explore our exhibition floor before the track discussions begin!
Welcome from Track Chair
11:30 AM - 11:40 AM (10 mins)
Setting the tone for the priorities and thorniest challenges facing cyber governance, strategy and risk professionals.
Welcome from Track Chair
11:30 AM - 11:40 AM (10 mins)
Setting the tone for the priorities and thorniest challenges facing cyber detection and response professionals.
AI Is a Cyber Issue, Not Just a Technology One
11:40 AM - 12:00 PM (20 mins)
Artificial intelligence is changing how attacks are launched and how government defends itself. This session explores how NSW is preparing for AI-enabled threats while safely adopting AI across government services.
- AI as both threat accelerator and defence capability
- Governing automation without slowing innovation
- Maintaining accountability in machine-driven environments
Preparing for Cascading Cyber Risk in a Connected Government
11:40 AM - 12:00 PM (20 mins)
Cyber risk in NSW is now deeply interconnected across agencies, sectors and jurisdictions. This panel examines how NSW is strengthening cross-government coordination to manage incidents that cascade beyond organisational boundaries.
- Managing systemic risk across government ecosystems
- Coordinating leadership during multi-agency incidents
- Strengthening whole-of-state crisis alignment
Securing Innovation Without Stalling It
12:00 PM - 12:20 PM (20 mins)
Getting Ahead of Disruption
12:00 PM - 12:20 PM (20 mins)
Cyber Leadership for a Digital State
12:20 PM - 12:50 PM (30 mins)
Cyber resilience now demands executive ownership, not just technical expertise. This session explores how NSW is strengthening leadership capability to govern cyber risk alongside service delivery, reform and innovation.
- Elevating cyber to executive decision-making
- Aligning cyber with digital, risk and reform agendas
- Building leadership confidence under scrutiny
Cyber After the Breach - What NSW Learned the Hard Way
12:20 PM - 12:50 PM (30 mins)
Recent incidents across NSW result in valuable lessons for other agencies. This session examines how real-world breaches are reshaping policy, investment and operational priorities across the state.
- What NSW incidents reveal about systemic vulnerabilities
- How agencies are strengthening preparedness post-breach
- Translating lessons learned into structural reform
Ensuring that identity, privacy and accessibility remain protected
12:50 PM - 1:10 PM (20 mins)
Closing the Gap Between Compliance and Resilience
12:50 PM - 1:10 PM (20 mins)
Risk Made Real: Turning Everyday Staff into Cyber Defenders
1:10 PM - 1:30 PM (20 mins)
Cyber risk only becomes meaningful when people understand how it affects them, their colleagues and the communities they serve. This session explores practical, evidence-based approaches to making cyber threats relatable for non-technical staff and embedding awareness into everyday behaviours across large NSW Government workforces.
- Using real-world incidents and human-centred storytelling to translate abstract cyber threats into practical lessons.
- Designing awareness programs that drive measurable behaviour change rather than compliance completion rates.
- Sustaining engagement through ongoing reinforcement, leadership modelling and integrating cyber into daily workflows.
When Someone Else Gets Hacked, Government Pays the Price
1:10 PM - 1:30 PM (20 mins)
NSW government services increasingly rely on third parties and cyber incidents don’t stop at contractual boundaries. This session exposes how agencies are reshaping assurance models to stay in control when critical risk lives outside government walls.
- Seeing third-party risk before it becomes a public incident
- Moving beyond contracts to continuous, real-world assurance
- Protecting services, trust and accountability across shared ecosystems
Lunch: Wander, Discover, Connect
1:30 PM - 2:30 PM (60 mins)
Grab lunch, have a wander, and chat with industry partners and peers about practical ideas you can take back to work. Arguably the most important part of the day!
Roundtable 1: AI Governance in Government: Balancing Innovation and Regulation
2:30 PM - 3:30 PM (60 mins)
The public sector faces both opportunity and risk with generative AI. This session explores how to set guardrails, audit AI models, and align with Australia’s emerging critical infrastructure legislation.
Roundtable 2: Defining Cloud Security Maturity in 2026: AI, Runtime Protection, Visibility, and Continued Trust
2:30 PM - 3:30 PM (60 mins)
As Government agencies accelerate digital transformation, this roundtable brings together public sector security leaders for a frank, peer-level conversation about what cloud security maturity genuinely looks like within government constraints — balancing VPSF, PSPF, and Essential Eight obligations against the realities of legacy infrastructure, stretched teams, and growing threat complexity.
Roundtable 3: Cloud Security Without Compromise
2:30 PM - 3:30 PM (60 mins)
Meeting Compliance and Agility Goals: Government is under pressure to innovate quickly while maintaining strict compliance. This session demonstrates how cloud security can enable speed and resilience without creating policy or compliance gaps.
Roundtable 4: Zero Trust in Action
2:30 PM - 3:30 PM (60 mins)
Safeguarding the Digital Future: Explore how zero trust frameworks can be practically implemented across departments, from legacy systems to modern cloud platforms. The session highlights lessons learned from government rollouts and vendor expertise in enabling secure, identity-first operations.
Roundtable 5: AI vs. AI: Defending Government Systems Against Machine-Driven Attacks
2:30 PM - 3:30 PM (60 mins)
With adversaries weaponising AI, agencies must evolve their defences. This session examines how AI/ML can detect, predict, and counter novel threats faster than human-only teams.
Roundtable 6: Securing Connected OT Environments
2:30 PM - 3:30 PM (60 mins)
As industries become more reliant on interconnected OT systems, attackers are leveraging AI to automate and scale attacks.
This session examines key OT challenges and how organisations can protect critical infrastructure while maintaining operational continuity.
Roundtable 7: 84% of Breaches Start with Identity: Securing Access in a Borderless Government
2:30 PM - 3:30 PM (60 mins)
The traditional network perimeter has dissolved. Government is now borderless - spanning contractors, partners, legacy platforms, SaaS, and emerging AI systems. With the majority of breaches originating from compromised or misused credentials, identity has become the primary control point for cyber resilience.
This roundtable will explore how agencies can reduce breach risk by improving identity visibility, enforcing least privilege, and operationalising zero trust in complex environments. Discussion will also address the challenge of balancing compliance obligations with seamless access, while managing cost pressures and operational efficiency.
Roundtable 8: The Essential 8 in the Age of AI: Governing Non-Human & Machine Identities
2:30 PM - 3:30 PM (60 mins)
While the Essential 8 remains the gold standard for cyber hygiene, its implementation faces a new, non-human challenge. In 2026, the rise of "Agentic AI" and the explosion of machine identities have created a landscape where the most privileged "users" in your agency are no longer people—they are service accounts, APIs, and autonomous bots. This roundtable will dive into the practical friction of reaching Maturity Levels 2 and 3 when your administrative surface is increasingly automated.
Roundtable 9: Cyber resilience in the age of AI: Turning risk into strategic advantage
2:30 PM - 3:30 PM (60 mins)
Roundtable 10: Charting the course for digital resilience
2:30 PM - 3:30 PM (60 mins)
Can Government Move Fast and Still Be Trusted?
3:30 PM - 4:00 PM (30 mins)
NSW is being pushed to adopt AI, automate services and modernise at speed while remaining trusted and accountable. This panel explores how government leaders are balancing urgency with security and assurance.
- Speed vs safety in digital and AI adoption
- Where trust is most at risk as systems accelerate
- What ‘responsible pace’ looks like in practice
Closing Remarks: What We’re Taking with Us
4:00 PM - 4:10 PM (10 mins)
We’ll pull out a few highlights from the day, share what’s coming next, and point you to ways to stay connected.
Networking Reception: Stay for a Chat
4:10 PM - 5:10 PM (60 mins)
Wrap up the day with good conversation and a few new connections. Thanks for making GIW your one-stop shop for benchmarking, industry updates, and great conversations.
