01 - 02 October, 2019 | Novotel Sydney Central, Sydney, Australia

Conference Day One: Tuesday, 01 October 2019

8:30 am - 9:00 am Conference Registration and Welcome Coffee

9:00 am - 9:10 am Opening Remarks by IQPC and Conference Chair

Mike Wassell, Head of Operational Technology Services at Sydney Water

Mike Wassell

Head of Operational Technology Services
Sydney Water

9:10 am - 9:50 am Keynote Presentation: How to Mitigate Cyber Security Risks in Today’s Digital Environment

In a world where cyber threats seem to be getting more complex and prolific, Theo Nassiokas, a former intelligence officer and the Director of Cyber & Information Security at Barclays, will deliver a keynote presentation that removes the technical jargon and explains what cyber threats really encompass in today’s society. It is here he will identify the key actors and motivations to real events, giving the audience a sense of the challenges that awaits.

  • Connecting cyber events to real actors and geopolitical events reported in the press
  • Providing a clear view of the challenge regarding cyber threats, including motivations
  • Explaining how to quantify cyber in a defensible manner while identifying alleged state sponsored threat actors 

Theo Nassiokas, Director, APAC Cyber & Information Security at Barclays

Theo Nassiokas

Director, APAC Cyber & Information Security

9:50 am - 10:20 am Session reserved for:

Senior Representative, . at Claroty/Deloitte

Senior Representative


10:20 am - 11:00 am Deploying Key Maritime Cyber Security Initiatives in the Development of Auckland’s Smart Ports

Stephen Kraemer, Port of Auckland’s CISO, will present on the work his company is doing to secure their critical infrastructure. 72% of CEOs believe over the next 3 years, IoT will become more critical to their industry, with transformation at the heart of all disruptions. With the Port over two thirds of the way complete in their creation of a fully automated smart port, Stephen will talk on how the company has spent the past 3 years creating and updating their security framework.

  • Cementing an effective OT governance strategy to ensure ownership is given to the relevant departments
  • Upgrading legacy systems to detect real-time system breaches 
  • Creating a risk management framework that will allow your organisation to clearly implement cyber response protocols

Stephen Kraemer, CISO at Ports of Auckland

Stephen Kraemer

Ports of Auckland

11:00 am - 11:20 am Speed Networking Session

An effective structured interactive session designed to help expand your network through one-to-one focused conversations. Bring your business cards!


11:50 am - 12:30 pm Addressing Critical Infrastructure Challenges through a National Risk & Resilience Lens

Dr Paul Barnes, Head of Risk and Resilience at the Australian Strategic Policy Institute (ASPI), will deliver a presentation on the selected challenges to promoting resilience in and across Australia’s critical infrastructure systems. Within this presentation Paul will discuss options to enhance engagement in national continuity planning and applied riskbased thinking to enable the resilient functioning of dependent and interdependent systems in the face of natural and socio-technical disruptions.

  • Understanding how Australian utility and water companies can support a resilience framework for critical infrastructure 
  • Determining the role of a cohesive risk assessment to reduce downtime
  • Ensuring teams have the skillsets needed to address immediate security breaches

Paul Barnes, Head Risk and Resilience at Australian Strategic Policy Institute

Paul Barnes

Head Risk and Resilience
Australian Strategic Policy Institute

12:30 pm - 1:10 pm Case Study: The Journey MMG Are Undergoing to Gain Situational Awareness of Your OT Network through Improved Visibility

Getting visibility to enterprise IT is essential from an operational security and risk management perspective, with 45% of IT and OT professionals believing this to be a leading focus for their organisation. One way to do this is through conducting an assessment of your OT network to identify key assets and existing OT/IT vulnerabilities. Dovid Clark, Security & Risk Lead at MMG Limited, will present a case study on the work his team does, and the journey they are undergoing to protect systems through various platforms.

  • Aligning the priorities of your IT and OT departments for a seamless convergence 
  • Recognizing abnormalities within your control system before a threat is reached
  • Having appropriate and ongoing assessments of existing operations within your network to identify vulnerabilities

Dovid Clark, Lead – Security & Risk, Global Business Services & Technology at MMG Limited

Dovid Clark

Lead – Security & Risk, Global Business Services & Technology
MMG Limited

1:10 pm - 2:10 pm NETWORKING LUNCH

2:10 pm - 2:40 pm Strengthening your resilience by building a cyberaware culture

Industrial control systems and critical infrastructure continue to become increasingly automated and digitised, yet it is an inescapable fact that we are still dependent on humans for the end-to-end security of these systems and services.

Five years ago we published a paper identifying the top 10 most common cyber security weaknesses that PwC encountered in control system environments based on our global experience. Despite the advances in technology and the increase in cyber threats to ICS environments, today we still observe the same weaknesses as we did five years ago.

We believe this reflects the lack of investment into the human aspect of ICS security, as many of these weaknesses ultimately stem from a lack of crossdepartment collaboration and security awareness.

This presentation, rich with examples and takeaways, will focus on how organisations relying on ICS can strengthen their cyber resilience through a humancentric approach, and build a sustainable cyber-aware culture across organisational boundaries.
Larry Vandenaweele, Senior Manager at PwC

Larry Vandenaweele

Senior Manager

Robert Di Pietro, Partner at PwC

Robert Di Pietro


2:40 pm - 3:20 pm Demystifying Machine Learning Analytics for Threat Monitoring in Industrial Control Systems

This case study will look at how organizations can use machine learning capabilities to analyze large volumes of malicious and attack traffic. This in turn will help organisations determine the key characteristics that make malicious traffic unique.

  • Using machine learning to analyze data from a variety of sources over long periods of time
  • Delivering the ability to highlight anomalous behavior through legitimate business transactions
  • Continuous monitoring of unusual activity on the cyber network coupled with the ability to mitigate threats before they occur

Ernest Foo, Associate Professor at Griffith University

Ernest Foo

Associate Professor
Griffith University

3:20 pm - 4:00 pm Emerging Cyber Legislation: Understanding the Security of Critical Infrastructure Act

The Australian Government established the Critical Infrastructure Centre in January 2017 to safeguard Australia’s control systems and infrastructure. The Centre was designed to bring together expertise and capability from across the Australian Government to manage the increasingly complex national security risks of sabotage, espionage and coercion. 

Through the Security of Critical Infrastructure Act 2018 and the Telecommunications and Other Legislation Amendment Act 2017, the Australian Government aims to identify and mitigate national security risks posed to Australia’s critical infrastructure.

This presentation will discuss the ongoing legislations at play in the security of Australia’s critical infrastructure, as well as ways they’re working to boost collaboration between government and private departments.

Lachlan Bickley, Director, Critical Infrastructure Centre Risk Assessments at Department of Home Affairs

Lachlan Bickley

Director, Critical Infrastructure Centre Risk Assessments
Department of Home Affairs


Interactive Discussion Group (IDGs)

This is your chance to make your conference experience truly interactive and collaborative. Each IDG is set in a roundtable format and will be facilitated by an expert practitioner in the space. In two rotations, each IDG will last for 30 minutes, allowing you to pick the two topics you wish to discuss and solve.

Table One

4:30 pm - 5:10 pm Securing Your Digital Twin Technology Against Potential Data Security Risks
Mike Wassell, Head of Operational Technology Services at Sydney Water

Mike Wassell

Head of Operational Technology Services
Sydney Water

Table Two

4:30 pm - 5:10 pm How to Gain Leadership Buy-In To Secure Security Funding
Luke Sawtell, Business Resilience Manager, Office of the CEO at Queensland Urban Utilities

Luke Sawtell

Business Resilience Manager, Office of the CEO
Queensland Urban Utilities

Table Three

4:30 pm - 5:10 pm Implementing Situational Awareness Strategies To Mitigate Cyber Threats
Nikhil Manghirmalani, Team Leader- Maintenance Management Operational Technology / SCADA at Water Corporation

Nikhil Manghirmalani

Team Leader- Maintenance Management Operational Technology / SCADA
Water Corporation

5:10 pm - 5:10 pm Networking Drinks