Settle in, grab a coffee, and meet a few friendly faces before we begin.

A short welcome, plus a few quick tips to help you connect, share, and get real value from the day. We’ll also run a couple of quick polls to see what everyone’s interested in and what people are working on right now.

A short briefing from the Chair to get everyone aligned, comfortable, and ready for a great day of ideas and connection.

As Queensland continues to implement its Cyber Security Strategy, attention is shifting from policy and planning to delivery across government systems, services and infrastructure. This session will explore how agencies are progressing key initiatives, strengthening coordination across government, and embedding cyber security into digital service delivery. It will highlight early progress, emerging lessons and how Queensland can sustain momentum as cyber threats continue to evolve.

• Strengthening whole-of-government coordination to accelerate cyber maturity across agencies
• Progress and lessons emerging from early implementation of Queensland’s cyber priorities
• Embedding cyber security into the design and delivery of digital government services
• Sustaining momentum and capability as Queensland prepares for an increasingly complex cyber environment

Critical infrastructure operators increasingly rely on vendors, cloud platforms, and digital partners, expanding risk well beyond the agency perimeter. This panel explores how to manage third-party exposure while strengthening OT security, improving detection and response, and building trusted collaboration across government and industry.

• Managing supply chain and third-party cyber risks as operators rely more heavily on external vendors and digital platforms
• Securing OT environments as energy, transport and utilities systems become increasingly connected to digital networks
• Strengthening real-time monitoring and incident response to minimise disruption to essential services
• Improving threat intelligence sharing and collaboration between government, operators, and cyber security partners

Tim Gall

Chief Information Security Officer & Executive Director Governance Cyber and Policy, Queensland Department of Education

Leigh Dixon

Cyber Security Lead, Department of Justice

Jack Cross

Chief Information Security Officer, Queensland University of Technology

Mary-Jane Phillips

Cyber Security, Governance, Risk and Compliance, Queensland Treasury

Perfect time to swap notes and compare what’s working across teams and sectors

MNDB is now one year in and has recently been extended to local government, with agencies beginning to see its real-world impact. While the framework itself is clear, applying it in practice is proving more complex—particularly when it comes to assessing breaches, determining what constitutes “serious harm,” and coordinating effective responses. These challenges are reshaping how agencies approach breach management and accountability, while driving more consistent and coordinated decision-making during incidents.

• Applying MNDB in practice: assessing breaches and determining “serious harm”
• Strengthening breach response, incident management and coordinated decision-making
• Embedding risk assessment and secure-by-design to build resilient digital services
• Enhancing whole-of-government collaboration to strengthen resilience and maintain public trust

The Brisbane 2032 Olympic and Paralympic Games will place Queensland’s digital infrastructure under unprecedented global attention, with critical services—from ticketing and broadcasting to transport and public safety—required to operate securely under sustained scrutiny. The scale and sophistication of cyber threats, combined with a highly distributed ecosystem of platforms and partners, is reshaping how risk is managed in a live event environment. Lessons from recent Games highlight the need to better manage supply chain exposure, integrate physical and cyber security, and strengthen real-time response to ensure secure delivery at scale.

• Preparing for cyber incidents at scale, including coordinated response, recovery and third-party risk management to maintain continuity and public trust
• Translating global event experience into securing critical systems — from ticketing and broadcasting to transport and public safety — under sustained global scrutiny
• Strengthening real-time monitoring, threat detection and cyber operations, informed by how large-scale events are managed in practice

As cyber threats continue to evolve, organisations are increasingly recognising that resilience extends beyond technology alone. While systems and infrastructure remain critical, many of the most significant vulnerabilities—and opportunities for strengthening resilience—sit within people, behaviours and organisational culture. The limitations of tool-led approaches, combined with the realities of user behaviour in complex environments, are reshaping how cyber risk is understood and managed. This shift is placing greater emphasis on trust, leadership and accountability as essential components in delivering secure, resilient services.

• Moving beyond a technology-first mindset: why tools alone cannot mitigate cyber risk
• Understanding human behaviour as a core driver of vulnerability and resilience
• Embedding a culture of security through education, accountability and leadership
• Balancing trust, usability and safeguarding in the delivery of digital services

Grab lunch, have a wander, and chat with industry partners and peers about practical ideas you can take back to work. Arguably the most important part of the day!

As cyber threats grow in scale and coordination, strengthening alignment between federal leadership and state delivery is critical to protecting essential services and national interests. This keynote explores how Queensland is working with the National Office of Cyber Security to enhance visibility, coordination and response across jurisdictions.

• Strengthening cross-jurisdiction coordination - Improving how federal and state agencies align on threat intelligence, response and shared priorities.
• Lifting national visibility of cyber risk and enhancing situational awareness to support faster, more informed decision-making across government.
• Coordinating response to protect critical services

As quantum computing accelerates, the security foundations that underpin today’s digital government are being fundamentally challenged. With a national shift towards post-quantum cryptography mandated by 2030, government agencies must begin preparing now to ensure sensitive data, critical infrastructure and citizen services remain secure in the decades ahead.

• What the 2030 post-quantum mandate means for government policy, systems and long-term data security
• Identifying cryptographic risk across legacy systems, infrastructure and supply chains
• Preparing for “harvest now, decrypt later” threats and protecting sensitive data over time
• Embedding cryptographic agility into digital infrastructure, procurement and transformation programs
• Building a practical roadmap for transitioning to quantum-safe encryption across government

We’ll pull out a few highlights from the day, share what’s coming next, and point you to ways to stay connected.

Wrap up the day with good conversation and a few new connections. Thanks for making GIW your one-stop shop for benchmarking, industry updates, and great conversations.