Government Cyber Security Showcase Victoria

• Understand how generative AI is changing the landscape
• Explore AI-specific risks in public sector contexts and adhere to regulations.
• Learn how to build security guardrails for AI use in government

• Discussion on past incidents, both internal and 3rd party, that VLA have had to manage
• Key lessons learnt from an organisation that supports some of Victoria's most vulnerable people
• Some advice on key areas of prior planning to have in place to help manage this type of event
• And most importantly in the words of Douglas Adams - Don’t Panic.

• Update on the latest threats from gathered intelligence
• Explore how AI is being used as both an offensive and defensive tool for threats

• Reducing time-to-response across large agency environments
• Leveraging simulation, threat modelling, and tabletop exercises
• Aligning IR with ASD guidance and state recovery priorities

Maxine Harrison

Chief Information Security Officer, Department of Energy, Environment and Climate Action

Carsten Boeving

Chief Information Security Officer, Cenitex

Julie Chivers

Chief Information Officer, Country Fire Authority Victoria

• Addressing cyber fatigue
• Applying behavioural science to build secure habits
• Empowering employees to act as the first line of defence

Victor Ekladious

Director IT Operations, Cyber Security & Infrastructure Information Technology and Workplace Services,, Department of Jobs, Skills, Industry and Regions

Tara Dharnikota

Chief Information Security Officer, Victorian University

Hayley Tuck

Assistant Director | Cyber Security Engagement VIC/TAS, National Office of Cyber Security

Maureen Eldridge

Account Director, Government, One Identity

In this session, Sandeep explores why Quantum Readiness is no longer a distant "future state" but a present-day mandate for safeguarding sensitive information over the long term. By embedding resilience and "crypto-agility" into our current technology decisions, we can ensure that the data we protect today remains secure against the threats of tomorrow.

Key Discussion Points:

• The Fiduciary Duty of Data: Why cybersecurity is a moral and legal responsibility to the public, requiring a shift from "check-box compliance" to long-term risk management.
• The Quantum Horizon: Understanding "Harvest Now, Decrypt Later" risks and why we must act now to prevent today’s encrypted data from becoming tomorrow’s public vulnerability.
• Building for Longevity: How automation, intelligence, and crypto-agile thinking allow government infrastructure to adapt seamlessly to post-quantum cryptographic standards.

Managing digital identities in complex health environments is critical to protecting sensitive information and ensuring frontline staff have fast, secure access to the tools they need. This session explores Alfred Health’s approach to strengthening cyber resilience through modern Identity and Access Management (IAM).

Key Takeaways:

• Strengthening Zero Trust foundations to protect sensitive data.
• Balancing clinician usability with compliance requirements.
• Integrating IAM across systems to boost resilience and response.

The public sector faces both opportunity and risk with generative AI. This session explores how to set guardrails, audit AI models, and align with Australia’s emerging critical infrastructure legislation.

As Victorian Government agencies accelerate digital transformation, this roundtable brings together public sector security leaders for a frank, peer-level conversation about what cloud security maturity genuinely looks like within government constraints — balancing VPSF, PSPF, and Essential Eight obligations against the realities of legacy infrastructure, stretched teams, and growing threat complexity.

Facilitated by Orca Security — recently named a Strong Performer in the Forrester Wave™ for Cloud Native Application Protection Platforms (Q1 2026) — the discussion will explore how agencies can achieve full-stack cloud visibility, cut through alert fatigue, secure increasingly interconnected supply chains, and use AI-driven tools to do more with less, all without sacrificing the compliance rigour and citizen data protection that the public sector

Meeting Compliance and Agility Goals: Government is under pressure to innovate quickly while maintaining strict compliance. This session demonstrates how cloud security can enable speed and resilience without creating policy or compliance gaps.

Safeguarding Victoria’s Digital Future: Explore how zero trust frameworks can be practically implemented across departments, from legacy systems to modern cloud platforms. The session highlights lessons learned from government rollouts and vendor expertise in enabling secure, identity-first operations.

With adversaries weaponising AI, agencies must evolve their defences. This session examines how AI/ML can detect, predict, and counter novel threats faster than human-only teams.

As industries become more reliant on interconnected OT systems, attackers are leveraging AI to automate and scale attacks.

This session examines key OT challenges and how organisations can protect critical infrastructure while maintaining operational continuity.

The traditional network perimeter has dissolved. Government is now borderless - spanning contractors, partners, legacy platforms, SaaS, and emerging AI systems. With the majority of breaches originating from compromised or misused credentials, identity has become the primary control point for cyber resilience.

This roundtable will explore how agencies can reduce breach risk by improving identity visibility, enforcing least privilege, and operationalising zero trust in complex environments. Discussion will also address the challenge of balancing compliance obligations with seamless access, while managing cost pressures and operational efficiency.

While the Essential 8 remains the gold standard for cyber hygiene, its implementation faces a new, non-human challenge. In 2026, the rise of "Agentic AI" and the explosion of machine identities have created a landscape where the most privileged "users" in your agency are no longer people—they are service accounts, APIs, and autonomous bots. This roundtable will dive into the practical friction of reaching Maturity Levels 2 and 3 when your administrative surface is increasingly automated. We will debate how to apply traditional controls like MFA and Restricted Admin Privileges to identities that never sleep, never use a biometric key, and often possess "always-on" standing access. This discussion is designed for leaders looking to move beyond checkbox compliance to a state of Identity Security, where machine-to-machine trust is continuously verified and governed with the same rigor as human access.

The first 24 hours of a cyber incident often determine its impact, visibility and recovery cost, yet many organisations still struggle to move from detection to decisive action. This roundtable focuses on strengthening incident readiness through practical playbooks, clearer escalation and reporting pathways and executive decision frameworks that hold up under pressure, including when incidents originate with third parties or shared service providers.

As digital delivery accelerates, cyber risk increasingly sits inside software pipelines rather than at the network edge. This session examines how agencies are embedding secure-by-design principles into software development and procurement, strengthening assurance across code, dependencies and vendors while maintaining delivery pace and aligning governance expectations with the realities of modern engineering teams.