Event Agenda
15th – 16th September 2026 // Sydney
Theme: The Secure Ecosystem: Aligning People, Standards and Systems in OT
| Day 1 // 15th September 2026 08:45 – 17:10 AEST |
|
 |
08:50 Opening Address: Lauren Veenstra, CSO, Iberdrola Australia |
 |
09:00Panel Discussion: Governance & Responsibility: Who Owns OT Security? The complex nature of governance in modern industrial environments leaves a critical question unanswered: Who is ultimately responsible for the security of our operational technology? Is it IT, OT, C-suite, or a shared responsibility? In this expert panel discussion, we will dissect the intricate web of governance and accountability in the realm of OT security, exploring the critical need for clear ownership and a unified strategy to defend against escalating cyber threats to critical infrastructure. . ● How is IT/OT convergence impacting security roles and responsibilities? ● What are the best practices for establishing a robust governance framework that defines roles, responsibilities, and accountability for OT security? ● How do we manage cross-departmental collaboration and communication? . – Moderator: Feli Gouw, Senior Central OT Engineer, EnergyAustralia – Charles Gonzalez, Group CISO, Metcash – Siddharth Rajanna, Head of IT Security, Bingo Industries – Rolf Samonte, Head of ICT and Cyber Security, Metro Trains Sydney . |
|
09:40Presentation: Managed Defence: Lessons in OT Incident Response In an OT environment, a security breach is not just a data leak; it’s a threat to physical safety and operational continuity. In this session, we share actionable lessons from the front lines of industrial managed defence. This includes a real-world case study of a major incident and a break of the unique challenges and critical decisions that define effective OT incident response.
.
. |
 |
10:20Networking Break |
|
11:00Presentation: Architecting Trust: Implementing IAM and Zero Trust Frameworks within the Automotive Industry In the automotive industry, as with others, the traditional security perimeter has vanished. As vehicles evolve into hyper-connected nodes, the “castle-and-moat” approach is no longer fit for purpose. In this session, we explore the transition to an identity-centric security model, specifically tailored for the high-stakes automotive ecosystem. We will examine how to implement robust IAM and Zero Trust frameworks to ensure safety and data integrity across the entire vehicle lifecycle. . ● Transition from network-based security to granular, identity-based authentication ● Implement “never trust, always verify” principles to prevent lateral movement within the network ● Map Zero Trust strategies to ISO/SAE 21434 and UN R155 compliance requirements . – Senior Expert, Yokogawa . |
 |
11:30Case Study: Unified Third Party Compliance: Lessons Learned From Establishing a Secure Remote Access Framework The increasing reliance on external vendors and OEMs necessitates a robust, compliant approach to remote access within OT networks. In this session, we focus on the practical lessons learned from deploying a unified secure remote access (SRA) framework designed to manage hundreds of third-party connections across disparate industrial control systems. We will detail the architectural and procedural strategies required to move beyond fragmented vendor-specific solutions toward a single, auditable platform. . ● Hear strategies for consolidating third-party access solutions into a unified SRA platform ● Learn best practices for integrating PAM and SRA to enforce ‘just-in-time’ and ‘least-privilege’ access policies in OT ● Discover techniques for building a continuous auditing and compliance reporting structure to satisfy internal and regulatory mandates . – Senior Expert . |
|
12:00Presentation: Visibility at the Edge: Auditing Remote Session Activity in Real-Time Securing critical OT infrastructure requires absolute clarity over remote connections. This session explores real-time auditing techniques for the network edge, ensuring every contractor session is monitored and recorded. Discover how to maintain rigorous oversight of third-party access without disrupting operational flow, fulfilling compliance mandates while protecting your most sensitive industrial assets.. |
|
12:10Presentation: Real-Life Advice for Unlocking OT Security Budget Gaining visibility into our OT security posture allowed us to clearly understand the business risks linked to identified security gaps. Addressing these shortcomings required securing executive buy-in and unlocking the necessary budget. In this case study, we share our approach to building the business case for OT security investment and the lessons we learned along the way. .
– Senior Expert, Claroty |
 |
12:40 Lunch |
|
13:40Presentation: Mirroring Defence: Why Digital Twins are the Future of OT Security As industrial environments grow in complexity, traditional signature-based detection is no longer sufficient to stop sophisticated actors. This session explores the transition to Digital Twin-enhanced monitoring. We will discuss how, by comparing real-time SCADA data against the expected behaviour of a digital twin, operators can identify subtle, non-linear deviations that indicate a cyber-attack or mechanical compromise. . ● Hear practical steps to integrate high-fidelity process data into your security stack ● Enable a proactive defence posture that identifies threats before they result in physical damage or operational downtime ● Align engineering maintenance data with security monitoring to reduce false positives and improve incident response triage . – Amish Patel, Director OT Cyber Security and Technology, Transport for NSW . |
|
14:10Presentation: Maintaining Control: Securing Industrial Systems with an OT-Focused SOC While IT security teams have long relied on Security Operations Centers for monitoring the network, building an effective SOC for OT environments brings new challenges. In this session, we look into the critical steps involved in building an effective OT SOC from the ground up. This will also work as a guide to designing and implementing a dedicated OT SOC, including the fundamental pillars needed for success. We will share lessons learned from: .
. |
|
14:40Presentation: Building Cyber-Resilient OT Systems — IEC 62443 in Practice As cyber threats to OT rise, organisations across Australia and New Zealand are under growing pressure to strengthen security. IEC 62443 has become the global benchmark. Regulators across the region, including Australia’s critical infrastructure legislation, are increasingly adopting or aligning with IEC 62443. For OT security teams, applying these standards is now essential for both compliance and resilience. In this session, we share practical guidance on IEC 62443 and how to overcome the challenges of implementation. . ● Gain a practical understanding of IEC 62443 and why it matters ● Learn how to operationalise IEC 62443 in your organisation ● Hear real-world success stories: how enterprises are applying segmentation, defence-in-depth, and secure lifecycle strategies . – John Morcos, Head of Cyber Security Governance and Operations, Blackmores . |
|
15:10Presentation: Implementing SOAR in OT Environments Security Orchestration, Automation, and Response (SOAR) platforms have become a critical tool for modern SOCs, but their application in OT environments is a new frontier. In this session, we will explore the unique challenges and opportunities of implementing SOAR to automate and streamline security workflows for ICS and critical infrastructure. .
. |
|
15:40 Networking Break |
 |
16:10Roundtables: Choose 1 of the 3 Following Discussions . |
|
16:50Presentation: The Human Element: Turning OT Personnel into Your Strongest Security Control For too long, the focus in OT cyber security has been primarily on tech and tools. While technology is essential, statistics consistently show that the majority of security incidents still trace back to human error or procedural failures. In this session, we put the spotlight back to the foundational controls: people and process. We will explore how to build a mature, sustainable OT security programme by integrating security ownership into the daily workflow of engineers, operators, and maintenance teams. .
. |
|
17:20Closing Remarks – Lauren Veenstra, CSO, Iberdrola Australia |
 |
17:30Drinks Reception |
| Day 2 // 16th September 2026 08:50 – 17:10 AEST |
|
|
08:50Opening Remarks: Lauren Veenstra, CSO, Iberdrola Australia |
|
09:00Panel Discussion: A National Priority: What Does the Future of OT Security Look Like Under Australia’s SOCI Act? As the Security of Critical Infrastructure Act develops and shapes the Australian regulatory landscape, the focus for asset owners has shifted from high-level compliance to granular, operational resilience. In this panel session, we explore the future of OT security within this enhanced legislative framework. As the Act develops to include more critical assets, along with changes to how high-risk assets demonstrate their cyber maturity, we want to give today’s OT leaders the tools they need to understand and stay compliant. • How do we navigate the specific requirements of the SOCI Act and its impact on long-term OT investment and architecture? • With the 2026 enhancements to the CIRMP rules, how are we moving from ‘check-box’ compliance to demonstrating verifiable maturity in legacy OT environments? • Does SOCI’s focus on ‘Foreign Ownership, Control, and Influence’ fundamentally change how we procure OT hardware and software in Australia? . – Moderator: Lauren Veenstra, CSO, Iberdrola Australia – Dominic Grunden, CISO, Power and Water Corporation – Ryan Walker, OT/ICS Manager, Ventia – Dennis Moncrieff, IT Superintendent, Tomago Aluminium – Peter Davidoff, Head of Cyber Security Architecture, Department of Defence . |
|
09:40Presentation: Bridging the Chasm: Securing the Convergence of IT/IoT and Critical OT Environments The integration of smart sensors, IoT, and web-enabled automation systems creates a security “chasm” between isolated OT networks and the internet. This session addresses the risks of convergence: attack surface expansion, unmanaged web protocols, and critical visibility gaps. We present a unified architecture for safely bridging the chasm by detailing strategies to inventory, segment, and govern every connected device. Attendees learn how to enforce policy across the converging IT/OT boundary and manage the lifecycle of vulnerable endpoints without sacrificing operational efficiency.:
. |
|
10:10Networking Break – Breakfast hosted by Dull (Invite Only) |
|
10:50Presentation: Smart, Not Vulnerable: Integrating Emerging Technologies Safely in OT The promise of Industry 4.0 is to transform OT environments. In this session, we will guide attendees through the critical steps and best practices for adopting new and emerging technologies without compromising the safety and reliability of their operations. A session is designed for anyone involved in the digital transformation of industrial environments, join us to safely maximise your use of the latest tools in an OT context. . • Get up to speed with the latest technologies suited to your industrial environment • Address concerns about adopting new tech by prioritising security • Adopt a framework for safe integration… or develop your own! . – Penny Iverach, Senior Manager – Technology and Transformation, Port of Newcastle . |
| Plenary | |
|
11:20Presentation: Defence-in-Depth: Securing Legacy Systems in High-Stakes Environments From the critical life-support systems of a hospital to the high-security perimeters of a prison, legacy systems form an important part of our infrastructure. Yet, most are not designed for the modern threat landscape. This session investigates the unique vulnerabilities of outdated OT, where a single unpatched controller or a successful social engineering attempt can lead to catastrophic physical consequences. We will examine how to map your “shadow” OT estate and implement a pragmatic defence-in-depth strategy that protects your system without requiring a total infrastructure overhaul. . • Receive practical techniques for identifying “invisible” legacy controllers and serial-to-IP bridges across vast, complex estates • Implement compensating controls—such as micro-segmentation and protocol filtering—to shield vulnerable hardware that cannot be patched • Develop incident response playbooks tailored for facilities teams to counter phishing and physical social engineering at the site level . . |
|
11:50Presentation: The Weakest Link? Securing the IT/OT Interface from Phishing Attacks The IT/OT interface is the primary gateway for industrial breaches. This session examines how engineering-themed phishing lures bypass traditional defences to threaten physical operations. Learn to harden the critical juncture between networks, implementing robust identity verification and isolation to ensure a compromised credential never compromises your plant’s safety or productivity. . – Jenny Botton, Senior Manager Cyber Security, ABN Group . |
|
12:20Presentation: The 5 Critical Controls - What the Data Tells Us The SANS ICS 5 Critical Controls were crafted meticulously with analysis of compromises and cyber attacks in industrial companies worldwide. In this session, we discuss the data behind the Controls, as well as presenting them as a framework for a set of measures specifically designed for the prevention, detection, and response to cyber incidents in industrial environments. Join us to hear an insightful review of how the 5 controls can help you achieve better alignment across your IT and OT security teams. . . |
| Track A | |
|
12:30Presentation: From Factory Floor to the Cloud: How to Secure OT Migration Migrating factory floor systems to the cloud introduces complex security challenges that, if not addressed, can expose critical infrastructure to new and dangerous cyber risks. This case study will provide a detailed, firsthand account of a successful and secure digital transformation. Our speaker will share their journey of a real-world organisation that transitioned its OT systems to a hybrid cloud environment, highlighting the strategic decisions, technical hurdles, and security innovations that made the project a success.
. |
| Track B | |
|
12:30Presentation: Wrestling the Old, Welcoming the New: Securing Legacy Brownfield OT While Preparing State-of-the-Art Greenfield Launch Managing cyber security across different eras of infrastructure is a high-stakes balancing act. In this session, our expert speaker explores the realities of parallel-tracking OT security across generations of technology, delving into the challenges of maintaining OT security at a 30-year-old brownfield site, while preparing to launch a brand-new greenfield site fit with the latest tech. We will discuss practical strategies for retrofitting legacy systems, alongside the unique opportunities of baking robust cyber resilience into a modern asset from day one. . • Balance legacy asset preservation with cutting-edge greenfield security design • Implement pragmatic security controls on 1990s hardware without disrupting uptime • Learn the lessons of preparing operations for a state-of-the-art launch . – Ryan Walker,OT/ICS Manager, Ventia . |
| – | |
|
13:00Lunch |
|
14:00Presentation: Risk Mindset: How Do We Bring OT Teams Around on Cyber Security? For OT teams, uptime and safety are non-negotiable. To an engineer on the plant floor, IT-driven cyber security protocols can feel like a bureaucratic roadblock—patches that threaten stability or passwords that delay emergency response. To bridge this cultural chasm, cyber professionals must stop treating security as an IT compliance exercise and start speaking the native language of industrial operations: Risk Management. In this session, we explore how to build a collaborative “Risk Mindset” that empowers OT teams to champion security. . • Reframe cyber security as a component of functional safety rather than an IT overhead • Introduce patching and vulnerability management without risking 100% uptime • Create successful ‘Quick Wins’ for creating a unified response team . – Alfredo Urdaneta,Control System and SCADA Specialist Engineer – Utilities, Rio Tinto . |
|
14:30Presentation: Unlocking Secure Operations: Implementing IAM in an Industrial Environment With the increased convergence of IT and OT, user access management is now a key aspect of industrial security. Implementing a robust IAM framework is essential for mitigating insider threats to your OT network. This case study outlines our journey from a fragmented, insecure environment to a centrally managed, secure operational network. We will detail the step-by-step process of IAM implementation, highlighting the key decisions and technical solutions deployed. . • How to conduct a comprehensive assessment of OT assets, user roles, and access requirements to build a foundational understanding of the OT environment • Hear about the criteria used to select an IAM solution that could handle the unique demands of OT • Develop strategies for managing access during critical maintenance windows, ensuring production continuity . – Andrew Thyrd,Network and OT Security Manager Sydney Airport . |
|
15:00Case Study: Leading the OT Front Line: Operationalising Cyber Security on the Shop Floor Security policy is often written in a boardroom, but it’s executed on the factory floor. In this session, we move beyond high-level strategy to provide an actionable playbook for embedding cyber security into daily maintenance, vendor management, and control system operations. Learn practical tools for managing contractor access, securing removable media, triaging low-level incidents, and building a strong, security-aware culture within your technical teams. Empower your front line to become the first and most effective layer of defence. . • Translate high-level security policies into practical, documented work instructions for maintenance crews • Implement robust processes for managing contractor access, temporary credentials, and USB/removable media usage • Develop effective, role-specific training programs to establish a proactive, cyber-resilient operations team . – David Petzer, Senior Operational Technology Engineer, Glencore Coal . |
|
15:30Networking Break |
|
16:00Presentation: Future-Proofing Industrial Control: Dealing with the Critical OT Security Skills Shortage The convergence of IT and OT networks has dramatically increased the cyber risk profile for critical infrastructure and manufacturing sectors. However, the specialised expertise required to secure these environments—deep knowledge of both cyber security principles and ICS—is scarce, creating a critical and widening skills gap. In this session, our speaker will move beyond simply identifying the problem and provide actionable strategies for organisations dealing with this shortage. We will explore practical steps to build internal OT security capability. . • Train and upskill existing IT and engineering teams for OT roles • Attract scarce external talent in a competitive market • Leverage automation, managed services and other tools to reduce reliance on hyper-specialised personnel . – Dominic Grunden, CISO, Power and Water Corporation . |
|
16:30Case Study: Survival by Design: Achieving Operational Integrity When the Network is Compromised As IT and OT converge and threats abound, the goal of OT security must shift from total prevention to guaranteed persistence. This session explores “Survival by Design”—an architectural approach that ensures critical physical processes continue to operate safely even when the primary control network is compromised or untrusted. We examine the transition from cloud-dependent systems to decentralised edge resilience and the implementation of “deterministic control” protocols. By moving beyond digital-only defences, this presentation outlines how to maintain operational integrity through segmented isolation, manual fallbacks, and immutable recovery paths, ensuring your infrastructure remains functional under the most sub-optimal conditions. . • Design OT systems that can shed non-essential digital features while maintaining core safety and production functions during an attack • Reduce dependency on wide-area networks (WAN) and cloud services to prevent a remote outage from halting local physical operations • Implement rapid-restore protocols and hardware-enforced “gold-builds” to return to a known secure state within hours, not days . – Colin Renouf, CISO, Healius . |
|
17:10Closing Remarks – Lauren Veenstra, CSO, Iberdrola Australia |
|
17:20End of Conference |
