OT Security Melbourne 2025 schedule

• Discuss how to position OT security as a business priority and integrate it into the broader cyber security strategy.
• Raising awareness of OT security across the organisation for greater efficiency, less complexity and ultimately boost the bottom line. 
• Establishing OT security governance and defining clear policies, roles, and responsibilities to bridge IT-OT gaps and create a unified security framework.

• What key aspects of the Cyber Security Act should organisations consider, particularly those regulated under SoCI and those outside its scope?
• How does the 2024 enhanced response and prevention amendment impact responsible entities, and what new obligations does it introduce?
• What strategies can organisations use to effectively implement approved cyber security frameworks to strengthen security and resilience?
• What are the practical challenges of applying governance-driven frameworks to industrial OT environments, and how can organisations integrate these frameworks into a unified, risk-based security approach? 
• How can organisations prevent compliance fatigue and turn regulatory reforms into opportunities for building meaningful cyber resilience in OT environments?

Moderator: 
Lauren Veenstra Cybersecurity Lead Iberdrola Australia 

Panellists

Maryam Shoraka Head of OT Cyber Security Operations Sydney Trains

The days of the operational environment functioning in a true standalone manner are over. Today, threats span both corporate and operational domains. Isolated systems lack visibility into credential misuse, lateral movement, and cross-domain attacks. Identity is a critical risk, with compromised accounts often bridging environments. Effective protection demands integrated visibility across users, assets, and threats: enabling a coordinated, resilient defence and supporting compliance with mandates such as the Essential Eight, SoCI, and SoNS.

• Understanding how OT networks have evolved to support cloud-based applications.
• Exploring key architectural considerations and best practices for secure OT-cloud convergence.
• Examining different approaches to integrating cloud services while maintaining security, reliability, and compliance.
• Building a secure OT Cloud strategy through implementing effective security measures to protect industrial operations in a cloud environment. 

Extensive knowledge of assets that need to be secured is foundational for any effort to secure any type of asset. It’s no surprise that the Security of Critical Infrastructure Act 2018 (SOCI) addresses this in its initial requirements and recommendations. When an Asset Intelligence platform is implemented as the bedrock of a cyber security initiative asset information is continuously collected, aggregated, correlated and analysed making all subsequent activities easier. Join us to learn what constitutes an Asset Intelligence platform and how specific capabilities optimise every step of the process to compliance.

• How do you effectively assess the risk of each vulnerability and prioritise patching based on the severity of the risk? 
• What strategies can help mitigate risks when patching is not immediately possible due to system limitations or operational constraints?
• How do you balance security investments in patch management with the cost of potential downtime or system failures?
• How do you collaborate and best work with vendors and suppliers in ensuring timely and secure patching?

Moderator: 
Ameneh Jalali Chief Cyber Security Officer Yokogawa Australia & New Zealand

Panellists:
David Worthington, GM - Digital Security & Risk, Jemena

Lu Ou Yang Group Head of Cyber Security Orora

Arijit Lahiri Cyber Security Senior Consultant Melbourne Water 

Focusing on insider threats in OT/IoT environments, this session will highlight how internal actors pose significant risks, often due to OT/IoT systems' weaker security compared to IT environments. It will explore real-world cases and explore strategies to mitigate insider risks, enhancing overall security and operational resilience in OT/IoT infrastructures.

• Addressing the unique challenges of OT environments, where legacy systems, strict uptime requirements, and limited patching create security gaps, and even minor perimeter misconfigurations can lead to major vulnerabilities.
• Strengthening multi-layered perimeter defence by deploying advanced firewalls, intrusion prevention systems, and adaptive segmentation strategies that go beyond the traditional Purdue Model to accommodate modern OT connectivity needs.
• Enforcing strict access controls with granular role-based permissions and continuous authentication to ensure only authorised users and devices interact with OT systems.
• Enhancing real-time threat detection by integrating OT-aware security analytics, enabling rapid response to anomalies and minimising operational disruptions.

• Evaluating security vulnerabilities in both design and operational supply chain practices.
• Developing supply chain policies and procedures to address cyber security, third-party security, and compliance risks.
• Gaining full supply chain visibility by understanding suppliers, vendors, and sub-suppliers to mitigate hidden security risks.
• Embedding security culture across suppliers by aligning security standards and conducting regular supplier reviews. 

• Mapping OT-specific goals to overarching business objectives to drive operational efficiency, strategic success and improved decision-making. 
• Defining clear roles and responsibilities within your OT governance framework ensures accountability and prevents operational inefficiencies.
• Moving beyond a one-size-fits-all approach to ensure engineers, operators, managers, and IT staff receive targeted OT security training. 

Having an effective incident declaration process in place is key when developing your compliance strategy and meeting critical infrastructure regulations and standards. During this session, we’ll discuss best-practice defining and fine-tuning incident declaration processes and response plans, identify what your organisation is doing, and brainstorm strategies to advance your maturity model.

Speakers:

Moe Nahas OT & Infrastructure Delivery Manager Ports Victoria

Ramy Ibrahim Cyber Security Advisor Ports Victoria

As ICS and OT environments become increasingly connected, the need for structured cyber security risk management has never been greater. IEC 62443 offers a robust framework for securing industrial automation systems—but many organizations struggle with translating its comprehensive guidance into actionable steps. This session bridges the gap between theory and implementation by focusing on how to perform practical, scalable risk assessments aligned with IEC 62443, particularly for organizations that may have limited resources or are just beginning their OT cybersecurity journey.

Speakers:

Gerald Pang Security Manager Metro Trains Melbourne

Lu Ou Yang Group Head of Cyber Security Orora 

• How can we effectively train OT engineers in cyber security without disrupting operations?
• What are the key cyber security concepts every OT professional should understand?
• How can organisations create role-specific security training for OT engineers, managers, and security leads?
• What challenges do OT professionals face when adopting cyber security practices, and how can they be addressed?
• How can IT and OT teams collaborate to enhance cyber security awareness and skills?

Moderator:

Aidan Hollier Head of Asset Knowledge & Technology Melbourne Water

Panellists: 
Justin Nga Cybersecurity Manager CitiPower and Powercor

Greg Leibel Cyber Security Architect IXOM