OT Security Melbourne 2025 schedule

• Discuss how to position OT security as a business priority and integrate it into the broader cyber security strategy.
• Raising awareness of OT security across the organisation for greater efficiency, less complexity and ultimately boost the bottom line. 
• Establishing OT security governance and defining clear policies, roles, and responsibilities to bridge IT-OT gaps and create a unified security framework.

• What key aspects of the Cyber Security Act should organisations consider, particularly those regulated under SoCI and those outside its scope?
• How does the 2024 enhanced response and prevention amendment impact responsible entities, and what new obligations does it introduce?
• What strategies can organisations use to effectively implement approved cyber security frameworks to strengthen security and resilience?
• What are the practical challenges of applying governance-driven frameworks to industrial OT environments, and how can organisations integrate these frameworks into a unified, risk-based security approach? 
• How can organisations prevent compliance fatigue and turn regulatory reforms into opportunities for building meaningful cyber resilience in OT environments?

• Understanding how OT networks have evolved to support cloud-based applications.
• Exploring key architectural considerations and best practices for secure OT-cloud convergence.
• Examining different approaches to integrating cloud services while maintaining security, reliability, and compliance.
• Building a secure OT Cloud strategy through implementing effective security measures to protect industrial operations in a cloud environment. 

Extensive knowledge of assets that need to be secured is foundational for any effort to secure any type of asset. It’s no surprise that the Security of Critical Infrastructure Act 2018 (SOCI) addresses this in its initial requirements and recommendations. When an Asset Intelligence platform is implemented as the bedrock of a cyber security initiative asset information is continuously collected, aggregated, correlated and analysed making all subsequent activities easier. Join us to learn what constitutes an Asset Intelligence platform and how specific capabilities optimise every step of the process to compliance.

• Examining the weaknesses of traditional OT security models and the need for a more dynamic approach.
• Enhancing real-time monitoring and threat detection to strengthen resilience against evolving cyber risks.
• Implementing proactive security strategies to mitigate threats while ensuring operational continuity.

Focusing on insider threats in OT/IoT environments, this session will highlight how internal actors pose significant risks, often due to OT/IoT systems' weaker security compared to IT environments. It will explore real-world cases and explore strategies to mitigate insider risks, enhancing overall security and operational resilience in OT/IoT infrastructures.

• How do you effectively assess the risk of each vulnerability and prioritise patching based on the severity of the risk? 
• What strategies can help mitigate risks when patching is not immediately possible due to system limitations or operational constraints?
• How do you balance security investments in patch management with the cost of potential downtime or system failures?
• How do you collaborate and best work with vendors and suppliers in ensuring timely and secure patching?

• Addressing the intersection of physical and cyber threats in OT environments.
• Developing an integrated security strategy that unifies physical security controls with cybersecurity measures.
• Leveraging advanced monitoring, access controls, and incident response to enhance resilience.

• Mapping OT-specific goals to overarching business objectives to drive operational efficiency, strategic success and improved decision-making. 
• Defining clear roles and responsibilities within your OT governance framework ensures accountability and prevents operational inefficiencies.
• Moving beyond a one-size-fits-all approach to ensure engineers, operators, managers, and IT staff receive targeted OT security training. 

Having an effective incident declaration process in place is key when developing your compliance strategy and meeting critical infrastructure regulations and standards. During this session, we’ll discuss best-practice defining and fine-tuning incident declaration processes and response plans, identify what your organisation is doing, and brainstorm strategies to advance your maturity model.

Speakers:

Moe Nahas OT & Infrastructure Delivery Manager Ports Victoria

Ramy Ibrahim Cyber Security Advisor Ports Victoria

• Evaluating security vulnerabilities in both design and operational supply chain practices.
• Developing supply chain policies and procedures to address cyber security, third-party security, and compliance risks.
• Gaining full supply chain visibility by understanding suppliers, vendors, and sub-suppliers to mitigate hidden security risks.
• Embedding security culture across suppliers by aligning security standards and conducting regular supplier reviews. 

• How can we effectively train OT engineers in cyber security without disrupting operations?
• What are the key cyber security concepts every OT professional should understand?
• How can organisations create role-specific security training for OT engineers, managers, and security leads?
• What challenges do OT professionals face when adopting cyber security practices, and how can they be addressed?
• How can IT and OT teams collaborate to enhance cyber security awareness and skills?