OT Security Melbourne 2025 schedule

In this 10-minute networking session, the goal is to connect with three new people. Enjoy the opportunity to expand your network!

• Discuss how to position OT security as a business priority and integrate it into the broader cyber security strategy.
• Raising awareness of OT security across the organisation for greater efficiency, less complexity and ultimately boost the bottom line. 
• Establishing OT security governance and defining clear policies, roles, and responsibilities to bridge IT-OT gaps and create a unified security framework.

• What key aspects of the Cyber Security Act should organisations consider, particularly those regulated under SoCI and those outside its scope?
• How does the 2024 enhanced response and prevention amendment impact responsible entities, and what new obligations does it introduce?
• What strategies can organisations use to effectively implement approved cyber security frameworks to strengthen security and resilience?
• What are the practical challenges of applying governance-driven frameworks to industrial OT environments, and how can organisations integrate these frameworks into a unified, risk-based security approach? 
• How can organisations prevent compliance fatigue and turn regulatory reforms into opportunities for building meaningful cyber resilience in OT environments?

Moderator: 
Lauren Veenstra Chief Security Officer Iberdrola Australia 

Panellists

Maryam Shoraka Head of OT Cyber Security Operations Sydney Trains

Pippa Flanagan Manager ICT & Cyber Security GWMWater

The days of the operational environment functioning in a true standalone manner are over. Today, threats span both corporate and operational domains. Isolated systems lack visibility into credential misuse, lateral movement, and cross-domain attacks. Identity is a critical risk, with compromised accounts often bridging environments. Effective protection demands integrated visibility across users, assets, and threats: enabling a coordinated, resilient defence and supporting compliance with mandates such as the Essential Eight, SoCI, and SoNS.

• Understanding how OT networks have evolved to support cloud-based applications.
• Exploring key architectural considerations and best practices for secure OT-cloud convergence.
• Examining different approaches to integrating cloud services while maintaining security, reliability, and compliance.
• Building a secure OT Cloud strategy through implementing effective security measures to protect industrial operations in a cloud environment. 

Join this session to explore how Trellix provides practical guidance for leveraging and mapping the Essential Eight cyber security framework to enhance OT security. Gain insights into identifying critical assets, mitigating vulnerabilities, implementing layered defences, and monitoring for anomalies—while supporting regulatory compliance. Learn how this structured approach does not only improves risk management and defines clear security controls, but also bridges the gap between IT cyber security practices and OT-specific requirements like safety, uptime, and physical process integrity—ensuring resilient protection across industrial environments. 

• How do you effectively assess the risk of each vulnerability and prioritise patching based on the severity of the risk? 
• What strategies can help mitigate risks when patching is not immediately possible due to system limitations or operational constraints?
• How do you balance security investments in patch management with the cost of potential downtime or system failures?
• How do you collaborate and best work with vendors and suppliers in ensuring timely and secure patching?

Moderator: 
Ameneh Jalali Chief Cyber Security Officer Yokogawa Australia & New Zealand

Panellists:
David Worthington, GM - Digital Security & Risk, Jemena

Lu Ou Yang Group Head of Cyber Security Orora 

As the lines between IT and OT continue to blur, security teams face increasing pressure to manage cyber risk without disrupting operations or duplicating effort. Yet in many organisations, convergence remains more aspirational than operational — with siloed tools, teams, and priorities. This session explores how taking a context-first approach to OT security helps bridge that gap. By aligning risk to operational impact — not just technical vulnerabilities — we can prioritise what truly matters, even in resource-constrained, legacy-heavy environments. With real-world examples and a practical look at passive discovery, AI-driven analysis, and business-aligned decision-making, this talk offers a path to meaningful convergence: one built on shared context, not shared control.

• Addressing the unique challenges of OT environments, where legacy systems, strict uptime requirements, and limited patching create security gaps, and even minor perimeter misconfigurations can lead to major vulnerabilities.
• Strengthening multi-layered perimeter defence by deploying advanced firewalls, intrusion prevention systems, and adaptive segmentation strategies that go beyond the traditional Purdue Model to accommodate modern OT connectivity needs.
• Enforcing strict access controls with granular role-based permissions and continuous authentication to ensure only authorised users and devices interact with OT systems.
• Enhancing real-time threat detection by integrating OT-aware security analytics, enabling rapid response to anomalies and minimising operational disruptions.

• Evaluating security vulnerabilities in both design and operational supply chain practices.
• Developing supply chain policies and procedures to address cyber security, third-party security, and compliance risks.
• Gaining full supply chain visibility by understanding suppliers, vendors, and sub-suppliers to mitigate hidden security risks.
• Embedding security culture across suppliers by aligning security standards and conducting regular supplier reviews. 

During this session, we will dissect some of the common approaches to third party OT remote access and, in the context of recent attacks on critical infrastructure, understand why their compromise can be so devastating. We will then explore how a new generation of zero trust solutions are aligning to Australian regulations, such as SOCI and ACSC’s Remote Access Protocol, to enhance the efficiency of third parties while safeguarding Australian critical infrastructure.

Having an effective incident declaration process in place is key when developing your compliance strategy and meeting critical infrastructure regulations and standards. During this session, we’ll discuss best-practice defining and fine-tuning incident declaration processes and response plans, identify what your organisation is doing, and brainstorm strategies to advance your maturity model.

Speakers:

Moe Nahas OT & Infrastructure Delivery Manager Ports Victoria

Ramy Ibrahim Cyber Security Advisor Ports Victoria

As ICS and OT environments become increasingly connected, the need for structured cyber security risk management has never been greater. IEC 62443 offers a robust framework for securing industrial automation systems—but many organizations struggle with translating its comprehensive guidance into actionable steps. This session bridges the gap between theory and implementation by focusing on how to perform practical, scalable risk assessments aligned with IEC 62443, particularly for organizations that may have limited resources or are just beginning their OT cybersecurity journey.

Speakers:

Gerald Pang Security Manager Metro Trains Melbourne

Lu Ou Yang Group Head of Cyber Security Orora 

• How can we effectively train OT engineers in cyber security without disrupting operations?
• What are the key cyber security concepts every OT professional should understand?
• How can organisations create role-specific security training for OT engineers, managers, and security leads?
• What challenges do OT professionals face when adopting cyber security practices, and how can they be addressed?
• How can IT and OT teams collaborate to enhance cyber security awareness and skills?

Moderator:

Aidan Hollier Head of Asset Knowledge & Technology Melbourne Water

Panellists: 
Justin Nga Cybersecurity Manager CitiPower and Powercor

Greg Leibel Cyber Security Architect IXOM