Conference – Cyber Security Leadership

How to land cyber deliverables: from strategy to impact

It was good to moderate a discussion on bridging the gap between strategy and execution. Great, candid conversation and plenty I’ll take back to the office.

Key takeaways:

☑️ Buy-in happens when you translate risk into business impact, work across functions and deliver early, visible wins.

☑️ Common pitfall: a glossy PowerPoint deck with no delivery plan. Convert vision into smaller, time-boxed outcomes with clear owners.

☑️ What makes the difference: realistic roadmaps, measurable OKRs (outcomes not activity), empowered teams and a steady governance cadence that removes blockers.

Thanks to the panelists and everyone in the audience who challenged orthodoxies – I learned as much as I hope I gave.

As AI adoption accelerates, leaders face the challenge of setting clear boundaries, not only around what AI should and shouldn’t do, but also around who holds responsibility for its oversight.

It was great to share my thoughts and answer audience questions during this panel discussion.

Governance must be cross-functional: security, risk, data and the business share accountability. I also reinforced the importance of guardrails, particularly forAgentic AI: automate low-risk work, but keep humans in the loop for decisions that affect safety, rights or reputation. Classify models and agents by impact and apply controls accordingly.

FinTech, AI and Cyber

I recently took the stage to talk about one of the most consequential inflection points facing FinTech: the rapid arrival of agentic AI – systems that plan, decide and act autonomously – and what it means for risk, reputation, regulation and customer trust. Below is a distillation of the talk: what agentic AI actually is, why FinTechs are racing to adopt it, the real cyber threats it brings, and a pragmatic playbook leaders can use today.

I had the privilege of sharing my views on AI Risk at the AI Security Summit, where senior leaders and practitioners came together to translate high-level fear into practical guardrails. In this blog I share a short playbook of the key themes and real-world strategies.

It was great to chat with Lieutenant General Michelle McGuinness, the National Cyber Security Coordinator, about the Australian Cyber Security Strategy as well as key initiatives, strategic imperatives and challenges that CISOs must navigate.

I appreciate an opportunity to contribute to the ongoing conversation on cyber threat landscape, risk and AI governance.

RSAC CISO Bootcamp 2025

It was so good to attend the RSAC CISO Bootcamp at CyberCon Melbourne – a practical session for CISOs.

Highlights that stuck with me:
💡 A conversation with Brian Krebs on AI security and organised cybercrime: attackers are tooling up fast; our defences must keep pace.
💡 A candid, closed-door session with Tim Brown, CISO of SolarWinds, about crisis response: execution matters, but so does the personal toll on teams and leaders.
💡 A chat with F1’s Guenther Steiner on teamwork and resilience in high-pressure environments.

Events like this remind me how much strength there is in our community. I’m proud to contribute and be part of it. You don’t need a challenge coin to get help – if you want to compare notes or need a sounding board, reach out.

AI and Cyber for Board Directors

It was good to attend the Essential Director Update – a timely reminder that good governance now requires foresight as well as oversight.

Staying on the forefront of contemporary governance demands AI and cybersecurity competency.

My key takeaways for boards and executives:
☑️ Data is the fuel: protect data integrity (accurate, consistent, timely) and focus governance where it creates the most value.
☑️ AI is everywhere, no longer just an IT challenge: adopt a human-centred approach, define guardrails around intent, and factor legal and ethical considerations into every deployment.
☑️ Balance innovation with risk: prioritise highest-value use cases, automate safety controls where possible, but don’t outsource accountability.
☑️ Cybersecurity must be risk-based: know your crown jewels, expect incidents, build crisis response plans and regularly test your defences.
☑️ People first: changing work practices will affect roles and culture; steer the transition and invest in policy and education.

Building resilience and sustainable performance

I had a pleasure of sharing some practical lessons on building resilience at the Cybersecurity Summit.

I touched on sustainable performance strategies and the importance of body, emotions, mind and purpose in preventing burnout.

Protecting systems starts with protecting the people who run them.

Evolution of third-party risk, accountability and trust

It was great to join last night’s panel, where I shared practical lessons from managing AI in vendor ecosystems – including ethical implications, regulatory uncertainties and resilience at scale.

If you run a restaurant, your supplier gives you a batch of ingredients and you use them in meals for customers. You’re responsible if the food makes people sick. AI vendors are ingredient suppliers – you are the chef.

Guardrails don’t have to block progress – they can make AI reliable and trustworthy.

Redefining business and technology in Australia

I’m proud to be featured on Moxie Top Minds, joining the most influential figures redefining business and technology in Australia.

It’s always great to collaborate with industry leaders from all aspects of the ecosystem: CEOs, CIOs, CTOs, CDOs, CISOs and Founders.

I look forward to setting the market pace by sharing insights, shaping research data and collaborating among executive networks.

Category Archives: Conference