Cyber Voices

In this episode of Cyber Voices, host David Willett discusses the critical issue of children's online safety with Bailey Marshall, co-founder of Future Proof Security. Bailey shares insights on common online threats facing children today, ranging from cyber scams to issues of privacy and data misuse. Emphasising the importance of communication, she advocates for a balanced approach where parents and educators are equipped to have non-judgmental, trust-building conversations with kids. This empowers them to navigate the digital world safely, reducing the fear and embarrassment that often keep kids from reporting online issues.Find more info HERE

In this insightful episode of Cyber Voices, David Willett dives into the complexities of trust attacks with Max Heinemeyer at CyberCon 2025. Max brings an innovative perspective by simulating a politically motivated cyberattack on Australian infrastructure. He emphasises the growing concern over trust attacks, differentiating them from traditional cyber threats that focus on confidentiality and availability. Trust attacks, involving the manipulation of critical data, pose a severe risk to national stability. Through this discussion, the episode highlights the pressing need for improved cybersecurity frameworks to address the evolving threat landscape driven by hyper automation and modern AI technologies.Further reading provided by Max: On the Feasibility of Using LLMs to Autonomously Execute Multi-host Network Attacks https://arxiv.org/abs/2501.16466v3Teams of LLM Agents can Exploit Zero-Day Vulnerabilitieshttps://arxiv.org/abs/2406.01637Hexstrike AI Open Source Offensive Security AI Orchestrator - https://www.hexstrike.com/AI Agent XBOW making number one on Hackerone leaderboard - https://xbow.com/blog/top-1-how-xbow-did-itAI-enabled prototype ransomware PromptLocker - https://www.eset.com/us/about/newsroom/research/eset-discovers-promptlock-the-first-ai-powered-ransomware/?srsltid=AfmBOop67a943J8-_KuK_8dNC497RoWo1YCELz4eR8wSFUV6NqJy6R1RAnd then this happened since we recorded our podcast, but is highly relevant - https://www.anthropic.com/news/disrupting-AI-espionage

At the 2025 CyberCon in Melbourne, Tony Nicholls from CGI Australia introduced a new concept - a cyber escape room housed in a shipping container. Originally developed in the UK to raise cyber awareness, the escape room gamifies cybersecurity education, targeting both novices and professionals. It offers a hands-on approach to learning about phishing, social engineering, and malware, promoting a no-shame, team-based environment ideal for schools and businesses alike. With the ability to adjust difficulty on the fly, participants of all ages leave with a better understanding of cybersecurity threats and defenses, with a smile on their face.

In this episode, Jason Plumridge from Thales Cyber discusses the growing threats posed by foreign intelligence entities. He explains how these operatives target individuals within organisations to access sensitive data. The conversation highlights the role of physical and personal security in mitigating these risks and stresses the importance of identifying employee behavioral changes as potential red flags. The discussion delves into recruitment strategies used by operatives and underscores the need for robust insider threat programs, including continuous employee monitoring and strategic controls at both the personnel and physical levels.

In this episode of Cyber Voices, Kari Byron, known for her role on MythBusters, discusses her evolution from television host to STEM advocate. She is spearheading a global mission to promote STEM through a reimagined version of the White House Science Fair, now a national festival that transcends politics by involving industry sponsors. Byron explains how this initiative not only highlights young talent but also creates vital connections between students and industry leaders. The end goal is to empower the next generation of innovators, making STEM careers more accessible and fostering a worldwide community of future leaders.Make sure you check out Kari's podcast, Mythfits! 

In this gripping episode of Cyber Voices, we delve into the intricate web of North Korean cyber operations, revealing how the nation operates more like an international criminal network than a traditional state entity. Michael Puckridge and Jamie Lindsay from DTEX discuss their investigations into North Korea's covert cyber workforce. These malevolent actors pose as legitimate IT professionals to penetrate organizations, siphoning funds back to their homeland. This episode uncovers how these operatives exploit the remote work trend to bypass security and steal advanced intellectual property, showing the nuances of modern cyber warfare in a world still grappling with the aftermath of the pandemic.

In an engaging session at CyberCon Melbourne 2025, Theresa Payton shared insights from her pivotal career spanning from her role as the first female White House CIO to becoming the CEO of Fortalice. Payton captivated the audience by discussing her innovative approaches to cybersecurity, emphasising the importance of understanding human factors. She shares the success of her 'White House Happy Meal' initiative, a creative strategy to enhance cybersecurity training participation at the White House. Her keynote not only highlighted the serious cybersecurity work happening in Australia but also offered inventive solutions to global challenges.

Tom Huth and Ryan Mclaren stop by to discuss the Trident exercise series, a collaborative effort by the Australian Energy Market Operator (AEMO) and Retrospect Labs, is a large-scale cybersecurity exercise designed to enhance incident response in the energy sector. With participation from over 27 organizations and 560 individuals, the exercises simulate real-world cyber threats to practice and strengthen response capabilities. Through a flexible scenario framework, the exercises cater to varying maturity levels, focusing on delivering technically credible scenarios that participants can customize to fit their environments. This initiative not only boosts sector-wide resilience but also fosters collaboration across different organisations.

In this episode of Cyber Voices, David Willett chats with former participants of the Australian Women in Security Network (AWSN) and Retrospect Labs Incident Response Competition. The panelists, including competition winners and runners-up, share their transformative experiences in this hands-on, teamwork-based event. The competition, which simulates real-world cybersecurity incidents, highlights the importance of both technical and non-technical skills. Participants discuss how this immersive experience has propelled their careers in cybersecurity and fostered personal growth, while offering networking opportunities. The episode captures the competition's potential to redefine career paths and nurture talent in Australia’s cybersecurity landscape.Register for this years competition here: https://events.humanitix.com/2025-awsn-incident-response-competition  Get more detailed information here: https://www.retrospectlabs.com/events/awsn-2025-incident-response-competition  Or, Chek out the AWSN Events Page: https://www.awsn.org.au/initiatives/incident-response-competition/

In this episode of Cyber Voices, David discusses with Jeremy Snyder, founder and CEO of Firetail, the critical yet often overlooked significance of API security in the modern digital landscape. Jeremy explains how APIs underpin most online interactions, from mobile apps to AI systems, and the large volume of personal data transferred through these gateways. Despite the rise of AI topics, API security should remain a primary focus due to its central role in Internet infrastructure. The discussion also highlights common security oversights, such as unauthenticated endpoints and unretired zombie APIs, stressing the need for diligence and organizational alignment.

In this episode of Cyber Voices, cybersecurity expert Abbas Kudrati discusses the emerging challenge of non-human identities in the digital landscape. These identities, which include API keys, machine identities, and AI agents, are becoming crucial security concerns as technological advancements accelerate. Abbas shares insights into how non-human identities are defined, their inherent risks, and the shift towards them as major targets for cyber attackers. He explains the necessity of visibility and governance over these identities. He offers some strategies for securing them, emphasising the need for a proactive approach in an increasingly complex cyber environment.

Yvonne Sears discusses innovative strategies for rethinking third-party risk assessments. Moving beyond traditional checklists, Yvonne emphasises the importance of aligning assessments with organisational goals and risk profiles. By focusing on specific objectives and measurable outcomes using OKRs, organisations can enhance trust, transparency, and resilience across their supply chains. The conversation highlights the limitations of standard questionnaires and advocates for a risk-based approach tailored to individual vendors and service providers, paving the way for more meaningful and effective partnerships.

In this episode of Cyber Voices, host David Willett sits down with Karl Sellmann, Chief Information Security Officer at Flinders University, to discuss the ongoing challenges in cybersecurity. Sellmann emphasises the importance of moving away from a reactive, 'whack-a-mole' approach to a more strategic, long-term plan that incorporates quick wins as building blocks.By focusing on broader strategies and risk management, organisations can better align their efforts with emerging threats and maintain resilience. This involves leadership engagement, understanding organisational complexities, and ensuring ongoing adaptability and transparency in cybersecurity operations.

In this insightful episode of Cyber Voices, David Willett interviews Zoe Adam, a seasoned cybersecurity professional leading dynamic teams at CyberCX. Newly energised after her talk at AdelaideSEC, Zoe shares her revolutionary approach to security operations. She argues for adaptability over rigid runbooks, emphasising the necessity for curiosity in incident management. Through anecdotes and personal experience, Zoe highlights how a monotonous tiered system stymies growth and curiosity. Her innovative method focuses on letting analysts own their work from start to finish, thereby unleashing their full potential and empowering them to make significant impacts.

In this enlightening episode of Cyber Voices, host David Willett talks with Dr. Susan McGinty, a leader in the realm of cybersecurity and STEM leadership. Dr. McGinty shares her journey from being a scientist to a passionate advocate for diversity and inclusion in cybersecurity. The discussion highlights her initiatives aimed at fostering leadership skills among women and promoting inclusive cultures within organisations.Her work through AYA Leadership and The Asstembly emphasises the need for female representation at all levels, urging companies to embrace inclusivity as a driving force for innovation and effective decision-making.The Asstembly website: https://theasstembly.com/  Susan's white paper Advancing the Cyber Security Sector: Pathway to a Diverse and Inclusive Cyber Security Workforce, https://ayaleadership.com/advancing-the-cyber-security-sector-white-paper/  The Asstembly Women's Leadership Programs: https://theasstembly.com/womens-leadership-programs/

In this special episode recorded live at AISA SydneySEC 2025, David Willett sits down with Jessica Clarence from the Australian Signals Directorate (ASD) to explore the agency’s latest efforts to uplift cybersecurity across all levels of government.Jessica offers a deep dive into the SIEM and SOAR implementation guidelines developed by the ASD, highlighting how these frameworks are helping Australian organisations—both public and private—build more resilient and responsive cyber capabilities.She also unpacks the Government Uplift mission and the role of the Australian Cyber Security Centre (ACSC) in driving practical, scalable security strategies.From resource constraints and skills shortages to the limitations of emerging tech like AI, this episode tackles the real-world challenges facing cybersecurity leaders today. Whether you're in government or the private sector, Jessica’s insights offer actionable takeaways for strengthening your cyber posture.

In this episode of CyberVoices, David sits down with Rudy Haruta, a passionate advocate for disability inclusion and program lead at the Australian Disability Network. Rudy shares his personal journey and struggles with dyslexia, anxiety, and depression, and how these experiences shape his work today. They discuss the importance of organisations becoming disability confident, highlighting the need for tailored support and the challenges posed by traditional recruitment methods. The conversation aims to inspire listeners in the tech and cyber industries to consider more inclusive hiring practices and to better understand the unique perspectives of individuals with disabilities.

In this episode of Cyber Voices, David Willett hosts William Oh, Senior VP at BlueVoyant, as they dive into the critical issue of third party cybersecurity risk. William shares his extensive background in intelligence and highlights the growing importance of cybersecurity. They discuss how cyber attacks have become the silent initiators of warfare and emphasise the increasing risks associated with third-party vendors. This conversation sheds light on the often-overlooked threats that lurk beneath the surface of conventional warfare.

In this episode of Cyber Voices, David Willett interviews Gaurav Vikash, Head of Security and Risk for Asia Pacific at Axon, about the complex interplay of technology, compliance, and trust in today's security landscape. Gaurav discusses Axon's mission to create transparent policing tools, emphasising community trust. He also explores the exciting developments in biometric authentication and the risks associated with deepfake technology used to exploit static biometric systems. The conversation highlights the continuous need for innovative yet responsible solutions that enhance security while maintaining individual privacy and safety.

In this episode of Cyber Voices, Ella Donald, a change and communications manager for cybersecurity at the University of Queensland, shares her insights. Ella discusses her expertise in running successful tabletop exercises for both technical and executive audiences. She emphasises the importance of having clear aims, maintaining a proper scope, and understanding that these exercises are meant for practice rather than a test. Her approach focuses on relationship building and open communication, thereby enhancing organisational preparedness and resilience without amplifying egos or hierarchical barriers.