Cyber Voices

In a groundbreaking move, Igor Gjorgjioski from VicRoads embarked on a digital transformation journey to enhance security and user experience by eliminating traditional passwords. Collaborating with Vincent Delitz from Corbado, a passkeys-as-a-service provider, they successfully implemented one of the largest public sector deployments of passkeys. This initiative aimed to address user friction and bolster security against phishing, with a keen focus on mobile-friendly, phishing-resistant logins. The project's success rested on a phased rollout, careful selection of partners, and strategic nudging of users towards adopting passkeys, setting a new standard for digital authentication in the public sector.

In this episode of Cyber Voices, Jasmine McCrudden shares her inspiring journey from a tech recruiter to a key player in the Australian cybersecurity community. As the Deputy Chair of the Australian Information Security Association (AISA) in New South Wales, Jasmine emphasises the importance of community and networking for career development in cybersecurity. She discusses how overcoming imposter syndrome and volunteering with AISA have shaped her leadership style. Jasmine's dedication to uplifting women and creating pathways in cybersecurity is evident in her impactful contributions to the industry, recognised by multiple awards and her dynamic role within AISA.

At CyberCon Australia 2025, Emily Woodhams shared her experience as the Cybersecurity Engagement Manager at Melbourne University. Her role involves enhancing communication and culture around cybersecurity by using innovative branding strategies, including Australian animal imagery linked with cyber behaviors. This approach moves away from clichéd cyber imagery like hackers in hoodies, aiming to demystify and humanize the field. Woodhams' journey from a communications background to a cyber role highlights the demand for storytelling skills in cybersecurity, a theme echoed throughout the conference. University branding changes prompted a larger initiative to create relatable and engaging cybersecurity messaging.

Content WarningIn this episode, we discuss topics that some may find triggering, relating to child sexual abuse material on the internet. David Willett hosts Joel Scanlan from the University of Tasmania to discuss strategies in preventing child sexual abuse material (CSAM) online. Joel highlights the importance of integrating safety by design on mainstream platforms, following alarming statistics of accidental exposure to CSAM. Emphasising deterrent measures, they explore the effectiveness of warning messages and chatbots in dissuading potential offenders. Both highlight the role of large tech firms and regulators in enhancing transparency and accountability, aiming to create a safer digital environment with fewer opportunities for CSAM to proliferate.https://www.stopitnow.org.au/ "Stop It Now! Australia is a child sexual abuse prevention program which works with adults concerned about their own, or someone else’s sexual thoughts or behaviours towards children."https://www.csamdeterrence.com/

In this episode, cybersecurity expert Gaurav Vikash discusses the privacy risks associated with smart cars and connected vehicles. As vehicles become more technologically advanced, they are equipped with features that collect and transmit user data, ranging from voice recordings to health information. Gaurav emphasises that many consumers remain unaware of the extent of data collection in modern vehicles, falsely assuming their privacy is protected like in traditional cars. He discusses industry practices, including Tesla's case where their app was used for stalking, and highlights the lack of comprehensive regulations, urging for better awareness and legal protections.

Jordan Carmichael, CEO of Helix Services, discusses the intricacies of insider threats and digital vetting in today's cyber landscape. With a focus on critical infrastructure, Carmichael emphasises the importance of identifying and managing human risk, especially as online radicalisation becomes more prevalent. The conversation pivots around the delicate balance between using open source intelligence for security and safeguarding individual privacy.

In this episode of Cyber Voices, host David Willett discusses the critical issue of children's online safety with Bailey Marshall, co-founder of Future Proof Security. Bailey shares insights on common online threats facing children today, ranging from cyber scams to issues of privacy and data misuse. Emphasising the importance of communication, she advocates for a balanced approach where parents and educators are equipped to have non-judgmental, trust-building conversations with kids. This empowers them to navigate the digital world safely, reducing the fear and embarrassment that often keep kids from reporting online issues.Find more info HERE

In this insightful episode of Cyber Voices, David Willett dives into the complexities of trust attacks with Max Heinemeyer at CyberCon 2025. Max brings an innovative perspective by simulating a politically motivated cyberattack on Australian infrastructure. He emphasises the growing concern over trust attacks, differentiating them from traditional cyber threats that focus on confidentiality and availability. Trust attacks, involving the manipulation of critical data, pose a severe risk to national stability. Through this discussion, the episode highlights the pressing need for improved cybersecurity frameworks to address the evolving threat landscape driven by hyper automation and modern AI technologies.Further reading provided by Max: On the Feasibility of Using LLMs to Autonomously Execute Multi-host Network Attacks https://arxiv.org/abs/2501.16466v3Teams of LLM Agents can Exploit Zero-Day Vulnerabilitieshttps://arxiv.org/abs/2406.01637Hexstrike AI Open Source Offensive Security AI Orchestrator - https://www.hexstrike.com/AI Agent XBOW making number one on Hackerone leaderboard - https://xbow.com/blog/top-1-how-xbow-did-itAI-enabled prototype ransomware PromptLocker - https://www.eset.com/us/about/newsroom/research/eset-discovers-promptlock-the-first-ai-powered-ransomware/?srsltid=AfmBOop67a943J8-_KuK_8dNC497RoWo1YCELz4eR8wSFUV6NqJy6R1RAnd then this happened since we recorded our podcast, but is highly relevant - https://www.anthropic.com/news/disrupting-AI-espionage

At the 2025 CyberCon in Melbourne, Tony Nicholls from CGI Australia introduced a new concept - a cyber escape room housed in a shipping container. Originally developed in the UK to raise cyber awareness, the escape room gamifies cybersecurity education, targeting both novices and professionals. It offers a hands-on approach to learning about phishing, social engineering, and malware, promoting a no-shame, team-based environment ideal for schools and businesses alike. With the ability to adjust difficulty on the fly, participants of all ages leave with a better understanding of cybersecurity threats and defenses, with a smile on their face.

In this episode, Jason Plumridge from Thales Cyber discusses the growing threats posed by foreign intelligence entities. He explains how these operatives target individuals within organisations to access sensitive data. The conversation highlights the role of physical and personal security in mitigating these risks and stresses the importance of identifying employee behavioral changes as potential red flags. The discussion delves into recruitment strategies used by operatives and underscores the need for robust insider threat programs, including continuous employee monitoring and strategic controls at both the personnel and physical levels.

In this episode of Cyber Voices, Kari Byron, known for her role on MythBusters, discusses her evolution from television host to STEM advocate. She is spearheading a global mission to promote STEM through a reimagined version of the White House Science Fair, now a national festival that transcends politics by involving industry sponsors. Byron explains how this initiative not only highlights young talent but also creates vital connections between students and industry leaders. The end goal is to empower the next generation of innovators, making STEM careers more accessible and fostering a worldwide community of future leaders.Make sure you check out Kari's podcast, Mythfits! 

In this gripping episode of Cyber Voices, we delve into the intricate web of North Korean cyber operations, revealing how the nation operates more like an international criminal network than a traditional state entity. Michael Puckridge and Jamie Lindsay from DTEX discuss their investigations into North Korea's covert cyber workforce. These malevolent actors pose as legitimate IT professionals to penetrate organizations, siphoning funds back to their homeland. This episode uncovers how these operatives exploit the remote work trend to bypass security and steal advanced intellectual property, showing the nuances of modern cyber warfare in a world still grappling with the aftermath of the pandemic.

In an engaging session at CyberCon Melbourne 2025, Theresa Payton shared insights from her pivotal career spanning from her role as the first female White House CIO to becoming the CEO of Fortalice. Payton captivated the audience by discussing her innovative approaches to cybersecurity, emphasising the importance of understanding human factors. She shares the success of her 'White House Happy Meal' initiative, a creative strategy to enhance cybersecurity training participation at the White House. Her keynote not only highlighted the serious cybersecurity work happening in Australia but also offered inventive solutions to global challenges.

Tom Huth and Ryan Mclaren stop by to discuss the Trident exercise series, a collaborative effort by the Australian Energy Market Operator (AEMO) and Retrospect Labs, is a large-scale cybersecurity exercise designed to enhance incident response in the energy sector. With participation from over 27 organizations and 560 individuals, the exercises simulate real-world cyber threats to practice and strengthen response capabilities. Through a flexible scenario framework, the exercises cater to varying maturity levels, focusing on delivering technically credible scenarios that participants can customize to fit their environments. This initiative not only boosts sector-wide resilience but also fosters collaboration across different organisations.

In this episode of Cyber Voices, David Willett chats with former participants of the Australian Women in Security Network (AWSN) and Retrospect Labs Incident Response Competition. The panelists, including competition winners and runners-up, share their transformative experiences in this hands-on, teamwork-based event. The competition, which simulates real-world cybersecurity incidents, highlights the importance of both technical and non-technical skills. Participants discuss how this immersive experience has propelled their careers in cybersecurity and fostered personal growth, while offering networking opportunities. The episode captures the competition's potential to redefine career paths and nurture talent in Australia’s cybersecurity landscape.Register for this years competition here: https://events.humanitix.com/2025-awsn-incident-response-competition  Get more detailed information here: https://www.retrospectlabs.com/events/awsn-2025-incident-response-competition  Or, Chek out the AWSN Events Page: https://www.awsn.org.au/initiatives/incident-response-competition/

In this episode of Cyber Voices, David discusses with Jeremy Snyder, founder and CEO of Firetail, the critical yet often overlooked significance of API security in the modern digital landscape. Jeremy explains how APIs underpin most online interactions, from mobile apps to AI systems, and the large volume of personal data transferred through these gateways. Despite the rise of AI topics, API security should remain a primary focus due to its central role in Internet infrastructure. The discussion also highlights common security oversights, such as unauthenticated endpoints and unretired zombie APIs, stressing the need for diligence and organizational alignment.

In this episode of Cyber Voices, cybersecurity expert Abbas Kudrati discusses the emerging challenge of non-human identities in the digital landscape. These identities, which include API keys, machine identities, and AI agents, are becoming crucial security concerns as technological advancements accelerate. Abbas shares insights into how non-human identities are defined, their inherent risks, and the shift towards them as major targets for cyber attackers. He explains the necessity of visibility and governance over these identities. He offers some strategies for securing them, emphasising the need for a proactive approach in an increasingly complex cyber environment.

Yvonne Sears discusses innovative strategies for rethinking third-party risk assessments. Moving beyond traditional checklists, Yvonne emphasises the importance of aligning assessments with organisational goals and risk profiles. By focusing on specific objectives and measurable outcomes using OKRs, organisations can enhance trust, transparency, and resilience across their supply chains. The conversation highlights the limitations of standard questionnaires and advocates for a risk-based approach tailored to individual vendors and service providers, paving the way for more meaningful and effective partnerships.

In this episode of Cyber Voices, host David Willett sits down with Karl Sellmann, Chief Information Security Officer at Flinders University, to discuss the ongoing challenges in cybersecurity. Sellmann emphasises the importance of moving away from a reactive, 'whack-a-mole' approach to a more strategic, long-term plan that incorporates quick wins as building blocks.By focusing on broader strategies and risk management, organisations can better align their efforts with emerging threats and maintain resilience. This involves leadership engagement, understanding organisational complexities, and ensuring ongoing adaptability and transparency in cybersecurity operations.

In this insightful episode of Cyber Voices, David Willett interviews Zoe Adam, a seasoned cybersecurity professional leading dynamic teams at CyberCX. Newly energised after her talk at AdelaideSEC, Zoe shares her revolutionary approach to security operations. She argues for adaptability over rigid runbooks, emphasising the necessity for curiosity in incident management. Through anecdotes and personal experience, Zoe highlights how a monotonous tiered system stymies growth and curiosity. Her innovative method focuses on letting analysts own their work from start to finish, thereby unleashing their full potential and empowering them to make significant impacts.