Cyber Voices

In this episode of Cyber Voices, recorded live at BrisSEC 2026, host David Savva-Willett speaks with Darren Hopkins, Partner at McGrathNicol and a Brisbane-based cybersecurity professional with more than 30 years’ experience across law enforcement, digital forensics, incident response and cyber crisis management.

Darren shares insights from his BrisSEC talk, “When You’re Already Losing: Responding to a Cyber Crisis You Don’t Control,” exploring the messy reality of cyber incidents where the playbook does not match the crisis. From third-party suppliers and SaaS dependencies to ransomware negotiations, regulators, media pressure, board expectations and limited information, Darren explains why effective incident r...

Recorded live on the floor at BrisSEC 2026 in Brisbane, David Savva-Willett sits down with Atticus D'mello, higher degree research student, vulnerability researcher, and emerging cybersecurity specialist with Safety Net Cyber, to unpack his BrisSEC talk Inside the Mind of an Attacker.

Atticus walks us through how he and his team approached one of the most under-discussed problems in consumer cybersecurity: how attackers bypass account creation limits on the world's biggest social media platforms to spin up anonymous accounts at scale. Working with nothing more than a laptop and a typical home internet connection, they mapped the controls, found...

Q-Day is coming — and the encryption protecting your most sensitive data may already be on borrowed time. In this episode of Cyber Voices, host David Savva-Willett sits down at AISA's BrisSec 2026 with Professor Craig Costello, cryptographer at the Queensland University of Technology and one of the global researchers shaping post-quantum cryptography (PQC) standards. Craig demystifies what post-quantum cryptography actually is, why "harvest now, decrypt later" attacks mean the threat is already here, and what recent breakthroughs from Google AI, UC Berkeley and Caltech mean for the timeline. He unpacks Google's bold 2029 Q-Day prediction, explains why PQC runs on the classical ha...

The Problem of Trust: Identity Fraud, Deepfakes & APAC Threat Trends with Anastasia Tikhonova

What happens when cybercriminals stop attacking your CEO and start targeting your developers instead? In this episode of Cyber Voices, host David Savva-Willett sits down with Anastasia Tikhonova, Global Threat Research Lead at Group-IB, joining live from Phuket, Thailand, to unpack the threat trends defining 2026 — and why Australia remains squarely in the crosshairs. Anastasia shares how her team connects threat intelligence dots across APAC, EMEA, and Latin America, and explains why she calls 2026 the year of "the problem of trust" — where attackers no longer need just...

What does it really take to step into the CISO seat, and thrive? In this episode of Cyber Voices, the official podcast of AISA and the home of Australia's cybersecurity community, host David Savva-Willett sits down with Tara Dharnikota, Chief Information Security Officer at Victoria University. With a career spanning Telstra, PEXA, and now one of Australia's leading universities, Tara brings a rare blend of offensive security expertise, OSINT, and executive leadership. In this candid conversation, she reflects on her first year as CISO, what surprised her, what she'd do differently, and what the role of the future really looks...

In a groundbreaking move, Igor Gjorgjioski from VicRoads embarked on a digital transformation journey to enhance security and user experience by eliminating traditional passwords. Collaborating with Vincent Delitz from Corbado, a passkeys-as-a-service provider, they successfully implemented one of the largest public sector deployments of passkeys. This initiative aimed to address user friction and bolster security against phishing, with a keen focus on mobile-friendly, phishing-resistant logins. The project's success rested on a phased rollout, careful selection of partners, and strategic nudging of users towards adopting passkeys, setting a new standard for digital authentication in the public sector.

In this episode of Cyber Voices, Jasmine McCrudden shares her inspiring journey from a tech recruiter to a key player in the Australian cybersecurity community. As the Deputy Chair of the Australian Information Security Association (AISA) in New South Wales, Jasmine emphasises the importance of community and networking for career development in cybersecurity. She discusses how overcoming imposter syndrome and volunteering with AISA have shaped her leadership style. Jasmine's dedication to uplifting women and creating pathways in cybersecurity is evident in her impactful contributions to the industry, recognised by multiple awards and her dynamic role within AISA.

At CyberCon Australia 2025, Emily Woodhams shared her experience as the Cybersecurity Engagement Manager at Melbourne University. Her role involves enhancing communication and culture around cybersecurity by using innovative branding strategies, including Australian animal imagery linked with cyber behaviors. This approach moves away from clichéd cyber imagery like hackers in hoodies, aiming to demystify and humanize the field. Woodhams' journey from a communications background to a cyber role highlights the demand for storytelling skills in cybersecurity, a theme echoed throughout the conference. University branding changes prompted a larger initiative to create relatable and engaging cybersecurity messaging.

Content Warning
In this episode, we discuss topics that some may find triggering, relating to child sexual abuse material on the internet. 


David Willett hosts Joel Scanlan from the University of Tasmania to discuss strategies in preventing child sexual abuse material (CSAM) online. Joel highlights the importance of integrating safety by design on mainstream platforms, following alarming statistics of accidental exposure to CSAM. Emphasising deterrent measures, they explore the effectiveness of warning messages and chatbots in dissuading potential offenders. Both highlight the role of large tech firms and regulators in enhancing transparency and accountability, aiming to c...

In this episode, cybersecurity expert Gaurav Vikash discusses the privacy risks associated with smart cars and connected vehicles. As vehicles become more technologically advanced, they are equipped with features that collect and transmit user data, ranging from voice recordings to health information. Gaurav emphasises that many consumers remain unaware of the extent of data collection in modern vehicles, falsely assuming their privacy is protected like in traditional cars. He discusses industry practices, including Tesla's case where their app was used for stalking, and highlights the lack of comprehensive regulations, urging for better awareness and legal protections.

Jordan Carmichael, CEO of Helix Services, discusses the intricacies of insider threats and digital vetting in today's cyber landscape. With a focus on critical infrastructure, Carmichael emphasises the importance of identifying and managing human risk, especially as online radicalisation becomes more prevalent. The conversation pivots around the delicate balance between using open source intelligence for security and safeguarding individual privacy.

In this episode of Cyber Voices, host David Willett discusses the critical issue of children's online safety with Bailey Marshall, co-founder of Future Proof Security. Bailey shares insights on common online threats facing children today, ranging from cyber scams to issues of privacy and data misuse. Emphasising the importance of communication, she advocates for a balanced approach where parents and educators are equipped to have non-judgmental, trust-building conversations with kids. This empowers them to navigate the digital world safely, reducing the fear and embarrassment that often keep kids from reporting online issues.

Find more info HERE

In this insightful episode of Cyber Voices, David Willett dives into the complexities of trust attacks with Max Heinemeyer at CyberCon 2025. Max brings an innovative perspective by simulating a politically motivated cyberattack on Australian infrastructure. He emphasises the growing concern over trust attacks, differentiating them from traditional cyber threats that focus on confidentiality and availability. Trust attacks, involving the manipulation of critical data, pose a severe risk to national stability. Through this discussion, the episode highlights the pressing need for improved cybersecurity frameworks to address the evolving threat landscape driven by hyper automation and modern AI technologies.

Further...

At the 2025 CyberCon in Melbourne, Tony Nicholls from CGI Australia introduced a new concept - a cyber escape room housed in a shipping container. Originally developed in the UK to raise cyber awareness, the escape room gamifies cybersecurity education, targeting both novices and professionals. It offers a hands-on approach to learning about phishing, social engineering, and malware, promoting a no-shame, team-based environment ideal for schools and businesses alike. With the ability to adjust difficulty on the fly, participants of all ages leave with a better understanding of cybersecurity threats and defenses, with a smile on their face.

In this episode, Jason Plumridge from Thales Cyber discusses the growing threats posed by foreign intelligence entities. He explains how these operatives target individuals within organisations to access sensitive data. The conversation highlights the role of physical and personal security in mitigating these risks and stresses the importance of identifying employee behavioral changes as potential red flags. The discussion delves into recruitment strategies used by operatives and underscores the need for robust insider threat programs, including continuous employee monitoring and strategic controls at both the personnel and physical levels.

In this episode of Cyber Voices, Kari Byron, known for her role on MythBusters, discusses her evolution from television host to STEM advocate. She is spearheading a global mission to promote STEM through a reimagined version of the White House Science Fair, now a national festival that transcends politics by involving industry sponsors. Byron explains how this initiative not only highlights young talent but also creates vital connections between students and industry leaders. The end goal is to empower the next generation of innovators, making STEM careers more accessible and fostering a worldwide community of future leaders.

Make...

In this gripping episode of Cyber Voices, we delve into the intricate web of North Korean cyber operations, revealing how the nation operates more like an international criminal network than a traditional state entity. Michael Puckridge and Jamie Lindsay from DTEX discuss their investigations into North Korea's covert cyber workforce. These malevolent actors pose as legitimate IT professionals to penetrate organizations, siphoning funds back to their homeland. This episode uncovers how these operatives exploit the remote work trend to bypass security and steal advanced intellectual property, showing the nuances of modern cyber warfare in a world still grappling with the...

In an engaging session at CyberCon Melbourne 2025, Theresa Payton shared insights from her pivotal career spanning from her role as the first female White House CIO to becoming the CEO of Fortalice. Payton captivated the audience by discussing her innovative approaches to cybersecurity, emphasising the importance of understanding human factors. She shares the success of her 'White House Happy Meal' initiative, a creative strategy to enhance cybersecurity training participation at the White House. Her keynote not only highlighted the serious cybersecurity work happening in Australia but also offered inventive solutions to global challenges.

Tom Huth and Ryan Mclaren stop by to discuss the Trident exercise series, a collaborative effort by the Australian Energy Market Operator (AEMO) and Retrospect Labs, is a large-scale cybersecurity exercise designed to enhance incident response in the energy sector. With participation from over 27 organizations and 560 individuals, the exercises simulate real-world cyber threats to practice and strengthen response capabilities. Through a flexible scenario framework, the exercises cater to varying maturity levels, focusing on delivering technically credible scenarios that participants can customize to fit their environments. This initiative not only boosts sector-wide resilience but also fosters collaboration across different organisations.

In this episode of Cyber Voices, David Willett chats with former participants of the Australian Women in Security Network (AWSN) and Retrospect Labs Incident Response Competition. The panelists, including competition winners and runners-up, share their transformative experiences in this hands-on, teamwork-based event. The competition, which simulates real-world cybersecurity incidents, highlights the importance of both technical and non-technical skills. Participants discuss how this immersive experience has propelled their careers in cybersecurity and fostered personal growth, while offering networking opportunities. The episode captures the competition's potential to redefine career paths and nurture talent in Australia’s cybersecurity landscape.

Register for th...

In this episode of Cyber Voices, David discusses with Jeremy Snyder, founder and CEO of Firetail, the critical yet often overlooked significance of API security in the modern digital landscape. Jeremy explains how APIs underpin most online interactions, from mobile apps to AI systems, and the large volume of personal data transferred through these gateways. Despite the rise of AI topics, API security should remain a primary focus due to its central role in Internet infrastructure. The discussion also highlights common security oversights, such as unauthenticated endpoints and unretired zombie APIs, stressing the need for diligence and organizational alignment.

In this episode of Cyber Voices, cybersecurity expert Abbas Kudrati discusses the emerging challenge of non-human identities in the digital landscape. These identities, which include API keys, machine identities, and AI agents, are becoming crucial security concerns as technological advancements accelerate. Abbas shares insights into how non-human identities are defined, their inherent risks, and the shift towards them as major targets for cyber attackers. He explains the necessity of visibility and governance over these identities. He offers some strategies for securing them, emphasising the need for a proactive approach in an increasingly complex cyber environment.

Yvonne Sears discusses innovative strategies for rethinking third-party risk assessments. Moving beyond traditional checklists, Yvonne emphasises the importance of aligning assessments with organisational goals and risk profiles. By focusing on specific objectives and measurable outcomes using OKRs, organisations can enhance trust, transparency, and resilience across their supply chains. The conversation highlights the limitations of standard questionnaires and advocates for a risk-based approach tailored to individual vendors and service providers, paving the way for more meaningful and effective partnerships.

In this episode of Cyber Voices, host David Willett sits down with Karl Sellmann, Chief Information Security Officer at Flinders University, to discuss the ongoing challenges in cybersecurity. Sellmann emphasises the importance of moving away from a reactive, 'whack-a-mole' approach to a more strategic, long-term plan that incorporates quick wins as building blocks.

By focusing on broader strategies and risk management, organisations can better align their efforts with emerging threats and maintain resilience. This involves leadership engagement, understanding organisational complexities, and ensuring ongoing adaptability and transparency in cybersecurity operations.

In this insightful episode of Cyber Voices, David Willett interviews Zoe Adam, a seasoned cybersecurity professional leading dynamic teams at CyberCX. Newly energised after her talk at AdelaideSEC, Zoe shares her revolutionary approach to security operations. She argues for adaptability over rigid runbooks, emphasising the necessity for curiosity in incident management. Through anecdotes and personal experience, Zoe highlights how a monotonous tiered system stymies growth and curiosity. Her innovative method focuses on letting analysts own their work from start to finish, thereby unleashing their full potential and empowering them to make significant impacts.

In this enlightening episode of Cyber Voices, host David Willett talks with Dr. Susan McGinty, a leader in the realm of cybersecurity and STEM leadership. Dr. McGinty shares her journey from being a scientist to a passionate advocate for diversity and inclusion in cybersecurity. The discussion highlights her initiatives aimed at fostering leadership skills among women and promoting inclusive cultures within organisations.

Her work through AYA Leadership and The Asstembly emphasises the need for female representation at all levels, urging companies to embrace inclusivity as a driving force for innovation and effective decision-making.

The Asstembly website: h...

In this special episode recorded live at AISA SydneySEC 2025, David Willett sits down with Jessica Clarence from the Australian Signals Directorate (ASD) to explore the agency’s latest efforts to uplift cybersecurity across all levels of government.

Jessica offers a deep dive into the SIEM and SOAR implementation guidelines developed by the ASD, highlighting how these frameworks are helping Australian organisations—both public and private—build more resilient and responsive cyber capabilities.

She also unpacks the Government Uplift mission and the role of the Australian Cyber Security Centre (ACSC) in driving practical, scalable security strategies.From resour...

In this episode of CyberVoices, David sits down with Rudy Haruta, a passionate advocate for disability inclusion and program lead at the Australian Disability Network. Rudy shares his personal journey and struggles with dyslexia, anxiety, and depression, and how these experiences shape his work today. They discuss the importance of organisations becoming disability confident, highlighting the need for tailored support and the challenges posed by traditional recruitment methods. The conversation aims to inspire listeners in the tech and cyber industries to consider more inclusive hiring practices and to better understand the unique perspectives of individuals with disabilities.

In this episode of Cyber Voices, David Willett hosts William Oh, Senior VP at BlueVoyant, as they dive into the critical issue of third party cybersecurity risk. William shares his extensive background in intelligence and highlights the growing importance of cybersecurity. They discuss how cyber attacks have become the silent initiators of warfare and emphasise the increasing risks associated with third-party vendors. This conversation sheds light on the often-overlooked threats that lurk beneath the surface of conventional warfare.

In this episode of Cyber Voices, David Willett interviews Gaurav Vikash, Head of Security and Risk for Asia Pacific at Axon, about the complex interplay of technology, compliance, and trust in today's security landscape. Gaurav discusses Axon's mission to create transparent policing tools, emphasising community trust. He also explores the exciting developments in biometric authentication and the risks associated with deepfake technology used to exploit static biometric systems. The conversation highlights the continuous need for innovative yet responsible solutions that enhance security while maintaining individual privacy and safety.

In this episode of Cyber Voices, Ella Donald, a change and communications manager for cybersecurity at the University of Queensland, shares her insights. Ella discusses her expertise in running successful tabletop exercises for both technical and executive audiences. She emphasises the importance of having clear aims, maintaining a proper scope, and understanding that these exercises are meant for practice rather than a test. Her approach focuses on relationship building and open communication, thereby enhancing organisational preparedness and resilience without amplifying egos or hierarchical barriers.

In this episode of Cyber Voices, host David Willett chats with James Pemberton, chair of the AISA's Tasmanian branch. James shares his journey from service desk roles into cybersecurity leadership and reflects on nearly a decade as an AISA member and volunteer. He highlights the branch's significant growth, with membership skyrocketing from 48 to 208. The conversation discusses the symbiotic relationship between seasoned professionals and students in Tasmania, emphasising community involvement and mentorship. James underscores the branch's challenges and rewards, stressing the importance of volunteer-driven initiatives to foster a vibrant cybersecurity community in Tasmania.

In another interview recorded live at CyberCon Canberra 2025, David chats with with Peter Watson from Recorded Future. Peter provides insights into malware loaders and Remote Access Trojans (RATS), shedding light on their evasive tactics and the complexity of defending against them. Additionally, he delves into techniques like DLL hijacking, illustrating their subtlety and effectiveness. The conversation highlights the challenges faced by security teams in detecting such activities, emphasising the role of threat intelligence.

In this special Pride-themed episode of Cyber Voices, host David celebrates the diverse contributions of the LGBTQIA community within the cybersecurity industry. Guests Meagan McClendon, Sean Barnett, and Joshua Craig share personal experiences about their identities and roles in cyber. The discussion highlights the importance of inclusivity in tech fields, the challenges faced by LGBTQIA professionals, and the evolution of workplace attitudes. The episode also marks the ongoing advocacy efforts by the Pride in Security network, underscoring the broader movement towards creating safe and welcoming spaces for all individuals in the technology sector.

In this enlightening episode of Cyber Voices, David and Jasmine interview Vanessa Van Beek, a notable figure in the cybersecurity realm, to discuss her journey from IT to becoming a cybersecurity champion. Vanessa emphasises the importance of diversity within cyber teams, highlighting how different perspectives, including those from neurodivergent individuals, enhance problem-solving capabilities. She shares her innovative use of LEGO bricks to visualise and tackle cybersecurity challenges, demonstrating the power of creativity in technical fields. This dialogue showcases the value of embracing varied experiences and skill sets to strengthen defence mechanisms against cyber threats.

In this electrifying episode of Cyber Voices, David Willett sits down with Paula Januszkiewicz, a true powerhouse in cybersecurity, live from CyberCon Canberra 2025. As CEO of CQURE Inc. & CQURE Academy, a seasoned penetration tester, red teamer, and Microsoft MVP & Regional Director, Paula brings unparalleled insights into the evolving cyber landscape.

David and Paula dive deep into the role of AI in threat hunting, exploring how machine learning and automation are reshaping cyber defense strategies. Paula shares her expert predictions on what 2025 and beyond holds for cybersecurity professionals, from emerging attack vectors to the skills that will define the...

CyberCon 2025 brought together the brightest minds in cybersecurity, and in this special episode, host David Willett sits down with keynote speaker Professor Sue Black (Professor of Computer Science and Technology Evangelist, International Keynote Speaker, Forbes World Top 50 Women in Tech) in the Cyber Voices podcast booth. Sue shares her inspiring journey as a Technology Evangelist, championing women in tech and using social media as a powerful force for change—most notably in her campaign to save Bletchley Park, the historic home of WWII codebreaking.

Join us as we explore the impact of digital advocacy, the future of tech in...

In the latest episode of Cyber Voices, recorded live at CyberCon Canberra 2025, Alexander Duffy from SA Power Networks joins David Willett for a deep dive into cyber preparedness in the energy sector. From rigorous cross-sector exercises with the Australian Energy Market Operator to ensuring every corner of the organisation is battle-ready, this conversation highlights the proactive steps being taken to stay ahead of cyber threats. Don’t miss this insightful discussion on resilience, collaboration, and the evolving cyber landscape!

Recorded live at CyberCon Melbourne 2025, this episode of Cyber Voices dives into the ever-evolving world of cybersecurity leadership. Hosts David Willett and Jasmine McCrudden sit down with Tony Vizza, Founder and Managing Partner of Novera, to tackle the big question: how informed do company boards really need to be about cyber risk and secure by design principles?

Tony shares his insights on the crucial intersection of governance and security, reflecting on the rapid growth of AISA and the evolution of CyberCon itself. With years of industry experience behind him, he brings a fresh perspective on the responsibilities of...

In this compelling episode recorded live at CyberCon Melbourne, hosts David Willett and Simona Dimovski sit down with Deany Jaghdour (Retrospect Labs) and Simon Carabetta (Accenture) to tackle one of the most persistent challenges in the cybersecurity industry: unconscious bias in recruitment.From both the recruiter’s and candidate’s perspectives, the panel explores how bias subtly shapes hiring decisions, team dynamics, and career opportunities—and what can be done to break through it. Expect honest insights, practical strategies, and a call to action for building a more inclusive and effective cyber workforce.

Whether you're hiring, job hunting, or just passion...