Australia’s biggest cybersecurity event once again delivered a clear message: the pace, scale and complexity of cyber risk is accelerating — and the organisations that thrive will be those that build true operational resilience, not just better defences.
Across three packed days in Melbourne, our CISO, Reza Nashvi, and CTO, Stuart Long, attended sessions spanning AI risk, identity, SOC transformation, regulatory evolution and the realities of modern cyber-resilient architecture. Their combined takeaways paint a sharp picture of where the industry is heading — and what matters most for Australian organisations today.
1. AI Isn’t a Future Threat — It’s Already Inside the Walls
One of the strongest and most confronting messages throughout the conference was this:
“AI is already part of your attack surface.”
— Reza Nashvi, CISO
AI isn’t just a tool used by adversaries — it’s now embedded through:
- Third-party SaaS platforms
- Shadow AI workflows
- Productivity tools and copilots
- User-driven experimentation with genAI assistants
Rather than treating AI as an external risk, security teams must assume it’s already operating inside their environment. This shift is set to reshape regulation, internal controls and liability models over the next 12 months.
The practical guidance?
The NIST AI Risk Management Framework was heavily referenced and recommended as an immediate step for organisations wanting to get ahead. The first action:
Map where AI is already in use — formally and informally — and evaluate governance gaps.
2. “Resilience Is the New Security” — and Vendors Agree
If the conference had a single unifying theme, it was this:
“Resilience is the new security.”
Breaches are assumed. Downtime is the real cost.
Security strategy is shifting from prevention to continuity, recoverability, and response speed — and budget allocation is following.
According to Stuart, this aligns with a broader structural trend:
“Security is moving down the commoditisation curve. Platforms — with their baked-in integrations — are now where customers see the most value.”— Stuart Long, CTO
The message from vendors was clear: customers want platform-based security ecosystems, not standalone tools. But the hallway conversations exposed a reality check:
The blocker isn’t platform choice — it’s identity maturity.
Without strong identity and access management (IAM), organisations simply can’t realise the benefits of modern architectures like SASE, Zero Trust, or AI-enhanced SOC operations.
3. Identity Is Still the Weakest Link — and the Biggest ROI
Identity compromise remains the leading cause of breaches, and the advice from multiple AISA speakers was blunt:
“If privileged identity isn’t under control, nothing else matters.”
Both Reza and Stuart heard numerous examples where poor identity practice led directly to large-scale exposure — from Salesforce data extraction through call-centre over-permissions to lateral movement enabled by legacy AD environments.
If customers could only invest $50,000 in improvements?
The top recommendation from both leaders was unified:
- Identity threat detection & response (ITDR)
- Asset discovery and segmentation
- Cleaning up architectural foundations
These are foundational, high-ROI investments that unlock the benefits of everything else.
4. AI in the SOC: Beyond Hype, Genuine Impact
For the first time, organisations showcased real SOC use cases where AI copilots are already delivering measurable operational improvements:
- Summarising incidents
- Accelerating triage
- Reducing analyst cognitive load
- Improving decision consistency
- Automatically correlating alerts
This isn’t pilot-stage anymore — it’s being used at scale.
The critical insight was that AI is not replacing analysts; it’s augmenting them, improving time-to-response, and helping teams manage significantly higher alert volumes without proportional headcount increases.
5. The Gap Between the “Stage Version” of Security and Reality
A recurring tension emerged between conference presentations and practitioner conversations:
On stage:
“Zero Trust maturity is the new baseline.”
In the hallways:
“We can’t modernise because our identity, architecture and skillset aren’t ready.”
The result is a widening execution gap: organisations know what “good” looks like but can’t get there due to technical debt, legacy systems, and competing budget priorities.
For many, the real battleground isn’t new threats — it’s getting the basics back under control.
6. Recoverability Is the New Blind Spot
Stuart highlighted a critical but under-discussed issue:
“Most organisations haven’t tested their recovery properly post-COVID — even though their systems have radically changed.”
The ripple effects from cloud outages (such as recent global DNS disruptions) demonstrated just how tightly coupled digital services have become. A single point of failure now impacts:
• Banking
• Retail
• Government agencies
• Critical infrastructure
• Logistics and supply chain
• Multi-region cloud workloads
Visibility is important — but recoverability is now paramount.
7. The Next Security Battleground: Data Sovereignty, Supply Chain & Post-Quantum
Looking 12–18 months ahead, both leaders pointed to similar priorities — but with different weightings:
- Data sovereignty & data loss prevention – the most immediate and impactful
- Post-quantum cryptography – high value but fast-evolving
- Continuous supply-chain assurance – strategically critical but resource-intensive
Reza also emphasised that regulators are shifting from annual questionnaires toward continuous assurance — a major operational lift for many industries.
8. The Most Overlooked Action Customers Should Take Today
Both leaders agreed that one of the simplest, most powerful improvements is also the one most organisations still ignore:
Run a realistic business continuity or ransomware tabletop exercise.
Not a theoretical walk-through.
Not a compliance tick-box.
A real simulation involving:
- IT & OT
- Exec leadership
- Communications teams
- Third-party providers
- Cloud dependencies
- Operational decision points
It is the fastest way to expose blind spots — and improve resilience before a real incident occurs.
Final Thoughts: Cybercon Confirmed What We Already Knew — and Revealed What We’re Missing
AISA Cybercon 2025 reinforced that:
- AI is already reshaping the attack surface
- Identity maturity is still the foundation of modern security
- Platforms are replacing point-solutions
- Real-world resilience matters more than theoretical prevention
- Organisations must prepare for continuous assurance in their supply chain
- Recovery — not visibility alone — will define operational success
For Australian organisations, the path forward is clear: strengthen identity, modernise the SOC, uplift foundational architecture, and test resilience regularly.
These are the building blocks of secure, dependable operations — and they remain the areas where momentum is needed most.
Build resilience where it matters most.
If you’re looking to strengthen identity controls, uplift SOC capability, test recoverability, or prepare for new regulatory expectations around data sovereignty and supply-chain assurance, our team can help.
