Podcast
Cyber Voices
Hosted by Australian Information Security Association (AISA) · EN
Welcome to CYBER VOICES, where we highlight and celebrate the diverse voices of the Australian cyber community. From top-ranking CISOs and government officials to threat hunters and vulnerability analysts, if there’s a voice to be heard, you’ll hear it on CYBER VOICES. Join us as we delve into the stories, insights, and expertise that shape the world of cybersecurity in Australia.
12episodes
Episodes
Newest firstAll episodes
Inside the Dark Web Economy: Anastasia Tikhonova on 2026's Top Cyber Threats
2w ago00:38:00Tap to summarizeThe Problem of Trust: Identity Fraud, Deepfakes & APAC Threat Trends with Anastasia TikhonovaWhat happens when cybercriminals stop attacking your CEO and start targeting your developers instead? In this episode of Cyber Voices, host David Savva-Willett sits down with Anastasia Tikhonova, Global Threat Research Lead at Group-IB, joining live from Phuket, Thailand, to unpack the threat trends defining 2026 — and why Australia remains squarely in the crosshairs. Anastasia shares how her team connects threat intelligence dots across APAC, EMEA, and Latin America, and explains why she calls 2026 the year of "the problem of trust" — where attackers no longer need just your email and password. They want your voice, your face, your LinkedIn, and your professional connections to impersonate you convincingly enough to compromise the organisations you work with. In this episode, you'll hear about:The rise of identity fraud, deepfakes, and AI-powered social engineeringWhy Scattered Spider, Lazarus Group and others are shifting from mass campaigns to highly targeted persona attacksThe Axios NPM supply chain compromise (80 million weekly downloads) and what it means for every organisationHow dark web marketplaces, arbitration "courts," and Telegram-based criminal communities operate todayWhy Australia is the #2 ransomware target in APAC — and the lessons from the April 2025 super fund attacksThe role of hacktivism, geopolitical conflict, and national state actors in Australian threat activityPractical advice on managing your digital footprint when you, your family, or your executives have a public profileWhether you're a CISO, security analyst, developer, or simply curious about how cybercrime is evolving, this conversation delivers global perspective with sharp Australian relevance. Cyber Voices is the official podcast of the Australian Information Security Association (AISA) — bringing you the voices shaping cybersecurity in Australia and beyond. 🎧 Subscribe wherever you get your podcasts and follow AISA for more.
Transcribe →
Year One in the Seat: Tara Dharnikota on What It Really Takes to Be a CISO
3w ago00:30:29Tap to summarizeWhat does it really take to step into the CISO seat, and thrive? In this episode of Cyber Voices, the official podcast of AISA and the home of Australia's cybersecurity community, host David Savva-Willett sits down with Tara Dharnikota, Chief Information Security Officer at Victoria University. With a career spanning Telstra, PEXA, and now one of Australia's leading universities, Tara brings a rare blend of offensive security expertise, OSINT, and executive leadership. In this candid conversation, she reflects on her first year as CISO, what surprised her, what she'd do differently, and what the role of the future really looks like. In this episode, you'll hear:Why the CISO role is fundamentally about translation, not just technologyHow to communicate security risk to boards and executives in a language they actually understandThe trap of trying to prove yourself too fast — and why influence matters more than expertiseWhat "building security with people" rather than for them really means in practiceThe convergence of cyber and physical security in complex environments like universitiesTara's vision for the CISO of 2030 — and what aspiring CISOs should be doing right nowThe role that communities like AISA play in shaping future security leadersWhether you're an aspiring CISO, a seasoned security leader, or an executive trying to better understand your security function — this episode is essential listening.🎟️ Early bird registrations for the Australian Cyber Conference 2026 are open now — 14–16 October. AISA members grab a full 3-day Gold Pass for just $899. Head to cyberconference.com.au before 30 June.Subscribe, leave a 5-star review, and share this episode with someone on their path to the CISO seat.
Transcribe →
Navigating the Passkey Revolution with VicRoads
Feb 2500:26:48Tap to summarizeIn a groundbreaking move, Igor Gjorgjioski from VicRoads embarked on a digital transformation journey to enhance security and user experience by eliminating traditional passwords. Collaborating with Vincent Delitz from Corbado, a passkeys-as-a-service provider, they successfully implemented one of the largest public sector deployments of passkeys. This initiative aimed to address user friction and bolster security against phishing, with a keen focus on mobile-friendly, phishing-resistant logins. The project's success rested on a phased rollout, careful selection of partners, and strategic nudging of users towards adopting passkeys, setting a new standard for digital authentication in the public sector.
Transcribe →Building Cyber Communities with Jasmine McCrudden
Feb 1800:27:21Tap to summarizeIn this episode of Cyber Voices, Jasmine McCrudden shares her inspiring journey from a tech recruiter to a key player in the Australian cybersecurity community. As the Deputy Chair of the Australian Information Security Association (AISA) in New South Wales, Jasmine emphasises the importance of community and networking for career development in cybersecurity. She discusses how overcoming imposter syndrome and volunteering with AISA have shaped her leadership style. Jasmine's dedication to uplifting women and creating pathways in cybersecurity is evident in her impactful contributions to the industry, recognised by multiple awards and her dynamic role within AISA.
Transcribe →
Rebranding Cyber with Emily Woodhams
Feb 400:28:17Tap to summarizeAt CyberCon Australia 2025, Emily Woodhams shared her experience as the Cybersecurity Engagement Manager at Melbourne University. Her role involves enhancing communication and culture around cybersecurity by using innovative branding strategies, including Australian animal imagery linked with cyber behaviors. This approach moves away from clichéd cyber imagery like hackers in hoodies, aiming to demystify and humanize the field. Woodhams' journey from a communications background to a cyber role highlights the demand for storytelling skills in cybersecurity, a theme echoed throughout the conference. University branding changes prompted a larger initiative to create relatable and engaging cybersecurity messaging.
Transcribe →Tackling Abuse Material Online with Joel Scanlan
Jan 2800:20:55Tap to summarizeContent WarningIn this episode, we discuss topics that some may find triggering, relating to child sexual abuse material on the internet. David Willett hosts Joel Scanlan from the University of Tasmania to discuss strategies in preventing child sexual abuse material (CSAM) online. Joel highlights the importance of integrating safety by design on mainstream platforms, following alarming statistics of accidental exposure to CSAM. Emphasising deterrent measures, they explore the effectiveness of warning messages and chatbots in dissuading potential offenders. Both highlight the role of large tech firms and regulators in enhancing transparency and accountability, aiming to create a safer digital environment with fewer opportunities for CSAM to proliferate.https://www.stopitnow.org.au/ "Stop It Now! Australia is a child sexual abuse prevention program which works with adults concerned about their own, or someone else’s sexual thoughts or behaviours towards children."https://www.csamdeterrence.com/
Transcribe →Gaurav Vikash Asks: Are Our Cars Spying on Us?
Jan 2100:24:39Tap to summarizeIn this episode, cybersecurity expert Gaurav Vikash discusses the privacy risks associated with smart cars and connected vehicles. As vehicles become more technologically advanced, they are equipped with features that collect and transmit user data, ranging from voice recordings to health information. Gaurav emphasises that many consumers remain unaware of the extent of data collection in modern vehicles, falsely assuming their privacy is protected like in traditional cars. He discusses industry practices, including Tesla's case where their app was used for stalking, and highlights the lack of comprehensive regulations, urging for better awareness and legal protections.
Transcribe →Navigating Insider Threats with Jordan Carmichael
Dec 1700:27:10Tap to summarizeJordan Carmichael, CEO of Helix Services, discusses the intricacies of insider threats and digital vetting in today's cyber landscape. With a focus on critical infrastructure, Carmichael emphasises the importance of identifying and managing human risk, especially as online radicalisation becomes more prevalent. The conversation pivots around the delicate balance between using open source intelligence for security and safeguarding individual privacy.
Transcribe →Protecting Kids Online with Bailey Marshall
Dec 1000:28:20Tap to summarizeIn this episode of Cyber Voices, host David Willett discusses the critical issue of children's online safety with Bailey Marshall, co-founder of Future Proof Security. Bailey shares insights on common online threats facing children today, ranging from cyber scams to issues of privacy and data misuse. Emphasising the importance of communication, she advocates for a balanced approach where parents and educators are equipped to have non-judgmental, trust-building conversations with kids. This empowers them to navigate the digital world safely, reducing the fear and embarrassment that often keep kids from reporting online issues.Find more info HERE
Transcribe →Unmasking Trust Attacks with Max Heinemeyer
Dec 300:29:42Tap to summarizeIn this insightful episode of Cyber Voices, David Willett dives into the complexities of trust attacks with Max Heinemeyer at CyberCon 2025. Max brings an innovative perspective by simulating a politically motivated cyberattack on Australian infrastructure. He emphasises the growing concern over trust attacks, differentiating them from traditional cyber threats that focus on confidentiality and availability. Trust attacks, involving the manipulation of critical data, pose a severe risk to national stability. Through this discussion, the episode highlights the pressing need for improved cybersecurity frameworks to address the evolving threat landscape driven by hyper automation and modern AI technologies.Further reading provided by Max: On the Feasibility of Using LLMs to Autonomously Execute Multi-host Network Attacks https://arxiv.org/abs/2501.16466v3Teams of LLM Agents can Exploit Zero-Day Vulnerabilitieshttps://arxiv.org/abs/2406.01637Hexstrike AI Open Source Offensive Security AI Orchestrator - https://www.hexstrike.com/AI Agent XBOW making number one on Hackerone leaderboard - https://xbow.com/blog/top-1-how-xbow-did-itAI-enabled prototype ransomware PromptLocker - https://www.eset.com/us/about/newsroom/research/eset-discovers-promptlock-the-first-ai-powered-ransomware/?srsltid=AfmBOop67a943J8-_KuK_8dNC497RoWo1YCELz4eR8wSFUV6NqJy6R1RAnd then this happened since we recorded our podcast, but is highly relevant - https://www.anthropic.com/news/disrupting-AI-espionage
Transcribe →