Cyber Voices cover art

Cyber Voices

Cyber Voices

By: Australian Information Security Association (AISA)
Listen for free

Welcome to CYBER VOICES, where we highlight and celebrate the diverse voices of the Australian cyber community. From top-ranking CISOs and government officials to threat hunters and vulnerability analysts, if there’s a voice to be heard, you’ll hear it on CYBER VOICES. Join us as we delve into the stories, insights, and expertise that shape the world of cybersecurity in Australia.Copyright AISA
Episodes
  • The Sword Cuts Both Ways: Professor Toby Walsh on AI, Mythos and the New Normal in Cyber

    The Sword Cuts Both Ways: Professor Toby Walsh on AI, Mythos and the New Normal in Cyber
    Jun 24 2026
    On this episode of Cyber Voices, host David Savva-Willett is at Canberra CyberConnect 2026, AISA's inaugural event in the nation's capital, for a wide-ranging conversation with Professor Toby Walsh, one of the world's most influential voices in artificial intelligence.

    Toby is a Professor of AI at UNSW Sydney and Chief Scientist of UNSW AI. He has advised the United Nations and heads of state on the limits we need to place on AI, and his outspoken stance on the military uses of the technology famously earned him an indefinite ban from Russia.

    In this conversation, Toby and David dig into what AI really means for cyber defenders right now. They discuss Anthropic's Mythos and the wave of decades-old zero-day vulnerabilities now being uncovered, why this is the new normal rather than a one-off event, and how AI has democratised offensive capability so that sophisticated attacks no longer require deep technical expertise.

    They also explore the questions that matter most for security leaders: whether defenders are really losing the AI arms race, why dwell time has collapsed from 200 days to a smash-and-grab measured in hours, the rise of shadow AI arriving both top down and bottom up, the sovereignty risk when powerful tools are released only to a select few, and the lessons from the Canvas breach where attackers did not hack the front door, they simply logged in.

    Toby also lifts the lid on the ideas behind his latest book, The Shortest History of AI: Six Ideas Are All You Need to Know, including why AI is a 70-year overnight success and why the human brain, running on the power of a dim light bulb, still puts our most advanced machines to shame.

    Whether you are a CISO being asked to govern AI while still learning it yourself, or simply trying to separate the signal from the hype, this is a clear-eyed and occasionally very funny look at where AI and cyber security collide.

    Topics covered:
    • Why AI is a double-edged sword for cyber, threat and defence at once
    • Anthropic's Mythos and the discovery of zero-day flaws nearly 30 years old
    • How AI has lowered the barrier to entry for sophisticated attacks
    • Whether defenders are losing the AI arms race
    • Dwell time collapsing from 200 days to under two hours
    • Shadow AI, and how security leaders can actually govern it
    • Sovereignty risk and the case for stronger regulation
    • The Canvas breach and the era of just logging in
    • Six big ideas from The Shortest History of AI


    Cyber Voices is the official podcast of the Australian Information Security Association (AISA).
    Show More Show Less
    27 mins
  • When Everything Is On Fire: Shane Fitzsimmons on Leading Through Crisis

    When Everything Is On Fire: Shane Fitzsimmons on Leading Through Crisis
    Jun 17 2026
    Recorded live at CyberConnect Canberra 2026, Cyber Voices host David Savva-Willett sits down with Shane Fitzsimmons AO AFSM, Managing Director of SAF Leading Advisory, former Commissioner of the New South Wales Rural Fire Service and inaugural Commissioner of Resilience New South Wales. David grabbed Shane straight off the main stage, minutes after his opening keynote on leadership in unprecedented times.

    Few people understand leadership under sustained pressure the way Shane does. He led New South Wales through the Black Summer bushfires, the floods that followed, biosecurity threats, critical infrastructure incidents and a global pandemic. His message to a room full of cyber leaders is strikingly simple. No matter the crisis, we are all part of a people organisation, and people are the anchor.

    Across the conversation Shane and David explore why a security leader's most important job is translation, turning complex and jargon heavy detail into plain language that paints an accurate picture for the board and the community. They dig into leadership as a culture rather than the sole purview of the person at the top, why trust and shared values have to be banked in the quiet times before any siren sounds, and why the most powerful thing a leader can say in a crisis is "I don't know, but I will find out."

    Shane also shares hard won lessons on looking after people in sustained pressure roles, the kind of burnout that incident responders and volunteers know all too well, and his belief that professionalism has nothing to do with whether you are paid. The pair turn to resilience and the discipline of learning from others rather than waiting for the crisis to find you, the value of after action reviews that capture what went well and not just what went wrong, and the knowledge transfer that readies the next team to step up.

    He closes with a single piece of advice for any cyber leader walking into the boardroom in the middle of an incident. Listen, keep it real, drop the ego, and let people know you care.

    This is an episode for every level of a security team, and one worth sharing well beyond our industry. If it lands with you, subscribe to Cyber Voices on your favourite podcast app and leave us a five star review. Full show notes are in the episode description.
    Show More Show Less
    30 mins
  • Turning Off the Tap: Andrew Haschka on AI, Vulnerabilities and the Software Supply Chain | GitLab

    Turning Off the Tap: Andrew Haschka on AI, Vulnerabilities and the Software Supply Chain | GitLab
    Jun 10 2026
    In this episode of Cyber Voices, the official podcast of AISA, host David Savva-Willett is joined by Andrew Haschka, Field CTO for Asia Pacific and Japan at GitLab, for a candid look at the question almost every enterprise is wrestling with right now: how do we let developers move faster with AI without flooding production with vulnerabilities we cannot keep up with? With more than two decades across cyber security, cloud and digital transformation, and prior leadership roles at Google and VMware, Andrew advises organisations and governments across the region on delivering software securely and at speed.

    At the heart of the conversation is what Andrew calls the AI paradox. AI can make writing code dramatically faster, yet the flow on effects in testing, security validation, compliance and release often slow teams down, because the volume of code rises while the team stays the same size. Much of that AI generated code is drawn from the internet, where not everything is secure by design, so vulnerabilities can increase exponentially. Andrew and David explore the memorable goal of one CISO to turn off the tap of vulnerabilities running in production, and why prevention beats endless triage.

    From there the discussion moves to the consumerisation of AI and the sprawl of unmanaged tools, the importance of a traceable system of record that evolves into a knowledge graph, and the defender's advantage in the arms race between teams shipping AI assisted code and attackers using AI to find weaknesses. Andrew makes the case that a defender whose AI understands the specific code base, threat model and compliance posture will spot what a generic attacker AI misses.

    Andrew also unpacks what secure software supply chains look like in an AI assisted world, from integrity and attestation to provenance and traceability, and shares practical guidance for any security leader being asked to enable AI for their development teams. His advice centres on building intelligent orchestration across three layers: a unified data layer and system of record, strong control and access with purpose built agents, and a governed experience delivered through an AI gateway rather than uncontrolled sprawl, all with humans firmly in the loop. It is a practical and forward looking conversation for any CISO, engineering leader or developer trying to capture the benefits of AI without inheriting a new generation of risk.
    Show More Show Less
    30 mins
adbl_web_anon_alc_button_suppression_t1
No reviews yet