Agenda Day 2

Key Takeaways:

 - Role sprawl, excessive entitlements and misaligned policies across hybrid estates.

 - How organisations are tightening least privilege without paralysing productivity.

 - Practical approaches to continuous entitlement review at scale

 - Tooling and process combinations that are actually working in complex enterprise environments 

Carol Ostos

Head of Identity and Access Management
Origin Energy

See Bio

Key Takeaways:

 - What high-assurance privileged access looks like across distributed architectures

 - Why traditional vault-centric PAM tools fall short when admin access is ephemeral, API-driven or embedded in automated pipelines

 - Strategies for maintaining least-privilege enforcement when the perimeter is gone, and identities are scattered across dozens of platforms

 - What good privileged access monitoring looks like in practice: moving beyond session recording to genuine behavioural risk detection 

Reid Hokai

Senior Cyber Security Professional, IAM architecture
Commonwealth bank of Australia

See Bio

Key Takeaways:

- Why real-time authentication flows, not data at rest, are where modern identity breaches actually happen 

- How distributed systems create hidden trust gaps that attackers exploit during authentication and transitions 

- Practical architecture principles for securing identity assertions, MFA enrolment, and session hand-offs at scale 

- Balancing strong security with the reality of diverse customer behaviours, from passkeys to shared households and legacy constraints 

Key Takeaways:

 - How Macrokey's decentralised identity architecture is enabling verifiable credentials to operate across institutional boundaries without centralised intermediaries

 - Where decentralised identity, wallets and national Digital ID frameworks are delivering operational value, and where centralised models still dominate.

 - The technical and governance conditions that need to be in place before decentralised identity moves from pilot to mainstream

 - A candid assessment of where digital wallets are genuinely adding value versus where centralised models remain the more pragmatic choice 

Adnene Guabtni

Principal Research Scientist/Engineer, Architecture and Analytics Platforms
CSIRO Data 61

See Bio

Key Takeaways:

 - What identity means now — building deeper levels of trust and providing individuals with greater security 

 - Building selfie-capture capability and continuous improvement of the verification experience 

 - Moving identity away from the physical card and why that transition is now genuinely tangible 

 - Edge cases and real-world friction encountered along the way 

Crispin Blackall

Chief Technology Officer
VicRoads

See Bio

Key Takeaways:

 - What governments, businesses, and citizens must know as digital wallets become the new norm.

 - How verifiable credentials are reshaping the relationship between identity providers, relying parties and end users

 - Practical considerations for organisations planning to accept or issue digital credentials in the next 12–24 months

 - The standards landscape: what to build to now and what to wait on 

Brian Lee

Principal Solution Architect, Digital Identity and Verifiable Credentials progra
Services NSW

See Bio