Free Daily Podcast Summary
Cyber Voices: Daily Summaries Delivered
by Australian Information Security Association (AISA)
Welcome to CYBER VOICES, where we highlight and celebrate the diverse voices of the Australian cyber community. From top-ranking CISOs and government officials to threat hunters and vulnerability analysts, if there’s a voice to be heard, you’ll hear it on CYBER VOICES. Join us as we delve into the stories, insights, and expertise that shape the world of cybersecurity in Australia.
Latest Episodes
The most recent episodes — sign up to get AI-powered summaries of each one.
- Today30 min
When Everything Is On Fire: Shane Fitzsimmons on Leading Through Crisis
Recorded live at CyberConnect Canberra 2026, Cyber Voices host David Savva-Willett sits down with Shane Fitzsimmons AO AFSM, Managing Director of SAF Leading Advisory, former Commissioner of the New South Wales Rural Fire Service and inaugural Commissioner of Resilience New South Wales. David grabbed Shane straight off the main stage, minutes after his opening keynote on leadership in unprecedented times.Few people understand leadership under sustained pressure the way Shane does. He led New South Wales through the Black Summer bushfires, the floods that followed, biosecurity threats, critical infrastructure incidents and a global pandemic. His message to a room full of cyber leaders is strikingly simple. No matter the crisis, we are all part of a people organisation, and people are the anchor.Across the conversation Shane and David explore why a security leader's most important job is translation, turning complex and jargon heavy detail into plain language that paints an accurate picture for the board and the community. They dig into leadership as a culture rather than the sole purview of the person at the top, why trust and shared values have to be banked in the quiet times before any siren sounds, and why the most powerful thing a leader can say in a crisis is "I don't know, but I will find out."Shane also shares hard won lessons on looking after people in sustained pressure roles, the kind of burnout that incident responders and volunteers know all too well, and his belief that professionalism has nothing to do with whether you are paid. The pair turn to resilience and the discipline of learning from others rather than waiting for the crisis to find you, the value of after action reviews that capture what went well and not just what went wrong, and the knowledge transfer that readies the next team to step up.He closes with a single piece of advice for any cyber leader walking into the boardroom in the middle of an incident. Listen, keep it real, drop the ego, and let people know you care.This is an episode for every level of a security team, and one worth sharing well beyond our industry. If it lands with you, subscribe to Cyber Voices on your favourite podcast app and leave us a five star review. Full show notes are in the episode description.
- 1 weeks ago30 min
Turning Off the Tap: Andrew Haschka on AI, Vulnerabilities and the Software Supply Chain | GitLab
In this episode of Cyber Voices, the official podcast of AISA, host David Savva-Willett is joined by Andrew Haschka, Field CTO for Asia Pacific and Japan at GitLab, for a candid look at the question almost every enterprise is wrestling with right now: how do we let developers move faster with AI without flooding production with vulnerabilities we cannot keep up with? With more than two decades across cyber security, cloud and digital transformation, and prior leadership roles at Google and VMware, Andrew advises organisations and governments across the region on delivering software securely and at speed.At the heart of the conversation is what Andrew calls the AI paradox. AI can make writing code dramatically faster, yet the flow on effects in testing, security validation, compliance and release often slow teams down, because the volume of code rises while the team stays the same size. Much of that AI generated code is drawn from the internet, where not everything is secure by design, so vulnerabilities can increase exponentially. Andrew and David explore the memorable goal of one CISO to turn off the tap of vulnerabilities running in production, and why prevention beats endless triage.From there the discussion moves to the consumerisation of AI and the sprawl of unmanaged tools, the importance of a traceable system of record that evolves into a knowledge graph, and the defender's advantage in the arms race between teams shipping AI assisted code and attackers using AI to find weaknesses. Andrew makes the case that a defender whose AI understands the specific code base, threat model and compliance posture will spot what a generic attacker AI misses.Andrew also unpacks what secure software supply chains look like in an AI assisted world, from integrity and attestation to provenance and traceability, and shares practical guidance for any security leader being asked to enable AI for their development teams. His advice centres on building intelligent orchestration across three layers: a unified data layer and system of record, strong control and access with purpose built agents, and a governed experience delivered through an AI gateway rather than uncontrolled sprawl, all with humans firmly in the loop. It is a practical and forward looking conversation for any CISO, engineering leader or developer trying to capture the benefits of AI without inheriting a new generation of risk.
- 1 weeks ago29 min
The Chair's Check In: Michael Burchell on AISA at the Halfway Mark of 2026 | CyberConnect Canberra
In this episode of Cyber Voices, the official podcast of AISA, host David Savva-Willett sits down with Michael Burchell, Chair of the Australian Information Security Association, for a mid year check in on the state of Australia's peak body for cyber security. Recorded on the floor at the inaugural CyberConnect Canberra in the nation's capital, it is a candid look at where AISA sits at the halfway point of 2026, and, fittingly, it is Michael's very first podcast.The conversation opens with the reimagining of the event itself, the move from CyberCon Canberra to CyberConnect Canberra, and why a smaller, more curated and more local gathering is the right way to connect industry and professionals with government on regulation, consultation and cyber strategy. Michael and David also reflect on the proud tradition of the Australian Parliament House dinner in the Great Hall.From there the discussion turns to the year so far for an association now representing more than 14,000 members. Michael shares an update on the professionalisation town halls held around the country, the launch of the new Learning Portal for ongoing professional development, the scholarship program and its diversity work alongside partners such as AWSN, and the board's new long term strategy built around strategic pillars and a horizons approach.He also looks ahead to the SEC days still to come in Sydney, Adelaide, Perth and Darwin, and to the flagship CyberCon in Melbourne, with early bird registrations now open. Above all it is a thank you to the volunteers and branch committees who, in Michael's words, are the reason the association exists at all.Links to resources mentioned in this episodeAISA professionalisation pilot, including the key questions and responses Michael mentioned: https://aisa.org.au/public/Public/News_and_Media/Professionalisation/Professionalisation.aspxAISA Learning Portal, available now to all members (accessed through the AISA member area) https://www.aisa.org.auCyberCon Melbourne, early bird registrations open: https://www.cyberconference.com.au/ Australian Women in Security Network (AWSN): https://www.awsn.org.au/
- 2 weeks ago29 min
Nicole Stephensen on Privacy Impact Assessments and Securing Personal Information | BrisSEC 2026
In this episode of Cyber Voices, the official podcast of AISA, recorded live on the floor at BrisSEC in Brisbane, host David Savva-Willett sits down with Nicole Stephensen, a strategic risk and privacy professional recognised for her local and international expertise in privacy program management and her work as an expert witness on the reasonable steps needed to secure personal information across its lifecycle.Nicole is a Fellow of the Australian Information Security Association (FAISA) and a leading member of the International Association of Privacy Professionals (IAPP). Fresh from a panel alongside Queensland Privacy Commissioner Alexander White and IDCARE interim Group CEO Charlotte Davidson, Nicole unpacks what a privacy impact assessment really is, why it belongs in every cyber security toolkit, and what happens when organisations skip it.She also shares a memorable reframe from the panel: think of a privacy impact assessment less like a yes or no gate and more like a navigation system. The question stops being can we do this and becomes how do we get there safely, steering around the potholes, roadblocks and unnecessary costs along the way.The conversation explores where privacy and security overlap and where they differ, the reasonable steps expected under Australian privacy law, the recent alignment of Queensland privacy law with the federal approach, and the most common mistake of all, which is simply not doing a privacy impact assessment when you could. As Nicole explains, a good PIA does not have to be onerous or expensive, with free toolkits and templates available from both the federal and state privacy regulators.Links to resources mentioned in this episode:Federal resources, from the Office of the Australian Information Commissioner (OAIC): Guide to undertaking privacy impact assessments https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/privacy-impact-assessments/guide-to-undertaking-privacy-impact-assessmentsPrivacy impact assessment tool (the free, adaptable template) https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/privacy-impact-assessments/privacy-impact-assessment-tool10 steps to undertaking a privacy impact assessment https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/privacy-impact-assessments/10-steps-to-undertaking-a-privacy-impact-assessmentQueensland resources, from the Office of the Information Commissioner (OIC): Privacy impact assessments (step by step guide) https://www.oic.qld.gov.au/guidelines/for-government/guidelines-privacy-principles/privacy-impact-assessmentsUndertaking a Privacy Impact Assessment (the full guideline) https://www.oic.qld.gov.au/guidelines/for-government/guidelines-privacy-principles/privacy-impact-assessments/undertaking-a-privacy-impact-assessmentPIA templates, including the threshold privacy assessment and the PIA report templates https://www.oic.qld.gov.au/information-for/information-privacy-officers
- 3 weeks ago29 min
The 2026 Threat Landscape, Iran, and AI-Powered Phishing with Michael Kosak
Mike Kosak joins Cyber Voices to deliver a frank assessment of the 2026 cyber threat environment: it's not great, and it's getting worse. Mike is Director of Threat Intelligence at LastPass, with nearly 25 years of experience that began in the US Department of Defense as a counterterrorism intelligence officer. He served three deployments to Iraq supporting Operation Iraqi Freedom, led the Pentagon office responsible for intelligence updates to the Chairman of the Joint Chiefs of Staff, and acted as senior command representative to Joint Special Operations Command for the Defence Intelligence Agency. Since moving into the private sector he has led strategic cyber intelligence at Bank of America, headed the Cyber Threat Intelligence team at TIAA, and now drives threat intelligence at LastPass.In this conversation Mike and David unpack what the ongoing conflict in the Middle East means for Australian defenders, why Five Eyes membership puts Australia squarely in scope regardless of physical proximity, and how Iran targets opportunistically and then retrofits the rationale to fit. They look at China and Taiwan as a potential 2027 flashpoint, with critical infrastructure, education, and the defence industrial base already in frequent crosshairs. The conversation then shifts to phishing, where AI has lowered the barrier to entry and lifted operational tempo dramatically. Mike shares what his team has been observing as a single threat actor group develops its own AI-assisted phishing kit across three increasingly sophisticated versions, evolving from a basic login page to an attacker-in-the-middle reverse proxy.The episode closes with practical guidance for the Australian cyber community: the Essential Eight still gets you 80% of the way there, and getting a real handle on your tech stack, including shadow AI and shadow tech, will pay enormous dividends as the gap between vulnerability detection and exploitation continues to shrink. Subscribe to Cyber Voices wherever you get your podcasts, and find us on YouTube for the video version.
- 4 weeks ago28 min
Responding to a Cyber Crisis You Don’t Control with Darren Hopkins
In this episode of Cyber Voices, recorded live at BrisSEC 2026, host David Savva-Willett speaks with Darren Hopkins, Partner at McGrathNicol and a Brisbane-based cybersecurity professional with more than 30 years’ experience across law enforcement, digital forensics, incident response and cyber crisis management.Darren shares insights from his BrisSEC talk, “When You’re Already Losing: Responding to a Cyber Crisis You Don’t Control,” exploring the messy reality of cyber incidents where the playbook does not match the crisis. From third-party suppliers and SaaS dependencies to ransomware negotiations, regulators, media pressure, board expectations and limited information, Darren explains why effective incident response requires more than a neatly documented plan.David and Darren discuss why cyber crisis simulations matter, how organisations can build decision-making muscle memory, the importance of update cadence, the risks of over-communication, and why many incidents remain preventable through basic cyber hygiene, prioritisation and executive support. This episode is essential listening for CISOs, security leaders, board members, risk teams, communications professionals and anyone involved in preparing for or responding to a cyber incident.In this episode, we cover:How to respond when you do not control the cyber crisisWhy incident response plans still matter, even when reality gets chaoticThe role of executives, legal, communications, HR and technical teams during a breachWhy third-party and SaaS risk changes crisis responseHow cyber simulations can prepare boards and leadership teamsThe importance of clear communication and update cadenceWhy are many cyber incidents still preventableWhat cyber leaders should start doing differently today
- May 13, 202630 min
Inside the Mind of an Attacker — Atticus D'mello on Bypassing Social Media's Security Controls
Recorded live on the floor at BrisSEC 2026 in Brisbane, David Savva-Willett sits down with Atticus D'mello, higher degree research student, vulnerability researcher, and emerging cybersecurity specialist with Safety Net Cyber, to unpack his BrisSEC talk Inside the Mind of an Attacker.Atticus walks us through how he and his team approached one of the most under-discussed problems in consumer cybersecurity: how attackers bypass account creation limits on the world's biggest social media platforms to spin up anonymous accounts at scale. Working with nothing more than a laptop and a typical home internet connection, they mapped the controls, found the gaps, and responsibly disclosed the vulnerabilities, many of which have now been fully patched.The conversation goes beyond the technical, exploring why burner accounts are the gateway to online bullying, mass phishing, artificial engagement, and large-scale scams, and the very real human toll that follows. Atticus also shares his work helping victims regain access to compromised Instagram and Facebook accounts, the rise of fake "Meta verification" phishing emails, why TikTok's security-by-default model is worth paying attention to, and what every one of us can do to make social media a safer space. If you've ever wondered how those random accounts in your DMs come from nowhere — this one's for you.
- May 6, 202632 min
Quantum Safe Queensland: A Practical Roadmap with Prof. Craig Costello
Q-Day is coming — and the encryption protecting your most sensitive data may already be on borrowed time. In this episode of Cyber Voices, host David Savva-Willett sits down at AISA's BrisSec 2026 with Professor Craig Costello, cryptographer at the Queensland University of Technology and one of the global researchers shaping post-quantum cryptography (PQC) standards. Craig demystifies what post-quantum cryptography actually is, why "harvest now, decrypt later" attacks mean the threat is already here, and what recent breakthroughs from Google AI, UC Berkeley and Caltech mean for the timeline. He unpacks Google's bold 2029 Q-Day prediction, explains why PQC runs on the classical hardware you already own, and walks through a pragmatic transition roadmap aligned to the Australian Signals Directorate's guidance — from naming a transition lead and running an inventory scan, to prioritising key exchange over digital signatures, and managing vendor migrations. Whether you're a CISO, security architect, or just trying to understand what quantum computing really means for your organisation, this is a clear-eyed, panic-free conversation about preparing for the biggest cryptographic shift in 50 years.Topics covered:• What post-quantum cryptography is (and isn't)• Harvest now, decrypt later attacks explained• Why Google says Q-Day arrives by 2029• Recent algorithmic breakthroughs lowering qubit requirements• A practical PQC transition plan: 90 days and beyond• ASD guidance and the road to 2030• Crypto agility as a long-term security disciplineCyber Voices is the official podcast of the Australian Information Security Association (AISA).Planning for Post-Quantum Cryptography (the page Craig referenced directly) The ASD's practical framework covering inventory scans, transition timelines, and milestones — including the recommended deadline of end of 2030 to cease use of traditional asymmetric cryptography. 🔗 https://www.cyber.gov.au/business-government/secure-design/planning-for-post-quantum-cryptographyInformation Security Manual (ISM) — landing page The full ISM, intended for CISOs, CIOs, and cyber security professionals. 🔗 https://www.cyber.gov.au/business-government/asds-cyber-security-frameworks/ismISM — Guidelines for Cryptography The chapter that contains the specific PQC controls Craig mentioned, including ISM-2073 (PQC transition plan requirement) and the list of ASD-approved post-quantum algorithms. 🔗 https://www.cyber.gov.au/business-government/asds-cyber-security-frameworks/ism/cyber-security-guidelines/guidelines-for-cryptography Professor Craig Costello — QUT profile For listeners who want to take Craig up on his offer to engage directly with industry partners. 🔗 https://www.qut.edu.au/about/our-people/academic-profiles/craig.costello
About Cyber Voices
Welcome to CYBER VOICES, where we highlight and celebrate the diverse voices of the Australian cyber community. From top-ranking CISOs and government officials to threat hunters and vulnerability analysts, if there’s a voice to be heard, you’ll hear it on CYBER VOICES. Join us as we delve into the stories, insights, and expertise that shape the world of cybersecurity in Australia.
Customized Recaps
AI-powered recaps with compact key takeaways, quotes, and insights.
Straight to Your Inbox
Get key takeaways from Cyber Voices in a 5-minute read.
Save Hours Every Week
Stay current on your favorite podcasts without falling behind.
Frequently Asked Questions
What is Podzilla's Cyber Voices daily summary?
It's a free AI-powered email that summarizes new episodes of Cyber Voices as soon as they're published. You get the key takeaways, notable quotes, and links & mentions — all in a quick read.
How does the Cyber Voices podcast summary work?
When a new episode drops, our AI transcribes and analyzes it, then generates a personalized summary tailored to your interests and profession. It's delivered to your inbox every morning.
Is this an official Cyber Voices product?
No. Podzilla is an independent service that summarizes publicly available podcast content. We're not affiliated with or endorsed by Australian Information Security Association (AISA).
Can I get summaries of other podcasts too?
Absolutely! The free plan covers up to 3 podcasts. Upgrade to Pro for 15, or Premium for 50. Browse our full catalog at /podcasts.
How often does Cyber Voices release new episodes?
Cyber Voices publishes weekly. Our AI generates a summary within hours of each new episode.
What topics does Cyber Voices cover?
Cyber Voices covers topics including Technology. Our AI identifies the specific themes in each episode and highlights what matters most to you.
Start getting Cyber Voices summaries tomorrow morning.
Free forever for up to 3 podcasts. No credit card required.
Free forever for up to 3 podcasts. No credit card required.