Session 1 Title: Vishhal Gupta: Stop Selling Fear: How to Get Your Board to Say Yes to Cyber
We'll get breached if we don't act." Most of us have used some version of this line in a board paper. And most of us have had that paper sent back, deferred, or quietly shelved.

This session looks at why that keeps happening - and what we might do differently. Your CFO, CEO, and COO each need a different answer from the same proposal, and that's a harder problem than most cyber frameworks acknowledge.

Vishhal shares what he's learned from working across energy, financial services, and government - on both sides of the table as an operator and a consultant - about framing cyber as a business investment rather than a threat response. Stop selling fear. Start speaking Board.

Speaker 1

Vishhal Gupta, Independent Digital & Cyber Security Executive
Vishhal is a digital and cyber security executive with over two decades of experience helping boards, C-suites, and executive teams turn cyber risk into strategic advantage. His career spans both sides of the table - leading enterprise security and technology programs at organisations including Commonwealth Bank, Enel Green Power, and Transport for NSW, and building consulting practices across Asia-Pacific at Dell EMC and NTT.

Most recently, Vishhal served as Interim Digital & Cyber Head at Enel Green Power Australia, where he ran 24/7 security operations while delivering a multi-million-dollar IT/OT programme. He brings an international perspective drawn from leadership roles across Australia, Singapore, the United States, and India - and a track record of securing executive buy-in by framing cyber not as a cost centre, but as a driver of business resilience and competitive positioning.

Session 2 Title: Gursimran Tiwana: AI in OT: The Next Frontier of Cyber Risk in Critical Infrastructure
As artificial intelligence rapidly integrates into operational technology (OT) environments from healthcare systems to industrial control networks, it is redefining both capability and risk. What was once a predictable, deterministic environment is now becoming adaptive, autonomous, and increasingly opaque. This shift introduces a new class of cyber risks where attacks no longer just compromise data, but can influence physical processes, safety outcomes, and critical service delivery. Traditional cyber security controls, designed for static systems, are no longer sufficient to manage AI-driven behaviours, model vulnerabilities, and complex supply chain dependencies.

In this session, we will explore how AI is expanding the OT attack surface, and the emerging risks CISOs must address from model integrity and data poisoning to autonomous decision-making. Importantly, we will also examine how AI can be leveraged as a defensive capability in OT environments enabling real-time anomaly detection, predictive threat identification, and adaptive response mechanisms that were previously not possible in traditional systems. Drawing on real-world scenarios and practical insights, this talk will outline how organisations can evolve their risk frameworks, governance models, and control strategies not only to secure AI-enabled critical infrastructure, but to responsibly harness AI as a force multiplier for OT security and resilience.

Speaker 2

Gursimran Tiwana, CISO at Lumus Imaging
Gursimran is a seasoned cyber security leader and Chief Information Security Officer (CISO), currently also serving as Acting Chief Risk Officer (CRO), with extensive experience in securing critical infrastructure across healthcare, operational technology (OT), and enterprise environments. Based in Australia, he leads cyber security strategy, enterprise risk management, and resilience initiatives for a major healthcare organisation, where the protection of patient safety and clinical operations is paramount.

With a strong foundation in global standards including ISO 27001, ISO 31000, NIST, and IEC 62443, Gursimran brings a pragmatic, risk-driven approach to cyber security bridging the gap between executive governance and deep technical execution. His dual role across security and risk enables him to align cyber resilience with broader organisational risk appetite, regulatory obligations, and business priorities. Gursimran is particularly focused on the evolving intersection of artificial intelligence and OT security, exploring how emerging technologies are reshaping both the threat landscape and defensive capabilities. He is passionate about helping organisations move beyond traditional security models to build adaptive, intelligence-driven cyber resilience. A thought leader and engaging speaker, Gursimran regularly contributes to discussions on cyber risk, critical infrastructure protection, and the future of security in an increasingly autonomous world.

Participants will have the opportunity to ask questions of the speakers and networking drinks with light refreshments will be served after the presentation.

Time: 5:30pm - 7:30pm (AEST)
Agenda:
5:15pm - 5:30pm Registration
5:30pm - 6:30pm Presentation
6:30pm - 7:30pm Networking and light refreshments

Registrations close:  Wednesday 15 April or earlier if event is sold out prior

Cost to attend: 
Registration is free for AISA members
Non Members: $115.50 (incl GST)
Not an AISA member? Become a member today!

How to register:
   1. Members must be signed in to register
   2. To register for this event click on the Register Myself button
   3. Once you have confirmed your registration, this item will appear in your Shopping Cart
   4. Please proceed to the Submit Order button
   5. A confirmation of order will be emailed to you once your registration is confirmed OR payment has been made 

REMINDER: If you are unable to attend after registering, please send an email to [email protected] advising of your cancellation. This will release your place for another member to participate.

If you have any queries regarding this event, please contact AISA Events Team at [email protected] 

Disclaimer:
AISA presentations are intended for educational purposes only. Statements of fact and opinions expressed are those of the participants individually and, unless expressly stated to the contrary, are not the opinion or position of AISA, its sponsors, or its partners. AISA does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented. Attendees should note that sessions may be recorded and published in various media, including print, audio and video formats without further notice.