BSides Ballarat 2026

In our increasingly connected world, we are reliant on critical infrastructure for essential daily services. Space technology underpins much of this critical infrastructure, and Australia's participation in the fast-growing space industry is rapidly accelerating. Space is Critical, Congested, and Contested (the 3 C's) and exposed to the same hazards covered in the Security of Critical Infrastructure Act (SOCI). This session discusses the 3 C's and how these hazards are managed across the four segments: Space Segment, Link Segment, Ground Segment, and User Segment. The session will walk through what Defence-in-Depth and Zero Trust look like from onboard systems to communications links and the traditional cybersecurity threats we all face on the ground as users. It will conclude with a short case study and review of some tools specific to the space industry for managing cybersecurity.

About the Speaker

Peter Lake is a dedicated business leader and researcher at the forefront of cybersecurity and space science. He earned his Master's in Cybersecurity from Edith Cowan University in 2023, building on alumni ties to Queensland University of Technology. In December 2025, Peter joined Starmaster as Strategy Lead for Cybersecurity and Space, where the organization delivers micro-credentials to help skilled professionals transition into Australia's booming space sector. A lifelong amateur astronomer and STEM enthusiast, Peter participated in Cisco and CSIRO's Scientists in Schools program in 2013/14. His passion for hands-on learning drives his work in gamification, esports, and Capture the Flag (CTF) competitions, fostering pathways for emerging talent, including those with autism and neurodivergent traits through coaching at Crank – No Barriers from 2023-2025. Peter champions experiential training, from leading CTF teams to facilitating tabletop exercises on business continuity and disaster recovery, including a 2025 space cybersecurity session using FEMA's NIMS and ICS4ICS methodology. He is a member of AISA and the Australian Institute of Professional Intelligence Officers.

This talk is a practical guide to turning a low-budget homelab into a small but realistic cyber environment that builds job-ready skills. We will look at simple reference designs, free and cheap tools, and concrete examples of Windows, Linux, firewall, and logging setups that mirror real SME networks. Attendees will leave with clear lab blueprints, links to resources, and ideas for how to turn what they build at home into evidence of real experience.

About the Speaker

George Ferres is a sysadmin and IT teacher who broke into the industry at 17 based on a homelab built from cast-off hardware. He is keen to show people coming up behind him that you can get practical IT and security experience with recycled gear and free tools, and have a fun time doing it.

Beginning with the investigation of a suspected phishing campaign, this talk demonstrates how combining defensive and offensive actions can yield a fuller picture of a malware's infrastructure and operational scope. Octo2, an Android malware family, serves as the primary case study. We surgically dissect it to expose its inner workings and tradecraft, surfacing actionable insights for detection and response.

About the Speaker

Passionate malware reverse engineer, incident responder, and digital forensicator with a tendency towards academic rigor and a readiness to follow rabbit holes until the underlying story emerges.

Join Neel as he demystifies the Application Programming Interface (API). This session aims to guide attendees through the journey of how an API works, explore common API vulnerabilities, and API security best practices. It will provide anyone interested in modern application security with the knowledge needed to secure their APIs and protect their data.

About the Speaker

Neel Paranjape is a Senior Application Security Engineer at Monash University where he specializes in API Security and DevSecOps, focusing on building a reliable and secure development process for applications from start to finish. His engineering perspective is informed by knowledge from previous roles across Application Security Engineering, Security Intelligence, and Detection and Response.

A short, technical demo showing how Microsoft Agent Framework and the Model Context Protocol (MCP) orchestrate an end-to-end agentic pipeline: agents fetch research papers using MCP tools, leverage LLMs to analyze paper content, surface key concepts and relationships, then convert those signals into clear Mermaid diagrams to visualize the literature.

About the Speaker

Tim Haintz has spent most of his life in Ballarat. He attended Ballarat High School before continuing his education at the University of Ballarat, which is now known as Federation University. Tim earned a Bachelor of Computing and, in 2023, began his Masters in Computing by Research at Federation University/ICSL. His research focuses on Prompt Engineering – The Way to Talk to AI. Tim is a Senior Product Manager on Microsoft’s Agentic AI team within the Security Engineering division. He joined Microsoft in 2019 after 13 years as a Systems Administrator/Engineer at Ambulance Victoria in Ballarat.

Open-Source Intelligence (OSINT) is the art of collecting and analyzing publicly available information—such as social media, websites, public databases, news, and forums—to understand digital footprints and verify information. In this talk, Ryan Fox breaks down the essentials of OSINT in a practical, beginner-friendly way, while highlighting its importance for cybersecurity and personal privacy. Through real-world contexts, including how these techniques can help identify exposed information and support investigations, the session explores how everyday platforms can unintentionally reveal more than people expect. Ryan will also cover defensive tactics you can apply immediately, such as privacy settings, reducing exposed personal details, and improving account security, to help protect yourself from OSINT-based threats like impersonation and social engineering. To wrap up, the audience will participate in an interactive 'OSINT Bingo' challenge, working together on a fictional persona to demonstrate how quickly 'breadcrumbs' can be pieced together, making the learning hands-on, memorable, and fun for both beginners and experienced attendees.

About the Speaker

Ryan Fox (he/him) is the President and Founder of the Deakin University Cybersecurity Association (DUCA) and Co-Chair of the Australian Council of University Cyber Societies. He has previously delivered a well-received talk on OSINT and social media and enjoys making OSINT concepts approachable through practical demonstrations and interactive activities.

We'll walk through some of the major cyber threats facing the Australian Higher Education and Research sector, including emerging threat trends, vulnerability and exploit trends, the geopolitical influence on cyber risk, and attack vector and technique trends.

About the Speaker

Jedd Parrott is a Cyber Security Systems Analyst at Monash University. He recently completed a double Bachelor in Information Technology and Criminology and is now working in an Incident Response role in his third year in the Cyber Security industry following Monash University's Cyber Student Incubator Program 2024.

I just received a message on my phone. I'm unable to unlock and use my own phone now. I didn't click or open or download anything, yet my privacy, content, data, information, location, and personal details are leaked and compromised.

About the Speaker

Hey, I'm Param, a 21-year-old Bachelor of Cybersecurity student at RMIT, also studying a Bachelor of Business Administration online and working as an Admin Manager at KAS Fuels Pty Ltd. A fun fact about me: I served in the Indian Army. During my training at the biggest tri-service academy in Asia, NDA, I learned about various fields I never thought of exploring, and hence here I am today. I've seen a lot but am still learning even more every day, every time!

Every day in my tech repair shops, I see phones compromised not by elite threat actors, but by a simple Google search and a legitimate-looking ad. Users search for utilities like 'phone cleaner,' 'PDF viewer,' 'weather app,' or 'Phone Booster,' tap the top (Sponsored) result, and follow a slick landing page that guides them into installing adware, trackers, or worse. In this talk, I walk through real infection paths from customer devices in regional Victoria to show exactly how these malvertising chains operate. I'll walk through what happened when I dug into one of these apps and uncovered a Hong Kong-based advertiser pumping hundreds of near-identical Google Ads into the same scam network. I will also examine why we almost never see this specific compromise style on iOS, and what that platform gap actually means for user risk. The second half is a practical playbook. I cover how I triage these devices at the counter, how I decide between a cleanup versus a full factory reset, and how I explain the infection to customers in plain language. Attendees will leave with a checklist and practical concepts they can use with their own users, as well as with friends and family, particularly our elderly population.

About the Speaker

David runs Ballarat Smartphones and Bendigo Smartphones, spending his days at the frontline of real-world device repairs, failures, data recovery, and mobile security incidents. He sees hundreds of handsets a month across all demographics, giving him a blunt view of how people actually get compromised outside of lab conditions. David is part of the BSides Ballarat organizing committee and cares about turning messy, real incidents into simple, actionable lessons for the community.

Cyberattacks have rapidly become one of the most significant threats to modern governments, critical infrastructure, and businesses. Insider threats account for a significant portion of attacks on organizations (over 60%), and that number is increasing. They can be malicious (e.g., theft, sabotage) or negligent (e.g., accidental data loss). What makes these threats acutely concerning is that they are performed by trusted personnel who have already been assigned legitimate access and have knowledge of security measures. This presentation highlights the types of insider threats (including malicious insiders, negligent or accidental insiders, compromised insiders, and collusive insiders), key motivators driving them, and pragmatic approaches we can implement to proactively detect and defend against insider threats.

About the Speaker

Rue is a cybersecurity practitioner with over 25 years of experience across both private (global) and public sector organizations. He currently works in cybersecurity defense management in the Victorian State Critical Infrastructure sector. In this role, he has championed the cyber incident response management practice at Melbourne Water. Rue's passion for cyber incident response management extends beyond the organization's ability to recover from anomalous events. He strongly believes that understanding the psychological drivers of the malicious actors behind cyber-attacks, as well as the consequential impacts to our cyber incident responders, organization, and wider citizens, are key to building higher resiliency and stronger cyber incident response management strategies. Rue holds professional and academic qualifications from Harvard University, The University of Auckland, and The University of South Africa. Furthermore, he holds a range of cybersecurity and IT professional certifications.

Our favourite mobile apps collect more personal information than we realize, from location and habits to health and relationships. When data leaks occur, like the recent Tea app breach, this information can be exposed or weaponized in ways that harm real people. This presentation will explore what app breaches reveal about digital vulnerability and provide actionable steps to protect privacy, security, and overall well-being in an increasingly connected world.

About the Speaker

Gyle has been in tech-focused jobs for more than two decades. She pivoted to an IT career in the early 2000s and specialized in cyber security a decade later. She received her Graduate Certificate in Incident Response from the SANS Institute and her master's in cyber security – Digital Forensics from UNSW Canberra. Her focus is on DFIR (Digital Forensics and Incident Response) and threat response areas (blue team related work) but adopts an adversarial mindset (red team) to further understand the different types of threats and attacks. She was part of the first cohort of Project Friedman, an initiative by WomenSpeakCyber and AWSN to produce more conference-ready women speakers. She contributes to the infosec community by volunteering for different community-based organizations, mentoring others, and advocating for diversity, inclusivity, and better mental health support for everyone in the community. At work, she currently leads a team of committed and diverse cyber defenders.

Australia's critical infrastructure is the backbone of national security and economic stability, making cyber security a top priority for operators and policymakers alike. This session provides a high-level introduction to the evolving cyber security landscape for Australia's critical infrastructure, drawing particularly from the speaker's experience within the energy sector. We will explore the Security of Critical Infrastructure (SOCI) Act, in place since 2018, its implications for operators, and the evolving regulatory landscape. The talk will also highlight key cyber threats facing critical infrastructure globally and locally, and introduce sector-specific approaches and frameworks that guide organizations in building a defensible cyber posture. Attendees will gain an understanding of why cyber security is a business imperative for critical infrastructure operators, the shifting landscape of threats and regulation, and how adopting relevant structured frameworks can help energy providers and other critical sectors stay ahead of emerging risks.

About the Speaker

Daniel Cross is the Cyber Security Manager at Tilt Renewables, where he oversees the organization's cyber security strategy and operational program to protect critical energy infrastructure from evolving cyber threats. Drawing on broad experience across technology and cyber security, Daniel specializes in translating complex technical challenges into clear business priorities and is a committed advocate for industry collaboration and community knowledge sharing.

With the rise in sophistication and popularity of Agetic AI models, fraud prevention has become more challenging with fraudsters utilising AI to execute fraud and appear more like legitimate users. In this talk we will explore the current fraud landscape and current techniques, both modern and traditional, that can help identify and mitigate fraud in this new era.

About the Speaker

Andrew Feutrill is a Mathematician who has built models in the fraud, e-commerce, cyber security and defence domains. He is currently Director of Science at Darwinium, developing techniques to mitigate the rise of AI assisted fraud.

Technical support scams are the digital equivalent of snake oil, with massive pop-ups, fake antivirus warnings, and call centers waiting to 'fix' your computer for a fee. In this talk, we'll break down how these scams work and the psychological tricks they use to hook victims. Then we'll dive into the world of scambaiting, where researchers and hobbyists turn the tables, tracing scam infrastructure, collecting evidence, and sometimes infiltrating the scammers' own systems. If you've ever wondered what really happens when you call 'Microsoft Support', or wanted to fight back safely, this session will pull back the curtain.

About the Speaker

I'm Hirusha, a cybersecurity student at Deakin University, developer, and scambaiter who spends way too much time breaking things, doing OSINT, and responsibly reporting the stuff I probably shouldn't have found.

The HackerEscapeRoom.online platform fuses the intensity of Capture-the-Flag (CTF) hacking challenges with the narrative-driven immersion of escape rooms, creating timed, story-based cybersecurity puzzles that test everything from threat hunting and penetration testing to governance and incident analysis.

About the Speaker

Christian Azuero is a cybersecurity specialist and Technical System Consultant at BMM Testlabs with over five years of experience across firewall auditing, threat detection, DFIR, and regulatory compliance. He designs hands-on Blue-Team and CTF learning environments, including the Hacker Escape Room platform used by students and cybersecurity communities across Australia. Christian holds an MSc in Network & Security from Monash University and multiple industry certifications, and is passionate about making cybersecurity education accessible, practical, and fun.

BSides has a theme of building a cybersecurity career. One topic that is missing is mental health in cybersecurity. It is becoming recognized as a serious problem in the industry due to high-stakes situations, a sense of constant vigilance, and lack of control over when incidents may occur. For people looking to get into cybersecurity as a career, they need to learn skills to manage their mental health in the face of these challenges early, otherwise they will be at risk of burnout or other mental health issues.

About the Speaker

Twice invited to the White House to advise the Obama Administration on cybersecurity, Peter Coroneos is a distinguished leader in the cyber and technology sectors. As CEO of Australia's Internet Industry Association (1997-2011), he pioneered 'icode', an anti-botnet scheme, inspiring a similar US initiative that reached 276 million users by 2012. Peter led the Australian industry delegation to Washington bilaterals on critical infrastructure protection. Beyond his cyber credentials, Peter is an accredited iRest instructor and long-term meditation teacher and practitioner. He holds qualifications in science, education, and law. In 2022, Peter founded Cybermindz.org, an international non-profit empowering and restoring embattled cyber teams with scalable, evidence-based mental health support.

Large Language Models (LLMs) are transforming software development by accelerating code generation, automating routine tasks, and enabling rapid prototyping. Yet beneath that fluency sits a growing supply‑chain risk: package hallucination. This happens when models reference libraries or APIs that simply don’t exist, or suggest incorrect versions, quietly introducing failures that are hard to catch. In this talk, he will share insights from a multi‑model, multi‑language analysis that highlights how these hallucinations show up across different ecosystems and what this means for developer trust and ultimately, for building safer AI‑assisted tooling.

About the Speaker

Nabil Siddiqui is a Solution Engineer at Microsoft and a researcher at Federation University, where his research explores the intersection of cybersecurity and artificial intelligence. With a career spanning more than 20 years, Nabil is recognized for his expertise in application innovation, AI, and security. He is passionate about leveraging cutting-edge technologies to solve complex challenges and drive secure, ethical digital transformation. Beyond his professional role, Nabil is a passionate open-source contributor and a published author. His book, Embracing Microservices Design: A Practical Guide to Revealing Anti-Patterns and Architectural Pitfalls, helps practitioners avoid common microservices fallacies.

In today's fast-evolving threat environment, simply knowing security fundamentals is no longer enough. Cybersecurity professionals and organizations must be skillful, well-prepared, and efficient in deploying advanced defense measures instantly when an alert occurs. This session introduces the values and limitations of the Cyber Training Range (CTR)—a vital resource for building operational readiness. A CTR provides a secure, isolated, and highly realistic virtual setting where teams can conduct full-scale cyber exercises without risking production systems.

About the Speaker

I am a cybersecurity researcher and educator currently undertaking a Master's by Research with a planned conversion to PhD from Federation University. Alongside my research, I work as an IT trainer at Box Hill Institute, contributing to capability-focused cyber education and training delivery. Before my appointment at Box Hill, I worked as a lecturer and tutor at a number of universities, teaching a wide range of IT units. My teaching portfolio included subjects such as Cloud Computing, Cloud Security, Networking, and Project Management, among others.

The dark web is often portrayed as a shadowy underworld of the internet, but the reality is far more nuanced and relevant to cybersecurity professionals. In this session, we will cut through the myths to explore what the dark web really is, how it operates, and why it matters. We will examine its infrastructure, the marketplaces and communities that thrive there, and the role it plays in cybercrime, from data breaches to ransomware operations. We will discuss how defenders can monitor dark web activity and use this to their advantage. Attendees will leave with practical insights into leveraging dark web intelligence for threat hunting, incident response, and proactive defense.

About the Speaker

Kenneth Yu is currently the Head of Adversarial Research at Cyberknowledge, where he leads the offensive security capabilities and the integration of adversary simulation modules into the Cyberknowledge platform. With over 18 years of cybersecurity experience, Kenneth has extensive experience in delivering penetration testing, incident response, and both technical and executive-level tabletop exercise engagements. He has worked with organizations across a wide range of industries, including finance, consulting, retail, technology, and government, to identify and remediate real-world attack vectors, strengthen security controls, and enhance leadership preparedness.