Cyber Voices

Jordan Carmichael, CEO of Helix Services, discusses the intricacies of insider threats and digital vetting in today's cyber landscape. With a focus on critical infrastructure, Carmichael emphasises the importance of identifying and managing human risk, especially as online radicalisation becomes more prevalent. The conversation pivots around the delicate balance between using open source intelligence for security and safeguarding individual privacy.

In this episode of Cyber Voices, host David Willett discusses the critical issue of children's online safety with Bailey Marshall, co-founder of Future Proof Security. Bailey shares insights on common online threats facing children today, ranging from cyber scams to issues of privacy and data misuse. Emphasising the importance of communication, she advocates for a balanced approach where parents and educators are equipped to have non-judgmental, trust-building conversations with kids. This empowers them to navigate the digital world safely, reducing the fear and embarrassment that often keep kids from reporting online issues.

Find more info HERE

In this insightful episode of Cyber Voices, David Willett dives into the complexities of trust attacks with Max Heinemeyer at CyberCon 2025. Max brings an innovative perspective by simulating a politically motivated cyberattack on Australian infrastructure. He emphasises the growing concern over trust attacks, differentiating them from traditional cyber threats that focus on confidentiality and availability. Trust attacks, involving the manipulation of critical data, pose a severe risk to national stability. Through this discussion, the episode highlights the pressing need for improved cybersecurity frameworks to address the evolving threat landscape driven by hyper automation and modern AI technologies.

Further reading provided by Max: 

On the Feasibility of Using LLMs to Autonomously Execute Multi-host Network Attacks 
https://arxiv.org/abs/2501.16466v3

Teams of LLM Agents can Exploit Zero-Day Vulnerabilities
https://arxiv.org/abs/2406.01637

Hexstrike AI Open Source Offensive Security AI Orchestrator - https://www.hexstrike.com/

AI Agent XBOW making number one on Hackerone leaderboard - https://xbow.com/blog/top-1-how-xbow-did-it

AI-enabled prototype ransomware PromptLocker - https://www.eset.com/us/about/newsroom/research/eset-discovers-promptlock-the-first-ai-powered-ransomware/?srsltid=AfmBOop67a943J8-_KuK_8dNC497RoWo1YCELz4eR8wSFUV6NqJy6R1R

And then this happened since we recorded our podcast, but is highly relevant - https://www.anthropic.com/news/disrupting-AI-espionage

At the 2025 CyberCon in Melbourne, Tony Nicholls from CGI Australia introduced a new concept - a cyber escape room housed in a shipping container. Originally developed in the UK to raise cyber awareness, the escape room gamifies cybersecurity education, targeting both novices and professionals. It offers a hands-on approach to learning about phishing, social engineering, and malware, promoting a no-shame, team-based environment ideal for schools and businesses alike. With the ability to adjust difficulty on the fly, participants of all ages leave with a better understanding of cybersecurity threats and defenses, with a smile on their face.

In this episode, Jason Plumridge from Thales Cyber discusses the growing threats posed by foreign intelligence entities. He explains how these operatives target individuals within organisations to access sensitive data. The conversation highlights the role of physical and personal security in mitigating these risks and stresses the importance of identifying employee behavioral changes as potential red flags. The discussion delves into recruitment strategies used by operatives and underscores the need for robust insider threat programs, including continuous employee monitoring and strategic controls at both the personnel and physical levels.