ASIS NSW Annual Conference 2024

Paul Fitton, Director Cross Risk, Cyber & Infrastructure Security Centre, Department of Home Affairs
Paul Fitton is the Director of Cross Sector Risk section, within the Department of Home Affairs’ Cyber and Infrastructure Security Centre (CISC). He leads a stream of work that provides strategic-level assessment of nationally-significant risks to the critical infrastructure sectors and their critical capabilities listed under the Security of Critical Infrastructure Act 2018. Paul’s section is responsible for the Cyber and Infrastructure Centre’s Annual Risk Review. He has lead the delivery of strategic risk assessments on Australia’s national critical infrastructure sectors and on the cross-sector impacts to critical infrastructure from different types of hazards and interdependencies. The risk assessment work provides guidance for government policy considerations and informs critical infrastructure resilience strategies. Paul draws on over 18 years’ experience in intelligence, security and risk management, across roles in government and the private sector.

Paul Tomsic, Co-Founder & Director, TCubed Consulting
Paul Tomsic, Co-Founder and Director at TCubed Consulting, has 24 years of experience managing high-security and critical infrastructure projects, focusing on large-scale data centres. His experience demonstrates his proficiency in managing the complexities of constructing vital infrastructure while ensuring the integrity and operational security of these critical assets.
His expertise covers the entire project management lifecycle, from stakeholder engagement and risk mitigation to delivering projects that meet stringent compliance and security standards. Paul has successfully delivered many notable projects in the Critical Infrastructure sector, where he managed the integration of cutting-edge infrastructure solutions to ensure reliability, security, and efficiency.
Paul’s meticulous planning and proactive risk management ensure that every project he delivers aligns with client objectives and industry benchmarks. His leadership style is centred on collaboration, innovation, and consistently delivering under high-pressure conditions, making him a trusted figure in the critical infrastructure space.

David Morrison, Co-CEO, Morrisec
With over 20 years of experience, David has built a reputation as a top cybersecurity professional, working across governance, risk, compliance, penetration testing, threat detection, and more. His deep knowledge allows him to help organisations manage cyber risks, prioritising real-world threats and aligning with business objectives.
David’s career includes founding Ruxcon, Australia’s first hacker conference, and teaching cybersecurity courses. His work with universities and consulting across industries has equipped him to deliver practical, cost-effective solutions, particularly benefiting businesses with limited resources.
Additionally, David is known for his ability to bridge the gap between technical teams and business leaders. His skill in communicating complex cybersecurity issues in a clear and actionable way ensures that organisations not only understand their risks but can take steps to enhance their security posture within their budgetary limits.

Rajiv Shah, Managing Director, MDR Security
Rajiv Shah is Managing Director of MDR Security, a specialist consulting company that advises organisations on how to understand advanced technology, implement it securely and deliver business benefit. His areas of technical specialisation include cyber security, cloud, data, quantum and telecommunications technologies. Rajiv is also a Fellow of the Australian Strategic Policy Institute and has authored a number of papers for them on technology and cyber security policy.
Rajiv’s earlier career included 20 years at Detica, a specialist cyber, data and intelligence company originally from the UK, where he held a range of technical and leadership roles including working in the US. The company was subsequently acquired by BAE Systems, and Rajiv moved to Canberra in 2011 to set up the BAE Systems Applied Intelligence business in Australia, becoming the regional General Manager, working with federal Government, telecommunications companies and critical infrastructure providers to deliver cyber, intelligence and data solutions.
Prior to working at Detica, Rajiv completed a PhD in quantum physics at the University of Cambridge and continues to retain a close interest in maths and science.