Melbourne Identity, Authentication & Access Management Summit 2025

Customer identity has been reimagined as a strategic enabler, not just a security layer. In this session, explore how to build a modern CIAM platform that balances strong security with seamless user experience.
‍
You’ll hear practical lessons from delivering adaptive authentication, driving cross-team alignment, and embedding identity into the fabric of digital banking all while keeping the platform cloud-native, compliant, and built for scale.

• How to reduce friction without increasing risk – Practical ways to deliver seamless customer journeys while maintaining strong security and trust
• What it takes to build a scalable, modern CIAM platform – Lessons in platform design, orchestration, and enabling adaptive, flexible identity flows
• How to align engineering, security, and product teams – Strategies to embed identity into digital experiences and drive shared ownership across functions  

AI agents, synthetic users, and machine identities are becoming part of daily operations but most IAM strategies weren’t built to handle them. In this panel, security and identity leaders will explore what happens when your users aren’t human, your workflows are autonomous, and your policies can’t keep up.

We’ll unpack the new risks AI introduces, how teams are adapting identity controls, and what needs to change in how we govern access and identity going forward.

• How to handle machine and agent identities: What’s working to manage authentication, permissions, and lifecycle for non-human actors
• Where current IAM approaches break down: Firsthand challenges teams are facing as AI scales across infrastructure
• What to change now: Tools, policies, and cross-team strategies that help you stay in control as AI reshapes the identity landscape  

‍

In this innovative session, attendees will be faced with a series of scenarios that they may face in their roles. Attendees will discuss the possible courses of action with their peers to consider the ramifications of each option before logging their own course of action.

Results will be tallied and analysed by our session facilitator and results will impact the way the group moves through the activity.

Will we collectively choose the right course of action?

‍

As deepfake audio becomes more realistic and easier to generate, voice authentication systems are being put to the test. In this session, the Director of Speech Science at Redenlab shares real-world cases where deepfake voice was used or detected and the hard lessons they reveal.

Drawing on research and implementation experience across speech science, healthcare, and AI, this talk explores how speech models are being subverted, what detection techniques are showing promise, and how IAM and security leaders can future-proof voice-based authentication strategies.

We’ll cover:
- Where deepfake voice attacks are already landing – Real examples of compromise attempts and what they expose about current system weaknesses.
- How to build detection and resilience into voice auth – Techniques to identify synthetic speech, build layered defences, and flag anomalies early.
- What security teams need to prepare for next – The future of synthetic voice, risks to high-stakes workflows, and how to stay ahead of attacker innovation.

Some of the most dangerous identity risks are the ones no one’s looking for — old permissions, forgotten accounts, and invisible access paths that build up over time. In this session, I’ll walk through how we used AI to uncover and fix these risks across our environment.

You’ll learn how we:

• Found hidden access paths and unused permissions that weren’t being monitored
• Identified gaps traditional audits and reviews tend to miss
• Turned those insights into action with risk-driven clean-up workflows

‍

Identity-based threats are still the most common cause of breaches but in 2025, they’re harder to spot and faster to spread. It’s not just about stopping bad logins anymore; attackers are hijacking sessions, abusing tokens, and blending in with legitimate users.

In this panel, security and IAM leaders share how they’re spotting identity misuse early, what behaviours and signals actually help, and how they’re speeding up response without burning out their teams.

We’ll cover:

- What teams are watching for now – The signals, behaviours, and patterns helping catch identity misuse early.‍‍‍‍
- How response is evolving – What’s working for fast containment, smarter investigation, and reducing manual effort.
- Where IAM and detection need to connect – Making sure identity systems and security teams work together, not in silos.

‍

Delegates will chose from a list of pertinent peer-to-peer discussion topics focussing on evolving and emerging trends, techniques and technologies

At Downer, identity is more than an access layer, it’s the foundation of their security strategy. In this session, you’ll hear how the IAM team is leading real change across a complex mix of cloud and on-prem environments.

From structuring teams for delivery to embedding identity into broader risk and operational priorities, this is a practical look at what it takes to move beyond policy and build a scalable, outcome-driven identity programme that earns buy-in and delivers results.

We’ll cover:

- What identity-centric security looks like at Downer – How controls, visibility, and risk reduction are delivered in day-to-day operations.
- How Downer structures and leads IAM at scale – Team design, platform coverage, and delivery across hybrid infrastructure.
- Where identity delivers the most impact – How we connect IAM strategy to compliance, operational priorities, and business risk.

‍

Some IAM challenges just don’t have clean answers but the choices your team makes can define your entire security posture.

In this interactive session, we’ll vote, debate, and challenge five of the most divisive identity decisions facing organisations in 2025. Each one will be explored through live multiple-choice questions designed to split the room and surface the real trade-offs teams are making today.

You’ll leave with a sharper view of where others stand and what strategies are actually working.

We’ll explore questions like:

• Who should really own IAM — security, IT, or the business?
• How much friction is acceptable in customer identity before it hurts the business?
• Should IAM be centralised, or is federated identity the only way to scale?
• Where are modern identity architectures failing silently?
• Should identity systems block risky behaviour or just alert and log it?

‍