At Downer, identity is more than an access layer, it’s the foundation of their security strategy. In this session, you’ll hear how the IAM team is leading real change across a complex mix of cloud and on-prem environments.

From structuring teams for delivery to embedding identity into broader risk and operational priorities, this is a practical look at what it takes to move beyond policy and build a scalable, outcome-driven identity programme that earns buy-in and delivers results.

‍

• What identity-centric security looks like at Downer – How controls, visibility, and risk reduction are delivered in day-to-day operations.
• How Downer structures and leads IAM at scale – Team design, platform coverage, and delivery across hybrid infrastructure.
• Where identity delivers the most impact – How we connect IAM strategy to compliance, operational priorities, and business risk.

‍

‍

‍

‍

From passports to biometrics, identity has constantly evolved, but the cloud era has left us with a “Swiss cheese” framework full of gaps. This session unpacks how we got here, from the rise of digital identity to the impact of remote work and Zero Trust, and explores what it will take to build a more unified and resilient identity future.  

• Trace the surprising journey of identity, and see how history shaped today’s digital trust gaps.
• Expose the hidden holes in our modern identity layers and why even Zero Trust can’t fill them all (yet).
• Discover how a smarter, unified approach can finally turn the “Swiss cheese” of identity into a solid foundation for the future.

‍

Identity-based threats are still the most common cause of breaches but in 2025, they’re harder to spot and faster to spread. It’s not just about stopping bad logins anymore; attackers are hijacking sessions, abusing tokens, and blending in with legitimate users. In this panel, security and IAM leaders share how they’re spotting identity misuse early, what behaviours and signals actually help, and how they’re speeding up response without burning out their teams.

• The signals, behaviours, and patterns helping catch identity misuse early
• What’s working for fast containment, smarter investigation, and reducing manual effort
• How to ensure identity systems and security teams work together, not in silos

An interactive session where attendees participate in handling a simulated breach due to compromised credentials, focusing on containment and remediation strategies.

Deepfakes are rapidly becoming one of the most sophisticated identity threats, capable of bypassing traditional authentication and eroding digital trust. This lightning talk shows how deepfake detection works in practice, from spotting subtle inconsistencies to integrating detection into identity workflows. Attendees will see real-world attack scenarios, the approaches/ methodologies used to identify manipulated media, and strategies to safeguard authentication processes in an AI-driven threat landscape.

• A look at how deepfakes are crafted and deployed in fraud and social engineering
• Demonstration of detection techniques: visual, audio, and behavioural analysis
• Showcasing how detection integrates into IAM and fraud prevention systems
• What organisations need to prepare for as deepfakes evolve

‍

Achieving phishing-resistant access across your enterprise requires strong, unified authentication — from the physical door to the digital cloud. This session explores how HID Crescendo Cards and Keys deliver secure, passwordless access with one trusted identity across all environments.

• Implement phishing-resistant authentication using HID Crescendo Cards and Keys
• See how a single credential enables both physical and digital access
• Learn best practices for building a unified, passwordless access ecosystem
• Brief mention of how Enterprise Provisioning and Management (EPM) enhances scalability and lifecycle management

‍

AI agents, synthetic users, and machine identities are becoming part of daily operations but most IAM strategies weren’t built to handle them. In this panel, security and identity leaders will explore what happens when your users aren’t human, your workflows are autonomous, and your policies can’t keep up. We’ll unpack the new risks AI introduces, how teams are adapting identity controls, and what needs to change in how we govern access and identity going forward.

• How to handle machine and agent identities: What’s working to manage authentication, permissions, and lifecycle for non-human actors
• Where current IAM approaches break down: Firsthand challenges teams are facing as AI scales across infrastructure
• What to change now: Tools, policies, and cross-team strategies that help you stay in control as AI reshapes the identity landscape

Delegates will chose from a list of pertinent peer-to-peer discussion topics focussing on evolving and emerging trends, techniques and technologies

Put your knowledge to the test in this fast-paced quiz covering real-world identity trivia, key concepts, and emerging trends. Compete for bragging rights—and a travel voucher—as the top scorer takes the crown.

As digital ecosystems expand across borders, clouds, and AI-driven platforms, identity has become the new currency of trust. In this session, Miao Song, award-winning Global CIO and Board Advisor, explores how forward thinking organisations are redefining access, governance, and user experience in the “identity economy.”
Drawing from her experience leading multi-billion-dollar cloud, AI, and data transformations across global markets, Miao shares how modern identity strategies are enabling secure AI adoption, resilient cloud operations, and frictionless experiences for users worldwide.

• How to align identity, trust, and AI for secure, scalable innovation.
• Building a unified identity foundation across global, multi-cloud environments.
• Turning identity into a strategic business enabler, powering confidence, compliance, and seamless digital access.

‍

Some IAM challenges just don’t have clean answers but the choices your team makes can define your entire security posture.

In this interactive session, we’ll vote, debate, and challenge five of the most divisive identity decisions facing organisations in 2025. Each one will be explored through live multiple-choice questions designed to split the room and surface the real trade-offs teams are making today.

You’ll leave with a sharper view of where others stand and what strategies are actually working.

We’ll explore questions like:

• Who should really own IAM — security, IT, or the business?
• How much friction is acceptable in customer identity before it hurts the business?
• Should IAM be centralised, or is federated identity the only way to scale?
• Where are modern identity architectures failing silently?
• Should identity systems block risky behaviour or just alert and log it?