Sphere by Atmos is a one-day cybersecurity forum, inviting innovators, enterprises, and policymakers to join us in questioning everything about our category as we share in building a cyber industry beyond just the responsive moment of crisis.
Where
Hyatt Regency,
Sydney CBD
Attendance
Approx. 1,500 delegates
Government
Industry
Corporates
SMES
Watch Our Executive Interviews
Reece Corbett-Wilkins & Leah Pinto
Recorded at the Atmos SPHERE cybersecurity conference in Sydney, Australia, Karissa interviews Reece Corbett-Wilkins, Head of First Response Australia & Chief Strategy Officer at Atmos, and Leah Pinto, Director of Cyber Intelligence at CyberCX.
The trio reflect on a landmark 1500+ attendee event designed to shift the industry’s focus from crisis response to proactive resilience. They recap the key themes of the day, including cross-sector collaboration, uniting lawyers, technologists, directors, journalists, and insurers around a shared mission of changing the lens of the industry towards building towards a future other than just response, and the challenge of making cybersecurity relevant to everyday Australians.
They recap the day, and emphasise the need for consistent data definitions, mandatory cyber insurance for small businesses, stronger public-private partnerships with government, and leveraging mainstream media to amplify the message. Both Reece and Leah expressed hope that the conference’s momentum will drive measurable industry accountability over the next 12 months.
LTGEN Michelle McGuinness and Stephanie Way
Hosted by Karissa, this interview features LTGEN Michelle McGuinness, National Cyber Security Coordinator, and Stephanie Way, Director of the National Office of Cyber Security, discussing Australia’s evolving approach to national cyber resilience.
Michelle and Stephanie highlight significant progress under the government’s Horizon One strategy, including 60 completed actions, landmark cybersecurity legislation passed in November 2024, and the “Act Now Stay Secure” public awareness campaign. A central theme is reducing stigma around cyber incidents, encouraging individuals and businesses to report attacks and engage government support early, enabled by a new “limited use” framework that protects shared information from regulatory enforcement.
Both speakers emphasised the importance of public-private partnerships, sovereign cyber workforce development, supply chain resilience, and cross-government coordination to prepare Australia for large-scale or catastrophic cyber events amid escalating geopolitical tensions.
Heather Osborne & Stefanie Luhrs
Karissa is joined in person by Heather Osborne, Director of Global Event & Programming at NetDiligence, and Stefanie Luhrs, Partner – First Response, at Atmos to discuss what 2025/2026 cyber loss data reveals.
The conversation covers how business interruption, not ransomware payments, is now the primary cost driver for SMBs, while large enterprise losses are actually declining. They explore the long-tail human costs of cyber incidents (including burnout, harassment, and reputational damage that may never fully heal), the growing importance of how organisations manage incident response communication to retain client trust, the distinction between B2B and B2C customer loyalty during outages, and the diverging legal landscapes between the US (plaintiff-driven class actions) and Australia (rising regulatory enforcement via the OAIC).
The interview closes with both guests agreeing that a combination of aggressive threat actor activity and regulatory pressure is finally pushing organisations from reactive toward proactive security investment.
Chris Krebs
Karissa interviews Chris Krebs, the first Director of the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security (CISA), at the Sphere Conference in Australia.
Krebs discusses the value of moving between government and private sector roles, offering a fuller view of cybersecurity challenges. He raises concerns about CISA’s recent budget and staffing cuts, while suggesting it’s an opportunity to refocus the agency’s mission.
A central theme is the fragility of modern risk management. Krebs outlines five key cracks: outdated assumptions, unreliable vendor alignment, unpredictable power dynamics, the speed of events outpacing governance, and a polluted information environment. Third-party and SaaS risk features prominently, he argues organisations have inadvertently undone years of network segmentation by granting trusted access to immature vendors.
For Australian organisations, he urges worst-case scenario planning beyond regulatory minimums. On regulation, he supports a negligence standard targeting repeat-offender vendors. He closes by framing cyber as a business risk, not just a technical one.
Admiral Mike Rogers & Alastair MacGibbon
Admiral Mike Rogers and Alastair MacGibbon, both of CyberCX, warn that Australia’s national cyber resilience remains dangerously inadequate.
While recent years have seen progress in government-industry collaboration and legislation, hyper-efficiency and global supply chain dependency have eroded societal resilience. Recent attacks on individual companies (not entire sectors) have already produced GDP-level impacts through supply chain effects, signaling what a broader systemic attack could achieve. Both experts argue that current cybersecurity approaches are failing: despite increased investment and information sharing, threats are worsening.
They advocate shifting focus from perimeter defence to building resilience against inevitable disruption, drawing on models like Israel and Ukraine. Rogers calls for an aviation-style mandatory learning and correction framework. Both caution that without a major crisis forcing the issue, political and societal will to invest in resilience, at the cost of efficiency, remains insufficient.