Watch
Explore our growing library of on-demand content — from recorded workshops to exclusive videos created for ongoing learning and insight.
We will continue bringing you leading industry experts on the security of critical infrastructure and the trusted workforce. Some videos are free to access, while others may require a quick registration.
Workshop: The Dark Arts of Insider Threat – Insights from Harry Potter for Modern Insider Threat Programs – Part 2
In this interactive follow-up workshop, we continue exploring insider threat through the world of Harry Potter, using additional storylines and short film extracts to examine some of the most complex human dimensions of protective security. Through themes such as coercion, disgruntlement, identity compromise, radicalisation, behavioural change, manipulation, and divided loyalties, we translate magical scenarios into practical lessons for modern organisations and critical infrastructure environments.
Using a protective security lens, participants will explore how trusted insiders, compromised individuals, psychologically vulnerable actors, and manipulated personnel can undermine even highly protected environments from within, while discussing behavioural indicators, organisational culture, workforce vulnerability, trusted access, and practical measures that may help strengthen organisational resilience and insider threat programs.
Disclaimer: This workshop includes short video extracts from the Harry Potter films used solely for educational purposes under the fair-dealing provisions of the Copyright Act 1968 (Cth). Pentagram Advisory does not claim ownership of any Harry Potter content. All rights remain with Warner Bros. Entertainment Inc.
Workshop: From Attestation to Assurance – Board Accountability under the Security of Critical Infrastructure Act 2018 in a Volatile Supply Chain Environment
In this workshop, we explore the evolving governance expectations surrounding the Critical Infrastructure Risk Management Program (CIRMP) and the increasing role of Boards in overseeing security and operational resilience under theSecurity of Critical Infrastructure Act 2018. Drawing on analysis of the recently updated CIRMP annual reporting form released by the Cyber and Infrastructure Security Centre (CISC) within the Department of Home Affairs, the session examines what the expanded reporting questions reveal about the direction of regulatory expectations, including growing focus on Board oversight, assurance, supply chain resilience, operational effectiveness, and governance maturity.
The workshop also provides practical guidance for responsible entities preparing for annual CIRMP attestations and Board reporting. Participants will explore how to move beyond compliance-focused discussions toward evidence-based assurance and resilience governance, including practical approaches for engaging Boards, improving operational visibility, strengthening assurance mechanisms, and identifying critical vulnerabilities across supply chain, cyber, personnel, and operational risk domains.
Workshop: Insider Threat Mitigation – Lessons Learned from Sweden and Europe
In this workshop, we explore practical approaches to insider threat mitigation, drawing on lessons from Sweden and across Europe. Delivered as part of an Australia–Sweden collaboration, the session features Anders Spalding, who brings over 15 years’ experience in intelligence operations, military security, and counterintelligence within the Swedish Armed Forces.
We examine how organisations are evolving workforce assurance and insider risk practices in response to a changing geopolitical environment, with a strong focus on security culture, behavioural indicators, and early intervention.
Register below to access the full session.
Workshop: Critical Worker Identification and Risk Management Framework
In this workshop, we provide an overview of Pentagram’s seven-step Critical Worker Identification and Risk Management Framework, designed specifically for critical infrastructure entities to support the structured identification and management of critical workers and to ensure compliance with the Security of Critical Infrastructure Act 2018 and its subordinate Rules.
In this workshop, we present Pentagram’s CIRMP Security Maturity Assessment and Evaluation Model, a practical framework designed to help responsible entities assess whether their Critical Infrastructure Risk Management Program (CIRMP) is not only compliant with the Security of Critical Infrastructure Act 2018 but also genuinely effective in protecting critical assets.
The session explains how organisations can evaluate the maturity of their CIRMP across key eight domains by mapping 59 (or 77 for the telecommunications sector) regulatory obligations to clearly defined four maturity levels. You will learn how to conduct a structured, evidence-based security maturity assessment, identify priority uplift areas, benchmark progress over time, and communicate outcomes to Boards and regulators in a clear and defensible manner, ensuring that CIRMP implementation delivers measurable security effect rather than documentary compliance alone.
Workshop: From Supply Chain Mapping to Organisational Resilience
In this workshop, we explore the practical connection between supply chain assurance and organisational resilience for critical infrastructure entities. The session focuses on how organisations can move beyond compliance-driven activities to adopt a risk-based, proportionate approach to understanding and managing critical supply chain dependencies — and how this directly supports resilience, business continuity, and defensible decision-making.
You will hear from our special guest speaker Colin Muller, Resilience Specialist at Adelaide Airport, who shares practical insights on organisational resilience and business continuity, drawing on real-life case studies.
Workshop: The Dark Arts of Insider Threat – Insights from Harry Potter for Modern Insider Threat Programs – Part 1
In this interactive workshop, we explore insider threat through the lens of four well-known Harry Potter storylines, each reimagined to reflect real-world protective security challenges faced by critical infrastructure entities. Using short film extracts and practical insider-threat scenarios, we translate magical mishaps into clear lessons on identifying behavioural indicators, recognising manipulation and coercion, strengthening organisational controls, and building resilient insider threat programs.
Disclaimer: This workshop includes short video extracts from the Harry Potter films used solely for educational purposes under the fair-dealing provisions of the Copyright Act 1968 (Cth). Pentagram Advisory does not claim ownership of any Harry Potter content. All rights remain with Warner Bros. Entertainment Inc.
Workshop: CIRMP Security Maturity Assessment and Evaluation Model
In this workshop, we provide an overview of Pentagram’s CIRMP Maturity Assessment and Evaluation Model, developed specifically for critical infrastructure entities. The model helps organisations assess, evidence, and strengthen the implementation of their CIRMP – and, in turn, enhance enterprise security.
You will hear directly from our special guest speaker, Mark McConnon, Head of Risk and Resilience at TasWater. Mark shares TasWater’s experience applying the model in practice, including how it not only shifted their mindset from “it won’t happen to us to “it will happen to us unless we change” but also set them on a clearer path to embedding a security culture alongside their safety culture.
Workshop: Critical Infrastructure and Foreign Interference Threat
In this workshop, we take a focused look at the threat of foreign interference and what it means for entities covered under the Security of Critical Infrastructure Act 2018. With foreign interference recognised as one of Australia’s most pressing national security challenges, we explore how it differs from foreign influence, how it manifests in the context of critical infrastructure, and how trusted insiders can be targeted, coerced, or exploited. We also examine practical approaches for identifying, assessing, and responding to insider threat activity, equipping boards and directors with the assurance they require to protect critical assets and operations.
You will hear directly from the Counter Foreign Interference Coordination Centre, Department of Home Affairs, who will share insights on emerging risks, effective board engagement, and real-world examples from recent practice. Watch a short excerpt from the workshop, or register below to view the full event.
Workshop: CIRMP Two-Year Anniversary – Strengthening Annual Review, Reporting, Board Oversight and Maturity Evaluation
In this workshop, we take a focused look at the second anniversary of the Critical Infrastructure Risk Management Program (CIRMP) and what it means for entities covered under the Security of Critical Infrastructure Act 2018. With the next annual reporting cycle fast approaching, we explore how to conduct a robust CIRMP review, prepare for reporting, and deliver the assurance that boards and directors require. We also examine practical approaches for assessing and evaluating CIRMP maturity to drive continuous improvement.
You will hear directly from the Critical Infrastructure Security Center, who shares insights on audit readiness, effective board engagement, and real-world examples from recent industry practice. Watch a short excerpt from the workshop, or register below to view the full event.
Workshop: Critical Infrastructure as a National Security Priority with Justin Bassi, Executive Director, Australian Strategic Policy Institute (ASPI)
In this workshop, we explore whether Australia’s long-held assumptions about the resilience of critical infrastructure still hold in an era of heightened geopolitical and economic uncertainty. We examine emerging threats, sector interdependencies, and practical steps to position critical infrastructure protection within a modern, risk-informed national security framework.
Our special guest speaker is Justin Bassi, Executive Director at the Australian Strategic Policy Institute.
Workshop: CIRMP Assurance, Reporting Duties, and Engaging the Board with CISC
In this workshop, we take a practical look at strengthening assurance and governance within your Critical Infrastructure Risk Management Program (CIRMP). With the 2025 annual reporting cycle approaching, we explore what boards and officers need to know under the Security of Critical Infrastructure Act 2018 — and how to better align CIRMP with enterprise risk, audit, and assurance processes.
You will hear directly from the Critical Infrastructure Security Compliance Section at Cyber and Infrastructure Security Center, who shares insights on audit readiness, effective board engagement, and real-world examples from recent industry practice. Watch a short excerpt from the workshop, orregister below to view the full event.
