Australia’s manufacturing and industrial sectors are operating at the intersection of physical risk, operational technology, and increasingly sophisticated cyber threats. From waste management and steel production to energy distribution and rail, security leaders in these environments are no longer just protecting data; they are safeguarding people, infrastructure, and national supply chains.
What unites the leaders on this list is not just a job title. Some hold the CISO title today; others serve as Chief Security Officers or senior cyber leaders with broader mandates. All of them play a critical role in shaping how Australian industrial organisations think about resilience, risk, and secure growth in environments where downtime and disruption carry real-world consequences.
James Court — Chief Security Officer, Cleanaway Waste Management
James Court leads security across one of Australia’s most operationally complex organisations, overseeing cyber, physical security, and governance for more than 10,000 employees and 350+ sites across Australia, New Zealand, and the Middle East. Formerly Cleanaway’s CISO, Court now operates as CSO, reflecting the reality that in industrial environments, cyber risk cannot be separated from physical operations or workforce safety. His focus on embedding practical, business-aligned security culture has positioned Cleanaway to operate and scale with confidence in high-risk, highly distributed environments.
Raghu Gandhy — Chief Information Security Officer (IT/OT), Veolia Australia and New Zealand
As CISO for Veolia across Australia and New Zealand, Raghu Gandhy sits at the heart of IT/OT convergence in essential services. With responsibility spanning industrial facilities, environmental services, and critical infrastructure, Gandhy’s role exemplifies the evolution of the modern industrial CISO, balancing legacy operational systems with modern cyber resilience. His long tenure reflects the trust required to secure complex, safety-critical environments at scale.
Sebnem Kurklu — Chief Information Security Officer, Aurizon
Sebnem Kurklu brings deep experience across cyber security, technology operations, and risk management, shaped by leadership roles in finance, resources, and transport. At Aurizon, Australia’s largest rail freight operator, she has played a defining role in strengthening cyber resilience across nationally significant transport infrastructure. As a contributor to Australia’s first Rail Cyber Security Standard (AS7770) and co-author of the national rail cyber strategy, Kurklu’s influence extends well beyond her organisation.
Dune Sookloll — Cyber and Information Security Manager, Horizon Power
Dune Sookloll leads cyber and information security for Horizon Power, where operational resilience and trust are paramount. While not carrying the CISO title, Sookloll’s remit spans governance, risk, compliance, and security operations across energy infrastructure serving some of Australia’s most remote communities. Her work reflects the reality of many industrial environments, where security leadership is deeply embedded within operational decision-making rather than isolated as a standalone function.
Nathan Morelli — Head of Cyber Security and IT Resilience (CISO), SA Power Networks
Nathan Morelli heads cyber security and IT resilience for South Australia’s sole electricity distributor, protecting the systems that deliver power to nearly one million homes and businesses. With over 15 years of experience across defence, consulting, and critical infrastructure, Morelli is known for his threat-informed, risk-based approach to protecting essential services. His focus on resilience underscores the growing expectation that CISOs in industrial sectors must prepare not just for prevention, but for rapid recovery.
Frances Bouzo — Chief Information Security Officer, Ampol Australia
Frances Bouzo brings more than two decades of experience across cyber security, governance, risk, and IT operations to her role as CISO at Ampol. Operating within fuel manufacturing and distribution, Bouzo’s leadership spans complex supply chains and safety-critical environments. Her background as Deputy CIO and infrastructure leader gives her a uniquely holistic view of how cyber risk intersects with operational continuity and regulatory accountability.
Thomas Leen — Group Technology Officer, BHP
While Thomas Leen no longer carries the CISO title, his influence on industrial cybersecurity remains significant. As Group Technology Officer at BHP, Leen oversees enterprise-wide IT and OT modernisation, cybersecurity, and technology risk across one of the world’s largest mining organisations. His career reflects the ongoing shift in heavy industry, where cyber security is increasingly embedded within broader technology and operational leadership.
Audrey Hanson — Former Global Chief Information Security Officer, BlueScope
Audrey Hanson’s impact on industrial cybersecurity continues well beyond her tenure as Global CISO at BlueScope. With decades of experience securing complex manufacturing, steel, rail, and heavy engineering environments across multiple continents, Hanson has been instrumental in advancing OT security maturity in high-reliability settings. Now operating as a fractional CISO, she remains deeply influential in helping industrial organisations modernise cyber programs while balancing safety, uptime, and regulatory demands.
Tamoor Sarfraz — CISO and Cyber Security Manager, Adbri Limited
Tamoor Sarfraz leads cybersecurity at Adbri, a major Australian construction materials manufacturer. With a background spanning government, banking, and consulting, Sarfraz brings a strong governance-led perspective to industrial security. His role highlights the growing importance of cyber risk management in traditionally physical industries, particularly as manufacturing environments become more digitally connected.
Andrew Webster — Global Chief Information Security Officer, BlueScope
Andrew Webster currently serves as Global CISO at BlueScope, securing heavy manufacturing operations across 15 countries. With more than 25 years of experience and prior leadership as Chief Security Officer at Transgrid, Webster is deeply familiar with the demands of protecting large-scale industrial and energy infrastructure. His focus on resilience, team development, and enabling secure growth reflects the modern expectations placed on CISOs in global manufacturing organisations.
Sean Lasinker — Group Chief Information Security Officer, Orica
Sean Lasinker brings a proven track record of building and transforming cybersecurity functions across multiple industries to his role as Group CISO at Orica. Operating in explosives manufacturing and services, Lasinker’s remit spans safety-critical environments where cyber incidents can have far-reaching physical consequences. His ability to engage boards and executives while maintaining deep technical credibility makes him a standout leader in the industrial security space.
Why These Leaders Matter
Cybersecurity in manufacturing and industrial sectors is no longer a back-office concern. The leaders featured here are shaping how Australian organisations think about resilience, safety, and trust in environments where cyber incidents can halt production, disrupt essential services, or put people at risk.
Whether holding the CISO title today or influencing security strategy from broader leadership roles, these professionals represent the evolving face of industrial cybersecurity, pragmatic, operationally grounded, and increasingly central to how critical industries run securely in Australia.