2018 @ (ISC)2 - A Year in Review

"It takes a village to raise a child." So says the African proverb that suggests that a community of different people provides the best outcome for delivering a safe and secure environment in which individuals can grow.

In 2018, it's taken a metaphorical 'village' of security people from many different backgrounds to bring variety and different perspectives to help deliver eleven events at our (ISC)2 Auckland chapter.

Whilst documenting the sessions for our annual chapter report back to the parent organisation, I thought it only right to reflect on the sessions over the last year, provide an insight into what goes on at the chapter and give thanks again to everyone who volunteered their time both in presenting and showing up to listen and take part in the activities.

If you have a desire to present on a security topic in 2019, do please get in touch with me. We have Tim McIntosh lined up to start the new year off with a bang but would welcome other speakers keen to showcase their research, tools or techniques used day to day.

A REVIEW OF 2018 EVENTS:

Securing the Human: Identifying an individual’s ‘Security Quotient’ score / Pkit Finder – Hunt for Phishing Kits - Chris Hails / Qasim Khan

In January, I gave an update on my InternetNZ-funded research project focused on identifying the behavioural qualities that may pre-dispose people to fall victim to socio-technical internet attacks.

Qasim then spoke about phishing as the easiest and most successful attack vector to harvest credentials, deliver malicious files and his research in finding phishing kits, extracting IoCs, and accumulating results.

Port Cybersecurity - Stephen Kraemer

In February, we welcomed the CISO of the Ports of Auckland to present on plans to partially automate its container terminal - the first New Zealand port and only the third straddle carrier terminal in the world to automate - with new blue automated straddles providing an opportunity for the port to stack containers higher in the limited operating area.

Stephen discussed Critical National Infrastructure best-practice, the challenges of IT and OT cybersecurity and building a security programme from the ground-up.

Cyber-Security for NZ SMBs - Jatinder S Oberoi

In March, Jatinder presented on the hard reality for many NZ SMEs with local data showing that one in five small businesses is targeted by a cyber-attack with average losses of $19,000. He summarised the range of threats and simple ways to tackle security for NZ SMBs so that they can focus on their business rather than cyber-attack fire-fighting.

Jatinder revisited this topic in October, devising case studies for attendees to review common security control frameworks and work on building a consensus view on best 'bang for buck' small business cyber security investments.

Blockchain - Andy Bush

In April, Andy, a Solution Architect at IBM working on Blockchain and AI for business solution design presented on how IBM is using Blockchain with its clients, specifically Linux Foundation Hyperledger to build industry platforms illustrated by using published use cases.

Cyber Security in Tonga - Taniela Tu’ungafasi / Henry Fyers

In May, we welcomed our most far-flung Auckland chapter member, Taniela, who highlighted the role of Tonga's new CERT in tackling a range of cyber security and cyber safety issues alongside other local bodies and reflected on the reality of introducing high speed internet access to a population of 107,000. My Wellington-based Deloitte cyber colleague Henry Fyers spoke about a programme of work looking at the wider cyber capability picture across 14 Pacific nations. Read more about the May session.

CISO: The Board Game - Chris Hails / Farzan Kolini

In June, we ran the first New Zealand session of "CISO: The Board Game" based on a LEGO security investment game originally developed in the UK and used by the Met Police to educate business owners on the importance of defending against cybercrime and security threats.

The pitch? "The life of the Chief Information Security Officer (CISO) can be hard and fraught with risk, walking a tightrope between protecting their organisation from a range of nefarious but often unseen attackers whilst helping the business go faster through a programme of digital transformation."

If you look really closely in the photo below, you'll be able to spot Tom holding the impressive winners cup:

We were lucky enough to take the game down to Kiwicon this month and host another two teams competing for the glory - the tiny cup makes another appearance:

Global Cyber Alliance Briefing - a joint session with ISACA - Tony Krzyzewski / Andy Bates

In July, we joined forces with the Auckland ISACA chapter and were fortunate to host Tony Krzyzewski, Andy Bates and Josh Lawton speaking about the work of the Global Cyber Alliance to a packed house with almost 50 folks attending:

To celebrate Tony's appointment as one of eight international ambassadors to the Global Cyber Alliance we awarded him with a new honour: NZ Cybersecurity Ambassador 2018.

Andy and Josh gave us insights into the diverse range of tools the GCA makes available including championing DMARC and email authentication. We awarded them All Blacks scarves to remember their trip downunder.

Fighting Cybercrime - John Martin

In August, John hosted a viewing of the documentary “Dark Web: Fighting Cybercrime” which was produced by IBM to teach internet users about the scale of cybercrime.

The documentary features interviews with respected experts in industry and academia and helps teach audiences about the nature of cybercrime, as well as the innovations in the security industry. Learn more.

Double Cyber! - Maziar Janbeglou / Linzee Bickley

In October, we welcomed two speakers - Maziar Janbeglou, Founder of SafeToOpen and Linzee Bickley, CyberSecurity and Privacy Consultant and Advisor.

Maziar spoke about starting SafeToOpen while studying for his PhD at the University of Auckland. He has continued to develop and enhance the concept to provide a unique service that can be used by any organisation to create an additional layer of security to protect against malicious emails and phishing tactics.

Linzee has been a security professional for the IT industry for over 20 years and has experience of security compliance as a special weapons systems auditor for 14 years.

He spoke about his experience working with several major companies in NZ to achieve improvements in the many areas of business that need a focus on security, including the creation of security frameworks ranging from policy, standards and process to developing framework effectiveness. He highlighted a number of similarities between both environments.

Building the Bob Semple Cyber Tank - Chris Hails / Jatinder S Oberoi

In October we trialled an interactive session inspired by the Kiwi ingenuity of World War II that saw camouflage nets deployed in the Deloitte Auckland office for perhaps the first time:

Review more photos of the evening to see how attendees worked together to develop pragmatic security investments for the typical NZ small business based on 3 case studies. The outcomes of the event are available online and demonstrate the popularity of free tools championed by the Global Cyber Alliance such as DNS and email security via Quad9 and DMARC.

Security Convergence - A PHYSEC/PERSEC/INFOSEC crossover event - a joint session with ASIS - NCSC / Dean Kidd / Andrew Thorburn

This month we undertook our first joint event with the Auckland ASIS chapter and welcomed almost 40 attendees to hear about the converging worlds of cyber, physical and personnel security.

We welcomed two representatives from NCSC who spoke about the latest report on Nationally Significant Organisations dubbed "Thinking Ahead. Being Prepared."

Dean and Andrew from ASIS both gave fascinating presentations into areas that chapter members may not often deal with day to day - behaviour analysis using T.R.A.P or the 'Tactical Risk Assessment of People' and the reality of security convergence in a world of emerging technologies.

December Social?

To round off the year, come along and enjoy 18 holes of crazy golf at Holey Moley (6pm) on Monday 10th December to mark the end of a successful season of events. Leave a comment or email me if you're keen to come along.

A big thank you again to everyone who shared their time, expertise and enthusiasm this year and made the Auckland chapter a welcoming place to think about and discuss all aspects of security. We look forward to seeing what 2019 will bring.