2019 @ (ISC)2 - A Year in Review

With 6 working weeks left until the summer holiday hiatus, it seems only right to recap the ten sessions we've hosted so far this year at the Auckland Chapter. But first, let me bring your attention to our two final events:

Cyber Insurance Claims Data

On Thursday 28th November we welcome Petra Lucioli from Delta Insurance to present a different view of the impact cybercrime is having in New Zealand. Petra's talk will cover:

• Insights from NZ claims data that shows incident and breach trends over the past five years
• Lessons learned from root cause analysis that could prevent future breaches
• Future thinking for 2020 and potential impacts associated with the new Privacy Act and mandatory breach reporting.

Register now as we have just a few spaces left for the lunchtime session.

Turning cyber security into a team sport!

On Monday 2nd December, we’ll be closing out the year with “A Merry Cyber Xmas Quiz” at the Bluestone Room in the Auckland CBD, a non-profit quiz night with funds raised split between the Salvation Army and the Auckland City Mission.

40 questions over four rounds will pitch competitors against each other with brain teasers on cyber, privacy and risk topics from the last 20 years. There will be prizes for the winners and the glory of knowing you took out the top spot.

Plus included in the price of your ticket will be a prize draw raffle entry to take home an Amazon Echo. If a digital assistant doesn't conform to your household security model, you can still enjoy fiddling with lasers to try and exploit the happy helper with recently discovered light commands.

Get a team of 4 to 6 together or join forces with others on the night. Come celebrate the holidays with us, test your knowledge and help support a good cause! A huge thanks to our supporters for the night: Advantage, Chillisoft, KPMG, SecOps and Security Resourcing.

Limited tickets so grab one today!

A REVIEW OF 2019 EVENTS:

What follows is a reflection on the sessions since January to give you an insight into what goes on at the chapter and heap praise on everyone who volunteered their time both in presenting and showing up to take part in the activities.

It's the second year in a row we've managed to run 12 security events - you can review 2018 activities here - and we're always on the look out for speakers on all kinds of topics so do shout if you're keen to practice your presenting skills and earn some CPEs - we're a friendly bunch.

Ransomware Detection and Defence Techniques – Tim McIntosh

In January, Tim presented his ransomware detection and defence research inspired by aviation security principles and police anti-terrorism practices.

He gave us an update later in July, wowing us with a very technical look at System Service Dispatch Table and Exclusion List vulnerabilities in popular anti-virus solutions before moving across the ditch to complete his PhD.

He's now been credited with disclosing vulnerabilities in a coordinated manner resulting in a McAfee security bulletin.

Building security success with Aura and RedShield - Andy Prow

In February we welcomed Andy Prow to present on his experience building Aura and now RedShield as successful infosec companies and the challenges and insights from expanding globally.

Andy very kindly volunteered alongside judges Jeremy Wylie and Philip Whitmore to host a Cybersecurity Dragons Den event that provided commercial words of wisdom for those looking to build more cyber-focused businesses in NZ.

Privacy for the 21st Century – Updates on the NZ Privacy Bill – Daimhin Warner

In March, Daimhin from Simply Privacy came to share his wisdom on the new privacy bill chugging through parliament and the reality of the new privacy era post-GDPR.

As NZ Country Leader for the IAPP, he was also able to talk to the benefits of security practitioners getting involved in the local KnowledgeNet chapter and undertaking privacy training that shares similar goals in protecting information and information systems.

Daimhin welcomes Privacy Commissioner John Edwards to Auckland on 26th November to provide more updates.

Achieving ISO 27001 certification in New Zealand – Jerry Tiriwawi

"ISO/IEC 27001 can help organisations to continually improve and deliver real benefits." Surprisingly few New Zealand organisations can claim to be certified under this leading international security standard compared with other nations around the world.

Jerry Tiriwawi - our Chapter Vice President - told the story in April of one local company's certification journey and lessons learned whilst implementing an ISMS.

Federated Identity – Eghbal Ghazizadeh

May saw a huge turnout to hear Eghbal Ghazizadeh talk about cloud and identity and access management, cloud migration and the complexities of Azure and AWS.

Eghbal compared the approaches ENISA, CSA, and NIST take to securing the cloud environment and published his research later this year.

Security Awareness Video Challenge – Chris Hails

June marked our inaugural (ISC)2 Security Awareness Video Contest - Inspired by Javvad Malik's creative SANS session, teams studied global behaviour change campaigns and developed their own awareness raising videos in 60 minutes.

Team Tarantino took out the win with a piece of security theatre delivering knowledge in a 3 act play on the CIA triad. Team Kurosawa focused their storyboarding skills on romance scams and catfishing and Team Coppola demonstrated fantastic acting and directing skills to shoot almost a complete video on credit card fraud and phishing.

Industrial/OT Cybersecurity – Bhojraj Parmar

In July we welcomed Bhojraj from Vector to help those attending understand the difference between OT and IT security approaches and gain a deeper understanding about defending ICS from a variety of attacks that have included Trisis / Triton, Stuxnet, Industroyer / Crashoverride, Havex and BlackEnergy.

Bhojraj got the crowd debating the realities of OT/ICS security and the ethical and moral quandaries associated with defending critical systems. He'll be talking again at the NZ ICS Cyber Technical Network later this month if you want to grab a ticket.

NZ SOC – Nyuk Loong Kiw

In August, Nyuk Loong Kiw shared his wisdom and expertise on building an effective SOC to a packed out crowd at KPMG.

Kiw's first time presenting examined the befits of adopting an "asset driven" security management approach, crucial security operations metrics and automation - I'm still gutted I couldn't be there on the day.

Demystifying PCI-DSS – Dr Rizwan Ahmad

A huge thank you to Dr Rizwan Ahmad for his excellent in-depth presentation to the Chapter in September on ‘Demystifying PCI-DSS’. In the age of Magecart and increasing ecommerce attacks this was a great session to attend.

He gracefully answered many questions on aspects of scoping and reaching compliance and it was a fully engaged audience. We will be watching out for version 4.0.

Phishing and user awareness – Ray Dussan Cabrera

Rounding off our sessions to date in 2019, October's Cyber Smart Week saw a great session from Ray Dussan Cabrera of Simplify Security on the benefits of hardening the human firewall via security training and phishing awareness.

“Plan like a marketer test like an attacker” was the theme with the demo gods smiling on Ray’s run through on creating an engaging long term campaign and using a well known platform to deliver both email and vishing tests.

2020: Planning begins

A big thank you again to everyone who shared their time, expertise and enthusiasm this year and made the Auckland Chapter a welcoming place to think about and discuss all aspects of security. We look forward to seeing what 2020 will bring.

Our calendar of events for the new year is now being developed. Some potential topics to explore: Adversarial AI / deepfakes, cloud security engineering, privacy enhancing technologies, quantum cryptography, incident response simulations and more. We welcome new speakers at all stages of their career so if you’re keen to present then get in touch with me or leave a comment below.