2020 @ (ISC)2 - A Year in Review

What a year! There's no doubt that dealing with the impacts of a global coronavirus pandemic has taken a toll on most Kiwis in 2020 with Aucklanders potentially suffering more disruptions and pain as the city has experienced not one but two lengthy COVID lockdowns and the bonus of a busted bridge to reinforce the cultural move to working from home.

It's undoubtedly been a strange start to a new decade and I write this sitting in the UK, not yet certain when I'll be back in NZ. But it's tradition to recap our (ISC)2 Chapter events ahead of our Christmas closing, and there are still two final free sessions you can come and enjoy.

On Thursday 26th November we welcome Peter Jackson to present on Security Operations for Industrial Control Systems. Peter is well known for his expertise in securing industrial environments, leads the NZ ICS Cyber Technical Network and will be highlighting best-practice advice.

And for our 'Xmas special' on Thursday 10th December, Faustin Roman will be discussing building a threat intelligence sharing platform for NZ's health sector organisations. Come learn about this dedicated Threat Intelligence Platform, why NZ specific threat intelligence is needed and gain insights on NZ-based malware and phishing over the last year. Both events are free to attend at Tabac bar from 5pm, get your tickets today.

A REVIEW OF 2020 EVENTS:

If you've not yet attended an (ISC)2 Auckland event, read on for our recap of a year that challenged all event organisers and we give thanks to all the presenters who volunteered their time and to Chapter Members and guests who showed up in person and online to take part in the activities.

It's the third year in a row we've managed to run 12 security events - you can review 2018 activities here and 2019 events here - and we're always on the look out for speakers on all kinds of topics so do reach out to me if you're keen to practice your presenting skills and earn some CPEs - we're a friendly bunch.

February: Creating a One Page Cyber Strategy that Works – Richard Harrison

A huge thank you to Richard Harrison CISM, MBA for a wonderful interactive presentation on “creating a one page cyber strategy that works”. Richard discussed how to understand and manage risks in a healthcare setting and there was a great turnout for our first (ISC)2 Auckland Chapter meeting for 2020.

March – IoT- The Pervasive Devil Within – John Martin

When the first lockdown struck in March, our President John Martin kindly volunteered to step into action and host a webinar on the subject of IoT security, a subject John is passionate about. Little did we know that pandemic Alert Levels would become embedded into ways of working in 2020 and it was several months before the next face to face session.

April - Defending .nz – InternetNZ

In April we welcomed David Morrison and Sebastián Castro from InternetNZ to talk about some of the ways the organisation helps keep New Zealanders safe online. With the increase in phishing attacks targeting NZ organisations during the pandemic and a proliferation of dodgy domains, this session dived deep into NZ security metrics including SSL certs, work to detect fake domains and information on Defenz, a tailored DNS protection service to help mitigate phishing and malware sites at the network level.

May – Future Threats Panel – Hosted by Philip Whitmore

Our session for May looked at the events of the last decade and explored what the 2020's could bring. Chapter Treasurer Philip Whitmore hosted an online panel event exploring future threats including machine learning cyber attacks, deepfakes, 5G, quantum computing, adversarial AI and much more. Gabriel T. Akindeju, Gaz Eves, Richard Harrison CISM, MBA and Rishit Shah discussed the evolving technology risk landscape and what the next decade could have in store for us.

June – Preparing for the new Privacy Act – Two Black Labs

New Zealand's long awaited new Privacy Act comes into effect on 1st December so for our June session we welcomed Caroline Carver to present on 'Preparing for the new Privacy Act' six months out from the start of the new regime. With OPC advising "The updated Act will allow the Human Rights Review Tribunal to award up to $350,000 to each member of a class action", this was one of our largest events in 2020 with 120 people signed up to listen in. Caroline provided a great summary of the changes, helping get attendees up to speed on notifiable privacy breaches, compliance notices and more.

July – Phishing susceptibility – Jacinda Murphy

In July it was great to gather at KPMG and see so many familiar and new faces at our first physical (ISC)2 Auckland Chapter meeting since February. Jacinda Murphy presented on her research with the University of Auckland into the psychology of phishing, including the efficacy of simulation training and standard learning modules and she provided some great takeaway points on the risks associated with task switching and the reliance on heuristics for decision making. Lots of discussion generated on such a key threat vector.

August – Isolation Tech – BUFFERZONE

For our August Chapter event we welcomed Greg Wyman who presented on isolation tech and the evolving world of endpoint security. Greg hosted the webinar from across the ditch in Australia and provided a great reminder on 94% of data breaches starting at the endpoint and the priority need for isolation, containment and elimination technologies as a key way to preventing attackers gaining a beachhead via malicious email and other tactics.

September – Make SIEM great again! – Nyuk Loong Kiw

In September a change in Alert Level saw us revert to online events. And we owe massive thanks to Nyuk Loong Kiw for his fantastic presentation on SIEM maturity and getting the most value from your SecOps investment. With over 100 people registered, Kiw's session on specific ways to improve your maturity score and optimise incident detection and response was well received as he explored common pitfalls and how to leverage the MITRE ATT&CK framework.

October – Forensic investigations – Campbell McKenzie

For our October Auckland (ISC)2 Chapter event we welcomed Campbell McKenzie to present on lessons learned from security incident response and take us through the kinds of events playing out in the NZ market. Campbell volunteered to give a talk back at the start of the year and his session at Tabac bar became only our fourth face to face session in 2020 and was well attended.

November (Privacy Week) –The issue of ‘consent’: barriers to safeguarding children’s data – Dr Caroline Keen

To mark New Zealand's #PrivacyWeek (ISC)2 Auckland was pleased to welcome Dr Caroline Keen to present a special session on her NZ research into the world of corporate data mining and surveillance, the apathy resulting from current privacy policies and the lack of interest among Kiwi families to manage their own data protection. This was an interesting online session for parents, fans of 'The Social Dilemma' on Netflix or readers of 'The Age of Surveillance Capitalism' and you can watch a recording online.

STILL TO COME...

Many thanks go again to all the presenters and attendees who helped make our Chapter events a success in the face of a global pandemic. We have two sessions left to go and welcome all comers to Tabac bar in the heart of the CBD. Come join us for a drink after work, say hello and hear two great speakers on subjects close to their hearts:

• 26th November – ICS Cyber Security – Peter Jackson
• 10th December – NZ Health Threat Intelligence Sharing – Faustin Roman

We'll be updated our 2021 event calendar soon and do get in touch if you're keen to present. Merry Xmas!