2021 @ (ISC)2 - A Year in Review
Lockdown life: where did 2021 go?

2021 @ (ISC)2 - A Year in Review


Despite the continuing impact of the COVID pandemic on the Auckland region, I'm amazed to say it's the fourth year in a row the Chapter has managed to run 12 security events -?you can browse the archives for 2018, 2019 and 2020 right here. As always, a huge debt of gratitude is due to everyone who has helped to make this happen - all the presenters who volunteered their time to share their knowledge and to the Chapter Board (John, Linzee, Jerry and Philip), Chapter Members and all the guests who showed up in person and online to take part in the activities.

If you've not yet attended an (ISC)2 Auckland session, read on for our recap of a year that once again threw some challenges at event organisers but worked out pretty well all round.

A special thanks go to Marnu, Peter, Ahmad and everyone at Genesis for hosting us during the year and providing a comfortable spot in downtown Auckland. We may have shifted to Teams since August but we look forward to face to face events again in 2022!

Alongside the 500 people who have attended the physical and online events, a very dedicated group of CSSLP certification students were also lead by OWASP Chapter lead John DiLeo who has amazingly managed to host and invigorate the group through regular online evening study sessions over the last few months.

We have two more sessions left to come before the Xmas break -grab your tickets for our last two events of the year right now on Eventbrite:

  • Thursday 25th November – Ruby Li from IBM will present on quantifying risk using FAIR and RiskLens
  • Thursday 9th December – Emma Pond from Simply Privacy will wish 'Happy Birthday' to the 2020 Privacy Act and look back at events of the last 12 months of mandatory breach reporting

A REVIEW OF 2021 EVENTS:

January: Preparation for SOC 2 - Ahmad Hawa

No alt text provided for this image

2021 got off to a blazing start with Ahmad kindly sharing his overseas SOC2 expertise on his home turf at Genesis. Whilst COVID has lead to interruptions in physical gatherings, Marnu, Ahmad and Peter have graciously hosted a strong crowd for much of the year.

View PDF presentation

February: Zero Trust Architecture - John Martin

No alt text provided for this image

For February, our Auckland Chapter President gave a great talk on moving from a ‘castle security’ model to a modern data centric, least privilege, continuous assessment way of working targeting the Zero Trust outcome now so beloved of marketers and vendors.

View PDF presentation

March: Winning the Phishing Battle - Maziar Janbeglou

No alt text provided for this image

In March we welcomed back Maziar for a great presentation on the challenges of identifying never before seen credential harvesting sites and his efforts with SafeToOpen to provide automated methods to tackle the exponential growth in phishing sites. The interactive quiz - see example above - was a great way to demonstrate the difficulties internet users face in verifying legitimate sites with site cloning, typo domains and the availability of TLS certs.

View PDF presentation

April: Strategic Value Risk Equation (‘SVRE’) – Gabriel Akindeju

No alt text provided for this image

In April, Gabriel Akindeju hosted a hugely educational session on quantitative risk management to enable business value creation, the 'SVRE'. Gabriel demonstrated a focus on balancing investment and control implementations to address vulnerabilities and risk and wrangled the whole Mercury security team - Gabriel, Nabeel, Jim, Rish, Eghbal and Oon - to feed and water all attendees in amazing surroundings.

View PDF presentation | View extended SVRE information | View the video

May: The impact of identity theft and cyber-related crimes – Neil Hallett

No alt text provided for this image

We welcomed Neil Hallett in May who gave a great talk - without slides or notes - on the 1000+ data breaches that IDCARE have responded to in Australia and New Zealand and the lessons learned on the impact of cybercrime on businesses and individuals. Just a week after the Waikato DHB incident, it was very good of Neil to take the time to present given the media focus on privacy harms, liability and the likelihood of prosecutions.

June: Individual, Organisational, and Technological Factors in Phishing Attacks – Farzan Kolini and Priyanka Ram

No alt text provided for this image

For June we welcomed Priyanka and Farzan who presented some great local research on the ever present threat of phishing. A big thank you to Faris Azimullah for kindly hosting us at Deloitte and treating everyone to a huge pile of pizzas! You can stay up to date with Farzan's research outputs covering phishing and cyber threat intelligence on Google Scholar.

View PDF presentation | View the research

July – Microsoft Compromise Recovery Security Practice – Alan Johnstone

No alt text provided for this image

A huge thank you to Alan Johnstone for a fantastic and fun talk to (ISC)2 Auckland in July. Alan presented on the work of Microsoft CRSP - "the nicest team of security experts you never want to meet" - and key mitigations to apply to tackle human operated ransomware. Alan brought a mix of genuine passion for the topic and humour and a whole heap of branded swag for the audience too.

View PDF presentation

August – Making Money from Cybercrime – Chris Hails

No alt text provided for this image

In August we flipped to Level 4 lockdown so I threw some slides together in the spirit of your typical click-bait blog and provided 5 options for growing your cyber wealth including "be a bad guy", investing in sector equities and funds and my desire for a Delorean time machine to go back and buy Bitcoin on 6 June 2014.

View PDF presentation

September: Risk Management in an Unfair World - Marty Rickard

No alt text provided for this image

In September, Marty Rickard 'visited us' all the way from the Bay of Plenty - via MS Teams of course. He gracefully shared his experiences of using FAIR to analyse and quantify cyber risk in financial terms in what was a fun AND educational storytelling session. A follow up session on FAIR and using RiskLens is now scheduled for November.

View PDF presentation

October – Breaking a Cybercriminal’s Heart – Ray Dussan

No alt text provided for this image

For October we welcomed Ray and Louise from Simplify Security to present on a hot topic, an issue that's changed the whole cyber threat landscape and seen 30 governments recently band together under US leadership to tackle the scourge of ransomware. Ray talked through the business implications and delved into the technical aspects of exploitation using MITRE ATT&CK Sub-techniques and proposed a series of actions for companies to take to defend themselves.

View PDF presentation

STILL TO COME...

25th November – Quantifying risk with FAIR and RiskLens - Ruby Li

Cyber security has taken centre stage during the pandemic, more businesses are transacting online and employees have become remote workers. Organisations want to know the likelihood of a cyber incident occurring and the impact to the organisation's ability to recover and maintain their business objectives. Register now to learn more from Ruby on the potential of RiskLens.

9th December – One Year On from the 2020 Privacy Act – Emma Pond

One year after the long awaited Privacy Act 2020 came into force Emma Pond from Simply Privacy looks at its impact to date - mandatory breach notification, compliance notices, Covid and a couple of big privacy breaches - and what we can expect on the privacy front in the year(s) to come. Register now for our final hurrah of 2021!

We already have 5 speakers lined up for 2022 so if you're keen to join the Chapter or present in the future do please get in touch. We're always on the look-out for speakers on all kinds of topics so do reach out to me if you're keen to practice your presenting skills and earn some CPEs - we're honestly are a friendly bunch.

Louise Ardern

Helping SMEs be protected against cyber threats | Cybersecurity Compliance | SecurityAssessments | Roadmapping the security journey

3 年

Thanks for the opportunity! Looking forward to more

Ray Dussan

Enabling business leaders to build and scale secure products and services for a thriving future.

3 年

Thank you to you for making such a great difference in our industry - your time and dedication is appreciated Chris Hails

Congratulations Chris, thank you once again for your support, and enthusiasm to keep us all going in difficult times. It has not finished as yet, there is so much more that can be done, everyone one has a level of responsibility to protect their own organisations as Trusted Advisers.

Marty R.

Veteran OT Engineer and OT/ICS security geek. ** Please only ask to connect if we have met, or have direct business contact. Otherwise, please feel free to follow. **

3 年

Thanks Chris - I had a great time and have made some fantastic connections as a result. I look forward to an opportunity to take part again

要查看或添加评论,请登录

Chris Hails的更多文章

  • Is a decade of security investment starting to pay off for Kiwi companies?

    Is a decade of security investment starting to pay off for Kiwi companies?

    Fresh from my former employer, NCSC, comes the latest annual Cyber Threat Report for New Zealand for 2023/2024…

  • ISC2 Auckland - A Year in Review

    ISC2 Auckland - A Year in Review

    For the seventh year in a row, the Auckland Chapter of ISC2 has successfully delivered 12 security sessions for members…

    11 条评论
  • Phishing, smishing, vishing and bribing?

    Phishing, smishing, vishing and bribing?

    Fifteen years ago this week I found myself standing in the middle of Auckland's Vulcan Lane trying to actively bribe…

    20 条评论
  • Is it time for a Cyber Olympics?

    Is it time for a Cyber Olympics?

    Whilst the closing ceremony of the 2024 Paris Olympics has already begun fading into history, the sporting achievements…

    12 条评论
  • The case for evidence-based cybersecurity

    The case for evidence-based cybersecurity

    Get a group of infosec people in a room and mention security frameworks and watch the fun begin! That was the scene at…

    10 条评论
  • Have you got a licence for that data?

    Have you got a licence for that data?

    On a recent stroll round London I noted numerous folks actively fishing in the Regent's Canal, a rather foreboding…

    19 条评论
  • How much security do I need?

    How much security do I need?

    Back in early 2018 I spent a lot of time mulling over the finer details of the EU's latest privacy manifesto, the…

    12 条评论
  • 2023: Making Money From Cybercrime (and AI)

    2023: Making Money From Cybercrime (and AI)

    Way back in 2020 - whilst spending 14 fun days in MIQ - I pondered how to make money from cybercrime whilst staying on…

    2 条评论
  • ISC2 AKL - A Year in Review

    ISC2 AKL - A Year in Review

    For the sixth year in a row, the Auckland Chapter of ISC2 has successfully arranged 12 security sessions for members…

    10 条评论
  • Idris Elba teaches cybersecurity (kind of...)

    Idris Elba teaches cybersecurity (kind of...)

    On Friday night, my plans for marking St Patrick's day were cancelled last minute. Settling down with Netflix for…

    4 条评论

社区洞察

其他会员也浏览了