2021 @ (ISC)2 - A Year in Review
Despite the continuing impact of the COVID pandemic on the Auckland region, I'm amazed to say it's the fourth year in a row the Chapter has managed to run 12 security events -?you can browse the archives for 2018, 2019 and 2020 right here. As always, a huge debt of gratitude is due to everyone who has helped to make this happen - all the presenters who volunteered their time to share their knowledge and to the Chapter Board (John, Linzee, Jerry and Philip), Chapter Members and all the guests who showed up in person and online to take part in the activities.
If you've not yet attended an (ISC)2 Auckland session, read on for our recap of a year that once again threw some challenges at event organisers but worked out pretty well all round.
A special thanks go to Marnu, Peter, Ahmad and everyone at Genesis for hosting us during the year and providing a comfortable spot in downtown Auckland. We may have shifted to Teams since August but we look forward to face to face events again in 2022!
Alongside the 500 people who have attended the physical and online events, a very dedicated group of CSSLP certification students were also lead by OWASP Chapter lead John DiLeo who has amazingly managed to host and invigorate the group through regular online evening study sessions over the last few months.
We have two more sessions left to come before the Xmas break -grab your tickets for our last two events of the year right now on Eventbrite:
A REVIEW OF 2021 EVENTS:
January: Preparation for SOC 2 - Ahmad Hawa
2021 got off to a blazing start with Ahmad kindly sharing his overseas SOC2 expertise on his home turf at Genesis. Whilst COVID has lead to interruptions in physical gatherings, Marnu, Ahmad and Peter have graciously hosted a strong crowd for much of the year.
February: Zero Trust Architecture - John Martin
For February, our Auckland Chapter President gave a great talk on moving from a ‘castle security’ model to a modern data centric, least privilege, continuous assessment way of working targeting the Zero Trust outcome now so beloved of marketers and vendors.
March: Winning the Phishing Battle - Maziar Janbeglou
In March we welcomed back Maziar for a great presentation on the challenges of identifying never before seen credential harvesting sites and his efforts with SafeToOpen to provide automated methods to tackle the exponential growth in phishing sites. The interactive quiz - see example above - was a great way to demonstrate the difficulties internet users face in verifying legitimate sites with site cloning, typo domains and the availability of TLS certs.
April: Strategic Value Risk Equation (‘SVRE’) – Gabriel Akindeju
In April, Gabriel Akindeju hosted a hugely educational session on quantitative risk management to enable business value creation, the 'SVRE'. Gabriel demonstrated a focus on balancing investment and control implementations to address vulnerabilities and risk and wrangled the whole Mercury security team - Gabriel, Nabeel, Jim, Rish, Eghbal and Oon - to feed and water all attendees in amazing surroundings.
May: The impact of identity theft and cyber-related crimes – Neil Hallett
We welcomed Neil Hallett in May who gave a great talk - without slides or notes - on the 1000+ data breaches that IDCARE have responded to in Australia and New Zealand and the lessons learned on the impact of cybercrime on businesses and individuals. Just a week after the Waikato DHB incident, it was very good of Neil to take the time to present given the media focus on privacy harms, liability and the likelihood of prosecutions.
领英推荐
June: Individual, Organisational, and Technological Factors in Phishing Attacks – Farzan Kolini and Priyanka Ram
For June we welcomed Priyanka and Farzan who presented some great local research on the ever present threat of phishing. A big thank you to Faris Azimullah for kindly hosting us at Deloitte and treating everyone to a huge pile of pizzas! You can stay up to date with Farzan's research outputs covering phishing and cyber threat intelligence on Google Scholar.
July – Microsoft Compromise Recovery Security Practice – Alan Johnstone
A huge thank you to Alan Johnstone for a fantastic and fun talk to (ISC)2 Auckland in July. Alan presented on the work of Microsoft CRSP - "the nicest team of security experts you never want to meet" - and key mitigations to apply to tackle human operated ransomware. Alan brought a mix of genuine passion for the topic and humour and a whole heap of branded swag for the audience too.
August – Making Money from Cybercrime – Chris Hails
In August we flipped to Level 4 lockdown so I threw some slides together in the spirit of your typical click-bait blog and provided 5 options for growing your cyber wealth including "be a bad guy", investing in sector equities and funds and my desire for a Delorean time machine to go back and buy Bitcoin on 6 June 2014.
September: Risk Management in an Unfair World - Marty Rickard
In September, Marty Rickard 'visited us' all the way from the Bay of Plenty - via MS Teams of course. He gracefully shared his experiences of using FAIR to analyse and quantify cyber risk in financial terms in what was a fun AND educational storytelling session. A follow up session on FAIR and using RiskLens is now scheduled for November.
October – Breaking a Cybercriminal’s Heart – Ray Dussan
For October we welcomed Ray and Louise from Simplify Security to present on a hot topic, an issue that's changed the whole cyber threat landscape and seen 30 governments recently band together under US leadership to tackle the scourge of ransomware. Ray talked through the business implications and delved into the technical aspects of exploitation using MITRE ATT&CK Sub-techniques and proposed a series of actions for companies to take to defend themselves.
STILL TO COME...
25th November – Quantifying risk with FAIR and RiskLens - Ruby Li
Cyber security has taken centre stage during the pandemic, more businesses are transacting online and employees have become remote workers. Organisations want to know the likelihood of a cyber incident occurring and the impact to the organisation's ability to recover and maintain their business objectives. Register now to learn more from Ruby on the potential of RiskLens.
9th December – One Year On from the 2020 Privacy Act – Emma Pond
One year after the long awaited Privacy Act 2020 came into force Emma Pond from Simply Privacy looks at its impact to date - mandatory breach notification, compliance notices, Covid and a couple of big privacy breaches - and what we can expect on the privacy front in the year(s) to come. Register now for our final hurrah of 2021!
We already have 5 speakers lined up for 2022 so if you're keen to join the Chapter or present in the future do please get in touch. We're always on the look-out for speakers on all kinds of topics so do reach out to me if you're keen to practice your presenting skills and earn some CPEs - we're honestly are a friendly bunch.
Helping SMEs be protected against cyber threats | Cybersecurity Compliance | SecurityAssessments | Roadmapping the security journey
3 年Thanks for the opportunity! Looking forward to more
Enabling business leaders to build and scale secure products and services for a thriving future.
3 年Thank you to you for making such a great difference in our industry - your time and dedication is appreciated Chris Hails
Congratulations Chris, thank you once again for your support, and enthusiasm to keep us all going in difficult times. It has not finished as yet, there is so much more that can be done, everyone one has a level of responsibility to protect their own organisations as Trusted Advisers.
Veteran OT Engineer and OT/ICS security geek. ** Please only ask to connect if we have met, or have direct business contact. Otherwise, please feel free to follow. **
3 年Thanks Chris - I had a great time and have made some fantastic connections as a result. I look forward to an opportunity to take part again