CyberConnect: Building Bridges, Creating Connections in Vancouver's Cyber Community

What a fabulous barbecue with the OWASP? Foundation and ISACA Vancouver Chapter at Stanley Park last week! As the sun set beautifully over the horizon (and NO RAIN!), seeing the connections between the two groups reminded me of the 'Team of Teams' concept discussed by Sami Khoury at a Cybersecurity Conference earlier this year. Watching our communities engage in such a relaxed setting was inspiring. This shows the power of collaboration, proving that together, we are indeed stronger and more resilient against the challenges ahead.

Enhancing Cyber Resilience: The "Team of Teams" Approach with OWASP and ISACA

"In today's digital world, no one fights cyber threats alone; success lies in forming alliances, not just building defenses."

As cyber risks continue to grow and change, the relationship between the Open Web Application Security Project (OWASP) and ISACA groups stands out as a key example of effective collaboration. Together, these groups can embrace a "team of teams" approach, pooling their expertise and resources to enhance their capabilities. This strategy not only strengthens their individual efforts but also sets a standard for how working together can achieve exceptional results in protecting our digital spaces.

The concept of a "team of teams" was initially crafted by General Stanley McChrystal to update how the United States military operates, as he describes in his book "Team of Teams: New Rules of Engagement for a Complex World." This strategy encourages less centralized control and more collaboration among different teams, a shift that has been vital in responding quickly to the complex challenges of modern warfare.

Understanding OWASP and Application Security

OWASP is dedicated to improving software security. It specializes in identifying and mitigating application security vulnerabilities through open-source projects and educational content. One of OWASP's flagship contributions, the OWASP Top 10, provides an overview of the most critical application security risks, offering organizations a starting point for ensuring their applications are secure.

Understanding ISACA’s Broad Cybersecurity Mandate

ISACA’s role spans broader IT governance, risk management, and overall information security management, offering a holistic approach to treating IT risks. ISACA’s frameworks and certifications are designed to foster governance structures that integrate security practices into everyday business processes, to achieve strategic objectives while mitigating risks.

The OWASP and ISACA "Team of Teams" Strategy

The "team of teams" strategy is about more than just collaboration; it’s about integrating diverse expertise to create a unified force against cyber threats. OWASP’s detailed, technical input and ISACA’s strategic, organizational reach create a multidimensional defense strategy that is stronger and more adaptive to the changing threat landscape.

This synergistic approach allows each group to play to its strengths while filling in the gaps left by the other. For instance, while OWASP identifies a severe application security flaw, ISACA can help integrate the response to this flaw within the organization's broader risk management framework.

Moving Forward Together

The future of cybersecurity depends on such collaborative, interdisciplinary approaches. The collaboration between OWASP and ISACA exemplifies how diverse cybersecurity groups can unite under a common goal: to protect organizations against threats. This "team of teams" approach not only enhances each organization's capabilities but also strengthens the global cybersecurity infrastructure.

What happens in Vegas usually stays in Vegas, but not this time!

We're thrilled to celebrate and share the incredible success of the Maple Bacon team, who joined us at our barbecue to recount their DEF CON triumph.

In an impressive display of cyber prowess, the University of British Columbia’s (UBC) team, Maple Bacon, clinched the DEF CON Capture the Flag (CTF) title for the third consecutive year. This remarkable feat was achieved in collaboration with the Carnegie Mellon University (CMU) team and hackers from CMU Alum start-up Theori.io, known as The Duck, under the combined force of Maple Mallard Magistrates (MMM).

Hosted in Las Vegas from August 8-11, DEF CON is heralded as the 'Olympics' of hacking—drawing the globe’s finest cybersecurity minds into a battle of wits and skills. This year, the stakes were higher than ever, with only 12 of the world’s elite teams, narrowed down from a staggering 1,742 entrants, stepping into the arena.

Here are the key takeaways from this year’s competition:

1. Unmatched Team Synergy: The victory was not just about individual brilliance but a testament to their teamwork and strategic planning.

2. A High-Stakes Game of Digital Cat and Mouse: The competition’s format—breaking into systems to steal ‘flags’ while defending their own—mimics real-world cybersecurity challenges. The team’s ability to anticipate and counteract real-time threats demonstrated their mastery over both offensive and defensive aspects of cybersecurity.

3. Preparation Meets Opportunity: The team’s success is built on rigorous preparation and the ability to adapt swiftly to the dynamic hacking landscape.

“Anticipating moves from some of the smartest minds in the field and adapting strategies in real-time was crucial.”

4. Beyond the Competition: DEF CON is more than just a contest; it’s about learning and networking. Aside from the competition, attendees engage in various activities, including IoT Village and Voting Village, enhancing their skills and understanding of critical cybersecurity issues.

Maple Bacon is already gearing up for next year, aiming to secure an unprecedented fourth win. Their ongoing success at DEF CON not only cements their status as top contenders but also boosts UBC’s reputation in the cybersecurity community. Maple Bacon's repeated success at DEF CON shows the importance of collaboration, strategic foresight, and continuous learning in mastering the art of cybersecurity.

Cyber Avengers Unite: OWASP, ISACA, and UBC for White Hat Hacking Success!

At ISACA Vancouver, we’re not just building a secure and resilient digital future—we’re assembling a powerful alliance of knowledge, innovation, and collaboration. Through our 'team of teams' approach, we unite the brightest minds and leading organizations to champion cybersecurity excellence.

Thank you,

Mary Carmichael,

President, ISACA Vancouver Chapter