Increasing cyber resilience across the Australian Higher Education sector

As cybersecurity breaches permeate news headlines across Australia, it is impossible to understate the importance of an event that brings together our sector's cybersecurity professionals, to leverage collective knowledge, experiences, and skills to increase cyber resilience across the sector.

The 2022 AHECS Summit was held in Canberra on Tuesday 08 and Wednesday 09 November 2022. The theme of the two-day Summit, Connect to Protect, signifies the collaborative approach needed to support our institutions, our sector, our colleagues, and our well-being as professionals in the cybersecurity industry.

The energy in the room was palpable as 150 cybersecurity professionals from across the sector came together in person for the first time since AHECS, the Australasian Higher Education Cybersecurity Service, was launched in 2019.

The Summit opened with a keynote from Ciaran Martin, a leading global cybersecurity authority, former CEO and founder of the UK’s world-leading National Cyber Security Centre, and current Professor of Practice at Oxford University. Ciaran, fresh off the plane from the UK, delivered a powerful talk on his experiences working at the leading edge of cybersecurity as a 23-year veteran of the UK Government. Ciaran introduced good enough security, the concept of finding a meaningful balance between funding, capability and perfect security that creates a viable, ‘good enough' starting point to deliver outcomes.

Relationship building is vital for effective cybersecurity

A theme that emerged from several sessions on day one was the analogy of universities as mini-cities. Understanding the components, and people, that make up the mini cities will lead to better outcomes for cybersecurity staff.

As speakers explored their experiences managing the challenges and opportunities these ‘mini-cities’ present, the importance of relationship building was consistently emphasised. Relationships are vital to cybersecurity. Understanding the business and building relationships that reflect the business will give cyber professionals an advantage within institutions.

Day one also featured a start-up alley, which brought together six Australian start-ups who each were given three minutes to pitch their business to attendees. “The passion they demonstrated for their companies and what they are trying to achieve was incredible. It was so uplifting to see their dedication and to know we have some great emerging technologies” said Nikki Peever, Director Cybersecurity, CAUDIT.

The companies involved in start-up alley were?Cybermindz.org.?CYDARM,?Forticode,?Hyprfire,?MyCISO?and?Snyk.

Day one finished with a moving tour of the Australian War Memorial and dinner within the Memorial, sponsored by CrowdStrike . Crowdstrike flew in Tina Thorstenson , VP Industry Business Unit and previous CISO of Arizona State University, from the US to share her experience working in the sector and insights from CrowdStrike on addressing cybersecurity. The dinner keynote was delivered by LT. Col. Richard Mogg, GAICD Executive Director of Cybermindz , who spoke about his career, and the importance of prioritising the mental health of the cybersecurity workforce. The commonalities between defence and cybersecurity were evident: working in a close team environment where there is an unrelenting focus on getting the job done, even in challenging, pressure-filled situations.

Lt. Col. Richard Mogg’s keynote foreshadowed the theme that emerged on Day 2 of the Summit: the crucial, and often unconsidered, human factor.

Nurturing the people behind the technology

The people that make up the cyber workforce are often overlooked when discussing cybersecurity. While day two began with a technical panel exploring the SOCI act, the focus of conversations quickly shifted from the technical to the personal, with speakers exploring their individual cybersecurity journeys and emphasising the importance of prioritising wellbeing.

Echoing LT. Col. Mogg’s earlier sentiments, Nic Smelt , Outreach Manager, Information Security Office, ANU, delivered an incredibly popular session “insights from a middling cyber monk” exploring his experiences in the sector and highlighting strategies, such as managing mindset and breathing, to cope with stressors.

Day two also featured an open Q&A with AHECS Partners to discuss the most pressing topics facing the sector over the next twelve months. Alongside the practical topics of legislation and data governance, supporting the cyber workforce was one of the key concepts highlighted in the discussion.

Greg Sawyer , CEO of CAUDIT, reflected on the importance of prioritising the well-being of the cybersecurity workforce “cybersecurity can often be a thankless profession. The combination of limited resources with the responsibility of keeping the organisation secure while under constant attack can be incredibly stressful and can take a major toll on the mental health of the workforce. CAUDIT’s new partnership with Cybermindz provides an opportunity to address the psychological toll cybersecurity professionals face while empowering this critical workforce.”

Consciously shaping an inclusive workforce

The closing keynote was delivered by Kate Monckton , 2021 Winner 'Australia's Most Outstanding Woman in IT Security' and Cyber Partner at Deloitte. Kate delivered a deeply personal insight into her journey in the sector. As someone who was often the “only woman in the room”, Kate explored some of the highs and lows, focusing on unconscious bias and her journey to becoming a prominent force in cybersecurity. Kate emphasised the importance of consciously shaping inclusive workplaces.

Earlier in the year, we wrote about women leading the charge to shape more gender-diverse cyber workforces. Read the article?here.

The Summit closed with a panel discussion on mentoring and guiding cyber teams. This panel reiterated the importance of nurturing the people within the cybersecurity workforce and the role each of us can play in shaping an inclusive workforce, where people have the means and support that they need to thrive.

Two incredible days of connecting to protect

The palpable energy in the room, the constant hum of conversations, insights and lessons being shared, and the breadth and depth of experience and expertise amongst the speakers and panellists made for an immensely powerful Summit.

“The people were amazing, the subject matter was awesome and so relevant, the collegiality was really special, and it was awesome to be a part of it” said Andrew Morgan, CISO at La Trobe and Chair of CAUDIT’s Cybersecurity Community of Practice.

We thank all the speakers and panellists, listed below, whose contributions made the Summit a success and our sponsors for making the event possible. The AHECS initiative was built on the philosophy of collaboration to uplift the sector. The sharing, community and collaboration demonstrated across the two days of the Summit was a testament to the strength of AHECS and those working within cybersecurity across the sector.

We look forward to seeing the collaboration continue through ongoing AHECS activities and we can’t wait to do it all over again at the 2023 AHECS Summit.

AHECS is a partnership between AUSCERT AARNet (Australia's Academic and Research Network) Australian Access Federation Ltd (AAF) CAUDIT REANNZ Ltd. that leverages the capabilities and expertise of its partner entities to strengthen the overall cybersecurity posture of the sector.?Find out more here.

Thanks to our speakers and Panellists:

Amber McEwen - CEO, REANNZ Ltd.

Andrew Morgan - Chief Information Security Officer, LaTrobe & AHECS Cybersecurity CoP Chair

Anna A. - Chief Information Security Officer, UTS

Benjamin Di Marco - Cyber Specialist, Willis Towers Watson and Australian Computer and Law Society

Ciaran Martin - Professor of Practice, Oxford University, and former chief executive of UK National Cyber Security Centre

Craig Rowley - SOC Engineering Manager, AARNet

Dave O , Head of Cyber Relations, AARNet (Australia's Academic and Research Network)

David S. - Director, Cyber Security, UQ

Dr. Joseph Sweeney - Advisor, IBRS

Dushyant Sattiraju - Manager, Cyber Security Operations, Deakin University

Fadi Jafari - Cyber Security Director, Deakin

Greg Sawyer - CEO, CAUDIT

Heath Marks - CEO, Australian Access Federation Ltd (AAF)

Hiten Parmar - Strategic Account Director, Mimecast

Karl Sellmann - Deputy Director Information Strategy and Technology Services, University of South Australia

Kate Monckton - 2021 Winner 'Australia's Most Outstanding Woman in IT Security' and Partner, Deloitte Cyber Risk Advisory

Lt. Col. Richard Mogg, GAICD - Executive Director, Cybermindz

Mike Holm - Senior Manager, AusCERT

Nam Lam - Account Director, Sailpoint

Nic Smelt - Outreach Manager, Information Security Office ANU

Nikki P. - Director Cybersecurity, CAUDIT

Pascal G. - Global Director Threat Intelligence, Radware

Raven David - Cyber Security Governance & Risk Manager, UNSW

Sammy Chuks.. - Security Engineer, AARNet

Shelly Mills - Project Manager Data Strategy and Governance, UQ

Stephanie Park - Manager, Cybersecurity Governance, RMIT

Tony Aramze - Chief Information Security Officer, RMIT

Trinity McNicol - Team Leader Data Strategy and Governance, UQ