Summary - Alcorn Group are a leading CREST certified security consultancy. Started in 2015 by Wade Alcorn, the organisation strives to provide trusted, agile, responsive services to their customers. The organisation has grown since then to employee 23 full-time staff and have become one of the fastest growing Australian owned & operated consultancies. 

Description of Achievement / Work - You'll find Alcorn Group staff at the heart of a lot of community groups giving up their personal time to further the knowledge, capabilities and skills of others inside and outside of information security.

CrikeyCon is the largest hacker conference in Queensland and Alcorn Group staff play a leading role within the not-for-profit conference. The conference, a technical security "hacker" conference this year celebrated it's 5th year. The conference held community run training, a CTF and presentations that help people grasp a deeper understanding of technical & non-technical subjects. Every year, this conference donates all profits to charity. This year, they managed to donate over $20,000 to local charities.

Robert Winkel, the Managing Consultant is a co-organiser for SecTalks Brisbane. Many Alcorn Group Consultants attend to learn more, mentor, and share their knowledge with the wider IT-based community interested in offensive security techniques. The meetup generally attracts 40-60 attendees every month. IoT & SCADA Hackers Australia is a Brisbane-based monthly meetup held at the Alcorn Group office by Joshua Riesenweber. Joshua started this group to investigate and tinker with IoT and ICS devices for security vulnerabilities. Each month they investigate the security features or lack thereof of a new product or topic. The attendees are mostly SCADA Engineers with an interest in information security.

Through consulting, Alcorn Group are seen as thought leaders and valued partners to many information security programs throughout Australia. Alcorn Group provide security testing, red teaming, incident response, and training to their customers as a way of increasing their security posture and overall understanding of information security. Alcorn Group are consistently involved in the wider IT & non-IT community to further educate about information security, skills, knowledge and learnings

Cisco invest significantly in securing their own networks using their own technology and that of industry leading vendors. They have built robust internal training programmes which teach their staff basic Cyber safety techniques and encourage them to further educate themselves and their communities through the offer of an industry recognised certification in Cyber Security.

Based on current advancements in block chain technologies, Cisco have invested in their own developmental team to leverage these innovations to further protect their supply chain and community.

Cisco’s is a founding and lead partner in the Australian Cyber Security Cooperative Research Centre which is focussed on critical infrastructure, protecting businesses, and building cybersecurity skills. Cisco advises the CRC through Board membership and leading a research stream around critical infrastructure.

Cisco has also worked closely with the Box Hill institute of TAFE to develop a Diploma level curriculum on Cyber Security. The curriculum was approved by the Federal Education department in early 2018, meaning that the diploma is now a national level syllabus that can be delivered, for free, by most TAFE and CIT organisations in Australia.

Cisco’s Vice President of Australia, Ken Boal, runs a Cyber symposium as part of the Australian Business council. Cisco can also be found working with small businesses in Western Sydney, TAFEs and universities to ensure that education offerings are industry relevant, and campuses are as secure as possible.

Description of Achievement / Work - Cisco is this year’s AISA award winner for Cyber Security Enterprise Employer of the year because they have clearly demonstrated excellence in promoting Cyber safety to customers, staff, the supply chain and the community.

Cisco Australia aim to secure the networks of all Australian businesses and communities and aim to achieve this through embedding Security innovation in their core solutions and driving outreach programs in the community. Cisco is unique in its cyber outreach, they maintains a Trust office in Australia. The Trust Office works with Australia’s policy organisations, educational institutions and large organisations with a mission to make Australia more cyber resilient.

Like many organisations, Cisco provides cyber awareness training to staff. However, it is taken very seriously. Besides the standard training on offer, Cisco staff, partners and customers to enrol in a Cyber Security  program which challenge participants to become very familiar with security. They have developed a range of cyber courses from the basic beginner level all the way to the industry recognised CCNA qualification.

Cisco is a founding and lead partner in the Cyber Security CRC, a $140m programme that will centralise and drive Australia’s cyber research for the next 7 years. Cisco advises the CRC through board membership, and leading a research stream around critical infrastructure.

Cisco’s is a founding and lead partner in the Australian Cyber Security Cooperative Research Centre which is focussed on critical infrastructure, protecting businesses, and building cybersecurity skills. Cisco advises the CRC through Board membership and leading a research stream around critical infrastructure. The CRC is deliberately industry led, so that the research is relevant, unique and has national or commercial value to make Australia a leader in cyber.

Cisco has also worked closely with the Box Hill institute of TAFE to develop a Diploma level curriculum on Cyber Security. The curriculum was approved by the Federal Education department in early 2018, meaning that the diploma is now a national level syllabus that can be delivered, for free, by most TAFE and CIT organisations in Australia. Over 715+ students have become ‘Certification Ready’ in Security at Box Hill in the last 5 years.  This means, students are ready to take our exams if they so desire. Box Hill work strategically with organisation such as Telstra to have students employed as Engineers as well as other leading SMB’s.

Finally, cisco takes its part and obligations to the broad Australian Community very seriously. Cisco’s Vice President of Australia, Ken Boal, runs a Cyber symposium as part of the Australian Business council. Cisco can also be found working with small businesses in Western Sydney, TAFEs and universities to ensure that education offerings are industry relevant, and campuses are as secure as possible.

Summary - IAG is the parent company of a general insurance group with controlled operations in Australia, New Zealand, Thailand, Vietnam and Indonesia, as well as interests in joint ventures in Malaysia and India. Its businesses underwrite over $11.4 billion of premium per annum, selling insurance under many leading brands, including: NRMA Insurance, CGU, SGIO, SGIC, Swann Insurance and WFI (Australia); and NZI, State, AMI and Lumley Insurance (New Zealand).

IAG started its Cyber Security journey three years ago with the goal of uplifting the security of the organisation, its employees and partners. IAG’s purpose is to make your world a safer place, and this ties in strongly with the ultimate goals of its Corporate Security Group (CSG).

Starting at an immature point, a large-scale program of work has seen CSG cultivate a world-class team, develop innovative solutions and engage with people across the organisation, government and industry.

After analysing the existing environment against NIST, IAG Executive General Manager Corporate Security, Jeff Jacobs, approached the IAG Board and secured funding for a comprehensive, multi-year uplift program. As a result, two core streams were established:

1. Cyber Shield – a formal program of work designed to put in place solutions to identify, protect, detect, respond to and recover from Cyber Security threats, ultimately supporting IAG’s purpose.

2. Business as usual (BAU) uplift – as new technologies, solutions, people and initiatives rolled off Cyber Shield uplift projects, IAG built a highly skilled and experienced BAU team and ongoing delivery program to retain momentum and increase the organisation’s Cyber maturity.

After two years of focusing on Cyber, the program expanded to include physical security, recognising the relationship between technology and physical controls in ultimately protecting an organisation. IAG is one of the few organisations who have converged Cyber and physical security in Australia, showing an elevated level of maturity by identifying the key linkage between these threat areas.

Description of Achievement / Work - Through these programs, IAG has developed and implemented a considerable volume of landmark, innovative work. Just some of these initiatives include:

Government

• IAG is a founding member of the Australian Federal Government’s Joint Cyber Security Centre (JCSC). IAG Managing Director and CEO, Peter Harmer, has been asked to join the JCSC National Board. IAG Executive General Manager Corporate Security, Jeff Jacobs, is the Sydney Chair and on the Melbourne Board.
• IAG is a Major Partner of ‘Stay Smart Online’ by the Australian Centre for Cyber Security (ACSC).
• IAG developed and presented a half-day, free course at the federal government’s conference ACSC 2018 on ‘Developing a successful and resilient Cyber Security education & awareness program’.

Universities

• IAG team members are representatives on IT and Cyber advisory boards at the University of Victoria, Swinburne University, Deakin University and University of New South Wales (UNSW).
• We developed a free four-week short course on ‘Phishing Countermeasures’ for Charles Sturt University (CSU). Over 3600 people across the globe registered.
• CSG is currently working with UNSW to develop research on several Cyber Security topics, that will help inform the broader industry on behavioural and human based threats.
• CSG sponsors the UNSW Business and Information Technology Systems Student Association (BITSA) to help students better understand their career options and encourage learning in Cyber Security.
• CSG supports the UNSW Information Systems Co-op program, enabling students to experience 24-weeks in Cyber Security.
• CSG team members guest lecture on Cyber Security at several universities including UNSW and Swinburne.

IAG business, employees, partners and industry

• CSG has implemented a broad range of Cyber Shield uplift projects designed to:
  o Improve employee access to systems;
  o Protect IAG through Cyber intelligence;
  o Reduce vulnerabilities in our technology systems;
  o Secure our critical data and technology assets; and
  o Provide Cyber Safety help, training and advice to IAG employees and partners.
• We have implemented a 24x7 Cyber Defence Centre from the ground up, with expert Cyber Analysts performing threat intelligence and management.
• CSG has implemented a new ‘red’ team designed to test the controls IAG implements and close any gaps. As a result, we have developed an innovative self-service web application scanning tool based on open source technologies. This moves security ‘to the left’, enabling the business to execute scans on demand, while providing the security team with centralised visibility.
• IAG developed a comprehensive, fun and engaging education and awareness program for employees, providers and partners including:
  o Game of Codes – an innovative secure coding developer program with coding tournaments, individual assessments and gamified training;
  o Cyber Safety Month – an annual, month-long series of events with guest speakers from government and ‘knowledge cafes’, where employees can ask questions of our Cyber Security experts face to face;
  o Cyber escape rooms – physical rooms with Cyber-themed puzzles designed to teach employees through experiential learning;
  o Phishing simulations with Norbert – our employees use “Norbert” (our purple and white fish) to report phishing attempts and to vie for monthly recognition and rewards; and
  o Compliance training with a difference – engaging compliance training that takes our people through a ‘choose your own adventure’ story.
• IAG worked with Ernst & Young to develop a Cyber Economics Modelling initiative, to help quantify the value of Cyber Security, an area that is currently lacking industry-wide. The initiative was able to map out key threat scenarios and quantify the cost of not taking action or having the current security controls in place.
• CSG participate in IAG’s myFlex program designed to help our employees use flexible working to help them manage their personal commitments and spend quality time with their loves ones.
• We support IAG’s Gender Equality program and further support women in Cyber through mentoring in industry groups and universities.
  • CSG team members help grow and educate the industry by participating on several industry boards and committees; and are members of several industry organisations including ISACA, FSISAC and AISA.

Summary - Paras is a seasoned professional with expertise in Cyber Security.  IT Risk Management and IT Governance for over 16 years.  He has trained over 1,000 information security professionals worldwide, including 400+ Australia and New Zealand in best practices such as ISO27001, COBIT5, ITIL, CRISC and VPDSF.  Paras continues to represent ISACA on two Standards Australia committees; Quality Management Committee 'QR-008', responsible for ISO 9000 family of standards, Security Techniques Sub-Committee 'IT-012-4', responsible for ISO 27000 family of standards and other.  His past volunteer roles at ISACA include ISACA Sydney Chapter president, and member of the ISACA Framework Committee.

Description of Achievement / Work - Similar to his dedication towards various volunteer roles at ISACA, Paras along with his other colleagues at Vital Advisory, developed and delivered the VPDSF workshops from Sept 2017 to May 2018. Paras has been one of the main drivers, strong promoter and trainer behind developing 9-workshop series for VPDSF to assist the Victorian Government Agencies.

Paras has tremendous knowledge in Information Security domain and is an excellent tutor. In addition to his 15+ year's expertise in ISO27001, Paras is the only trainer in Australia to build customised training for COBIT5 for Information Security.

He brings wealth of experience in various best practices implementation as part of his day job as consultant. Paras shares practical tips and DIY templates to his training delegates to make it simple and cost effective to implement the same in their respective organisations.

Summary - David is the Managing Director and principal security strategist for CQR Consulting Pty Ltd and brings in excess of 25 years of experience in the domain to these roles. David is recognised as one of the global leaders in Information Security Management and is the past chair the ISACA International Certification Board responsible for certifying Information Security Managers. David is highly qualified, holding the Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) credentials. He brings extensive business experience, holding an MBA and having led two specialist information security firms in the most senior management roles. David's areas of specialty are information security strategies, frameworks and standards, IBM mainframe security, information security policies and risk management. David has also successfully completed training as an ISMS Lead Auditor to the international standards. He excels at presenting the key business risks to client executive management in terms they can relate to.

Description of Achievement / Work - David is Australia’s leading subject matter expert in the field of designing, implementing and auditing information security management systems (ISMS) based on the ISO/IEC 27001 standard. He works closely with several of the leading certification bodies in Australia, and provides key support and leadership to both government and commercial organisations on the practical implementation and operations of ISMS’ based on ISO/IEC 27001. David has consistently sought to elevate conversations about information security to a strategic board and executive level.

In driving the importance of information security not only around Australia but throughout the world David has a highly valued reputation which precedes him and this encourages both existing and new organisations to seek out David's advice and guidance. David’s ongoing commitment to raising awareness of information security is supported by his knowledge and guidance to others in the domain of information security management systems (ISMS), specifically built around the ISO/IEC 27001 standard. He is a strong advocate of the practical and pragmatic implementation of management systems based on this standard. David regularly interacts with a number of the key certification bodies for this standard.

Along with frequently being invited to speak at conferences and forums to share his experience and knowledge, David plays a pivotal role within the industry as a mentor and educator. He regularly delivers training and skills development programs within both the private and government sectors, consistently seeking to develop broader competencies in information security within the Australian market. Attendees of such programs look to him as a professional of the utmost acclaim within the industry who is both willing and helpful in guiding them to be their best, which in turn raises the level of overall industry competency. David is now also involved in a formal program to develop cyber security skills within the senior school eduction sector.

In addition, David was responsible for the creation of a series of ‘BeSecuritySmart’ information security awareness video set. This consists of a set of 14 short animated videos that have been deployed in over 30 organisations throughout Australia, designed to assist in educating users in the importance of information security, addressing key areas of threat and explaining good behaviours.

David was involved in the formative years of the ISACA CISM certification, representing Oceania on the CISM Certification Board and serving as Chair on that board. In addition, he has previously been involved in review and advisory committees for security standards in various SE Asian countries, working with organisations in Singapore, Malaysia, Thailand, Honk Kong and Sri Lanka.

David’s commitment to the information security industry has made him a global leader in our field. He has over 35 years IT and information security management experience, 14 years of which he has been the co-founder and Managing Director of CQR, Australia’s largest independent information security consultancy.
David is a strong supporter of AISA, and continues to demonstrate his commitment by presenting at both AISA National Conferences and the IAPPANZ Privacy Summit.

Summary - The Office of the eSafety Commissioner is responsible for promoting and supporting measures to improve online safety for all Australians. The Office works with the community, industry, government and not-for-profit organisations to provide innovative, scalable, evidence-based and sustainable online safety resources and tools for all Australians. Our audiences include children and teenagers, parents, educators, women, older Australians and vulnerable citizens.  In 2016 the Office established eSafetyWomen with funding from the Women's Safety Package to Stop the Violence. Since then, the program has become recognised as an authoritative provider of quality, effective resources providing advice and assistance to women Impacted by technology-facilitated abuse, as well as to the domestic and family violence (DFV) frontline workers who are responsible for assisting them.

Description of Achievement / Work - In 2016 the Office established eSafetyWomen with funding from the Women's Safety Package to Stop the Violence. Since then, the program has become recognised as an authoritative provider of quality, effective resources providing advice and assistance to women Impacted by technology-facilitated abuse, as well as to the domestic and family violence (DFV) frontline workers who are responsible for assisting them.

Why Is eSafetyWomen needed? A survey of domestic and family violence specialists found that 98% of their clients had been subject to abuse via technology as part of their domestic violence experience. In other words, In almost all cases, technology was used to control, threaten, monitor or harass the woman, even continuing after the woman has left the relationship. Technology-facilitated abuse can have very serious impacts on its target, contributing to an increased risk of anxiety and depression and also flagging risks to her personal safety. Women who have been In this situation have described their feelings of being trapped, with no escape, of being unsafe, not In control, and constantly afraid. And yet, maintaining safe access to technology Is vital for ensure women's physical safety and mental wellbeing. In response, the Office developed a range of web-based resources to help women protect themselves, and to take back control over their online experiences. The eSafetyWomen website (esafety.gov.autwomen) provides a wide range of practical tools and information to equip all women to protect themselves and their families against all forms of online risks and abuse.

We also developed training program for domestic and family violence frontline workers, such as staff in crisis centres and women's shelters, lawyers and police—all who support and respond to high risk situations, to women affected by domestic and family violence. We provide free face-to-face training workshops to give these frontline professionals the knowledge, skills and confidence they need to better assist their clients who are experiencing technology-facilitated abuse. As at 31 July 2018 almost 6,000 domestic and family violence frontline workers have participated in our workshops.

In June 2018 we launched eSafetyWomen—online training for frontline workers (fronllineworkem.esafely.gov.au). This free online training program covers critical issues such as: identifying technology-facilitated abuse; how women Impacted by technology-facilitated abuse can safely protect their privacy and security; how to deal with image-based abuse; eSafety planning; the legal framework and role of law enforcement. The ten interactive modules are tailored around professional categories, to ensure the training is relevant and useful to a particular workers needs.

Providing training online also ensures that its' accessible by frontline workers who may not be able attend a face-to-face workshop in person because of time constraints, or because of the location where they are based. It allows frontline workers to undertake training in their own time and at their own pace, and from wherever they may be in Australia... including regional and remote areas. In the first 6 weeks of operation more than 950 frontline workers have registered for the online training course, and feedback has been very positive. Of those who had completed the training, 87% said that it would help them assist their clients, and 97% said they would recommend it to their colleagues.

This is a dynamic field, with constant evolution in technological potential. To continue making a real difference in the lives of Australian women the Office works to identify new and emerging technologies, ascertaining the safety and security risks they pose, and also the corresponding risk management actions and strategies. The program is framed to provide platform- and device specific guidance for each of these new threats, including technologies such as drones, wearable devices (for example, fitness trackers), GPS tracking and audio and video recording devices. 

Summary - Matthew is the Associate Director of Optus Business’ Cyber Security Go-To-Market and Partnerships and plays a critical role in the delivery of Optus’ Cyber Security Innovation Strategy through joint initiatives between Optus and its network of cyber security ecosystem partnerships. 

Ultimately, the Optus Cyber Security Innovation Strategy forms a global network of academic, business and government institutions to conduct high quality, high impact research to develop solutions aligned with industry and community needs and educating and training the next generation of cyber security experts and upskilling the existing workforce of both Optus and their clients. Optus’ local strategic cyber security partnerships include Macquarie University, La Trobe University, LifeJourney, the Federal Government’s Cyber Security Cooperative Research Centre, industry bodies such as AustCyber and a strategic alliance of technology providers. 

Matthew has only been working in the Information Security industry for just over two years, previously leading Marketing Management, Product Management and Partnership functions at Intel, Panasonic and Sony and holds a Master's Degree focused in Marketing from University of Sydney. He is now undertaking a Master of Cyber Security Operations at the University of New South Wales, Canberra ADFA campus.

Description of Achievement / Work - Mathew has lead Optus investment into Cyber Security focused partnerships and initiatives over the last two years, driving Optus’ position to lead in:

• Developing cyber security research, development, education and training programs
• Helping to address the systemic issue of a cyber skills gap
• Enhancing industry cyber awareness

In the past three months, the work fostered by these cyber partnerships - in particular Macquarie University and La Trobe University, has received over $926,000 of Government funding building towards a self-sustaining scalable Cyber Security Research and Innovation agenda.

Through the development of Optus cyber security partnership ecosystem, Matthew has been working with Australian Universities and education providers to develop an end-to-end cyber education program that fosters Cyber Skills from early education, all the way to board education and awareness programs with Optus’ Enterprise and Government customers.

Optus’ education initiatives start with the Digital Thumbprint program which develops cyber awareness within Australian schools, targeting school kids as young as year 2 and through to year 12, covering topics such as online safety, cyber bullying, online gaming and addiction, privacy and security, exposure to inappropriate content and how to create a positive presence online.

Partnering with global STEM pathways leader LifeJourney, Matthew worked with Optus Cyber subject matter experts to develop the Optus Cyber Security Experience. An online cyber education program for secondary schools, TAFE and universities enabling educators to introduce students to Cyber Security career pathways. The experience is a computer-based training program aimed at high school students to develop the talent pipeline and address the Cyber Security skills gap in Australia.

To date over 4000 students have enrolled in the Optus Cyber Security Experience, and Matthew has built a three-day work experience program for female students that is offered on completion of the LifeJourney program. This education program was part of a Diversity and Inclusion Strategy for creating an environment where women can thrive and succeed in Cyber Security roles, who only represent 10% of this industry's Asia-Pacific workforce.

Rounding out these education programs are the co-developed tertiary Undergraduate and Masters degree’s Optus has co-developed with Macquarie University and La Trobe University. Along with executive education, short courses, half to two-day workshops and customisable programs for organisational learning, development needs and professional upskill. These are offered to the enterprise sector and government agencies, drawing on the expertise of Optus and leading Macquarie University and La Trobe University academics from various disciplines and industry experts.

Over the last two years Matthew has lead Optus Cyber Security establishment of:

1) Optus Macquarie University Cyber Security Hub

The Optus Macquarie University Cyber Security Hub is a $10 million co-investment between Macquarie University and Optus. The Hub forms a network of academic, business and government leaders to co-create degree programs, educational short courses, and thought leadership through cyber awareness events and international engagements etc. Successful research programs that the Hub is undertaking with Optus include;
   1. Privacy preserving data sharing technologies
     - Joint strategy between Macquarie University, Optus, Data61 and Data Republic worth more than $1.6 million
     - Developing a solution that will give organisations full control to data custodians so they can understand and manage the risks of sharing and processing data
     - Recently received $163,000 funding from the NSW Government for this project as part of the NSW Cyber Security Network offering
   2. Cyber risk modelling
     - Research project worth $400k to model the impact of several types of attacks under way with Risk Frontiers, an SME specialised in developing models addressing natural disasters for the insurance sector.

2) Optus La Trobe University Cyber Security Alliance

The virtual facility and cyber security teaching, research and industry collaboration is led by the inaugurally appointed La Trobe Optus Cyber Chair, internationally-respected cyber security expert Professor Jill Slay AM. Matthew and Professor Slay, have worked to establish high-impact research that provides tangible and holistic solutions to critical real-world cyber-related issues for governments, industry and the community.

Optus and La Trobe has been successful in an application to the AustCyber fund matching scheme launched earlier this year to develop a Cyber Deception Based Intrusion Detection System for custodians of critical infrastructure. From over 49 proposals submitted by different research bodies and universities, AustCyber selected and agreed to fund.

Summary - Jakob is a passionate software developer and information security specialist who has been in the industry for two years.  Originally from Renmark, South Australia, Jakob moved to Adelaide to study and pursue a career in IT.  After graduating from Flinders University with First Class Honours, Jakob began working as a Graduate IT Consultant at Head Full of Heart.

Early in his career, Jakob found passion in both Software Development and Information Security and chose to pursue both fields in his work.  He believes that these disciplines are complimentary, that the skills and understanding he gains in one directly improves his ability in the other.  Jakob has proven himself a skilled information security specialist at CQR, where he actively develops scripts and tools which enable him to be a more effective penetration tester.  Similarly, Jakob has taken lead roles in developing software in sensitive environments, and has provided advisory to software development teams in addressing security throughout the software development lifecycle.

Jakob aspires to contribute back to the information security and software development communities, as they have provided him with the tools and knowledge that allowed him to pursue his career.  To this end, Jakob has developed JavaScript package that allows web developers to test passwords against passwords found in data breaches.  Jakob writes a blog on software development, DevOps and Information security where he shares his ideas and experiences with the community.  He has also appeared as a guest lecture at Flinders University, organised and run a software development bootcamp for university students in SA, and aims to present at SecTalks and Front-End Developers Adelaide meetups by the end of this year.

Description of Achievement / Work - Jakob graduated from Flinders University in 2016 with a Bachelor of Science (Honours): Enhanced Program for High Achievers, First Class Honours.  During his time at Flinders, Jakob lectured, tutored and demonstrated for a variety of topics, and developed into a senior tutor role.  Toward the end of his degree, he was approached by a long-time mentor who wanted to start a business focussed solely on building high class IT consultants from talented university graduates.  Jakob became one of the founding graduates in the Head Full of Heart Program.

During his time at Head Full of Heart, Jakob has performed a number of roles within private and public organisations in Adelaide and interstate.  He has developed a full-stack web application advised on cloud services for local start-ups, aided in SharePoint development and migration for state government, and assisted in matching passionate graduates with local businesses.

Early in his career, Jakob found that he was particularly interested and motivated in projects relating to software development and information security.  I was as this time that CQR took Jakob on board as an information security specialist, where they shared their expertise in the information security industry and showed him the ropes in penetration testing.  Shortly afterwards, Jakob began a long-term project developing a web application for state government which handles Cabinet-in-Confidence information, furthering his understanding of developing secure software.

In addition to his career, Jakob has the following involvement in the Information Security community:

• Regularly attends SecTalks Adelaide, AISA Adelaide, and the Front-End Developers Adelaide (FEDA) meetup.
• Jakob is booked to do a talk at FEDA in October about security in front-end web applications, and aims to speak at SecTalks by the end of 2018.
• Writes a blog on his ideas and experiences in information security, software development and DevOps.
• Has developed the ng-password npm package for Angular which enables web app developers to test passwords against leaked passwords from the Have I Been Pwned database.
• Has attended a number of InfoSec conferences around Australia, including the AISA half-day conference, CrikeyCon and BSides Canberra.
• Is a part of a team that aims to develop a set of principles for software development teams to follow to produce quality, secure software to help further the software development talent in Adelaide.
• Co-organised and run a 4-day coding bootcamp for students from SA’s major universities to accelerate their skills as software developers and expose them to a real-world development environment.Continuously tinkers with new software development and DevOps tools and technologies to improve his skills as a software developer, and to better advise software development teams to write more secure software.

Summary - Dr Graeme Edwards has devoted 15 years of his career as a cybercrime detective with the Queensland Police Service.  He has led numerous investigations into cybercrime within Australia and with overseas law enforcement agencies leading to arrests and successful prosecutions.  He has undertaken extensive academic and practical research into identifying new methods to obtain digital evidence to assist criminal investigations including locating digital evidence from crime scenes.  Dr Edwards created the Victims of Financial Crimes Group with the QPS to assist those people and businesses who have been victims of cybercrime.

Description of Achievement / Work - Detective Edwards has spent a considerable portion of his career as a cybercrime detective investigating cybercrime and assisting members of the community who have been victimised by cybercriminals. He is also a recognised speaker and trainer at many conferences and events teaching the public aspects of cybercrime and how they can defend themselves in an on-line environment.

During his career, he has completed a Bachelors, Masters and Doctorate of lnformation Technology to improve his understanding of how technology is used by criminals against the community and how to find evidence to assist locating suspects and arrest them.

He has devoted his career to understanding how criminals use technology to assist their crimes and how to locate evidence. His doctoral thesis of Investigating cybercrime in a cloud computing environment is an example of understanding evolving technology and applying it to assist police locate the criminals behind cybercrime.

As the Chair of the Brisbane chapter of the Association of Certified Fraud Examiners, he has led the community in raising awareness of financial and cybercrime and building relationships where industry partners work together.

Summary - The Cyber Security Center at Box Hill Institute has developed in conjunction with significant industry input and innovative suite f sills based programs from the Certificate 4 in Cyber Security to the Advanced Diploma in Cyber security.  These programs have now been adopted nationally as the Cyber Security programs for the TAFE's in Australia.  Currently all states and territories either deliver or plan to begin delivering these Cyber Security programs.  The programs directly address the identified skills gap for the Australian cyber industry.  Box Hill Institute leads the national initiative and has provided the curriculum and teaching materials and labs.  Box Hill Institute just built and launched the first TAFE Teaching CSOC as part of its delivery.  A process of quality improvement and collaboration exists to continually improve the teaching and lab resources.  The National initiative for both programs is endorsed by Aust Cyber.

Description of Achievement / Work - The program initiated with a significant Victorian back to work funded grant. Eighteen months of full time research, coordinating a significant Industry Advisory panel, endless hours of SME interviews and Industry Dacum sessions were involved with the creation, development, writing and accreditation of both programs.
Both programs are one year full time with the Certificate 4 tailored for trainees or interns at 2 full days of study per week with 3 days for on the job work placement.
The skill set developed by the advisory panel was directed to incident responders and generalists working in Cyber Security. . Skills in using Cyber Tools of the trade such as Splunk, Squil, Snort, Kali, Metasploit, the security onion suite, burpe suite and using tools from the Dark net and the Hak 5 Elite field kits are developed. Students are required to demonstrate sound practical skills in using these tools to be deemed competent.
Both programs culminate in Cyber Security Projects conducted on recorded or live data in a teaching Cyber security Operation Centre utilizing Red, Blue and Purple teaming experiences to generate, Detect and Mitigate attacks on a series of physical and virtual firewalls.

The program at Box Hill Institute has had about 50 Graduates. Currently there are 120 students with many more predicted next year since the Victorian Governments decision to sponsor the Cert 4 in Cyber Security as a free program for 2019.

Nationally there are currently 72 students (NSW, QLD and Canberra) either completed or currently competing the Cert 4 in Cyber Security part time.

WA, SA TAS and NT plan to begin delivery in 2019.

These programs developed by Box Hill institute  are an excellent demonstration in collaboration of how TAFE's are addressing a consistent National approach for the current Cyber Security skill gap.