Reflecting on the AISA National Conference 2016

By James Turner (Originally published on Linked In)

28 October 2016

Last week, Sydney hosted AISA National Conference 2016. The theme was “Cyber Security, do we have IT right?” As the conference progressed, and AISA members got to digest the speakers’ messages, it turned out that this question was prescient, and that the answer is “no”.

Three particular speakers shared messages which I thought were especially important.

Dr Ian Levy set out some of the UK government’s plans to help create a stable and secure experience of the Internet in the UK; to enable trust and confidence in communication between government and citizens. Stilgherrian has an excellent summary of Dr Levy’s presentation here, and some of the steps included:

• Deploying DMARC across all subdomains under “.gov.uk” (preventing phishing)
• Preventing IP spoofing through better implementation of BGP (eliminating the UK from participating in layer 3 DDoS attacks).

The UK’s NCSC is going to share the details of their methodology on how they do this, and then share the results they get so that the private sector can emulate these steps. The NCSC is clearly intent on taking big and bold steps to dramatically raise the baseline defences of the UK. It was inspiring to see the leadership being demonstrated by the UK government to protect its citizens and economy.  

Jane Frankland spoke about the need for the cyber security industry to shift its language. Ms Frankland showed metrics which revealed the steady disengagement of women from the cyber security industry, and noted that much of the terminology we use is aggressive and conflict-oriented. This assertion is not new, and must be addressed. Last year when talking to cyber security executives about the usefulness of the Lockheed Martin Cyber Kill Chain, some (e.g. Rachael Falk) noted that militaristic language will cause executives and boards who do not see themselves as part of the cyber security boys club to mentally disengage.

Disengagement is the exact opposite of what the cyber security industry is trying to achieve. It’s pretty clear we’ve got a way to go in making our language accessible to executives and potential recruits.

Alastair MacGibbon (pictured: right), our first Special Adviser to the Prime Minister on Cyber Security, had a simple message. Mr MacGibbon said that the private sector should not wait for government. It was a powerful message, but also a sad one compared to the proactivity and outreach from Dr Levy’s government.

Awards

The AISA Awards at the gala dinner were brilliant. The awards were:

• Rising Star of the Year, won by Erica Hardinge
• Professional of the Year, won by Pieter Danhieux
• Educator of the Year, won by Mark Gill
• Trainee of the Year, won by Joseph Speziale
• AISA Volunteer of the Year, won by Mandy Turner (and so very, very, deserved!)
• Diversity in Cyber Security Award, won by Jacqui Loustau

Each of the award winners was clearly deserving, and every one of the nominees should also be proud to have been nominated. Many people have been doing awesome work across our industry. I want to call out two awards here, because I think they are significant indicators for our industry:

1. The Educator of the Year winner, Mark Gill, set up study groups for the CISSP exam. He was making a practical difference to people at the grassroots. Mark’s been doing this for years, and was nominated for being an unsung hero. Mark Gill has been doing for years what Mr MacGibbon was calling for AISA members to do - just get on with it and make a difference.

2. Diversity in Cyber Security Award. As it says on the AISA site, “AISA believes that attracting diverse talent into the industry is crucial for future success and wants to recognise people who are pioneering this field”. I think this was the most important award for AISA, and the fact that more people were nominated for this than the other awards is a tell. It was won by Jacqui Loustau, who created the Australian Women in Security Network, which is a group for more than 400 women who network and share ideas. And the truly phenomenal part was that Ms Loustau set up the AWSN while on maternity leave.

While it’s easy to feel despondent over what we’re not doing when listening to Dr Levy’s message, it’s important to keep in mind our Award winners and nominees, and their attitude of “it’s up to me”.

When you combine that attitude with Mr MacGibbon’s message of “would you please just get on with it” (my paraphrasing) we can see that our Award winners and nominees are lighting the path forward. Problems should be fixed by those that see them.

We may not be getting all of it right, but our fate is in our own hands, and we have some brilliant and generous people already in action.  

Finally, a huge thank you to Arno Brok and all the AISA volunteers who made the conference possible. The best conferences inspire and provoke, and this year the AISA national conference absolutely delivered.