Cyber Security Weekly Podcast

By MySecurity Media

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in iTunes

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 54
Reviews: 0


Without trust, society stagnates, economies decline, and businesses fail. This podcast series keeps abreast of the latest trends and challenges in cyber and physical security with interviews, event updates, industry suppliers & government initiatives.

Episode Date
Episode 157 - Keeping thousands of staff cyber aware - Phil Hall, Cyber Security Awareness and Intel Manager with AMP
<p>Interview with Phil Hall, Cyber Security Awareness and Intell Manager with AMP, recorded as part of AMP Amplify 2019.</p> <p>In his role, Phil brings to life real cyber threats through various immersive simulations, awareness talks and presentations, as well as targeted awareness for all levels of AMP staff.  He is passionate about all things ‘cyber’, and spends his time performing reconnaissance for AMP threat communities, and presenting to all levels of staff.</p> <p>Phil presented to seven schools as part of AMP Amplify, taking the opportunity to call out some tactics for ensuring cyber security, with specific examples relevant to high school students.</p> <p>AMP, with about 6,500 staff, is a financial services company in Australia and New Zealand providing superannuation and investment products, insurance, financial advice and banking products including home loans and savings accounts. AMP shares are included in the Australian Securities Exchange's S&amp;P/ASX 50 index.</p> <p>Recorded in Sydney, 7 June, 2019. #AMPAmplify2019</p>
Jun 19, 2019
Episode 156 - AppSec & DevSecOps - Micro Focus Fortify’s product vision and strategy as a market leader
<p>Interview with Scott Johnson, General Manager for Fortify at Micro Focus, visiting Sydney as part of the Micro Focus Realize 2019 events, held in Sydney Melbourne and Canberra. </p> <p>In his role, Scott leads Fortify’s product vision and strategy for the market’s leading AppSec offerings. He is responsible for both on premise and SaaS (Fortify on Demand) based solutions covering SAST, DAST, RASP and IAST. Under his direction, Fortify was once again (8th consecutive time) designated as the Gartner Magic Quadrant leader in Application Security Testing in 2018. Scott has successfully led efforts in support of DevSecOps and AppSec Orchestration leading to increased revenue and customer growth.</p> <p>Scott offers a unique blend of enterprise and start-up experience with prior product management and leadership roles at IBM ISS where he led award winning endpoint and network security portfolios. Other highlights include security and technology product leadership positions with Ionic Security, Unisys, Nivis and b2b market exchange platform provider, Idapta. Scott also co-founded, Ho-Chunk, Inc., helping raise $8m to create a $250m diversified holding company for the Winnebago Indian Tribe of Nebraska.</p> <p>Recorded 5 June, 2019 in North Sydney, courtesy of Micro Focus.</p>
Jun 16, 2019
Episode 155 - Interview with renowned Canadian Astronaut, Colonel Chris Hadfield - Cybersecurity in Space and future of space exploration
<p>Recorded on 6 June 2019 on the Quayside Room Balcony, Museum of Contemporary Arts, overlooking Circular Quay, Sydney, courtesy of AMP Amplify 2019. (Apologies for the challenging audio conditions and resulting quality - full transcript below)</p> <p class="MsoNormal">Welcome to the <i><a target="_blank" href="">Cyber Security Weekly Podcast</a></i> and recording on a beautiful sunny morning in Sydney. My name is Chris Cubbage (‘CC’) and we are joined by a very special guest, as part of the AMP Amplify 2019 Forum, and our special guest is Canadian astronaut and now the custodian of <a target="_blank" href="">David Bowie’s ‘Space Oddity’</a>, Colonel Chris Hadfield (‘CH’). Chris thanks for joining us.</p> <p class="MsoNormal">CH: A beautiful Sydney morning here Chris, thanks.</p> <p class="MsoNormal">CC: You've been to Sydney many times and you've flown over Sydney thousands of times I'm sure. You gave a keynote session to close AMP Amplify yesterday afternoon, speaking to about 150 people. It's an inspiring and awesome session and you received a standing ovation at the end. I'm sure you get that around the world?</p> <p class="MsoNormal">CH: It's a huge compliment. Having been off the earth three times. That's about half a year on board a spaceship, gives you time to contemplate and think about the variety of life on Earth but also the commonality of life on Earth. And as far as we can tell, the absolute, unique preciousness of it. So, to come to Sydney and talk, essentially to a bunch of strangers, about ideas and about possibilities and have them honour me by standing up and applause at the end, it’s a wonderful privilege. </p> <p class="MsoNormal">CC: Well you mentioned there's ten thousand ideas bolted together on the Space Shuttle and the launch, and those types of things. For our audience which is predominately cybersecurity technology, you spent many months on the International Space Station. There's a lot of activity in Australia around the new space agency. We're seeing the militarisation of space. But one of the things I wanted to capture from your session yesterday. You're dealing in that advanced tech environment and you talk about leadership, team building and ultimately, again linking it back to cybersecurity, is preparing for failure. The inevitable aspect of failure. Just your thoughts around that first and then certainly we'll grab your ideas and experiences in cyber security and space.</p> <p class="MsoNormal">CH: You know Chris I think it's even more than the inevitability of failure, it's the necessity of failure.</p> <p class="MsoNormal">If you want to tiptoe around everything and never have anything go wrong. It's almost impossible to accomplish anything. You have to not only accept the fact that things are going to fail, things are going to go wrong, but eagerly look for it. Try and push your system under as safe and early, as circumstances possibly can, to the point of failure. It's why we do non-destructive testing. But we often, when things get expensive enough or complex enough, we sort of stop thinking of the necessity for failure and instead try and cross our fingers and hope for perfection. And just because we're hoping and crossing, doesn't mean that's going to happen.</p> <p class="MsoNormal">There's been an enormous change in space exploration over the last 15 years as a result of shifting that mindset. Of going from the way that the governments have traditionally approached space travel, to the way private industry is doing it now the way, with Space X and Virgin and Blue Origin’s Jeff Bezos. The way they're approaching it, it's almost like you roll out a new software package. You recognise it's going to have bugs. You do an update on a regular basis but you get it out there and working and build a safety net around it. So, the failure is acceptable. That it's okay and you learn the most when something goes wrong. If everything works the first time, you're sort of like, you're just tiptoeing, whistling past the graveyard. Well eventually, it's going to fail. The sooner it can fail, the sooner it can show you what still needs working on, the better. Whether it's cybersecurity or whether it's a whole space ship.</p> <p class="MsoNormal">CC: Do you think it might be, or have been, an advantage in that environment. Trying to translate and communicate that into a business environment where business seems to be risk averse to failure. Again, in technology and in our digital transformation. Do you think we should be more accepting of failure in business?</p> <p class="MsoNormal">CH: Well of course you don't want the actual business itself to fail. But what are you doing when things are going well? It's kind of the real question. Are you aggressively pursuing the things that are the highest probability of going wrong? What are you most vulnerable to?</p> <p class="MsoNormal">You know, if there's a change in commodity price or if there's a shift in regulation or if some other nation suddenly creates a competitive version of your product or whatever. Just like how I've approached my entire life, as a test pilot and as an astronaut, we used to always say; ‘what's the next thing it's going to kill me?’ Because that's the only thing that really matters. What's the next thing that's going to kill me? And am I ready for that to happen or not. And if I'm not, then let's use every second that's available up until that moment to get ready for that. Because then if it doesn't happen, no harm. If it does happen then the business doesn't crash or the spaceship doesn't crash. And it doesn't apply just to spaceships or businesses, it applies to operating a car or how you run your own life.</p> <p class="MsoNormal">The inevitability of anticipating failure and then simulating it and training for it and learning how to deal with it, so that when it does happen, you're not flummoxed and stopped or worst case, killed by it.</p> <p class="MsoNormal">CC: Of course. Let's touch on cybersecurity in space and the level of training that you would have had. And again, the precautions.</p> <p class="MsoNormal">CH: It's a funny thing. You wouldn't believe it but all of the computers on board the space station have a password. I just thought it was funny, there was only six of us up there.</p> <p class="MsoNormal">CC: Please don't tell me it's ‘admin’ ‘password’.</p> <p class="MsoNormal">CH: Who were we keeping the secret from? That's just the way it is. So, I even posted something on Twitter there, I think at one point. I said, just in case aliens come by, we’ve got passwords logging in all the laptops up here. Even logging into our exercise treadmill, you had to know the password. So of course, we just grease pencilled it on the wall.</p> <p class="MsoNormal">CC: So, the post-it notes are on the International Space Station. Good to know.</p> <p class="MsoNormal">CH: But we do take it really seriously, in that the space station is 100 percent digital. Operated in concert with the crew on board and mission controls all around the world. There's one in Moscow, one in Munich, one in Tokyo, one in Montreal and one in Houston. All of them are in high speed, continuous digital communication with the space station. So of course, the security of that is huge. If someone could somehow tap into it or get a command. Because we get e-mails up and down all the time, if someone put something into there, that would be any sort of malware, it could have deathly consequences for the crew on board.</p> <p class="MsoNormal">And there's only one space station for the whole world. So, we take it very seriously and everything is scanned to the best of our ability. We regulate the type of files that can go up and down. But right down to anti malware that's on board the space station itself. Amongst everything else that's going on, we also very much worry about our software not getting messed up.</p> <p class="MsoNormal">CC: You must have seen that sort of progression of technology across that. Even you talk about from your early childhood, all the way through. Then to actually be sitting up there and then to be doing YouTube videos, throughout to the world. Where do you see this heading? What is your projection? I suppose to close this off.</p> <p class="MsoNormal">CH: The space station is relatively primitive computer technology. The space shuttle was ridiculous. 128K memory ran the entire space shuttle. These little, very primitive, old, proven, space hardened computers. The space station, its core hardware is that way.</p> <p class="MsoNormal">But we run a lot of laptops on board to run all the various sensory systems. There's over 100 laptops on board. So, it's sort of piggybacking on top of the framework that runs the space station itself.</p> <p class="MsoNormal">But if you look at the new vehicles. The new one that Boeing has put out, which is Star Liner and the one that Space X has, which is their Crew Dragon. They're really taking advantage of the technology. A much more updated crew interface, much higher memory on board. And that's just the start. We want to take advantage of the early glimmerings of artificial intelligence. We don't want to have to manually do everything all the time of course, like the Apollo guys did. There were five hundred mechanical switches in the cockpit of the space shuttle. And you had to be intimately familiar with everything. Really analogue kind of vehicle.</p> <p class="MsoNormal">But it's becoming more and more digital like it ought to. That makes things lighter. Easy to make more levels of redundancy. Easier to control from a remote location. So, we need all of those things. And as we're heading towards now, going beyond Earth orbit, putting robots, and relatively soon people, permanently on the moon, we will want as much artificial intelligence, as much robotic help, as we can possibly get for the first settlers that are living on the Moon. And just paving the way for going even further. And I'm all for artificial intelligence. We need to learn how to control it. Like gunpowder and like fossil fuels, and all the other things that enable life, but also can have a detrimental effect. We need to learn how to integrate those responsibly into society. Artificial intelligence is the same thing. There are ways to do it. We've got a lot of precedents. But the advantages it can give us are huge and especially in the realms of exploration where it’s still very difficult to get to people there.</p> <p class="MsoNormal">CC: So you're talking and you can foresee a base on the moon and then moving that, using that as a sort of, as you say a base or a satellite, to move on. And the International Space Station, the future of that will be continued do you think?</p> <p class="MsoNormal">CH: The space station, the first space was launched in 1998, with a planned 30 year life, so till 2028. Another 10 years or so. And that's the first piece. There's been lots of pieces gone up in the last decade. So, the station, assuming that we all can manage to agree to continue to work it and we will, I think we'll be up there until the late 20s, maybe early 30s. We'll see. When the big pieces start wearing out and breaking, just like any old car, it's just a machine, creates more maintenance with time, like an old car.</p> <p class="MsoNormal">CC: You don’t want to be on there at the time.</p> <p class="MsoNormal">CH: But eventually, we'll just have to declare the end of its life and de-orbit it into the South Pacific, it'll mostly burn up, just like we did with the previous space stations. But by then we should have people orbiting the moon and living on the surface of the moon and just laying the groundwork for going further.</p> <p class="MsoNormal">And it sounds crazy and fanciful, and impossible. But when I was born no one had flown in space. All of this has happened in less than my lifetime and our early desperate flights were so hairy edge, crazy dangerous. And yet now we've had people living permanently on the space station for the last 19 years. And you hardly hear anything because it's just normal and safe, and part of what humans can do.</p> <p class="MsoNormal">So, you don't have to look too far into history to realise technology enables exploration and then settling into a new environment. You can look at New Zealand 800 years ago or Antarctica 50 years ago or space 20 years ago and very shortly the Moon. I’m realistically optimistic that's where we're headed. The real key is we need to keep it safe. We need to keep it productive. As part of the whole earth, moon economic system.</p> <p class="MsoNormal">CC: If anything, I think from what I take from you is also keeping it humble. That we are alone in this and we have to work together. It's a big takeaway.</p> <p class="MsoNormal">CH: Yeah, it's really important to use the inspirational and complex things in society to unite us. If you can do it all by yourself, that's fine. But if the very necessity of it drives people to work together, that's a good side benefit. And fifteen of the leading nations of the world have been working hand in glove for a quarter century on the International Space Station. There's hardly any project that parallels that. And you can look up any night or morning, early in the morning, just before the sun rises all across Australia, and watch the space station go over. And it's a good reminder of what we can do together, when we do things right.</p> <p class="MsoNormal">CC: Well I'm originally from Perth. A WA boy and you mentioned Perth many times. Look you do talk in extremes and the impossibilities. If anyone listening in our audience has the opportunity to see your presentation, they must take it. You've got the best holiday picks anyone has.</p> <p class="MsoNormal">CH: I’ve been extremely lucky in my life. I've worked hard. I've been willing to take some enormous risks, as a test pilot and then as an Astronaut. But with great risk often comes great reward. To me the rewards are almost hard to explain to myself, but thank you for the compliment. I do my best to explain it to as many people as possible.</p> <p class="MsoNormal">CC: Look you're a standout individual. You mentioned the stats yesterday. There's 18,000 applications to be an astronaut and 12 are selected and I think you are one of a kind and doing a lot for humankind. So, thank you very much it's been an absolute pleasure.</p> <p class="MsoNormal">CH: Nice to talk with you Chis, thanks.</p> <p class="MsoNormal">CC: Colonel Chris Hadfield, thanks for joining us on the <i>Cyber Security Weekly Podcast</i>.</p> <p class="MsoNormal">CH: Pleasure, take care.</p> <p class="MsoNormal">CC: Cheers mate.</p>
Jun 10, 2019
Episode 154 - Taking a data science approach to cybersecurity and threat prevention
<p>Interview with Mauricio Sabena, systems engineer manager, ANZ, Palo Alto Networks, based in North Sydney and discussion on using data science to improve threat prevention.</p> <p>Using a data science approach to cybersecurity and threat prevention can help organisations detect subtle malicious activity more easily, overcoming the challenge created by cybercriminals’ increasingly-automated approach. Businesses need to understand the potential challenges of using a data science approach as well as the possible benefits, so they can leverage data to outsmart cybercriminals. Palo Alto Networks has identified four key requirements for a data science approach to cybersecurity: 1. The right amount of quality data. Applying machine learning to data to automate decision-making is an ideal way to combat threats but, if the data isn’t accurate, up to date, or comprehensive enough, the machine won’t learn effectively and the approach won’t work. Likewise, security information and event management (SIEM) platforms aren’t built with the massive computing power that’s required for big data analysis. Running algorithms on big data lakes becomes difficult and costly, and it’s harder for businesses to manage these projects in-house. Cloud-based solutions can address this challenge because it’s easier to manage resources effectively and elastically in the cloud. Furthermore, customers will depend on security vendors that have huge amounts of high-quality data already, and will let customers run their algorithms on that data. Most security teams only have access to a few weeks of historical data; a vendor-enabled approach will overcome this challenge. 2. Sophisticated algorithms. Data science and machine learning rely on human-made algorithms. These algorithms need to be strong to deliver desirable outcomes. It’s important to put the data in context by looking at all apps, users, and content. This leads to the best quality data. It’s impossible to identify every malicious activity in isolation. Leveraging large amounts of good quality data teaches the machine what’s normal and abnormal. This makes it easier to detect malicious attackers in the network even if they’re exceptionally stealthy. 3. An open mind to false positives. Tuning processes to stop every threat often results in a high number of false positives that must be investigated, leading to unnecessarily-high workloads. Conversely, reducing the number of false positives may result in some attacks getting through. But, with the right data and algorithms, it is possible to lower the number of false positives and get more accurate alerts. 4. Historical records. When it comes to applying data science, historical information is essential. In general, most businesses keep a few weeks’ worth of alert logs, especially if they receive thousands of alerts every day. However, it would be more useful to retain six or seven weeks of data to provide enough of a baseline to determine what activity is normal and what isn’t. Then, when each alert is generated it can be actioned quickly and the security team won’t be overburdened with alerts. </p> <p>For the full article visit <a target="_blank" href=""></a></p> <p>Recorded on 22 May, 2019 at Palo Alto Networks, North Sydney.</p>
May 28, 2019
Episode 153 - DNSpionage: domain name system (DNS) infrastructure manipulation - Interview with Cricket Liu of Infoblox
<p>Interview with Cricket Liu, chief DNS architect and Jasper Chik, Systems Engineer Manager ANZ at Infoblox during the 'Australian Cricket Tour' to Sydney, Canberra and Melbourne.</p> <p class="MsoNormal">Attackers are executing DNSpionage attacks by hijacking and compromising millions of email and other credentials from a number of government and private sector entities. They then manipulate the DNS records of organisations to intercept and record their network traffic in this vast espionage campaign. As a result, users are pointed to malicious web and mail servers.</p> <p class="MsoNormal">DNS serves as a kind of phone book for the Internet by translating human-friendly website names into numeric Internet addresses that are easier for computers to manage. When it’s tampered with, it becomes difficult for anyone to discern whether what they are seeing online is legitimate.</p> <p class="MsoNormal">These sophisticated attacks were first identified in November 2018 and there have been several other public reports of additional attacks since then. Most recently, DNSpionage attacks have been causing further concern because the attackers (allegedly from Iran) have changed their tactics with new tools and malware to focus their attacks and better hide their activities.</p> <p>Cricket Liu, chief DNS architect at Infoblox, was in Sydney to discuss what DNSpionage actually is and the extent of the problem. We also discuss why Australian organisations should be concerned and how they can protect their businesses and users from attack.</p> <p class="MsoNormal">Cricket is one of the world’s leading experts on DNS and serves as the liaison between Infoblox and the DNS community. Cricket is a prolific speaker and author, having written a number of books including “DNS and BIND,” one of the most widely used references in the field, now in its fifth edition.</p> <p class="MsoNormal">Recorded in Sydney, 21 May 2019 and courtesy of Infoblox. For more information visit <a href="" target="_blank"></a></p> <p> </p>
May 24, 2019
Episode 152 - The Toll of TOLA - Australia's Amendment for Assistance and Access
<p>Interview by Executive Editor Chris Cubbage with Nick FitzGerald, Senior Research Fellow of ESET, discussing the Telecommunications and Other Legislation Amendment (Assistance and Access) Act (TOLA).</p> <p>Based on the interview, conducted on May 1, 2019 in Sydney, Nick has provided the following opinion piece:</p> <p class="MsoNormal">During the podcast, in response to something I said about the extremely broad-brush definitions in the <a target="_blank" href="">Telecommunications and Other Legislation Amendment (Assistance and Access) Act (TOLA)</a>, Chris said “We have to then trust the government to use the legislation in the correct way and not in their own sort of interpreted manner.” On reflection, I think that is largely why there is so much unease about TOLA. I’m no legal scholar, but a little online searching readily confirms my expectation that avoiding ambiguity or obvious points for diverging interpretation is core to drafting good legal documents of any kind, be they employment contracts, conveyancing agreements or parliamentary Bills.</p> <p class="MsoNormal">It seems the government is aware of this, as one of the defences it stood up to face the extensive criticisms levelled at earlier versions of the Bill (now TOLA), is a FAQ-style <a target="_blank" href="">Myths about the Assistance and Access Act</a> page. The defences on that page are generally unconvincing. Many just restate the intentions attributed to the former Bill (now TOLA), and few of them provide clear support for the denials of the “myths” they purport to debunk. Perhaps someone should explain to the Department of Home Affairs that referring, in a circular manner, back to the exact text in the Act that gave rise to a concern (or “myth” in the Department’s view) in the first place is unlikely to allay the concerns that that text raises with so many people. That it is clearly open to multiple interpretations is, in and of itself, evidence of deep problems with TOLA.</p> <p class="MsoNormal">Enough about the quality of its drafting – what else about TOLA should concern us?</p> <p class="MsoNormal">We live in an age that has recently seen an explosive growth in the digitalisation of our everyday lives, and we expect this to continue for some time, with the continuing, rapid growth of the internet of things. Further, the looming adoption of 5G, with its greater bandwidth and reduced latencies, promises even more connected “things” and services. However, we are also increasingly aware of just how poorly secured much of the already internet-connected stuff we now depend on is, and perhaps ironically, this has driven increased consumer demands for better security, better encryption of network traffic, and so on.</p> <p class="MsoNormal">And that we are increasingly turning to encryption-protected services, which means the criminal elements are too, is clearly what partly motivates the provisions of TOLA. When the bad guys used landline telephones, law enforcement could readily tap all calls to or from a given phone at the local telephone exchange (or anywhere along the trunk cables with some additional effort). The move to cell phones complicated that somewhat, particularly once cheap “burner” phones became available and could simply be bought over the counter with no registration, phone company contracts and so on. But now, we are told, the bad guys are increasingly moving to end-to-end encrypted messaging, voice and video calling services, such as WhatsApp, Telegram and Signal.</p> <p class="MsoNormal">Early criticism of what was to become the Bill (now TOLA), centred around some truly awful messaging from some of the politicians involved, who seemed to be suggesting that Australia’s intelligence agencies had advised the government that the encryption itself could be broken. This resulted in responses from the “you clearly do not understand mathematics” end of the spectrum through to what was basically name-calling. As time passed and drafts of the Bill appeared, it became clear that – to be polite – these politicians had misspoken.</p> <p class="MsoNormal">Although contributing to the UK’s version of the same debate, two senior UK spooks – the technical directors of the National Cyber Security Centre, and of cryptanalysis, both parts of GCHQ – published an article <a target="_blank" href="">on the Lawfare blog</a> explaining the UK’s approach to the same set of perceived problems. In short, they argued that just as “the early digital [telephone] exchanges enacted lawful intercept through the use of conference calling functionality”, it should be “relatively easy for a service provider to silently add a law enforcement participant to a group chat or call”. Such solutions would require the client app on the target device(s) to be modified to not indicate that an apparent one-to-one call was actually a group call, and likewise that a group call contained N – 1 participants if one of those was a lawful intercept. As another member of the Five Eyes alliance, it seems that this kind of thinking behind the developing framework for the UK’s own exceptional access legislation is probably not too dissimilar to what the drafters of TOLA had in mind.</p> <p class="MsoNormal">While many of today’s most popular messaging and VOIP protocols do employ a central broker of some kind to at least perform the initial setup of sessions between callers, that is not a necessity of such designs. Fully decentralised, peer-to-peer systems, where no one client or central authority controls how connections are setup, what encryption keys are used, and so on, already exist. Further, TOLA specifically prohibits an order that would prevent an existing service provider from switching to use such a protocol, even if they were doing so explicitly to avoid being able to cooperate with Australian law enforcement intercept orders under TOLA.</p> <p class="MsoNormal">But why all the focus on just the modern equivalent of yesteryear’s telephone systems? We now live the era of the cunningly mis-branded “smart speaker” that millions have rushed to adorn their kitchens or living rooms with. And most of us carry a device apparently purpose-made for spying on our every move with its GPS sensors, microphones, multiple video cameras, multi-axis accelerometers and all with near-permanent internet connectivity. The overlords of Oceania in Orwell’s 1984, with their paltry “telescreens”, would be gobsmacked at the sheer enthusiasm with which we embrace contemporary technology that could so easily be turned to surveil us. As much of this technology only works through communicating with its centralised cloud services, these all appear to also be fair game to TOLA…</p> <p>Related reading:</p> <p>ACSM Post: <a href="" target="_blank"></a></p> <p>ACSM Article - ESET - <a href="" target="_blank">How to detect, mitigate and stop cryptomining malware</a></p> <p> </p>
May 15, 2019
Episode 151 - Interview with Jacqui Loustau, Founder of the 'Australian Women in Security Network' (AWSN)
<p>Interview with Jacqui Loustau, Founder of the Australian Women in Security Network, speaking just prior to a joint AWSN and Cyber Risk Meetup event in Melbourne. </p> <p>Jacqui shares insight to the AWSN and how the group was born from her desire to share her own challenges in being one of the few women in the room, attending industry events in a male dominated sector.  She wasn’t alone. The women’s network grew rapidly, and nationally, to now having 1,700 members and retaining the focus of connecting, supporting and inspiring women in the security industry. This includes cybersecurity, physical security or the less recognised security roles like business continuity and fraud prevention. </p> <p>Jacqui makes mention of women who assisted along the way, including Helaine Leggat, Noushin Shabab and Bonnie Butlin and some of the activities and initiatives the AWSN has planned in 2019 - including a soon to be made announcement with the 'Women Speak Cyber' collaboration to help five participants to coach them with public speaking. The AWSN is also supporting the 'International Women in Cyber Day', to be held on 1 September, with a national conference and awards event on 3 September in Melbourne.</p> <p>For more information and to get involved, visit <a href="" target="_blank"></a></p> <p>For a wrap-up of the Cyber Risk Meetup &amp; AWSN event - check out it <a href="" target="_blank">here</a></p> <p>Recorded April 30, 2019 at EY Australia, Melbourne.</p>
May 02, 2019
Episode 150 - Interview @ICE71 with Head of Innovation & Partnerships at Singtel Innov8 - developing cybersecurity innovation and talent globally
<p>Jane Lo, Singapore Correspondent speaks with Paul Burmester, Head of Innovation &amp; Partnerships of Singtel Innov8, about their role on developing the cybersecurity innovations and talents in the region, and globally in Europe and North America. Interview highlights include discussion on venture capital strategy versus other financial alternatives, mentoring, due diligence, and the investing process. And what success means, in Asia Pacific and other regions.</p> <p class="MsoNormal">Paul is leading a team responsible for identifying and engaging with innovative startups globally, supporting their growth and driving engagement, in support of the Singtel Group strategy. The team also build and drive various Innov8 programmes and partnerships to activate and grow awareness in the startup ecosystem, such as the Innov8-Connect programme; ICE71, Asia’s first cybersecurity startup hub and ecosystem; and the Go-Ignite alliance, an initiative that offers startups access to over a billion customers through engagement with the Singtel Group, Telefonica, Orange and Deutsche Telekom.</p> <p class="MsoNormal">Paul brings many years of experience from within the technology industry and continues to be amazed and excited by the new innovations and opportunities the industry presents.  His career has seen Paul drive six successful exits, effectively building and/or turning around early stage technology businesses to the point of global market success, lading to over $4.7B in increased shareholder value gained through profitable exits via IPO and/or acquisition.</p> <p class="MsoNormal">Amongst his most notable recent successes in the technology sector was the exit of SpinVox, a leading developer of “Speech to Text” technology, that was acquired by Nuance for $103M;  the exit of ViAir, the first company to develop real time mobile access to Exchange and Notes, which was sold to Visto for $65M; Paragon Software, the inventor of SyncML, was acquired by for $515M; and Mobile Systems international, the leading designer of mobile phone networks, sold to Marconi for $618M.</p> <p class="MsoNormal">Currently based in Singapore, Paul has lived and worked in various countries across Europe, Asia and the Americas. In his spare time, Paul can be found climbing mountains, exploring jungles, diving under the oceans and seeking out new adventures.</p> <p class="MsoNormal">Recorded in Singapore on Monday 25 March 2019 in recognition of ICE71 supporting the Cyber Risk Meetup, held at ICE71 on November 1, 2018 - event wrap-up is available <a target="_blank" href="">here</a></p> <p> </p>
May 01, 2019
Episode 149 - Eaton's CTO's role & perspective of the global cybersecurity landscape and mitigated risk across power networks
<p class="MsoNormal">Interview with Eaton’s Chief Technology Officer and security strategist, Michael Regelski.</p> <p class="MsoNormal">Michael has more than 30 years’ experience working in senior technology leadership roles with expertise in cybersecurity, and is currently the CTO of <a target="_blank" href="">Eaton</a>, a global power management company with 2018 sales of $21.6 billion. As a CTO Michael monitors the cybersecurity landscape and risk across power networks and the need for global security standards.</p> <p class="MsoNormal">We discuss Michael's role at Eaton and how he was in Australia as part of the International Electrotechnical Commission (<a target="_blank" href="">IEC</a>) Cybersecurity Council Market Strategy Board. Michael’s visit to Australia also marks Eaton’s collaboration with global safety science organisation UL, to establish a measurable cybersecurity standard for network-connected power management products and systems supplied in Australia and beyond. Eaton’s testing lab is the industry’s first research and testing facility approved to participate in UL's Data Acceptance Program for cybersecurity.</p> <p class="MsoNormal">Alongside Michael's visit to Australia, Eaton’s collaboration with UL was highlighted with the release of their new <a target="_blank" href="">Gigabit Network M2 switch</a>.</p> <p class="MsoNormal">Recorded courtesy of Eaton at their Sydney showroom on 3 April 2019.</p> <p> </p>
Apr 29, 2019
Episode 148 - Privileged Access Management, SingHealth Breach & Beyond Trust solution addressing ASD Top4 - Essential 8
<p>Interview with Gene Ng, Regional Vice President for Asia Pacific &amp; Japan and Ani Chand, Security Architect for Asia Pacific &amp; Japan for BeyondTrust.</p> <p class="MsoNormal">The interview follows a Cyber Risk Leaders forum held on April 11 and taken as an opportunity to consider the on-going compromise of large corporations and government. A case study on the <i>Sing Health</i> data breach is explained, along with the renewed <i>ASD Top 4 &amp; Essential 8</i> and on-going impact on international cyber security.</p> <p class="MsoNormal">Discussed is the ASD white paper, available at <a href=""></a></p> <p>For more information on BeyondTrust visit <a href=""></a></p> <p class="MsoNormal">Recorded in Sydney on April 12, 2019. BeyondTrust were supporters to the Cyber Risk Leader's Forum.</p>
Apr 17, 2019
Episode 147 - Pre-War Phase, Warfare & Cyber: Amongst Space, Air, Land, Sea, Time & Perception - Interview with Dr. Malcolm Davis, ASPI
<p>"In WWII we primarily fought a three-domain fight — sea, air, &amp; land...Today, &amp; in the future, we will be fighting adversaries in seven domains — sea, air, land, space, cyber, as well as two “new-old” domains: perception &amp; time." (1)</p> <p>Whilst in Canberra for the #CyberTaipan National Finals pilot program, we visited the Australian Strategic Policy Institute (ASPI) and met with Dr. Malcolm Davis, Senior Analyst to discuss defence, cyber, space, <a href="">China</a>, <a href="">USA</a>, <a href="">droneswarms</a>, <a href="">Warfare Tactics</a> in this pre-war phase.</p> <p class="MsoNormal">A confronting discussion with terms and reference to the reality of AI/ML driven fire-ant warfare tactics, the '<a href="">Thucydides</a> trap', <a href="">slaughterbots</a> and <a href="">hypersonicweapons</a> - “brilliant weapons that can think for themselves”</p> <p class="MsoNormal">Recorded 15 March 2019, Canberra.</p> <p class="MsoNormal"><i>RELATED INTERVIEW</i></p> <p class="MsoNormal"><a target="_blank" href="">Episode 87 - Australia’s Offensive Cyber Capability and Deterrence In Cyberspace, interview with Fergus Hanson, ASPI’s International Cyber Policy Centre</a></p> <p class="MsoNormal"><a href="" target="_blank">Episode 138 - Cyber Breach Communication Playbook - In-depth interview with author Peter Coroneos</a> (Discussion includes the '<a href="">Thucydides</a> trap' - USA &amp; China)</p> <p class="MsoNormal">REFERENCES &amp; FURTHER READING</p> <p class="MsoNormal">(1) Future War Not Back to the Future, Lt. Gen. Mike Dana. Lt. Gen. Dana is a career logistician and strategic planner. He served in Desert Storm, Operation Restore Hope in Somalia, Operation Iraqi Freedom, and Operation Enduring Freedom. His last joint assignment was as the Director of Strategic Planning and Policy at US Indo-Pacific Command. <a href=""></a></p> <p><a target="_blank" href="">ADMIRAL PHILIP S. DAVIDSON, U.S. NAVY, COMMANDER, U.S. INDO-PACIFIC COMMAND, 12 FEBRUARY 2019</a></p> <p class="MsoNormal">"The speed of war has changed, and the nature of these changes makes the global security environment even more unpredictable. It’s dangerous and unforgiving. Time and decision space have collapsed, so our approach to warfare must adapt to keep pace</p> <p class="MsoNormal">Beijing and Moscow continue to develop and field advanced counter-intervention technologies, which include highly maneuverable reentry vehicle and warheads (hypersonic weapons). Beijing and Russia possess cruise missiles and small-unmanned aerial systems (sUAS) that fly different trajectories, making them hard to detect, acquire, track, and intercept due to unpredictable lowflight profiles and sophisticated countermeasures. North Korea retains its nuclear and ICBM capabilities.</p> <p class="MsoNormal">Effective counters to the expanding asymmetric unmanned aerial system (UAS) threat including potential for multiple swarms of small UAS.</p> <p>The challenges grow each year as our forces continue to deploy at unprecedented rates while the DoD grapples with fiscal uncertainty."</p> <p>ASPI REPORTS &amp; REFERENCES</p> <p>ASPI Strategist - <a target="_blank" href=""></a></p> <p>Dr. Malcom Davis - <a target="_blank" href=""></a></p> <p>Reports</p> <p><a target="_blank" href=""></a></p> <p><a target="_blank" href=""></a></p> <p><a href=""></a></p> <p><a target="_blank" href=""></a></p> <p><a target="_blank" href=""></a></p> <p><a target="_blank" href=""></a></p> <p><a href="" target="_blank"></a></p> <p>Additional - WA Government Huawei project</p> <p><a href=""></a></p>
Mar 29, 2019
Episode 146 - High-Performance Computing (HPC) and why it matters for Australia: Pawsey Supercomputing Centre
<p>Jane Lo, Singapore Correspondent interviews Mark Stickells, Executive Director, Pawsey Supercomputing Centre, based in Perth, Western Australia.</p> <p class="MsoNormal">Why HPC or Supercomputing – high performance computers that perform at highest operational rate - matters to Australia’s vision for 2030 to be a top tier innovation nation, and the history behind Pawsey, HPC projects, partnerships across the world, and talent development at the centre.</p> <p>Mark is a research executive with more than 20 years’ experience working at a senior level in innovative research and business development roles in complex, multi-stakeholder environments. Through national and international programs and joint-ventures, Mark had successfully led initiatives to accelerate the impact of research, development and education programs for Australia’s key energy, mining and agricultural sectors.</p> <p>He is a former Chief Executive of an LNG research and development alliance of CSIRO, Curtin University and UWA, partnering with Chevron, Woodside and Shell. Prior to his appointment at Pawsey Mark led the innovation and industry engagement portfolio at The University of Western Australia. In addition, Mark is the current Chair of the Board of All Saints’ College and was appointed an adjunct Senior Fellow of the Perth USAsia Centre (an international policy think tank) in 2017.</p> <p>Recorded 13 March 2019 at SuperComputing Asia #SCA2019 in Singapore.</p> <p> </p>
Mar 27, 2019
Episode 145 - #GameOn with #OzCyberinUSA2019 - Interview with Michelle Price, CEO, AustCyber in San Francisco for #RSA2019
<p>In San Francisco for the joint AustCyber and Austrade “Australian Cyber Security Mission to the USA”, MySecurity Media's Director Dave Matrai interviews Michelle Price, AustCyber CEO and discusses Australia’s position on the global cyber security stage.</p> <p class="MsoNormal">The discussion includes how the Australian cyber security industry has changed over the past 3 years and why Australia is an attractive destination for investment into Australian cyber security innovation.</p> <p class="MsoNormal">Recorded 5 March 2019. MySecurity Media were official media partners to AustCyber for the RSA  Conference 2019. #GameOn #OzCyberinUSA2019</p> <p class="MsoNormal">For more information on AustCyber visit <a target="_blank" href=""></a></p> <p> </p>
Mar 24, 2019
Episode 144 - #CyberTaipan joins an International program delivering a critical skills pipeline with #CyberPatriot #CyberCenturian #CyberArabia
<p>This interview with Michelle Price, Chief Executive Officer of AustCyber and Diane Miller, Director, Global Cyber Education &amp; Workforce Initiatives for Northrop Grumman provides insight into the CyberTaipan Finals Competition held in Canberra on 16 March 2019 and the program's link to the USA, UK and Saudi Arabia.</p> <p class="MsoNormal">Recorded on Saturday, 16 March at the Canberra Institute of Technology. MySecurity Media attended CyberTaipan courtesy of AustCyber.</p> <p class="MsoNormal"><a href="" target="_blank">#CyberTaipan Finals Competition creates focus on CyberSecurity in Canberra - Podcast &amp; Editor's Insights</a></p> <p class="MsoNormal">Saturday, March 16, 2019 was a unique and eventful day for cyber security in the nation’s capital, with two events appropriately linked by AustCyber, the Australian Cyber Security Growth Network (ACSGN). </p> <p class="MsoNormal">BSidesCanberra, into its fourth year, welcomed well over 2,000 delegates from the Infosec community to delve and dive into the dark arts of hacking, breaking and picking at the National Convention Centre. The event was reportedly enlivened with a fire evacuation thanks to a smouldering lithium battery, clearly a sign that the machines were being put to the test. Whilst across the road, at the Canberra Institute of Technology, a national finals pilot program for Australia’s first CyberTaipan competition was underway, with support from some of Australia’s largest enterprises, Northrop Grumman, Blackberry, PwC Australia and Woodside Energy.</p> <p class="MsoNormal">Both events were fully supported by AustCyber, with CyberTaipan delivering a major ‘workforce development pipeline’ project for the ACSGN. The winning team, TSS or The Southport School, took a strong and early lead, and were announced as winners at an awards dinner ceremony at Parliament House that evening. The Canberra Festival fireworks was a timely conclusion and celebration to an eventful day.</p> <p class="MsoNormal">CyberTaipan, Australia’s first such competition, follows that of the CyberPatriot program in the US, now in its eleventh year and CyberCenturian (UK) and CyberArabia (Saudi Arabia) in their fifth years. Facilitated by the US Airforce Association, ten teams from across the east coast of Australia were set through their paces over 4 hours. The task was to protect and defend a corporate network for a local government organisation and undertake a series of challenges along the way. In a sense, these talented high school students were learning to defend against those 2,000+ hackers from across the road at the NCC. Indeed, there is little doubt that the CyberTaipans will soon make their way to one or more of the BSides events being annually held around Australia. </p> <p class="MsoPlainText">Whilst starting on a relatively small scale in 2009, CyberPatriot has grown to involve 6,387 teams from across the USA in 2019. Though the CyberPatriot program isn’t just the beginning. The USA program actually starts for many students with ‘Sarah the Cyber Hero’, created as a pre-reader book for preschools and grandparents, a cyber security and online safety program throughout the 5 -11 years and week-long summer cyber camps for 12-18 year-olds. All these are designed to complement and gap fill the normal curriculum in the classroom.</p> <p class="MsoPlainText">A good example of how CyberTaipan connects and inspires was Josie and Lang, aka Team Sparkling Stars, the only all girls team. Speaking at Parliament House, each were proudly pleased with their day’s effort. “We did better than we thought”, said Josie. Their Teacher and Coach, Matthew Phillips confirmed the two were introduced to each other via CyberTaipan and their respective interests from their Year 11 and Year 12 computer programming class. Josie, now at the Australian National University in her first year of Engineering and IT, and Lang, contemplating a degree next year in computer science or physics, still presented as normal teenage girls. Apart from doing well, when asked what was the stand out for the day? Lang was quick to reply, “Getting up at 8:00am on a Saturday!” A challenge for any teenager.</p> <p class="MsoPlainText">Diane Miller, Director, Global Cyber Education &amp; Workforce Initiatives for Northrop Grumman was clear in her message to the pilot program finalists during her awards ceremony presentation. Diane outlined the cyber defence skills that are taught and nurtured in the program, designed to develop successful professionals in the cyber security world. Highlighting contemporary cybersecurity skills, Diane emphasised the need is much more than just technical skills. Communication, oral and written, is needed to convince executives of the risk, as well as, communicating what has occurred with written trouble reports and forensic reports. They also need to collaborate and work within a multi disciplined team. Importantly, diversity is clearly a contributor to problem solving, yet this then requires leadership as a critical attribute to leading a diverse team. All this needs to be supported with intellectual curiosity and having tenacity to resolve problems through to a successful resolution, as well as acting with integrity in handling sensitive data and acting ethically. CyberTaipan develops all of these skills and reinforces the need for individual skills, producing well rounded students and developing a job ready cyber workforce. Indeed, 92% of students from CyberPatriot end up in roles within cybersecurity and computer science, Diane confirmed.</p> <p class="MsoPlainText">In addition to Northrop Grumman’s anchor support, as an 80,000 person, global employer, CyberTaipan also had big industry support with Blackberry, PwC and Woodside Energy. Rachel Brennan, Manager Cyber Capabilities and Threat Intelligence with Woodside Energy wisely told the students that as a cyber security professional, no two days are the same. Rachel’s role involves the responsibility of up-skilling the entire Woodside Energy workforce, as well red teaming, policy development and incident response. David Nicol, managing director of Blackberry Australia highlighted the needs of business is different based on size and sector, however cybersecurity challenges are often aligned to awareness, policy and technical capability. PwC Australia’s Steve Ingram laid out the endless options open to the CyberTaipan finalists, contrasting a career in cybersecurity to that of the London underground – extensive and interconnected.</p> <p class="MsoPlainText">Yet despite a passionately inspiring close by Michelle Price, AustCyber’s CEO, the highlight of the evening was AustCyber’s Program Director for National Workforce Development, Owen Pierce, as the awards dinner MC. Owen was able to break it right down for all and connect with these young people at their level – with Dad jokes! “Why is Beef Stew not a good password?” Owen asked. “Coz it’s not just not Stroganoff.” I laughed Owen!</p> <p class="MsoPlainText">Stay tuned for CyberTaipan 2020. Not only is an announcement anticipated later in the year but 2020 may hold the prospect for an International competition. Definitely one to get prepared for and recommend any Australian employer, put these and future CyberTaipan finalists down on a LOTBKF list and review on future resumes – these kids will be in the highest demand.</p> <p class="MsoNormal">There were 38 students, aged 12 – 18 years, from across the country competing in the pilot National Finals. The Southport School from the Gold Coast, Queensland took home the prestigious title as the winning team, whilst Lake Tuggeranong College ACT’s team took second place, and Victoria-based Australian Air Force Cadets, 415 Squadron came third. Well done to all! #Gameon #CyberTaipan</p> <p> </p>
Mar 21, 2019
Episode 143 - Security contrasts of HPC & Cloud Computing and introduction to the National Computational Infrastructure at the Australian National University
<p> <p class="MsoNormal">Jane Lo, Singapore Correspondent speaks with Andrew Howard, Cloud Team Manager, National Computational Infrastructure at the Australian National University (Canberra).</p> <p class="MsoNormal">HPC and Cloud Computing have different security considerations and yet both involve humans being the weakest link, in particular within the HPC environment where there is often a higher level of trust required.</p> <p class="MsoNormal">Andrew Howard has decades of hands-on technical, academic and logistics experience covering a wide range of standard and bespoke technologies, languages and applications within Industry, Government and Academia nationally and internationally.</p> <p class="MsoNormal">His current role at the National Computational Infrastructure (NCI) covers working on High Performance Networks, Computing and Cloud systems. He led the development of InfiniCloud an extension of HPC InfiniBand capabilities into Openstack Clouds and the creation of the first trans-Pacific extended InfiniBand network connecting Australia and Singapore through the USA to deliver the next generation of high speed data transfer and distributed computation. Most recently he has worked closely with AARNet to define and implement AARNet-X a 100G network linking NCI to the world at the highest possible speed for big-data science.</p> <p class="MsoNormal">Recorded at Super Computing Asia, held in Singapore, 11-14 March 2019</p> </p>
Mar 17, 2019
Episode 142 - Getting traction in the US Market via the San Francisco Landing Pad - Australian cybersecurity entrepreneurs in residence #OzCyberinUSA2019
<p>In this episode MySecurity Media's David Matrai talks with two Australian entrepreneurs based at the Australian Landing Pad @WeWork, San Francisco. An initiative of Austrade, Landing Pads help market-ready startups and scaleups take their business global.</p> <p class="MsoNormal">Martin Cho of Vertex Security and Matthew Nevin of Cybermerc are two of the Australian entrepreneur residents at the Landing Pad and share their experience of moving into the American market. We’re also joined by Gabe Sulkes, Landing Pad Manager, Australian Trade and Investment Commission (Austrade) who has some terrific advice too. Enjoy the discussion!</p> <p class="MsoNormal">Links:</p> <p class="MsoNormal">Australian Landing Pad – San Francisco - <a href=""></a></p> <p class="MsoNormal">Vertex Security – <a href=""></a></p> <p class="MsoNormal">Cybermerc – <a href=""></a></p> <p>Recorded in San Francisco as Official Media Partners to the AustCyber USA Trade Mission to the RSA Conference 2019 #OzCyberinUSA2019</p> <p> </p>
Mar 12, 2019
Episode 141 - Insights to Illumio Adaptive Security Platform & Micro-Segmentation
<p>Interview with Andrew Kay, Systems Engineer with Illumio. The Illumio Adaptive Security Platform® (ASP) secures the inside of any data centre and cloud – running any form of compute – with micro-segmentation enabled by application dependency and vulnerability maps.</p> <p>Illumio ASP delivers micro-segmentation that is enabled by combining vulnerability data with real-time traffic visibility. This combination enables organisations to understand how their applications work, see where they are most vulnerable, and use that visibility to create and enforce micro-segmentation policies.</p> <p>Andrew Kay has over 15 years’ experience in security and quality assurance working with organisations across Asia Pacific to strengthen their resilience to cyber threats. Having worked with major industry players like Micro Focus and HPE, Andrew now represents Illumio South Pacific as he combines his knowledge of technology and industry to design and implement solutions that prevent attackers' lateral movement, protect high-value assets and achieve compliance goals.</p> <p>Illumio is supporting the Cyber Risk Meetup events in Sydney and Melbourne in 2019 and is listed on the MySecurity Marketplace, including listed reports; <a target="_blank" href="">How to secure your crown jewel applications</a> and <a target="_blank" href="">How to Build a Micro-Segmentation Strategy</a></p> <p><a target="_blank" href=""></a>For more information or to register interest visit <a target="_blank" href=""></a></p> <p><a target="_blank" href=""></a>Recorded on Monday 4 March 2019 in Sydney, Australia</p> <p> </p>
Mar 09, 2019
Episode 140 - DevOps and the journey to DevSecOps with #OzCyberinUSA2019 - Interview with Paul McCarty of SecureStack
<p>Recorded in San Francisco at the RSA Conference and part of #OzCyberinUSA2019, MySecurity Media's Dave Matrai interviews Paul McCarty of SecureStack.</p> <p class="MsoNormal">This is a great story about an American that’s come to Australia, become an Aussie and is on a mission to take his company back to America! Already working with a number of government clients, Paul discusses his insights into DevOps and the journey he is undertaking as part of CyRise.</p> <p class="MsoNormal">Recorded in San Francisco at WeWorks during #RSA2019 and in collaboration with AustCyber and AusTrade. MySecurity Media is the Official Media Partner to AustCyber for the West Coast USA Trade Mission &amp; RSA Conference 2019.</p> <p class="MsoNormal">For more information stay tuned with #OzCyberinUSA2019 or visit</p> <p> </p>
Mar 06, 2019
Episode 139 - Probable not Provable Privacy for Census Data vulnerable to attack - Chief Scientist Optus Macquarie University Cyber Security Hub
<p>Interview with Professor Dali Kaafar, Chief Scientist at Optus Macquarie University Cyber Security Hub and Professor at the Faculty of Science and Engineering at Macquarie University. Professor Kaafar and Macquarie University Lecturer Hassan Jameel Asghar, released a paper mid February, titled, <a target="_blank" href="">‘Averaging Attacks on Bounded Perturbation Algorithms’</a> that identifies and demonstrates a vulnerability of the Perturbation Algorithm used by the <a target="_blank" href="">Australian Bureau of Statistics</a> for its online tool, TableBuilder, that enables querying the Australian Census Data.</p> <p class="MsoNormal">Dali Kaafar has disclosed “In a nutshell, the algorithm named TBE, perturbing answers to the queries by adding noise distributed within a bounded range is faulty and puts the highly sensitive original census data at major risk of being revealed. We demonstrated how an attacker, who may not know the perturbation parameters, can not only find any hidden parameters of the algorithm but also remove the noise to obtain the original answer to any query of choice. None of the attacks we presented depend on any background information. Implications of go beyond re-identification risks. The attack reveals values intended to be hidden by the TBE algorithm and hence reconstructs the original census data. While the attack is applicable to the actual Australian census data available through TableBuilder, for ethical considerations we only show the success of the attack on synthetic data. We note however, that the perturbation method used in ABS TableBuilder tool is proven vulnerable to this attack.</p> <p class="MsoNormal">In response to the research, an ABS spokesperson stated, “The ABS is strongly committed to privacy.  With emerging data analytics techniques, the ABS needs to be on the front foot of any emerging risks to the data we hold.  We have been working,  and will continue to work, with leading experts to ensure we are using the best approaches possible to protect individuals’  data.</p> <p class="MsoNormal">The ABS has been working with Dr Kaafar and his co-researchers on Table Builder, and strategies to mitigate the vulnerability discovered by the researchers since early 2017. The ABS has already implemented measures to address the vulnerability.  This includes reducing the amount of details to be accessed by certain Table Builder applications, strengthening the terms of use of Table Builder and also regularly monitoring the job logs to forestall any possible attacks.</p> <p class="MsoNormal">There is no evidence of anyone’s privacy being compromised with the use of Table Builder.”</p> <p class="MsoNormal">The discussion includes consideration to the Differential Privacy framework and the application of provable privacy versus probable privacy for the 2020 USA Census.</p> <p class="MsoNormal">Interview recorded in Sydney on 26 February 2019.</p> <p class="MsoNormal">Original release on the Australian Cyber Security Magazine website is available <a href="" target="_blank">here</a></p> <p> </p>
Feb 27, 2019
Episode 138 - Cyber Breach Communication Playbook - In-depth interview with author Peter Coroneos
<p><a href="" target="_blank"></a>This interview starts with a book review but dives into Peter's long and fascinating journey, starting as the CEO of the Internet Industry Association in 1997 and through to his observations of today's contemporary cyber environment and potential for the next cyber crisis - including an existential threat with an apparent escalating Cyber War between the major powers of USA and China.</p> <p class="MsoNormal">Peter is the CEO of <a target="_blank" href="">Icon Cyber</a> and the APAC Regional Head for <a target="_blank" href="">CyAn - CyberSecurity Advisors Network</a></p> <p class="MsoNormal">For a full book review visit <a target="_blank" href=""></a></p> <p class="MsoNormal">To purchase the book visit <a target="_blank" href=""></a></p> <p class="MsoNormal">This book, co-authored with Michael Parker, starts at 2:30am. Waking to the news of a serious cyber security breach, this is a time as a Director or Executive you are best already prepared, rather than scrambling to get with the cyber jargon and have the first read of the Notifiable Data Breach legislation. There are new obligations and an ever increasing expectation on companies and organisations subject to the <i>Privacy Act</i> to get the response right. </p> <p class="MsoNormal">As a ‘playbook’, Peter and Michael have set out to provide clear guidance of a practical nature, so that if organisations are faced with, say a ransomware demand, they have a decision-making framework to help ask the right questions.</p> <p>Recorded in Sydney, 20 February 2019.</p>
Feb 26, 2019
Episode 137 - Digital Risk, Cybersecurity and SCADA network security with GHD Digital
<p>Recorded in St Leonards, NSW, Sunil Sharma, Digital Risk &amp; Cybersecurity Leader with GHD Digital provides insight into the firm’s digital and cybersecurity services, predominantly delivered to industry, resources, mining and critical infrastructure such as Energy, Water and Transport sectors. With increasing data analytics capability, the importance of cybersecurity and network protection rises accordingly and adherence to the Australian Critical Infrastructure Act or Singapore’s Cybersecurity Act. With 10,000 staff across the world, GHD Digital is a leading consultant and engineering firm at the forefront of a digitally transforming industry mindset and regulatory environment.</p> <p>GHD Digital were sponsors of the Cyber Risk Meetup in Sydney (<a href="" target="_blank">October 18 - No Longer a Secret</a>) and Perth (<a href="" target="_blank">November 19 - All Industry All In</a>) and will be supporting the next Perth CyberRiskMeetup on April 10. For more information visit <a href="" target="_blank"></a></p>
Feb 26, 2019
Episode 136 - CISO Town Hall takeaways and the Cyber Risk Meetup events outlook for Australia and Singapore
<p>First of the year catch up with Shamane Tan, organiser of the Cyber Risk Meetup events in Australia and Singapore. We discuss the recent CISO Town Hall Twitter event and the key takeways from CISOs around the world, upcoming event with the Australian Information Security Association on February 20 in Sydney discussing Prudential Standard CPS 234 and Open Group FAIR (now a Sold Out event) and Cyber Risk Meetups scheduled in Sydney, Melbourne, Perth, Brisbane and Singapore from February through to October.</p> <p>Also a mention for cyber and security industry events being held in Sydney and Melbourne as part of International Women’s Day on 8 March 2019 and a special All Women edition of the Australian Cyber Security Magazine.</p> <p>Relevant links for more information are:</p> <p><a target="_blank" href="">CISO Town Hall takeaways – Shamane Tan Linkedin post</a></p> <p><a target="_blank" href=""></a><a target="_blank" href=""></a></p> <p><a target="_blank" href=""></a><a href="" target="_blank">Illumio Whitepaper - How to Secure Your Crown Jewel Applications</a></p> <p><a href="" target="_blank"></a><a target="_blank" href=""></a></p> <p><a target="_blank" href=""></a><a target="_blank" href="">Australian Cyber Security Magazine – #WomeninCyber Edition to be released for International Women’s Day – 8 March 2019</a></p> <p> </p>
Feb 11, 2019
Episode 135 - Unified Endpoint Management - Intro to MobileIron for cloud and endpoint security
<p>In this interview we speak with MobileIron’s Frédéric Gillant, Vice President Sales Asia-Pacific and Jonathan Andresen Senior Director, Marketing, Asia-Pacific.</p> <p class="MsoNormal">MobileIron provides cloud and endpoint security which allows enterprise to enforce conditional access based on device posture to protect cloud services, provide and protect cloud apps on the endpoint and segregate business apps and data from personal apps and data on mobile devices. MobileIron allows the CISO to configure and deploy consistent app policies across endpoints and clouds, including a per-app VPN which enables users to access corporate resources behind the firewall.</p> <p class="MsoNormal">For more information visit</p> <p>Recorded at the Canalys Channels Forum, Asia Pacific, held in Hong Kong, 4 - 5 December 2018. MySecurity Media attended the event courtesy of Canalys. @CanalysForum #Canalys</p> <p> </p>
Jan 29, 2019
Episode 134 - Navigating an age of devices and disruption - Insights with Lenovo in Australia and the Asia Pacific
<p>In this episode we sit down with Lenovo’s Australia and New Zealand Managing Director, Matt Codrington, alongside the company's General Manager, Asia Pacific SMB Segment, Takeshi Okuma.</p> <p>In Hong Kong for the Canalys Channels Forum, Lenovo boasts a network of over 10,000 channel partners across Asia Pacific, with 95% of its business coming through the channel. The company claims a steadfast commitment to supporting channel partners’ businesses in navigating an age of disruption and has implemented a comprehensive channel program. Interview discussion includes Lenovo’s overall business strategy and most recent performance in Australia, including a DaaS case study with KPMG and Takeshi Okuma provides a regional overview and insights to a joint Venture between Lenovo and Fujitsu.</p> <p>Recorded at the Canalys Channels Forum, Asia Pacific, held in Hong Kong, 4 - 5 December 2018. MySecurity Media attended the event courtesy of Canalys. @CanalysForum #Canalys</p> <p class="MsoNormal"></p> <p> </p>
Jan 24, 2019
Episode 133 - MSSP Insights, SLAs & APRA Prudential Standard CPS 234 Information Security scheduled for 1 July 2019
<p class="MsoNormal">Vlad Vyshnivetskyy is the Cyber Security Program Lead at <a href="" target="_blank">AC3</a>. AC3 is an Australian owned, operated Managed Services Provider, including Managed Security Services. </p> <p>In this interview, recorded in Hong Kong, we discuss the role of MSSPs, importance of Service Level Agreements (SLAs) and Vlad makes mention of the Prudential Standard CPS 234 Information Security, scheduled to come into affect 1 July 2019, which aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyberattacks) by maintaining an information security capability commensurate with information security vulnerabilities and threats. </p> <p>Prudential Standard CPS 234 Information Security is <a href="Prudential Standard CPS 234 Information Security" target="_blank" title="Prudential Standard CPS 234 Information Security"></a></p> <p class="MsoNormal">Vlad is an experienced Cyber Security manager with 20+ of IT experience, certified Project Management Professional (PMP, PRINCE2 and Scrum Master) and with a broad knowledge of information systems, Cyber security solutions, practices, processes, vendors and products, including Palo Alto, IBM, F5, zScaler, HPE, MicroFocus, Cisco, Trend Micro, EMC/RSA. Recorded 5 December, 2018 at the Canalys Channels APAC Forum, Hong Kong. MySecurity Media attended the forum courtesy of Canalys.</p> <p class="MsoNormal">@CanalysForum #Canalys </p> <p> </p>
Jan 16, 2019
Episode 132 - WP Engine & the future of Websites, Fake News & Dark Data
<p> <p class="MsoNormal">As ‘dark data’ becomes an increasingly important topic, corporations are being forced to think about the way they use data more effectively. With the new year underway, many marketing plans are looking to solve this problem of ‘untapped data’ and applying MarTech.</p> <p class="MsoNormal">Mary-Ellen Dugan, Chief Marketing Officer of the WordPress digital experience platform, WP Engine, was in Australia to host a customer summit and provide insights into the future of websites and web data. This interview delves into the direction websites are heading with the issues of ‘dark data;, fake news, authenticity and security.</p> <p class="MsoNormal">Most of the world’s data is classified as ‘dark’, meaning that it is untapped for business or analytic purposes. In the era of the ‘data monopoly’, it is staggering to think that this mine of information is untouched. Living in a world where customer experience reigns supreme, zillions of bytes are a potential key to unlocking invaluable consumer sentiment and improving digital experiences. </p> <p class="MsoNormal">In 2018, WP Engine ran one of the most extensive studies on the Mobile Web - so much so that Google linked to it for its <a target="_blank" href=";;sdata=74U8ISLNmMn5rrOiffvyqB5i3AUVus4Zye2%2FNSLMR8c%3D&amp;reserved=0">3 year anniversary of AMP</a>. Though there have been previous vague predictions around the death of the website, this study pointed instead to the ongoing challenges that apps face to survive. When consumers use Facebook or Instagram for information, their data belongs to Facebook, rather than going through a brand’s website. This creates major gaps in understanding customer segments and can skew business analytics. So, it is more important than ever for businesses to drive customers to its websites, where they can control content, digital experiences and of course, own all the right data.</p> <p class="MsoNormal">Recorded 29 November, 2018 in Sydney.</p> </p>
Jan 14, 2019
Episode 131 - Augmented & Virtual Reality and fast emerging use on the industrial frontline, with Fountx
<p>Interview with Laurence Beraldo, General Manager, Fountx. Laurence joined TAE Aerospace in June 2016 to head up the development and delivery of TAE Aerospace’s advanced technical product lines as well as enhance TAE Aerospace’s senior leadership team. In July 2017 TAE Aerospace established Fountx Pty Ltd a subsidiary company and Laurence is leading that company to commercialise a world changing product using assisted reality to enhance human capability.</p> <p class="MsoNormal">Laurence was the CEO and Company Secretary for the Royal Queensland Aero Club (RQAC) group of companies where he was the CASA approved Air Operator Certificate appointee and accountable manager for the Airline Academy of Australia. Prior to taking on the role as CEO he headed up aircraft maintenance engineering operations and training. He was formerly an executive manager with Aviation Australia where he worked for 10 years and held a number of senior roles including responsibility for flight safety training, Group Training compliance and operations, business development, international client management and the employment outcomes of more than 1,200 aircraft maintenance engineering graduates. Laurence is trained and qualified in aviation maintenance engineering and management, holds a pilot’s licence, had a 14 year maintenance and training career with the RAAF and managed several successful businesses.</p> <p class="MsoNormal">Recorded in Sydney on 13 November 2018 at the 2nd Augmented and Virtual Reality for Safety, Training, Maintenance and Manufacturing Forum 2018. The event was held in conjunction with the 2nd Immersive Augmented and Virtual Reality Customer Experience, Marketing and Product Development Forum.</p> <p> </p>
Dec 13, 2018
Episode 130 - Augmented & Virtual Reality and fast emerging use on the industrial frontline, with Honeywell & Realwear
<p> </p> <p class="MsoNormal">Interview with Annemarie Diepenbroek, Product Manager, Honeywell and David Francis, Managing Director, Head of APAC, Head of ANZ, Virtual Method, Zappar, Realwear.</p> <p class="MsoNormal">Annemarie Diepenbroek is the Global Product Manager for the Honeywell Connected Plant – Skills &amp; Safety Portfolio. This portfolio increases staff performance and improves plant profitability using Augmented Reality, Analytics, Intelligent Wearables and a suite of Productivity Applications. It directly addresses the looming skills gap in our industry, the need for faster competency and improved field productivity.</p> <p class="MsoNormal">David is involved in various wearables, visual and NLP artificial intelligence, mobile interest-sensing and IoT strategy, advising companies when, where and how they need to take strategic initiatives to head-off Digital Darwinism.</p> <p class="MsoNormal">Recorded in Sydney on 13 November 2018 at the 2nd Augmented and Virtual Reality for Safety, Training, Maintenance and Manufacturing Forum 2018. The event was held in conjunction with the 2nd Immersive Augmented and Virtual Reality Customer Experience, Marketing and Product Development Forum.</p> <p> </p>
Dec 13, 2018
Episode 129 - Industrial Control System (ICS) Cyber Security with Daniel Ehrenreich, Asia ICS Cyber Security Conference 2018
<p>Interview with Daniel Ehrenreich, BSc. an Israel based Consultant at Secure Communications and Control Experts, and Lecturer teaching at cyber security colleges and presenting at ICS cyber defense conferences; Daniel has over 25 years’ engineering experience with electricity, water, gas and power plants systems as part of his activities at Tadiran, Motorola, Siemens and Waterfall Security.</p> <p>The discussion centres around the challenges raised to Industrial Control Systems (ICS) as a result of the Stuxnet attack and the use of uni-directional gateways, or Diodes and importance of physical security systems. Safety, Reliability and Productivity is the key triad for OT.</p> <p>For further information and reading, visit:</p> <p><a href="" target="_blank"></a></p> <p>For recent Israel developments on ICS Cyber Security visit:</p> <p><a href="" target="_blank"></a></p> <p><a href=";parentid=74&amp;themeid=255&amp;hft=88&amp;showdetail=true&amp;bb=1" target="_blank">;parentid=74&amp;themeid=255&amp;hft=88&amp;showdetail=true&amp;bb=1</a></p> <p><a href="" target="_blank"></a></p> <p>Recorded 21 November 2018 in Singapore at Asia ICS Cyber Security Conference 2018. MySecurity Media were conference Media Partners and attended courtesy of the conference organiser.</p> <p> </p>
Dec 06, 2018
Episode 128 - Analysis of Enterprise & Mobility trends in APAC Region - Canalys Channels Forum 2018, Hong Kong #Canalys
<p>Interview with Daniel Liu, Research Analyst on Enterprise and TuanAnh 'TA' Nguyen, Analyst on Mobility market and discussion on 2018 trends and 2019 outlook for the Asia Pacific market. Discussion touches on disparity between China and US technology companies, trends in smart manufacturing, with manufacturing moving out of China and creating an evolution of manufacturing in South East Asia. Other trends include robotics in manufacturing, data centres and competition between cloud providers.</p> <p>Continue to monitor the Canalys Channels Forum, Dec 4 - 6, 2018, Hong Kong. @CanalysForum #Canalys</p> <p>MySecurity Media are media partners and attending the Forum courtesy of Canalys.</p>
Dec 05, 2018
Episode 127 - A Futurist’s Look at Nation-State Cyber Espionage #KLNext Series
<p>Interview with Christian Funk, Head of the Global Research and Analysis Team (GReAT) Germany at Kaspersky Lab discussing nation state attack trends and the ever increasing rise in sophistication.</p> <p class="MsoNormal">Normally someone who analyses the nitty gritty details of attacks, Christian uses a wide angle lens to look at the bigger picture of Nation State attacks and examines what is unique about Nation State actors; how they differ from ordinary crimeware like banking Trojans and what sets them apart in terms of their arsenal, their approach and their capabilities.</p> <p>Recorded 30 October 2018 at Kaspersky Lab Next Conference, Barcelona, Spain. #KLNext.</p> <p>MySecurity Media were participants in this year’s Kaspersky Next conference courtesy of Kaspersky Lab.</p> <p> </p> <p class="MsoNormal"> </p>
Nov 29, 2018
Episode 126 - How much is your data worth on the black market? David Jacoby #KLNext Series
<p>Interview with David Jacoby, IT Security Evangelist with Kaspersky Lab discussing his research into the black market and the availability and price of your personal data. If someone gets hold of your identity, how much is that worth to them? David has researched the value of gaming profiles, social media accounts and other credentials and how it is being bartered on the dark web.</p> <p class="MsoNormal"></p> <p class="MsoNormal">David also provides excellent direction on the use of pass-phrases as a better alternative to passwords.</p> <p class="MsoNormal">For more information on David Jacoby, visit <a href=""></a> or follow at @jocobydavid</p> <p>Recorded 30 October 2018 at Kaspersky Lab Next Conference, Barcelona, Spain. #KLNext. Apologies for the initial sound quality (echo).</p> <p>MySecurity Media were participants in this year’s Kaspersky Next conference courtesy of Kaspersky Lab.</p> <p> </p>
Nov 29, 2018
Episode 125 - The Future of Autonomous Mitigation – Titania’s solution to ‘alert fatigue’ - #KLNext Series
<p>Interview with Ian and Nicola Whiting, Titania, the CEO and CSO respectively, as well as Mr &amp; Mrs. Ian is a former accredited penetration tester and an innovator in his field, having designed and brought to market the world’s first automated Configuration Analysis tools. Independently verified as 100% accurate, these trusted Titania products help enterprise security professionals in more than 95 countries maintain the most secure networks around the world.</p> <p>Nicola, an experienced Chief Operations &amp; Strategy Officer with a strong history of working in Cyber Security / Information Security, has led Titania from an ambitious start-up to a multi-million pound, award-winning company – in less than a decade.</p> <p>Nicola is also an advocate for Autism and Women in Cyber, where she provides government level advice on Diversity and is Worcestershire’s Commissioner for the UK Cyber Science &amp; Innovation Audit.</p> <p>For more information visit <a target="_blank" href=""></a></p> <p>Recorded 30 October 2018 at Kaspersky Lab Next Conference, Barcelona, Spain. #KLNext. Apologies for the sound quality (echo).</p> <p>MySecurity Media were participants in this year’s Kaspersky Next conference courtesy of Kaspersky Lab.</p>
Nov 22, 2018
Episode 124 – Electronic Frontier Foundation – Privacy, Policy, Police & Problems - #KLNext Series
<p>The <a target="_blank" href="">Electronic Frontier Foundation</a> is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. The EFF works to ensure that rights and freedoms are enhanced and protected as the use of technology grows.</p> <p class="MsoNormal"></p> <p class="MsoNormal">This interview with Eva Galperin, Director of Cybersecurity dives into cybersecurity, privacy and security and the future around implants, robotics and Avatars. Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU. Her work is primarily focused on providing privacy and security for vulnerable populations around the world. To that end, she has applied the combination of her political science and technical background to everything from organizing EFF's Tor Relay Challenge, to writing privacy and security training materials (including Surveillance Self Defense and the Digital First Aid Kit), and publishing research on malware in Syria, Vietnam, Kazakhstan. When she is not collecting new and exotic malware, she practices aerial circus arts and learning new languages.</p> <p class="MsoNormal">Recorded 30 October 2018 at Kaspersky Lab Next Conference, Barcelona, Spain. #KLNext. MySecurity Media were participants in this year’s Kaspersky Next conference courtesy of Kaspersky Lab.</p> <p> </p>
Nov 19, 2018
Episode 123 - Interview with Jane Frankland and answering the Gender Bias Question - #KLNext Series
<p>Interview with Jane Frankland, an award-winning cybersecurity entrepreneur, consultant, speaker and market influencer. Having spent nineteen years in cybersecurity, she has built and sold her own penetration testing firm, and been actively involved in leading industry accreditations, schemes and forums. She is the founder of Cyber Security Capital, the IN Crowdd community, and the IN Security movement.</p> <p>Author of <i>Insecurity: Why a Failure to Attract and Retain Women in Cybersecurity Is Making Us All Less Safe, y</i>ou can learn more about Jane and her initiatives via <a target="_blank" href=""></a></p> <p><a target="_blank" href=""></a>Recorded 30 October 2018 at Kaspersky Lab Next Conference, Barcelona, Spain. #KLNext.</p> <p>MySecurity Media were participants in this year’s Kaspersky Next conference courtesy of Kaspersky Lab.</p> <p class="MsoNormal"></p> <p> </p>
Nov 17, 2018
Episode 122 - Kaspersky Lab insights from Europe and Women in Cyber program - #KLNext Series
<p>MySecurity Media were participants in this year’s Kaspersky Next conference, held in Barcelona, Spain. The conference gathers together journalists and experts from around the world to discuss the latest research and future possibilities in the areas of security, industry and technology.</p> <p class="MsoNormal">This interview with Ilijana Vavan, Managing Director, Europe  and Alice Collins, Communications and Head of Women in Cyber program discusses the scale of Kaspersky Lab and the company's support of women in cyber.</p> <p class="MsoNormal">Ilijana introduces Kaspersky Lab as a global cybersecurity company, founded in 1997, with over 400 million users and 270,000 corporate clients. The company has a comprehensive security portfolio with leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats.</p> <p>Recorded 30 October 2018 at Kaspersky Lab Next Conference, Barcelona, Spain. #KLNext</p> <p> </p>
Nov 16, 2018
Episode 121 - Looking into a black mirror: What hackers could do with your memories - #KLNext Series
<p><i>Interview with </i><i>Laurie Pycroft, Oxford University with </i><i>Denis Makrushin &amp; Dmitry Galov of Kaspersky Lab.</i></p> <p class="MsoNormal">If you think that cyber threats targeting your body and your mind is something that belongs in the future, or that being able to retain and share your memories forever is a just something from a dystopian television series. Then think again. Connected deep brain stimulation devices already exist to help sufferers of many neurological disorders, and this fundamental technology will eventually enable memory enhancement, implantation and more. Even today, connected medicine is creating an online-ecosystem for monitoring patients, tuning implants, remote diagnostic (telemedicine) or simply for collecting the data for future treatments. But any new pioneering technology, like 'magic', has another side – a dark side. In this case, the black magic could allow for the manipulation, control and abuse of your data.</p> <p class="MsoNormal">In their collaborative research, Kaspersky Lab and Oxford University researchers examine cyber vulnerabilities of current and the emerging future of implantable things. Implications of memory control and external access creates opportunities for empathy, entertainment and legacy but also for use by law enforcement, abuse by repressive regimes, exploitation and other cyber threats from nation states and criminals, as well as mass manipulation of groups. Importantly, guidelines and regulations around implants and new generation devices with update-able firmware will be needed and not yet observed, there is potential for 'in the wild' mass attacks on implant human populations.</p> <p class="MsoNormal">Recorded October 30 at  Kaspersky Lab Next Conference, Barcelona, Spain. #KLNext</p> <p class="MsoNormal">Apologies for the sound quality (echo).</p> <p> </p>
Nov 14, 2018
Episode 120 - Intelligent Building System Vulnerabilities - Guidance on assigning mitigation strategies, Dr. David Brooks
<p>David Brooks, PhD, MSc, is the Post Graduate Security Science Coordinator at Edith Cowan University and has released research into intelligent building critical vulnerabilities and mitigation strategies.</p> <p class="MsoNormal">The ASIS Foundation, in partnership with BOMA International (BOMA) and the Security Industry Association (SIA), funded the project which has created first-of-its-kind guidance for practitioners in the security and building management fields.</p> <p class="MsoNormal"><a href="">Intelligent Building Management Systems: Guidance for Protecting Organizations</a> provides a framework to help decision-makers assign a risk-based criticality or impact to their building and asks relevant security questions to develop appropriate mitigation strategies. It also serves to establish a common language between the many intelligent building stakeholders.</p> <p class="MsoNormal">The guidance is based on original research, <a href="">Building Automation &amp; Control Systems: An Investigation into Vulnerabilities, Current Practice and Security Management Best Practice</a>, by David J. Brooks, Michael Coole, and Paul Haskell-Dowland of Edith Cowan University in Perth, Australia.</p> <p class="MsoNormal">David Brooks commenced his career in Military Air Defence, moving into the Electronic Security sector and, later, Security Consultancy. Dave is widely published with over 18 International Journal articles, seven book chapters and four books. His past security projects include the Roy Hill PMC team designing and implementing a project wide security system for the Roy Hill Iron Ore project. The project is a Greenfiled site with a capital expenditure of A$10 billion.</p> <p class="MsoNormal"><i>Disclosure</i>- Chris Cubbage co-authored a 2012 book with David Brooks: Corporate Security in the Asia-Pacific Region: Crisis, Crime, Fraud, and Misconduct, Christopher J. Cubbage, CPP, David J. Brooks, PhD</p> <p class="MsoNormal"><a href=""></a></p> <p class="MsoNormal">GUIDELINE LINKS</p> <p class="MsoNormal">Security Industry Association (SIA)</p> <p class="MsoNormal"><a href=""></a></p> <p class="MsoNormal">ASIS International (media link)</p> <p class="MsoNormal"><a href=""></a></p> <p class="MsoNormal">BOMA International (BOMA)</p> <p class="MsoNormal"><a href=""></a></p> <p class="MsoNormal">FULL REPORT via SIA</p> <p class="MsoNormal"><a href=""></a></p> <p> </p>
Nov 06, 2018
Episode 119 – Interview with Prof. Martin Gill for the Outstanding Security Performance Awards – The OSPAs
<p>Professor Martin Gill is a criminologist and the Director of Perpetuity Research. He is also the founder of the Outstanding Security Performance Awards. Martin has been involved in a range of studies relating to crime and security. He is widely published (14 books and over 100 articles) including the second edition of the ‘Handbook of Security’ published in 2014.</p> <p class="MsoNormal">Martin is a Fellow of the Security Institute, a member of the Company of Security Professionals and a Trustee of the ASIS Foundation. In 2010, he was recognised by the BSIA with a special award for ‘Outstanding Service to the security sector’. In 2016, he won the Imbert Prize at the Association of Security Consultants and ASIS International awarded him a Presidential Order of Merit for distinguished service. IFSEC also placed him the fourth most influential fire and security expert in the world.</p> <p class="MsoNormal">For the fourth year running, the Australian OSPAs partnered with ASIAL’s Security Awards for Excellence to celebrate the success and hard work of companies and individuals across the Australian security industry. The competition this year was tough. As always, winners and runners up were selected by a judging panel of esteemed security professionals.</p> <p class="MsoNormal">Recorded on the day winners were unveiled at a prestigious Awards Ceremony and Dinner on 18 October at Sydney’s Doltone House Hyde Park, where security professionals gathered to reward outstanding performance. For the list of Category Winners, visit</p> <p class="MsoNormal"><a href=""></a></p> <p class="MsoNormal"><a href=""></a>For more information visit <a target="_blank" href=""></a></p> <p> </p>
Nov 04, 2018
Episode 118 - Meet cyber twins @noushinshbb @NegarShbb #womenincyber #malware #analysis #appsec
<p>Meet twins, Noushin Shabab and Negar Shabab, perhaps, the only twins in Australia specialising in cybersecurity. Noushin is a malware researcher with Kaspersky Lab and Nagar is an Application Security consultant with PS&amp;C Group.</p> <p>These twins grew up attending a special school for whiz kids and are now slowly making their mark in education and the industry to bridge the country’s cybersecurity talent shortage. From the age of 11 years when first using a computer, the two recall growing up, taking turns to make ‘escape room’ versions in their home to see who could find an escape at the fastest time. These early childhood memories developed a fascination with solving problems, especially with puzzles and board games. When they reached middle school, the two learnt computer programming which nurtured a deeper interest in programming.</p> <p>In high school they frequently competed in a number of national programming contests and managed to sit on within the top 3 positions for a few. It was around this time, they realised they wanted to pursue a career in computing and did a degree in programming and computing in university.</p> <p>These identical twins are perhaps just of a few Australians with a niche in reverse engineering. Based out of the Melbourne office at Kaspersky Lab, Noushin says, “In 2016 when I first started looking for a job in this field, I noticed how large the skill gap shortage of security researchers were in Australia. However, since the attack that caused Census (Australian Bureau Of Statistics) to shut down and Wanna Cry ransomware, the government and education ministries found it crucial to grow a new breed of students and professionals in the field of cybersecurity. Her older sister by a few minutes, Negar adds, “Our new projects and partnerships with these universities and are very exciting as both parties can truly make a difference for this industry.”</p> <p>This interview was recorded in Sydney on 18 October, 2018.</p>
Oct 29, 2018
Episode 117 - GDPR & Cambridge Analytica – A Cyber week in London with Jane Lo, Singapore Correspondent
<p> <p class="MsoNormal">Jane started her career in Canada after graduating from Electrical and Computer Engineering studies, and worked in the City of London for 10 years consulting for Corporates and Banks, before relocating back to Singapore. er experience included using data predictive analytics for fraud at global financial institutions (Deustche Bank, JP Morgan) and advisory to financial institutions with PriceWaterHouseCoopers.  Amongst 24+ articles with MySecurity Media her key Cyber Security publications include</p> <p class="MsoNormal">Chinese New Year Heist (<a href=""></a>), </p> <p class="MsoNormal">Cyber Security of Assets in the InterConnected Era (<a href=""></a>) </p> <p class="MsoNormal">Data Protection &amp; Privacy – Perspectives from Facebook, Google &amp; Apple (<a href=""></a>)</p> <p class="MsoNormal">Interview recorded at Marina Bay Sands, Singapore on 12 September 2018 at <a href="">Data Center Dynamics – DCD South East Asia</a> <a href=""></a><a href="">#DCDSingapore</a></p> </p>
Oct 27, 2018
Episode 116 – Singapore insights with Senior Fellow Benjamin Ang, Cyber and Homeland Defence Programme of Centre of Excellence for National Security, RSIS, Singapore
<p class="MsoNormal">Benjamin Ang is a Senior Fellow in the Centre of Excellence for National Security (CENS) at the S. Rajaratnam School of International Studies (RSIS), an autonomous Singapore graduate school and policy-oriented think tank within the Nanyang Technological University.</p> <p class="MsoNormal">Benjamin Ang leads the Cyber and Homeland Defence Programme of CENS, which explores policy issues around the cyber domain, international cyber norms, cyber threats and conflict, strategic communications and disinformation, law enforcement technology and cybercrime, smart city cyber issues, and national security issues in disruptive technology.</p> <p class="MsoNormal">Prior to this, he had a multi-faceted career that included time as a litigation lawyer arguing commercial cases, IT Director and General Manager of a major Singapore law firm, corporate lawyer specialising in technology law and intellectual property issues, in house legal counsel in an international software company, Director-Asia in a regional technology consulting firm, in-house legal counsel in a transmedia company, and senior law lecturer at a local Polytechnic, specialising in data privacy, digital forensics, and computer misuse and cybersecurity.</p> <p class="MsoNormal">Benjamin graduated from Law School at the National University of Singapore and has an MBA and MS-MIS (Masters of Science in Management Information Systems) from Boston University. He is qualified as an Advocate and Solicitor of the Supreme Court of Singapore, and was a Certified Novell Network Administrator back in the day. He also serves on the Executive Committee of the Internet Society Singapore Chapter.</p> <p>Interview recorded September 12, 2018, Singapore.</p>
Oct 27, 2018
Episode 115 – ASD Essential 8 cybersecurity strategies applied to business requirements, insights with Tony Campbell CISSP, CISM, CIPM @BSidesPer @AustCyberSecMag
<p> <p class="MsoNormal">Tony Campbell is a Security Architect and Editor of the Australian Cyber Security Magazine (ACSM) – in the lead up to Issue 6 of the ACSM we discuss the business and board applications of the <a target="_blank" href="">Australian Signals Directorate (ASD) Essential 8 cybersecurity strategies</a> and how these can be applied and inform the business and board of directors.</p> <p class="MsoNormal">Recorded at BSides Perth 2018 which attracted over 300 delegates, including kids and families, to UWA Business School and along with t-shirts, beanies and tool kits, delegates also received a cool and unique handmade conference badge, using a NodeMCU ESP8266 WiFi SoC. Security BSides (commonly referred to as BSides) is a <a title="Hacker convention" href="">hacker convention</a>, held amongst a growing eco-system of events in Australia and New Zealand that provide a community driven framework for information security conferences.</p> For the full podcast series from #BsidesPerth visit <a target="_blank" href=""></a></p>
Oct 25, 2018
Episode 114 – Capture the Flag competition @BSidesPer
<p> <p class="MsoNormal">Interview with Alex Dolan (@dolesification) and #Osprey (Michael) in their roles as facilitators of the #BSidesPerth Capture the Flag #CTF competition held at BSides Perth in September 2018.</p> <p class="MsoNormal">With a focus on web applications and starting with GRC challenges, the CTF had a unique WA flavour and lean with IoT device security. Well done to ‘Tony’ who took a commanding lead.</p> <p class="MsoNormal">Recorded at BSides Perth 2018 which attracted over 300 delegates, including kids and families, to UWA Business School and along with t-shirts, beanies and tool kits, delegates also received a cool and unique handmade conference badge, using a NodeMCU ESP8266 WiFi SoC. Security BSides (commonly referred to as BSides) is a <a title="Hacker convention" href="">hacker convention</a>, held amongst a growing eco-system of events in Australia and New Zealand that provide a community driven framework for information security conferences</p> <p class="MsoNormal">For the full podcast series from #BsidesPerth visit</p> </p>
Oct 25, 2018
Episode 113 - Security practice is broken. How can we fix it? Interview with Dr Jodie Siganto @BSidesPer
<p>Interview with Dr Jodie Siganto, a lawyer who accidentally strayed into security about 18 years ago and never been able to get out. Fascinated by what happens at the interface between humans and technology, particularly in the security and data privacy realm. Intrigued by what shapes security practice and our failure to change.</p> <p>Jodie’s proposal is that as information security practitioners we think of ourselves as professionals with a special expertise. But is this perspective real? Or are we more like security brokers negotiating an acceptable outcome with the business? "If we are a profession, then who is shaping that profession? If we are experts, is education producing the right person? By looking at some of these questions, I hope to start a conversation about how we might re-shape security practice to delivery better results for practitioners, their employers and the community more generally."</p> <p class="MsoNormal"></p> <p>Recorded at BSides Perth 2018 which attracted over 300 delegates, including kids and families, to UWA Business School and along with t-shirts, beanies and tool kits, delegates also received a cool and unique handmade conference badge, using a NodeMCU ESP8266 WiFi SoC. Security BSides (commonly referred to as BSides) is a <a title="Hacker convention" href="">hacker convention</a>, held amongst a growing eco-system of events in Australia and New Zealand that provide a community driven framework for information security conferences.</p> <p> </p>
Oct 18, 2018
Episode 112 - Interview with the CEO of CyLon at ICE71, Singapore. CyLon is the world’s leading cybersecurity accelerator
<p>We sit down with Anton Opperman, CEO of CyLon at ICE71. CyLon is the world’s leading cybersecurity accelerator. Since launching in London in 2015 CyLon has run several accelerator programmes, successfully accelerating over 50 cybersecurity startups, many of which are now working with major global corporations, governments and world-leading investors. CyLon is working in partnership with Singtel Innov8 and NUS Enterprise to deliver the ICE71 Inspire and ICE71 Accelerate programmes.</p> <p class="MsoNormal">ICE71 ‘Innovation Cybersecurity Ecosystem at Block71’ is the region’s first cybersecurity entrepreneur hub. Founded by Singtel Innov8, the corporate venture capital unit of Singtel, and the National University of Singapore (NUS), through its entrepreneurial arm NUS Enterprise, ICE71 aims to strengthen Singapore’s growing cybersecurity ecosystem by attracting and developing competencies and deep technologies to help mitigate the rapidly increasing cybersecurity risks in the region.</p> <p class="MsoNormal">Supported by the CSA and the IMDA, ICE71 is Singapore’s first integrated cybersecurity entrepreneur hub, supporting and developing early and growth stage cybersecurity entrepreneurs and startups from around the a range of programmes designed to support cybersecurity individuals and startups from idea development to the creation, acceleration and scaling of cybersecurity startups. In addition, through the ICE71 community they will provide startups with go-to-market access, introductions to corporates and channel partners.</p> <p class="MsoNormal">For more information about CyLon please visit <a href="" target="_blank"></a> and for ICE71 visit <a href=""></a></p> <p class="MsoNormal">For the upcoming Collaborated event between ICE71 and Cyber Risk Meetup, November 1 at ICE71 visit <a href=""></a></p> <p> </p>
Oct 16, 2018
Episode 111 - How to land a job in InfoSec with @CyberSecRicki & DevSecOps versus SecDevOps with @_sarahyo
<p>Interview with Ricki Burke and Sarah Young, co-organisers AllSec Meetups in Melbourne and we dive into Ricki’s @BsidesPer Workshop and Sarah’s SecDevSecOpsSec session. </p> <p>Ricki is the Director and Founder of CyberSec People and partners with organisations around ANZ to hire infosec (Cyber Security) professionals. He is embedded in the security community, is active at cons and Meetups and built many friendships along the way. With a passion for supporting people to break into security, he has helped many land their first job in the industry.</p> <p>Ricki's recent articles with the Australian Cyber Security Magazine </p> <ul> <li>I want to be a Hacker – but where do I start? <a style="font-size: 1.17em;" href=""></a></li> <li>Cyber Security in 2017 – <a style="font-size: 1.17em;" href=""></a></li> </ul> <p>Sarah is a security architect based in Melbourne, having previously worked in New Zealand, London and various parts of Europe across a range of industry sectors. In her current role, Sarah helps enterprises move their stuff into the cloud securely. She spends most of her spare time eating hipster brunches and high teas.- Sarah's session: “SecDevSecOpsSec: let’s stop throwing around the buzzwords.” With phrases like “DevSecOps” out there, how many of us actually know what this means? We have DevSecOps, SecDevOps, secure pipelines, security toolchains, etc. too often used interchangeably and with no clear “official” definition. In her talk, Sarah sought to distill the exact meanings of each of these and use examples from her own experiences of creating automated security processes to explain how each can be effectively used, and the tools that she has used to do this.</p> <p> </p>
Oct 11, 2018
Episode 110 - The future of Data Centres in an age of robotics, AI, IoT, machine learning and AR/VR, Prof. Greg Sherry
<p>In the last of our Data Centre podcast series with DCD, we conclude in Singapore with Prof. Greg Sherry, General Director/ Professor, DCPRO Development and CEO of VARceti.</p> <p class="MsoNormal">Greg has been involved with the IT Industry for 40 years and has worked in many aspects across the data centre business.Greg has been delivering Data Centre training for many years and was a trainer for the CDCDP classes, the BICSI Data Centre design course, and most recently, the training courses from DCPRO. He is the author of the world’s most widely taught data centre training course, Data Centre Design Awareness, and a contributing editor to several other courses.  Greg has delivered training across the globe on every populated continent, to more than 1000 students in some of the industries’ largest organisations. He is widely recognised as one of the world’s leading data centre design authorities.</p> <p>Recent projects in Russia have included the design supervision and risk management of a 2Mw, Phase 2 build project for an International Colo provider. The review of design and operational procedures for a major Russian Telco. Audit and review of existing facility for International telco and subsequent report detailing future strategy for data centre operations. Audit of Russian DC for one of the world’s largest consultancies.</p> <p>Greg has recently been appointed as a Professor at Plekhanov Russian University for Economics, and teaches a post graduate class in Data Centre design there.</p> <p>Interview recorded at Marina Bay Sands, Singapore on 12 Sept 2018 at <a href="">Data Center Dynamics – DCD South East Asia</a> <a href="">#DCDSingapore</a></p> <p>For the full series of DCD Data Centre Podcasts visit</p> <p> </p>
Oct 09, 2018
Episode 109 - Cybernomics: Digital Asset Valuation & Cyber Risk Measurement with Dr. Keyun Ruan, Computer Scientist & Author “Digital Forensics”
<p class="MsoNormal">This interview with Dr. Keyun Ruan dives into her research in identifying the value of ‘cyber’ in business, establishing traceability for better risk management, analyzing the attacker’s role in cyber risk and the outlook for the future of cyber risk quantification.</p> <p class="MsoNormal">Dr. Keyun Ruan has worked as a PhD researcher at the Center of Cyber security and Cybercrime Investigation (University College, Dublin) and in cloud forensics at the Cyber Security Research Lab (EADS). She was among the first in the world to work on this emerging area. Professor Ruan has given talks around the world in both academic and industry conferences, including CloudEXPO Europe and Silicon Valley, Cloud Futures held at Microsoft Research Headquarters, Cloud Security Alliance Congress, RSA Conference Europe, Campus Party Europe, the ADFSL Conference on Digital Forensics Security and Law, the International Conference on Digital Forensics and Cyber Crime, the IFIP International Conference on Digital Forensics. Keyun is now Chairperson and CRO of New York based XENSIX Inc, research scientist at University College Dublin, and research partner at EADS. She is an active member of the Cloud Security Alliance, member of the board of Cloud Security Alliance Ireland, and is leading the Cloud Security Alliance Incident Management and Forensics Working Group. She is an active contributor to the NIST Cloud Computing Program, and a Technical Lead of the NIST Cloud Forensics Working Group. She is also a semi-professional artist and holds a diploma in Art and Design from the National College of Art and Design, Ireland.</p> <p>Interview conducted recorded 5 September, 2018 at Cyber Security Asia, Kuala Lumpur, Malaysia <a href=""></a> – MySecurity Media attended courtesy of Thomvell International <a data-query-source="hashtag_click" href="">#<b>CSA2018</b></a></p>
Oct 08, 2018
Episode 108 – “What Your RF Signature Says About You” - insights @BSidesPer with @acyberexpert aka “Stephen”
<p> <p class="MsoNormal">Invisible, inaudible, and ignored, your devices are currently screaming out large amounts of information about you, your habits, your pattern of life to anyone who cares to listen. ‘Stephen’, who hails from the South Pacific and exported to the financial services sector in Singapore, presented at #BSidesPerth to demonstrate how to listen in, what is commonly being broadcast, what can be done with this information, and how you can minimise the risks.</p> <p class="MsoNormal"><b>Interview.References</b></p> <p class="MsoNormal">ACMA Spectrum Plan is available via <a href=""></a></p> <p class="MsoNormal">Transport For London WiFi pilot original was here (PDF): <a href=""></a></p> <p class="MsoNormal">Excerpted page 20 from the report as slide 12: <a href=""></a></p> <p class="MsoNormal">List of places a car had shown up in Singapore: <a href=""></a></p> <p class="MsoNormal">For a link to Stephen’s website visit <a href=""></a></p> <p class="MsoNormal">Recorded September 15, 2018. <a href="">#BSidesPerth</a> - for event pics (including the conference badge) - visit <a target="_blank" href=";type=1&amp;l=a8ebde5166">APSMs Facebook page</a></p> <p class="MsoNormal"><a target="_blank" href=";type=1&amp;l=a8ebde5166"></a><b>About BSidesPerth</b></p> <p class="MsoNormal"><a target="_blank" href="">BSides Perth</a> is organised by three mates with a collective 'lot' of years in the InfoSec industry...<a href="">doles</a> (Alex Dolan), <a href="">nidogski</a> (Nigel Hardy) and <a href="">sneaky</a> (Peter Yorke).</p> <p class="MsoNormal">BSides Perth attracted over 300 delegates, including kids and families, to UWA Business School and along with t-shirts, beanies and tool kits, delegates also received a cool and unique handmade conference badge, using a NodeMCU ESP8266 WiFi SoC.</p> <p class="MsoNormal">Security BSides (commonly referred to as BSides) is a <a title="Hacker convention" href="">hacker convention</a>, held amongst a growing eco-system of events in Australia and New Zealand that provide a community driven framework for information security conferences.</p> <p class="MsoNormal">BSides was co-founded by Mike Dahn, Jack Daniel, and Chris Nickerson in 2009. Due to overwhelming number of presentation submissions to Black Hat USA in 2009, the rejected presentations were presented to a smaller group of individuals - these became known as the BSides.</p> </p>
Oct 04, 2018