New Zealand’s cyber security strategy

Paul Blowers —Chief Information Security Officer, New Zealand Police Force, Special Advisor National Cyber Policy Office, Department of Prime Minister & Cabinet, New Zealand— presented the session New Zealand’s cyber security strategy.

As CISO’s we wear many hats: advising the board, setting the strategic direction, managing policy, interpreting legal requirements, ensuring systems are safe to operate, overseeing risk and compliance, managing disparate teams of multi-skilled experts. In short: enabling the business but all too often we are embroiled in day-to-day operational matters.

However, our role is changing as businesses face a host of new digital challenges including: risks generated by the ubiquity of emerging technologies, globalisation of information assets, the ever-changing threat landscape and increasing sophistication of cyber-criminals.

I am currently completing my SABSA Masters degree on the topic of Offender Identity Management. I am an experienced executive manager and strategist with expert knowledge of Data and Information Governance. Developing associated security (including Cyber), compliance and assurance related strategies are key themes. I have extensive experience in the industry and cyber environment and formally qualified as a security management professional with a comprehensive business-centric IT security architecture and engineering background. My business knowledge has largely focused on organisations dealing with Law Enforcement, Border Security, Defence, Intelligence and critical infrastructure related matters in both the private and public service sectors. I have a first class record of achievement and considered an innovative thinker who advocates the use of the Sherwood Applied Business Security Architecture (SABSA) approach to deliver business facing solutions that balance governance, risk, compliance and assurance with business continuity, reliability and value. I have extensive knowledge of a wide range of data and international information, security and risk standard. My current areas of research include progressing mobility as a business enabler (where supported the secure implementation of the single largest deployment of law enforcement mobile devices worldwide), identity management, business intelligence, digital evidence, content management and information loss protection associated with the threat of systemic insider behaviors. Internationally respected, I have been invited to speak at many security-related conferences both as a presenter and expert panelist in Washington DC (Protect Conference), Melbourne (Connect 2014), Dublin (COSAC) and New Zealand.

Cyber Crime, the changing landscape, insider threats

Jennifer Stockwell, National Cyber Security Advisor at Telstra, moderated the panel: Cyber Crime, the changing landscape, insider threats

Panellists included:
– Liam Connelly, Head of Cyber Security, SEEK
– Sandra Barns, Chief Technology Officer, Vic Super
– Detective Sergeant Spiros Drossos, Team Leader, Cybercrime Operations, Melbourne

The session covered:

– What are our security leaders’ priorities in the current cyber threat landscape?
– What does the next generation of cybercrime threats look like and how should industry/law enforcement engagement evolve to address this?
– With limited resources, how much can/should businesses focus on the insider vs. external threats?
– We increasingly learn of hybrid threats e.g. influencing/information operations combined with espionage – what do we need to change to minimise the impact? And whose responsibility is it?

Jennifer is a Cyber Intelligence and Security specialist who has led cybercrime and intelligence projects in the UK, Middle East and Australia. As a trusted advisor to Telstra’s CISO Asia Pacific, Jen currently oversees Telstra’s partnerships and engagement with government on all things cyber security and cyber policy.

Liam Connolly is Head of Cyber Security for SEEK, where he is responsible for all aspects of cyber security. He has more than 15 years of progressive information security experience in a wide range of disciplines, including incident response and forensic investigations, security operations, application security, threat intelligence, security training, governance, risk management and compliance.
Prior to coming to SEEK, Liam was the CISO for Zynga and has held security leadership and technical roles at HSBC, AT&T, and University of California, Berkeley. Connolly’s expertise is in working with organisations to assess their information security risk posture to better understand their security-related risks and then designing, implementing and managing a security program – often from the ground-up – that is aligned to the organisations culture, vision and strategic initiatives.

Sandra was appointed Chief Technology Officer and CISO of VicSuper in January 2018. Sandra is responsible for Technology Strategy, Operational Systems, and Information Security across the Fund, supporting and enabling business growth and retention, delivering transformational change to achieve our strategic and operational goals, and enabling business efficiency to deliver value for Members. Sandra is a seasoned technology professional with extensive experience in financial services, superannuation, technology and technology- enabled transformational change. Most recently she was the Chief Technology and Security Officer at AustralianSuper, and previously held senior roles at NAB, Goldman Sachs and Tabcorp.

Detective Sergeant Spiros DROSSOS is the Team Leader of the AFP Cyber Crime Operations Team in Melbourne. He recently commenced leading the team after over 12 years investigative experience in Counter Terrorism. He has contributed over 25 years in Australian policing, across a number of jurisdictions, with deployments in community State policing and country policing with Victoria Police. Internationally, as the Counter Terrorism Liaison Officer in Washington and as a Senior Investigating Officer in Joint Counter Terrorism Team investigations. Most recently, he executed leadership roles on a number of domestic terrorism plot cases, including, Operations Rising, Amberd and Kastleholm in Melbourne and the resolution of Operation Middleham in Far North Queensland. He has a Bachelor of Science with Honours in Geology, but gave up looking for clues in rocks and now looks for clues in computers.


Working with suppliers to uplift their cyber security maturity

Wouter Veugelen, Chief Information Security Officer at Primary Health Care Limited presented the case study: Working with suppliers to uplift their cyber security maturity.

The security maturity of key suppliers for a number of industries is lower than desired, often leaving CISO’s with no other option than to work with vendors that do not meet their desired security requirements. This session explored some common challenges and learnings from recent vendor engagements.

– The challenges associated with considering security as an afterthought

– Selling security to your business executives as a key business enabler, to make sure security is a key decision maker during the supplier evaluation process

– How to educate and influence vendors to uplift their security maturity.

Wouter is a Chief Information Security Officer with 15+ years of professional experience in technology and cyber security. His industry experience spans different sectors including Financial Services, Health, and Energy, Utilities and Mining sectors both in industry roles as well as within professional services. Wouter obtained a master of science degree in information & communication security from KTH Royal Institute of Technology, Scandinavia’s largest technical university and conducted his thesis project for Microsoft, where he was involved with the integration of the Belgian electronic identity card middle-ware with Microsoft’s identity management system Windows CardSpace.

Context, Collaboration, and Culture

Richard Addiscott, Director of IT Planning and Security at Curtin University presented the session “Three C’s of an effective information security program in the age of digital disruption: Context, Collaboration, and Culture.”

To ensure information security teams are really keeping in step with their organisations – as they’re being disrupted or if they’re the disruptor – these three elements provide the critical underpinnings of an effective information security program.  This presentation provided an insight into the high-level approach Richard and his team have adopted to deliver high-quality information security outcomes, including certification to the ISO 27001:2013 standard, at Curtin University.

Richard Addiscott’s IT career spans 15 years and, since April 2015, has led Curtin University’s information security, IT planning and governance team. He has worked as an IT leader in some of Australia’s most secure environments across the National Security Community and was a Technical Advisor to the first Australian National Security Chief Information Officer. In the highly dynamic and competitive higher education sector, Richard’s primary focus is developing business aligned and risk-appropriate information security capabilities to assist generate business value in Curtin’s innovation fuelled digital environment. Richard holds a Bachelor of Science in Software Engineering from ECU, a Graduate Certificate in Public Sector Management, and a Master of Strategic Studies from the ANU Strategic and Defence Studies Centre.

The human element in a strong cyber risk framework

Steven York, Chief Security Officer, Bank of Queensland, discussed around the topic The human element in a strong cyber risk framework.

Cyber incidents have been increasing around the world and particularly more focus is being placed on data security.  In Australia, the Office of the Australian Information Commissioner – (OAIC) has new powers in respect for this risk.  The NIST framework gives some guidance in how to organise cyber risk management for an organisation, however organisations often overlook the human element in the framework elements (Prepare, Prevention, Detect, Respond and Recover). This session covered the human element in a strong cyber risk framework.

Steven York has had a unique career commencing as a clerk at AMP, then joining the NSW Police force, working there for 20 years, leaving in 1996 as the Commander of the Hostage Negotiation Team. From 1996 he has been involved in risk management and contributed to the first risk management standard AS/NZ 4360. He built up his own risk consulting company with many high profile clients. In 2000 he sold his share and commenced work as an Executive Manager, Operational Risk at the CBA. At that time he was involved in the introduction of the Basel I across the CBA Group. Since then he has worked as a senior consultant (Partner, Deloitte Central Europe, Enterprise Risk, and Marsh McLennan, General Manager, Risk Consulting) and senior internal corporate roles (CBA, General Manager, Security and Financial Crime). He is currently the General Manger Group Compliance and Chief Security Officer (CSO) at the Bank of Queensland. Steve has been awarded the National Medal and received several commendations for bravery and police work up to counter terrorism level. In addition he is a sought after speaker in risk, security and negotiation.  He has co-authored a book, ‘Negotiation Evolved’ and is currently completing his second in the area of high risk negotiation, tentatively titled ‘Crisis Negotiation Evolved’.. He was a member of the Education Committee, Operational Risk Management for the Governance Institute of Australia from 2014 to 2017.  He was a member of the Information Technology Security Techniques at Standards Australia between 2013 and 2016 and is currently a mentor for the students at QUT in the Masters of Business Administration degree. He has a Master of Science (Risk) and a Master of Dispute Resolution and lectured in that area at UTS for 16 years particularly in the area of negotiation and crisis negotiation.

Cyber Security and Innovation: Protecting business IoT, cloud and mobile systems

Jonathan Jackson –  Head of Technical Solutions, Asia Pacific & Japan at BlackBerry has engaged the audience on Cyber Security and Innovation: Protecting business IoT, cloud and mobile systems

During his session, Jonathan has addressed a number of questions:

  • Business today needs to embrace innovative technology such as Enterprise of Things, cloud and enterprise mobility to remain competitive. But what is the price of this innovation?
  • In a world when cyber attacks are increasing in frequency and severity, how do you ensure your innovation and company data is protected?
  • How can security, cloud and mobile vendors work together to ensure systems are secure?
  • With increasing compliance and regulatory requirements being enforced, how can companies ready themselves for topics like GDPR and Mandatory Breach Notifications in 2018?
  • With employee risk to cyber security increasing on mobile devices, how should companies prepare for these threats?

Jonathan brings over two decades of tactical experience in the development and management of secure, scalable systems. He has been with BlackBerry for 5 years and was the Head of Security Advisory for ANZ before assuming his current role. Jonathan advises customers navigating the world of enterprise mobility and cyber threats, working with them to develop a mobile strategy that satisfies both the demands of IT and end users now and in the future.

How to determine the right cyber strategy for your business

Martin Holzworth, Group Security, Chief Information Security Officer at Super Retail Group has provided insights on ‘How to determine the right cyber strategy for your business’

Some of the key points Martin discussed:

  • Applying a risk lens to your strategy
  • How to engage exec’s and the Board in the conversation
  • Making the right investment decision
  • Business and technical capabilities required

Martin has over 25 years’ experience across Australia, Europe, UK and USA with global professional services companies. He has advised and assisted public and private sector organisations in Cyber Security, Risk, IT transformation and Enterprise Architecture.

Interview with Mark Micallef, VP at Cloudera

Who are Cloudera and what is their position in the Australian IT Security landscape?

Australia is a fairly advanced market for big data, much of which is being driven by the relatively broad adoption of cloud-based services. Recent reports, such as those conducted by Australian analyst Telsyte, point to a billion-dollar market for cloud infrastructure and services by the year 2020. It was also reported that 83% of Australian CIOs plan to invest more on big data in 2017 than they did in the previous year.

The telecommunications industry, in particular, has the highest proportion of businesses using the cloud according to the Australian Bureau of Statistics. In the finance and insurance services industry, several organizations who have yet to migrate to the cloud are holding back due to the risk of a security breach.

During the cloud migration process, business leaders are often too focused on gaining efficiency from the clouds that they struggle to keep up with the challenge of managing co-mingled data. To overcome this, data has to be categorized properly with the right authentication and authorization access. Data also needs to be encrypted and the encryption needs to be well managed. This is where Cloudera comes in – we help organizations to ensure that data is secure from the outset.

At Cloudera, we believe that data can make what is impossible today, possible tomorrow. We empower people to transform complex data into clear and actionable insights. We are the leading platform provider for machine learning, analytics and data management built for the cloud. The world’s largest organizations trust Cloudera to help improve product and services, understand their citizens, and lower organizational risk.


What new product offering or messaging is Cloudera looking to promote throughout Australia at the moment?

At Cloudera, we’re constantly working to help customers push the boundaries of what’s possible with data. Cloudera Data Science Workbench, which enables fast, easy, and secure self-service data science for the enterprise is a perfect example of that. It dramatically accelerates the ability of teams to build, scale, and deploy machine learning and advanced analytics solutions using the most powerful open source technologies. Cloudera Data Science Workbench lets data scientists manage their own analytics pipelines, including built-in scheduling, monitoring, and email alerting. Quickly develop and prototype new machine learning projects before deploying to production.


What do Cloudera see as some of the key challenges facing senior IT Security executives within their space?

Cloudera empowers cybersecurity innovators to proactively secure the enterprise by accelerating threat detection, investigation, and response through machine learning and complete enterprise visibility. Cloudera’s cybersecurity solution, based on Apache Spot, enables anomaly detection, behavior analytics, and comprehensive secure access across all enterprise data using an open, scalable platform. Building off of Cloudera’s scalable, open platform allows organizations to build custom security solutions as well as deploy packaged applications on top of one shared enriched data set. Using the diverse open source community to accelerate shared innovations, while changing the economics of cybersecurity, allows organizations to come together to fight back against cyber threats.


What differentiates the current suite of Cloudera services from other providers?

Cloudera brings together 26 open source components into our platform to help you ingest, store, process, and analyze any volume or variety of information. Making this diverse platform of open source components fast, easy, and secure is where Cloudera can help.

Fast: Open Only Cloudera Enterprise enables more insights for more users, all within a single platform. With the most powerful open source tools and the only active data optimization designed for Hadoop, you can move from big data to results faster.

Easy: Hadoop is a complex, evolving ecosystem of open source projects. Only Cloudera Enterprise makes it simple so you can run at scale, across a variety of environments, all while meeting SLAs.

Secure: The potential of big data is huge, but not at the expense of security. Cloudera Enterprise is the only Hadoop platform to achieve compliance with its comprehensive security and governance.


What does the future look like for an organisation looking to work with Cloudera?

At Cloudera, we have seen first hand how our advanced analytics and machine learning platform empowers organizations to make what is impossible today possible tomorrow. Partnering with Cloudera will help you turn your data into your most valuable strategic asset. Cloudera Enterprise will act as your modern architecture that will help existing processes while setting the foundation to grow into transformative machine learning use cases.


Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed a leo quis purus feugiat facilisis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Aliquam quis elit tristique, efficitur enim viverra, consequat odio. Duis porta ipsum ut magna dignissim vestibulum. Ut finibus augue nec mi maximus, nec laoreet arcu sagittis. Fusce pellentesque ipsum non lobortis bibendum. Sed consectetur dolor et ligula venenatis facilisis.


Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed a leo quis purus feugiat facilisis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Aliquam quis elit tristique, efficitur enim viverra, consequat odio. Duis porta ipsum ut magna dignissim vestibulum. Ut finibus augue nec mi maximus, nec laoreet arcu sagittis. Fusce pellentesque ipsum non lobortis bibendum. Sed consectetur dolor et ligula venenatis facilisis.

Top of Page