<< Back to article Print this page Loading page, please wait...

AISA BrisSEC19 Conference – 29th March 2019

Craig Ford (CSO Online)
01 April, 2019 08:52

It was Friday morning, I looked over at my alarm clock waiting for it to click over to 5 am, it was time to get up and get ready to take the train down to Brisbane CBD for the conference. I have been looking forward to the conference for a few weeks now and I am ready to go within 20 minutes (which means it is way too early to leave). I have a large cup of coffee to kill some time before I leave (not that I am going to need a large cup of coffee – conferences are a constant flow of coffees – we security folk love our caffeine). I finish my coffee and head off to the station to catch my train. While I am on the train I listen to a couple of security podcasts to bide my time until I arrive at Brisbane CBD station. I arrive at 7:30 am, too early for the conference (registrations don’t open until 8 am and it's only a 10-minute walk to the Hilton where it is being held this year).

When I finally rocked up to the conference at just after 8 am, it was the usual buzz of activity (I wasn't the only one who was keen to get the day started) there was a row of sponsors/vendors flanking the main foyer to the conference and they continued to wrap around the back of the two main conference rooms. The normal expectation when you arrive at any conference, but I glance around as I move towards the registration desk and it is the usual vendors that I would expect to see. However, I see a lock picking stall at the end and mentally tag that to go back to later on in the day. I have always wanted to give that a go but have never done it. It would have been interesting if I gave it a go (every time I went back past it was packed – I guess everyone else thought the same as me – I might get myself a kit and try it out on my own).

I signed in at the desk and picked up the swag bag (we normally get a bag at the conferences – I think its to allow us to easily carry or the vendor swag and promotional gear – without them we wouldn't be able to carry a quarter of what they give us). I then had a quick chat to a couple of peers I knew as I wandered through the foyer area back over towards the main conference area in preparation for that first presentation/talk of the day. I sat down a few rows back from the front of the room. To be completely honest I had no idea who the first presenter was and didn't even know how it was going to relate to security, I was a little sceptical of how it was going to be.

I wasn't going to single out any presenters in my article, but the first presenter really set the tone for the whole day and blew me away completely. His name is Deane Hutton and was the presenter on a show called "Curiosity Show" between 1971 and 1990. This guy was good at telling a story and making his points get across with a bit of humour and entertainment all wrapped in together. Yes, the primary content his presentation wasn't about security, but it was. He told this great story about how his grandfather, who was a dentist, saw a picture of a girl in the window of a photography store. His grandfather was taken aback by the image he needed to know who the girl was, so the next day he finished work early and went back to that store and told the shop owner that he would like to order a copy of the image of his cousin in the window, the shop keeper told him “so your cousin is …..” Social engineering at its finest there, then he paid for the photo and left.

He now has this girls name and would soon have a picture of her. When he goes back to get the picture the guy over the counter looks up the detail in the book he records all the picture details in and his grandfather saw the girl's name and other details list above his in the book where his reprint had been recorded. When they went out back to collect it he took note of her address. (A bit more social engineering and some shoulder surfing to go with it). His grandfather then went by the address on a few different occasions before, in the end, knocking on the door and asking the young girl if he would go for a walk with her on the weekend. She did and became Deane's grandmother. The last parts of this may have been a little bit like what we would call stalkerish in today's times but that is social engineering in a nutshell. I was surprised, how it was linked, he did a great job with that story and to be honest the rest of the presentation wasn't security related but the whole audience was already hooked so it didn't matter. The story stuck, and he finished his talk off with a final statement that rings true “What is my moment” he said we need to look out for it and take it. I love that point and totally agree with it.

The rest of the conference went as expected with the usual security related talks with the following main points that seem to keep coming up through the day:

Fighting cybercrime is everyone’s business – Not just Sec professionals, IT. Everyone needs to get involved.
Be good corporate citizens – it’s your story own it.
SMB's don't care about cybersecurity, it costs them money with no intrinsic value, so they would prefer to take the gamble that it won't happen to them. (This will happen to them it is just a matter of time – I just hope someone is able to help them survive it when it does –insurance probably won't cover them).

You’re probably thinking I have 600 words of my article to Deane and only about 150 words to the rest of the presentation’s, that’s true and not a representation of them being bad presentations or talks they were pretty good with some exceptional ones, but I just loved Deane's – I thought it was brilliant. Maybe I will do another article on some of the highlighted points later (I already have done one on should SMB's care about security) because they are good points that we need to hone in on.

The remainder of the conference was a mixture of food, coffee and vendor discussions but none of those really stood out to me, don't get me wrong there are some good products out there, but I am not going to do any sales pitches for them - that's not me. I think we could see some good developments in the future but nothing to write home about just yet.

So overall it was a good conference and for a small conference, it had some good content. If you can get to it next year it would certainly be worth a look, especially if you are based around Brisbane as even non-security folk can learn a few things from the day.

If you want to know anything specific or would like me to give an opinion on anything through the day make a comment or reach out to me. Let’s get a conversation started and solve some of these issues that seem to keep popping up again and again. Now to finish off in the words of Deane Hutton "what is my moment" keep an eye out for yours you never know when it could be.

Till next time…