ISACA Wellington Education Day 2019

The highly popular Education Day hosted by the ISACA Wellington Chapter is on again.

The format will be similar to previous years and will provide a number of thought-provoking speakers on related topics to "Cloud, Cyber Security and Privacy."

Topics include: "The Journey to the Cloud: Bridging the Chasm", " Cyber Psychology and the Impact of Rapid Technological Change", "Security Orchestration, Automation and Response", "Design for a Better World", Privacy Law Reform",

Our speakers include:

• Erica Anderson, SafeStack
• Peter Benson, Cyber-Psych.org
• Ian Donovan, InPhySec
• Jon Duffy, Privacy Commission
• Dr. Chris Roberts, NZ National Cyber Security Centre
• Jim Scully, NZ Co-Founder & Partner, Tumu Mamatua – Thinkplace
• Greg Singh, Swimlane

Full attendance will earn up to 7 hours CPE, subject to confirmation of the final programme.

All ISACA  and IIANZ members are welcome to join the Board of ISACA Wellington at the conclusion of the Education Day for complimentary drinks and nibbles.

Please email any questions or dietary requirements to secretaryisacawellington@gmail.com

Thank you to KPMG and Swimlane for supporting this event.

Current agenda –

See below the agenda for speaker and topic expanded information as it becomes available.

Topics and Speakers include:

Speaker: Erica Anderson, SafeStack
Erica is currently a principal consultant and is leading the Wellington office for SafeStack. She has worked in various roles in IT and infosec - she has been a consultant, engineer, tester, analyst, incident responder, and teacher. She has worked with a wide range or organisations, from small NZ businesses to global corporations. Being in Wellington, she has also done her share of public sector work. She knows what it feels like to try and move fast while staying secure. Aside from work and various speaking events, Erica loves spending her time causing general chaos in the New Zealand infosec community by running events like Kiwicon, Kawaiicon, BSides Wellington, and Code Club Aotearoa.

https://www.safestack.io/

Topic: Ghosts of incident past: Which security controls really matter
We all know that auditing is about assessing controls to make sure risk is being addressed. When it comes to cybersecurity risks, it probably feels a bit daunting because the incidents are occurring more often, the technology and tools are getting more sophisticated, and the control catalogues are getting longer. It can be really hard to focus on what is important and what is needed to mitigate risk. Erica is going to talk through some common security incidents that she has come across in her career in infosec, and go through the controls that made a difference.

Speaker: Peter Benson, founder of Cyber-Psych.org and Cyber4
Peter, founder of Cyber-Psych.org and Cyber4, considers himself a security curmudgeon, and is one of the region's leading Cyber Security specialists. His expertise and experience in Information Security extends over 25 years across many sectors, in particular telecommunications. His strategic view of IT Security, ethics and privacy and ability to pre-empt directions the industry is taking, has made him an in-demand advisor assisting organizations of all sizes to effectively manage their corporate risks. Peter was a pioneer in CISSP training and certification in the Asia-Pacific region and continues to be an in-demand speaker for training courses and conferences.

Peter was previously the founder of Security-Assessment.com and CodeScan Labs, and his latest start up Cyber4 is a fresh approach to using AI to optimizing organisational health and productivity, across society and business. The solutions range from culture management, through to leadership and performance, to team behaviours and performance, through to people analytics and real world outcomes.

https://www.cyber-psych.org/

Topic: Cyber Psychology and the Impact of Rapid Technology Change
The rate of pace of technology change is increasingly impacting on society. Technology is moving faster than our ability to adapt, leading to "unintended consequences" and impacts to the social fabric. Cyber-Psychology gives us tools to start taking back some control of our own destiny.

Speaker: Ian Donovan, InPhySec
Ian joined InPhySec 2.5 years ago and is our Forensic and Incident Response Lead. Ian has over 12.5 years’ digital forensic experience and has certified with a; BSc in Forensic Computing, EnCE, CFCE, CMDE and CAWFE. He worked at New Zealand Police and extensively analysed digital devices. Prior to this, he worked at PwC and undertook eDiscovery cases for his clients. Ian provides training to students attending the Advanced Windows Forensic Examiner class for IACIS and is the chairman of this class.

https://www.inphysec.co.nz/

Topic: Piecing Digital Evidence Together, from JumpList to Jail
Suspect targets dormant bank accounts and steals $500,000 using fraudulent bank cards. A JumpList shows his knowledge, and an ATM log provides attribution. Experts rarely go on the stand and say the suspect was physically at their keyboard when a crime was committed (attribution). However, when you chuck a JumpList, an SQL statement and some ATM logs into the mix, attribution became a whole lot easier.

Speaker: Jon Duffy, Assistant Commissioner, Privacy Commission

Topic: Opening Keynote: Privacy Reform

Speaker: Chris Roberts, New Zealand National Cyber Security Centre

Chris holds a PhD in information science from Otago University (specialising in cybercrime and its risk management), is a qualified Management Accountant, Chartered Secretary and Information Systems Auditor. He has over 47 years of IT, consulting, commercial and technology assurance experience, almost 35 years of which he has specialised in technical security, technology risk management, IT assurance and IT governance.

He is currently the Head of Information Assurance and Cyber Security Research at New Zealand’s National Cyber Security Centre. In this role he provides information assurance and technology security advice and guidance to NZ Government Agencies, and is responsible for the ongoing development of New Zealand’s national technical security policy for NZ Government Agencies (the NZ Information Security Manual). Chris has researched, edited and written large portions of the NZISM since the first edition in 2010.

He also lectures on external training programmes and is an occasional visiting lecturer to the Wellington Institute of Technology and to Otago and Victoria Universities.

https://www.ncsc.govt.nz/

Topic: The Journey to the Cloud: Bridging the Chasm

Speaker: Jim Scully, Tumu Māmātua - ThinkPlace | NZ Co-Founder and Partner

Jim is the co-founder of ThinkPlace in NZ and is the global culture lead dedicated to releasing peoples’ collective innovation potential. During his career, he’s successfully pioneered design thinking in the New Zealand public sector, built a lasting innovation capability, started up a business and led transformation teams across multiple countries. Jim’s accomplishments also include assisting a major Australasian public transport provider pivot their organisation to be authentically customer-centred; helping policy leaders re-imagine their framework for a high performing, future-positioned policy system; and ensuring national planners considered human factors when designing a smarter suburb. Jim often helps out with innovation projects or panels; especially when it involves the UN’s Sustainable Development goals. Prior to ThinkPlace, Jim was a senior manager in Inland Revenue, EDS Asia Pacific and Telecom NZ. https://www.thinkplaceglobal.com/people/jim-scully.

https://www.thinkplaceglobal.com/company/who-we-are

Speaker: Greg Singh, Sales Engineer
Greg Singh is a 23+ year Information Technology veteran with more than 18 of those dedicated to Information Security. Greg has held positions with Technology Vendors, Service-Providers, Systems Integrators and End-User Organisations in predominantly technical leadership and evangelism roles.

Greg is a recognised Subject Matter Expert in Cyber Crime, Vulnerabilities, Malicious Code and exploits that sees him speaking about both the tactics and techniques used by the perpetrators as well as mitigation strategies that can employed to defend such attacks.

Today, Greg works for Swimlane as a Pre-Sales Engineer covering the APJ region team, a primarily outward facing role for the organisation that’s sees him helping organisations transform the efficiency of their Security Operations Centres through Automation. Previously Greg has held various roles with vendors Skybox-Security, Cylance, Splunk, QuintessenceLabs, Blue Coat & RSA and service providers Optus, Telecom New Zealand and British Telecom.

Greg holds a Bachelor of Engineering from the University of Wollongong.

https://swimlane.com/

Topic: Automating Human Best Practices, the best of both worlds.
This talk engages with the audience around melding human best practices (which may or may not exist within their organisation) into automated workflows. Automation and orchestration are becoming increasingly important if organisations are to cope with the rising tide of cybersecurity events, related alerts and remediation required. It challenges them to think about how this could impact their organisation and their own personal day to day duties.

past_event