Cyber Security Weekly Podcast

David Brooks, PhD, MSc, is the Post Graduate Security Science Coordinator at Edith Cowan University and has released research into intelligent building critical vulnerabilities and mitigation strategies. The ASIS Foundation, in partnership with BOMA International (BOMA) and the Security Industry Association (SIA), funded the project which has created first-of-its-kind guidance for practitioners in the security and building management fields. Intelligent Building Management Systems: Guidance for Protecting Organizations (https://community.asisonline.org/viewdocument/intelligent-building-management-sys) provides a framework to help decision-makers assign a risk-based criticality or impact to their building and asks relevant security questions to develop appropriate mitigation strategies. It also serves to establish a common language between the many intelligent building stakeholders. The guidance is based on original research, Building Automation & Control Systems: An Investigation into Vulnerabilities, Current Practice and Security Management Best Practice (https://community.asisonline.org/viewdocument/building-automation-control-syste), by David J. Brooks, Michael Coole, and Paul Haskell-Dowland of Edith Cowan University in Perth, Australia. David Brooks commenced his career in Military Air Defence, moving into the Electronic Security sector and, later, Security Consultancy. Dave is widely published with over 18 International Journal articles, seven book chapters and four books. His past security projects include the Roy Hill PMC team designing and implementing a project wide security system for the Roy Hill Iron Ore project. The project is a Greenfiled site with a capital expenditure of A$10 billion. Disclosure- Chris Cubbage co-authored a 2012 book with David Brooks: Corporate Security in the Asia-Pacific Region: Crisis, Crime, Fraud, and Misconduct, Christopher J. Cubbage, CPP, David J. Brooks, PhD https://www.crcpress.com/Corporate-Security-in-the-Asia-Pacific-Region-Crisis-Crime-Fraud-and/Cubbage-CPP-Brooks-PhD/p/book/9781439892275 (https://www.crcpress.com/Corporate-Security-in-the-Asia-Pacific-Region-Crisis-Crime-Fraud-and/Cubbage-CPP-Brooks-PhD/p/book/9781439892275) GUIDELINE LINKS Security Industry Association (SIA) https://www.securityindustry.org/wp-content/uploads/2018/08/Intelligent-Building-Management-Systems-Guidance-for-Protecting-Organizations.pdf (https://www.securityindustry.org/wp-content/uploads/2018/08/Intelligent-Building-Management-Systems-Guidance-for-Protecting-Organizations.pdf) ASIS International (media link) https://www.asisonline.org/publications--resources/news/press-releases/new-research-reveals-intelligent-building-security-risks-vulnerabilities-and-mitigation-strategies/ (https://www.asisonline.org/publications--resources/news/press-releases/new-research-reveals-intelligent-building-security-risks-vulnerabilities-and-mitigation-strategies/) BOMA International (BOMA) https://www.boma.org/BOMA/Research-Resources/Trends/Cybersecurity.aspx (https://www.boma.org/BOMA/Research-Resources/Trends/Cybersecurity.aspx) FULL REPORT via SIA https://www.securityindustry.org/wp-content/uploads/2018/08/BACS-Report_Final-Intelligent-Building-Management-Systems.pdf (https://www.securityindustry.org/wp-content/uploads/2018/08/BACS-Report_Final-Intelligent-Building-Management-Systems.pdf)  

Professor Martin Gill is a criminologist and the Director of Perpetuity Research. He is also the founder of the Outstanding Security Performance Awards. Martin has been involved in a range of studies relating to crime and security. He is widely published (14 books and over 100 articles) including the second edition of the ‘Handbook of Security’ published in 2014. Martin is a Fellow of the Security Institute, a member of the Company of Security Professionals and a Trustee of the ASIS Foundation. In 2010, he was recognised by the BSIA with a special award for ‘Outstanding Service to the security sector’. In 2016, he won the Imbert Prize at the Association of Security Consultants and ASIS International awarded him a Presidential Order of Merit for distinguished service. IFSEC also placed him the fourth most influential fire and security expert in the world. For the fourth year running, the Australian OSPAs partnered with ASIAL’s Security Awards for Excellence to celebrate the success and hard work of companies and individuals across the Australian security industry. The competition this year was tough. As always, winners and runners up were selected by a judging panel of esteemed security professionals. Recorded on the day winners were unveiled at a prestigious Awards Ceremony and Dinner on 18 October at Sydney’s Doltone House Hyde Park, where security professionals gathered to reward outstanding performance. For the list of Category Winners, visit https://au.theospas.com/2018/10/18/australian-ospa-winners-announced-at-the-2018-security-awards/ (https://au.theospas.com/2018/10/18/australian-ospa-winners-announced-at-the-2018-security-awards/) (https://au.theospas.com/2018/10/18/australian-ospa-winners-announced-at-the-2018-security-awards/)For more information visit https://theospas.com/ (https://theospas.com/)  

Meet twins, Noushin Shabab and Negar Shabab, perhaps, the only twins in Australia specialising in cybersecurity. Noushin is a malware researcher with Kaspersky Lab and Nagar is an Application Security consultant with PS&C Group. These twins grew up attending a special school for whiz kids and are now slowly making their mark in education and the industry to bridge the country’s cybersecurity talent shortage. From the age of 11 years when first using a computer, the two recall growing up, taking turns to make ‘escape room’ versions in their home to see who could find an escape at the fastest time. These early childhood memories developed a fascination with solving problems, especially with puzzles and board games. When they reached middle school, the two learnt computer programming which nurtured a deeper interest in programming. In high school they frequently competed in a number of national programming contests and managed to sit on within the top 3 positions for a few. It was around this time, they realised they wanted to pursue a career in computing and did a degree in programming and computing in university. These identical twins are perhaps just of a few Australians with a niche in reverse engineering. Based out of the Melbourne office at Kaspersky Lab, Noushin says, “In 2016 when I first started looking for a job in this field, I noticed how large the skill gap shortage of security researchers were in Australia. However, since the attack that caused Census (Australian Bureau Of Statistics) to shut down and Wanna Cry ransomware, the government and education ministries found it crucial to grow a new breed of students and professionals in the field of cybersecurity. Her older sister by a few minutes, Negar adds, “Our new projects and partnerships with these universities and are very exciting as both parties can truly make a difference for this industry.” This interview was recorded in Sydney on 18 October, 2018.

Jane started her career in Canada after graduating from Electrical and Computer Engineering studies, and worked in the City of London for 10 years consulting for Corporates and Banks, before relocating back to Singapore. er experience included using data predictive analytics for fraud at global financial institutions (Deustche Bank, JP Morgan) and advisory to financial institutions with PriceWaterHouseCoopers.  Amongst 24+ articles with MySecurity Media her key Cyber Security publications include Chinese New Year Heist (https://issuu.com/apsm/docs/asm_feb_march_2017_final (https://issuu.com/apsm/docs/asm_feb_march_2017_final)), Cyber Security of Assets in the InterConnected Era (https://issuu.com/apsm/docs/asm_aug_sep_2017 (https://issuu.com/apsm/docs/asm_aug_sep_2017)) Data Protection & Privacy – Perspectives from Facebook, Google & Apple (https://issuu.com/apsm/docs/apsm_sep_oct_2018/38 (https://issuu.com/apsm/docs/apsm_sep_oct_2018/38)) Interview recorded at Marina Bay Sands, Singapore on 12 September 2018 at Data Center Dynamics – DCD South East Asia (https://twitter.com/hashtag/DCDAustralia?src=hash)#DCDSingapore

Benjamin Ang is a Senior Fellow in the Centre of Excellence for National Security (CENS) at the S. Rajaratnam School of International Studies (RSIS), an autonomous Singapore graduate school and policy-oriented think tank within the Nanyang Technological University. Benjamin Ang leads the Cyber and Homeland Defence Programme of CENS, which explores policy issues around the cyber domain, international cyber norms, cyber threats and conflict, strategic communications and disinformation, law enforcement technology and cybercrime, smart city cyber issues, and national security issues in disruptive technology. Prior to this, he had a multi-faceted career that included time as a litigation lawyer arguing commercial cases, IT Director and General Manager of a major Singapore law firm, corporate lawyer specialising in technology law and intellectual property issues, in house legal counsel in an international software company, Director-Asia in a regional technology consulting firm, in-house legal counsel in a transmedia company, and senior law lecturer at a local Polytechnic, specialising in data privacy, digital forensics, and computer misuse and cybersecurity. Benjamin graduated from Law School at the National University of Singapore and has an MBA and MS-MIS (Masters of Science in Management Information Systems) from Boston University. He is qualified as an Advocate and Solicitor of the Supreme Court of Singapore, and was a Certified Novell Network Administrator back in the day. He also serves on the Executive Committee of the Internet Society Singapore Chapter. Interview recorded September 12, 2018, Singapore.

Tony Campbell is a Security Architect and Editor of the Australian Cyber Security Magazine (ACSM) – in the lead up to Issue 6 of the ACSM we discuss the business and board applications of the Australian Signals Directorate (ASD) Essential 8 cybersecurity strategies (https://acsc.gov.au/publications/protect/essential-eight-explained.htm) and how these can be applied and inform the business and board of directors. Recorded at BSides Perth 2018 which attracted over 300 delegates, including kids and families, to UWA Business School and along with t-shirts, beanies and tool kits, delegates also received a cool and unique handmade conference badge, using a NodeMCU ESP8266 WiFi SoC. Security BSides (commonly referred to as BSides) is a hacker convention, held amongst a growing eco-system of events in Australia and New Zealand that provide a community driven framework for information security conferences. For the full podcast series from #BsidesPerth visit https://australiancybersecuritymagazine.com.au/bsidesper-2018-podcast-series-bsidesperth/ (https://australiancybersecuritymagazine.com.au/bsidesper-2018-podcast-series-bsidesperth/)

Interview with Alex Dolan (@dolesification) and #Osprey (Michael) in their roles as facilitators of the #BSidesPerth Capture the Flag #CTF competition held at BSides Perth in September 2018. With a focus on web applications and starting with GRC challenges, the CTF had a unique WA flavour and lean with IoT device security. Well done to ‘Tony’ who took a commanding lead. Recorded at BSides Perth 2018 which attracted over 300 delegates, including kids and families, to UWA Business School and along with t-shirts, beanies and tool kits, delegates also received a cool and unique handmade conference badge, using a NodeMCU ESP8266 WiFi SoC. Security BSides (commonly referred to as BSides) is a hacker convention, held amongst a growing eco-system of events in Australia and New Zealand that provide a community driven framework for information security conferences For the full podcast series from #BsidesPerth visit https://australiancybersecuritymagazine.com.au/bsidesper-2018-podcast-series-bsidesperth/

Interview with Dr Jodie Siganto, a lawyer who accidentally strayed into security about 18 years ago and never been able to get out. Fascinated by what happens at the interface between humans and technology, particularly in the security and data privacy realm. Intrigued by what shapes security practice and our failure to change. Jodie’s proposal is that as information security practitioners we think of ourselves as professionals with a special expertise. But is this perspective real? Or are we more like security brokers negotiating an acceptable outcome with the business? "If we are a profession, then who is shaping that profession? If we are experts, is education producing the right person? By looking at some of these questions, I hope to start a conversation about how we might re-shape security practice to delivery better results for practitioners, their employers and the community more generally." Recorded at BSides Perth 2018 which attracted over 300 delegates, including kids and families, to UWA Business School and along with t-shirts, beanies and tool kits, delegates also received a cool and unique handmade conference badge, using a NodeMCU ESP8266 WiFi SoC. Security BSides (commonly referred to as BSides) is a hacker convention (https://en.wikipedia.org/wiki/Hacker_convention), held amongst a growing eco-system of events in Australia and New Zealand that provide a community driven framework for information security conferences.  

We sit down with Anton Opperman, CEO of CyLon at ICE71. CyLon is the world’s leading cybersecurity accelerator. Since launching in London in 2015 CyLon has run several accelerator programmes, successfully accelerating over 50 cybersecurity startups, many of which are now working with major global corporations, governments and world-leading investors. CyLon is working in partnership with Singtel Innov8 and NUS Enterprise to deliver the ICE71 Inspire and ICE71 Accelerate programmes. ICE71 ‘Innovation Cybersecurity Ecosystem at Block71’ is the region’s first cybersecurity entrepreneur hub. Founded by Singtel Innov8, the corporate venture capital unit of Singtel, and the National University of Singapore (NUS), through its entrepreneurial arm NUS Enterprise, ICE71 aims to strengthen Singapore’s growing cybersecurity ecosystem by attracting and developing competencies and deep technologies to help mitigate the rapidly increasing cybersecurity risks in the region. Supported by the CSA and the IMDA, ICE71 is Singapore’s first integrated cybersecurity entrepreneur hub, supporting and developing early and growth stage cybersecurity entrepreneurs and startups from around the world.run a range of programmes designed to support cybersecurity individuals and startups from idea development to the creation, acceleration and scaling of cybersecurity startups. In addition, through the ICE71 community they will provide startups with go-to-market access, introductions to corporates and channel partners. For more information about CyLon please visit www.cylonlab.com (https://www.cylonlab.com/) and for ICE71 visit https://ice71.sg/ (https://ice71.sg/) For the upcoming Collaborated event between ICE71 and Cyber Risk Meetup, November 1 at ICE71 visit https://www.cyberriskmeetup.com/events/secrets-of-the-hacker-revealed (https://www.cyberriskmeetup.com/events/secrets-of-the-hacker-revealed)  

Interview with Ricki Burke and Sarah Young, co-organisers AllSec Meetups in Melbourne and we dive into Ricki’s @BsidesPer Workshop and Sarah’s SecDevSecOpsSec session. Ricki is the Director and Founder of CyberSec People and partners with organisations around ANZ to hire infosec (Cyber Security) professionals. He is embedded in the security community, is active at cons and Meetups and built many friendships along the way. With a passion for supporting people to break into security, he has helped many land their first job in the industry. Ricki's recent articles with the Australian Cyber Security Magazine * I want to be a Hacker – but where do I start? https://issuu.com/apsm/docs/acsm_issue_2_2017/24 (https://issuu.com/apsm/docs/acsm_issue_2_2017/24) * Cyber Security in 2017 – https://issuu.com/apsm/docs/acsm_issue1_2017/42 (https://issuu.com/apsm/docs/acsm_issue1_2017/42) Sarah is a security architect based in Melbourne, having previously worked in New Zealand, London and various parts of Europe across a range of industry sectors. In her current role, Sarah helps enterprises move their stuff into the cloud securely. She spends most of her spare time eating hipster brunches and high teas.- Sarah's session: “SecDevSecOpsSec: let’s stop throwing around the buzzwords.” With phrases like “DevSecOps” out there, how many of us actually know what this means? We have DevSecOps, SecDevOps, secure pipelines, security toolchains, etc. too often used interchangeably and with no clear “official” definition. In her talk, Sarah sought to distill the exact meanings of each of these and use examples from her own experiences of creating automated security processes to explain how each can be effectively used, and the tools that she has used to do this.  

In the last of our Data Centre podcast series with DCD, we conclude in Singapore with Prof. Greg Sherry, General Director/ Professor, DCPRO Development and CEO of VARceti. Greg has been involved with the IT Industry for 40 years and has worked in many aspects across the data centre business.Greg has been delivering Data Centre training for many years and was a trainer for the CDCDP classes, the BICSI Data Centre design course, and most recently, the training courses from DCPRO. He is the author of the world’s most widely taught data centre training course, Data Centre Design Awareness, and a contributing editor to several other courses.  Greg has delivered training across the globe on every populated continent, to more than 1000 students in some of the industries’ largest organisations. He is widely recognised as one of the world’s leading data centre design authorities. Recent projects in Russia have included the design supervision and risk management of a 2Mw, Phase 2 build project for an International Colo provider. The review of design and operational procedures for a major Russian Telco. Audit and review of existing facility for International telco and subsequent report detailing future strategy for data centre operations. Audit of Russian DC for one of the world’s largest consultancies. Greg has recently been appointed as a Professor at Plekhanov Russian University for Economics, and teaches a post graduate class in Data Centre design there. Interview recorded at Marina Bay Sands, Singapore on 12 Sept 2018 at Data Center Dynamics – DCD South East Asia #DCDSingapore (https://twitter.com/hashtag/DCDAustralia?src=hash) For the full series of DCD Data Centre Podcasts visit https://australiancybersecuritymagazine.com.au/data-centre-deep-dive-with-dcdaustralia-dcdsingapore/  

This interview with Dr. Keyun Ruan dives into her research in identifying the value of ‘cyber’ in business, establishing traceability for better risk management, analyzing the attacker’s role in cyber risk and the outlook for the future of cyber risk quantification. Dr. Keyun Ruan has worked as a PhD researcher at the Center of Cyber security and Cybercrime Investigation (University College, Dublin) and in cloud forensics at the Cyber Security Research Lab (EADS). She was among the first in the world to work on this emerging area. Professor Ruan has given talks around the world in both academic and industry conferences, including CloudEXPO Europe and Silicon Valley, Cloud Futures held at Microsoft Research Headquarters, Cloud Security Alliance Congress, RSA Conference Europe, Campus Party Europe, the ADFSL Conference on Digital Forensics Security and Law, the International Conference on Digital Forensics and Cyber Crime, the IFIP International Conference on Digital Forensics. Keyun is now Chairperson and CRO of New York based XENSIX Inc, research scientist at University College Dublin, and research partner at EADS. She is an active member of the Cloud Security Alliance, member of the board of Cloud Security Alliance Ireland, and is leading the Cloud Security Alliance Incident Management and Forensics Working Group. She is an active contributor to the NIST Cloud Computing Program, and a Technical Lead of the NIST Cloud Forensics Working Group. She is also a semi-professional artist and holds a diploma in Art and Design from the National College of Art and Design, Ireland. Interview conducted recorded 5 September, 2018 at Cyber Security Asia, Kuala Lumpur, Malaysia https://cybersecurityasia.tech/ – MySecurity Media attended courtesy of Thomvell International #CSA2018

Invisible, inaudible, and ignored, your devices are currently screaming out large amounts of information about you, your habits, your pattern of life to anyone who cares to listen. ‘Stephen’, who hails from the South Pacific and exported to the financial services sector in Singapore, presented at #BSidesPerth to demonstrate how to listen in, what is commonly being broadcast, what can be done with this information, and how you can minimise the risks. Interview.References ACMA Spectrum Plan is available via https://www.acma.gov.au/theacma/australian-radiofrequency-spectrum-plan-spectrum-planning-acma (https://www.acma.gov.au/theacma/australian-radiofrequency-spectrum-plan-spectrum-planning-acma) Transport For London WiFi pilot original was here (PDF): http://content.tfl.gov.uk/review-tfl-wifi-pilot.pdf (http://content.tfl.gov.uk/review-tfl-wifi-pilot.pdf) Excerpted page 20 from the report as slide 12: https://obvi.us/presentation/rf-sig/#s12 (https://obvi.us/presentation/rf-sig/#s12) List of places a car had shown up in Singapore: https://obvi.us/presentation/rf-sig/#s19 (https://obvi.us/presentation/rf-sig/#s19) For a link to Stephen’s website visit  https://obvi.us (https://obvi.us/) Recorded September 15, 2018. #BSidesPerth (https://twitter.com/hashtag/BSidesPerth?src=hash) - for event pics (including the conference badge) - visit APSMs Facebook page (https://www.facebook.com/media/set/?set=a.2022069374480704&type=1&l=a8ebde5166) (https://www.facebook.com/media/set/?set=a.2022069374480704&type=1&l=a8ebde5166)About BSidesPerth BSides Perth (https://bsidesperth.com.au/) is organised by three mates with a collective 'lot' of years in the InfoSec industry...doles (https://twitter.com/Dolesification) (Alex Dolan), nidogski (https://twitter.com/NHardy) (Nigel Hardy) and sneaky (https://twitter.com/pete12601) (Peter Yorke). BSides Perth attracted over 300 delegates, including kids and families, to UWA Business School and along with t-shirts, beanies and tool kits, delegates also received a cool and unique handmade conference badge, using a NodeMCU ESP8266 WiFi SoC. Security BSides (commonly referred to as BSides) is a hacker convention (https://en.wikipedia.org/wiki/Hacker_convention), held amongst a growing eco-system of events in Australia and New Zealand that provide a community driven framework for information security conferences. BSides was co-founded by Mike Dahn, Jack Daniel, and Chris Nickerson in 2009. Due to overwhelming number of presentation submissions to Black Hat USA in 2009, the rejected presentations were presented to a smaller group of individuals - these became known as the BSides.

Following his presentation on stage at Cyber Security Asia, Kuala Lumpur, we sat down with Reuben Paul, our youngest guest and Cyber Security Ambassador, Child Hacker, Black Belt in Shaolin Do Kung Fu, USA Gymnast, Video-gamer & Cyber Ninja. These are some of the growing titles used to describe 12-year-old Reuben Paul aka “RAPst4r”, the Founder of CyberShaolin. Reuben was an invited speaker and has delivered over 10 keynotes and over a dozen talks covering various topics ranging from hacking IoT smart toys, Windows OSes, Metasploit, SQL injection, password cracking, hacking mobile devices, malware and social engineering with live demos. He has also been featured at several industry leading security conferences such as (ISC)2 Security Congress, RSA, DerbyCon, Hack In The Box (HITB) HaxPo (Netherlands), Houston Security Conference, BSides Austin, Ground Zero, InfoSec (India), GeekFest Berlin, Secure Poland, Kaspersky Security Analyst Summit, and the International One Conference (Netherlands). He recently shared the stage as a co-keynote speaker with Ms. Glover-Jones, the CIO of the Defense Intelligence Agency in the 2017 Department of Defense Intelligence Information Systems (DoDIIS) worldwide conference. His demonstrations of hacking smart toys and talks on “Creating a Safe and Secure Cyber World for kids (by a kid)”, “Developing r00t-kidz: The Future of Cybersecurity” and his debut talk entitled “InfoSec Reuben was featured as a hacker kid in the 15 under 15: rising stars in Cyber Security. For more on CyberShaolin visit https://www.cybershaolin.org/ Interview conducted alongside Reuben's father, Mano Paul and recorded 5 September, 2018 at Cyber Security Asia, Kuala Lumpur, Malaysia https://cybersecurityasia.tech/ (https://cybersecurityasia.tech/) - MySecurity Media attended courtesy of Thomvell International #CSA2018  

BSides Perth (https://bsidesperth.com.au/) is organised by three mates with a collective 'lot' of years in the InfoSec industry… doles (https://twitter.com/Dolesification) (Alex Dolan), nidogski (https://twitter.com/NHardy) (Nigel Hardy) and sneaky (https://twitter.com/pete12601) (Peter Yorke) – here’s their perspective on BSides and the massive effort required to put a community driven conference together. BSides Perth attracted over 300 delegates, including kids and families, to UWA Business School and along with t-shirts, beanies and tool kits, delegates also received a cool and unique handmade conference badge, using a NodeMCU ESP8266 WiFi SoC. Security BSides (commonly referred to as BSides) is a hacker convention, held amongst a growing eco-system of events in Australia and New Zealand that provide a community driven framework for information security conferences. BSides was co-founded by Mike Dahn, Jack Daniel, and Chris Nickerson in 2009. Due to overwhelming number of presentation submissions to Black Hat USA in 2009, the rejected presentations were presented to a smaller group of individuals - these became known as the BSides. Recorded September 15, 2018. #BSidesPerth - for event pics (including the conference badge) - visit APSMs Facebook page (https://www.facebook.com/media/set/?set=a.2022069374480704&type=1&l=a8ebde5166)