AusCERT2021 Member Individual of the Year Winner

AusCERT2021 Member Individual of the Year Winner

After the recent AusCERT2021 conference, we caught up with Simon Coggins (Principal Systems Engineer at CQUniversity) to discuss his role in the cyber security sector, and how he felt about being awarded AusCERT2021’s ‘Member Individual of The Year’.

Tell us a little about your professional career?

I’ve always been interested in system administration and networking. When I was in high school I started my own Bulletin Board System with a large user base and had a FidoNet address so that we could transfer email and forum posts around the world. While studying at university I started working at the local Internet Service Provider. We were small enough to only have a few staff so everyone had multiple jobs. I was a Sysadmin, Network Engineer, Developer and Tech Support.

This led me to work at a University in NSW where I was the Network and Systems Management Officer. My role there involved  both networking and system administration duties as well as acting as a translation bridge between the network team and the sysadmin team. After working for 6 years at this university, friends I knew through the System Administrators Guild of Australia suggested I apply for a job at Central Queensland University, so I did..

That brings me to my current job that I’ve been in for over 15 years now. I started out as a Senior Systems Administrator and a few job title changes and roles later I’m now a Principal Systems Engineer. Because of my System Administration and Networking background and an understanding of how everything fitted together, this acted as a catalyst for security to start being included in things I was looking at.

What’s involved in your day-to-day role as Principal Systems Engineer at CQUniversity ?

I’m always busy doing something and every day is different. I’m the primary lead on our Linux Fleet, Firewalls, Load Balancers, SIEM platform, SAN Storage, Email Security, and the list goes on. So on any given day I will be doing operational work to keep the fleet of services running, level 3 work tickets that come in about weird issues that need problem solving, or project work for evaluating new products and testing them. Given I have a better than average understanding of how our network and systems fit together, and I have good problem solving skills, that allows me to help identify the cause of complex issues quicker.

I like to think that my primary role is to automate my boring jobs where possible so I can focus on the fun ones but at the end of the day, I’m just someone that likes to solve problems, and in the process help people.

Congratulations on winning the Member Individual of the Year! What does winning this award mean to you? What course will you use your SANS-sponsored prize for?

It’s a great honour. AusCERT is very trusted in the security community so getting this award is a huge deal. For me it means that what I’m doing is definitely helping other people.

When I do things for CQUniversity I think to myself “Would this help me if someone else shared it?” If so, then I go and share that with the wider community via AusCERT. This award reaffirms I’m doing good in the community.

As for SANS courses, have you seen the list? It’s huge! I’m still trying to decide what I want to do, I’m thinking maybe Continuous Monitoring and Security Operations or something else on the Blue Team track.

What do you see as some of the main cyber threats in today’s society? Are you seeing any trends of particular threats becoming more common?

Ransomware and Phishing is the obvious choice, but for us we are seeing more and more supply chain attacks.

The SolarWinds and PasswordState attacks drive home that you can do everything you possibly can to protect your systems, but you are only as good as the security of the companies that provide your tools. We need to update to fix security vulnerabilities but we can’t update until we’re sure the update hasn’t been compromised. Delay updating and you could end up with ransomware, be proactive and end up with a state based actor in your systems … It’s getting very hard!

If you could give one piece of advice for organisations and IT/cyber security professionals, what would that be?

In most cases you aren’t the only one defending against that cyber incident. At the end of the day we’re all Cyber Security Professionals and we’re probably defending against the same thing, at least across the same industry.

You might be surprised to find out that your industry, even though it is competitive at front of house, already has an information sharing mechanism in place to assist and share common threats across the industry and there is a good chance that AusCERT knows where to point you. They are also happy to accept any security reports, malware samples, and indicators of compromise that you might have, anonymise them and share them with the wider community of AusCERT members if you wish to remain anonymous.