//Blogs - 25 Nov 2020

AusCERT at the 2020 FIRST Conference: virtual edition

We’ve all heard the story – 2020 has been a year marked with exceptional challenges and without a doubt, one of the most affected sectors from the Covid-19 pandemic has been the events and conferences industry.

With travel restrictions in place for the foreseeable future, conference organisers have had to be creative in the delivery of their events. 

In my role at AusCERT, this meant having to pivot our very own annual conference into an entirely virtual format. I’ve posted my personal thoughts on working behind the scenes in delivering (a successful) AusCERT2020 conference via LinkedIn here. Despite the challenges faced, the learnings I have taken away from this experience; coupled with my witnessing of our delegates, speakers and colleagues who all rose to the occasion in the spirit of camaraderie and innovation – will be something I’ll never forget or take for granted again in my career! 

That aside, I had the pleasure of being on the “flipside” recently and was fortunate enough to participate as a delegate at the 2020 FIRST Conference: virtual edition. FIRST is the Forum of Incident Response and Security Teams and it brings together a wide variety of security and incident response teams including especially product security teams from the government, commercial, and academic sectors.

This is FIRST’ 32nd annual conference and the theme was “Where Defenders Share”, highly relevant to the work that we do at AusCERT.

I tuned into all the keynotes and really enjoyed how they’d each varied from each other!

Keynote 1
Tracking Targeted Digital Threats: A View from the Citizen Lab by Ron Deibert, Director of  Citizen Lab (Munk School of Global Affairs, University of Toronto)

In his presentation, Ron presented some super interesting evidence-based info from the work done at Citizen Lab. Their projects shed light on some increasingly critical issues at the intersection of race, surveillance, free expression, privacy, and power. My personal key take-away from his presentation was this message ‘not all high-end spyware, whatever does the trick!’ – a reminder that some of the biggest security issues we face don’t necessarily stem from high-end technology. 

Keynote 2
Project Zero’s Disclosure Philosophy by Ben Hawkes, Project Zero Team Lead at Google

‘Untangling the vulnerability disclosure debate’ – before tuning into Ben’s presentation, I was extremely intrigued by his one-line premise and the content certainly delivered! In his presentation, it was made clear that Google’s Project Zero was of the opinion that the best way to combat the exploitation of zero-day vulnerabilities is by predicting attackers’ movements. Ben also revealed that Google’s elite bug-hunting team is looking to build a “crystal ball” for forecasting miscreants’ behaviour based on expert forecasts from cybersecurity professionals. His keynote was also covered by the team from PortSwigger here.

Keynote 3
Transforming Security: Optimizing Five Trends to Enable Security for Businesses of all Sizes by Kathleen Moriarty, CTO at Center for Internet Security

Last but certainly not least, I tuned into the final conference keynote by Kathleen Moriarty who was recently appointed CTO at the Center for Internet Security. The key message from her presentation was that, in order to combat cyber threats, including those that impact SMEs that are part of the supply chain – we need to rethink how information security is delivered and managed. For me personally, this presentation really tied in to the concept of “3-Ps” of comprehensive cybersecurity – products, policies and people, an important reminder to get the basics right within every organisation and one that I thought was great session to tune into for the management folks in our sector. 

As most of us are aware, conferences are a great way to learn new skills and access the latest trends and insight in the sector.

For me personally, being a delegate at FIRSTCON20 allowed me to achieve greater awareness and understanding of both existing (mature) and emergent technologies – especially from the perspective of someone who doesn’t possess a technical background in the sector. 

I have been informed that the conference recordings will be moved to permanent FIRST hosting and will be made publicly available via their website and YouTube channel shortly.

Congratulations team FIRST, 1600 registrations from nearly 100 countries – that was an incredible feat, job extremely well done in 2020!

Laura Jiew
AusCERT Events and Marketing Communications Specialist