30 Years 30 Stories

AusCERT 30 Years 30 Stories – Jamie Gillespie

Past AusCERT employee and long-time supporter, Jamie Gillespie kickstarted his career in cyber security as AusCERT experienced massive growth in the early 2000s. Allowing Jamie to travel internationally, he looks back on his time with AusCERT with appreciation. Now working at the Asia-Pacific Network Information Centre (APNIC), Jamie is a repeat speaker at AusCERT conferences.

How long did you work for AusCERT?

I was a senior security analyst for eight years in the early 2000s when AusCERT was small and experiencing lots of growth. In 2002 AusCERT held its first conference, which I was lucky enough to help plan, organise and execute, doing so for several years after that. We also conducted the first computer crime and security survey in 2002. Working with Katherine Kerr and the rest of the team, we asked the questions, analysed the data, and created presentations to showcase at AusCERT and other conferences as well.

What’s it like being a speaker at the AusCERT conference? What will you be talking about this year?

I’ve spoken at the AusCERT conference for a couple of years now. Last year my presentation was on APNIC’s Vulnerability Reporting Program. This year, my presentation was on TLS implementations of SMTP servers. It’s a niche topic, but I had a good time putting the data together, and a lot of delegates were interested as well. It was great to be able to share my research and tips on improving SMTP and email security.

Can you describe a particularly memorable experience you had when working at AusCERT?

The most memorable parts of working at AusCERT was when I moved into the training team. We were delivering training in capital cities around Australia and New Zealand. We delivered technical training as well as security management training. I went to many countries doing Computer Security Incident Response Team training (CSIRT), helping them to grow or establish their teams. Thailand was my favourite, but I also travelled to Papua New Guinea, Mexico, Chile, Peru, and Singapore. I found helping other countries create their own national security teams to be very rewarding. Some governments took longer than others, but now I can look back and see these countries with established national security teams, participating in global cooperative efforts to make the internet more secure.

How has the cyber security landscape changed since you worked at AusCERT, and what new threats have emerged?

Security has changed a lot since my time at AusCERT. In the eight years I was there, we began selling security to organisations, informing them of the importance of security programs and technical security uplifts. Now with the high publicity of major security breaches, such as Optus and Medibank, it’s impacting almost everyone on a personal level. It doesn’t matter if they’re regular employees in an organisation or on the board and C-suite, employees understand security because they’re being impacted day to day. On a corporate level, this has made security discussions much easier.

How do you think AusCERT support their members in achieving their security posture and what are some of the most effective strategies you used?

In the early 2000s, we had the basic incident response and training services, but now AusCERT has expanded. The number of services that they’re providing, both technical and human interaction are wonderful. The AusCERT Cyber Security Conference is a great forum for raising security awareness and providing knowledge sharing. When AusCERT started in 2002, there were no good independent security conferences in Australia. Some were vendor-based, but it was largely vendor pitches. The general services that AusCERT provide to all members have been growing and I’m excited to see what AusCERT does next.

How has your experience working at AusCERT influenced your career path and approach to cyber security?

When I started at AusCERT in 2001, I had recently moved from Canada and while I was working in IT, I didn’t have the opportunity to concentrate on a dedicated information security role. My senior security analyst role at AusCERT gave me the opportunity to concentrate on security. The eight years that I spent at AusCERT really kickstarted my information and cyber security career. I have a lot to pay back to AusCERT for the opportunity that they gave me at that time and how they helped me progress in my career. AusCERT is responsible for a significant portion of where I am today.