30 Years 30 Stories

AUSCERT 30 Years 30 Stories – Trace Borrero

Trace Borrero works at the University of Southern Queensland and through the university’s connection to AUSCERT, Trace has developed into a well-trained and active part of the AUSCERT community. From graduate to professional, check out Trace’s AUSCERT story.

How did you first become a member of AUSCERT?

I came directly out of my degree in cyber security and landed in a role at the University of Southern Queensland. The university were already members, so I became a member.

How do you use the AUSCERT service and what benefit do you receive?

We use the Malware Information Sharing Platform (MISP) a lot, and we’ve learned to automate from there. When I graduated there was a lot of talk about the intel and IOCs that came from AUSCERT. We would be looking for them in our environment and acting on them if needed.

Whenever we’d see widespread phishing, we’d be able to send it to AUSCERT and they would handle it. To me as a graduate, it was magic. I didn’t understand what was going on, but I knew that it was taken care of. Now that I’ve learned the ropes, it’s a plus, because there is a lot of groundwork in the backend that AUSCERT handle for you.

How do you think AUSCERT has evolved over the years?

I’ve been a member for five years, so I’ve seen lots of change in the direction the industry is heading. AUSCERT is trying to remain cutting edge, which is important. Recently, automation is the new buzzword. Automation is one place that AUSCERT have adapted successfully, preparing their members to automate and thinking about what type of automation that members want.

What advice would you give to someone considering becoming an AUSCERT member?

It’s worth it – one of the best things you could do, is simply attend the conference and see what it’s all about. It’s hard to see AUSCERT’s benefit purely from the website. Meeting AUSCERT’s members, attending events, or just the conference, is a good place to start.

What do you think the future holds for AUSCERT?

I assume AUSCERT will continue to try and stay cutting edge. They will also continue to look out for their members as best they can, in whatever way that means.

What sets AUSCERT apart from other organisations in the cyber security industry?

AUSCERT are looking out for you. Obviously, they have their own interests, but their interests are their members. You don’t see that very often, specifically when you look at other vendors. Simply having someone to bounce your ideas off, and then receiving feedback from AUSCERT and its member community is fantastic. To be able to say:

“Oh, hey, I’ve seen this phishing email. Has anyone else seen it?”

“Oh, yes, we’ve seen it, and these are the other IOCs or other attributes of it.”

It’s truly a community of learning and collaboration.