Takeaways, learnings, and cool finds from AISA CyberCon 2022 — Part 1
Cyber Security Professionals from all over Australia (and overseas) gathered in Melbourne for the country’s biggest security conference. The three-day event was packed with insightful talks from some of the world’s leading experts on Cyber Security. In this article, I will go through my key takeaways from the conference and everything interesting I saw there, here are the high-level highlights I will discuss in more detail in this and the following posts:
- The year of Cyber Resilience
- Impressive attendance numbers
- Multiple subject tracks in parallel
- You should focus on only what is meaningful for you, security is a big field
- Respect your data
- Insights from threat actors, industry standards, business
- Buzzwords, highlighted terms, and practices
- Mental health awareness
- Bonus: fun stuff
If you are interested in a career in Cyber Security, then this conference was definitely for you. If you missed it, don’t worry — there will be plenty of other opportunities to learn from the best in the field.
Bonus: Fun Suff
Let’s start with the most important part of any conference, the swag. I personally expected to stock up my T-shirt collection from walking around in the vendor booths, but to my disappointment, there was little swag giveaway and I ended up with only one T-shirt. Most vendors were doing lucky draws for lego sets, looks like this is the norm now, don’t know where that came from.
Other highlights on vendor stands were Fortian with a whiskey tasting, Progress with ice cream, and Hyprfire with nerf guns.
And being a security conference, where you have the brightest minds and thought leadership of the country you expect a higher standard in security practices right? Well not always, Snyk had a phone charger totem where you store your phone in a drawer and lock it up with a password. In half hour of observing that totem, I was amazed at how many people used the password ‘0000’ or ‘1111’ to protect their belongings, so even in the most popular security conference, awareness is still a hot topic. :D
And the best one for me being an Apple fan was meeting Steve Wozniak in person and listening to his awesome keynote covering a bit of everything from the birth of the personal computer all the way to privacy and security in the present day. I posted my photo with him and a bit of my history on LinkedIn if anyone is interested.
The year of Cyber Resilience
One of the big takeaways from this year’s conference was the focus on cyber resilience. This is the ability of an organisation to withstand and recover from a cyber attack. In other words, it is not enough to just have security measures in place to prevent an attack, you also need to have a plan for what to do when an attack does happen.
There were several talks on this topic and the general sentiment is that you should not implement security measures thinking you will never be compromised. Security controls will definitely reduce the likelihood of an incident, as described in one of the talks, threat actors often go for the easiest targets, so don’t be an easy target. But worth assuming a compromise and planning your strategy and incident management accordingly.
The open keynote covered the importance of cyber resilience in today’s climate, where cyber attacks are becoming more sophisticated and more common. Parallel talks across the 3 days also outlined some steps that organisations can take to improve their cyber resilience, such as conducting regular exercises to test their capabilities.
Attendance numbers
This year’s conference had impressive attendance numbers, with over 4000 people registered. Really good to see after 2 years of lockdowns and online-only events, and is a testament to the growing importance of cyber security in today’s world.
The conference is a great place to meet our peers, make new connections, get to know vendors, and so on. What impressed me the most was the number of students and new starters in the industry. I was able to chat with many students and young professionals who are just starting out in their cybersecurity careers, and it was really inspiring to see so much interest and excitement about the field.
Multiple tracks in parallel
This year’s conference had multiple tracks running in parallel, 26 rooms to be precise, which meant there was something for everyone. There were tracks on technical topics, management and strategy, career development, privacy, and so on. This meant that you could focus on the topics that were most relevant to you and your role.
Looping back to the previous point, glad to see many students and happy to see entry-level trails intended for this audience from technical subjects to career tips and workshops. Also, another good thing to see was how many educational institutions had a stand in the event, from vocational courses to universities and industry leaders such as Offensive Security, SANS Institute, and ISC2.
You should focus on only what is meaningful for you, security is a big field
Another one of the key takeaways from the conference is that cybersecurity is a very broad field. There are many different specialisations within cybersecurity, and it can be overwhelming trying to learn everything or cover absolutely everything, that’s simply not possible. It is important to focus on the areas that are most relevant to you personally and to your industry.
There were dedicated sessions to go through industry standards and how to implement what is applicable to your scenario rather than blindly trying to apply it entirely by the book. Other sessions talked about specific threat actors in Australia and specific industries so you can prepare and implement controls according to the patterns you see in your field.
All in all, it was a great conference and I am already looking forward to next year’s event. I would encourage anyone who is interested in cyber security to attend, whether you are just starting out or have been in the industry for many years. There is something for everyone at the conference, and you are sure to come away with new knowledge and connections.
I will be back with part 2 covering the points I could not cover here, better keep the post concise and short.
