Wow, what a crazy couple of days it was, Cybercon was massive. 3500 plus attendees for the two-day conference, so many people, so many conversations and so many great talks and streams that I don't know where to start. I am not sure what to write, my brain is still whirling with the events of my trip. My first visit to Melbourne and although it was a little cold compared to the normal Brisbane weather I am used to I found it to be a very pretty place with a lot of great local talent. Some of which I was lucky enough to have conversations with.
I think I will air the dirty laundry of the event and talk about the controversy that occurred just to get it out of the way because it was a sore point for many attendees I talked to especially on day two when it started to spread through the delegates like wildfire. Two presenters were dropped from the presenter's line up a little over a week before they were set to talk. The two speakers were NSA whistleblower Thomas Drake and Melbourne University academic Sulette Drefus. Both of these presenters were going to be talking about whistleblowing and I assume this was the reason they were abruptly dropped at the request of someone from the ASD or Government that was not happy about the topic of discussion.
I think it was a mistake by them, to be honest as that decision has given the topic greater publicity or attention than it probably would have gotten, if they had just let the talks happen? It's pretty obvious and I don't know why they decided to go down that path. It has left a sour taste on the conference which in all other areas was a great event with some brilliant presenters. Look I am going to tell it to you all straight, if the presentations had taken place I would not have attended, it isn't a topic that interests me but I don't feel that the topics called for such a response with the abrupt dropping of the speakers. Happy for everyone to tell me their thoughts on this but that’s what I think. The presentations had already been approved, confirmed and should have been allowed to go ahead. That’s the last I am going to say about it as I think it is just a stupid situation that should not have occurred.
During the couple days, I enjoyed the big-name talks by Brian Krebs, Kevin Mitnick and Paula Januszkiewicz. These talks were really enjoyable and I learnt a lot especially from Paula. She is a very enjoyable presenter who melted some minds in the audience with some of her demos. You could see their faces when you looked around, they had that emoji with the nuclear cloud explosion coming out of the top of their heads, jaws on the ground. She nailed it. Oh and I would be amiss to not include Bruce Schneier in that headline list, he was hilarious and informative. A great combination if you ask me and a nice break from the mind-melting, technical talks that were taking place all over the monstrous convention centre (seriously though this place was huge).
The conference wasn’t just about the big headliners who showed us how poor everyone’s security protections really are and that they only needed a few minutes to get past them. Especially Paula but I think most of us already knew that. Bypassing two factor was a little easier than I thought though under the right circumstances (I will have to practice that skill set). Some of the best talks I saw were from members of Australia's cybersecurity community with very enjoyable talks from Wayne Ronaldson about his overwatch offensive espionage tool, Brigitte Lewis and SQL injection – for her first time presenting she nailed it. Funny, informative and a little quirky. I loved it.
There are so many more talks that were amazing and I could probably list about fifty names of presenters and their presentations that I enjoyed but that wouldn't be a very enjoyable article to read. I just can't mention you all, I will just say that I felt proud to be a part of this brilliant community with how many talented people there are here in Australia. We have so much to share and it is great to see people putting themselves out there to help the community as a whole.
One final point I want to highlight from my experience at Cybercon is that I believe I got as much from the conversations I had with my peers as I did with the presentations themselves. Honestly, I have talked so much I barely have a voice left. With so many of Australia's top security talent all in one place, companies all over Australia must have been keeping all of their fingers and toes crossed that they didn't have any incidents. Seriously with the skills shortage in cyber security and so many of us at the conference, who was guarding the country most valuable assets? As we all returned to work on Thursday I am almost certain that you would have been able to almost hear a sigh of relief.
Okay so I just got a little distracted but I honestly valued all of my conversations I had with other delegates and exhibitors. It makes you realise we all want the same things, to do better at protecting our organisations and to truly make a difference in this fast-paced organised chaos we call security. Some of you have some great views and some great ideas that could make a difference in our industry but one thing I have noticed is that many of you are holding back. Don’t, what you have to say matters. Share your thoughts and let’s make a difference together.
This article is very much just an overview of my experience at Cybercon and I am going to write some more specific articles about some ideas or topics that were discussed. So keep an eye out for those. If any of you would like me to do any specific topics let me know and I will see what I can do.
Till next time…