At Axenic we take staff development seriously – which is why the whole team attended the annual Kawaiicon infosec conference held on October 17th & 18th in Wellington. In case you couldn’t make it, we got together afterwards and have summarised our top 6 highlights from what was yet another superb information security event.
1 – A Security Tale
Fobski detailed a timeline event of a security incident he was involved in. We felt it was very brave for the guy to put himself out there. What was particularly interesting was seeing the difficulties associated with having support teams in multiple geographical locations. The issues the gentleman raised illustrated how this model can be problematic and the effect on those dealing with incidents was evident.
2 – Securing people that you don’t look like ….Yet
We appreciated the view and philosophy that people who are older, have lived longer, have a different view on information security and use technology in different ways. Senior citizens do not want to change how they use technology, and in reality, should not. Service providers must ensure their security and the information security community can come together to ensure their secure use of everything currently making lives a little easier.
3 – The mechanics of being good to each other
Courtney Eckhardt had a great talk on incident management response using an example of the Seattle floating bridge. It was an excellent presentation on how important using blameless language can be in setting the tone during post-mortem discussions. The intricacies of blameless language (such as removing accusatory pronouns) and appropriate comments can be so simple and yet can be so easily overlooked.
4 – Liar, liar: a first-timer “red teaming” under unusual restrictions
Mike Loss is a skilled storyteller and presenter, the presentation itself had excellent visuals and humour and an insight into how your customers don’t always know what they want! The team found it thoroughly entertaining while still conveying the severity of events that unfolded.
5 – Internet Voting – From a bad idea to poor execution
It was good to hear the practical experience from Australia and rationale as to why online voting might not be a great idea for New Zealand. Chris Culnane was very clear and detailed all mechanisms of internet voting as well as detailing the pros and cons of internet voting. In particular, the issues around ensuring verifiability were very interesting.
6 – Seeing the Invisible: Finding Fingerprints on Encrypted Traffic
Adel gave a very interesting talk on techniques to fingerprint encrypted traffic. The combination of protocol fingerprinting and visual pattern analysis to identify anomalies was intriguing.
Bring on 2020!
Once again the Kawaiicon Crue put on a fantastically thought-provoking conference with presentations from some of the best infosec experts around. We love that they constantly challenge us all to rethink and reframe what we already know, and the Axenic team can’t wait to see what they bring in 2020.
And finally, if you have any questions or need assistance with your information security and privacy governance, risk and assurance or just want to chew the fat on Kawaiicon – feel free to get in touch at any time.