2019 is almost over! What a year it’s been in the world of cybersecurity and to celebrate, we wanted to ask a range of cybersecurity experts what their most memorable event was for them.
We hope you like their answers!
Zoë Rose – @RoseSecOps
My cybersecurity year in review focuses around humans, how we are connected and motivated.
Humans are social beings, they crave collaboration and communication. In fact, we won’t feel the same sort of excitement celebrating our achievements ourselves vs when we have others to share it with. We also tend to assume that others have similar, welcoming motivations. Knowing this, it is easy to understand how persons become victims of an attack, malicious actors are playing off our natural reactions – and therefore our training needs to be built in the same way.
Consider it social engineeringWhat is Social Engineering? Social engineering is a manipulative tactic cybercriminals use to deceive individuals into divulging confidential information or performing actions that compromise security. Unlike technical attacks, which exploit software... for good, influencing the interest to learn on a difficult topic. David Eagleman author of The Brain, and Johann Hari author of Lost Connections, are my two favourite books of the year – because of the clarity they have provided on how the brain develops and works, along with the societal need for connection and communities.
These have helped shape the way I communicate security needs, and enhanced my ability to remove FUD from cybersecurity training.
Lidia Giuliano – @pink_tangent
2019 has been an amazing year, starting off running the very first BSides Melbourne event with some fantastic friends. We introduced a mentoring program for brand new speakers in the information security community. It went so well that I had the opportunity to help set up and lead the first ever Black Hat USA speaker coaching program. This was a massive honour and I have the privilege to run this program with other Black Hat Review Board members and Past Speakers. We had an opportunity to share our speaking experience with the 2019 BHUSA speakers and help speakers shape and prepare their talks.
I think it’s really important to take a moment and thank all those individuals who have given up their personal time to help members of our community to get to that next step. Many of us wouldn’t be where we are if it wasn’t for the advice and kindness of others.
Stuart Coulson – @SPCoulson
I think for me the most memorable event was that after 20 odd years in industry I went on my own, opened my own company and went freelance contracting.
This has really been a game changer as no longer have I had to get ‘comment’ passed by the marketing team, therefore creating a much more rapid turnaround to publish content. It has also helped me focus on credentials. So long, and I think I am not alone here, have I been a do-er and never got round to the training courses. So during some downtime over Christmas, I am looking at the CompTIA Security Plus as a starting point. The freedom has been very refreshing to stretch me and really push myself too.
I am really looking forward to a successful 2020. Merry Christmas and a Happy New year to everyone. Hope you all have a prosperous and safe 2020.
Rebecca Herold – @PrivacyProf
My most memorable event of 2019 in cybersecurity was being an expert witness in a case that was brought by a group of residents of a large, wealthy housing association against a company that purchased a property to get access to all the residents’ personal data.
Unlike the types of cases you typically hear in the news, about businesses being breached due to insufficient cybersecurity controls, or apps having vulnerabilities, etc. This case demonstrated that the general public is getting fed up with how not only social media sites and businesses are monetizing the data collected from their users, but the lengths to which organizations will go to get their hands on personal data, with the goal of monetizing it in a wide range of ways, some quite unscrupulous.
I know from the residents’ stated opinions and concerns that they are going to start taking more legal actions against those who they see as violating their trust, and who take advantage of currently lax association and membership rules to take and monetize personal data, or even commit fraud with it. During the case, I was impressed to see a clear heightened awareness of the need for cybersecurity controls as part of a larger set of actions necessary to protect privacy, and the lives of the associated individuals.
They were hungry for more information about what they can proactively do to compel organizations to implement stronger data security and privacy controls. It is great to see this increased awareness within a large group of concerned citizens. I expect to see that awareness spread and raise within the general public, with more of these types of lawsuits, in the coming year.
Elena Lightfoot
I would like to share what had the largest impact on me this year. This year I witnessed a shift of a paradigm. We used to think of humans only – now machines are part of our reality, every day. It has never been more important to identify machines that impact our lives and make sure they cause no error or any harm to any of us.
In 2019, people get it: Protecting Machine Identities is as crucial as protecting your own identity. It is so much more complex than PKI, hence the awareness of the scale of the problem that Venafi solves. This year I have seen a tremendous number of large organisations turning to us for expert advice and essentially our service. It’s life Jim but not as we know it… We still need to understand it, interact with it, secure it. And we are just starting!
Bob Covello – @BobCovello
The most memorable event in cybersecurity in 2019 was not directly related to any cyber events, such as breaches, ransomwareWhat is Ransomware?Ransomware is a type of cyberattack in which the attacker infects a computer with malicious software that encrypts the victim's data. The computer usually becomes locked, presenting a..., or other criminal activity. The announcement by Google that it had achieved Quantum Supremacy with its 54-qubit “Sycamore” processor was a significantly memorable event. When I heard about this development, I was drawn to the security implications of this achievement. As described in this blog post, the implications to the future of cybersecurity are dramatic.
On the positive side, this computing power means that password security and encryptionWhat is Encryption?Encryption converts readable data (plaintext) into a scrambled and unreadable format (ciphertext) using an algorithm and a key. The primary purpose of encryption is to ensure the confidentiality... will be improved over time. Imagine a day that ransomware will not succeed because quantum computingWhat is Quantum Computing?Quantum computing is a cutting-edge field that leverages the principles of modern physics to perform operations significantly faster than classical computers. Classical computers, including the laptops, desktops,... power will be able to decrypt the ransomed data. The mathematical possibilities are nearly infinite.
Of course, on the negative side, those advancements can also mean that criminal enterprises will also benefit by using that same technology in the commission of future crimes.
On which side of the future will you plant your flag?
Jane Frankland – @JaneFrankland
For me, it has to be the women in cybersecurity research I did from June to October. It’s groundbreaking. In fact, it’s the first time a substantial data set has been compiled on the experiences of women who attend cybersecurity conferences. I received 2,146 responses from women and had over 100 responses in 6 regions – Oceania, Africa, the Middle East, Asia, Europe and the Americas. The full report will be released next year. The other thing is I enabled 50 women to go to the Black Hat Briefings in Asia & Europe, for free, via my IN Security Scholarship program. That was pretty major.
Michael Sanchez – @itegriti
2019 is the year when organizations more broadly realized that good cybersecurity practices must extend beyond internal boundaries.
The fight against cyber-crime is an evolutionary one and leveraging the assistance of third-party vendors is practically a necessity. Stop to think just for a moment. External parties help with almost every vital aspect of security. They augment line level employees and Information Security staff. They are brought in to help strengthen a company’s security posture through risk assessments, control development and the like. They’re responsible for running the Security Operations Centers of many key industry players.
Third parties even sell us the very software, hardware and infrastructure needed to mitigate cyber risk and help protect our IT and OT assets. What’s more, the threat landscape is ever-changing. We continue to see risk and footprint expansion with the maturation of IoTWhat is the IoT?IoT, or Internet of Things, refers to the network of interconnected devices embedded with sensors, software, and other technologies, enabling them to collect and exchange data seamlessly.This... and the introduction of 5GWhat is 5G?5G, which stands for the fifth generation, represents the latest leap forward in wireless communication technology. It is the successor to 4G, which was named “Long Term Evolution”... technology.
In 2020, let’s make more of a concerted effort to educate our vendors on the help we need – whether through the narrowing of specific port ranges or aligning their tools and reporting with regulatory obligations, for instance. After all, it’s clear we’re in this cyber fight together.
Kai Roer – @kairoer
To me, 2019 is the result of many years of hard work building a cybersecurity company focused on understanding human behavior in cybersecurity. CLTRe, the company I built with my co-founders and researchers, was bought by KnowBe4, providing us global reach and the opportunity to research millions of employees around the world.
Jenny Radcliffe – @Jenny_Radcliffe
For me the stand out event was producing the first ever BSides in my home city of Liverpool. The BSides events are such a positive addition to the security industry and community bringing together vendors, industry veterans and students in an environment of learning and support. Despite all the larger events and conferences I attend and speak at it is the many BSides events that always stand out for me as a true expression of the diversity and creativity of the infosec community as well as showcasing new talent and interesting research. We spoke to teams from far afield in the lead up to our event in Liverpool, and from Bordeaux to Cairo, Kiev to London we received nothing but encouragement and support.
I look forward to attending and producing more BSides events in 2020, and seeing the community continue to grow and support each other.