Tuesday Full Day Tutorials


Leading Cyber Security Assurance 

Mark Carey-Smith, Positive Cyber & Alex Webling, Resilience Outcomes Australia

Tech Level: Low

Cyber security continues to become more complex and specialised. The days of the lone defender able to heroically defend their organisation from all malicious actors are long gone. 

Multidisciplinary teams that bring together diverse and complementary talents to defend their organisations in an increasingly difficult threat environment are the best cyber defence. Effective cyber security leaders need to be the ‘synthesising professional’ able to knit teams together. 

This one day workshop will allow participants to immerse themselves in tactics and strategies that they can use within their organisations whether they are: 

- A board member seeking to understand what questions to ask for cyber assurance,

- A senior executive who has been given cyber security responsibilities,

- New to the CISO/CSO role, - Reporting to or supporting security leadership, or 

- Wanting to advance in their cyber security career into a management role. 

We will cover the following:

- What is organisational cyber resilience- How much cyber security assurance is enough

- Things to cover in the first week, month and six months of becoming a new CISO

- How stakeholder analysis is a very useful tool- The importance of establishing clear risk appetite and risk tolerance

- Listening for understanding and conscious conversations

- Why diversity and inclusion are highly valuable organisational attributes

- Defining and implementing meaningful metrics- Multi-disciplinary teams, biases and barriers

AWS Security Event Simulation, Detection and Investigation

Richard Billington

Tech Level: Medium

You will learn about 4 types of unauthorised events that can occur within an AWS account:

1) Unauthorised IAM Credential Use

2) Ransom events on S3

3) Crypto miner Based Security Events

4) Server Side Request Forgery (SSRF) with Instance Metadata Service Version 1 (IMDSv1)

"Unauthorised IAM Credential Use" will simulate the unauthorised use of IAM credentials by using a script invoked within AWS CloudShell. The script will perform reconnaissance and privilege escalation activities that are typically performed during events of this nature.

You will also learn some tools and processes to find evidence of unauthorised activity. "Ransom events on S3" will use an AWS CloudFormation template to replicate an environment with multiple IAM users and five Amazon Simple Storage Service (Amazon S3) buckets. AWS CloudShell will then run a script that simulates data exfiltration and deletion events that replicate a ransom-based security event. You will also learn how to use some tools to find evidence of unauthorised S3 bucket and object deletions and access. 

"Cryptominer Based Security Events" will simulate a cryptomining security event by using a CloudFormation template to initialise three Amazon Elastic Compute Cloud (Amazon EC2) instances. These EC2 instances will mimic cryptomining activity by performing DNS requests to known cryptomining domains. You will also learn how to use some tools to find evidence of unauthorised creation of EC2 instances and communication with known cryptomining domains. 

"Server Side Request Forgery (SSRF) with Instance Metadata Service Version 1 (IMDSv1)" will simulate the unauthorised use of a web application that is hosted on an EC2 instance, configured to use IMDSv1, and vulnerable to SSRF. You will learn how web application vulnerabilities, such as SSRF, can be used to obtain credentials from an EC2 instance. You will also learn how to find evidence of the unauthorised use of EC2 instance credentials.

Thank Your Future Self: Learn to create and test an incident management framework so you don't need a DeLorean when that 'great scott' moment hits

JP Haywood, Acumenis

Tech Level: Low

During this tutorial participants will have an opportunity to look 'back' at adversary patterns to protect their organisations in the 'future' by using intelligence led principles to develop and test an Incident Management Framework. 

 You will learn about the NIST incident response process, how to write plans and playbooks, and how to test these. On the completion of the tutorial participants will have written and tested an incident response plan, and have the skills to go back to their organisation and implement an incident management framework.

Going back to the basics of API security

Kyle Jackson, Octopus Deploy

Tech Level: Medium - High

Application Programming Interfaces (APIs) play a large role in modern businesses enabling development teams to exchange data across multiple applications. The majority of businesses are either consuming APIs or building their own APIs for other businesses or internal teams to consume. 

Although the use of APIs can unlock almost futuristic functionality to businesses it is often the fundamentals of securing APIs that are overlooked which lead to not only negative outcomes for the business but often individuals who’s data is being handled/consumed by these APIs. 

In this tutorial we will take a step back and cover the key areas of API security including: 

- Types of APIs and how they function 

- Various authentication/authorisation mechanisms 

- Object authorisation 

- Preventing injection attacks (SQL/NoSQL/Command) 

- General security misconfigurations 

The tutorial will be delivered in a format where a brief introduction to the topic is delivered then attendees will be guided through the identification and implications of the relevant security issues. Following that a deeper discussion will be had about the best practices relating to that topic and time permitting implementing live changes to fix the issues identified. 

During the tutorial attendees will be: 

- Hands on interacting with various types of APIs using common tools including bash/PowerShell, Postman/Thunder Client 

- Working with AWS cloud services (RDS, DynamoDB, CloudWatch, S3 etc) 

- Modifying the APIs to change their intended behaviour 

- Inspecting the types of traffic sent and received by the APIs 

- Investigating application/network logs 

 The key takeaways for attendees will be: 

- Understanding the different types of APIs 

- Being able to identify API security issues 

- Provide recommendations on how to secure APIs against common security issues

Intermediate Cyber Security

Gary Gaskell, Infosec Services

Tech Level: Low

There is a great diversity of opinion on where and how best to protect information systems. It is common for so-called “experts” to disagree, sometimes quite fervently. To obtain a clear and consistent view of a sound security control environment, the best practice approach is to apply risk management decision making processes. Good risk management ensures that no weak links in the (security) chain are overlooked and the most important issues are made a priority. It also demonstrates to your business executives why your security program makes business sense.

 Risk management is not rocket science, but it is a significant departure from the traditional control and vulnerability based approaches to cyber security design and information security management. This tutorial provides practical information and tools to help you conduct an effective information security risk assessment and implement a risk based security plan to manage security for your organisation. 

 At this tutorial you will be provided with the skills and techniques to assess and evaluate the priority of cyber security risks. This involves translating the risks into your information into a business context for your senior management. This tutorial will assist technologists and IT managers to determine their work priorities and to enhance their credibility with senior management. The tutorial includes a workshop that develops a risk assessment for a hypothetical situation.

Design Thinking for Cybersecurity: An Approach for Human-Centred Security

Ivano Bongiovanni, University of Queensland

Tech Level: Low

In this tutorial, participants will learn how to apply Design Thinking to foster cybersecurity awareness and engagement and improve the cybersecurity culture in their organisations. Arguing that humans are the weakest link in cybersecurity may sound obvious, given the number of cyber-breaches perpetrated to organisations, due to employees' lack of skills/knowledge and negligence. However, blaming employees for not fully grasping the implications of their cyber-behaviours without equipping them with the tools and knowledge to do so is no solution.

In this tutorial, we will cover the fundamentals of Design Thinking, an approach that has been praised for its user-centeredness and effectiveness in increasing end-users' engagement with seemingly inaccessible topics, tasks, and activities. From an end-user perspective, cybersecurity is an experience, and all experiences can be designed to maximise end-users' engagement. Design Thinking is a powerful method to design experiences. 

Participants will explore the four phases of Design Thinking and learn how to apply them to run company-wide initiatives to improve employees' cyber-awareness and engagement. 

The tutorial will be divided into two parts: 

1) An interactive session that will cover the four phases of Design Thinking 

2) A design lab for participants to address organisational challenges through a design-led approach. 

At the end of the tutorial, participants will be able to: 

- identify cybersecurity needs in their organisations, based on end-users' inputs (e.g., what do employees struggle the most with, in cybersecurity?); 

- setup a project plan aimed at co-creating solutions to organisational cybersecurity challenges for employees, with employees; 

- run design-led workshops to improve the cybersecurity culture in their organisations. 

Highly interactive and focused on maximising participants' take-aways, this tutorial will teach design-led methods purposefully developed for, and not retrofitted onto, cybersecurity. 

Conducting Cyber Tabletops – A Practical Guide on How to Develop a Scenario Exercise

Ben Di Marco, WTW

Tech Level: Low

A consistent industry theme is that organisations of all shapes and sizes should conduct cyber tabletop exercises. This session will provide attendees with practice insights on how to design, scope, and deliver cyber tabletops within their organisation and maximise the benefits of these exercises.

By working through breach scenarios organisations can improve their ability to respond to a real cyber threat. Despite proven benefits few Australian organisations have the confidence to perform scenario tabletops. 

This often stems from difficulty in understanding how a cyber scenario should be developed, and how effective tabletop exercises are delivered. 

There is no one size fits all approach for workshops however common key principles exist. This tutorial will explore the steps involved in preparing for and delivering cyber tabletop exercises, and strategies to maximise the benefit of a scenario workshops. 

Some of the issues this session will explore include: 

a) Preparation that should be undertaken prior to developing a tabletop workshop such as incident response plan development, IR team identification, accountability assessments, threat identification and gaps analysis resilience; 

b) Identifying the individuals within the organisation and any third parties that should be involved in the cyber risk scenario; 

c) The factual investigations that should be performed to help develop an appropriate cyber risk scenario, including how to identify industry specific risks, incorporating legal and regulatory items, and leveraging available information on breach costs and reputational harm example; 

d) How a tabletop should be customised to the organisation’s incident response process and what critical thinking issues the scenario should raise for participants; 

e) Options for delivering the workshop scenario including event structure, formulating what information to provide to participants, developing evolving scenario elements and facilitating discussion items; and 

f) How to incorporate information and lessons learned from a tabletop to improve the organisation’s resilience and ability to respond to an event.

Security Posture Assessment Workshop

Riccardo Galbiati, Palo Alto

Ben Thomas, JAPAC

Andy Huggett, Palo Alto

Tech Level: Low

The Security Posture Assessment (SPA) protects you from cyberattacks by providing an in-depth current state analysis and expert - level recommendations for your own security environment. Join us for these session which will be led by a Palo Alto Networks zero trust architects using the powerful and highly flexible SPA consultative assessment tool. The data gathered is then autonomously turned into next steps, priority areas and future state recommendations for your cyber security teams to build a robust road map in the following areas:

  • Zero Trust Readiness
  • Business Transformation and Risk
  • Network (Edge, core, and data centre)
  • Endpoint
  • Cloud & SaaS
  • Security Operations 
  • OT/IoT

At the end of the workshop you will receive your own executive summary and capability heatmap. Please note that the SPA is designed for both business and technical individuals and across multiple security use cases and you will need to bring along your own laptop to access the SPA tools.