CyberRisk and Knowbe4 host an executive event joining them on the day is Kevin Mitnick, Cyber Security Café host Beverley moderates the session and asks the questions. Kevin’s childhood and fascination with magic and pranking history “McDonald’s prank”.
We discuss the latest findings in penetration testing and any commonalities, also what advice Kevin is offering executives and the workforce on phishing, social engineering and paying ransomware.
A few surprises near the end of the podcast.A special thanks to Kevin Mitnick for his generosity for our industry.
Thanks to our sponsor Cyber-Risk and KnowBe4

www.cyber-risk.com.au

www.knowbe4.com

 

Podcast produced by Martin Franklin / East Coast Studio

See omnystudio.com/listener for privacy information.

“Disruption”. Join Craig Templeton and Beverley Roche for a wrap up and summary of the 2020 SIT summit event and what is changing and working in the Cyber security culture programs.
We talk about the practitioners that contribute to making this event happen, the presenters, panel discussions and the key issues.
Want to know more about the SIT Empowers group? LinkedIn – Security, Influence and Trust Or check out the SITEMPOWERS website and download the SIT Guidebook and use the free resources.https://sitempowers.com/

See omnystudio.com/listener for privacy information.

THE INTRO ​

• Louisa is in the USA this week and Beverley is trying out her US accent
• One of the reasons for doing the podcast was to showcase the fantastic talent in the cybersecurity industry
• Cybersecurity can be a stressful profession and recent research Louisa has found confirms that the top 4 reasons for stress are about interfacing with the business (link in research section below)
• Beverley agrees that one of the reasons you are not suited to cybersecurity (according to some research she had find on a previous episode was related to finding explaining an incident to executives too stressful (link in research section below)
• Someone who is clearly very suited to a career in cybersecurity is Mandy Turner.
• Since recording the chat with Mandy she was also awarded
• Australian Information Security Association (AISA) Professional of the year (2019) as well as a fellowship of AISA​
• Louisa and Beverley agree that is so great to see volunteers recognised in our industry

​​​THE CHAT​​*CONTENT WARNING*: This chat briefly makes mention of domestic violence. If this word is a trigger for you we would advise listener discretion. If you need to skip past the section you can fast forward the minute markers from minute 19:55 to 21:00
If you have been affected by this content in any way, please visit lifeline.org.au who have resources on their website for support around domestic and family violence as well as a 24/7 crisis helpline. ​Mandy Turner is a shining light in the Cybersecurity industry - she is positive, collaborative and supports the industry thorough extensive volunteer work. Mandy has recently been recognised for her work winning multiple awards this year. She knows our industry well and what we need to change - you can read her full bio via the following link Mandy Turner BIO​For the full Transcript of the chat visit this linkprovided for free by Otter.ai (unedited)​THE DEBRIEF​

• Beverley is amazed by the volunteer work that Mandy does and the contribution she has made (and continues to make) to our profession
• Louisa agrees and re-iterates how great it is to see her recognised
• Beverley is curious about Mandy's book plans and cautions that whilst we need not glamourise cybercrime as it is just crime, we know it is still much harder to catch (cyber) criminals
• Louisa shares that a future podcast will cover the way in which tech enables cybercrime
• Louisa reminds listeners that their feedback is valued and that we welcome guest suggestions!

​How to follow Mandy​Initiatives: The mentoring initiative website (such as it is,) is here https://cybercenturymentoring.weebly.com/
Twitter: https://twitter.com/empressbat
LinkedIn: www.linkedin.com/in/amandajane1​CREDITS​Guest: Mandy TurnerHosts: Beverley Roche and Louisa Vogelenzang https://www.cybersecuritycafe.com.au/co-hostsProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)​
RESEARCH
Research on causes of stress in cyber https://www.google.com.au/amp/s/www.techrepublic.com/google-amp/article/cybersecurity-burnout-10-most-stressful-parts-of-the-job/
Reasons you are not suited to a cyber careerhttps://www.google.com.au/amp/s/www.techrepublic.com/google-amp/article/10-signs-you-arent-cut-out-to-be-a-cybersecurity-specialist/​Dr. Jessica Barker research on origins of cyber https://www.peerlyst.com/posts/cyber-by-any-other-name-would-smell-as-insecure-the-language-of-security-at-bsides-london-2016-jessica-barker
​CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

THE INTRO

• Data is everywhere including in Louisa's living room in many different forms (thanks to Star Trek!)
• We know data is being created in large volumes and we know it can be used in a negative way but how do we know we have the right systems in place now and in the future to effectively govern it
• Beverley says there is a lot of debate about these topics and confirms that our guest today will be able to help bring some of these issues together
• Daniella Traino who is very close to the innovation space - she is the cyber track leader at Spark festival and a volunteer Start up Editor on Cyber and AI at https://www.ideaspies.com/

​​​THE CHAT​​Daniella Traino leads a niche technology advisory with a focus on strategic cyber security services (interim CISO for high-tech & mid sized enterprises) and high-tech commercialisation. She is a non-executive director and strategic advisor to IoTSec Australia (a not-for-profit organisation influencing IoT cyber security innovation), a member of the Research Advisory Committee for the Internet Commerce Security Laboratory (ICSL) – a cyber security research unit of Federation University Australia, Startup Editor (AI, Cyber Security) for IdeaSpies (platform sharing innovation to inspire action across the Australian ecosystem), Cyber Track Leader for Spark Festival. She was recently nominated as 2019 Security Champion, by the AWSN & CSO IDG Women in Security Awards.
Full Bio for Daniella herehttps://www.cybersecuritycafe.com.au/daniella-traino-bio:
Transcript of the full chat on our website: ​ https://www.cybersecuritycafe.com.au/transcript-daniella-traino-chat transcript provided by Otter.ai (unedited)​THE DEBRIEF​

• Louisa needs the mind-blown emoji after listening to the chat
• Louisa was interested by the idea Daniella shared about changing the economic value of collecting data and shares an example of where she was asked to share data she didn't need to
• Beverley has a technique she uses to protect her privacy when shopping - she doesn't have loyalty cards at all!
• Louisa mentions the positive of AI in Cybersecurity and shared some research finding from Cap Gemini and also shares some insights around how Cybercriminals are using AI
• Beverley wonders what we need to consider from a product development perspective and Louisa offers some insights
• Beverley wonders if we should sign up to an ethics agreement as a cyber security profession
• Louisa thinks that's one for a whole other podcast!

​How to follow Daniella:​Twitter: Daniella_t05Website: https://www.pineconestrategies.tech/​CREDITS​Guest: Daniella TrainoHosts: Beverley Roche and Louisa Vogelenzang https://www.cybersecuritycafe.com.au/co-hostsProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)​
RESEARCH ​https://www.capgemini.com/research/reinventing-cybersecurity-with-artificial-intelligence/https://labsblog.f-secure.com/2019/07/11/malicious-use-of-ai/https://www.raconteur.net/technology/ai-cybersecurityhttps://www.computerworld.com.au/article/632444/6-ways-hackers-will-use-machine-learning-launch-attacks/https://www.techopedia.com/are-hackers-using-ai-for-malicious-intentions/2/33647​​CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

THE INTRO

• Louisa has a cartoon to describe that she saw on the Cyber Security Hub via LinkedIn (link to original cartoon in the research links below)
• Beverley thinks it's timely, and a perfect lead in for our guest today.
• Beverley has a quote from Warren Buffett, and everybody's got a load of respect for Warren Buffett. He says we are on in uncharted territory by not having the right cyber security skill sets in every boardroom. companies and their boards have set themselves up for failure, it's almost guaranteed, it's going to get worse before it gets better.
• Louisa wonders if we get our time in the boardroom, how do we possibly convey the right information that the board needs in that just that few minutes that we get if we get it? And how do we make sure that we understand what they're thinking and what they need from us.
• Beverley thinks we've made a lot of assumptions about what boards want to talk about and what they're interested in. The reality is, we like to think, because we see cyber risk as so important we'd love to think that we're one or number two, and here was an article last year that said we're in the top five subjects. she is not sure if that's true and is hoping that our guest today is going to shed some light.
• Louisa Is so confident he'll be able to do that - Jason Wilk, will be joining us and he has got one foot in the boardroom and one foot in cyber security. So she can't think of anybody better qualified to come and talk to to us about what boards need from us, and how we can better engage with them on on cyber security.

​​​THE CHAT​
The unedited transcript of the chat with Jason Wilk courtesy of otter.ai can be found via our website: https://www.cybersecuritycafe.com.au/transcript-jason-wilk-chat
​THE DEBRIEF

• Beverley unpacks whether we can apply occupational health and safety to cybersecurity awareness programs and shares some insights on when she had tried this
• Beverley acknowledges there is a lot to learn from occupational health and safety and that it is great place for us to take some learnings
• Louisa was struck by Jason's advice that we should be careful not to talk about a 'cyber culture' with boards but that it doesn't mean this term and the work relating to it is not valuable outside of the board room
• Beverley notes we should ensure we align our cyber behaviours to an organisations culture overall

How to follow Jason:
LinkedIn page: https://www.linkedin.com/in/jasonwilk-au/Website: https://www.bluezoo.com.au/​CREDITS
Guest: Jason WilkHosts: Beverley Roche and Louisa Vogelenzang https://www.cybersecuritycafe.com.au/co-hostsProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)​
RESEARCH ​Roger Schillerstrom cartoon original article link (cartoon reposted by The Cybersecurity Hub on LinkedIn): https://www.pionline.com/article/20170123/PRINT/301239998/get-real-on-cybersecurity​AICD Cyber for Directors Course: https://aicd.companydirectors.com.au/education/courses-for-the-director/short-courses/cyber-for-directors
Security in Depth ‘State of Cyber’ 2019 research on only 2/3 of Australian businesses having a cybersecurity professional on staff https://securityindepth.com.au/stateofcyber​
CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

THE INTRO ​​Beverley gets payback this episode by getting to interview Ken Gamble – although she does have a background in eCrime so Louisa is happy to let her have this one!
Ken is co-founder and Executive Chairman at IFW Global who provide the expertise & global reach to investigate serious fraud, combat cybercrime and recover assets https://www.ifwglobal.com/about/our-team/​​THE CHAT​​Full show notes from the chat are available on our website show notes page for this episode: https://www.cybersecuritycafe.com.au/shownotes-ken-gamble
FOLLOW KEN
IFW Global LinkedIn page: https://www.linkedin.com/company/ifw-globalIFW Podcast ‘Scammers Caught in action’ where you can listen to the boiler room con artists in action and learn how to avoid falling victim. https://soundcloud.com/ifwglobal/scammers-caught-in-actionIFW Global website: https://www.ifwglobal.comTwitter: @ifwglobal
CREDITS
Guest: Ken Gamble https://www.ifwglobal.com/about/our-team/Hosts: Beverley Roche and Louisa Vogelenzang https://www.cybersecuritycafe.com.au/co-hostsProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)
RESEARCH
Aljazeera documentary featuring Ken Gable ‘Swindle Kings of Manila’https://www.aljazeera.com/programmes/101east/2018/09/swindle-kings-manila-180913064446101.html
Link to the 60 minutes documentary ‘How IFW Global led 60 Minutes to one of the biggest boiler room busts ever seen’https://blog.ifwglobal.com/blog/60-minutes-ifw-global-take-down-boiler-room-operation
Outstanding Consumer Affairs Reporting (sponsor Godfrey Wines) Liam Bartlett, Joel Tozer (60 Minutes, Nine)http://kennedyawards.com.au/
Australian Competition and Consumer Report 2018 https://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-report-of-the-accc-on-scam-activity-2018

CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

THE INTRO

• It's a brief intro today because we want to get straight to our guest from our favourite security podcast - Smashing Security's Graham Cluley. Beverley is very much regretting giving the interview to Louisa 'the Brit interviewing the Brit' because Graham couldn't tell that Louisa was British anyway!

​​THE CHAT

• Graham Cluley is co-host of the award-winning Smashing Security podcast (winner of cybersecurity podcast of the year 2018 and 2019) as well as being a public speaker, award winning blogger and independent computer security analyst
• More background on Graham here https://www.grahamcluley.com/about-this-site/
• We get to know Graham a little by chatting about how he landed in Cybersecurity by writing computer games when he was a student and how a package that arrived at his house changed his life
• How anti-virus was back when Graham started at Dr Solomon’s and how it looks today
• What Graham is doing today and why he loves podcasting so much
• Why using humour helps to engage people with security messaging and why Graham feels it’s important to try and be accessible to everyone by using language that people can understand
• Why it’s hard to stay up to date with security
• What threats we should be focused on right now noting that some of those aren’t going to be very sexy
• Graham’s view on the biggest threat right now which is Phishing and why that continues to be a big problem
• How business email compromise has changed and why it is still a risk for businesses today
• What can be done about BEC across both process and technology perspective (including email tags, domain name verification, DMARC and what this does)
• Why technology alone doesn’t effectively stop most of the InfoSec problems
• What everyone is talking about in Europe (apart from Brexit) including GDPR and whether this is having an impact on executives’ attitudes to security and whether fines need to increase
• Whether being a ‘secure’ company will be a differentiator
• Why people get so excited about IoT
• Whether people actually change suppliers after a data breach or a privacy scandal
• Whether the Great Hack will change anything in terms of people’s attitudes
• How the most popular episode of Smashing Security was about quitting Facebook and why people stay
• We get some great advice from Graham on how he manages passwords and what should we be telling others about how they should manage their passwords. We also discuss password managers and how they can help us to help our families and friends too.
• Graham’s view on the future and why he is wary of predicting it
• The role of the cybersecurity community in the future

​​How to follow Graham:Podcast: ‘Smashing Security’ with Graham Cluley and Carole Theriaulthttps://www.smashingsecurity.comTwitter: @gcluleyBlog: https://www.grahamcluley.com​​THE DEBRIEF​Our key take aways from the chat with Graham including

• How engaging, fun and relatable Graham's communication style is
• Beverley loved Graham's 'Open Source Intelligence' and 'IOT Toothbrush' comments and we get to hear her awesome British accent impression ;-)
• Why Louisa didn't want to admit to Graham that she had a Google home
• How much is enough to create a wake up call for shareholders around data breaches
• Quitting Facebook and how hard it is to give up - Beverley has finally given up hers and what the other alternative methods are
• Whether people actually take action following privacy scandals and what more we can do about that including vote with your keyboard not your feet (that would be #sneakernet)
• Why we are so grateful to Graham and why you should listen to Smashing Security

CREDITSGraham CluleyGuest:Beverley Roche and Louisa VogelenzangHosts:: Louisa VogelenzangProducer/EditorDarcy Milne (Propodcastproduction.com)Sound Producer:
RESEARCH

• Business Email Compromise Losses: https://businessinsights.bitdefender.com/fraudsters-steal-million-business-email-compromise
• Accenture research about businesses differentiating based on trust referenced by Louisa:

"As people become more anxious about their data security and privacy, we'll start to see.....organisations differentiate based on trust more than on price or on pure technical capabilities"Note: This quote came from Accenture's Johnathan Restarick commenting on the Australian results from some 2019 Accenture research - 'Putting the Human First in the Future Home' and cited in the Australian Financial Review (subscription only – accessed Thursday 11th July 2019)

• The Great Hack Netflix documentary https://www.netflix.com/au/title/80117542

​​CONTACT THE CYBERSECURITY CAFÉJoin our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-caféEmail us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.auVisit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.​

See omnystudio.com/listener for privacy information.

THE INTRO
- We are excited to hear that Apple has increased their bug bounty for security researchers to $1M- We also look at the role research plays in our industry includingo The start of our industry in 1971o Who is doing research today- It’s great that we have an academic on the show today to talk to us about their research and how the cyber security community can get more engaged with academia
THE CHAT
is a qualitative researcher who uses creative engagement methods to explore everyday practices of information production, protection, circulation, curation and consumption within and between communities. She took up a full-time academic post in 2008 and prior to joining Royal Holloway University of London she worked for 18 years as an information security practitioner. Lizzie’s focus is the intersection between perceptions and narratives of individual and community security and technological security. Her research specialises in public and community service design and consumption. Lizzie is currently an EPSRC research fellow with a research programme in everyday security and digital service design.Professor Lizzie Coles Kemp
We talk about- How Lizzie landed in Information Security in 1990 because she spoke Swedish and why she enjoys security- Why cybersecurity professionals are diverse and why it is important- How design thinking tools can be use in cybersecurity including storytelling, using different mediums - story boarding, lego, and forms of physical modelling to represent security to think through all the things that contribute to a secure interaction etc- The importance of bringing together different thinking and ways of solving the problem- Why we need to ask the question from different angles and ask the fundamental questions – why does it work (as well as what doesn’t work)- How do we actually use design thinking? Lizzie walks through an example on where engagement on security awareness training is low and how you could use design thinking to understand the everyday of those not engaging with the training. It allows us to take a step back.- An overview of the ‘You Shape Security’ program Lizzie had worked on with the NCSC- The need to work with and not work against and understand the benefit as well as the benefit gaps you need to resolve of a security measure (technology, policy, service).- How you can scale capacity of these kind of engagements as they are low fidelity- Why this sort of thinking is a great bridge to other parts of the organisationo Research has show security practitioners spend a lot of time interacting and communicating but the framing/language is alien to those outside of securityo Design tools are a useful bridge into the other world as they don’t use specialist language and why HR, Product Designers, CEOs, the board like these engagements as they help them to understand what is going on, on the front lineso They help to highlight the creativity and the positive (as well as the negative and the blockages). Security can be both negative AND positive- Lizzie touches briefly on her work in Sweden on the digitisation programs – how digitisation changes how decisions are made, where the processes happen and frees up spaces, so that we can have other interactions (there) so that we can start to work with people to understand better their information flows and the benefits they get.- Lizzie works us through how we can better engage with academia – to imagine different futures through design café, sprints and workshops in spaces that help us to build a more creative toolkit to think about different types of security challenges and the only way we can do this is by working together.o Lizzie would love to work together more not in solution mode but in imagining different futureso Lizzie talks about the great example of the security practice conference and how the teams from different areas came up with different ideas on how to go forward. These are the sort of activities that will spark new and interesting academia and security practice collaborations- Lizzie will be in Australia in September for 3 weeks and loves our open nature and willingness to embrace new ideas- Why Lizzie thinks Australia has such a fantastic capability around civil resilience around bush fires, food security and environmental and how Lizzie thinks Australia could lead the world in resilience thinking
THE DEBRIEF
- Our key takeaways from the chat includingo The potential of Australia when it comes to cyber resilienceo The need to identify (and work on) those benefit gaps when it comes to people’s view on a security control, policy or serviceo The way we can use design thinking to help us solve problems in cyber security

How to follow Lizzie:Email: Lizzie.Coles-Kemp@rhul.ac.uk
CREDITS
Guest: Professor Lizzie Coles KempHosts: Beverley Roche and Louisa VogelenzangProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)
RESEARCH
Where cybersecurity began – with a research project! https://www.cybersecurity-insiders.com/a-brief-history-of-cybersecurity/
The cybersecurity Cooporative research centre in Australia https://www.cybersecuritycrc.org.au
10 signs that you aren’t suited to a career in cyber security https://www.techrepublic.com/article/10-signs-you-arent-cut-out-to-be-a-cybersecurity-specialist/
NCSC ‘origins’ research into cybersecurity background that Lizzie mentioned https://www.ncsc.gov.uk/blog-post/origin-stories
Professor Lizzie Coles Kemp’s YouTube on ‘Digital security for all’ https://www.youtube.com/watch?v=tL-K0yM4PLA
NCSC ‘You Shape Security’ booklets that Lizzie mentioned https://www.ncsc.gov.uk/collection/you-shape-security
Digitizing Sweden (also mentioned by Lizzie:https://www.mckinsey.com/featured-insights/europe/digitizing-sweden-opportunities-and-priorities-in-five-ecosystems


CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:
louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

The Intro
Beverley won’t let Louisa move into the spare room, even if it is her birthday!Beverley talks about how we all want to help small business with their cybersecurity but are we doing the right things that are right for that marketLouisa has been researching (again) looking at the confusing landscape of advice for small businesses on cyber securityWhy Adam is the perfect guest to help us better understand the market, the problem and what small business needs from security
The Chat
Adam Selwood is Director, Co-founder and CTO at Cynch Security and we are so pleased to have a local Melbourne cybersecurity entrepreneur in the café with us!
We talk aboutWhere Adam started his career, how he moved into cybersecurity and why he loves itWhy he and Suzie first discovered the pain that small business experiences around data breaches and the passion he and Suzie found for trying to finding solutions to help themWhat is a small business and how to define that areaThe challenges with getting data around the impacts for small businessWhat are the attitudes towards cybersecurity within small businesses and whether they are optimistic about their securityWhether it’s a realistic figure that 60% of small business go out of business after a cyber attackWhat are the characteristics on a small business and the challenges they haveWhat small business needs from cybersecurity solutions and what they have invested in so farHow the cybersecurity industry can confuse small business with our languageWhy small businesses are not keeping up to date with cybersecurity threats and solutions to address thoseWhat the biggest risk for small business is when it comes to cybersecurityThe relationship between small business and large corporates when it comes to supply chain riskThe changing landscape for small business around regulation and how this will impact themWhat the future holds for small business security includingincreased data breach regulation (and disclosure)customers driving increased security from small businessDigital natives changing the expectations of small businessIncreasing attacks affecting small businessWhy there is no bigger problem in cybersecurity than small business security and why Adams is optimistic on the solutions coming for small businessWhy cybersecurity is part of a long list of challenges for small businessAdam’s fantastic advice for would be entrepreneurs in cybersecurity
The debriefOur key takeaways from the chat includingConfirmation email is the biggest threat for small businessThe amazing amount of passion and due diligence done by Adam and Suzie on the problems that small businesses experienceWhy we should support Cynch and why small business is important for the Australian economyThe misquoted fact about the number of small businesses that go out of business after a cyber attackWhere to find facts that you can use about small business cybersecurity
How to follow Adam:Visit: https://cynch.com.au/LinkedIn: https://www.linkedin.com/in/adamselwoodTwitter @adamselwood
CREDITS
Guest: Adam SelwoodHosts: Beverley Roche and Louisa VogelenzangProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)
RESEARCH
The in-question fact about 60% of small businesses going out of business after a cyber attack
https://staysafeonline.org/press-release/national-cyber-security-alliance-statement-regarding-incorrect-small-business-statistic/
https://www.bankinfosecurity.com/blogs/60-hacked-small-businesses-fail-how-reliable-that-stat-p-2464
Security Boulevard facts you can use on small medium business security (with some facts around small business only)
https://www.securityboulevard.com/2019/06/15-small-business-cyber-security-statistics-that-you-need-to-know/amp/

CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:
louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

The Intro

• Louisa has been inspired by the Geiger Counter she saw on the Chernobyl series and is spruiking her idea of a FUDometer (for detecting Fear, Uncertainty and Doubt) for cybersecurity and how they could be helpful at conferences and for holding over brochure ware
• Why Fear is annoying and not effective – something highlighted by studies and industry thought leaders (links to mentioned research below)
• Why Dr Jess is the perfect guest to talk to us about the psychology of fear

The Chat
Dr Jessica Barker has a PhD is one of the top 20 most influential women in cyber security in the UK and we are thrilled to have her in the café with us!https://www.cygenta.co.uk/jess-bio
We talk about;

• How Jess came from a PHD in Civic Design into Cyber Security and her insights from googling cyber security and what happened when she joined the profession
• The psychology of fear and what it has to do with cyber security
• Why there is fear in cybersecurity – we are talking about something scary after all
• But there is an issue with how people respond to a fear-based message – an area Jess has researched in detail
• The messaging of what’s in it for me and why that is importance
• Why it’s important to ensure security doesn’t impact on productivity or become a blocker
• How and why use security champions and ambassadors – to spread the message AND to take feedback
• What the key indicators of mature cyber security cultures are
• How the way Phishing simulations are run can be an indicator of maturity
• How to measure cyber security culture
• The importance of giving people a chance to talk about how security is working and where it isn’t
• How to shape your awareness messaging based on the culture you want
• The importance of bringing culture and policy closer together
• How culture is different company to company and the importance of understanding the business
• We discuss the Research (link below under RESEARCH) that Dr Jess undertook with Palo Alto and YouGov which includes
• How people feel about how well they are protecting their data online
• Optimism bias
• The demographics in terms of who was more confident
• How we must consider the level of confidence when communicating
• We discuss whether the optimism aligns with how much is lost to Cybercrime and scams
• Why we need to do more to protect the broader society and personal security issues – there is a gap from the corporate level to the awareness for the general population and why googling doesn’t help
• The need to show people the HOW attacks can happen to demystify
• The need to ensure people engage in the danger and not the fear – they must be empowered

How to follow Jess:Visit: https://www.Cygenta.co.ukTwitter @Drjessicabarker
CREDITS
Guest: Dr Jessica Barker https://www.cygenta.co.uk/jess-bioHosts: Beverley Roche and Louisa VogelenzangProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)
RESEARCH
The Global Cybersecurity capacity centre 2014 working paper on awareness campaigns:https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/Awareness CampaignsDraftWorkingPaper.pdf
David Spark’s Article on why CISOs find selling using fear annoying:https://www.forbes.com/sites/davidspark/2018/03/06/9-reasons-why-selling-fear-does-not-work-on-a-ciso-cisosecurity-vendor-relationship/#55f291a12a1d
Louisa’s article on appropriate use of fear and what we can learn from the health industry:https://www.fudfreecyber.org/post/appropriate-use-of-fear-5-lessons-the-cyber-security-industry-can-learn-from-the-health-industry
Trust in the digital age research from Palo Alto, YouGov and Dr Jessica Barker:https://blog.cygenta.co.uk/trust_survey/

CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:
louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

All show photos and links can be found at https://www.cybersecuritycafe.com.au/episodesfollow us on Twitter @cyberseccafe
The introIs identity dead? Beverley talks about an article she read recently from Steve Wilson - what we are doing online not who we are will become more interesting to the Facebooks of the world. Read the article here:https://www.constellationr.com/blog-news/identity-deadEither way we really want to hear what our guest has to say about how cyber criminals are using our identity and how their crimes are impacting consumers
The chat - Professor David LaceyProfessor David Lacey is Managing Director and Board Member of IDCARE, Australia and New Zealand’s national identity and cyber support service. They are a not-for-profit Australian charity that was formed to address a critical support gap for individuals confronting identity and cyber security concerns. This gap requires specialist Identity & Cyber Security Counsellors and Analysts that apply a human-centred approach to identity and cyber security. This means they place at the centre of everything they do the concerns and needs of the individual, not the technology or process.Dave also chairs the Cyber Security Department at the University of the Sunshine Coast and is also Director for Cyber investigations and Forensics there.He teaches, carries out research and leads programs of national importance so we are very excited to have Dave on the show!Read his full bio here https://www.idcare.org/team-members/professor-david-lacey
We chat to Dave about:

• Who IDCARE are and why they exist
• The common reasons people call IDCARE for help, who are they and where are they from
• How consumers feel when their info is involved in a data breach
• What IDCARE see when it comes the emotional impact on people of cyber and identity crime
• Why intelligence has nothing to do with people falling for scams
• How well the security community is doing when it comes to our response to data breaches & how consumers really want us to respond
• Whether the breach notification law in Australia has helped moved the needle for everyday Australians and if not, what more can be done
• Whether Data breach notification fatigue is real
• Why the time, effort, frustration, bureaucracy and heavy lifting through the system harms the consumer and the opportunity for solving this
• How Australia compares globally when it comes to cyber crime
• What are the high risk and low risk pieces of personal info from what Dave sees the criminals can do with
• How ID care see there is a knowledge gap from both consumers and incident responders around what high risk and low risk items are
• Why it is so hard to understand the risk when communicating on data breaches
• Whether we (as an industry) make enough of the link between telephone and the misuse of information online
• If data is the new oil, who are the refineries?
• What does the future hold? Will IDCARE continue to need to grow?

How to follow IDCARE:FaceBook https://www.facebook.com/IDCARE-553864471323871/Twitter https://twitter.com/iDcareAUNZLinkedIn https://www.linkedin.com/company/idcareaus/

The debriefWe reflect on some of the most poignant lessons from Dave’s chat;

• The breadcrumbs of our credentials, telephone scams and the fact that there is no link between intelligence and consumers falling for scams – a reminder that users are not stupid and if people are giving out passwords on the street, maybe we have failed? either way passwords are a big challenge for consumers and for our industry.
• We discuss how we still have a long way to go to help people with the what's in it for them but we feel optimistic that we have people like Blair Adamson, guest from our first podcast to help lead the way!

And that's a wrap for episode 2 - thanks for listening!

See omnystudio.com/listener for privacy information.

All show photos and links can be found at https://www.cybersecuritycafe.com.au/Follow us on Twitter @cyberseccafe
The Intro:
It’s our first show and in the first 5 mins we will share a little intro to ourselves and what we want you to get out of the podcast.
The Blair Adamson interview:
Our very first guest interview is Blair Adamson, Cyber Influence Lead at Australian Telco, Telstra. Blair truly understands how to influence human behaviour in cyber security and how to utilise his diverse background, and a diverse team, to achieve these outcomes. He generously shares his insights on how he does this and how to move away from a compliance based approach to security awareness to truly influencing long term behavioural change.
The Resources as mentioned by Blair:
Stay Smart Online https://www.staysmartonline.gov.au/
Security Influence and Trust Group https://sitempowers.com/
Blair’s article on medium how to patch a human https://medium.com/@Reluctant_Us3r/how-to-patch-a-human-20a56f73326f
The best way to contact Blair:
blair.adamson@team.telstra.comTwitter: https://twitter.com/Reluctant_Us3r
The debrief:
We unpack the pearls of wisdom from Blair’s session and wrap up the show!

See omnystudio.com/listener for privacy information.

The trauma, emotional and financial devastation, shame, and victim-blaming are all explored in this forthright conversation with relationship scam survivor, Jan Marshall.
Understanding that scammers are trained professionals, not just opportunistic players is vital to protect the vulnerable and idealistic in a world where everything and everyone is open for exploiting.
How can an intelligent person be so thoroughly scammed?
Cyber Security Cafe host, Beverley Roche chats to Jan Marshall about her story and the devastating trauma of a relationship scam.Emotions still resonate powerfully as Jan shares her very personal experience of being a victim of a relationship scam and details of her new emotional support service, Life After Scams for victims of similar cyber crimes.
If you think it is too good to be true, it probably is. If you are being asked for money and personal details shortly after meeting someone online, ask yourself #isthisforreal?If you think you are experiencing a relationship scam, here are some helpful sites to assist you:
Jan Marshall – www.lifeafterscams.orgReport to Scamwatch – www.scamwatch.gov.auIDCare – www.IDCare.org

See omnystudio.com/listener for privacy information.

Security 101 tips for reviewing Office 365 infrastructure, details of a Spear phishing attack that owned an organisations infrastructure and important tips about keeping an eye on your logs and monitoring.
During COVID19, data is moving about everywhere, with organisations rushing to move people to work from home and playing security catchup.
Beverley Roche chats to Christopher McNaughton from SECMON1,who specialise at looking at Security inside your organisation, Data discovery, workplace investigations, Digital Forensics and Electronic discovery.
Former Senior Forensic Examiner with Victoria Police Force, Chris talks about how he landed in Cybersecurity.
We talk about an organisations risk in relation to Data and how SECMON1 use their Discovery tools and off course we lift the rug to understand how important it is for employees not to use company assets for malicious purposes.

See omnystudio.com/listener for privacy information.

Will it make us safer? or will the data it collects lead to greater social harm in future ? Cyber Security lead, Beverley decompiles the current issues with the Covidsafe app and chats to well-known identity, Shannon Sedgwick about his early days in cyber and his current role as Senior Managing Director at Ankura.
We cover how Australian’s might be feeling about the trust issues, the trade offs and downloading the app for the greater good.
Shannon Sedgwick is highly regarded in technology and cyber security circles in Asia Pacific. He is often seen appearing on TV, radio, and in print publications, delivering keynotes discussing cyber security, effective leadership, business development, governance, culture, technology risk, government policy, and breaking news events.
Shannon can be contacted through his website: ssedgwick.com

See omnystudio.com/listener for privacy information.

Relationship scams, COVID-19 scams, Investment scams - Right now, there are more opportunistic, professional cyber-criminals hard at work to catch you out than ever before. Deputy Chair of the Australian Competition & Consumer Commission, Delia Rickard joins cyber security expert, Beverley Roche to unpack the current threats to your safety and finances.
Listen to how to keep yourself safe online and how to report scams. Ask yourself #isthis4real

See omnystudio.com/listener for privacy information.

What are the types of threats we are facing right now? Highly motivated cyber-criminals are working overtime right now.
Former National Director Joint Cyber Security Program of Australian Cyber Security Centre - Lead Ryan Janosevic of Retrospect Labs takes us through the steps to help you be Cyber Resilient. Retrospect Labs came through the accelerator Program at CyRise and Ryan is an investor, supporter and champion of Cybersecurity startups (Cybersecurity venture program powered by NTT and Deakin University.
We discussed the importance of supporting Australian Talent and Australian start-ups to ensure the flow of talent into the future of the cyber-security industry.What should organisations be doing right now to be prepared and ready?
Ryan recommends businesses practice their incident response plans and develop playbooks to testing a whole of enterprise approach with all the business stakeholders - treat it like a fire plan and drill.
ContactRyan Janosevic and Jason Pangwww.retrospectlabs.com

See omnystudio.com/listener for privacy information.

How to avoid workplace issues that lead to staff being compromised by phishing emails. What are the behavioural cues that indicate cognitive load is high? Using a customer journey map to understand the workforce and what are the danger zones in their day. What controls, both human and technology based can we deploy to mitigate that danger zone?
Paul Burrow, Cybersecurity Behavioural Expert discusses "wicked problems" and quotes Tim Brown's "Human Centred design" as his guidebook.Wicked problems like “How might we get all Australian’s implement Two Factor Authentication”
How to get the right message to the right people at the right time. We discuss the importance of finding shared language and common themes, how to build a narrative to get a workforce engaged. Cognitive load in the workplace is challenging how and when we, as cyber security professionals intersect with reminding people to be extra vigilant when those phishing emails hit.
Connect with Paul Burrow on LinkedIn - https://www.linkedin.com/in/paulburrow

See omnystudio.com/listener for privacy information.

THE INTRO ​

• Louisa and Beverley are at the SIT Summit today in Melbourne and this episode is an event special to help amplify the learnings for those who couldn't attend, wherever they are in the world!
• The Security Influence and Trust Group, founded in late 2015, is a community of people who believe that collaboration, consistent messages and simple actions are key to empower people to protect themselves in the digital world.
• They are working together to amplify consistent tips that help the community to build online safety skills.
• They are industry professionals with a long history of building security aware cultures.
• The 4th SIT Summit was hosted by Telstra in Melbourne on 27th November 2019.
• Event agenda sit-summit-2019-agenda
• Event photos (under SIT News) https://sitempowers.com

​​​THE CHAT​​Louisa and Beverley share their insights from the sessions and also asked special guests Christie Wilson, Erica Hardinge and Susie Jones to also share some of their key take aways from the event including:​- Advice on starting an awareness or influence program from scratch- Why they are passionate about human security and why it is important- What were their key learnings from the day- What was the thing that surprised them most- What amplify means to them- What is the one thing the security industry could do to help improve human security​For the full Transcript of the chat visit this linkprovided for free by Otter.ai (unedited)​​CREDITS​Guests: Christie Wilson, Erica Hardinge, Susie JonesHosts: Beverley Roche and Louisa Vogelenzang https://www.cybersecuritycafe.com.au/co-hostsProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)​
USEFUL LINKS ​Darren Pauli's writing guide https://sitempowers.com/1571-2/SIT Guidebook https://sitempowers.com/sit-guidebook/More info on ANZ PACT referred to by Erica Hardinge https://media.anz.com/posts/2018/10/anz-encourages-australians-to-make-a-pact-to-protect-their-virtu​
CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

© 2019 by Cyb

See omnystudio.com/listener for privacy information.

THE INTRO ​

• Louisa has been in New York at a Cyber insurance conference and shares her insights from a couple of the sessions including what people want their cyber insurance policy to cover and whether or not millennials care about privacy including the impact digital savviness may have on this
• Beverley wants to know who the greatest conmen of our time was and Louisa thinks Frank Abagnale Jr. is a good candidate and there are lots techniques Frank used that are still used today.
• Louisa and Beverley discuss the different definitions of social engineering
• Beverley is excited to have Chris Gatford on the podcast today

​​​THE CHAT​​Chris Gatford is the director of Hacktive in Sydney, Australia and performs penetration tests for organisations all around the world. Chris has performed thousands of penetration tests in his career and has reviewed countless IT environments and has directed and been responsible for numerous security assessments for a variety of corporations and government departments
Chris has co-authored two books, including “Network Security Assessment: From Vulnerability to Patch” from Syngress Publishing.​For the full Transcript of the chat visit this linkprovided for free by Otter.ai (unedited)​THE DEBRIEF​

• Louisa is seeing some themes emerge from the podcast interviews in terms of the key skillsets needed to be in cybersecurity and the criticality of curiosity
• Beverley agrees with Chris on why it is so hard to secure the family home
• Beverley is also glad to hear that millennials are asking big questions about privacy
• Beverley shares her view on whether penetration testing can be outsourced including the use of bug bounty programs and the role of trust
• Why we need another podcast to look at how our roles might change in the future and how we prepare for that
• How the BBQ/taxi conversation has changed and why we need to be ready to change our message as the criminals evolve

​How to follow Chriswebsite: https://www.hacktive.ioEmail: chris@hacktive.io Twitter: @ChrisGatford​CREDITS​Guest: Chris GatfordHosts: Beverley Roche and Louisa Vogelenzang https://www.cybersecuritycafe.com.au/co-hostsProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)​
RESEARCH
Digital literacy survey mentioned at the panel discussion Louisa attended in New York https://www.nominet.uk/digital-generation-gap-remains-wide-open-older-generations-fail-embrace-new-technology/
Frank Abignale on why tech has made things 4000x easier for criminals https://www.techrepublic.com/article/famous-con-man-frank-abagnale-crime-is-4000-times-easier-today/
Splendour in the grass science tent https://inspiringnsw.org.au/2019/06/27/science-tent-returns-to-splendour/
Open DNS solution mentioned by Chris during the chat https://www.opendns.com​CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.