LIGHTS. CAMERA. ACTION.
SEKURO’S FIRST CONFERENCE WAS A SUCCESS AND PROVIDED MANY INSIGHTFUL INDUSTRY TAKEAWAYS.
On October 20, 2022, we held the first SekuroKon at The Grounds of Alexandria in Sydney. It was Sekuro’s first conference, coming right off the back of our first first birthday which was celebrated earlier in the week. A week of milestones!
It was an exciting day full of enlightening topics directly related to our industry alongside themes we face often in our day-to-day work lives that we need to talk about. It’s fair to say that attendees would have left the event with many interesting insights and considerations.
The day kicked off with Welcome to Country by Matthew Doyle, Cultural Consultant and descendant of the Muruwari People from Northwest NSW.
TRIUMPH IN CHALLENGES (KEYNOTE)
This was followed by an inspirational talk, Triumph in Challenges by Noel Allnutt, Managing Director at Sekuro. Noel unpacked resilience lessons for a digital future. Noel taught us that things always go wrong but we need those challenges to build strength and turn obstacles into opportunities.
Noel also touched on building courage and how preparation makes you brave. He shared an inspiring example of how one of the graduates at Sekuro took initiative to volunteer for a difficult task. He referred to the Stockdale Paradox and how to prevail despite difficulties. “No matter what is happening around us, it is on us to prevail and move forward. We need to have this mindset to keep moving forward with resilience.”
A FEARLESS FUTURE: THE CASE FOR BUSINESS RESILIENCE
Prashant Haldankar, CISO at Sekuro, boldly danced across the stage to open the next session A fearless future: The Case for Business Resilience. The session dove into the journeys taken in bringing other business leaders along while the case for resiliency is built.
Some key points from the interesting discussion included:
- Start small, take bite size chunks on a project and show your wider team the “why” when driving change in your organisation.
- Get your teams involved earlier! Take your relevant stakeholders on the journey early so no context is lost when it comes to trying to drive/implement larger change.
- Change management and communications are overlooked at many organisations but they are key strengths. When seeking change, have data to back you up and speak the board’s language.
THE CONTROVERSIAL GAMESHOW - "SOUND YOUR HORNS IF YOU DISAGREE!"
The Controversial Gameshow, hosted by Shamane Tan, Chief Growth Officer at Sekuro, provided a loud and clear, attention-grabbing conversation around industry challenges and different perspectives on how to approach them from a CISO, CRO and CIO point of view. Our guest speakers provided valuable insights on how our different CxO peers can collaborate better for a more meaningful outcome.
“Sound your horn if you disagree!” literally, there were horns and it got noisy!
The session explored some of the following controversial questions (all in the spirit of light-hearted fun):
- Try getting money out of the CFO’s wallet!
- The CISO is boiling the ocean and can’t see the future.
- The CISO should report to the CIO
- The CRO doesn’t understand technology
And the horns were blaring!
Some of the key learnings from this session included:
- You have to know what you are asking for when approaching other executives and be able to articulate why it can help the business run to its best potential. You need to explain the why and the how. Finally, provide options to help them with their decisions!
- Use terminology that everyone can understand. Stay away from jargon that complicate the communication.
- Challenge unrealistic expectations. E.g. “Everything is important and should have been completed yesterday.”
- Risk acceptance has to come from the top down.
- Empathy is important. Be able to walk a mile in the other person’s shoes and respect that backgrounds are different.
- Find out what your request means to the executive you are approaching and their opinion on it as well.
BOARD TANK - MEET YOUR SHARKS
Shamane continued to use her enthusiasm and charm as the fantastic host of Meet Your Sharks! In this unique interactive segment with a Board, attendees broke into two groups to review a case study and had the opportunity to pitch in front of the sharks. The session provided unfiltered feedback on how you should be presenting to the Board on risks and convince your directors to give you the budget you need.
There were insightful learnings which no doubt will be serious topics for continuous discussion as we navigate increased cyber risk. It was a sobering fact that Boards are coming to terms that cyber teams can’t stop breaches earlier. Security is a topic that is still relatively new to some Boards and they are now having to frame enterprise risk management with cyber security considerations. However, as Board members have individual liability and responsibility, it can add additional pressure when making decisions that are between a rock and a hard place. Making the wrong decision on how to approach a cyber attack can result in further financial loss or brand extinction.
THE SECRET SAUCE TO SECURE BUSINESS ENABLEMENT
The Secret Sauce! was presented by our power duo, Customer CISO Lee Roebig, and Field CTO, Jason Trampevski, as they demystified a few cyber security topics and showcased how cyber security could be a business enabler.
Lee spoke about how Secure Business Enablement and Cyber Security goals can often clash, but provided advice on how to overcome this problem. He touched on why employees aren’t interested in following organisational security policies by default, explaining how employees in most organisations are judged more on their results in their respective areas, not their compliance or adherence to information security policies. In the past, we’ve taken a ‘block by default’ stance, which can lead to a poor experience for employees. This can lead to a whack-a-mole approach, one where employees regularly try to get around security controls to get their work done. This is a sign that security is a productivity dampener in the organisation.
“As security professionals, we shouldn't be the oppressor. We should be the helpful protector by providing balanced security controls led not just by security, but by empathy towards our end users."
In order to make security the enabler, security controls need to be fair and seamless and users shouldn’t feel the need to work around it. By embarking on a strategy led by empathy, employees end up approaching security willingly for help and guidance, reporting scams and suspicious activity regularly, and ultimately following security by choice. Lee believes a Zero Trust Strategy is key to achieving that and goes into detail to explain why.
ZT isn’t about zero trust but more so contextual trust. Jason explained how to implement it: “Understand what Zero Trust looks like in your organisation from a holistic view by evaluating 8 core pillars: People, identities, endpoints, networks, infrastructure, applications, data, and analytics.”
He explained how to get there (not overnight) by giving examples of guiding principles and real-world use case examples such as connecting users to cloud apps and private apps.
To help ‘unravel the spaghetti’, Jason provided three tips:
- Integrate your security solutions together, gain more context
- Make more informed decisions, improve time to detect and respond
- Focus on what you can do, not what you can’t do. 50% of Zero Trust is better than not having it at all.
THE VENDOR SHOWDOWN
Lee and Jason continued with The Vendor Showdown! This fun, light-hearted session involved vendors debating their take on the industry’s challenges and perspectives.
Some key insights for this session included:
- You have to have visibility into the assets you have at your organisation.
- 25% of attacks occur from the assets you weren’t aware you had
- 80% of attacks leverage stolen credentials
- Threat hunting requires skilled people who think out of the box and solid data
BUSINESS RESILIENCE LIVE
We were in for a treat with the next session. Noel Allnutt hosted Shane Lee & Brett Lee while giving us a live podcast of The Building Resilience Podcast. Brett shared the importance of owning the belief in our own abilities to execute and achieve our goals, despite any setbacks.
Another interesting key point discussed was overcoming the fear of providing pushback to our teams – a topic that is rarely spoken about in a business context.
Both brothers spoke on the importance in bringing out the motivating driver of individuals and aligning them to overall team goals as a formula for success.
MENTAL HEALTH MINDFULNESS & RESILIENCE
Finally, in one of the most important conversations of the day, Nick Flude, Chief Marketing Officer, took us on a deep dive into the Cyber Mental Health Research initiative that Sekuro conducted.
It probably doesn’t come to a surprise to many in the industry but cyber security has a mental health problem. Ahead of Mental Health Awareness Month in October, Sekuro surveyed cyber security professionals to find out how they have been coping over the past two years. The results reveal that the pressure to prevent attacks at all costs has come at the expense of our industry’s most valuable assets – our people.
Some key insights included:
- 9 in 10 Cyber Professionals have experienced mental health challenges in the last 2 years.
- 51% of Cyber Professionals reported mental health struggles due to poor culture and/or management styles.
- 37% of Cyber Professionals are quitting their jobs due to mental health issues and jumping into new industries.
Nick discussed a few ways cyber security professionals said they improve their mental health such as getting outside, staying active, spending time with family and friends and setting clear boundaries at work.
David Thomas from Lifeline Northern Beaches joined as a guest to discuss the report, provided some insights and helped to introduce the upcoming Cyber Walk for Mental Health that Sekuro is hosting with Zscaler. All donations will be given to Lifeline Northern Beaches.
NETWORKING AND DRINKS
The event finished with a sundowner networking over drinks and nibbles and a beautiful, bright performance by an electric violinist!
Many thanks to everyone who came along, to all the speakers and for all who supported and participated in the event and its planning. From managing risk to overcoming challenges, from taking a walk in someone else’s shoes to mental health, all of the topics interweaved and complimented each other, and gave us a lot to think about. Stay tuned for more content from SekuroKon 2022.
Here’s to SekuroKon 2023!