AISA’s (Australian Information Security Association) annual CyberCon conference was a sight to behold, with an amazing lineup of panelists, keynote speakers, and some female attendees (at last!).

Set against the (unusually) sunny, crisp backdrop of Melbourne’s South Wharf, the conference was an immersive two days of contentious debates and discussions on just how pervasive and imperative cybersecurity is becoming in today’s world and how it’s evolving.

As a first-time attendee, I was pleased to see a variety of sessions including diversity, innovation, IoT, executive engagement, hacking into systems, leadership, and learning to be proactive rather than reactive in a dangerous and changing world. My colleague Louise Young and I decided to divide and conquer, attending a select handful of sessions. Here are my key takeaways:

  • Prioritize innovation and keep an open pathway for it. I couldn’t get enough of the innovation Kool-Aid at CyberCon, from the innovation sandbox to the panels on how to work with startups. One thing was clear: More organizations are diverging from mainstream products and services and large vendors to beckon cybersecurity startups. Why? Panelists Kristin Lyons, Berin Lautenbach, and Craig Templeton told us all about it during their session, raising issues like flexibility, innovative pricing models, influencing the startup road map, and aligning to an idea that has been nurtured from the ground up.But they didn’t shy away from calling out the challenges and missing pieces holding back Australian cybersecurity startups. My favorite quotes were from Jeff Paine, founder and CEO of ResponSight, who said: “There is such thing in Australia as innovation theater: Firms love innovation as a concept. They like to stand near innovation and bask in it — but when it comes down to it, they’ll tell you to go to their procurement team.” Prerana Mehta, chief of ecosystem development at AustCyber, talked about how frequently Australian startups jump ship to the US to make a quick buck and kick-start their career. This does nothing to support local talent, ideas, and startups. A large part of changing this culture is identifying and quantifying the impact startups have on the economy. There’ll be more on this in our upcoming research on capturing innovation in your security program.
  • Embed diversity into strategy and deliver on it every day. How many times have we all heard just how important diversity and inclusion initiatives are? Or how they are sewn into the corporate vision and are part of the DNA of an organization? In reality, performance management systems, hiring approaches, and training programs remain homogeneous, with zero recognition of what real diversity looks like! The very candid and honest panel at CyberCon left nothing off-limits when discussing diversity in thinking and innovation. We’ve been hearing for some time now about how detrimental the skills shortage in cybersecurity is becoming, but how true is it really? Jessica Reesby, CEO of Reesby IoT Recruitment, said it frankly: “It’s simply not true. People aren’t working hard enough to find talent. We don’t have a skills shortage; we have a hiring and recruitment problem!” Tom Larter, CEO of WithYouWithMe, an infantry officer and leader in the Australian Army, said that he faced the biggest diversity challenge when he returned to the corporate world after his time away and that he found more diversity in his service team abroad.
  • Protect citizens against growing cyberrisks. Australia’s eSafety Commissioner Julie Inman Grant led a discussion on disrupting the spread of illegal content in the online world, evoking mixed emotions of sadness and responsibility. The sheer number of citizens, especially minors, who fall victim to online cyberabuse is growing at a ridiculous rate. Bruce Schneier said it perfectly during his keynote: “In a world where technology improves and advances every day, how do we as an industry secure devices whose software becomes redundant so quickly?” We are operating in a world where technology changes by the time we go to bed and start our next day. To do more than just survive, we need to rethink our approaches to online safety, education, and cyberawareness. Advances in technology will help us — but ultimately, what is more effective than hardening our human firewall?

Thank you, CyberCon, for the insightful and challenging panels and discussions. I look forward to seeing more diversity in discussion, attendees, keynote speakers, and panelists to continue to expand the cybersecurity conversation!