It was fascinating to attend my first Australian Cyber Conference in Melbourne last week as both an attendee and member of the AISA Sydney Branch committee.

The theme of #cybercon19 was “Change the rules, Up the Game” and it certainly delivered.

I was staggered by the scale of the conference, the biggest one AISA has organised to date – there were 3,600 attendees from 24 countries, more than 140 speakers and in excess of 120 sponsors.

The major social event of the conference, the Bloc Party, saw hundreds of people networking in the one room.

It’s an indication of how much the cyber industry has grown in Australia and how seriously companies are taking this aspect of their business.

I worked as room monitor for part of the conference and had the privilege of engaging with many of the speakers. I was particularly interested to hear perspectives from speakers such as Olivia Grandjean-Thomsen, Communication and Engagement Manager at AustCyber – who discussed the best way to talk about cyber security for greater influence and impact; Melissa Wingard (Special Counsel Phillips Ormonde Fitzpatrick) who gave a great talk on the legal ramifications of testing and penetration testing and agreement of what is in scope and out of scope; and Poland’s Paula Januszkiewicz, one of the very popular keynote speakers, who took the audience through 10 live demonstrations of a variety of hacks.

Another highlight was a presentation on cyber insurance by Dr. John Selby, an academic at Macquarie University. While it sounds like a really dry topic, Dr. Selby brought it to life by discussing the case study of Mondelez vs Zurich. It was interesting to explore why Zurich refused to pay claims, relying on an exclusion in the policy for “a hostile or warlike action” in relation to the NotPetya attack.

It left many of us wanting to head back to the office to scrutinise exactly what is included in our insurance policy terms and conditions. The case may also set a precedent for insurance coverage and payouts in the future. Many organisations don’t take out cyber insurance as they believe they won’t receive payouts – this case is a good test of that supposition.

It was also fascinating to hear about how Australia is encouraging the next generation of cyber security experts.

James Curran, Associate Professor and Computing Education Specialist from the Australian Computing Academy, spoke about developing cyber security skills in the Australian classrooms; and Bruce Fuda (Academic Director of the Australian Computing Academy) spoke on how the industry and teachers can help to teach cyber security skills in Australian schools. A cohort of teachers were even invited to attend the conference for a day to learn what is available and what they can take back to their schools to teach cyber security skills.

One of the most heartening aspects of the conference for me was seeing so many women in the room. There were 22% female attendees, with AISA aiming for 30% next year.

The final keynote speaker from the United States, Accenture Senior Security Executive Tammy Moskites, congratulated Australia on its gender diversity in the sector. She frequently attends cyber security conferences throughout the world and said she never usually sees so many women in the room.

I touched base with many technicians, business owners, consultants and business development executives during the conference and they all talked about their efforts to find new and specialised staff – it takes a lot of resources, time and creative ideas.

That is why I believe it’s vital that we actively encourage more young Australians, both men and women, to enter the field. It will be impossible to fill all the roles that will be required in Australia moving forward without both genders stepping forward.

I can’t wait to attend the 2020 Australian Cyber Conference next year in Melbourne. It was such a buzz to be surrounded by so many engaging, talented cyber security experts from around the globe.

Pictured main: Keynote speaker James O’Loghlin