Presenters

Graham Ingram

General Manager - AusCERT

Graham Ingram is the General Manager of AusCERT. He took up the position in January 2002 after 17 years employment with the Australian government. Immediately prior to joining AusCERT, Graham worked with the Australian Department of Defence where he was responsible for managing computer security incident reporting and response for Commonwealth government agencies.

Graham has extensive experience in critical information infrastructure protection (CIP) and spent four years working in this area for the government. During this period he managed a number of major IT security and information protection issues including computer network attacks during the Y2K period and IT security threats to the 2000 Olympic games.

Since joining AusCERT, Graham has consolidated AusCERT as Australia's premier Computer Emergency Response Team (CERT) and strengthened its strategic relationships particularly in the Asia Pacific region. AusCERT hosts the annual AusCERT Information Security conference, the foremost IT security event in the Asia-Pacific region.

AusCERT is based at The University of Queensland which has one of the largest networks in Australia.

Graham has a BSc (honours).

Craig Burton

Manager of Electronic Voting, Victorian Electoral Commission (VEC)

Craig Burton has been a provider of remote electronic voting services since 1998 and was CEO of EveryoneCounts.com, which he founded, until 2008 when the company was sold to US interests. Now leading a major project to create a universally verifiable voting system at the Victorian Electoral Commission, Craig also consults to other Australian commissions on security and audits for electronic voting. Previously Craig built systems which served major elections including regional government elections in the United Kingdom, trade union elections in Canada, the Democratic National Convention elections in the USA and many others. Electronic voting and especially remote electronic voting have been described as one of the hardest electronic transactions to secure with the secrecy requirements preventing many conventional forms of audit.

Presenting: Safe e-voting - the ultimate in usable security

Banking and e-voting have little in common when it comes to security. Whether you bank online or at an ATM, you can always check your bank statement for mistakes or fraud. This is a form of verification. In paper elections you trust this check to scrutineers. In e-voting a completely different approach from banking security design and observation is needed. I will introduce some novel security work which seeks to make voting in Victorian elections electronic and fully verifiable from vote casting to the outcome of the count.

Jonathan Levine

Senior Information Security Analyst, AusCERT

Jonathan is a Senior Information Security Analyst in the Co-ordination Centre at AusCERT. He works in the CC Team monitoring threats and responding to member requests for incident handling.

He holds a Master of Information Technology and a Bachelor of Arts from The University of Queensland, and has over ten years experience in the IT industry.

Jonathan has been involved in telecommunications and computer systems from an early age, is somewhat of an audiophile, and has particular interests in web-based security and development, internet radio, and electronic music production.

Presenting: The smarter devices become... the deadlier the possibilities

What do cars and medical devices have in common?

Both are potentially deadly targets for hackers.

Researchers have recently shown that today's modern computerised cars and modern medical devices such as pacemakers and insulin pumps are susceptible to various methods of hacking both physically and wirelessly, which could potentially cause fatal injuries or death. This presentation will reinforce that as we continue to make technological advances by incorporating computer/smart technology into everyday life, we need to seriously consider the implementation of proper security controls and authentication into these devices before human life is lost.

Scott McIntyre

Telstra

After over a decade as the Chief Security Officer for a certain ISP in The Netherlands, Scott's gone antipodean and now works as the Senior Technology Architecture Specialist in Security Operations for Telstra and is based in Melbourne. A regular speaker at AusCERT, FIRST and many security conferences around the world, Scott attempts to combine humour and insight into his IT security presentations. He holds several academic degrees (from BSc to PhD) but has found more value out of hands-on and real world experience. Despite being in Internet/IT security for over 20 years, Scott still refuses to wear a tie, Go Management, or give up his shell prompt. And yes, he actually stood second in line for over 7 hours to get his iPad 2. It's unclear how long he will be waiting in a queue for his yet to be announced iPad 3.

Lindsay Ellin

GM Trust and Safety, Carsales.com. Limited

Lindsay Ellin is the GM for Trust and Safety and Customer Retention for the organisations various online classified websites and businesses. Lindsay has been with Carsales.com Ltd for 11 years in various roles, with a strong focus in Customer Service and Product Development.

Lindsay has been instrumental in building the fraud prevention strategies for Carsales over the past 8 years. With a key focus on investing in technology to automate manual processes, the organisation has been able to significantly reduce the level of manual intervention required to protect their customers from falling victim to cyber crime and better invest resources into more proactive trust and safety initiatives. Prior to joining Carsales.com Ltd. Lindsay worked in Finance roles within the Health and Manufacturing Industries.

Presenting: Fighting Fraud - From an Industry perspective

This presentation will provide an insight into how a business said - "It's Ok to talk about fraud" and became very proactive and successful in fraud prevention.

Pierre Tagle

Practice Lead for Governance, Risk and Compliance (GRC) at Sense of Security

With over 12 years’ experience in the industry, Pierre has extensive senior management and consulting experience across a wide range of industry sectors. He is acknowledged for his capacity to build compelling business cases backed by in-depth analysis, logic and research into current trends and business needs. Pierre holds a Ph.D. in Computer Science from La Trobe University in addition to Bachelor of Science degrees in Physics and Computer Engineering. He also carries the CISA, CRISC and PCI QSA designations. Based in Melbourne and with wide experience across various frameworks and standards such as ISO 27k and PCI DSS, Pierre leads SOS’s GRC team in providing a comprehensive range of information security and risk management services.

Presenting: Managing Security in the Cloud: Keeping Your Service Provider Honest

Gartner Research indicated that in 2012, around 80% of Fortune 1000 enterprises will pay for cloud computing services while another 30% will pay for a cloud-computing infrastructure. While the benefits of using cloud computing are numerous, so are the risks. Managed services providers now provide opportunities for organisations to consider outsourcing not only general hosting services, but also cloud services, infrastructure and the management of operational requirements including security functions. Moreover, as service providers themselves outsource part of their own operations, the downstream liability now stretches beyond the primary vendor. Organisations must have a clear understanding of the risks inherent in delegating management and controls of its infrastructure and related functions. It is equally important that these risks are managed using non-adversarial strategies that allows for a mutually beneficial relationship between the organisation and the service provider. This presentation seeks to outline some of the risks, compliance requirements and corresponding strategies to manage security considerations in using third party services.