6 minute read
Incident response competition
MEGAN KOUFOS
by Megan Koufos, Program Manager at AWSN
For the second year running the Australian Women in Security Network (AWSN) and Retrospect Labs partnered to provide a competition-style incident response exercise for women across Australia working, studying or interested in the sector. Forty-eight teams each with up to five members participated in the competition. It started on 7 November 2022 and ran for one week.
The competition was very timely, coming as it did in the wake of recent high-profile data breaches suffered by major Australian organisations. These incidents highlighted the importance of end-to-end incident response processes. They showed there is more to incident response than its technical aspects, and they demonstrated the importance of having people with diverse skills working together to respond effectively to an incident.
AWSN Founder and Executive Director, Jacqui Loustau, said the competition had given women in cybersecurity from different backgrounds an opportunity to gain hands-on experience of the endto-end incident response process.
“They get to experience the technical side, management of the media, dealing with the legal implications and communicating with executives. It’s also a chance for them to meet and work with others in the industry who they may not know. We hope they come away with an appreciation of the incident response process, and of other areas they could potentially move into.”
The 2022 competition was based on the success of the 2021 competition, which saw 100 women participate, but had 250 spots available. AWSN had also offered, prior to the competition, a twoday, hands-on incident response training course in partnership with Retrospect Labs and with sponsorship from ASD. It enabled 45 women to make sure they had the right foundational knowledge and skills.
For the competition teams of up to five participants with mixed skill sets were formed to work through a scenario that simulated a real-world cyber incident impacting a fictitious organisation.
The scenario was designed to test participants’ incident response skills. It incorporated a number of common aspects of incident response. These included forensic artefacts that participants had to analyse to identify various indicators of compromise, understand what malicious activities had occurred and the tactics, techniques and procedures adversaries had used to execute their attacks.
Participants were also required to perform tasks related to managing the media, providing communications to senior leadership, and dealing with the legal and privacy implications of the incident.
Experienced mentors were available on call to support participating teams when they got stuck. Teams also had access to a case management platform on which to track tasks and progress and coordinate their efforts (Essential to any incident response operation, and particularly useful when managing an incident remotely).
Teams were required to complete a number of tasks and submit a number of artefacts to a panel of judges—experts in their respective fields—who assessed their performance against key criteria.
Retrospect Labs Co-Founder, Ryan Janosevic, said preparation for a cybersecurity incident was crucial to enabling an effective response.
“We need diverse teams with diverse skill sets in incident response if we are going to achieve good outcomes. Exercises are a great way to help train our incident response teams and help get them ready for an incident. Partnering with amazing organisations like AWSN means we help to get more women involved and interested in incident response. We love these events. We love enabling them, and we think it is important to give back to the community whilst also making the community stronger through the addition of even more awesome incident responders.”
WINNERS
All teams made us proud. Congratulations to everyone who took part in the competition, and a big congratulation to the 31 teams that completed every task and every aspect of the competition. We were impressed to see how dedicated every single team was, how much perseverance they displayed, and their desire to learn and improve. But it was a competition, so there had to be a winning team! Apart from striving for the glory of being crowned the winning team, everyone competed to test their incident response skills, to gain hands-on experience in responding to a malicious incident and for prizes that went above and beyond the norm for events like these.
HUGE CONGRATULATIONS TO THE FOLLOWING TEAMS:
OUR WINNING TEAM
Simone Van Nieuwenhuizen, Imogen Turner, Amy
Nightingale earned the title Winners of the 2022 AWSN Incident Response Competition.
Each team member received:
• An opportunity to meet security leaders at either the Australian Signals Directorate or the
Commonwealth Bank. • Their choice of a SANS training voucher or a Cyber
Leadership Institute training voucher. • Competition merchandise.
SECOND PLACED TEAM
Nidhi Singla, Kristy Reid, Rebecca Barnett, Della Susan Jose.
Each team member received:
• An opportunity to meet security leaders at either the Australian Signals Directorate or the
Commonwealth Bank. • Their choice of either a Retrospect Labs
Ransomware Live Fire training voucher, a Cyber
Leadership Institute training voucher or a DDLS training voucher. • Competition Merchandise.
THIRD PLACED TEAM
Samira Shaikh, Vannessa Van Beek, Qianyi Li.
Each team member received:
• AWSN membership. • Competition merchandise.
This initiative was a huge effort by the community. Thank you to:
• The Retrospect Labs team – Ryan Janosevic,
Connor Shannon and Jason Pang for all of their hard work creating the new scenario, managing the logistical aspects of the competition and enabling it to be successfully (and seamlessly) delivered to participants through their cybersecurity exercise platform, Gauntlet. • The Australian Signals Directorate (ASD) and the Commonwealth Bank of Australia (CBA) for generously sponsoring the competition. • The Cydarm team for generously providing their case management system for participating teams
to use. • Helen Hendersen from Board Impact for providing guidance, tips and tricks on what to include in an executive briefing and Carl Woerndle from
MyEmpire for his presentation on how a cyber incident can affect an organisation, and what to consider during an incident. • Mentors - CJ Fairhead, Laurie Tonks, Daniel Hood,
Jayme B and Phoebe Whelan who generously gave their time to support the competition and its participants. • Judges - Kevin O’Sullivan (from Kinetic IT) evaluated the teams’ ability to produce an effective executive briefing. Karen Croughan (privacy legend) looked at the legal and compliance considerations produced by each team. Shanna Daly (incident response guru at Cohesive) examined teams’ forensic skills.
Christine Eikenhout (from the Australian
Cyber Security Centre) assessed teams on the effectiveness of their media statements and ability to communicate. • SANS Institute, Cyber Leadership Institute,
DDLS, Australian Signals Directorate (ASD), and
Commonwealth Bank of Australia (CBA) for their generous donation of the incredible prizes.
We love being involved in providing these learning and networking events in collaboration with government, private sector, startups and industry groups. They provide women with the opportunity to try out incident response, get hands-on experience and build confidence. They also demystify some of the technical parts of cybersecurity and contribute to increased diversity in security. These events are also important to help Australian security startups. By providing opportunities for practical application of their services and tools they support learning experiences, help them grow, stress-test their offerings and gain exposure in the industry.
Watch out for upcoming Incident Response Training starting in 2023.
www.linkedin.com/in/megankoufos
Thankyou
Platinum
Gold
Silver
Bronze
STUDENT IN SECURITY SPOTLIGHT
