Security Specialist, Adli Wahid, presented on the challenges faced by those who are new in the cyber security industry, and how they can get involved and be proactive.
2. About Adli
• Friend of Jacomo!
• Lets connect!
– @adliwahid (Twitter, LInkedIn)
– Blog: https://blog.apnic.net
• Security Specialist @ Asia Pacific
Network Information Centre (APNIC)
– www.apnic.net/security
• Board Member of the Forum of Incident
Response & Security Teams (FIRST)
Jacomo!
2
3. APNIC’s Vision:
A global, open, stable, and secure Internet that
serves the entire Asia Pacific community.
How we achieve this:
• Serving Members
• Supporting the Asia Pacific Region
• Collaborating with the Internet Community
3
4. Security Outreach
4
Craig Ng
Promoting security best
practices in the
APNIC community
NOGs, CSIRTS and LEA
events
PK, CN, HK, KR, JP, PH
SG, MY, ID, AU, TW
Collaboration with JICA
and KISA to deliver
regional CERT training
Geoff Huston member of
ICANN SSAC
Adli Wahid member of
FIRST Board
MoU with APCERT
Interpol Global Cyber
Crime Group
Adli Wahid
www.apnic.net/security
10. Where or how do I start?
Breaking down
• Knowledge & skills
• Access to threat intelligence
– On to trusted communities
• Access to people, expertise
– Mentoring, coaching
– Sharing of experience & lessons learned
• Challenge
– Trust
– “Don’t know anyone”
10
13. Different communities
• Open Source projects
– Github!
– Many security projects to join
• Local communities
– Activities
– Sharing ideas
– Mentoring
• Special Interest Groups
– FIRST (www.first.org)
– Honeynet Project (www.honeynet.org)
– OWASP (www.owasp.org)
• Examples
– Network Operators Group (NOGs)
– New Zealand Internet Task Force (NZITF)
13
14. Can I trust you? Who are you?
• Certain security groups are not easy to get involved with
• What am I sharing?
– Ongoing investigation
– My data / access
• Solutions
– Trusted introducers
– Web of trust
– Traffic light protocol
14
16. What can you do?
• Individual
– Start now
– Get together
– Make introductions
• Leaders
– Encourage & motivate
• Businesses & government
– Support
– Provide platform & resources
• Law Enforcement
– Awareness
• Everyone has a role to play
16
17. APNIC’s approach
• Capacity development
– Internet Infrastructure
– Cyber Security*
• Online training
– http://training.apnic.net
• Strategic partnership
– Various stakeholders
– Regional & global
– Shared goals
17
19. Internet Operational Research Grants
19
New fund supporting the Internet research
community in the Asia Pacific
Research aiming to improve availability,
reliability, and security of the Internet in the
Asia Pacific
Network
measurement
and analysis
IPv6 deployment BGP Routing
Network
Security
Thank You!
Evangelist
Training & Workshops
Security Initiatives for APNIC
Security specialist Adli Wahid, is working with different teams within APNIC as well as building relationship with potential and new partners that APNIC can leverage.
Adli was recently elected as a board member of the Forum of Incident and Security Response Teams
Build capability through training, providing content on security at APNIC and LEA training
Participation in NOGs, inter-governmental forums, CERTS etc. We take that knowledge and share it with Members to raise awareness
Highlighting relevant initiatives to Members to improve security such as IRT objects in whois, RPKI, and SAVE (BCP 38)
We also supported security community events such as the PHCERT & APCERT Conference this year
MOU with APCERT in the area of promoting security awareness, improving incident response and supporting capacity development activities
A lot of problems and attacks
Moving Slower Than the Defender
Public Sector is Behind
Do we expect SLERT to do everything?
We have to realize that different economies have different Cyber Security Environment. Some have frameworks, policies and institutions in place. But others don’t.
Even if you have everything in place – there is a lot of dependencies.
You need to look at the bigger picture
At the end of the day who is going to fix this problem?
Formal – preconditions, costly, etc takes time
Conference happens once a year
Win-win approach & through various means
APNIC is the secretariat of ISIF (Internet Society Innovation Fund)
Help spread the word about ISIF grant – covers IPv6 and Operational Network Security.
Up to 60k AUD grant