ACSC dumps annual conference, partners with AISA for cyber events

Australia's cybersecurity agency joins the nation's peak body for cyber professionals to deliver development programs through the government's Joint Cyber Security Centres.

The Australian Cyber Security Centre (ACSC) has dumped its successful and well-respected annual conference, which had been held in Canberra from 2015 to 2018. 

In its place, the ACSC has launched a partnership with the Australian Information Security Association (AISA) to deliver a "high impact program of events" for security professionals in 2019.

The two organisations announced on Tuesday that the ACSC's conference activities will now be rolled into AISA's national conference in Melbourne on 7-9 October, rebranded as the Australian Cyber Conference and #CyberCon.

ACSC head Alastair MacGibbon said that with the proliferation of cybersecurity events, admittedly of "varying quality", the government does not need to be operating in this marketplace.

"My people are not paid by the taxpayers of Australia to be conference organisers. It's not what you want a cybersecurity centre to be doing," MacGibbon told ZDNet.

"That does not mean the cybersecurity centre shouldn't participate in a conference, provide IP, lend its brand, and do other such things. But I shouldn't have paid staff offline working out what the alternate drop [of menu items] should be at a conference dinner, and deciding who the musical entertainment should be."

MacGibbon said the partnership allows the ACSC to "take advantage of AISA's reach and experience" in delivering skill-building events for cybersecurity professionals and providers in Australia.

The ACSC will still run events, he said, but more on the scale of "30 people in a room talking about a very specific exploit, or very specific solution".

"The ACSC continues to focus on our core business of making Australia the safest place to live, work, and play online through our cyber security resilience programs."

The expanded conference program will include a dedicated ACSC conference track, some ACSC dedicated training, and a "Five Eyes Panel", according to AISA chair Damien Manuel.

"Profits from future Australian Cyber Conferences will go back into growing cybersecurity as a vocation in Australia, critical at a time when cybercrime is harming more Australians every day," he said.

The two organisations will also deliver a program of events for cybersecurity professionals through the ACSC's national network of Joint Cyber Security Centres. The details are still to be worked out, however.

The challenge of finding your purpose

One less major cybersecurity conference in Australia is probably a good thing. In this writer's view, the proliferation of smaller conferences has led to a dilution of quality and plenty of same-again content.

"There's been a need for the Australian security conference scene to consolidate," says James Turner, founder of CISO Lens told ZDNet.

"It's better for the whole industry to have fewer, larger events because the good ones gain their own gravity. This means that people can go and organise lots of one-to-one meetings around the conference because everyone is in the same city at the same time."

The ACSC and AISA conferences have both been growing fast, and both are highly regarded, but until now they've been different beasts.

The ACSC conference's official government branding lent it a certain authority, and made it the natural venue for presenting government policy and research. That in turn made it attractive for speakers from foreign governments and law enforcement agencies. It also made it easier for organisers to keep vendors in line, which helped prevent the conference from turning into a series of thinly-disguised sales pitches.

The AISA conference, meanwhile, has developed a practitioner and industry focus, which by its very nature is more vendor-friendly. If nothing else, hearing about the latest commercially-available technology, and learning how to use it, is important.

One key challenge, then, will be merging these two different approaches into the one conference -- and then differentiating it from the long-established AusCERT Cybersecurity Conference held in the Gold Coast each year.

That said, AISA's submission guidelines for conference speakers note that applications will only be accepted from relevant speakers and researchers. Submissions from PR firms or marketing representatives will not be accepted, and product or vendor pitches are also disqualified.

"Submissions that include exciting new research, tools, vulnerabilities, new topic areas, [and] new techniques or methodologies will be given priority," the guidelines note.

CyberCon to be the centrepiece of Australia's Cyber Week

AustCyber, the Australian Cyber Security Growth Network, is keen to see their annual Cyber Week become the premier event for showcasing the nation's cyber capabilities.

In previous years they'd partnered with SINET61, the joint conference of the security innovation network SINET, and the CSIRO's Data61. Cyber Week was marketed using SINET61 as the centrepiece event.

This year, AustCyber is partnering with AISA to make the Australian Cyber Conference the week's centrepiece.

AustCyber is "really pleased" with the ACSC/AISA partnership, according to their chief of strategy, Belinda Newham.

"We think it gives us the opportunity to really drive that focus during a single week in Australia," Newham told ZDNet.

Related Coverage

Australian government gives Amazon Web Services protected level certification

The cloud giant can now store highly sensitive workloads for Australian government entities.

Australian government lags UK in deploying DMARC email spoofing prevention

DMARC email authentication can significantly reduce the risk of phishing attacks, but only 5.5 percent of Australia's main government domains have deployed it. That's set to change.

Google latest cloud to be Australian government certified

12 vendors, including eight global players, sit on the Australian Cyber Security Centre's secure cloud provider list.

ASD and ACSC looking beyond list compliance approach to security

The National Audit Office can make adverse findings against departments, but ASD head Mike Burgess is satisfied agencies are taking security seriously.