Skip to main content

about

Table of Contents

I live in Canberra with two dogs, and spends my day working hard to keep them in the manner to which they’ve become accustomed.

the official biography #

Iain is the Full Spectrum Cyber Practice Lead for a large multinational, and provides oversight and support to all of its programs for technical cyber security. He has worked across a number of critical federal government programs, including delivering security operations capabilities, large enterprise scale software systems, a breadth of other enterprise IT services and more recently secure military platforms. He has previously worked as a Cyber Research Engineer and as an Assistant Director for Cyber Threat Intelligence within the Department of Defence. He is also one of the founders of ComfyCon AU, a virtual conference founded as a direct response to the cancellation of cyber security conferences due to the COVID-19 pandemic.

the unofficial biography #

presentations and publications #

2023 #

Supporting Mission Assurance and Securing Autonomous Systems through Cyber-worthiness Principles #

Military Computer Information Systems Conference 2023

Australian Defence Force Cyber Skills Challenge November 2023

Technology in Australia is evolving and we are seeing a natural convergence of Information Technology (IT) and Operational Technology (OT) concepts. As the demand for autonomy in systems increases, gradually removing humans from the decision-making process, it is critical to emphasise the need for wholly assured resilient systems. Compounded with this, unlike a traditional system where the platform/crew of the capability are developed and evaluated, the platform in an autonomous system is responsible for all operations. Therefore, the software of the platform is explicitly linked to the safety of that system; when actions are driven by 1’s and 0’s within lines of code, the potential to steer a ship into a catastrophic event or instruct a helicopter to shut off enabling systems is inherently greater. Cyber-worthiness principles can inform trust and assurance methods to help secure autonomous systems used in support of military operations.

This presentation explores the development of processes for the application of cyber-worthiness principles—the concept of developing a system that can defend against cyber intrusions within a given mission context—and its application within an overall mission assurance context. We discuss the importance of the mounting of a safety case for an autonomous platform, and how lessons learnt from the IT side of the IT/OT divide can be applied and tailored for mission critical systems.

    / [pdf]

ComfyCon, Risk-Based Cybersecurity, and Reconsidering Breach Penalties with Iain Dickson #

Secured Podcast August 2023

In the latest episode of Secured, Cole Cornford chats with Iain Dickson, Full Spectrum Cyber Practice Lead at Leidos Australia, a technology company working across defence, aviation and national security. Iain is also the co-founder of ComfyCon, an online cyber security conference which was started in response to the many event cancellations caused by the 2020 covid lockdowns.

Iain chats with Cole Cornford about taking a risk-based vs a compliance based-approach to cybersecurity, why punishing a company for their security breaches can sometimes be a bad idea in the long run, the importance of communication skills, and plenty more.

2013-2023 in Cyber: Why are you still banging your head against a brick wall? #

SecTalks Canberra February 2023

I was driving home recently and realised it had been a decade to the day that I had entered the cyber security industry, both bright eyed and bushy tailed - way back when cyber was a euphemism for something you did in your bedroom. 10 years later, slightly jaded, somewhat cynical, but still passionate as ever, I have worked with some amazing people through some of the most interesting and quickly evolving times of our industry.

This presentation covers the last ten years of cyber security history, picking out the most important (in my opinion) events of each year, and describing the lessons learnt from them from someone who lived them.

    / [pdf]

2022 #

Careers in Canberra Cyber Podcast #

Canberra Cyber Hub April 2022

Iain Dickson, Cyber Operations and Full Spectrum Cyber Practice Lead, Australia, at Leidos, joins the show to discuss his Cyber career in Canberra. This industry profile is part of a series looking at those working in the cyber industry in Canberra.

2021 #

So you want to build a Security Operations Capability? #

BSides Perth Sept 2021

Australian Defence Force Cyber Skills Challenge Aug 2022

Building a Security Operations capability from scratch is hard. How many people do you need? What processes should you use? What tools can you implement? Should you go 24/7 or 8/5? This presentation discusses some of the thought processes and key questions that are required in order to develop a successful Security Operations capability, and how you can develop a function that meets the needs of the business, whilst ensuring that stakeholders don’t see it as a “financial sink” and see the value provided to the business.

Talk starts 4:51:37 in to the video

    / [pdf]

2020 #

Origins of Hackers #

Hacking Into Security Podcast Aug 2020

In this episode, we catch up with Iain Dickson, ComfyCon AU Founder, Cyber Technical Lead for Leidos Australia.

Iain walks us through a presentation on the origins of Hackers and defines the different types of threat actors,

    / [pdf]

Transitioning Cyber Security to a Mission Risk Mindset (aka, why the new ISM is better) #

Military Computer Information Systems Conference 2019

    / [pdf]

The Australian Signals Directorate has recently removed all traditional references to “should” and “must” from the Information Security Manual. This means that there are no longer a defined set of security controls that must be in place to achieve accreditation of secure and classified networks. This represents a transition in the way that the government treats cyber security, and will enable and delegate the responsibility for government and industry partners to determine their own cyber security risk, their risk appetite, and in turn use these to determine what security controls they need to implement to achieve an accepted level of risk. This presentation discusses the impact of these changes, as well as the industry wide transition from a compliance or “checklist” based cyber security strategy, to one more in line with traditional business or mission risk.

    / [pdf]

2019 #

Cyber Threat Intelligence: It’s not just about the feeds #

BSides Perth Sept 2019

Although the practice of collecting and using intelligence has been studied and conducted by governments and the military for centuries, it’s relative application to Cyber Security has only recently been highlighted. This area of infosec has been termed Cyber Threat Intelligence, where the marriage of traditional intelligence techniques and analysis with deep technical understanding within the Cyber domain are used to predict future actions by threats through long term analysis and modelling. This approach is then used to support both proactive and reactive cyber security actions, from incident response to penetration testing. This presentation focuses on threat intelligence from a practical data perspective, moving away from just the commercial concept of threat intelligence feeds (although these form one part of the equation).

This presentation will approach threat intelligence from an analysts perspective of what questions needs to be answered to effectively investigate an incident, using the Diamond Model and Cyber Kill Chain as framing devices. These questions will then lead to examples of the data that can be used to answer these questions. Although traditionally data collection has focused on external cyber information, more often than not however, it’s actions outside of those seen within an organisations network, or even outside cyberspace that can provide context to the actions a threat takes. Finally, we provide a number of use cases on which the results of threat intelligence processes can be applied within a Security Operations Centre, including Incident Response as well as traditional Penetration Testing and Red Teaming.

    / [pdf]

2017 #

Text Classification of Network Intrusion Alerts to Enhance Cyber Situation Awareness and Automate Alert Triage #

DST Group May 2017

For many Cyber Security Incident Response Teams (CSIRT), reacting and responding to suspicious network activity is predominantly a manual task and lacks the necessary levels of automation required to deal with the volume of alerts. Alerts are signalled from tools such as Intrusion Detection Systems (IDS) to skilled analysts who must then decide on courses of action and remediation activities. The IDS alerts are basic; analysts must manually derive context about the alert using their prior knowledge.

In this paper, we describe Artificial Intelligence (AI) techniques used to automate the derivation of context from IDS alerts. We propose two algorithms based on well-known automated text classification methods and define a multi-level taxonomy to describe classifications of alerts in a semantically hierarchical manner. Consideration is given to the use of these algorithms by a CSIRT, as well as how Situation Awareness (SA) can be improved through automation. Our findings show that a combination of Naïve Bayes algorithms in conjunction with our proposed hierarchical taxonomy can automate alert classification with high accuracy, and low false and unclassified rates.

    / [pdf]