OVERVIEW

Defence Cyber Regulatory Controls as a requirement and a strategic advantage. This seminar will look at the current cyber threat environment and provide an understanding of how and why the cyber environment is like it is. It will cover impacts relevant to SMEs.

WHO SHOULD ATTEND

  • Those entering the market and wanting to know more about it.

KEY DETAILS

Mode

Virtual

SEMINAR STRUCTURE
  • Virtual workshops x 6
  • Podcasts x 1
Duration

6 weeks

WHAT TOPICS WILL BE COVERED?

This virtual workshop bundle is intended to provide participants with an introductory understanding of cybersecurity from a defence supply chain perspective.

Importantly, it will highlight the many differences between the commercially applicable regulatory environment compared to the regulatory frameworks deemed necessary in supporting defence.

Participants will be provided with case studies that support and highlight the more important aspects of cybersecurity. These case studies will be pertinent to the threat environment that is predominant in the supply chain.

Participants will be provided with strategies and tools to immediately apply in their workplaces at no cost.

Due to the complex nature of the information to be presented, it has been decided to proceed with a ‘flipped-classroom’ model.

In this model, participants are given materials to familiarise themselves with before each session. During the session, participants will be led deeper into that material, to gain a better understanding, along with insights on how they may utilise this knowledge.

At the end of the session, participants will have access to post-session materials that will enable them to actively apply the insights they’ve gained during the session.

It’s expected that participants can immediately apply session insights to securing their enterprises. They will also gain insights they may immediately apply to their own personal security.

EXPECTED OUTCOMES

  • An understanding of the threat environment faced in the supply chain, both in terms of the threat nature and the unique intentions  driving the threat-actors
  • An understanding of the geopolitical nature of the threat environment
  • A conceptual framework employable in their lives/workplaces to better adapt to cybersecurity threats
  • Three case studies that typify how threat actors can effect massive disruption and the consequent outcomes for the victims
  • An understanding of how defence regulations are different to commercial regulations, particularly with regard to the imminent changes that are being driven in some of our major allies supply-chains
  • An understanding of the intent behind the most common regulations they’re likely to encounter
  • Discussions on DISP and US-DOD’s CMMC regulations as provocative starting points in hardening their organisations against threat-actors
  • An insight into the nature of cyber risk in the supply chain:
    • How the defence definition is different from common vernacular definitions
    • How it applies to what they do
  • Who their opponents are and how those actors ‘play the game’:
    • Methods for protecting credentials
    • Educational materials on social engineering
    • Significantly raise their defences  against  personal/organisational email compromise and credential theft
  • Increased awareness of the fundamental coercions used in social engineering
  • Ability to employ tactics to limit the impact of surveillance
  • Capitalism on the personal and professional digital footprint
    • Ability to design, customise and review basic security roadmaps for themselves and their organisations
  • Ability to de-link their various online personas and identities to make data harvesting more difficult

SEMINAR MODULE OUTLINES

TIMING
On Demand

LEARNING MODULE

  • Introduction to seminar and  facilitator 
  • Description of seminar  bundle incl learning outcomes

FORMAT
Podcast

EST. TIME TO COMPLETE
30mins

TIMING
Week 1

LEARNING MODULE

Our first workshop will give participants a background into the why and how of cyber,  addressing why this subject is so very important. 

  • The Rise of Supply-Chain  Cyber Security - Introduce participants to the forces driving focus on Cyber…and  why they matter
  • Changed Strategic Imperatives - Provide an overview of the strategic reality driving the threat environment
  • Cyber Security, People And  Game Theory - Discuss the role of human behaviour in  cyber security
  • Visit the theoretical “Event  Zero” that triggered change

FORMAT
Virtual Workshop

EST. TIME TO COMPLETE
30min bump in, 60mins, plus 30mins optional chat room participation

TIMING
Week 2

LEARNING MODULE

Regulatory Frameworks can be confusing. In this session, we’ll take some time to examine the essential goals of regulation to understand its importance…and the resulting opportunities.

  • The (Evolving) Regulatory  Environment - a dive into the  specific frameworks guiding  cyber
  • Defence Regulatory Goals – What are frameworks trying  to achieve?
  • Regulatory and Non Regulatory Frameworks in

FORMAT
Virtual Workshop

EST. TIME TO COMPLETE
30min bump in, 60mins, plus 30mins optional chat room participation

TIMING
Week 3

LEARNING MODULE

Everybody knows what risk is,  right? Wrong. This week we’ll look at risk as it is  measured in the supply chain…and how to reduce it.

  • “Risk” In The Supply Chain – Defence Industry Risk Definition
  • The Cyber Risk Environment – Who are the opponents, what do threats look like?
  • Internal Threats – not all of the bad guys are outside the business!

FORMAT
Virtual Workshop

EST. TIME TO COMPLETE
30min bump in, 60mins, plus 30mins optional chat room participation

TIMING
Week 4

LEARNING MODULE

Data breaches keep growing every year. In this session we’ll tackle some of the simple ways to reduce our exposure.

  • Why Breaches Keep Happening – no…it really is you…and how you think. 
  • Compromised Credentials – how we leave the front door  wide open for attackers. 
  • Email As An Attack Vector – Email is the oldest attack vector, and it shows. Here’s how to strengthen defences against it. 
  • Social Engineering – cyber  security isn’t a technology problem, it’s a people problem. 
  • Multi-Factor Authentication  – what it is and why you should use it. 
  • Passwordless Authentication  – the latest technology.

FORMAT
Virtual Workshop

EST. TIME TO COMPLETE
30mins bump in, 60mins,  plus 30mins optional chat room participation

TIMING
Week 5

LEARNING MODULE

This week’s topics address some inevitable consequences of living in a connected world. Each of these threats need to be considered in light of how they might be used to compromise staff and the programs they contribute to.

  • Identity Theft – the inevitable consequence is compromise to the supply chain 
  • Tech Giant Business Models – you’re the product…but who’s buying? 
  • Surveillance Capitalism – has collected around a gigabyte of behavioural data on each of us…enough for psychometric profiling.
  • Deep Fakes – the latest assault on reality, have consequences for warping reality, recruiting and Insider Threats. 
  • Compromising Privacy – to be observed in all things is to be constantly under threat of influence campaigns designed to compromise. 
  • Mosaic Intelligence Gathering – sits at the centre of certain Foreign Intelligence activity. We will  examine how each of the previous topics contributes to Mosaic Intelligence operations

FORMAT
Virtual Workshop

EST. TIME TO COMPLETE
30mins bump in, 60mins,  plus 30mins optional chat room participation

TIMING
Week 6

LEARNING MODULE

In this last session, we’ll look at  how to bring together all of the  elements we’ve discussed

  • Creating A Security Culture  In Your Organisation – cyber  security is not a technology problem…it’s a ‘people’ problem. Fixing it requires learning to work with people.
  • Identifying Risk – before you  can fix it, you need to know  what’s broke. Correctly  identify your risks, then apply  fixes. 
  • Maintaining Cyber Posture – as we’ve learned, cyber is an  infinite game. Build tools and  training to support long-term  change.

FORMAT
Virtual Workshop

EST. TIME TO COMPLETE
30mins bump in, 60mins,  plus 30mins optional chat room participation

TOTAL COURSE DURATION

12.5 hours instruction

FACILITATORS

Ray Harvey is the Internal Threat Business Development Manager for Cider House ICT, a  Goal Group member. Ray is passionate about ensuring that Australian businesses are protecting themselves from evolving cyber threats and are as competitive as they can be in the competitive Defence market.

COURSE SCHEDULE

EOI cut-off: 27 December

Successful applicants notified: 28 December - 4 January

Course joining instructions issued: 4 January

Course timing: 18 January – 22 February 2022 – Weekly 1-hour workshops on a Tuesday / Time TBC.

The Defence Ready Seminar Series is being delivered thanks to funding and collaboration with the Centre for Defence Industry Capability (CDIC) and, for each seminar, forty (40) funded places are being made available to SMEs.

The Defence Department has set very clear guidance around the criteria for access to one of the forty funded places within each of the thirteen courses, and priority will be given to Hunter and regional-NSW based SMEs, building capability to potentially partner on Defence projects in the future.

With the full seminar series rolling out over the next twelve-months, Hunter Defence will be scheduling ongoing communications as each course gets close to commencing. If your organisation has been successful in achieving a funded place in one of these courses, Hunter Defence will let you know three (3) weeks before your selected seminars(s) of interest are due to start.

EOI Hunter Defence Readiness Seminar - Launch Ready
Do you currently work in defence? *
What seminar series topics are you interested in attending? *
The inclusions and time required to participate within each seminar range in length from 4 hours–14 hours and are spread over weeks/months. Will you be able to commit to completing the course? *
Sign up to the Hunter Defence mailing list? *

STAY INFORMED.

Sign up to our Hunter Defence mailing list to learn about all upcoming events and industry updates.