Chris Hails (CISSP, CISM, CCSP, CRISC, CTPRP) is an Auckland, New Zealand based cybersecurity researcher seeking to reduce the emotional and financial harms caused by cyber-enabled crime and social engineering. He is a qualified journalist, project manager and information security professional and is researching an individual’s ‘Security Quotient’ score and behavioural qualities that may pre-dispose internet users to fall victim to socio-technical attacks. His research into the human factors that impact on information security is funded by InternetNZ.
I work fulltime as a manager in NZTA’s cyber security practice. Prior to learning about the world of Mobility as a Service (MaaS) and ubiquitous computing in an automotive context, I was a manager at Deloitte specialising in Privileged Access Management, privacy and socio-technical security and have also worked at New Zealand’s National Cyber Security Centre, part of GCSB.
I previously developed the ORB cybercrime reporting system at NetSafe – between August 2010 and August 2016 New Zealanders reported almost 28,500 online incidents involving the loss of more than $35m to a wide variety of cyber-enabled threat actors.
I was interviewed by Kordia CISO Hilary Walton and spoke about the inspiration behind my research efforts to increase New Zealand’s digital safety and reduce the emotional and financial harms caused by cyber-enabled crime and social engineering:
Cybersecurity Education and Outreach
I volunteer on the board of the Auckland (ISC)2 Chapter to arrange monthly security events and work with groups to educate on cybersecurity risks and the importance of developing organisational security culture to ‘harden the human firewall’.
I am a member of the NZ Internet Task Force (NZITF), NZ Information Security Forum (NZISF), ISACA Auckland Chapter, International Association of Privacy Professionals (IAPP ANZ) and the Risk Management Society Of New Zealand (RIMS NZ).
Recent writing and speaking activities have included:
- Presenting on research into personal risk profiles and personality factors influencing susceptibility to cybercrime.
- Hosting a creative security awareness video challenge giving teams 60 minutes to make their own digital campaign focused on the theories behind awareness campaigns and how clear and engaging communications is required to build a security culture.
- Joining a panel to discuss a post-privacy world at Tech Futures Lab and the privacy vs utility trade offs we make using social media.
- Discussing the challenges of converged security in a smart city of the future, including cyber physical and privacy risks associated with systems becoming ‘instrumented, interconnected and intelligent’.
- Moderating a panel discussing cyber breach detection and the SOC visibility triad featuring ESET, ExtraHop, LogRhythm, Tripwire, and TSG CISO Kevin Kanji at CybersecCon 2020.
- Facilitating teams competing over ‘CISO: The Board Game‘ which uses LEGO to teach risk management and security investment decisions based on common cyber threat scenarios. The game is suited to all audiences and has been played by security professionals at Kiwicon 2038AD and by university students and Masters students alike.
- Delivering a 30 minute primer on New Zealand’s cyber threat landscape using war stories from NetSafe and NCSC, exploring the corporate reality in NZ organisations and the importance of mobile device security.
- Presenting Attack of the Drones: Cybersecurity Lessons from the Gatwick Airport DoS Event to highlight technology risks and the importance of ‘cyber resilience’ for continuity of operations.
- Leading a team-based session for (ISC)2 on Building the ‘Bob Semple Cyber Tank’ and developing a pragmatic set of prioritised security controls for NZ’s predominantly small and medium sized businesses: