Chris Hails (CISSP, CISM, CCSP, CRISC, CTPRP) is an Auckland, New Zealand based cybersecurity researcher seeking to reduce the emotional and financial harms caused by cyber-enabled crime and social engineering. He is a qualified journalist, project manager and information security professional and is researching an individual’s ‘Security Quotient’ score and behavioural qualities that may pre-dispose internet users to fall victim to socio-technical attacks. His research into the human factors that impact on information security is funded by InternetNZ.
I work fulltime as a manager in NZTA’s cyber security practice. Prior to learning about the world of Mobility as a Service (MaaS) and ubiquitous computing in an automotive context, I was a manager at Deloitte specialising in Privileged Access Management, privacy and socio-technical security and have also worked at New Zealand’s National Cyber Security Centre, part of GCSB.
I previously developed the ORB cybercrime reporting system at NetSafe – between August 2010 and August 2016 New Zealanders reported almost 28,500 online incidents involving the loss of more than $35m to a wide variety of cyber-enabled threat actors.
Cybersecurity Education and Outreach
I volunteer on the board of the Auckland (ISC)2 chapter to arrange monthly security events and work with groups to educate on cybersecurity risks and the importance of developing organisational security culture to ‘harden the human firewall’. Recent activities have included:
- Joining a panel to discuss a post-privacy world at Tech Futures Lab and the privacy vs utility trade offs we make using social media.
- Moderating a panel discussing cyber breach detection and the SOC visibility triad featuring ESET, ExtraHop, LogRhythm, Tripwire, and TSG CISO Kevin Kanji at CybersecCon 2020.
- Delivering a 30 minute primer on New Zealand’s cyber threat landscape using war stories from NetSafe and NCSC, exploring the corporate reality in NZ organisations and the importance of mobile device security.
- Discussing the challenges of converged security in a smart city of the future, including cyber physical and privacy risks associated with systems becoming ‘instrumented, interconnected and intelligent’.
- Presenting on research into personal risk profiles and personality factors influencing susceptibility to cybercrime.
- Facilitating teams competing over ‘CISO: The Board Game‘ which uses LEGO to teach risk management and security investment decisions based on common cyber threat scenarios. The game is suited to all audiences and has been played by security professionals at Kiwicon 2038AD and by university students and Masters students alike.
- Hosting a creative security awareness video challenge giving teams 60 minutes to make their own digital campaign focused on the theories behind awareness campaigns and how clear and engaging communications is required to build a security culture.
- Presenting Attack of the Drones: Cybersecurity Lessons from the Gatwick Airport DoS Event to highlight technology risks and the importance of ‘cyber resilience’ for continuity of operations.
- Leading a team-based session for (ISC)2 on Building the ‘Bob Semple Cyber Tank’ and developing a pragmatic set of prioritised security controls for NZ’s predominantly small and medium sized businesses: