Reflections on Kiwicon 2038AD

After taking a one-year hiatus, Kiwicon was back in Wellington a couple of weekends ago (16/17 November).  Held at the Michael Fowler Centre – the event this year attracted around 2100 “Computer nerds, geeks, and people who think Lego is awesome*” with tickets selling out in three days.  The entire team from Axenic managed to get in early and secure tickets to this high demand event.

Here is our selection of some of the key presentations and highlights:

Most Engaging Talk – ‘Apathy and Arsenic: a Victorian Era lesson on fighting the surveillance state’ – Attacus

What the team found most engaging about this presentation was the innovative use of storytelling to demonstrate the parallel fight for consumer products that aren’t deadly with a growing awareness and intolerance for privacy breaches.  The presentation included the story of Mary Ann Cotton who was an English serial killer, convicted of, and hanged for, the murder by poisoning of her stepson Charles Edward Cotton. It is likely that she murdered three of her four husbands, apparently in order to collect on their insurance policies, and many others. She may have murdered as many as 21 people, including 11 of her 13 children. She chiefly used easily obtainable arsenic for poisoning, which resulted in gastric pain and a rapid decline of health for her alleged victims. Attacus then explained how that story linked to the public shift of valuing personal privacy which we all thought was not only engaging, it was also a clever way to get the key message across.

The Axenic Top 3 Take Outs

  1. Slack’s integration of risk management in its own Agile secure development lifecycle was inspirational. It’s reassuring to see that visionaries like Slack are following the same approach Axenic advises and applies with its clients that follow an Agile approach; home-brew security with development.
  2. Automotive CANBUS hacks was cool and amusing, especially with three Ducati’s on stage
  3. Lime scooters (and potentially Onzo bikes) internet connected, and just as easy to hack as a fridge!

Best Training Session

OK, we may be more than a bit biased here however it’s hard to go past the Information Security Incident Handling Exercise which was run by Axenic’s very own Ahmed ElAshmawy and our partner ZX Security.  Held on the Wednesday prior, this training session was limited to a very lucky 10 participants only and gave them the opportunity to get some “hands on” incident handling experience including:

  • Training participants on how to detect and triage incidents.
  • Training participants on following incident handling processes.
  • Measure participants’ incident handling capabilities.

Well that is Kiwcon done and dusted for another year, we’d love to hear your thoughts if you were lucky enough to attend.  And if you couldn’t attend – keep an eye out for tickets to next year’s event or feel free to get in touch with anyone from Axenic with questions on the event.

*direct quote from the Kiwicon website – a site that is definitely worth a look if you have a spare 5 minutes – some great content in this site.