In October, I was fortunate enough to travel to Australia and New Zealand for three weeks in my role as Senior Intelligence Analyst for LastPass. The trip included attending CyberCon in Melbourne (the largest cyber convention in the Southern Hemisphere), multiple customer meetings, and several opportunities to meet with elements of the Australian and New Zealand governments. It was, hands down, the most rewarding trip of my private sector career. Not only was I able to connect with and learn from fantastic people from across the cybersecurity community in the region, I was able to talk with customers face-to-face about all of the important things we are doing at LastPass to help keep their information secure, including the role our Threat Intelligence, Mitigation, and Escalation (TIME) team plays in helping protect our customers.
It was incredibly rewarding to be able to share how far we’ve come at LastPass. I was also deeply impressed by the shared goal of achieving a cyber “uplift” across Australia, meaning an increase in awareness, practice, and capability in the public and private sectors, from large enterprises to small businesses, and even in cyber literacy among school children. This acknowledgement of the importance of this national advancement across the Australian cybersecurity community starts with Lieutenant General McGuinness, the National Cyber Security Coordinator, and seems to permeate down to every level. It’s refreshing to see a unified national effort like this, particularly on such a critical issue that will help prepare the country for the future. It stood in sharp juxtaposition to the current conversations around technology and social media within the US.
So, what did I learn?
One of the common themes that arose consistently across my conversations was the importance of partnerships within cybersecurity. Building trust communities where individuals and organizations are comfortable sharing lessons learned, best practices, and threat intelligence, which helps make everyone safer. Many of these conversations acknowledgedthe volatile political environment in the U.S.and erosion of the role of the Cybersecurity and Infrastructure Security Agency,its information sharing, and its private and public sector support programs, including those with international partners. Conversely, the Australian Signals Directorate and Australian Cyber Security Centre (ACSC) rapidly expanded their relationships with these sectors over the last year and continueto focus on further growth. In fact, this video capturing the conversation I was fortunate enough to take part in with Stephanie Crowe, the director of the ACSC, and cybersecurity peers in the public and private sectors, highlights how the Australian government is working with partners to disrupt the threat from infostealers.I’ll say it plainly here… Australia is on the right side of history with this, and I said as much in my conversations with my regional peers. It’s painful to watch the U.S. move in the wrong direction, but I was deeply heartened to see my Australian and Kiwi peers carrying the torch forwardand the continued partnership with the larger U.S. cyber community. The onus is now shifting more towards direct private sector and peer-to-peer relationships to maintain these communication channels to help keep us all safer.
Many of these conversations brought me back to my original career as a counterterrorism senior intelligence officer with the U.S. Defense Intelligence Agency (where the aforementioned LTG McGuinness served as a deputy director from 2021 to 2024). A guiding principle in that role, as articulated by General Stan McChrystal, was that it “takes a network to defeat a network,” meaning that malicious cyber actors are working together to achieve their goalsand that we, as cyber defenders, must do the same to level the playing field.
Withholding intelligence and “stovepiping” reporting only helps the bad guys by limiting awareness of their tactics and techniques, making it harder for the larger cybersecurity community to prepare their defenses and disrupt malicious operations. The most valuable thing I took home from this trip, aside from some amazing selfies in front of Bag End in Hobbiton and an abiding fondness for Carlton Draught, was the new relationships I made while in the region that will allow me to put this principle into practice. I made countless new connections with people that are just as passionate about threat intelligence and cybersecurity as I am, and I’m eager to continue to develop these partnerships and share information and reporting openly with them so we can help uplift the cyber community in both APAC and the US. From theU.S.perspective, it seemed to me the more laid-back Australian culture carried over into these cybersecurity relationships… at least in my experiences there, it was refreshing to find a more pervasive willingness to approach tough problems and information sharing from a place of dedication, collegiality and, much to my delight, humor. These are difficult issues and being able to laugh together while you’re tackling them makes it so much more fun.
What would my advice be?
For organizations in APAC, I would say keep doing what you’re doing. If anything, we in the US should be learning from Australia’s efforts, particularly at the national level. The openness and sense of community I saw within the private sector was also energizing and I am looking forward to building as many bridges as I can, connecting my new friends in Australia and New Zealand with friends here in the US and elsewhere so we can continue to build our own networks and share intelligence. As the US government pulls back from some of its roles in intelligence sharing and cyber leadership, there is a unique opportunity for the private sector and international partners to step up and fill these gaps… an opportunity that is too important to miss.
If you’d like to learn more about LastPass’ offerings and efforts within the APAC region and the importance of partnerships and intelligence sharing within the cybersecurity community, please take a look at our Q4 APAC Threat Report, and keep an eye out for our next APAC report that will be published in late January.
