My Reflections in a Time of Crisis…

May 09, 2020 by Skye Wu in Discovery

Reality has an interesting way of turning out.

When I started this blog I had grand plans of an upload schedule. I didn’t factor in “writer’s block” and didn’t factor in life.

I anticipated 2020 to be a huge year, this seemed to be the pattern for me year after year. I looked forward to challenging myself in new ways I hadn’t done in the previous years.

Well, I’m happy to report 2020 has definitely been big… for many. Boy did I learn a lesson or 50…

I am a little bit ashamed to admit; despite doing what I do as a day job, I was someone who downplayed the potential impact of COVID-19.

Sincere medical advice from the professionals in the news sounded like fear mongering in my non-medical ears.
Restrictions being implemented in cities like Shanghai sounded inhumane.
I scoffed my parents’ pleas to work at home and avoid public transport and going to the cities. Also when they said we should stop meeting every Sunday night for group dinner as they were still going to work.

I’m not sure why I went against my better judgement.
Maybe it was the indignation I felt, playing down something I felt like I was being blamed for seemed easier for me to deal with.
The seemingly subtle covering of fellow passengers nose and mouth when they spot me step on the train. One poor young man was so afraid of me he buried his face deep into his backpack he was hugging tightly. I felt a mix of compassion, pity and fury. I thought about trying to move somewhere else so he could be more comfortable. But I stood my ground. This became my new normal; unless I was travelling with my husband on public transport… for those of you wondering why well, let me just say one of the things I love about him are his kind soft blue eyes…

I realised how wrong I was when I spoke with a dear friend who is a medical doctor. She taught me so much about this virus; what the medical professionals knew at the time. She explained to me the immediate implications, the medium and long term impacts. Told me that it was only a matter of time before WHO declared a global pandemic (a week before the WHO declaration).

COVID-19 and government reaction / management across the globe has really opened my eyes. I realised that having access to the latest and greatest technology / tools makes little difference in the midst of a great crisis. I think about the countries with some of the most advanced medical equipment in the world; and their access to some of the greatest medical minds. In the end, we are told washing our hands with soap is the best way to combat the virus.

I realised that this has a good parallel to what Discovery is about; helping companies understand where the gaps are in their protections. We may not find the next equivalent of the COVID-19 virus. By finding risks uncovered with data driven analysis we can provide advice to help organisations better manage or improve their existing capabilities. This will enable them to respond and manage an equivalent of COVID-19 if / when it happens in the security world.

Until next time! I hope everyone stay healthy and keep safe.
PS: What are some of your learnings from this pandemic? Drop me a message on Twitter or LinkedIn.

Disclaimer: All statements and comments are my own. They do not reflect the views of any past or present employers.

Discovery: piece together jigsaw puzzle without the full picture as a guide

Da Capo al Segno: Discovery in Government

July 29, 2019 by Skye Wu in Cyber Security, Discovery, Data analysis, Investigations

Where is Discovery from?

No one tells the Discovery origin story better than Andy France, OBE; one of the founding fathers of OG Discovery in Government. I shall attempt to give the story justice.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~many cups of hot chocolates later~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Imagine this:
Day One: A sunny afternoon down a quiet street where many cars were parked Person A walks up and down the street. Person A is observing the street, and it’s quiet this afternoon.
Day Two: Person A walks down the street at the same time as Day One, stops every once in a while to look at the cars, peering inside.
Day Three: Person A repeats the same activity, this time accidentally bumping into several cars; walking away quickly if any car alarm is set off.
Day Four: Person A walks down the same street, armed with a crowbar, smashes windows of the cars without car alarms and steals any valuables.

Now if you were a person watching this activity from your window, ask yourselves this, at which point would you pick up the phone and call the police? If you called the authorities, at what point would it be considered a crime? How likely is it that the authorities would arrive at the exact moment when Person A is attempting to break into the car; thereby preventing the actual crime from occurring?

If we looked at each day as separate events, they may seem strange, but we are unlikely to consider them malicious except the events on the fourth and final day. To determine someone or something is “malicious” we need to understand intent. What was Person A’s intention of walking up and down the street on the different days? Is Person A new to the area and was familiarising themselves a new surrounding? Is Person A going through a rough time and committing crimes as a way to obtain financial support for his or her family? Is Person A a career criminal who is seekly personal financial gain?

Until we are able to see patterns in events and understand the underlying context, we will always be reacting to crimes after the fact. There is no do-overs once an incident occurs.

OG Discovery in Government was developed to identify and prevent major crimes such as terrorist attacks by looking at seemingly disconnected events by individuals. Did it work? Hells yeah it did!

Sadly, I never got to experience OG Discovery in Government. I did however get a good feel of what that might have been by watching the “Operation Overt: The transatlantic Bomb Plot” episode of a Netflix documentary series entitled “Terrorism Close Calls” (I am not sponsored by Netflix. I wish…)! The episode begins with a series of anomalous activities and behaviours exhibited by a number of people. Their activities lead to them being monitored by the authorities. Through further investigation and surveillance the investigators slowly worked to understand the cause and context surrounding the anomalous behaviours. The investigators’ work not only prevented a potentially catastrophic event; it also changed the way we travel by air.

In my next post, I will share how Discovery can work in the corporate world. Before then think about a time where a security incident or an investigation could have been prevented if early indicators had been uncovered and scrutinised. The heart of Discovery is to find your truth.

Until next time…

Skye

Disclaimer: All statements and comments are my own. They do not reflect the views of any past or present employers.

Overture: Humble Beginnings

July 15, 2019 by Skye Wu in Career

Hello everyone, my name is Skye Wu. Welcome to my blog.

This is the prequel to the real story I want to share. Apparently, before I start blogging about what I do - which also happens to be my dream job - I should let you know who I am and why I decided to start this blog. Thank you in advance for indulging me.

I am an only child of a Chinese family that is also a first generation migrant; so, obviously, I would play the piano, be academically inclined, be a mathlete, get scholarships to private schools and become a doctor or a lawyer and marry a nice Chinese boy. Unfortunately for my parents… I only accomplished one of those things… Can you guess which?

As you can probably tell, I am a rebel. With that rebellious streak, I defied two career advisors and my parents’ wishes to study Information Systems then pursued a career in Digital Forensics with law enforcement. To this day, I still believe that starting as a Digital Forensics Analyst at the Computer Crime Squad (CCS) with the Victoria Police was the best thing to launch my career. I learnt so many valuable life and professional lessons from the detectives and police officers.

My most valuable takeaway from the CCS: being a good digital forensic analyst isn’t just being able to find the evidence. I needed to:

Prove my work was independent, unbiased and the evidence was admissible in court;
Document the process I undertook, ensuring it was repeatable so that my evidence would stand under scrutiny during cross examination;
Explain to a non-technical audience

I first wondered if being really good at understanding how something went wrong was the path for me when a close friend went missing. It was unexpected and shocking. To this day, I still wonder if there was anything I should or could have done to have foreseen it. The police did everything they could to help and investigate, they have a number of really great theories. But my friend has never been seen nor heard from again.

The next was when a victim of a crime came up to me after I had given evidence in court and thanked me for my work. For the first time, I hated my job. So what if I can give evidence to help prove a criminal’s guilt? He/She had already committed the crime; the damage was done. The seed of preventing bad things from happening was sewn.

Moving from a government role into professional services with a Big 4 consulting firm was a big challenge for me. Gone were the days of providing exactly what was being asked for; the focus was more on adding value, being agile and becoming a trusted advisor.

I had to put myself in the shoes of my client. If you’re a big multinational company looking for a service provider. What factors would you consider? What is your core business function? What are your requirements? Are the regulators likely to be looking into your company due to the industry you are in? Do you require a 24/7 support model? So on and so forth.

As the service provider, who were we and what did we offer? The people and technology resources available are largely the same. So what differentiates one provider from the other? Surprisingly it was the people; not for the so called “technical skills” but more for the core skills; value add, transparency, integrity and trustworthiness.

My most valuable takeaway from consulting: every experience makes you grow, whether it is good or challenging. Always act with authenticity and integrity; trust is earned and people matter the most.

Moving from a large consulting firm to a small business was a challenge. That said, if anyone ever has any doubts about working in a small business; I highly recommend you take that opportunity at some point. I really got to own client relationships and enjoyed it. I would be proud to say that I became one of the client’s team. If memory serves correct, there were more clients at my farewell than my own colleagues! We were quite a small company.

I’m not a religious person; though there are moments in life where I wonder if there is a higher force at play. When I had my phone interview with a Telstra recruiter he asked if I would be interested in a role with the “Discovery team”; he had seen that I have experience in eDiscovery. I said no; eDiscovery was about helping a client find, preserve, collect and process their data ready for lawyers review so that it can be used in court as a part of a litigation process. I wanted to take a stab at Open Source Intelligence at a telecommunications company instead.

Getting into Open Source Intelligence started a chain reaction for me. I began my move towards the proactive spectrum of Cyber Security.

Two years into my time at job; I was asked to help reinvigorate the Discovery team on a three months secondment. The first time I met Steve, my manager, my first words were “I’m happy to help with whatever you need; I don’t want to read lines of logs though. That would make me want to drive my head through a wall.”

I’m about as subtle as a sledge hammer to the face; but from that first meeting a mutual respect was born. That is where the real fun began. I’d found my real dream job; the real drive behind this blog.

Until next time…

Xoxo Gossip G… Skye

Disclaimer: All statements and comments are my own. They do not reflect the views of any past or present employers.