Tennessee Leeuwenburg
Bureau of Meteorology
Tennessee Leeuwenburg is the Head of Secure Coding at the Australian Bureau of Meteorology.

He has spent his career in software development, largely in scientific and high-performance computing domains.

He spent approximately a decade leading the development of the automatic text generation system that helps underpin the Bureau of Meteorology’s national weather forecasting capability. He subsequently moved into the supercomputing program, contributing to the implementation of numerical weather prediction systems which provide the underlying forecast guidance behind the Bureau of Meteorology’s forecasts and warnings.

He has significant experience working with very large and complex data sets. As Head of Secure Coding, Tennessee supports software teams within the Bureau of Meteorology to improve their security posture. This includes working with teams to adopt development best practises, undertake security assurance activities and develop a strong understanding of how to produce safe and secure systems.

His dream job would be to win a lottery and then spend his time on moon-shot projects, going to conferences and supporting the community.

TUTORIAL: Practical Data Science, Machine Learning and AI for Cybersecurity
Technical Level (3 being the highest score): 2

Almost every week, some new security startup seems to win a zillion dollar contract for bolting advanced AI analytics onto some kind of privileged data scraping. Did you know you could build one yourself on a weekend using tools commonly found in the standard penetration tester’s back shed?

Come along, and spend some time cobbling together the backyard version of today’s modern products!

Attendees will leave with a hands-on understanding of many of the techniques underpinning any number of security tools and products. This can help you better understand their strengths and weaknesses, and help you make better use of their advanced features. Or, maybe you really will launch the next, hottest startup in security (not guaranteed).

Capabilities of your new HyperAnalytic QuantumLearning Forkchain Technology include:

- Phishing email style analysis, for the finest detection or improvement
- Charting where all the traffic goes anyway
- Detecting “Weird Stuff” in the network logs
- Malware detection from commonly-available samples
- Cleansing your databases of Stuff That Shouldn’t Be There and Might be Evil

Using a technology stack including Python, Keras, Jupyter notebooks (and relying on some cloud services for GPU acceleration where useful), you really can do most of this yourself. For those wanting to know what’s “actually meant” here, this tutorial will cover:

- How to load data from email, network logs, social graphs and handling binary data
- Language modelling and word sequence analysis with n-gram analysis
- Basic machine learning with random forests, gradient boosting and simple neural networks
- Making pretty charts, graphics and dashboards
- Detecting abnormal network traffic using various algorithms
- Finding either high-entropy or other suspicious data types among ordinary data (e.g. finding encrypted C2 data in your database)

Getting security into software development when the support just isn’t there: practical tips and suggestions
Technical Level (3 being the highest score): 1

Security is hard. Software development is hard. Adding security objectives to development projects can seem overwhelming to everyone concerned, and is an often-overlooked aspect of cybersecurity. However, with the right knowledge it becomes not only doable but efficient. This talk will give you the tools, techniques and knowledge you need to go back into your organisation and lead the charge, whether or not those around you support that effort.

This talk is for the battlers out there -- for those trying to move the dial inside of organisations and get people engaged.

There are a few key starting points. Firstly, if you don’t drive this, chances are nobody else will. Secondly, dealing with change means dealing with people. Thirdly, nothing succeeds like success. These things can all be difficult, but the skills you need can be learned and then leveraged. You’ll need both technical and “human” skills to bring others along with you.

Influence is not just about experience or your position in an organisation. Something as big as changing an organisation may seem far-fetched or fanciful, but you may be surprised at what can be achieved through communications and leadership. Even if you are a junior, or in a non-management role, you may still be able to make a big impact. Most big things start small, and building on small wins is usually how change begins. Counter-intuitively, it is often junior staff (who are most connected to the actual work) who are best placed to lead the charge.

Come along and hear tales from the trenches from someone who has battled (and sometimes even won) to achieve positive change: what works, what doesn’t, and how to make real progress.

Presentation video can be found HERE