Episode #007: How the NZITF Improves New Zealand's Security Posture with Terry MacDonald

Episode #007: How the NZITF Improves New Zealand's Security Posture with Terry MacDonald
February 21, 2024

New Zealand Internet Taskforce (NZITF) chairman and Cosive COO Terry MacDonald speaks on all things NZITF, including what the NZITF does, why it was created, and how to get involved.
You can see Terry in-person at the NZITF conference on the 13th and 14th of November, 2023.

Episode Transcript

Terry MacDonald: I’m Terry MacDonald, I’m co-founder of Cosize New Zealand and currently Chief Operating Officer and Principal Security Consultant.

Tash Postolovski: Hi, I’m Tash. Besides being a co-founder at Cosive, Terry is also a chairperson of the New Zealand Internet Taskforce, the NZITF. In the leadup to the NZITF conference on the 13th to the 14th of November, I sat down with Terry to learn what the NZITF does, how it benefits members, and why Cosive is so dedicated to supporting the NZITF.

Terry MacDonald: The NZITF was an organisation that came out of the botnet working group, the botnet taskforce, that was created back when in 2004 we had a whole lot of different botnets that were just beginning to come out, and people were trying to figure out what to do. There was a group setup to help sort out and try and pull apart these botnets, and find a way of responding against them, and that was based primarily out of the US.

There were some members of that, that were formed within New Zealand to try and attack the botnets that were part of the New Zealand IP address space. And so a group of people got together and started that. That proved to be so successful that they thought, actually, why don't we just try and keep this going? So from that, they then formed the New Zealand Internet Task Force. And that's why it's called Internet Task Force, because it's kind of like a bot net working group. It was designed originally to be very operational. Since then… we’re going way back… Then I think it started with something like 15 to 20 people, but that was before my time. And then it's grown now to be around about 350 people, in senior operational policy, there's law people involved, risk analysis, all that GRC stuff. Yeah, 44 different organisations, everything from law enforcement, government, the NCSC all the way through retail, energy sector, telecommunication, finance, manufacturing, resources and transportation. Lots of different sorts of people.

And the idea is, we have a mission at the NZITF to help improve New Zealand's security posture. So, to do whatever we can in whatever way to make New Zealand more resilient to cybersecurity attacks. And to kind of protect New Zealanders, against those cyber security threats. I often think of what kind of drives me personally about all of this is, I often think about how my grandmother wasn't able to protect herself against cyber security problems. People ringing up saying they were Microsoft and all of that sort of stuff and I think it should be a focus of security professionals to try and make security in-built into everything that we do. And to make sure that someone's grandmother doesn't have to know about cybersecurity in order to be protected. It's up to us as the experts to make sure that protection is built-in and the people's risks are reduced.

My involvement initially was, I worked at Spark New Zealand, which was previously known as Telecom New Zealand and my manager there was part of the NZITF. They were getting some training and a trainer from overseas. And this person was from Bell Canada and was involved... I think around that time they could see something like about 20% of the Internet's traffic and so they were able to give us a whole lot of insight into the things that we should be looking for, and it really made Spark New Zealand a better organization. It improved the security not only for the company, but also, for all the customers that we had, and then that information, we could pass on to other telcos across New Zealand. And as a whole, we sort of leveled up New Zealand's security, because we were sharing information amongst each other about the attacks we were seeing and how to better improve security for the organisation and for our customers

From there, it kind of began to grow out because then people were like, well, it’d be quite nice to see how everyone's handling risk within their organisation or how do you do governance or what sort of security frameworks should you use, and it kind of just slowly grew over time to encompass all of those other facets I talked about earlier.

Tash Postolovski: What about the community aspect around NZITF? Is there a Slack community, a mailing list, how does community engagement happen?

Terry MacDonald: Yeah, through various different ways. So initially we started off as a mailing list primarily. We were lucky to have the support of another global group called Opstrust, which was very, very useful. We’ve since morphed to Slack now as people are expecting more instant messenger type instant response. Yeah, we've moved over to that platform now as well. There’s meetups within people’s sub-groups sometimes within the community and also we do a yearly conference that we run that's actually going to be in the middle of November, and we hold that in Wellington each year. We have a community day that we do for the first day of the conference where anyone who has an interest in security can come along. And then on the second day is when all of the more trusted stuff is discussed. Because historically the NZITF has been a security trust group. It's difficult to get into, you have to be vouched in by four different people who are existing members and three of those have to be from a different organisation to you.

Initially, you weren't even aware of it. It was like Fight Club. You weren't allowed to talk about it. I became a member without my knowledge and then I was told that I was now a member and I had apparently been suggested and I’d been vouched and vetted and I passed the requirements and then I was told, guess what, you’re part of this club. Things have moved on since then, we now have the ability for people to apply online but there is still quite a comprehensive vetting process to get people through the door at the moment.

Tash Postolovski: Yeah, that’s very cool I think… being told that you’re a member of an organisation that you don't even know about. I suppose it's that interesting challenge of balancing trust with getting the word out and getting more members and more diverse voices and striking that balance.

Terry MacDonald: Absolutely, and I mean that's been a bit of a trend within the NZITF. One thing that we're trying to do is to get a lot more diversity within the board and within our working groups. We're very cognizant of that. One of the other things we're trying to do is to figure out exactly how to spend the money that we get in. We're a not for profit and over the years, we've built up a bit of a nest egg. So over the next few years, we're really trying to figure out how we can best spend that money to help achieve those goals that we have, improving the security posture of New Zealand and some of that is maybe doing some sort of scholarships. That's one of the ideas, but yeah, we're really trying to figure out how we can have the biggest bang for the buck and how we can really improve cybersecurity in a fair way and get a lot more diversity and gender equality within the New Zealand's InfoSec industry.

Tash Postolovski: What's it like being the chairperson?

Terry MacDonald: It's a lot of work. It is a lot of organising, a lot of work. I’m quite lucky that the board are incredible. I think people who want to be part of the NZITF want to have an effect and to have a positive effect on the country and on the industry. And so we get a lot of really good volunteers who help out on the board but also do amazing work for the various working groups that we've got. We’ve got a mentoring working group where we're trying to connect mentors with mentees and to let people improve their skills or maybe get training in areas they are not experts at the moment.

We have a media working group. One of the areas we found was there was a lot of misinformation that so-called experts were providing out into the industry and there wasn't that communication of more accurate information out there, so we formed a media working group and that's available for any journalists within New Zealand to reach out to get a balanced view on anything cybersecurity related.

Terry MacDonald: We have an employee assistance program as well. We know that info security is a highly stressful industry. And yes, we unfortunately had one of our members take their own life and that was a bit of a wake-up call for us all. So we wanted to try and do something to help the industry as a whole. So NZITF members have access to an EAP, or employee assistance program, that they can make use of any time, paid for, and we have had people make use of that. Absolutely happy that we have that ability, because anything we can do to try and help someone is great.

Tash Postolovski: That's great, yeah, I think that's a really good initiative. Anything about the NZITF you can think of that people might not typically know or might surprise them?

Terry MacDonald: Yeah. One of the things I think surprises people is the fact that competitors in a particular industry have lines of communication open and talk about what they're doing and how things are operating and stuff that they're seeing. A big one is the telcos, but also within finance and within things like energy sector, things like that. There’s little subgroups that go on, little operational sub-trust groups that have formed across New Zealand and I think that makes New Zealand stronger as a whole because they're working together effectively.

It’s kind of like how wildebeests protect themselves by being part of a herd. It's the same thing that we do. Attackers are sharing information constantly about how to better attack us. So we have to share information about how to better defend ourselves so that we can survive, so we can avoid getting attacks or at least we can respond more effectively and faster to them. So yeah, that's been one of the things that I've been most happy about is that as a group I think we punch far above our weight because we can operate as a community, as a group, and I think people would be quite surprised about the amount of sharing that goes on behind those closed doors.

Tash Postolovski: Tell me a bit about Cosive’s involvement with the NZITF and your involvement with NZITF and your thoughts there.

Terry MacDonald: Ever since I’ve been working in the industry, since those Spark Days, I’ve been part of the NZITF. First, helping out with working groups, then attending the conferences, then being part of the board, because I wanted to have a bit more of an effect, I guess, to be able to help out more. That seemed like a good way to do it. Then I got voted as the chairperson and have been voted as the chairperson for the last six years. As part of that, all of our co-founders are actually NZITF members. Even though based in Australia, Kayne Naughton and Chris Horsley, are part of the NZITF. 

That's because we wanted to all have an effect in Australia and New Zealand and to help out pan Asia-Pacific. Then when we formed our company, we've just kind of carried on with that. So we donate quite a lot of our time. NZITF work is generally done during work hours and my co-founders are fine with that. We want to do whatever we can to improve cyber security in New Zealand and Australia. I know the guys in Australia do a whole lot of work with various groups, like IRATE, and other various groups, we do presentations for free at places to help share the things we've learned. 

Even within things like the hallway at the NZITF conference, always giving advice out to people, it's all about trying to make New Zealand that safer place that I talk about. I’m very passionate about spending my own time and spending Cosive’s time to try and achieve those goals because it is so worthwhile. It can have such a positive effect an all of the people in New Zealand and Australia just from us being able to help connect people and share information and to teach others how to protect themselves.

Tash Postolovski: That's great. I think a nice note to end on might be just reflecting on some of the positive changes that have come about because of NZITF.

Terry MacDonald: Yeah, I think one of the things that I quite enjoy is seeing how people have grown through their careers being with an organisation such as the NZITF. When you've got 350 people, you see people come in who are quite new to the industry, out of some sort of cybersecurity course, and then watching them grow and gain skills. And go up and gain job levels through different organisations and you’re following people as they move from here to the. And then to see them start presenting out and becoming experts in a particular field and then you end up going to them for advice on a particular thing, I find that really rewarding actually.

Being able to know that in some way the NZITF and the effort that I personally put in and that we put in at Cosive actually is resulting in improved skills within New Zealand and I guess an improved life for those people as they're progressing in their careers. So that's really rewarding.

Tash Postolovski: So some people hearing about this might be interested in joining the NZITF as members. What can they do to do that?

Terry MacDonald: We have a website at nzitf.org.nz as well. They'll want to go to that and click on the apply button at the top of the menu and that will give a bit of a background on how you apply. It is a rigorous process for getting in and vouching, not everyone gets through, you have to know people within the industry before you apply and… yeah, I would recommend if someone is starting out that they first go to other groups such as the information security interest groups that are dotted across New Zealand, the ISIGs. You can find out more from them at, I believe, https://isig.org.nz/. And if they go there and join those groups, they're free to join. And then from there you should meet quite a few NZITF people who will then get you access eventually to the New Zealand internet task force and the process, if you do want to apply, the process is quite lengthy. It generally takes at least two months, sometimes three months, from when you start the process to when you've passed through the vetting and vouching process.

If you are interested in finding out a bit more you can always come along to the NZITF Community Day at the conference this year. It's on November the 13th 2023,  and you can go to the website again and have a look at the conference page. And from there you can buy tickets to attend. It's not that expensive. It’s a hundred and twenty dollars including GST, and there are student prices as well for $60 including GST. If you can't get to Wellington, then you can attend online. There's a live stream that we do which is $60 including GST as well. And the in-person attendance tickets also include networking drinks in the evenings where you could get to know someone from the NZITF, which may help your application.

Tash Postolovski: Thanks for listening to this episode of the Cosive podcast. You can learn more about what we do at www.cosive.com.