Alex Webling
[Resilience Outcomes Australia ]
Alex Webling is the Director of Resilience Outcomes Australia, a consultancy helping business and government meet their strategic challenges in organisational resilience, security governance, privacy and information security.

Alex is Deputy chair of Security Professionals Australasia, a member of the Standards Australia Board on Security and Resilience (MB-025), international rapporteur for resilience on ISO technical committee 292 (Security and Resilience) and an Associate of the Australian Risk Policy Institute.

Previously, Alex was a senior executive in the Australian Government. He was the Foundation Director of the Government computer emergency response team (CERT). As Head of Protective Security Policy responsible for creating the Protective Security Policy Framework (PSPF), he introduced the federal government’s streamlined Personnel Security system and single information classification system.

Tutorial: Getting to Yes. Influence and how to get it.

Technical Level (3 being the highest score): 1

Introduction
o Acknowledgement of traditional owners
o Housekeeping (timing, toilets, exits etc.)

Who we are and what we do
o The purpose of this tutorial – what’s in it for the participants
o Expectations about behaviour
o Participants’ expectations about the tutorial (they talk, we listen)

Influence
o What is it?
o What it is not (the types of influence we will be actively discouraging)
 FUD
 Deception, bullying etc.
 Trust and credibility and how to destroy them

Messengers
o Why did they not listen to me but when a consultant came up with the same idea they thought it was brilliant!?

Categories of messengers:
 Hard – based on Status
 Soft – based on Connectedness
 Fleshing out these concepts with specific traits (e.g. socio-economic position, dominance, attractiveness, vulnerability, trustworthiness etc.)

Listening
o Information aversion and how to overcome it
o Lessons from SABSA’s approach to defining ‘the problem’
o Allowing people to be heard and why that might be a novel experience when communicating with an infosec professional

Compelling Events
o Never let a good crisis go to waste
o Organisational political realities – turning a negative situation into a positive
o Preparing beforehand (e.g. last minute budget ‘fillers’)
o Sharing the credit for a good idea
o Grasping the nettle – timing is everything
o NOT ‘I told you so!’
o The availability heuristic and its effect on risk perception

Conclusion
o Our reflections
o Participants’ reflections

Secure your place now!