2022 has been a special year for us. After two years of lockdown, and remote meetings and conferences, we finally had the chance to meet up again in person. In May, still wary of the latest Covid outbreaks, we had the first hybrid member meeting, with the board and executive team meeting in London and members calling in remotely. In September, we finally had the pleasure to hold our member meeting in person in Prague, just before the Virus Bulletin conference. It was amazing to meet everybody again in person, to discuss developments at AMTSO, and the latest in the industry.
This year again was full of activities, looking back we worked on the following:
- 98 tests covered and tracked since the start of 2022 on the AMTSO Testing Calendar.
- 35 tests run under the AMTSO Standard V1.3 during 2022.
- 12 new videos available covering testing advances in 2022 on the AMTSO YouTube Channel. We record these videos at our Testing Town Halls, to then share them on our Youtube channel for a wider audience. The Testing Town Halls are open for anyone to attend, but some presentations can’t be shared with a wider audience, so please note, to consume all content, it’s best to attend the Testing Town Halls live!
- Over 440 followers for AMTSO’s Twitter feed looking at presentations, tests, interviews with our members, and more. This is an increase by 4% vs. last year, in a year that was difficult for Twitter and its users. Our LinkedIn group, on the other hand, is now at over 280 members, which is a growth of 41% in comparison to last year.
- 8 new member interviews published on our AMTSO website. In our member interviews, we interview tester and vendor members around their view on fair testing, current business projects and their view on latest cybersecurity trends and developments. Any member interested in being interviewed can reach out to us at our usual address for members.
- 20 Real Time Threat List (RTTL) Working Group team meetings. RTTL provides a source of high-quality, prevalent, real-world samples for cybersecurity vendors and testing purposes. RTTL has been opened-up for external submissions from CERTs and independent researchers, and in phase of an implementation of a sandbox to enrich the samples with valuable metadata information. More features are planned, keep an eye out for them.
Countless other working group and project meetings held:
- IoT Working Group: IoT testing remains a new and growing area, and in June 2022 we issued our first full set of guidance to help testers in this area. The guidance should steer development of new approaches to measuring the efficacy of solutions aiming to secure IoT infrastructure and devices.
- New Frontiers Group: This group has been focused on developing plans to bring together testers and corporate purchasers of security, such as CSOs, to share intelligence and ideas. Through 2022 the group has engaged with CSOs across the globe to understand their needs from AMTSO and the testing community in general while establishing a foundation for a 2023 CSO Conference.
- Knowledge Sharing Group: This group oversees all our guideline and best practice documents, and is working on several new projects for 2023, including guidance on testing firewalls and VPNs among other topics.
- Test Visibility Group: This group supports the planning of our Testing Town Hall events and other outreach to the wider community, and has met regularly through the year to plan events and oversee our recent brand and website refresh.
Meetings and Testing Town Halls
As mentioned, we got together for member meetings in May and September. Our September meeting in Prague was our first fully hybrid event, with members around the world participating remotely alongside those able to attend in person. It was great to see so many members for real after a long gap, and even better to be able to discuss with others who couldn’t make it to Prague.
We also held regular Testing Town Halls in January, March, June, October and December. We proudly hosted Google’s Sebastian Porst, who shared a special update on developments in Android security, including a preview of the next version. SE Labs covered a very important issue in the cybersecurity industry: Rogue testing. A bit like in a thriller, Thom Langford, experienced CISO and C-Suite security executive in multi-national organizations, told us the story of an enterprise breach. We were also joined by speakers from SecureIQLab, Absolute Software, and MRG Effitas at our Testing Town Halls this year.
Our marketing team this year focused on the brand relaunch of AMTSO. The relaunch happened at our member meeting in September, where the team presented a brand new website, and marketing assets including new logos, member badges, and a corporate video. The design is tailored to be more friendly and engaging, with more photos and visual elements, and consistent across different channels, for increased brand recognition.
We also continued the interview series we kicked off last year, introducing tester and vendor members, discussing why fair cybersecurity testing is important to them, and AMTSO’s role in supporting this.
Guidelines for Testing of IoT Security Products
This year, we also published our first Guidelines for Testing of IoT Security Products. Comprised of input from testers and vendors, the guidelines cover principles for the testing of IoT security products providing recommendations on test environment, sample selection, testing of specific security functionality, and performance benchmarking for testers.
Election of new board
AMTSO couldn’t operate without the support and work of many voluntary contributors. This summer, we announced a new board elected by our members, with Vlad Iliushin, founder of VI Labs, joining AMTSO’s board. On the tester side, the members re-elected Maik Morgenstern, CEO and Technical Director of AV-Test, Jesse Song, CEO of SKD Labs, and Simon Edwards, CEO of SE Labs, and on the vendor side, Alexander Vukcevic, Director of Threat Protection Labs at NortonLifeLock, and Glaucia Young, Engineering Director at Microsoft, as board members.
The past few years, AMTSO has been handing out the annual RTTL Award, which honors the organization that shares threat intelligence data most steadily, at a high scale, or that contributes the most to the operational planning of the Real Time Threat List (RTTL). RTTL is a program that feeds testers with threat intelligence, including high-quality, prevalent, and real-world samples. We were delighted to acknowledge MRG Effitas’ contributions with this year’s RTTL Award.
We are grateful for all these activities this year which we only could carry out through the engagement and collaboration of our worldwide community. Big thanks to all our members and everybody involved, including external speakers and agencies working on our design updates and brand material production.
We wish you joyful Holidays and a Happy New Year!