OWASP SAMM Summit 2015



= Welcome =

Welcome to OWASP SAMM Summit 2015
Confirmed speakers, trainers and round table chairs are:
 * Pravir Chandra, Bloomberg
 * Michael Craigue, HP
 * Justin Clarke, Gotham Digital Science
 * Yan Kravchenko, NetSpi
 * Sebastien Deleersnyder, Toreon
 * Bart De Win, PWC
 * Kuai Hinojosa, McAfee Foundstone
 * Jerry Hoff, WhiteHat Security

Friday 27-March – User Day Registration is open now!
 * Talks
 * Training
 * Topic roundtables

Saturday 28-March – Project Day
 * Publish SAMM v1.1
 * Workshops
 * Road map

= Registration =

Coming soon


 * Register Here

Max Registrations: 40 People Price: 150 EUR + VAT (21%).

= Venue =

Venue is
The Venue is The Gibson Hotel.

The Gibson Hotel is located at Point Village Dublin 1, Ireland.

For more details:
 * The Gibson Hotel Official Website
 * The Gibson Hotel Facebook Page
 * The Gibson Hotel Twitter Feed
 * Google Maps link The Gibson Hotel
 * Hotel Access Map

Parking & roadmap:
 * Car Parking Near Hotel

Opening Hours: Monday - Saturday: 7am to Midnight Sunday: 9am to Midnight

Tariff: (Ignore info on Point Village Car Park) There is a negotiated rate of

€10 per day for delegates. This is payable directly to the car park on departure. Overnight parking is

available at €14 to 15.00 hrs the following day. Access to the car park is to the rear of the hotel


 * Parking Facilities Available Info

Booking Accomodation

Important: Make an early booking if accommodation is required.
 * The Gibson Hotel

Make a reservation on the Gibson Hotel's website:

Or call to book: 01 681 5000

Subject to availability, have a look at below list of hotels nearby if you can't find a place to stay at The Gibson Hotel.

Hotels nearby:
 * Spencer Hotel Google Maps
 * The Spencer Hotel
 * Bereford Hotel Google Maps
 * Beresford Hotel

= User Day =

Location
Dublin, The Gibson Hotel.

OpenSAMM at HP, by Michael Craigue (HP)
Abstract: HP uses OpenSAMM to assess the completeness of the security activities in development groups, both in IT and in the business groups that create our products. HP's internal Product Security group has developed the SAMM Self-Assessment Tool, an implementation of the OpenSAMM process wrapped into a portable ASP.Net MVC Razor application. Its aim is to simplify the measurement of your organization against OpenSAMM, to assist in the construction of a roadmap, and in the subsequent tracking of progress down that roadmap. The tool is undergoing internal legal review for release to the public, and we hope it will be ready for release prior to the OpenSAMM summit. Mike will explain the motivation for the tool and its capabilities, and will brag a bit about the contributors who created it. Bio: Mike serves as Information Security Officer (ISO) for HP’s Enterprise Group-IT. He also works with the EG business group which IT supports. Prior to joining HP, he worked at Dell for 14 years, most recently as the Director of Security Consulting and Portfolio Governance. He holds a PhD from the University of Texas at Austin in Higher Education Administration / Finance, and the CISSP and CSSLP certifications from (ISC)². He’s been a contributor to the Cloud Security Alliance’s Controls Matrix project, and a speaker at OWASP and RSA conferences. His primary areas of focus are professional development, software security, and information security policy development. In his spare time, he taught Database Management and Business Intelligence / Knowledge Management at St. Edward's University in their MBA / MS CIS programs. He also enjoys cycling, cooking, and learning the cello. https://www.linkedin.com/in/craigue

Application Security? There is a metric for that!, by Yan Kravchenko (NetSPI)
Abstract: More and more, organizations’ security postures are defined by their growing application portfolios, shifting the emphasis away from more traditional security perimeters. The answer to virtually every business problem large or small is “There is an app for that”, and the nature of these apps range anywhere from simple workflow enablement tools through large enterprise-grade applications. Managing security across all applications is quickly becoming one of the biggest blind spots for organization’s security programs, making it difficult to measure and report metrics related to application security. Over the past year, Yan has been working on a new approach to manage and measure application security. By combining OWASP’s Software Assurance Maturity Model, traditional risk assessment methodologies, and experience developing security metrics, Yan developed a methodology that may be used to help organizations improve the way they manage and prioritize their application security initiatives. Once fully developed, this approach will be donated to OWASP either as an add-on to the existing SAMM project or as a new project intended to improve application security management. In this presentation, Yan will provide a detailed walk-through of the overall methodology. We will provide examples of the types of metrics and executive dashboards that can be generated by using this approach to managing application security and help highlight various ways this information can be used to further improve the overall maturity of application security programs. Bio: Yan Kravchenko has over 18 years of IT and information security consulting experience, the last seven with NetSPI. Before that, Yan served as the Director of IT for a large agriculture company, and before that Yan spent seven years performing Security Assessments, IT Audits, and assisted creating Business Continuity and Disaster Recovery Plans. In addition to a strong understanding of security and compliance, Yan has a deep technical background, which helps better evaluate and understand security risks, as well as provide meaningful and practical risk remediation advice. The last year, Yan has been focused on developing a new methodology for companies to manage application security, and improving information security metrics.

= Project Day =

Location
Dublin, details to come soon

Agenda
Focus on project team workshops

= Social Event =

The date and time of the social will still be made available, the social event is at your own expense. Would like to see you there.

The social event is on Friday the 27th of March.

= Sponsor =