Difference between revisions of "Hartford"

From OWASP
Jump to: navigation, search
(February 10th 2009)
m (parking info)
 
(103 intermediate revisions by 6 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Hartford|extra=The chapter leader is [mailto:owasp@jamesmcgovern.com James McGovern]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hartford|emailarchives=http://lists.owasp.org/pipermail/owasp-hartford}}
+
{{Chapter Template|chaptername=Hartford|extra=The chapter leaders are [mailto:James.Mcgovern@gartner.com James McGovern] and [mailto:alvin.fong@owasp.org Alvin Fong]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-hartford|emailarchives=http://lists.owasp.org/pipermail/owasp-hartford}}
  
<paypal>Hartford</paypal>
+
== Meetup link ==
 +
Most of our chapter event coordination is done via meetup. Hit the link for the latest:
 +
 
 +
https://www.meetup.com/Hartford-Cyber-Security-Meetup-OWASP/events/248771357/
  
 
== Sponsors ==
 
== Sponsors ==
  
We would like to thank [http://www.fortifysoftware.com/ Fortify], [http://www.wiley.com/ Wiley Publishers], [http://www.oracle.com/ Oracle], [http://www.the451group.com/ The 451 Group], [http://www.thehartford.com/ The Hartford] and [http://www.microsoft.com/ Microsoft] for their generous sponsorship and helping make application security visible...
+
We would like to thank [http://www.travelers.com/ Travelers Insurance]for their generous sponsorship and helping make application security visible...
 +
 
 +
If you would like to sponsor either the food and/or door prizes for an upcoming meeting, please email [mailto:alvin.fong@owasp.org Alvin Fong] with your proposal. Independent of any financial considerations, sponsorship priority is driven by those who drive participation in OWASP to their employees and customers.
 +
 
 +
== Call for Sponsors/Speakers ==
 +
 
 +
This is a call for speakers/papers. If we haven't approached you, but you believe you have a significant discovery or new research that the security community would value, or enjoy hearing about, we invite you to submit your presentation topic for serious consideration. Preference will be given to speakers who can present new and innovative technical content to a broad audience. Of course, all presentations are expected to challenge the brightest and quickest of attendees - we wouldn't have it any other way.
 +
 
 +
OWASP is not a vendor fair. Consequently, there will be very little tolerance for commercial content within presentations. Attendees will be encouraged to quell any shameless marketing that is not immediately backed up with rationale for its inclusion.  
 +
 
 +
Some topics of interest for upcoming meetings include (but are not limited to):
 +
* Risk Rating Methodologies
 +
* Internet of Things (IOT) Security
 +
 
 +
== Upcoming Events ==
 +
DevOps vs. the "Security People"
 +
 
 +
Date/Time: Friday, 6/21 1-3pm
 +
 
 +
Location: [https://goo.gl/maps/bb9Xz397CmeLcfBf7 Travelers CRM-1, 45 Central Row, Hartford, CT 06103]
 +
 
 +
Agenda:
 +
 
 +
1pm: "DevOps vs “Security People"
 +
 
 +
In 2019, surveys are saying that 90% of Fortune 500 plan on using containers and things like Kubernetes, yet there’s still a divide between what “security people” see that containers provide and what DevOps teams see. Kubernetes has become the defacto standard for production container deployments and there are 98 different options (as of February 2019) for hosted Kubernetes clouds. In many cases a Kubernetes threat model becomes compromised either by accident or by alibi and even if you wanted to harden your environment, there’s little guidance. Is there truly such a thing as a Kubernetes best practice? How can Kubernetes handle multiple tenants in a cluster? Do hosted Kubernetes services provide enough security for your work load? This talk will explore Kubernetes’ known attack vectors, defenses, and see how we can bridge the silos between security engineers and developers to help in the future.
 +
 
 +
2pm: panel / chapter meeting TBD
 +
 
 +
3pm: networking
 +
 
 +
Speaker: Mark Manning is a Principal Security Consultant with NCC Group and a lead in their Container Practice. He focuses on container technologies, Linux kernel security, and application security, in general. He has performed penetration tests to breakout from containers, delivered architecture reviews of devops environments, and worked with developers on various container and orchestration technologies such as Docker, Kubernetes, Mesos/Marathon, as well as Rancher. Mark currently organizes Rochester 2600 has also organized BSidesROC from 2010 through 2018.
 +
 
 +
Parking info:
 +
[[File:Hartford-parking-map.pdf|thumb]]
 +
 
 +
== Past Events ==
 +
'''Saturday, November 3, 2018'''
 +
 
 +
9:00AM-5:00PM
 +
 
 +
OWASP @ bSides CT - Sat, Nov 3rd - Fairfield, CT
 +
 
 +
The local BSides Security conference in CT is taking place Sat, Nov 3, 2018 in Fairfield, CT. Their CFP is out, and I would encourage you to submit a talk. Tickets are available for the actual conference are $20 and can be purchased here: <nowiki>https://www.eventbrite.com/e/bsides-ct-2018-tickets-49521252399</nowiki>
 +
 
 +
The conference will feature speakers, workshops, CTF (with prizes!), lightning talks, and an after-party.
 +
 
 +
Schedule updates and additional info: www.bsidesct.org
 +
 
 +
About BSides:
 +
 
 +
Security BSides is a community-driven framework used to build events for and by information security community members, events where individuals have opportunities to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense experience designed to expand the spectrum of conversation beyond the traditional confines of space and time with discussions, demos, and participant interaction. It’s where conversations on the next big thing are happening
 +
 
 +
About Fairfield University:
 +
 
 +
Fairfield University sits on the Connecticut coast and is conveniently located ½ mile from the train station offering a central location for all attendees, whether taking public transit, train, or driving. The Amtrak and MTA access means we’re close enough to New York City to turn a day trip into an adventure, yet far enough to make Fairfield seem like a completely different world. BSides Connecticut provides a much-needed link between information security professionals and the Connecticut technology community by offering a forum for collaborative presentations, information exchange, and ideas.
 +
 
 +
'''Agenda: <time>Friday, October 12, 2018</time>'''
  
If you would like to sponsor either the food and/or door prizes for an upcoming meeting, please email [mailto:owasp@jamesmcgovern.com James McGovern] with your proposal. Independent of any financial considerations, sponsorship priority is driven by those who drive participation in OWASP to their employees and customers.
+
11AM-12PM
  
<paypal>Hartford</paypal><br>
+
Fairfield U - Day in the Life of a CyberSecurity Professional
  
== February 10th 2009 ==
+
As part of our Academic initiative to partner with local colleges/universities, Fairfield University CISO Bill Reyor, has invited OWASP to Fairfield University this coming Friday Oct 12 @ 11am at the Fairfield University DiMenna-Nyselius Library on 5171, 1073 N Benson Rd, Fairfield, ct, 06824.
<b>We are still seeking a sponsor for food and beverages for this event...</b><br>
 
  
OPENING REMARKS: 5:00 - 5:15 PM<br>
+
This session is oriented toward college students and new college graduates exploring computer security ("cybersecurity") as a career path. We plan to discuss:
James McGovern, [http://duckdown.blogspot.com/ OWASP Hartford Chapter Leader]<br>
+
 
<br>
+
<nowiki>*</nowiki>The State of Computer Security Employment and need for diversity to solve tomorrow's security challenges (It's not all Computer Science)
WORD FROM OUR SPONSOR: 5:15 - 5:30 PM<br>
+
 
Randy Schmitz, [http://www.fortify.com/index.php Fortify]<br>
+
<nowiki>*</nowiki>Profiles of Computer Security Career Paths
<br>
+
 
OPEN SOURCE IDENTITY SERVICES (The Higgins Project): 5:30 - 6:15 PM<br>
+
<nowiki>*</nowiki>The Day in the Life of a Security Professional, by your truly.
Mary Ruddy, [http://www.meristic.com/index.php Meristic]<br>
+
 
<br>
+
<nowiki>*</nowiki>The need for Business, Medical, and Technology undergraduates and graduates to work together as security becomes an increasingly interdisciplinary challenge
FOOD and BEVERAGES: 6:15 - 6:30 PM<br>
+
 
<br>
+
Call to action:
ENABLING STRONGER/MULTI-FACTOR AUTHENTICATION FOR ENTERPRISE APPLICATIONS (Emphasis on using PKI, Smartcards and Biometrics): 6:30 - 7:00 PM<br>
+
 
Ramesh Nagappan, Security Architect at [http://www.sun.com/ Sun Microsystems]<br><br>
+
For area security professionals with open reqs for new/college-hires, please reach out in advance or connect me with your HR point of contact so that we can share opportunities with students that attend and are actively looking for local opportunities.
CLOSING THOUGHTS and DOOR PRIZES (The Higgins Project): 7:00 - 7:15 PM<br>
+
 
Gunnar Peterson, CTO of [http://www.artecgroup.net/ Artec Group] and Twin Cities OWASP member<br>
+
'''Agenda: <time>Tuesday, April 3, 2018</time>'''
<br>
+
 
<br>
+
2PM - 4PM
 +
 
 +
2-3pm: Yaxa (Startup security spotlight) - Kalpesh Sheth
 +
 
 +
<nowiki>*</nowiki>Introduction to Yaxa, part of Hartford's InsurTech startup accelerator
 +
 
 +
<nowiki>*</nowiki>Emerging trends in cyber threat vectors
 +
 
 +
<nowiki>*</nowiki>Which tools people are using and what security vendors are doing?
 +
 
 +
<nowiki>*</nowiki>What is state of the art – when hackers are changing their TTPs?
 +
 
 +
<nowiki>*</nowiki>Why users are the weakest link and what to do about it?
 +
 
 +
3-4pm: OWASP CT Chapter Meeting (2018 community initiatives)
 +
 
 +
<nowiki>*</nowiki>Who's hiring? Help
 +
 
 +
<nowiki>*</nowiki>What topics/challenges are security practitioners having and looking for assistance with?
 +
 
 +
<nowiki>*</nowiki>Community initiatives - What would folks like to see OWASP and local CT members doing?
 +
 
 +
<nowiki>*</nowiki>Cool vendors
 +
 
 +
<nowiki>*</nowiki>Blockchain Security Thinking
  
 +
4pm: Networking / HH
  
<b>Mary Ruddy</b><br>
+
City Steam Brewery
Mary is the founder of Meristic. Mary founded and co-leads the Higgins open source identity framework project, is a founding Board Member of the Information Card Foundation and Chief Steward of Identity Commons. he MIT Sloan School of Management. <br><br>
 
<u>Open Source Identity Services</u><br>
 
The Higgins Project is developing an extensible, platform-independent, identity protocol-independent, software framework to support existing and new applications. Its goal is to improve interoperability, privacy, and security as well as empower users with more control over their personal information.
 
  
This presentation demoed interoperability between Microsoft's CardSpace and Liberty-based products, all in an Open Source environment. <br><br>
+
942 Main St, Hartford, CT 06103
<b>Ramesh Nagappan</b><br>
 
Ramesh Nagappan is a Principal Engineer at Sun Microsystems. He has extensive experience with, and remains focused on Securing Applications, XML Web Services and Identity Management technologies.  Ramesh is the co-author of Core Security Patterns and four other books on topics related to J2EE, EAI and Web services. He frequently speaks at industry conferences and contributes to industry standards and open-source initiatives on Java, XML and Security. Currently Ramesh works on SOA/XML Web Services, Identity Management and Strong authentication solutions using PKI, Smart cards and Biometrics for projects aligned with government, intelligence, law enforcement and financial organizations.u><br><br>
 
  
== March 9th 2009 ==
+
Map: <nowiki>https://goo.gl/maps/ecN5G9BvjoK2</nowiki>
To add this event to your Outlook calendar, click [http://outlook.calendar.com/OWASPHartfordMar2009.ics here]<br>
 
<paypal>Hartford</paypal><br>
 
Food and Beverages for this event are sponsored by: [http://www.emc.com/ The RSA division of EMC]<br>
 
  
OPENING REMARKS: 5:00 - 5:15 PM<br>
+
About Kalpesh Sheth:
James McGovern, [http://duckdown.blogspot.com/ OWASP Hartford Chapter Leader]<br>
 
<br>
 
RECRUITING ELITE IT TALENT: 5:15 - 6:00 PM<br>
 
Jordan Haberfield (Agile Elephant), SVP of [http://www.systemoneservices.com/ System One]<br>
 
<br>
 
CASE STUDY: Rolling out a secure SDLC in a large enterprise: 6:00 - 7:00 PM<br>
 
Nehrav Mehta, Security Architect at [http://www.emc.com/ EMC]<br>
 
<br>
 
  
'''JORDAN HABERFIELD'''
+
With 20+ years of technical expertise in data networking, network security, Intelligence Surveillance and Reconnaissance (ISR), and Cluster Computing, Kalpesh Sheth has been an instrumental leader in the execution of several complex development projects from inception to deployment. Sheth has served as a founding team member and senior executive at several successful startups and large companies. Before co-founding Yaxa, Sheth was Senior Technical Director at DRS Technologies (acquired by Finmeccanica S.p.A.), Director at RiverDelta Networks (acquired by Motorola and now part of Arris) and fifth employee of Digital Technology (acquired by Agilent Technologies). He is a co-author of VITA 41.6 an ANSI standard, and has spoken at numerous trade conferences as an expert panel member. Sheth holds M.S. in Computer Science from Texas A&M University, and an MBA from MIT Sloan School of Management.
  
System One provides technical outsourcing solutions to clients in the energy, engineering, information technology and scientific sectors. Combining national recruiting capabilities and local market expertise, we are the go-to, single source firm for clients looking to attract, select and retain a quality workforce.
+
What to bring
  
System One advises clients on recruiting strategy and organizational effectiveness. We also help skilled professionals advance their careers. The result — carefully-matched hires, well-executed projects, and effective resource management.
+
<nowiki>*</nowiki>Ideas for community-based 2018 initiatives
  
== April 29th 2009 ==
+
<nowiki>*</nowiki>Security questions you're looking for help from other security pros in the area
To add this event to your Outlook calendar, click [http://outlook.calendar.com/OWASPHartfordApr2009.ics here]<br>
 
<paypal>Hartford</paypal><br>
 
Food and Beverages for this event are sponsored by: [http://www.veracode.com/ Veracode]<br>
 
  
 +
'''Agenda: Saturday, Oct 7th 2017'''<br>
 +
9:00AM - 6:00PM<br>
 +
OWASP @ [http://www.securitybsides.com/w/page/114611590/BSidesCT2017 BSidesCT]: Accelerating & Pivoting your Security Career
  
OPENING REMARKS: 5:00 - 5:15 PM<br>
+
'''Presentation:''' https://www.owasp.org/images/3/3b/OWASP_CT_bSides_100717.4_compressed.pdf
James McGovern, [http://duckdown.blogspot.com/ OWASP Hartford Chapter Leader]<br>
 
<br>
 
DETECTING BACKDOORS IN WEB APPLICATIONS: 5:15 - 6:00 PM<br>
 
Chris Wysopal CTO, [http://www.veracode.com/ Veracode]<br>
 
<br>
 
<br>
 
<b>Chris Wysopal</b><br>
 
Chris Wysopal, Veracode’s CTO, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. <br><br>
 
  
 +
'''Video''': https://www.youtube.com/watch?v=_gF1ZL0lcz4 
  
== OWASP AppSec Executive Summit (May 2009) ==
+
James and I will be presenting on Accelerating and Pivoting your security career. 
<paypal>Hartford</paypal><br>
 
Please visit our sponsors session, if you are interested in having a booth at this event<br>
 
  
<br>
+
Title: Accelerating and Pivoting your Security Career
FRAMEWORK-LEVEL THREAT ANALYSIS: ADDING SCIENCE TO THE ART OF SOURCE CODE REVIEW: 1:00 - 1:45 PM<br>
 
Mary Ann Davidson, CISO of [http://www.oracle.com/ Oracle]<br>
 
<br>
 
OFFSHORING APPLICATION DEVELOPMENT: SECURITY IS STILL YOUR PROBLEM: 1:45 - 2:30 PM<br>
 
Rohyt Belani, [http://www.intrepidusgroup.com/ Intrepridus Group]<br>
 
<br>
 
The STATE OF SOFTWARE DEVELOPMENT: 2:45 - 3:30 PM<br>
 
Grady Booch, Fellow at [http://www.ibm.com/ IBM]<br>
 
<br>
 
INTO THE BREACH: A WAKEUP CALL FOR CORPORATE AMERICA: 3:30 - 4:15 PM<br>
 
Michael Santarcangelo, Chief Security Catalyst at [http://www.securitycatalyst.com/ Security Catalyst]<br>
 
<br>
 
  
'''MARY ANN DAVIDSON'''<br>
+
Abstract: This talk is for folks either trying to identify paths into the InfoSEC space, and for experienced security professionals trying to pivot and jump start alternative security career paths. We'll map out different career paths and identify key skills for success, discuss how to build them, and resources you can take advantage of locally here in CT.  
Mary Ann Davidson is the Chief Security Officer at Oracle Corporation, responsible for Oracle product security, as well as security evaluations, assessments and incident handling. She represents Oracle on the Board of Directors of the Information Technology Information Security Analysis Center (IT-ISAC)
 
  
'''ROHYT BELANI'''<br>
+
'''Agenda: Thursday, Jun 15th 2017'''<br>
Rohyt Belani is a Managing Partner and co-founder of the Intrepidus Group. Prior to founding the Intrepidus Group, Rohyt started and ran Mandiant’s New York City operations. During the last 7 years, he has worked at premier information security organizations like Foundstone and the US-CERT. Rohyt is a regular speaker at various industry conferences, including Black Hat, OWASP, Hack-In-The-Box, InfoSec World, and several forums catering to the FBI and US Secret Service agents. He currently teaches a class at Carnegie Mellon University, and has been invited to guest lecture at the University of Wisconsin on the topic of information security.
+
6:00PM - 9PM<br>
 +
Wireless Security Workshop
  
'''GRADY BOOCH'''<br>
+
'''Presentation:''' [[:File:OWASP Wireless Security 101.pdf|'''File:OWASP Wireless Security 101.pdf''']] 
Grady Booch is recognized internationally for his innovative work on software architecture, modeling, and software engineering process. His work has improved the effectiveness of software developers worldwide. He has been with Rational Software Corporation as Chief Scientist since its founding in 1980. Grady is one of the original developers of the Unified Modeling Language (UML) and was also one of the original developers of several of Rational's products including Rational Rose. Grady has served as architect and architectural mentor for numerous complex software systems around the world.
 
  
'''MICHAEL SANTARCANGELO'''<br>
+
This session will take a departure from some of our recent OWASP sessions. The hosts at MakeHartford have generously offered their classroom space for this security lab session/workshop coming out of the OWASP pen-testing initiative group. Jon Williams will be presenting and demonstrating some fundamental wireless security concepts. Depending on time and if we get access to some COTS routers, we may also try to do some hands-on wireless security testing. Plan on bringing your laptop and spare wireless router if you can. This session is oriented toward folks looking to learn about wireless security and getting introduced to wireless security concepts for the first time.  
Michael Santarcangelo is a human catalyst*. An expert who speaks on information protection – including compliance, privacy and awareness – Michael energizes and inspires his audiences to change the way they protect information.
 
  
Michael is known for delivering simple and effective strategies that get results. He connects with audiences in a way that makes security relevant, easy to understand and achievable! With wit and clarity, he freely shares unique insights, innovative approaches and effective solutions that are informed by both experience and research.
+
Note: Due to the classroom size, we're limiting this to the first 20 participants.
  
== UPCOMING 2009 EVENTS ==
+
Agenda:
<paypal>Hartford</paypal><br>
+
* Overview: Wireless security concepts
 +
* Remote access, Local network - encrypted and unencrypted
 +
* Wireless attacks:
 +
* Rogue access point, MiTM, Session Hijacking, Radio monitoring, Session theft
 +
* Review: Risks to remote workers
 +
* Game time: defensive techniques
 +
* Demonstration: Wireless Man-in-the-Middle and Rogue AP
  
'''June 2009'''
+
About Jon Williams:
Kent Browne of IBM
 
Gerald Beuchelt of Sun
 
  
'''September 2009'''
+
Jon Williams hails from Cheshire, CT, where he lives with his wife and daughter and works from home as Security Administrator for IGG Software. A taste for adventure has carried him far, from the islands of the Bahamas where he worked towards building an eco-hostel, to the deserts of Egypt where he taught children at environmental leadership camps, to the high seas where he circumscribed the globe in a steamship. His passion for technology led him into the security field, where he now spends an unhealthy proportion of his time trying to break computer systems so that others might improve them. He recently attained a CISSP certification and actively contributes to projects at OWASP Hartford
  
FRAMEWORK-LEVEL THREAT ANALYSIS: ADDING SCIENCE TO THE ART OF SOURCE CODE REVIEW: 3:30 - 4:15 PM<br>
+
'''Agenda: Wednesday, Apr 26th 2017'''<br>
Rohit Sethi, [http://www.securitycompass.com/ Security Compass]<br>
+
6:30PM - 9PM<br>
<br>
+
OWASP @ MakeHartford <br>'''Presentation:''' [[:File:OWASP Hartford pen-test lab intiative 20170322.pdf|'''File:OWASP Hartford pen-test lab intiative 20170322.pdf''']]
  
'''ROHIT SETHI'''
+
We've got a new team working on putting together a security / pen testing lab and security learning environment here in CT.  The goal is to have a place where we can create and share security and pen testing tips and tricks with our members, as well as using the lab as a means to bolster our outreach efforts to the colleges in the area.
  
Rohit Sethi, Manager of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several conferences, including RSA, Shmoocon, and CSI. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World.  
+
We're going to use this initial session to explore the MakeHartford space and start building up that lab. If you're interested, we would love to see you at this session. Otherwise, shoot me an email and i'll keep you posted on working group meetings moving forward.
  
At Security Compass, Rohit teaches students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare.  
+
Thanks to the current volunteer team and Steve Yanicke [http://www.makehartford.com @MakeHartford]:
 +
* Dain Perkins 
 +
* Darin Wilborne 
 +
* Jon Williams 
 +
* Kevin Tobin 
 +
* Adam Haller 
 +
* Cameron Morris
  
He is often consulted for his dual expertise in information security and software engineering.
+
'''Agenda: Wednesday, Mar 29th 2017'''<br>
 +
6:30PM - 9PM<br>
 +
OWASP UCONN <br>'''Presentation: https://www.owasp.org/images/e/ef/Hartford-UCONN-March-2017.pdf'''
  
== WEB CONFERENCING INFORMATION ==
+
The next OWASP Hartford chapter meeting will be held at the ITE Building Room 301 on the University of Connecticut Campus in Storrs. We are conducting an interactive session with students of the cybersecurity club and will be inviting participation from students attending Law, Business and Medical schools for an enlightening discussion on Healthcare Information Security. As usual, this event is kid-friendly and OWASP-approved with a healthy dose of FREE TO ATTEND sprinkled on top.
  
We are pleased to present all OWASP meetings via conference call. To listen, the dialin number is 1-218-936-4700 (Passcode 606183). The conference line has a limited number of caller slots, so please be considerate of others and share whenever possible.
+
'''Agenda: Thursday, Sep 29th 2016'''<br>
 +
2PM - 4PM<br>
 +
Fraud Analytics <br>'''Presentation: [[:File:Owasp Hartford - Exploring fraud analytics.pdf]]'''
  
== Call for Speakers ==
+
The next OWASP Hartford chapter meeting will focus on Fraud Analytics. James Ruotolo from SAS will be joining us to discuss fraud analytics methodologies, fraud patterns in insurance. There will also be a walkthrough of Visualization technologies, Risk Scoring, and Cybersecurity. <br />[[File:Owasp Hartford - Exploring fraud analytics.pdf|thumb]]
  
This is a call for speakers/papers. If we haven't approached you, but you believe you have a significant discovery or new research that the security community would value, or enjoy hearing about, we invite you to submit your presentation topic for serious consideration. Preference will be given to speakers who can present new and innovative technical content to a broad audience. Of course, all presentations are expected to challenge the brightest and quickest of attendees - we wouldn't have it any other way.  
+
Agenda: <br />
 +
Exploring Fraud Analytics <br />
 +
1.      Introduction <br />
 +
a.      Business analytics <br />
 +
b.      Example fraud analytics use cases <br />
 +
2.       Fraud analytics methodology<br />
 +
a.       Detection techniques<br />
 +
b.      Data management considerations<br />
 +
c.      Deployment and operationalization <br />
 +
3.      Case study: Fraud analytics in insurance<br />
 +
a.       Visualization technology <br />
 +
b.      Fraud risk scoring and alert triage <br />
 +
c.       Cybersecurity<br />
 +
d.      Example results<br />
 +
4.      Q&A<br />
  
OWASP is not a vendor fair. Consequently, there will be very little tolerance for commercial content within presentations. Attendees will be encouraged to quell any shameless marketing that is not immediately backed up with rationale for its inclusion.
+
About James Ruotolo:<br />
 +
James Ruotolo is the product line leader for the fraud and security intelligence solution portfolio at SAS®. He is responsible for product management and marketing of fraud detection and compliance solutions for the banking, insurance, healthcare and government industries. Before joining SAS®, James was the Director of Strategic Operations for the special investigation unit of a large multi-line US insurance company where he was responsible for investigative analytics and intelligence operations. He has nearly two decades of investigation and fraud analytics experience. Connect with him on Twitter @jdruotolo <br />
  
Some topics of interest for upcoming meetings include (but are not limited to):
+
'''Agenda: Thursday, May 26th 2016'''<br>
* Breaking CAPTCHA
+
Industry Cyber Security Panel <br><br>
* Hacking Cardspace and Identity 2.0
 
* Breaking Commercial Software for Fun and Profit
 
* Tactics for breaking software licensing schemes
 
* Gaming, the next overlooked security hole
 
* Hacking Mainframes
 
* Database rootkits
 
  
== Past Events ==
+
Brian Bemis – Travelers - Director of Application Security and Public Key Infrastructure<br>
 +
Brian’s area of focus includes Application security, penetration testing, network security, Secure SDLC, and certificates <br>
 +
<br>
 +
Brian Heemsoth – Aetna – Director of Software and Mobile Security<br>
 +
Brian Heemsoth is responsible for designing and implementing security solutions with a user experience focus, <br>application security, mobile security and incident response. <br>
 +
<br>
 +
Joe Niquette – UnitedHealth Group – Security Solutions Architect<br>
 +
Joe’s involved in security research and development and passionate about rugged DevOps.<br>
 +
<br>
 +
Ankur Singhal – the Hartford – Manager Application Security <br>
 +
Ankur’s focus is web and mobile application security, security vulnerability management and remediation, Secure SDLC, PKI and cert management, Encryption at rest and most recently Security in DevOps<br>
 +
<br>
  
'''Agenda: Wednesday, November 11th 2008'''
+
2:00 PM to 4:00 PM<br>
LIGHTWEIGHT SECURITY USING IDENTITY-BASED ENCRYPTION: 6:00 - 7:00 PM<br>
 
Richard Eisenberg, Architect at [http://www.voltage.com/ Voltage Security]
 
  
'''Agenda: Wednesday, September 24th 2008'''
 
  
TOP TEN BOGUS TECH QUOTES OF THE YEAR: 6:00 - 6:45 PM
+
This meeting will be held at Travelers, Hartford CT (Central Row Conference Room)
Paul Roberts, Industry Analyst, [http://www.the451group.com/ The 451 Group]
+
<br><br>
Powerpoint presentation is located [https://www.owasp.org/images/c/c6/OWASP-Hartford-Oct08-451Group.ppt here]
+
'''Agenda: Tuesday, February 9th 2016'''
  
MAKING APPLICATIONS SECURE BY REMOVING SECURITY: 6:45 - 7:30 PM
+
<br>
Andrew Stone, Senior Manager, [http://www.accenture.com/ Accenture]
+
Threat Modeling for Architects, Business Analysts and Quality Assurance Professionals’ Category<br>
Powerpoint presentation is located [https://www.owasp.org/images/0/01/OWASP-Hartford-Oct08-Accenture.ppt here]
+
Robert Hurlbut<br>
 +
Independent software security consultant, architect and trainer<br>
 +
Hurlbut Consulting Services<br>
 +
6:00 PM to 7:00 PM<br>
 +
<br>
 +
Future Direction of Chapter<br>
 +
James McGovern<br>
 +
7:00 PM to 7:30 PM<br><br>
 +
This meeting will be held at Travelers, Hartford CT (Central Row Conference Room)
  
 +
== Postponed Events ==
  
'''Agenda: Wednesday, June 11th 2008'''
+
'''Agenda: Tuesday, April 16th 2013'''<br>
 +
Why We Need DevOps Now: A Fourteen Year Study Of High Performing IT Organizations <br>
 +
Gene Kim - CTO of Tripwire<br>
 +
This meeting will be held at Travelers in Downtown Hartford<br>
  
CARDSPACE AND USER CENTRIC IDENTITY
+
== Past Events ==
Chris Winn, Security Evangelist, [http://www.microsoft.com/ Microsoft]
 
  
IDENTITY GOVERNANCE FRAMEWORK
+
'''Agenda: Tuesday, May 27th 2014'''<br>
Prateek Mishra, Product Manager, [http://www.oracle.com/ Oracle]
+
OWASP Mobile Top Ten Risks 2014 – The New M10: ‘Lack of Binary Protection’ Category<br>
Powerpoint Presentation is [https://www.owasp.org/images/2/2c/IGF-Overview-Hartford-May-00.ppt here ]
+
Senior Security Engineer at Arxan Technologies <br>
 +
5:00 PM to 6:00 PM<br>
 +
<br>
 +
IDaaS (Cloud) Landscape - Why Companies are Shifting Strategies Toward Cloud-Based Identity Management vs. Traditional Security Methods?<br>
 +
Tarek Khaled, Senior Security Engineer at Okta<br>
 +
6:00 PM to 7:00 PM<br><br>
 +
This meeting was held at Travelers, Hartford CT (Central Row Conference Room)
  
 +
'''Agenda: Tuesday, October 22nd 2013'''<br>
 +
Mobile Security: Attacks and Defenses<br>
 +
Gene Meltser, Technical Director, Neohapsis Labs<br>
 +
5:00 PM to 6:00 PM<br>
 +
<br>
 +
An Application Pen Tester's introduction to Android Internals<br>
 +
Tom Palarz, Senior Security Consultant, Neohapsis Labs<br>
 +
6:00 PM to 7:00 PM<br>
 +
This meeting was held at Travelers, Hartford CT (Central Row Conference Room)
  
'''Agenda: Wednesday, April 30th 2008'''
+
'''Agenda: Tuesday, June 6th 2013'''<br>
 +
Building a Better Botnet<br>
 +
Michael Smith, Akamai<br>
 +
This meeting will be held at the Travelers in Hartford
 +
<br><br>
 +
'''Agenda: Tuesday, May 6th 2013'''<br>
 +
Web Services Security<br>
 +
James McGovern, HP Enterprise Services<br>
 +
This meeting was held at the ACORD LOMA Forum in Las Vegas
 +
<br><br>
 +
'''Agenda: Wednesday, April 24th 2013'''<br>
 +
Cloud and Identity<br>
 +
George Dobbs, Enterprise Architect - MassMutual<br>
 +
8:30 AM to Noon<br>
 +
This meeting was be held at IBM, 755 Main Street, Hartford CT (The Gold Building)
  
THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES
+
'''Agenda: Wednesday, October 24th 2012'''<br>
Anton Chuvakin, Chief Logging Evangelist, [http://www.loglogic.com/ LogLogic]
+
International Institute of Business Analysts (IIBA) Joint Meeting<br>
 +
James McGovern - Introduction to Security for Business Analysts<br>
 +
This meeting was held at Chubb in Simsbury<br>
  
KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE
+
'''Agenda: Wednesday, September 26th 2012'''<br>
Jack Danahy, CTO and Founder, [http://www.ouncelabs.com/ Ounce Labs]
+
Joint Meeting with OWASP Student Chapter<br>
 +
Introduction to Network Security<br>
 +
Anthony DAmato<br>
  
 +
'''Agenda: Wednesday, May 23rd 2012'''<br>
 +
Introduction to SOA Security<br>
 +
James McGovern<br>
  
'''Agenda: Thursday, February 28th 2008'''
+
'''Agenda: Tuesday, May 18th 2010'''<br>
 +
Joint Meeting with ISACA on the topic of auditing web applications<br>
  
HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY
+
Dmitry Zhdanov presentation is located [http://www.owasp.org/images/1/16/OWASP_ISACA_Hartford_Secure_Coding_v2-Dmitry_Zhdanov.pptx here]<br>
Chenxi Wang, Principal Analyst, [http://www.forrester.com/ Forrester Research]
+
Mark Wireman presentation is located [http://www.owasp.org/images/d/d4/OWASP_ISACA_Hartford_Secure_Coding-Mark_Wireman.pptx here]<br>
 +
James Ritche presentation is located [http://www.owasp.org/images/7/7c/IT_Application_Audit_Principles-James_Ritche.ppt here]<br>
 +
Mark Coderre presentation is located [http://www.owasp.org/images/d/d3/Secure_Web_Applications_Mark_Coderre.ppt here]<br>
  
EXPLOITING ONLINE GAMES
+
'''Agenda: Thursday, December 3rd 2009'''<br>
Gary McGraw, CTO,  [http://www.cigital.com/ Cigital]
+
<br>
 +
SOCIAL MEDIA, PRIVACY AND BREACHES<br>
 +
Ian Glazer, Distinguished Industry Analyst [http://www.burtongroup.com/ Burton Group]<br>
 +
Powerpoint presentation is located [http://www.owasp.org/images/e/e2/BG_PartneringPrivacy_Glazer%282%29.pptx here]<br>
 +
<br>
 +
VANISH: MAKING DATA DISAPPEAR<br>
 +
George Dobbs, Chief Architect [http://www.kofc.org/ Knights of Columbus]<br>
 +
Powerpoint presentation is located [http://www.owasp.org/images/c/c7/Vanishing_Data_and_impacts_to_privacy.ppt here]<br>
 +
<br>
 +
'''Agenda: Tuesday, November 17th 2009'''<br>
 +
<br>
 +
ATTACK YOUR DATABASE BEFORE OTHERS DO<br>
 +
Todd Desantis, Lead Sales Engineer [http://www.sentrigo.com/ Sentrigo]<br>
 +
<br>
 +
'''Agenda: Tuesday, October 13th 2009'''<br>
 +
<br>
 +
THE CONVERGENCE OF SECURITY AND PRIVACY: CLOUD COMPUTING<br>
 +
Michael Waidner, Distinguished IBM Engineer and Security CTO [http://www.ibm.com/ IBM]<br>
 +
<br>
 +
'''Agenda: Monday, September 14th 2009'''<br>
 +
<br>
 +
OWASP: WHERE WE ARE AND WHERE WE ARE GOING<br>
 +
Tom Brennan, OWASP Board Member [http://www.owasp.org/ OWASP]<br>
 +
<br>
 +
WEB APPLICATION SECURITY ASSURANCE<br>
 +
Gregory Gotta, SVP Security [http://www.ca.com/ CA]<br>
 +
<br>
 +
'''Agenda: Wednesday, June 10th 2009'''<br>
 +
<br>
 +
THE ANATOMY OF SECURITY DISASTERS<br>
 +
Marcus Ranum, CSO of [http://www.tenablesecurity.com/ Tenable Security]<br>
 +
Powerpoint presentation is located [http://www.owasp.org/images/3/32/Anatomy_of_security_disasters.ppt here]<br>
 +
<br>
 +
'''Agenda: Tuesday, April 30th 2009'''<br>
 +
<br>
 +
RECRUITING ELITE IT TALENT<br>
 +
Jordan Haberfield (Agile Elephant), SVP of [http://www.systemoneservices.com/ System One]<br>
 +
<br>
 +
DETECTING BACKDOORS IN WEB APPLICATIONS<br>
 +
Chris Wysopal CTO, [http://www.veracode.com/ Veracode]<br>
 +
<br>
 +
'''Agenda: Monday, April 13th 2009'''<br>
 +
<br>
 +
AGILE SOFTWARE DEVELOPMENT AND SECURITY: 4:00 - 6:45 PM<br>
 +
Scott Ambler, Agile Practice Leader, [http://www.ibm.com/ IBM]<br>
 +
Powerpoint presentation is located [http://www.owasp.org/images/f/f1/Ambler_Agile_Security_2009_04_14.pdf here]<br>
 +
<br>
 +
'''Agenda: Tuesday, February 10th 2009'''<br>
 +
<br>
 +
OPEN SOURCE IDENTITY SERVICES (The Higgins Project)<br>
 +
Mary Ruddy, [http://www.meristic.com/index.php Meristic]<br>
 +
<br>
 +
ENABLING STRONGER/MULTI-FACTOR AUTHENTICATION FOR ENTERPRISE APPLICATIONS <br>
 +
Ramesh Nagappan, Security Architect at [http://www.sun.com/ Sun Microsystems]<br>
 +
<br>
 +
STATE OF WEB APPLICATION SECURITY<br>
 +
Gunnar Peterson, CTO of [http://www.artecgroup.net/ Artec Group] and Twin Cities OWASP <br>
 +
<br>
 +
'''Agenda: Wednesday, November 11th 2008'''<br>
 +
<br>
 +
LIGHTWEIGHT SECURITY USING IDENTITY-BASED ENCRYPTION: 6:00 - 7:00 PM<br>
 +
Richard Eisenberg, Architect at [http://www.voltage.com/ Voltage Security]<br>
 +
<br>
 +
'''Agenda: Wednesday, September 24th 2008'''<br>
 +
<br>
 +
TOP TEN BOGUS TECH QUOTES OF THE YEAR: 6:00 - 6:45 PM<br>
 +
Paul Roberts, Industry Analyst, [http://www.the451group.com/ The 451 Group]<br>
 +
Powerpoint presentation is located [https://www.owasp.org/images/c/c6/OWASP-Hartford-Oct08-451Group.ppt here]<br>
 +
<br>
 +
MAKING APPLICATIONS SECURE BY REMOVING SECURITY: 6:45 - 7:30 PM<br>
 +
Andrew Stone, Senior Manager, [http://www.accenture.com/ Accenture]<br>
 +
Powerpoint presentation is located [https://www.owasp.org/images/0/01/OWASP-Hartford-Oct08-Accenture.ppt here]<br>
 +
<br>
 +
'''Agenda: Wednesday, June 11th 2008'''<br>
 +
<br>
 +
CARDSPACE AND USER CENTRIC IDENTITY<br>
 +
Chris Winn, Security Evangelist, [http://www.microsoft.com/ Microsoft]<br>
 +
<br>
 +
IDENTITY GOVERNANCE FRAMEWORK<br>
 +
Prateek Mishra, Product Manager, [http://www.oracle.com/ Oracle]<br>
 +
Powerpoint Presentation is [https://www.owasp.org/images/2/2c/IGF-Overview-Hartford-May-00.ppt here] <br>
 +
<br>
 +
'''Agenda: Wednesday, April 30th 2008'''<br>
 +
<br>
 +
THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES<br>
 +
Anton Chuvakin, Chief Logging Evangelist, [http://www.loglogic.com/ LogLogic]<br>
 +
<br>
 +
KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE<br>
 +
Jack Danahy, CTO and Founder, [http://www.ouncelabs.com/ Ounce Labs]<br>
 +
<br>
 +
'''Agenda: Thursday, February 28th 2008'''<br>
 +
<br>
 +
HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY<br>
 +
Chenxi Wang, Principal Analyst, [http://www.forrester.com/ Forrester Research]<br>
 +
<br>
 +
EXPLOITING ONLINE GAMES<br>
 +
Gary McGraw, CTO,  [http://www.cigital.com/ Cigital]<br>
 +
<br>
  
 
== Locations ==
 
== Locations ==
  
All meetings are held at the headquarters of [http://www.thehartford.com/ The Hartford Financial Services Group] (The Hartford), One Hartford Plaza, Hartford CT 06115 in the Tower Building, Atrium Conference Room. Free parking is available in our Tower Ramp Garage.
+
All meetings are held at the headquarters of [http://www.travelers.com/ Travelers Insurance] 45 Central Row, Hartford CT 06103 (Entrance is between Dunkin Donuts and CVS pharmacy). Free parking is available in their Propspect Street Garage (Next to Hartford Club).
  
 +
[[Category:OWASP Chapter]]
 +
[[Category:United_States]]
 
[[Category:Connecticut]]
 
[[Category:Connecticut]]

Latest revision as of 13:45, 13 June 2019

OWASP Hartford

Welcome to the Hartford chapter homepage. The chapter leaders are James McGovern and Alvin Fong


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Meetup link

Most of our chapter event coordination is done via meetup. Hit the link for the latest:

https://www.meetup.com/Hartford-Cyber-Security-Meetup-OWASP/events/248771357/

Sponsors

We would like to thank Travelers Insurancefor their generous sponsorship and helping make application security visible...

If you would like to sponsor either the food and/or door prizes for an upcoming meeting, please email Alvin Fong with your proposal. Independent of any financial considerations, sponsorship priority is driven by those who drive participation in OWASP to their employees and customers.

Call for Sponsors/Speakers

This is a call for speakers/papers. If we haven't approached you, but you believe you have a significant discovery or new research that the security community would value, or enjoy hearing about, we invite you to submit your presentation topic for serious consideration. Preference will be given to speakers who can present new and innovative technical content to a broad audience. Of course, all presentations are expected to challenge the brightest and quickest of attendees - we wouldn't have it any other way.

OWASP is not a vendor fair. Consequently, there will be very little tolerance for commercial content within presentations. Attendees will be encouraged to quell any shameless marketing that is not immediately backed up with rationale for its inclusion.

Some topics of interest for upcoming meetings include (but are not limited to):

  • Risk Rating Methodologies
  • Internet of Things (IOT) Security

Upcoming Events

DevOps vs. the "Security People"

Date/Time: Friday, 6/21 1-3pm

Location: Travelers CRM-1, 45 Central Row, Hartford, CT 06103

Agenda:

1pm: "DevOps vs “Security People"

In 2019, surveys are saying that 90% of Fortune 500 plan on using containers and things like Kubernetes, yet there’s still a divide between what “security people” see that containers provide and what DevOps teams see. Kubernetes has become the defacto standard for production container deployments and there are 98 different options (as of February 2019) for hosted Kubernetes clouds. In many cases a Kubernetes threat model becomes compromised either by accident or by alibi and even if you wanted to harden your environment, there’s little guidance. Is there truly such a thing as a Kubernetes best practice? How can Kubernetes handle multiple tenants in a cluster? Do hosted Kubernetes services provide enough security for your work load? This talk will explore Kubernetes’ known attack vectors, defenses, and see how we can bridge the silos between security engineers and developers to help in the future.

2pm: panel / chapter meeting TBD

3pm: networking

Speaker: Mark Manning is a Principal Security Consultant with NCC Group and a lead in their Container Practice. He focuses on container technologies, Linux kernel security, and application security, in general. He has performed penetration tests to breakout from containers, delivered architecture reviews of devops environments, and worked with developers on various container and orchestration technologies such as Docker, Kubernetes, Mesos/Marathon, as well as Rancher. Mark currently organizes Rochester 2600 has also organized BSidesROC from 2010 through 2018.

Parking info: File:Hartford-parking-map.pdf

Past Events

Saturday, November 3, 2018

9:00AM-5:00PM

OWASP @ bSides CT - Sat, Nov 3rd - Fairfield, CT

The local BSides Security conference in CT is taking place Sat, Nov 3, 2018 in Fairfield, CT. Their CFP is out, and I would encourage you to submit a talk. Tickets are available for the actual conference are $20 and can be purchased here: https://www.eventbrite.com/e/bsides-ct-2018-tickets-49521252399

The conference will feature speakers, workshops, CTF (with prizes!), lightning talks, and an after-party.

Schedule updates and additional info: www.bsidesct.org

About BSides:

Security BSides is a community-driven framework used to build events for and by information security community members, events where individuals have opportunities to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense experience designed to expand the spectrum of conversation beyond the traditional confines of space and time with discussions, demos, and participant interaction. It’s where conversations on the next big thing are happening

About Fairfield University:

Fairfield University sits on the Connecticut coast and is conveniently located ½ mile from the train station offering a central location for all attendees, whether taking public transit, train, or driving. The Amtrak and MTA access means we’re close enough to New York City to turn a day trip into an adventure, yet far enough to make Fairfield seem like a completely different world. BSides Connecticut provides a much-needed link between information security professionals and the Connecticut technology community by offering a forum for collaborative presentations, information exchange, and ideas.

Agenda:

11AM-12PM

Fairfield U - Day in the Life of a CyberSecurity Professional

As part of our Academic initiative to partner with local colleges/universities, Fairfield University CISO Bill Reyor, has invited OWASP to Fairfield University this coming Friday Oct 12 @ 11am at the Fairfield University DiMenna-Nyselius Library on 5171, 1073 N Benson Rd, Fairfield, ct, 06824.

This session is oriented toward college students and new college graduates exploring computer security ("cybersecurity") as a career path. We plan to discuss:

*The State of Computer Security Employment and need for diversity to solve tomorrow's security challenges (It's not all Computer Science)

*Profiles of Computer Security Career Paths

*The Day in the Life of a Security Professional, by your truly.

*The need for Business, Medical, and Technology undergraduates and graduates to work together as security becomes an increasingly interdisciplinary challenge

Call to action:

For area security professionals with open reqs for new/college-hires, please reach out in advance or connect me with your HR point of contact so that we can share opportunities with students that attend and are actively looking for local opportunities.

Agenda:

2PM - 4PM

2-3pm: Yaxa (Startup security spotlight) - Kalpesh Sheth

*Introduction to Yaxa, part of Hartford's InsurTech startup accelerator

*Emerging trends in cyber threat vectors

*Which tools people are using and what security vendors are doing?

*What is state of the art – when hackers are changing their TTPs?

*Why users are the weakest link and what to do about it?

3-4pm: OWASP CT Chapter Meeting (2018 community initiatives)

*Who's hiring? Help

*What topics/challenges are security practitioners having and looking for assistance with?

*Community initiatives - What would folks like to see OWASP and local CT members doing?

*Cool vendors

*Blockchain Security Thinking

4pm: Networking / HH

City Steam Brewery

942 Main St, Hartford, CT 06103

Map: https://goo.gl/maps/ecN5G9BvjoK2

About Kalpesh Sheth:

With 20+ years of technical expertise in data networking, network security, Intelligence Surveillance and Reconnaissance (ISR), and Cluster Computing, Kalpesh Sheth has been an instrumental leader in the execution of several complex development projects from inception to deployment. Sheth has served as a founding team member and senior executive at several successful startups and large companies. Before co-founding Yaxa, Sheth was Senior Technical Director at DRS Technologies (acquired by Finmeccanica S.p.A.), Director at RiverDelta Networks (acquired by Motorola and now part of Arris) and fifth employee of Digital Technology (acquired by Agilent Technologies). He is a co-author of VITA 41.6 an ANSI standard, and has spoken at numerous trade conferences as an expert panel member. Sheth holds M.S. in Computer Science from Texas A&M University, and an MBA from MIT Sloan School of Management.

What to bring

*Ideas for community-based 2018 initiatives

*Security questions you're looking for help from other security pros in the area

Agenda: Saturday, Oct 7th 2017
9:00AM - 6:00PM
OWASP @ BSidesCT: Accelerating & Pivoting your Security Career

Presentation: https://www.owasp.org/images/3/3b/OWASP_CT_bSides_100717.4_compressed.pdf

Video: https://www.youtube.com/watch?v=_gF1ZL0lcz4

James and I will be presenting on Accelerating and Pivoting your security career.

Title: Accelerating and Pivoting your Security Career

Abstract: This talk is for folks either trying to identify paths into the InfoSEC space, and for experienced security professionals trying to pivot and jump start alternative security career paths. We'll map out different career paths and identify key skills for success, discuss how to build them, and resources you can take advantage of locally here in CT.

Agenda: Thursday, Jun 15th 2017
6:00PM - 9PM
Wireless Security Workshop

Presentation: File:OWASP Wireless Security 101.pdf

This session will take a departure from some of our recent OWASP sessions. The hosts at MakeHartford have generously offered their classroom space for this security lab session/workshop coming out of the OWASP pen-testing initiative group. Jon Williams will be presenting and demonstrating some fundamental wireless security concepts. Depending on time and if we get access to some COTS routers, we may also try to do some hands-on wireless security testing. Plan on bringing your laptop and spare wireless router if you can. This session is oriented toward folks looking to learn about wireless security and getting introduced to wireless security concepts for the first time.

Note: Due to the classroom size, we're limiting this to the first 20 participants.

Agenda:

  • Overview: Wireless security concepts
  • Remote access, Local network - encrypted and unencrypted
  • Wireless attacks:
  • Rogue access point, MiTM, Session Hijacking, Radio monitoring, Session theft
  • Review: Risks to remote workers
  • Game time: defensive techniques
  • Demonstration: Wireless Man-in-the-Middle and Rogue AP

About Jon Williams:

Jon Williams hails from Cheshire, CT, where he lives with his wife and daughter and works from home as Security Administrator for IGG Software. A taste for adventure has carried him far, from the islands of the Bahamas where he worked towards building an eco-hostel, to the deserts of Egypt where he taught children at environmental leadership camps, to the high seas where he circumscribed the globe in a steamship. His passion for technology led him into the security field, where he now spends an unhealthy proportion of his time trying to break computer systems so that others might improve them. He recently attained a CISSP certification and actively contributes to projects at OWASP Hartford

Agenda: Wednesday, Apr 26th 2017
6:30PM - 9PM
OWASP @ MakeHartford
Presentation: File:OWASP Hartford pen-test lab intiative 20170322.pdf

We've got a new team working on putting together a security / pen testing lab and security learning environment here in CT.  The goal is to have a place where we can create and share security and pen testing tips and tricks with our members, as well as using the lab as a means to bolster our outreach efforts to the colleges in the area.

We're going to use this initial session to explore the MakeHartford space and start building up that lab. If you're interested, we would love to see you at this session. Otherwise, shoot me an email and i'll keep you posted on working group meetings moving forward.

Thanks to the current volunteer team and Steve Yanicke @MakeHartford:

  • Dain Perkins 
  • Darin Wilborne 
  • Jon Williams 
  • Kevin Tobin 
  • Adam Haller 
  • Cameron Morris

Agenda: Wednesday, Mar 29th 2017
6:30PM - 9PM
OWASP UCONN
Presentation: https://www.owasp.org/images/e/ef/Hartford-UCONN-March-2017.pdf

The next OWASP Hartford chapter meeting will be held at the ITE Building Room 301 on the University of Connecticut Campus in Storrs. We are conducting an interactive session with students of the cybersecurity club and will be inviting participation from students attending Law, Business and Medical schools for an enlightening discussion on Healthcare Information Security. As usual, this event is kid-friendly and OWASP-approved with a healthy dose of FREE TO ATTEND sprinkled on top.

Agenda: Thursday, Sep 29th 2016
2PM - 4PM
Fraud Analytics
Presentation: File:Owasp Hartford - Exploring fraud analytics.pdf

The next OWASP Hartford chapter meeting will focus on Fraud Analytics. James Ruotolo from SAS will be joining us to discuss fraud analytics methodologies, fraud patterns in insurance. There will also be a walkthrough of Visualization technologies, Risk Scoring, and Cybersecurity.
File:Owasp Hartford - Exploring fraud analytics.pdf

Agenda:
Exploring Fraud Analytics
1. Introduction
a. Business analytics
b. Example fraud analytics use cases
2. Fraud analytics methodology
a. Detection techniques
b. Data management considerations
c. Deployment and operationalization
3. Case study: Fraud analytics in insurance
a. Visualization technology
b. Fraud risk scoring and alert triage
c. Cybersecurity
d. Example results
4. Q&A

About James Ruotolo:
James Ruotolo is the product line leader for the fraud and security intelligence solution portfolio at SAS®. He is responsible for product management and marketing of fraud detection and compliance solutions for the banking, insurance, healthcare and government industries. Before joining SAS®, James was the Director of Strategic Operations for the special investigation unit of a large multi-line US insurance company where he was responsible for investigative analytics and intelligence operations. He has nearly two decades of investigation and fraud analytics experience. Connect with him on Twitter @jdruotolo

Agenda: Thursday, May 26th 2016
Industry Cyber Security Panel

Brian Bemis – Travelers - Director of Application Security and Public Key Infrastructure
Brian’s area of focus includes Application security, penetration testing, network security, Secure SDLC, and certificates

Brian Heemsoth – Aetna – Director of Software and Mobile Security
Brian Heemsoth is responsible for designing and implementing security solutions with a user experience focus,
application security, mobile security and incident response.

Joe Niquette – UnitedHealth Group – Security Solutions Architect
Joe’s involved in security research and development and passionate about rugged DevOps.

Ankur Singhal – the Hartford – Manager Application Security
Ankur’s focus is web and mobile application security, security vulnerability management and remediation, Secure SDLC, PKI and cert management, Encryption at rest and most recently Security in DevOps

2:00 PM to 4:00 PM


This meeting will be held at Travelers, Hartford CT (Central Row Conference Room)

Agenda: Tuesday, February 9th 2016


Threat Modeling for Architects, Business Analysts and Quality Assurance Professionals’ Category
Robert Hurlbut
Independent software security consultant, architect and trainer
Hurlbut Consulting Services
6:00 PM to 7:00 PM

Future Direction of Chapter
James McGovern
7:00 PM to 7:30 PM

This meeting will be held at Travelers, Hartford CT (Central Row Conference Room)

Postponed Events

Agenda: Tuesday, April 16th 2013
Why We Need DevOps Now: A Fourteen Year Study Of High Performing IT Organizations
Gene Kim - CTO of Tripwire
This meeting will be held at Travelers in Downtown Hartford

Past Events

Agenda: Tuesday, May 27th 2014
OWASP Mobile Top Ten Risks 2014 – The New M10: ‘Lack of Binary Protection’ Category
Senior Security Engineer at Arxan Technologies
5:00 PM to 6:00 PM

IDaaS (Cloud) Landscape - Why Companies are Shifting Strategies Toward Cloud-Based Identity Management vs. Traditional Security Methods?
Tarek Khaled, Senior Security Engineer at Okta
6:00 PM to 7:00 PM

This meeting was held at Travelers, Hartford CT (Central Row Conference Room)

Agenda: Tuesday, October 22nd 2013
Mobile Security: Attacks and Defenses
Gene Meltser, Technical Director, Neohapsis Labs
5:00 PM to 6:00 PM

An Application Pen Tester's introduction to Android Internals
Tom Palarz, Senior Security Consultant, Neohapsis Labs
6:00 PM to 7:00 PM
This meeting was held at Travelers, Hartford CT (Central Row Conference Room)

Agenda: Tuesday, June 6th 2013
Building a Better Botnet
Michael Smith, Akamai
This meeting will be held at the Travelers in Hartford

Agenda: Tuesday, May 6th 2013
Web Services Security
James McGovern, HP Enterprise Services
This meeting was held at the ACORD LOMA Forum in Las Vegas

Agenda: Wednesday, April 24th 2013
Cloud and Identity
George Dobbs, Enterprise Architect - MassMutual
8:30 AM to Noon
This meeting was be held at IBM, 755 Main Street, Hartford CT (The Gold Building)

Agenda: Wednesday, October 24th 2012
International Institute of Business Analysts (IIBA) Joint Meeting
James McGovern - Introduction to Security for Business Analysts
This meeting was held at Chubb in Simsbury

Agenda: Wednesday, September 26th 2012
Joint Meeting with OWASP Student Chapter
Introduction to Network Security
Anthony DAmato

Agenda: Wednesday, May 23rd 2012
Introduction to SOA Security
James McGovern

Agenda: Tuesday, May 18th 2010
Joint Meeting with ISACA on the topic of auditing web applications

Dmitry Zhdanov presentation is located here
Mark Wireman presentation is located here
James Ritche presentation is located here
Mark Coderre presentation is located here

Agenda: Thursday, December 3rd 2009

SOCIAL MEDIA, PRIVACY AND BREACHES
Ian Glazer, Distinguished Industry Analyst Burton Group
Powerpoint presentation is located here

VANISH: MAKING DATA DISAPPEAR
George Dobbs, Chief Architect Knights of Columbus
Powerpoint presentation is located here

Agenda: Tuesday, November 17th 2009

ATTACK YOUR DATABASE BEFORE OTHERS DO
Todd Desantis, Lead Sales Engineer Sentrigo

Agenda: Tuesday, October 13th 2009

THE CONVERGENCE OF SECURITY AND PRIVACY: CLOUD COMPUTING
Michael Waidner, Distinguished IBM Engineer and Security CTO IBM

Agenda: Monday, September 14th 2009

OWASP: WHERE WE ARE AND WHERE WE ARE GOING
Tom Brennan, OWASP Board Member OWASP

WEB APPLICATION SECURITY ASSURANCE
Gregory Gotta, SVP Security CA

Agenda: Wednesday, June 10th 2009

THE ANATOMY OF SECURITY DISASTERS
Marcus Ranum, CSO of Tenable Security
Powerpoint presentation is located here

Agenda: Tuesday, April 30th 2009

RECRUITING ELITE IT TALENT
Jordan Haberfield (Agile Elephant), SVP of System One

DETECTING BACKDOORS IN WEB APPLICATIONS
Chris Wysopal CTO, Veracode

Agenda: Monday, April 13th 2009

AGILE SOFTWARE DEVELOPMENT AND SECURITY: 4:00 - 6:45 PM
Scott Ambler, Agile Practice Leader, IBM
Powerpoint presentation is located here

Agenda: Tuesday, February 10th 2009

OPEN SOURCE IDENTITY SERVICES (The Higgins Project)
Mary Ruddy, Meristic

ENABLING STRONGER/MULTI-FACTOR AUTHENTICATION FOR ENTERPRISE APPLICATIONS
Ramesh Nagappan, Security Architect at Sun Microsystems

STATE OF WEB APPLICATION SECURITY
Gunnar Peterson, CTO of Artec Group and Twin Cities OWASP

Agenda: Wednesday, November 11th 2008

LIGHTWEIGHT SECURITY USING IDENTITY-BASED ENCRYPTION: 6:00 - 7:00 PM
Richard Eisenberg, Architect at Voltage Security

Agenda: Wednesday, September 24th 2008

TOP TEN BOGUS TECH QUOTES OF THE YEAR: 6:00 - 6:45 PM
Paul Roberts, Industry Analyst, The 451 Group
Powerpoint presentation is located here

MAKING APPLICATIONS SECURE BY REMOVING SECURITY: 6:45 - 7:30 PM
Andrew Stone, Senior Manager, Accenture
Powerpoint presentation is located here

Agenda: Wednesday, June 11th 2008

CARDSPACE AND USER CENTRIC IDENTITY
Chris Winn, Security Evangelist, Microsoft

IDENTITY GOVERNANCE FRAMEWORK
Prateek Mishra, Product Manager, Oracle
Powerpoint Presentation is here

Agenda: Wednesday, April 30th 2008

THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES
Anton Chuvakin, Chief Logging Evangelist, LogLogic

KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE
Jack Danahy, CTO and Founder, Ounce Labs

Agenda: Thursday, February 28th 2008

HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY
Chenxi Wang, Principal Analyst, Forrester Research

EXPLOITING ONLINE GAMES
Gary McGraw, CTO, Cigital

Locations

All meetings are held at the headquarters of Travelers Insurance 45 Central Row, Hartford CT 06103 (Entrance is between Dunkin Donuts and CVS pharmacy). Free parking is available in their Propspect Street Garage (Next to Hartford Club).