Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
(11 intermediate revisions by 2 users not shown)
Line 37: Line 37:
 
<br>  
 
<br>  
  
== '''Next Meeting  Wednesday, March 20, 2013 6:15 PM:'''==
+
== '''Next Meeting  ''Wednesday, May 29, 2013 7PM'' Symantec Offices, Culver City'''==
*'''At: [http://maps.google.com/maps?q=3500+Ramona+Boulevard+%2C+Monterey+Park%2C+CA Luminaria's]'''
+
  
*3500 Ramona Boulevard , Monterey Park, CA [http://maps.google.com/maps?q=3500+Ramona+Boulevard+%2C+Monterey+Park%2C+CA map]
+
*''' -->Note the change in date, due to the ISSA Security Summit on May 21 ('''[http://www.issala.org/summit/ Have you REGISTERED]?)<--'''
  
*Note the change in date, as this is a joint meeting with ISSA
+
*''' ''Speaker: Steven Woodward'''
  
 +
*''' Topic:  Cloud Computing – Security and Interoperability Perspectives'''
  
 +
Many organizations are evaluating and migrating toward cloud computing solutions.  In 2013, some the key challenges pertain to security and interoperability.  Open cloud standards can help manage risks, while fostering efficient solution delivery.
  
== ''' Speaker: Garret Grajek''' ==
+
Steven Woodward shares updates from numerous international cloud standards related organizations. In Canada, he leads several of the cloud computing initiatives in both the private and public sectors.  This includes being one of the founding board members of the Cloud Security Alliance Canadian Chapter.
*''' Synopsis: '''
+
  
Securing Mobile Apps – that’s the big discussion today. The last couple of years enterprises have been attempting to meet this requirement by deploying client-intensive MDMs (Mobile Device Managers). This has left the apps being utilized by partners, suppliers and customers – completely unprotected. How do we meet the challenge of applying security authentication standards to these un-managed devices. This is what will be discussed/demo’d.
+
Steven describes key cloud ecosystems models; highlighting where security considerations fit, along with different perspectives on interoperability. Several real-life scenarios will be used, highlighting cloud concepts, security, interoperability and the impacts these can have on commitments (functionality, costs, time-to-value and quality).   Service Agreements and Service Level Agreements will also be addressed to identify where you may find security and interoperability considerations specified in the contracts.
  
Presentation Break-Out:
+
The presentation is designed to be interactive and will include some group activities to generate discussions and identify practical solutions.
  
''' Title: Securing Mobile Apps for the Enterprise '''
+
Attendees of the presentation will leave with a better understanding of cloud security and interoperability considerations, plus be aware of reference material and models that help address those challenges.
  
*''' Agenda: '''
+
*''' Bio: '''Steven Woodward'''
  
I. The Condudrum: Secure the Phone or the App?
+
Steven Woodward is CEO and founder of Cloud Perspectives and is the Canadian Cloud Council Director of Cloud Governance. He was recently announced as the Chief Cloud Officer for “the Politburo”, a new innovative cloud provider based in Canada.  He is a leading contributor to the National Institute of Standards for Technology (NIST), TM Forum, Object Management Group Cloud Standards Customer Council and the International Telecommunication Union (ITU) Joint Collaboration Activity cloud computing working groups.
  
II. History: SMS (System Manangement Server) vs WAM
+
Steven represents the Canadian Advanced Technology Alliance at the Shared Services Canada Architecture Advisory Committee and is helping define the Canadian Federal Government Cloud Computing Strategy. In addition to cloud standards and best practices guides, he authored the “Cloud Measurement” chapter in the 2012 CRC Press published book, “The IFPUG Guide to IT and Software Measurement.”  In 2010 he was elected to the International Function Point Users Group (IFPUG) board of directors, where he is responsible for conferences and formed a, IFPUG metrics cloud computing community.
  
III. Now: MDM vs MAM (Mobile Appplication Managemnt)
+
A frequent international instructor, presenter and leader, he continues fostering cloud collaboration in the industry and academia.  From Los Angeles, he is travelling to Maui as keynote at the IEEE System of Systems Engineering conference.
  
IV: Advantage of App-Centric Security (MAM)
+
== '''Sponsor: Qualys, Inc.'''==
  
- Modifiable Authentication
+
'''[http://www.qualys.com Qualys, Inc.]
  
- No Agent needed
+
On Demand Security.
 
+
- No update needed of client software for workflow/Auth change
+
 
+
V: Demo of MAM
+
 
+
VI Q.A.
+
 
+
*''' Bio: '''
+
 
+
Garret Grajek, CTO / COO, SecureAuth Corporation.
+
 
+
Garret Grajek is a CISSP-certified security engineer with more than 20 years of experience in the information security and authentication space. As Chief Technical Officer and Chief Operating Officer for SecureAuth Corporation, Garret is responsible for the strategic direction of the company’s Identity Enforcement product offerings.
+
 
+
Prior to co-founding SecureAuth, Grajek held leadership roles at some of the world’s leading technology companies including Cisco and IBM, where he was responsible for consumer and network security products. He also served as western region lead field engineer for RSA Security.
+
 
+
Grajek also worked at Netegrity where he was responsible for field implementation of Access Control products and led installations of SiteMinder, the security suite that controls all user access to the E*Trade Financial Services web site. Netegrity became the standard for internet access control and was acquired by CA.
+
 
+
He began his career as an entrepreneur and founder of an independent programming company that specialized in operating systems and network utilities. A pioneer in the use of the Linux operating system in enterprise environments, Grajek was responsible for the successful completion of numerous projects for IBM, Texas Instruments, Tandem Computers.
+
 
+
Grajek holds bachelor’s degree in computer science from the University of Texas at Austin.
+
 
+
== '''Sponsor: Security Innovation'''==
+
 
+
[https://www.securityinnovation.com/ Security Innovation]
+
 
+
The Application Security Company
+
 
+
Reduce Application Security Risk
+
 
+
Security Innovation focuses on the most difficult IT Security problem, and the root cause of most data breaches – insecure applications. Their solutions are based on the three pillars of a secure SDLC, which feed into one another to create an ecosystem of repeatable, secure software development: ''' [https://www.securityinnovation.com/solutions/standards-and-process.html Standards] ''', ''' [https://www.securityinnovation.com/solutions/education.html Education] ''' and ''' [https://www.securityinnovation.com/solutions/assessment.html Assessment] '''
+
  
 
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/ =====
 
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/ =====
Line 109: Line 79:
  
 
== '''Other Events'''  ==
 
== '''Other Events'''  ==
*''' [http://www.socallinuxexpo.org/scale11x The Eleventh Annual Southern California Linux Expo February 22-24, 2013 Hilton Los Angeles International Airport] '''
 
  
*''' [http://www.issala.org/summit/ Early Bird Registration now open for the ISSA LA Security Summit May 21 at the Universal City Hilton] '''
+
*''' [http://www.issala.org/summit/ Registration now open for the ISSA LA Security Summit May 21 at the Universal City Hilton] '''
 +
Come see the Opening Keynote by Obama's first Cybersecurity Czar, Howard Schmidt; an OWASP Top Ten session by Jim Manico; a CISO and a Law Enforcement Panel; and much more!
  
 +
*''' [http://www.appsecusa.org/2013/ AppSec USA 2013, NYC November 18-21 at Marriott, NYC] '''
 +
AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices.
  
 
== Archives of Previous Meetings  ==
 
== Archives of Previous Meetings  ==
 +
[[Los Angeles/2013 Meetings|2013 Meetings]]
 +
 
[[Los Angeles/2012 Meetings|2012 Meetings]]  
 
[[Los Angeles/2012 Meetings|2012 Meetings]]  
  

Revision as of 03:21, 9 May 2013

Welcome to the Los Angeles Chapter!

Donatenow.jpg

Single Meeting Supporter: Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission

Get the following benefits::

- Meet upwards of 60-90 potential new clients
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site(Image size for logos: gif, jpg or png with a size of 150px X 45px at 72dpi or 55px X 80px at 72dpi) 
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
- Have a table at local chapter meeting 
- Promote your products and services
- Bring a raffle prize to gather business cards

Contact us #Los Angeles Chapter for general questions relating to sponsorship and donations

Announcements

Change in Leadership

Tin Zaw has been a strong and effective visionary President and Leader for OWASP Los Angeles for several years. He will remain an active member of the Board, but effective January 1, 2013, Tin will be stepping down as Leader. Richard Greenberg -- Current Board Member, will assume this role going forward. We give our thanks to Tin for his efforts and dedication and look forward to the new year under Richard's leadership.


logo.png

We are on Meetup. Please join our community there.

If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer.
http://www.meetup.com/OWASP-Los-Angeles/


Become an OWASP Member TODAY

Support your LA Chapter: only $50 for the entire year!
https://www.owasp.org/index.php/Individual_Member


Next Meeting Wednesday, May 29, 2013 7PM Symantec Offices, Culver City

  • -->Note the change in date, due to the ISSA Security Summit on May 21 (Have you REGISTERED?)<--
  • Speaker: Steven Woodward
  • Topic: Cloud Computing – Security and Interoperability Perspectives

Many organizations are evaluating and migrating toward cloud computing solutions. In 2013, some the key challenges pertain to security and interoperability. Open cloud standards can help manage risks, while fostering efficient solution delivery.

Steven Woodward shares updates from numerous international cloud standards related organizations. In Canada, he leads several of the cloud computing initiatives in both the private and public sectors. This includes being one of the founding board members of the Cloud Security Alliance Canadian Chapter.

Steven describes key cloud ecosystems models; highlighting where security considerations fit, along with different perspectives on interoperability. Several real-life scenarios will be used, highlighting cloud concepts, security, interoperability and the impacts these can have on commitments (functionality, costs, time-to-value and quality). Service Agreements and Service Level Agreements will also be addressed to identify where you may find security and interoperability considerations specified in the contracts.

The presentation is designed to be interactive and will include some group activities to generate discussions and identify practical solutions.

Attendees of the presentation will leave with a better understanding of cloud security and interoperability considerations, plus be aware of reference material and models that help address those challenges.

  • Bio: Steven Woodward

Steven Woodward is CEO and founder of Cloud Perspectives and is the Canadian Cloud Council Director of Cloud Governance. He was recently announced as the Chief Cloud Officer for “the Politburo”, a new innovative cloud provider based in Canada. He is a leading contributor to the National Institute of Standards for Technology (NIST), TM Forum, Object Management Group Cloud Standards Customer Council and the International Telecommunication Union (ITU) Joint Collaboration Activity cloud computing working groups.

Steven represents the Canadian Advanced Technology Alliance at the Shared Services Canada Architecture Advisory Committee and is helping define the Canadian Federal Government Cloud Computing Strategy. In addition to cloud standards and best practices guides, he authored the “Cloud Measurement” chapter in the 2012 CRC Press published book, “The IFPUG Guide to IT and Software Measurement.” In 2010 he was elected to the International Function Point Users Group (IFPUG) board of directors, where he is responsible for conferences and formed a, IFPUG metrics cloud computing community.

A frequent international instructor, presenter and leader, he continues fostering cloud collaboration in the industry and academia. From Los Angeles, he is travelling to Maui as keynote at the IEEE System of Systems Engineering conference.

Sponsor: Qualys, Inc.

Qualys, Inc.

On Demand Security.

Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/


Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Richard Greenberg. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.


Other Events

Come see the Opening Keynote by Obama's first Cybersecurity Czar, Howard Schmidt; an OWASP Top Ten session by Jim Manico; a CISO and a Law Enforcement Panel; and much more!

AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices.

Archives of Previous Meetings

2013 Meetings

2012 Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

List of presentations available from past meetings


Los Angeles Chapter

Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker
Volunteer OWASP Wiki: Mike Francis
The Los Angeles chapter was founded by Cassio Goldschmidt.


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!

Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg