Difference between revisions of "OWASP Minneapolis St Paul 2009 Conference"

From OWASP
Jump to: navigation, search
m (Adding NetSPI logo.)
m (fixed typo)
 
(17 intermediate revisions by 2 users not shown)
Line 1: Line 1:
The [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (MSP) chapter]] is pleased to announce an afternoon of information security presentations on August 24, 2009 at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus.
+
The [[Minneapolis St Paul | OWASP Minneapolis-St. Paul (OWASP MSP) chapter]] wants to say thanks again for another year to all who joined us for an afternoon of information security presentations on August 24, 2009 at the [http://www1.umn.edu/twincities/maps/StCen/StCen-map.html St. Paul Student Center] [http://www.spsc.umn.edu/about/directory/lower.php Auditorium/Theater] on the [http://www1.umn.edu/twincities/index.php University of Minnesota - Twin Cities] campus. '''[http://vimeo.com/channels/owaspmsp Watch the video at Vimeo]'''.
  
Presentations will be posted shortly after the event. Links to the presentation material will be provided below at that time.
 
  
 +
== Thank You to Our Sponsors ==
  
== Registration and Directions to Event ==
 
  
[http://owaspmn.eventbrite.com/ '''Register''']
 
  
[http://maps.google.com/maps?q=2017+Buford+Avenue+St.+Paul,+MN+55108&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&ei=KahSStPfHJK4Ncr0mN8I&z=16&iwloc=A Google Maps directions to the St. Paul Student Center]
+
Contact '''[mailto:lorna.alamri@owasp.org Lorna]''' at '''[mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org]''' to sponsor future events.
  
 +
A big thank you goes out to the '''Office of Internal Audit and OIT Security at the University of Minnesota''' for sponsoring the event location.
  
== Thank You to Our Sponsors ==
+
A special thank you goes out to Platinum Sponsors '''[http://www.bestbuy.com/ Best Buy]''', '''[http://www.strategicit.org/ Center for Strategic Information Technology and Security (MnSCU)]''', and '''[http://www.go-integral.net/ Integral]'''.
  
  
 +
[[Image:Best_Buy_logo.jpg|link=http://www.bestbuy.com/]]      [[Image:Center_for_strategic_it_n_security.png|60px|link=http://www.strategicit.org/]]      [[Image:Integral_logo.png|90px|link=http://www.go-integral.net/]]
  
Contact '''[mailto:lorna.alamri@owasp.org Lorna]''' at '''[mailto:lorna.alamri@owasp.org lorna.alamri@owasp.org]''' to sponsor this event.
 
 
A big thank you goes out to the '''Office of Internal Audit and OIT Security at the University of Minnesota''' for sponsoring the event location.
 
  
 
Thank you to the following sponsors for their financial support of this event and the OWASP MSP chapter!
 
Thank you to the following sponsors for their financial support of this event and the OWASP MSP chapter!
  
  
[[Image:Integral_logo.png|100px|link=http://www.go-integral.net/]] [[Image:New_Symantec_Logo.jpg|link=http://www.symantec.com/]] [[Image:Imperva_Logo.gif|link=http://www.imperva.com/]] [[Image:secure360_logo.png|link=http://www.secure360.org/]]
+
[[Image:Integral_logo.png|114px|link=http://www.go-integral.net/]] [[Image:New_Symantec_Logo.jpg|link=http://www.symantec.com/]] [[Image:Imperva_Logo.gif|link=http://www.imperva.com/]] [[Image:secure360_logo.png|link=http://www.secure360.org/]]        [[Image:Center_for_strategic_it_n_security.png|100px|link=http://www.strategicit.org/]]
 +
 
 +
 
 +
[[Image:Breach_logo.gif‎|link=http://www.breach.com/]]      [[Image:Netspi_logo.png|120px|link=http://www.netspi.com/]]                 [[Image:F5_logo.png|80px|link=http://www.f5.com/]]                  [[Image:Mn-issa_logo.png|120px|link=http://www.mn-issa.org/]]         [[Image:Fortify_Logo_(Medium).jpg|125px|link=http://www.fortify.com/]]
 +
 
  
 +
== Social Media ==
  
[[Image:Center_for_strategic_it_n_security.png|100px|link=http://www.strategicit.org/]]      [[Image:Breach_logo.gif‎|link=http://www.breach.com/]]      [[Image:Netspi_logo.jpg|link=http://www.netspi.com/]]
+
'''Share''' the OWASP MSP 2009 Half Day Conference on your favorite social media sites:
  
 +
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference&summary=The%20%20OWASP%20Minneapolis-St.%20Paul%20(MSP)%20chapter%20is%20pleased%20to%20announce%20an%20afternoon%20of%20information%20security%20presentations%20on%20August%2024%2C%202009%20at%20the%20St.%20Paul%20Student%20Center%20Auditorium%2FTheater%20on%20the%20University%20of%20Minnesota%20-%20Twin%20Cities%20campus.%20&source=OWASPMSP]]
 +
[[Image:Twitter_mini.png|link=http://twitter.com/home?status=OWASP%20MSP%202009%20Conference%20-%2024%20August%202009%20-%20http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference]] [[Image:Facebook_mini.png|link=http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]] [[Image:Digg_mini.png|link=http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference&bodytext=The%20%20OWASP%20Minneapolis-St.%20Paul%20(MSP)%20chapter%20is%20pleased%20to%20announce%20an%20afternoon%20of%20information%20security%20presentations%20on%20August%2024%2C%202009%20at%20the%20St.%20Paul%20Student%20Center%20Auditorium%2FTheater%20on%20the%20University%20of%20Minnesota%20-%20Twin%20Cities%20campus.%20]] [[Image:Delicious_mini.png|link=http://del.icio.us/post?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]] [[Image:Reddit_mini.png|link=http://reddit.com/submit?url=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&title=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]] [[Image:Myspace_mini.png|link=http://www.myspace.com/Modules/PostTo/Pages/?l=1&u=http%3A%2F%2Fwww.owasp.org%2Findex.php%2FOWASP_Minneapolis_St_Paul_2009_Conference&t=OWASP%20Minneapolis-St.%20Paul%20(OWASP%20MSP)%202009%20Half%20Day%20Conference]]
  
== Agenda ==
 
<table width="80%" border="0">
 
<tr>
 
<td style="background-color:#AEB7D5; padding: 5px; width: 120px">12:30 PM - 1:30 PM</td>
 
<td style="border-width:1px; padding: 5px; border-style:solid; border-color: #AEB7D5">Check-In</td>
 
</tr>
 
  
<tr>
+
'''Follow''' OWASP MSP on your favorite social media sites:
<td  style="background-color:#AEB7D5; padding: 5px;">1:30 PM - 1:45 PM</td>
+
<td style="border-width:1px; padding: 5px; border-style:solid; border-color: #AEB7D5">
+
'''Kuai Hinojosa'''
+
  
OWASP MSP President
+
[[Image:Linkedin_mini.png|link=http://www.linkedin.com/groupInvitation?groupID=2184116]]
 +
[[Image:Twitter_mini.png|link=http://twitter.com/owaspmsp]] [[Image:Facebook_mini.png|link=http://www.facebook.com/pages/OWASP-Minneapolis-St-Paul-OWASP-MSP-OWASPMSP/113583361381]] [[Image:Digg_mini.png|link=http://digg.com/users/owaspmsp]] [[Image:Delicious_mini.png|link=http://delicious.com/owaspmsp]] [[Image:Reddit_mini.png|link=http://www.reddit.com/user/owaspmsp]] [[Image:Myspace_mini.png|link=http://www.myspace.com/owaspmsp]]
  
'''Topic:''' Event Introduction
 
  
The OWASP MSP chapter has had a successful year, and will be looking ahead to even more participation in the global OWASP community.
 
  
'''Bio:''' Speaker provided bio.
+
== Agenda  ==
</td>
+
</tr>
+
  
<tr>
+
* Talks now available on [http://vimeo.com/channels/owaspmsp Vimeo Video Archive ]
<td style="background-color:#AEB7D5; padding: 5px;">1:45 PM - 2:30 PM</td>
+
<td style="border-width:1px; padding: 5px; border-style:solid; border-color: #AEB7D5">
+
'''Seth Peter'''
+
  
Chief Technology Officer, [http://www.netspi.com/ NetSPI]
+
{| border="0" width="80%"
 +
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213); width: 120px;" | 12:30 PM - 1:30 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Check-In
 +
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:30 PM - 1:45 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |
 +
'''Kuai Hinojosa'''
  
'''Topic:''' The Developers Guide to PCI DSS and PA-DSS Requirements
+
OWASP MSP President  - [http://vimeo.com/6502372 Video Archive ]
  
The Payment Card Industry (PCI) Data Security Standard (DSS) has a large number of requirements pertaining to the development and maintenance of payment applications.  The requirements span development, maintenance, support, access controls, auditing & logging, security awareness, assessment, and policies.  Not only does this apply to the systems within a cardholder environment but also to supporting applications and your organization’s overall SDLC.  Furthermore, these application specific requirements are often overlooked or misunderstood by development and information security departments.  Within this presentation, we will review the most relevant PCI requirements that developers and application owners must focus on and how your organization can confidently comply.
+
'''Topic:''' Event Introduction
  
'''Bio:''' (From [http://www.nesspi.com/ netspi.com]) ''Seth Peter is a computer security expert with extensive experience with all aspects of information security. He was a founder of the computer forensics team at Kroll Ontrack where he provided expert witness testimony and depositions regarding high profile computer security cases. As the founder and CTO of NetSPI, he is a national leader in risk management and security program assessment. Seth has provided consulting to over 100 different organizations within financial services, government, health care, education, nuclear energy, and retail. Seth is a Payment Card Industry Qualified Security Assessor and Visa Qualified Payment Application Security Professional. Seth holds a B.A. degree in Mathematics from Kenyon College.''
+
The OWASP MSP chapter has had a successful year, and will be looking ahead to even more participation in the global OWASP community.
</td>
+
|-
</tr>
+
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 1:45 PM - 2:30 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |
 +
'''Seth Peter'''  
  
<tr>
+
Chief Technology Officer, [http://www.netspi.com/ NetSPI] - [http://vimeo.com/6495344 Video Archive ]
<td style="background-color:#AEB7D5; padding: 5px;">2:30 PM - 2:45 PM</td>
+
<td style="border-width:1px; padding: 5px; border-style:solid; border-color: #AEB7D5">Break</td>
+
</tr>
+
  
<tr>
+
'''Topic:''' The Developers Guide to PCI DSS and PA-DSS Requirements
<td style="background-color: #AEB7D5; padding: 5px;">2:45 PM - 3:30 PM </td>
+
<td style="border-width:1px; padding: 5px; border-style:solid; border-color: #AEB7D5">
+
'''Pravir Chandra'''
+
  
Director of Strategic Services, [http://www.fortify.com/ Fortify]
+
The Payment Card Industry (PCI) Data Security Standard (DSS) has a large number of requirements pertaining to the development and maintenance of payment applications. The requirements span development, maintenance, support, access controls, auditing &amp; logging, security awareness, assessment, and policies. Not only does this apply to the systems within a cardholder environment but also to supporting applications and your organization’s overall SDLC. Furthermore, these application specific requirements are often overlooked or misunderstood by development and information security departments. Within this presentation, we will review the most relevant PCI requirements that developers and application owners must focus on and how your organization can confidently comply.  
  
'''Topic:''' Software Assurance Maturity Model (OpenSAMM)
+
'''Bio:''' (From [http://www.nesspi.com/ netspi.com]) ''Seth Peter is a computer security expert with extensive experience with all aspects of information security. He was a founder of the computer forensics team at Kroll Ontrack where he provided expert witness testimony and depositions regarding high profile computer security cases. As the founder and CTO of NetSPI, he is a national leader in risk management and security program assessment. Seth has provided consulting to over 100 different organizations within financial services, government, health care, education, nuclear energy, and retail. Seth is a Payment Card Industry Qualified Security Assessor and Visa Qualified Payment Application Security Professional. Seth holds a B.A. degree in Mathematics from Kenyon College.''
  
The Software Assurance Maturity Model (SAMM) ([http://www.opensamm.org/ http://www.opensamm.org/]) is a flexible and prescriptive framework for building security into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit [http://www.opensamm.org/ http://www.opensamm.org/].
+
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:30 PM - 2:45 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break
 +
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 2:45 PM - 3:30 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" |
 +
'''Pravir Chandra'''
  
'''Bio:''' (From [http://www.fortify.com/ fortify.com]) ''Pravir Chandra is Director of Strategic Services at Fortify Software and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.''
+
Director of Strategic Services, [http://www.fortify.com/ Fortify] - [http://vimeo.com/6495398 Video Archive ]
</td>
+
</tr>
+
  
<tr>
+
'''Topic:''' Software Assurance Maturity Model (OpenSAMM)
<td style="background-color:#AEB7D5; padding: 5px;">3:30 PM - 3:45 PM</td>
+
<td style="border-width:1px; padding: 5px; border-style:solid; border-color: #AEB7D5">Break</td>
+
</tr>
+
  
<tr>
+
The Software Assurance Maturity Model (SAMM) ([http://www.opensamm.org/ http://www.opensamm.org/]) is a flexible and prescriptive framework for building security into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit [http://www.opensamm.org/ http://www.opensamm.org/].
<td style="background-color: #AEB7D5; padding: 5px;">3:45 PM - 4:45 PM</td>
+
<td style="border-width:1px; padding: 5px; border-style:solid; border-color: #AEB7D5">'''Bruce Schneier'''<br />[http://www.schneier.com/ schneier.com]
+
  
'''Topic:''' The Future of the Security Industry: IT is Rapidly Becoming a Commodity'''
+
'''Bio:''' (From [http://www.fortify.com/ fortify.com]) ''Pravir Chandra is Director of Strategic Services at Fortify Software and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.''  
  
More companies are outsourcing their IT infrastructure -- treating it as a service more like electricity, office cleaning, or tax preparation -- and this has profound implications for IT security. Organizational users care less about the technical details of security. Products and services change their focus from the end user to the outsourcer. Industry consolidation results, as non-security IT infrastructure companies seek to bolster their security credentials. Even the profession changes, as jobs move from individual organizations to the outsourcing companies, and in some cases overseas. This talk looks at the future of IT security in a mature IT infrastructure industry.
+
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:30 PM - 3:45 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Break
 +
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 3:45 PM - 4:45 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | '''Bruce Schneier'''<br>[http://www.schneier.com/ schneier.com] - [http://vimeo.com/6495257 Video Archive ]
 +
'''Topic:''' The Future of the Security Industry: IT is Rapidly Becoming a Commodity
  
'''Bio''': (From [http://www.schneier.com/ schneier.com]) ''Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.''</td>
+
More companies are outsourcing their IT infrastructure -- treating it as a service more like electricity, office cleaning, or tax preparation -- and this has profound implications for IT security. Organizational users care less about the technical details of security. Products and services change their focus from the end user to the outsourcer. Industry consolidation results, as non-security IT infrastructure companies seek to bolster their security credentials. Even the profession changes, as jobs move from individual organizations to the outsourcing companies, and in some cases overseas. This talk looks at the future of IT security in a mature IT infrastructure industry.
</tr>
+
'''Bio''': (From [http://www.schneier.com/ schneier.com]) ''Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.''
 +
|-
 +
| style="padding: 5px; background-color: rgb(174, 183, 213);" | 4:45 PM
 +
| style="border: 1px solid rgb(174, 183, 213); padding: 5px;" | Event Closing
 +
|}
  
<tr>
+
[[Category:Minnesota]]
<td  style="background-color:#AEB7D5; padding: 5px;">4:45 PM</td>
+
<td style="border-width:1px; padding: 5px; border-style:solid; border-color: #AEB7D5">Event Closing</td>
+
</tr>
+
</table>
+

Latest revision as of 15:52, 12 September 2009

The OWASP Minneapolis-St. Paul (OWASP MSP) chapter wants to say thanks again for another year to all who joined us for an afternoon of information security presentations on August 24, 2009 at the St. Paul Student Center Auditorium/Theater on the University of Minnesota - Twin Cities campus. Watch the video at Vimeo.


Thank You to Our Sponsors

Contact Lorna at lorna.alamri@owasp.org to sponsor future events.

A big thank you goes out to the Office of Internal Audit and OIT Security at the University of Minnesota for sponsoring the event location.

A special thank you goes out to Platinum Sponsors Best Buy, Center for Strategic Information Technology and Security (MnSCU), and Integral.


Best Buy logo.jpg      Center for strategic it n security.png      Integral logo.png


Thank you to the following sponsors for their financial support of this event and the OWASP MSP chapter!


Integral logo.png New Symantec Logo.jpg Imperva Logo.gif Secure360 logo.png        Center for strategic it n security.png


Breach logo.gif      Netspi logo.png                 F5 logo.png                  Mn-issa logo.png         Fortify Logo (Medium).jpg


Social Media

Share the OWASP MSP 2009 Half Day Conference on your favorite social media sites:

Linkedin mini.png Twitter mini.png Facebook mini.png Digg mini.png Delicious mini.png Reddit mini.png Myspace mini.png


Follow OWASP MSP on your favorite social media sites:

Linkedin mini.png Twitter mini.png Facebook mini.png Digg mini.png Delicious mini.png Reddit mini.png Myspace mini.png


Agenda

12:30 PM - 1:30 PM Check-In
1:30 PM - 1:45 PM

Kuai Hinojosa

OWASP MSP President - Video Archive

Topic: Event Introduction

The OWASP MSP chapter has had a successful year, and will be looking ahead to even more participation in the global OWASP community.

1:45 PM - 2:30 PM

Seth Peter

Chief Technology Officer, NetSPI - Video Archive

Topic: The Developers Guide to PCI DSS and PA-DSS Requirements

The Payment Card Industry (PCI) Data Security Standard (DSS) has a large number of requirements pertaining to the development and maintenance of payment applications. The requirements span development, maintenance, support, access controls, auditing & logging, security awareness, assessment, and policies. Not only does this apply to the systems within a cardholder environment but also to supporting applications and your organization’s overall SDLC. Furthermore, these application specific requirements are often overlooked or misunderstood by development and information security departments. Within this presentation, we will review the most relevant PCI requirements that developers and application owners must focus on and how your organization can confidently comply.

Bio: (From netspi.com) Seth Peter is a computer security expert with extensive experience with all aspects of information security. He was a founder of the computer forensics team at Kroll Ontrack where he provided expert witness testimony and depositions regarding high profile computer security cases. As the founder and CTO of NetSPI, he is a national leader in risk management and security program assessment. Seth has provided consulting to over 100 different organizations within financial services, government, health care, education, nuclear energy, and retail. Seth is a Payment Card Industry Qualified Security Assessor and Visa Qualified Payment Application Security Professional. Seth holds a B.A. degree in Mathematics from Kenyon College.

2:30 PM - 2:45 PM Break
2:45 PM - 3:30 PM

Pravir Chandra

Director of Strategic Services, Fortify - Video Archive

Topic: Software Assurance Maturity Model (OpenSAMM)

The Software Assurance Maturity Model (SAMM) (http://www.opensamm.org/) is a flexible and prescriptive framework for building security into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.

Bio: (From fortify.com) Pravir Chandra is Director of Strategic Services at Fortify Software and works with clients on software security assurance programs. Pravir is recognized for his expertise in software security, code analysis, and his ability to strategically apply technical knowledge. Prior to Fortify, he was a Principal Consultant affiliated with Cigital and led large software security programs at Fortune 500 companies. Pravir Co-Founded Secure Software, Inc. and was Chief Security Architect prior to its acquisition by Fortify. He recently created and led the Open Software Assurance Maturity Model (OpenSAMM) project with the OWASP Foundation, leads the OWASP CLASP project, and also serves as member of the OWASP Global Projects Committee. Pravir is author of the book Network Security with OpenSSL.

3:30 PM - 3:45 PM Break
3:45 PM - 4:45 PM Bruce Schneier
schneier.com - Video Archive

Topic: The Future of the Security Industry: IT is Rapidly Becoming a Commodity

More companies are outsourcing their IT infrastructure -- treating it as a service more like electricity, office cleaning, or tax preparation -- and this has profound implications for IT security. Organizational users care less about the technical details of security. Products and services change their focus from the end user to the outsourcer. Industry consolidation results, as non-security IT infrastructure companies seek to bolster their security credentials. Even the profession changes, as jobs move from individual organizations to the outsourcing companies, and in some cases overseas. This talk looks at the future of IT security in a mature IT infrastructure industry. Bio: (From schneier.com) Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.

4:45 PM Event Closing