This presentation on the OWASP Software Assurance Maturity Model (SAMM) was by Pravir Chandra, the project lead. I was actually really excited in seeing this topic on the schedule as SAMM is something that I’ve been toying with for my organization for a while. It’s actually a very simple and intuitive approach to how to […]
The first presentation of the day that I went to was by GE’s Darren Challey and was about GE’s application security program and how he took a holistic approach to securing the enterprise. My notes on this presentation are below: Why is AppSec so hard? AppSec changes rapidly (look at difference between 2004, 2007, and […]
The last presentation of the day was by Rich Mogull on “Everything you need to know about cloud security in 30 minutes or less”. It all started with all of the presentations and diagrams having pictures of clouds so some guy decides to sell that. Makes security practitioners sad. Why the cloud is a problem […]
Next up at the Cloud Computing and Virtualization Security half-day seminar was a Cloud Computing Panel moderated by Rich Mogull (Analyst/CEO at Securosis) with Josh Zachary (Rackspace), Jim Rymarczk (IBM), and Phil Agcaoili (Dell) participating in the panel. My notes from the panel discussion are below: Phil: Little difference between outsources of the past and […]
The next session during the ISSA half-day seminar on Virtualization and Cloud Computing Security was on security best practices from a customer and vendor perspective. It featured Brian Engle, CIO of Temple Inland, and Rob Randell, CISSP and Senior Security Specialist at VMware, Inc. My notes from the presentation are below: Temple Inland Implementation – […]
The next presentation at the ISSA half-day seminar was on the “Cloud Security Alliance” and Security Guidance for Critical Areas of Focus in Cloud Computing by Jeff Reich. Here are my notes from this presentation: Agenda About the Cloud Security Alliance Getting Involved Guidance 1.0 Call to Action About the Cloud Security Alliance Not-for-profit organization […]
Today the Austin ISSA and ISACA chapters held a half-day seminar on Cloud Computing and Virtualization Security. The introduction on cloud computing was given by Vern Williams. My notes on this topic are below: 5 Key Cloud Characteristics On-demand self-service Ubiquitous network access Location independent resource pooling Rapid elasticity Pay per use 3 Cloud Delivery […]
I was talking with my coworkers this afternoon about Time Warner’s plans to jack up rates for high-bandwith users and it got me thinking about how much of their precious bandwith I am actually using. I know that my router at home has a web browser interface where I can get that information, but I […]
For my last session of the day at TRISC 2009, I decided to attend Joseph Krull’s presentation on PCI Compliance. Joe works as a consultant for Accenture and has performed 60+ PCI engagements for various companies. If your organization does any processing of credit card information, my notes from that session below should be useful: […]
For my first breakout session of the TRISC 2009 Conference, I decided to check out Rohyt Belani’s presentation on Spear Phishing. Rohyt is the CEO of Intrepidus Group and has spoken at a variety of conferences from BlackHat to OWASP to MISTI to Hack in the Box. I had heard from several other conference attendees […]
