[Global_industry_committee] Fwd: Re: Fwd: SANS workshop in DC in Aug -- OWASP involvement?

Rex Booth rex.booth at owasp.org
Wed Jun 15 13:56:36 EDT 2011


-------- Original Message --------
Subject: 	Re: Fwd: [Global_industry_committee] SANS workshop in DC in 
Aug -- OWASP involvement?
Date: 	Wed, 15 Jun 2011 13:53:45 -0400
From: 	Rex Booth <rex.booth at owasp.org>
To: 	Ari_Elias-Bachrach at navyfederal.org, arvind05 at gmail.com, 
caleb.mcgary at gmail.com, Jack Mannino <jack.a.mannino at gmail.com>

That's great - thanks for the feedback, guys.  We also have a couple 
other people who are willing to step up and help.

I'd like to get a package of capabilities together to send to SANS.  
Basically something saying "we can provide you with X, Y and Z.  Let us 
know what you're interested in" to accompany a value proposition.

It sounds like we all have speaking/presenting experience.  I'd like to 
gather the following from each of us:

1) An abstract of any presentations we have available to provide
2) A brief bio of ourselves

I'll also then develop a marketing component to accompany this.

I've included an example of an abstract/bio for a presentation I'm 
giving in a couple months.  If you can keep your abstracts and bios to 
about this length, that would be fantastic.

I'd like to submit all of this to SANS by Monday.  Does Sunday at noon 
sound like a reasonable deadline for the abstracts and bios for you all?


*_Title:_*  Do Your Web Applications Open the Door to Hackers?


Cybersecurity is a multi-faceted topic which requires attention to a 
variety of issues in order to develop a comprehensive security posture.  
In the past, approaches to cybersecurity have focused primarily on 
perimeter defenses, network security, and platform hardening.  While 
such efforts have improved cybersecurity by reducing the vulnerability 
of organizations to a variety of threats, criminals have now shifted 
their efforts to a more vulnerable component of an organization's IT 
presence: their applications.

  In this presentation, we will provide attendees with an overview of 
application security, using web applications as the framework for our 
discussion.  We will discuss the impetus for the increased threat from 
criminals to web applications, provide a broad overview of a web 
application and the inherent vulnerabilities, and discuss some specific 
threats and how they tie into risk to organizational risk.  We'll 
complete our discussion by providing a live demonstration of a website 
hack and discuss some high-level tactics and strategies for risk mitigation.


*Name: *Rex Booth, CISSP, PMP

*Title*: Senior Manager, Cybersecurity

*Organization*: Grant Thornton

*Voice: *(703) 785-9390 *E-mail*: Rex.Booth at us.gt.com 
<mailto:Rex.Booth at us.gt.com>

Rex is a Senior Manager in Grant Thornton's Public Sector practice and 
leads their Cybersecurity Solution group. He has over ten years of 
experience providing application development, risk management and 
information security services to government agencies, private industry, 
and financial institutions.  Since joining Grant Thornton, Rex has led 
various information security and risk management engagements including 
FISMA, IV&V, SOX, and OMB A-123 engagements as well as identity 
management and system certification and accreditation efforts. During 
his tenure at previous employers, Rex designed and developed complex 
distributed web-based applications. As a member of a managed security 
services team performing research and development, he co-architected and 
implemented a scalable information detection and prevention information 
aggregation solution for use in a real-time 24/7 information security 
monitoring system, correlating and reporting on thousands of devices. He 
has presented on the topic of information security and assessment 
methodologies to various institutions and is currently a global 
committee member for the Open Web Application Security Project (OWASP).  
Rex holds a BA in Political Science and Computer Science and an MS in 
Information Systems and Technology Management.

On 6/15/2011 12:19 PM, Ari_Elias-Bachrach at navyfederal.org wrote:
> I'm not sure when the deadline for submitting presentations is. The 
> CFP is on the website, but they also have the entire agenda already 
> laid out.
> _https://www.sans.org/baking-security-applications-networks-2011/_
> Is the agenda set and they're just looking for people to fill the 
> slots, or are they going to have multiple sessions running in parallel?
> I presented at the last AppSecDC. (Although in all honesty it was my 
> first conference presentation and I was very nervous so please don't 
> judge me based on that performance).
> I was thinking one possibility for a presentation might be something 
> along the lines of "How can free OWASP docs help you run a secure 
> appsec program". I do appsec for a bank and I can relate from personal 
> experience how things like the ASVS, secure coding quick reference 
> guide, code review guide, and webscarab have been beneficial to us. It 
> wouldn't be anything revolutionary and wouldn't really present any new 
> information, but would be basically a primer for other AppSec pros on 
> how OWASP can help them.
>       -----------------
>       Ari Elias-Bachrach
>       Global IT Services, Information Services
>       extension: 4-2833
>       desk: (703) 206-2833
>       cell: (703) 463-8806
>       Ari_Elias-Bachrach at navyfederal.org 
> Inactive hide details for Rex Booth ---06/15/2011 11:25:09 AM---Thanks 
> for expressing interest in the below. I know some of yoRex Booth 
> ---06/15/2011 11:25:09 AM---Thanks for expressing interest in the 
> below. I know some of you are new to the area or new to OWAS
> From: Rex Booth <rex.booth at owasp.org>
> To: <caleb.mcgary at gmail.com>, <Ari_Elias-Bachrach at navyfederal.org>, 
> <arvind05 at gmail.com>
> Date: 06/15/2011 11:25 AM
> Subject: Re: Fwd: [Global_industry_committee] SANS workshop in DC in 
> Aug -- OWASP involvement?
> ------------------------------------------------------------------------
> Thanks for expressing interest in the below. I know some of you are 
> new to the area or new to OWASP, so we're excited to have you aboard!
> I think there's two primary ways for OWASP to contribute to this event:
> 1) Submit a presentation
> 2) Ask SANS for the opportunity to promote OWASP in some way (manning 
> a booth, distributing fliers, etc)
> My first questions for you all are the following:
> 1) Does anybody have a relationship with SANS?
> 2) Does anybody have public speaking experience?
> I think the answers to the above can help define our approach.
> Thanks!
> Rex
> On 6/14/2011 10:43 PM, Rex Booth wrote:
>       All,
>       Does anybody have an interest in working with SANS to establish
>       an OWASP presence at the below event?
>       Thanks,
>       Rex
>       -------- Original Message --------
>       *Subject: *
>       	[Global_industry_committee] SANS workshop in DC in Aug -- OWASP
>       involvement?
>       *Date: *
>       	Tue, 14 Jun 2011 13:53:51 -0600
>       *From: *
>       	David Campbell _<dcampbell at owasp.org>_
>       <mailto:dcampbell at owasp.org>
>       *To: *
>       	Global_industry_committee
>       _<global_industry_committee at lists.owasp.org>_
>       <mailto:global_industry_committee at lists.owasp.org>
>       _https://www.sans.org/baking-security-applications-networks-2011/_
>       The topic of this workshop begs for OWASP involvement. Any of our DC
>       people have time/interest to pursue getting OWASP a presence at this
>       workshop?
>       DC
>       -- 
>       David Campbell
>       Open Web Application Security Project
>       _http://www.owasp.org_ <http://www.owasp.org/>
>       _______________________________________________
>       Global_industry_committee mailing list
>       _Global_industry_committee at lists.owasp.org_
>       <mailto:Global_industry_committee at lists.owasp.org>
>       _https://lists.owasp.org/mailman/listinfo/global_industry_committee_

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20110615/f26b29d0/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 105 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global_industry_committee/attachments/20110615/f26b29d0/attachment-0001.gif 

More information about the Global_industry_committee mailing list