[Global_industry_committee] Fwd: Re: Fwd: SANS workshop in DC in Aug -- OWASP involvement?
rex.booth at owasp.org
Wed Jun 15 13:56:36 EDT 2011
-------- Original Message --------
Subject: Re: Fwd: [Global_industry_committee] SANS workshop in DC in
Aug -- OWASP involvement?
Date: Wed, 15 Jun 2011 13:53:45 -0400
From: Rex Booth <rex.booth at owasp.org>
To: Ari_Elias-Bachrach at navyfederal.org, arvind05 at gmail.com,
caleb.mcgary at gmail.com, Jack Mannino <jack.a.mannino at gmail.com>
That's great - thanks for the feedback, guys. We also have a couple
other people who are willing to step up and help.
I'd like to get a package of capabilities together to send to SANS.
Basically something saying "we can provide you with X, Y and Z. Let us
know what you're interested in" to accompany a value proposition.
It sounds like we all have speaking/presenting experience. I'd like to
gather the following from each of us:
1) An abstract of any presentations we have available to provide
2) A brief bio of ourselves
I'll also then develop a marketing component to accompany this.
I've included an example of an abstract/bio for a presentation I'm
giving in a couple months. If you can keep your abstracts and bios to
about this length, that would be fantastic.
I'd like to submit all of this to SANS by Monday. Does Sunday at noon
sound like a reasonable deadline for the abstracts and bios for you all?
*_Title:_* Do Your Web Applications Open the Door to Hackers?
Cybersecurity is a multi-faceted topic which requires attention to a
variety of issues in order to develop a comprehensive security posture.
In the past, approaches to cybersecurity have focused primarily on
perimeter defenses, network security, and platform hardening. While
such efforts have improved cybersecurity by reducing the vulnerability
of organizations to a variety of threats, criminals have now shifted
their efforts to a more vulnerable component of an organization's IT
presence: their applications.
In this presentation, we will provide attendees with an overview of
application security, using web applications as the framework for our
discussion. We will discuss the impetus for the increased threat from
criminals to web applications, provide a broad overview of a web
application and the inherent vulnerabilities, and discuss some specific
threats and how they tie into risk to organizational risk. We'll
complete our discussion by providing a live demonstration of a website
hack and discuss some high-level tactics and strategies for risk mitigation.
*Name: *Rex Booth, CISSP, PMP
*Title*: Senior Manager, Cybersecurity
*Organization*: Grant Thornton
*Voice: *(703) 785-9390 *E-mail*: Rex.Booth at us.gt.com
<mailto:Rex.Booth at us.gt.com>
Rex is a Senior Manager in Grant Thornton's Public Sector practice and
leads their Cybersecurity Solution group. He has over ten years of
experience providing application development, risk management and
information security services to government agencies, private industry,
and financial institutions. Since joining Grant Thornton, Rex has led
various information security and risk management engagements including
FISMA, IV&V, SOX, and OMB A-123 engagements as well as identity
management and system certification and accreditation efforts. During
his tenure at previous employers, Rex designed and developed complex
distributed web-based applications. As a member of a managed security
services team performing research and development, he co-architected and
implemented a scalable information detection and prevention information
aggregation solution for use in a real-time 24/7 information security
monitoring system, correlating and reporting on thousands of devices. He
has presented on the topic of information security and assessment
methodologies to various institutions and is currently a global
committee member for the Open Web Application Security Project (OWASP).
Rex holds a BA in Political Science and Computer Science and an MS in
Information Systems and Technology Management.
On 6/15/2011 12:19 PM, Ari_Elias-Bachrach at navyfederal.org wrote:
> I'm not sure when the deadline for submitting presentations is. The
> CFP is on the website, but they also have the entire agenda already
> laid out.
> Is the agenda set and they're just looking for people to fill the
> slots, or are they going to have multiple sessions running in parallel?
> I presented at the last AppSecDC. (Although in all honesty it was my
> first conference presentation and I was very nervous so please don't
> judge me based on that performance).
> I was thinking one possibility for a presentation might be something
> along the lines of "How can free OWASP docs help you run a secure
> appsec program". I do appsec for a bank and I can relate from personal
> experience how things like the ASVS, secure coding quick reference
> guide, code review guide, and webscarab have been beneficial to us. It
> wouldn't be anything revolutionary and wouldn't really present any new
> information, but would be basically a primer for other AppSec pros on
> how OWASP can help them.
> Ari Elias-Bachrach
> Global IT Services, Information Services
> extension: 4-2833
> desk: (703) 206-2833
> cell: (703) 463-8806
> Ari_Elias-Bachrach at navyfederal.org
> Inactive hide details for Rex Booth ---06/15/2011 11:25:09 AM---Thanks
> for expressing interest in the below. I know some of yoRex Booth
> ---06/15/2011 11:25:09 AM---Thanks for expressing interest in the
> below. I know some of you are new to the area or new to OWAS
> From: Rex Booth <rex.booth at owasp.org>
> To: <caleb.mcgary at gmail.com>, <Ari_Elias-Bachrach at navyfederal.org>,
> <arvind05 at gmail.com>
> Date: 06/15/2011 11:25 AM
> Subject: Re: Fwd: [Global_industry_committee] SANS workshop in DC in
> Aug -- OWASP involvement?
> Thanks for expressing interest in the below. I know some of you are
> new to the area or new to OWASP, so we're excited to have you aboard!
> I think there's two primary ways for OWASP to contribute to this event:
> 1) Submit a presentation
> 2) Ask SANS for the opportunity to promote OWASP in some way (manning
> a booth, distributing fliers, etc)
> My first questions for you all are the following:
> 1) Does anybody have a relationship with SANS?
> 2) Does anybody have public speaking experience?
> I think the answers to the above can help define our approach.
> On 6/14/2011 10:43 PM, Rex Booth wrote:
> Does anybody have an interest in working with SANS to establish
> an OWASP presence at the below event?
> -------- Original Message --------
> *Subject: *
> [Global_industry_committee] SANS workshop in DC in Aug -- OWASP
> *Date: *
> Tue, 14 Jun 2011 13:53:51 -0600
> *From: *
> David Campbell _<dcampbell at owasp.org>_
> <mailto:dcampbell at owasp.org>
> *To: *
> _<global_industry_committee at lists.owasp.org>_
> <mailto:global_industry_committee at lists.owasp.org>
> The topic of this workshop begs for OWASP involvement. Any of our DC
> people have time/interest to pursue getting OWASP a presence at this
> David Campbell
> Open Web Application Security Project
> _http://www.owasp.org_ <http://www.owasp.org/>
> Global_industry_committee mailing list
> _Global_industry_committee at lists.owasp.org_
> <mailto:Global_industry_committee at lists.owasp.org>
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 105 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global_industry_committee/attachments/20110615/f26b29d0/attachment-0001.gif
More information about the Global_industry_committee