[Owasp-austin] OWASP Meeting TOMORROW (1/26) - Reducing Your Data Security Risk Through Tokenization

Josh Sokol josh.sokol at ni.com
Mon Jan 25 14:13:51 EST 2010


Hello OWASPers! 

Don't forget that we will be having our first Austin OWASP meeting of the 
year tomorrow.  The meeting will be held at our usual location (National 
Instruments - Building C) in our usual room during our usual time (11:30 
AM to 1:00 PM).  The topic for the meeting is "Reducing Your Data Security 
Risk Through Tokenization" and I will be presenting, but I'd really like 
for this to be a discussion where everyone can share their thoughts on 
Tokenization in the enterprise.  A summary of what I intend to talk about 
is below. 

Reducing Your Data Security Risk Through Tokenization - Tuesday, January 
26, 2010, 11:30 AM - 1:00 PM 
The first Austin OWASP meeting of the year is on a really interesting 
topic that many of you have probably never thought about: Tokenization. 
The concept is simple...use tokens to represent your data instead of 
passing around the data itself. For example, why would you give a customer 
account representative a full credit card number when all they need to do 
their job is the last four digits? Using tokenization, we are able to 
reduce the data security risk by limiting the number of systems that 
actually store the data. This extremely simplifies audits for regulations 
like SOX, HIPAA, and PCI DSS. This presentation will cover the business 
drivers for data protection, what tokenization is, and how to implement 
it. If your organization has data to protect, then you're going to want to 
check out this presentation. 

Austin Security Executives Happy Hour - Thursday, February 11, 2010, 5:00 
PM - 7:00 PM 
The January happy hour event was a huge success with over 27 of the best 
and brightest security executives in attendance.  If you weren't one of 
them, then you were certainly missing out, but we're willing to give you 
another chance.  We've scheduled another happy hour event for Thursday, 
February 11 from 5-7 PM at the same location (Sherlock's on Burnet and 
183).  Even better, WhiteHat Security (http://www.whitehatsec.com) has 
graciously offered to sponsor the event so look forward to food and drinks 
on them.  Don't miss out on this exciting opportunity to network with your 
fellow security executives! 

Upcoming Events 
February 23, 2010 - OWASP Meeting - Advanced Persistent Threat - Matt Pour 
(IBM X-Force) 
March 30, 2010 - OWASP Meeting - Enterprise Application Security 
Practices: Real-world Tips and Techniques - Addison Lawrence, Chad Barker, 
and Mike Craigue (Dell, Inc.)

Application Security Job Opportunity 
I was contacted by Charles Henderson, Application Security Practice 
Manager at TrustWave about a job opportunity that they currently have 
available in Austin.  Trustwave is the leading provider of on-demand and 
subscription-based information security and payment card industry 
compliance management solutions to businesses and government entities 
throughout the world.  Trustwave is seeking qualified security 
professionals to expand its SpiderLabs Application Security team. This 
team performs manual application penetration tests,  code reviews, and 
delivers secure developer training to Trustwave’s global clients. 

Qualifications
•    B.S. in Computer Science or equivalent degree/experience.
•    Minimum 2 years in a full-time position with primary responsibilities 
in an application security testing role – either as a consultant or 
internal corporate role
•    Must possess some of the following:
   -    Deep technical knowledge of how the security around applications 
(web, thick, and thin) work and can be broken
   -    Ability to develop in at least two of the following languages:
       •    ASP, VB .NET, C#, AJAX
       •    PHP, Ruby, Python, Perl
       •    Flex , AMF, BlazeDS
       •    Java, C/C++,
       •    Fortran, COBOL
   -    Experience finding new vulnerabilities and/or developing exploit 
code

•    A passion for finding problems in applications and systems that no 
one knew existed
•    A sense of professionalism and pride in delivering a work product of 
top quality and integrity
•    Ability to multitask
•    Excellent client communication and time management skills

Additional Desired Qualification
•    Experience developing and presenting technical papers at security 
conferences
•    Experience publishing security advisories 

Salary is negotiable.  If you are interested in applying, please send an 
email with your resume/CV attached to Charles Henderson 
<chenderson at trustwave.com> 

Sincerely,

Josh Sokol (CCNA, GWAS)
Web Systems Engineer
National Instruments _______________________________________________
Owasp-austin mailing list
Owasp-austin at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-austin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-austin/attachments/20100125/897d0f95/attachment.html 


More information about the Owasp-austin mailing list