[Owasp-bahrain] Fwd: FW: [ISACA Bahrain] - Securing the Human Dimension Presentation, 11/12/2013, 6:30pm-8:30pm Bahrain Society of Engineers

Ali Khalfan ali.khalfan at owasp.org
Tue Dec 10 15:12:23 UTC 2013




You are invited to attend presentation entitled “Securing the Human
Dimension- Strategies and Solutions to secure your most important assets”


Speaker:Abhay Bhargav, CISSP, CISA, GWAPT, ISO-27001 LA, CPA

Time and date: 6:30pm-8:30 Wednesday 11th December 2013


Location: Bahrain Society of Engineers


All attendees will be issued with Certificate of attendance 3 cpe


About the Topic:

Modern threats have constantly targeted one critical resource, People.
Attackers have used innovative and highly sophisticated techniques to
gain access to enterprise data by exploiting employees of the company.
Spear-Phishing, Ransomware, Social-Media based enumeration and attacks,
Mobile threats have rendered several organizations defenseless and
wanting for solutions. We would offer some strategies and solutions to
counter these threats. We will also show LIVE DEMOs of phishing and
security traning using web-based tools that we45 has developed.

 The talk will consist of the following:

  * Real-world case studies of recent human security breaches.
  * Live Demos and Examples of Security attacks against employees of an
  * Practical Solutions and Technology Frameworks that protect against
    Human Security Flaws

About the Speaker:                            

Abhay Bhargav, CISSP, CISA, GWAPT, ISO-27001 LA, CPA


Abhay Bhargav is the founder and CTO of we45, a focused Information
Security Solutions Company. He has extensive experience with Information
Security and Compliance. He has performed security assessments for
various enterprises in various domains like banking, software
development, retail, telecom and legal. Previously, he was a Qualified
Security Assessor for the Payment Card Industry and has led several
security assessments for Payment Card Industry Compliance. He is also
the co-author of “Secure Java for Web Application Development”
<http://www.crcpress.com/product/isbn/9781439823514> published by CRC
Press, New York. He is the author of “PCI Compliance: A Definitive
Guide” for CRC Press as well.


Specific Information Security Expertise

·   Qualifications

·   CISSP (Certified Information Systems Security Professional) from ISC2

·   CISA (Certified Information Systems Auditor) - ISACA

·   GWAPT (GIAC Web Application Penetration Tester) - SANS Institute

·   ISO-27001 LA (Lead Auditor)

·   CPA (Certified Public Accountant) USA, State of Delaware

·   Led over 300 Security Assessments in over 18 countries all over the

·   Published International Author of the successful International
Information Security book ‘Secure Java: For Web Application Development’
- CRC Press USA

·   Quoted in several leading news-channels and news dailies as a
subject matter expert on Information Security

·   Speaker at prestigious Information Security forums like OWASP, ISACA
and Oracle OpenWorld and JavaOne, as well as Industry events of NASSCOM
and CII

·   Subject matter expert on Payment Card Industry Security Standards -
The world’s most stringent Security Requirements.

·   Intensive Knowledge and Research Capabilities for Vulnerability
Assessment and Penetration Testing. Led Assessments for Fortune 500

·   Performed over 40 application security code reviews for applications
in Java, ASP.NET <http://ASP.NET>, PHP, Python and proprietary
programming languages and platforms.

·   Expertise in Web Application Security and Network Security.
Performed White-box and Black-box testing assessments for industry
verticals like Retail, Banking, Credit Card Processing, Software
Development, Manufacturing and Healthcare

·   Developed novel Threat Modeling Frameworks for Web Application
Security, which has been published in leading Information Security Journals

·   Performed Intensive Security Assessments for Government entities all
over the country

·   Specific Web Application Security Expertise:

·   Vulnerability Assessment Penetration Testing with leading frameworks
like SANS, OWASP and Penetration Testing Framework

·   Extensive Expertise with Web Application Penetration Testing for
Java, ASP, PHP, Python and Coldfusion Applications

·   Expertise with Cloud Application Security Assessment and Web
services Security

·   Ability to write specific tools to perform specific Web Application
Security Assessments

·   Expertise in managing Business Logic testing for Web Applications

·   Expertise with Web Application Security Exploit frameworks like

·   Specific Network and OS Security Expertise:

·   Vulnerability Assessment Penetration Testing with leading frameworks
like SANS, OSSTMM and Penetration Testing Framework

·   Experience with Vulnerability Assessment and Penetration Testing of
Network Devices and Servers in complex IT Infrastructure involving over
400 public interfaces.

·   Extensive Experience with Attack Frameworks like Metasploit and
Attack API.

·   Combination of skills to perform White-box and Black-box assessments
of Network Infrastructure and Server Configurations.

·   Lead Trainer for Public workshops of Payment Card Industry Standards
and Risk Assessment Frameworks like OCTAVE and NIST SP-800-30

·   Consulting and Training expertise with Risk Assessment and
Management Frameworks like OCTAVE and NIST SP-800-30

Link for registering to the event




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bahrain/attachments/20131210/701d7265/attachment.html>

More information about the Owasp-Bahrain mailing list