[Owasp-denver] ISACA March 2010 Meeting - Security, Auditing and Governance in Software Development Life Cycle

Ramadoss, Ram Ram.Ramadoss at qwest.com
Thu Mar 11 18:29:08 EST 2010


Hi David,

Could you please forward it to your OWASP members?

Thanks,

Prabhakaran (Ram) Ramadoss
CISSP, CISA, CIPP,GPEN (GIAC Certified Penetration Tester)
Principal Information Security Engineer
Risk Management / Information Security
Work: 720 578 3336
Cell: 720 624 9613


[http://www.rmoug.org/images/bluelogo.jpg]<http://www.rmoug.org/index.html>[X]


March Meeting
Thursday, March 25, 2010

Security, Auditing and Governance in Software Development Life Cycle (SDLC) (1/2 day Training Session)
Topic Summary
RMOUG (Rocky Mountain Oracle User Group) and ISACA Denver Chapter are pleased to announce a joint monthly meeting and a ½ day training session on an exciting topic. Our March monthly meeting will include several presentations and a panel discussion comprising SMEs and industry practitioners in the Software Development Life Cycle, Compliance, Information Security and IT Governance areas. Please review the content below for additional registration details.

Hurry and register now.

For further details regarding the program and to make your reservation, please click the following URL: http://isaca-denver.org/meetings/MAR_2010_CHPT_MTG.shtml
CPE Credits: 3
Topic Summary
Companies are facing tremendous challenges in effectively integrating Information Security, IT Governance and Compliance as part of software development life cycle. By attending this meeting, you will be able to get a deeper understanding of different phases of software development life cycle and how companies such as Oracle, IBM, Ernst & Young have achieved great success in integrating security, governance and compliance as part of the SDLC. We will also have a panel discussion as part of this meeting to raise questions and exchange ideas with Oracle and Ernst & Young. Fortify is planning to share their inputs regarding importance of development phase and challenges with source code review.
Agenda
11:00 AM - 12:15 PM Registration; Lunch & Networking
12:15 PM - 12:30 PM ISACA and RMOUG Board Announcements

12:30 PM - 01:15 PM SDLC Presentation (Pending speaker confirmation)

01:15 PM - 02:00 PM Architecture and information security, Cody Cornell, IT Architect, IBM Global Business Services

02:00 PM - 02:45 PM Address Source Code Review - Development Phase, Raj Kesarapalli, Software Security Consultant, Fortify Software
02:45 PM - 0330 PM   Break and Discussion with Exhibitors/Sponsors

03:30 PM - 04:30 PM Information Security, Compliance and Governance Panel Discussion by
Marlene Veum, Director of Global Information Security, Oracle Corporation
Tushar Padhiar, Senior Manager, Ernst & Young
Pete Reinig, Principal Architect, Qwest Information Technologies



About the Speakers

Cody Cornell, IT Architect, IBM Global Business Services

Cody Cornell serves as an IT Security Architect with IBM Global Services, Boulder CO. Cody provided information security consulting and solution deployment for US federal government clients including the Department of Homeland Security and IBM Federal Data Center data center customers.

Cody served as an Information Security Architect in American Express. Cody provided enterprise information security engineering and design for American Express Infrastructure Security Engineering team
Cody worked as a Penetration Tester in Booz Allen Hamilton and conducted penetration testing and ethical hacking to the Defense Information System Agency, Joint Interoperability Testing Command.

Cody worked as Secure System Engineer in BAE Systems. Cody served as subject matter expert and technical lead for the Defense Information System Agency's Secure Configuration Compliance Validation Initiative (SCCVI) and Security Configuration Remediation Initiative (SCRI).

Raj Kesarapalli, Software Security Consultant, Fortify Software
Raj Kesarapalli is a software security consultant in the Fortify Software. He has been a software developer, a software development lifecycle automation consultant, and a product manager among his other various roles in his career. He has over fifteen years of experience at companies such as Pure Software, Rational, IBM, Worksoft and Fortify, addressing customer needs in various areas of software development lifecycle automation and software security.
About the Panel Members
Tushar Padhiar, Senior Manager, Ernst & Young

Tushar is a Senior Manager in Ernst & Young's Advisory Services practice with 13 years experience in information systems and systems security with a focus on both traditional ITGC auditing and advisory skills. Areas in which Tushar specializes include development and design related: security policies, security organizations, security architectures, and security software development lifecycles. Selected clients include Large Private University, Global 50 Diversified Media and Entertainment Client, Fortune 100 Technology Distribution Organization, Fortune 50 Diversified Financial Services Organization, and private companies.

Tushar received his Bachelor of Science in Accountancy from the University of Denver (Magna Cum Laude). He is a Certified Public Accountant (CPA) in Colorado, Certified Information Systems Auditor (CISA) and a Certified Information Security Manager (CISM).  He is also a member of the Information Systems Audit & Control Association (ISACA).

Marlene Veum, Director of Global Information Security, Oracle Corporation
Marlene Veum is Director of Global Information Security at Oracle Corporation.  Marlene is responsible for providing executive management, strategic and technical advice on industry trends in information security and assurance, risk management, business continuity and disaster recovery.  She is also responsible for corporate oversight and guidelines on security policy and standards, regulatory compliance, security consulting, and awareness programs. Marlene has previous executive level management experience and over 12 years knowledge in Information Technology with a focus on security, risk management, compliance, and audit.  Her proven track record and leadership abilities, coupled with sincere passion and commitment, have enabled her to achieve measurable success in the information security profession and for the organizations she's worked for.   Ms. Veum is also a member of the Air Force Reserves and serves as an Intelligence Analysts for the Air Force Space Command (AFSPC) and maintains a Top Secret (SCI) Security Clearance.  She holds a B.S. in Business Information Systems and is a Certified Information Systems Security Professional (CISSP).  Hewlett-Packard/Agilent Technologies 1997 - 2004; Oracle Corp. 2004 - 2010; U.S. Air Force Reserves 2002 - 2010

Pete Reinig, Principal Architect, Qwest Information Technologies

Pete Reinig is a Principal Architect managing the Mid-Range Infrastructure Engineering team at Qwest. Pete has 32 years of experience and has held a number of positions starting with Mountain Bell, U S WEST, U S WEST Advanced Technologies, Bellcore and now currently with Qwest. In his current position, he oversees the mid-range architectural standards for hardware and operating systems.

Fees
ISACA and RMOUG Members: $35
Non-Members: $45
Walk-in members and non-members must pay by cash/check and will be charged an additional $10.00 fee above the normal member / non-member fee.
Walk-ins may be turned away if space is not available.
Location

Embassy Suites Hotel Denver Aurora
4444 North Havana Street
Denver, CO  80239

Registration
For further details regarding the program and to make your reservation, please click the following URL: http://isaca-denver.org/meetings/MAR_2010_CHPT_MTG.shtml



  ________________________________
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-denver/attachments/20100311/27b09be4/attachment.html 


More information about the OWASP-DENVER mailing list