Welcome to the SFISSA Site

The South Florida Chapter of the Information Systems Security Association (ISSA)® welcomes you.

ISSA® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members. CLICK HERE TO JOIN

November 2014 SFISSA Meeting & Elections – Thursday, November 20th, 5:30p -7:30p at Nova Southeastern University

South Florida’s November 2014 meeting will be on Thursday, November 20th, 2014 at Nova Southeastern University. The meeting will take place in the Carl DeSantis Building from 5:30pm – 7:30pm, followed by their usual networking hour.

Special mention: Elections will be held at November’s monthly meeting!

Abstract:
2014 Data Breach Investigations Report:
• 50 contributing organizations.
• 63,000+ security incidents.
• 1,367 confirmed data breaches.
• 95 countries covered.
Report Finds Nine Basic Patterns Make Up 92 Percent of Security Incidents: No Organization Is Immune From a Data Breach.

Speaker: Michael Marrochello
Bio:
Michael’s career spans various roles over a twenty year period. His background is in Cyber Security, Hosting, Business Continuity and Disaster Recovery. Michael spent 12 years in the United States Army and started his technology career with Digital Equipment Corporation on the disaster recovery team.

He built his first Data Center with MCI in 1995. Michael has been on the board of Accredited Continuity Planners (South East Florida) as well as the Miami Electronic Crimes Taskforce (Secret Service).

Throughout his career he has designed and architected high-available, secure, resilient systems. This knowledge has been a key to success on the Cyber Insiders team within Verizon Business. Michael started with MCI in 2000 and has been with Verizon for 6 years. His role on the Cyber Insiders team is critical in presenting Advanced Security Solutions to the growing landscaper of Advanced Threats.

Sponsor: Verizon

Topic: Leveraging Threat Intelligence to Manage your Risks and Threats

Abstract:
The evolving nature of threats is a top security challenge that organizations face, and targeted attacks are on the rise. Cyber-attacks are increasingly more sophisticated and organized. Adversaries specialize in different aspects of an attack and collaborate to achieve their objectives. To combat these sophisticated attackers, enterprises must also collaborate to create a united defense to beat cyber criminals at their own game. Making effective use of cyber threat intelligence is an important component of an organization’s security program. Cyber threat intelligence can be obtained internally and from external sources. It must be collected, analyzed, shared and leveraged. This talk discusses the evolving threat landscape and how IT security organization need to use intelligence to proactively defend themselves.

Speaker: Stan Wisseman
Bio:

Sponsor: HP





Venue:

Nova Southeastern University – Carl DeSantis Building
Room TBA
3301 College Avenue
Fort Lauderdale, Florida 33314
Phone: 800-541-6682

SFISSA & OWASP Joint Meeting October 2014

Save the date South Florida: Wednesday 10/15/14 5:30pm – 7:30pm!
Our October 2014 meeting will be the annual joint meeting between the South Florida ISSA chapter the South Florida OWASP chapter. We have an excellent line up of speakers, topics, and networking scheduled for you so plan ahead and mark your calendars!

We would like to thank our sponsors for this meeting: HP

South Florida’s ISSA & OWASP joint meeting will be on Wednesday, October 15th, 2014 at Nova Southeastern University. The meeting will take place in the Carl DeSantis Building from 5:30pm – 7:30pm, followed by our usual networking event at the Falcon Pub sponsored by HP!

Two great speakers and talks lined up! First we have Bruce Jenkins from HP talking about Software Security Assurance: Keeping your security program on the rails. He will be followed by one of the founders of OWASP, Jeff Williams, who will talk to use about AppSec at DevOps Speed and Portfolio Scale.

You don’t want to miss this one!

Software Security Assurance: Keeping your security program on the rails – Bruce Jenkins
Abstract
In working with dozens of organizations across all industries, a common theme has emerged as it relates to effective implementation of software security assurance programs: they generally are not effective. In fact, in numerous cases, programs are often shelved outright after several years of multiple implementation attempts. An obvious downside of this failure is a lack of return on security technology investments. The reasons for failure vary, but it often comes down to an absence of management commitment, a lack of focus, or simply insufficient awareness and education amongst stakeholders. This presentation explores why programs do not get off the ground or flounder after launch, and what can and should be done to prevent or correct those situations. Developers, project leads, architects and information security managers will benefit from discussions about the key elements to effective security program implementation.

Bio
Bruce C Jenkins, CISSP, leads HP Fortify’s Software Security Assurance (SSA) enablement strategy and works regularly with customers on SSA program development and measurement. He is a 28-year US Air Force veteran who has been a Fortify evangelist and builder of SSA solutions since 2007. He has supported more than 60 professional services engagements and collected data on more than 350 security assessments across all industry sectors. Bruce hold a BS in computer science and MS in management science.

AppSec at DevOps Speed and Portfolio Scale – Jeff Williams
Abstract
Software development is moving much faster than application security with new platforms, languages, frameworks, paradigms, and methodologies like Agile and Devops.

Unfortunately, software assurance hasn’t kept up with the times. For the most part, our security techniques were built to work with the way software was built in 2002. Here are some of the technologies and practices that today’s best software assurance techniques *can’t*handle: JavaScript, Ajax, inversion of control, aspect-oriented programming, frameworks, libraries, SOAP, REST, web services, XML, JSON, raw sockets, HTML5, Agile, DevOps, WebSocket, Cloud, and more. All of these rest pretty much at the core of modern software development.

Although we’re making progress in application security, the gains are much slower than the stunning advances in software development. After 10 years of getting further behind every day, software *assurance* is now largely incompatible with modern software *development*. It’s not just security tools — application security processes are largely incompatible as well. And the result is that security has very little influence on the software trajectory at all.

Unless the application security community figures out how to be a relevant part of software development, we will continue to lag behind and effect minimal change. In this talk, I will explore a radically different approach based on instrumenting an entire IT organization with passive sensors to collect realtime data that can be used to identify vulnerabilities, enhance security architecture, and (most importantly) enable application security to generate value. The goal is unprecedented real-time visibility into application security across an organization’s entire application portfolio, allowingall the stakeholders in security to collaborate and finally become proactive.

Bio
Jeff Williams is a founder and CEO of Aspect Security and recently launched Contrast Security, a new approach to application security analysis. Jeff was an OWASP Founder and served as Global Chairman from 2004 to 2012, contributing many projects including the OWASP Top Ten, WebGoat, ESAPI, ASVS, and more. Jeff is passionate about making it possible for anyone to do his or her own continuous application security in real time.

Venue
Nova Southeastern University – Carl DeSantis Building
Room TBA
3301 College Avenue
Fort Lauderdale, Florida 33314
Phone: 800-541-6682

Page 1 of 1212345»10...Last »