May 2015 Joint SFISSA & OWASP Meeting – Thursday, May 21st, 5:30 – 9:00p at The Scripps Research Institute (TSRI)

South Florida’s May 2015 meeting will be on Thursday, May 21st, 2015 at Scripps Institute. The meeting will take place in the auditorium in Building B from 5:30 – 9:00pm, including our usual networking hour with a location TBD.

Presentation One

Title:
Cybersecurity Risks and Controls around Cloud Environments

Abstract:
Virtualization, and by extention Cloud Computing, have created amazing benefits for IT in the forms of increased agility and efficiency with a decrease in spending on physical infrastructure, power, & cooling. With these great operational benefits also comes a new concentration of risk by the addition of the Hypervisor and all of the corresponding tools for management and automation. During this discussion we will examine the typical IT journey towards Cloud Computing and map back how the existing security & compliance controls available in the industry today may or may not provide adequate compensating controls for that risk. Finally we will discuss the gaps in those control sets and how an IT organization can work to augment their existing controls to fill in the gaps and once again provide a secure and compliant IT infrastructure.

Speaker:
Keith Cowan

Bio:
Keith Cowan is a Senior Systems Engineer with HyTrust, a leader in cloud security and compliance. Keith earned a MBA in Business Administration from Dowling College and started his career with Computer Associates (now CA Technologies). Pursuant to a successful tenure at CA Technologies, Keith joined Internet Security Systems (ISS). At ISS, he was the Senior Systems Engineer for the NYC metro area, working with different verticals including Government and Financials building environments utilizing the ISS portfolio. Keith later moved on to Websense, as a Senior Sales Engineer handling NYC metro accounts, across all verticals. Keith’s time as Websense helped him understand the DLP market, and address security exposures at various customer accounts across all verticals, and help drive PCI, HIPPA, and SOX compliance. . Keith has been an IT Security professional for over 17 years with a focus on pre and post sales support management, system design, SAN implementation, security practices/implementation, system integration, project management and resource coordination.

Presentation Two

Title:
SSL/TLS, CA Issuance Transparency and the future of Authenticated Encryption

Abstract:
SSL/TLS and Certificate Authorities have been the subject of some not so pleasant discussion lately. What with all the browser, SSL/TLS exploits and adversaries breaching CAs to issue fake certificates for domains they don’t even own. There are big questions like can I currently browse the internet securely and feel safe about my privacy? In this talk we will go over the current state of SSL/TLS, current concepts/fixes, certificate issuance transparency in order to detect bad behavior and the possible future of Authenticated Encryption.

Speaker:
Evan Wagner

Bio:
Evan Wagner has been in the web development industry since the mid-late 90s when he would go to the library on Howard AFB in Republic of Panama to upload his websites via floppy disc to Geocities. He purchased his first domain name (Webmastersland.com) in 1999 and started his hosting company in 2000. It was about that time he became a Linux breakfast cereal kid, installing Linux on everything and taking on any tasks he could to prove to people the power of Linux. After years of this he found himself in positions of increasing responsibility. Just to name a few: DBA for Florida Cancer Specialists ($1Bn+ yearly revenue), Various DevOps roles, Networking roles (BGP,SS7), International SMS/MMS communication engineering (tracing messages from handset to handset as well as deploying solutions to carriers) at Interop Technologies, Sr. Software Architect and currently Systems Software Engineer within Security Engineering at Akamai Technologies. During all this time security has always been always been a focus as he has seen first hand many exploits/attempts over the years and how to mitigate them.

Venue, Map, and Directions

Directions from the North (via Florida Turnpike or I-95)

On the turnpike exit at Indiantown Road, drive east to I-95 and go south one exit to Donald Ross Road (I-95 exit #83).
Exit and drive east (left turn at exit traffic light).
Turn left onto Central Blvd.
Drive around the first traffic circle to the entrance of Scripps Florida (just beyond intersection of Main Street).
Park in the “Visitor” parking in front of Building B.
Check in with the security guard in Building B.

Directions from the South (via Florida Turnpike or I-95)

From the turnpike exit at PGA Blvd., drive east to I-95 and then go north one exit to Donald Ross Road (I-95 exit #83).
Exit and drive east (right turn at exit traffic light).
Turn left onto Central Blvd.
Drive around the first traffic circle to the entrance of Scripps Florida (just beyond intersection of Main Street).
Park in the “Visitor” parking in front of Building B.
Check in with the security guard in Building B.

Scripps Map
Scripps Parking

The Security Department would like to ensure that your visit is enjoyable and that you find a parking space and get to your event or meeting on time.

Ample parking is available to our guests in the Staff Parking Lot on the east side of Scripps Way. Follow “Event Parking” signs or Scripps Security Officer instructions for convenient parking. Spaces reserved for Faculty may not be used for visitor parking.

Stop by the Security Desk on your way out or use the Blue Light Emergency Phones (red button) for a direct line to the Security Desk to request any assistance or an escort.
Remember to lock your vehicle and store valuables out of sight. Suspicious vehicles or people should be reported to the Scripps Florida Security Department at 561-228-2757

Sponsors:
hytrust