August 21, 2010

Saturday at the Museum

ISSA National Capital Chapter invites you to join us for a guided tour of the National Cryptologic Museum. There is no charge to attend, and non-members and children over the age of 7 are welcome.

The National Cryptologic Museum is located adjacent to NSA Headquarters, Ft. George G. Meade, Maryland, and houses a collection of thousands of artifacts that collectively serve to sustain the history of the cryptologic profession. Originally designed to house artifacts from the Agency and to give employees a place to reflect on past successes and failures, the Museum quickly developed into a priceless collection of the Nation's cryptologic history.

The National Cryptologic Museum has had an adjunct reference library that maintains a collection of unclassified and declassified books and documents relating to every aspect of cryptology. The books and records complement the museum exhibits and artifacts, but also offer unique and in-depth sources of information for researchers. The library has a very large collection of commercial codebooks.

The NSA Civilian Welfare Fund Gift Shop, located within the National Cryptologic Museum, offers a variety of merchandise ranging from unique NSA logo items to books and videos relating to the art and science of cryptology.

Adjacent to the Museum, is the National Vigilance Park. The park showcases two reconnaissance aircraft used for secret missions. The park is not part of the tour but you are encouraged to explore it on your own.

The tour will start at 10:00 AM and will take approximately 90 minutes.

Please RSVP if you plan to attend.

August 21, 2010 at 10:00 AM

National Cryptologic Museum
9900 Colony 7 Rd,
Fort Meade, MD?
(Parking available)

Click here for details

Skeletons in the Closet: Securing Inherited Applications
John Dickson, Denim Group

Abstract
Many security officers worry less about the security of new applications being built and more about the security of hundreds of applications they inherited. What applications represent the biggest risk? What attributes make them more or less risky? What are the most cost-effective courses of action given budget constraints in today's business environment? 

This interactive workshop will help participants understand how to attack this problem and create a risk-based approach to managing the security of an existing application portfolio using tools like the OWASP ASVS model. The session will decompose an example application to determine how to conduct a bottom-up risk profile for future risk comparison against other applications. The audience will also participate in an exercise comparing different applications to better understand the ranking process. The audience will leave with a framework, action plan and basic understanding of the risk-ranking process that they can immediately apply to their work environment.

About the Speaker
John Dickson is a principal at Denim Group, Ltd. and a Certified Information Systems Security Professional (CISSP) whose technical background includes hands-on experience with intrusion detection systems, telephony security and application security. He helps Chief Security Officers of Fortune 500 and Federal organizations launch software initiatives and has served as Chief Information Security Officer for a major healthcare organization.

John Dickson is a former U.S. Air Force officer who specialized in network defense and command and control while on active duty and Air Force Reserves. He joined Denim Group after holding several leadership positions at high profile organizations including Regional Vice President of International Operations and Director of Consulting at SecureLogix Corporation, Senior Account Manager at Trident Data Systems and Manager at KPMG's Information Risk Management consulting practice. In these positions, he specialized in network penetration projects, firewall project management, enterprise security reviews, security architecture development, intrusion detection and more.

John regularly speaks on the topic of application security at venues such as the RSA Security Conference and the Computer Security Institute's (CSI) Conferences. He is a founder and former chairman of the San Antonio Technology Accelerator Initiative (SATAI), a founder of the Alamo Chapter of ISSA, the Immediate Past Chair of the North San Antonio Chamber of Commerce and the TRISC co-chair for 2008. He currently serves on the Founders Board for the Institute for Cyber Security at the University of Texas at San Antonio and as Director of the Texas Lyceum, a statewide leadership organization.

He holds a Bachelor of Science degree from Texas A&M University, a Master of Science degree from Trinity University in San Antonio, Texas, and an MBA from the University of Texas at Austin

 Please RSVP if you plan to attend.

Government Printing Office
Room A138
732 N. Capitol St.
Washington, DC, 20401

Click here for details

Note that ID is required for security.  Must pass through metal detector and bags will be x-rayed. Each guest must pass through a metal detector.  The guards will then take him or her to a reception area for ID check. The ID will be exchanged for a visitor badge, and the guest can then be escorted to the meeting room. 

State of the Hack:
M-Trends- The Advanced Persistent Threat
by Robert Lee

Abstract
In early 2010, MANDIANT released its inaugural M-Trends report.  This first report focused on our years of experience responding to computer security incidents perpetrated by the Advanced Persistent Threat (APT).    The "straight from the battlefield" presentation provides case studies detailing the most recent computer security incidents MANDIANT has responded to involving the APT. During this presentation we detail the main points of the report through anonymous, in-depth case studies of attacks against commercial, government, and defense industrial base organizations.  We demonstrate how the attackers gain access, how they behave once inside the victim network and the impact on the organizations.  And, because understanding the problem is only half the battle, we wrap up with remediation recommendations that really work. 

About the Speaker
Robert Lee is a Director in MANDIANT’s Professional Services group.  Mr. Lee has more than 14 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. He served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, Mr. Lee worked directly with a variety of government agencies in the law enforcement, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and lead for a computer forensic and security software development team. 

A graduate of the U.S. Air Force Academy, Mr. Lee also holds a Masters in Business Administration from Georgetown University.  In 2009 he was awarded the Digital Forensic Examiner of the Year from the Forensic 4Cast Awards. Mr. Lee is co-author of the bestselling book Know Your Enemy, (2nd Edition).  He is also a co-author of MANDIANT’s Threat intelligence report - M-Trends: The Advanced Persistent Threat.

 Please RSVP if you plan to attend.

Government Printing Office
Room A138
732 N. Capitol St.
Washington, DC, 20401

Click here for details

Note that ID is required for security.  Must pass through metal detector and bags will be x-rayed. Each guest must pass through a metal detector.  The guards will then take him or her to a reception area for ID check. The ID will be exchanged for a visitor badge, and the guest can then be escorted to the meeting room.