John Bloomer is the security engineer supporting the largest single US partner out of Kansas City, Missouri for Check Point Software Technologies, Inc. the world wide leader in securing the internet.  For the past 16 years John has helped to design and implement cutting edge solutions for sharing information quickly and securely.  From special projects for the United States Navy to the PCS network for Sprint, John has been a part of some of the most exciting advances in sharing data and has done so with a focus on securing that information.  Having served in roles ranging from operations to CISO, John brings a perspective of not only technical acumen but also the concerns of management and the business to the table.

Mr. Bloomer serves as a thought leader within the local security community and is a regular speaker at seminars, tradeshows and meetings around the mid-west.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress mapid="13"]

We will have a round table discussion about topics of interest to members.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress mapid="13"]

The ISSA would like to invite you to our 2010 Christmas Party and Open House on Thursday December 16^th.  The party will be hosted by Integrity at our offices in Ankeny.  This is a family event and you are welcome to bring your spouse and children for a casual evening of food and fun.  Please see the invitation for more details see the invitation and be sure to RSVP by 12/6.

Integrity will be providing door prizes throughout the evening so plan to come and stay a while.  Please invite anyone who has an interest in the ISSA chapter regardless of membership status.  This is an open house to help raise chapter awareness.

Please feel free to contact me should you have any questions.

Thanks
Dave

Web Application Hacking

The presentation this month will be a demo on profiling and attacking a web application.  The intent of the demo is to show where our applications are most vulnerable and thus require additional protection.  The demo will be presented by me with the help of Steve Healey our chapter treasurer and Information Security Engineer at Integrity.  I look forward to seeing you all there.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

Roundtable Discussion – The Verizon 2010 DBIR:

We will be discussing the 2010 Data Breach study conducted by the Verizon Business RISK team in conjunction with the US Secret Service.  This is the first year for the USSS data so there are some interesting changes from previous years.  You can download the report from the following link.

http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Protecting Your Applications from Backdoors:
How to Secure Your Business Critical Applications from Time Bombs, Backdoors & Data

With the increasing practice of outsourcing and using 3rd party libraries, it is nearly impossible for an enterprise to identify the pedigree and security of the software running its business critical applications. As a result backdoors and malicious code are increasingly becoming the prevalent attack vector used by hackers.

Whether you manage internal development activities, work with third party developers or are developing a COTS application for enterprise, your mandate is clear- safeguard your code and make applications security a priority for internal and external development teams.

In this session we will cover;

• Prevalence of backdoors and malicious code in third party attacks
• Definitions and classifications of backdoors and their impact on your applications
• Methods to identify, track and remediate these vulnerabilities

Speaker Bio

Clint Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk.  Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches.  Clint resides in Chicago, IL.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Kevin Riggins, author of InfoSec Ramblings (http://www.infosecramblings.com), which hosts one of the most popular Backtrack install how-to’s, will be giving a quick demonstration of how to install Backtrack to a USB thumb drive and then give a couple of demonstrations on some of the capabilities of this tool.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

This month’s meeting will be a round table discussion about security monitoring. Come join the conversation.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Stephen Kost is the Chief Technology Officer for Integrigy Corporation.  He has been writing about and presenting on Oracle security and auditing for the past 11 years.  He has worked with Oracle products since 1994 in many roles including database administrator, technical architect, IT security auditor, and applications administrator.

Stephen says “For most IT security professionals, the Oracle Database is a security challenge due to the complexity of the database and lack of database experience, especially as these databases often contain an organizations most critical data.  This presentation will focus on a few of the highest risk and most difficult to solve security risks in an Oracle Database environment including security vulnerabilities, password weaknesses, and generic privileged access.  To highlight the unrealized risk of security vulnerabilities in the database, a number of actual patched and un-patched security issues will be demonstrated.  In order to mitigate these risks, resources and best practices for securing an organization’s database will be discussed.”

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Jim will be walking us through all 7 of the OSI layers and how they work together. Understanding how the OSI stack works together is more important today than ever.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]