Meeting – Thursday March 18th, 2010 3:00 – 5:30 PM at Con Way (2055 NW Savier St. Portland)

Compliance 2010 –Local Security Leaders Discuss “What Works”

Be a part of the conversation!  Panelists representing several industry sectors will discuss challenges, the changing landscape, and “what works” in security compliance.   This promises to be a highly informative discussion with real world issues and ideas you can put to use in your organization.


Joint Even Feb 10th – ISSA, ISACA, SIM, and SAO

Joint networking event: ISSA, ISACA, SIM, SAO
Wednesday, February 10, 2010 – 5:30
Embassy Suites downtown
This meeting will take the place of our usual February ISSA chapter meeting.
This is a great networking event. Reach beyond our own organization.

Details:
Wednesday, February 10, 2010
5:30p – 6:45 networking; 6:45 – 7:45 speaker
Embassy Suites downtown
Dinner and attendance only $10 for active ISSA Portland chapter members (don’t tell the other groups, they are paying full price).

Presentation by Google
Topic:
Cultural and Technological Drivers of Innovation at Google
Brian Kemler and Steve Benson, Google Enterprise

CISSP Training at PSU 25 – 29 Jan

See the ISSA-Portland training page for details!

Meeting – Thursday Jan. 21st, 2010 3:00 – 5:30 PM at Con Way (2055 NW Savier St. Portland)

Network Device Trust/NAC -  Network Admission Control

This presentation will provide an overview of Network Access Control (NAC); the problems it can potentially solve, the technologies involved, and the landscape of available NAC solutions. Tom Harpham, Senior Network and Security Consultant with Network Computing Architects, will expand on the technical components of various NAC solutions, including Juniper Networks, McAfee, and Cisco implementations. The presentation will include a live demonstration of NAC solutions from 2 OEM vendors to highlight the similarities and differences in approach.

Tom Harpham, has over 18 years of experience in Networking & Converged Technologies focusing on solution design, secured network architecture and deployment strategies. Tom has extensive experience implementing network controls such as firewalls & VPN solutions, IDS / IPS systems, SEIM’s, Network Access Controls, DSU’s, routers, switches, multiplexers, terminal servers and complex IP Telephony systems completing his core strengths in LAN / WAN troubleshooting, analyzing security risks and recommending mitigation strategies. Additionally, Tom specializes in network segmentation and compliance related business initiatives; and has performed class room style training to customers on a variety of platforms and protocols.

Special Meeting–Thursday Dec. 17th, 2009 4:00–7:00 PM at Paragon (1309 NW Hoyt Street, Portland)

Special Meeting–Thursday Dec. 17th, 2009 4:00–7:00 PM at Paragon (1309 NW Hoyt Street, Portland)

The ISSA Portland meeting for December is taking place at Paragon. There will be catered Hors D’oeuvres, wine, beer, and more time to socialize than typical meetings (the holidays are coming after all).

The presentation on SQL Injection comes highly recommended from a few of our members.

See you on the 17th!

Presentation

SQL Injection

This talk provides a brief introduction to SQL injection and continues with a discussion of advanced exploitation methods.
The presentation concludes with coverage of various prevention and mitigation strategies.

Outline

- History & Background

- Basic Examples

- Common Exploitation Methods

* Exfiltration

* Escalation

- Prevention, Avoidance & Mitigaiton

* Encoding

* Data Validation

* Deployment Configuration

Speaker
Timothy D. Morgan taught himself BASIC programming when he was twelve years of age and has been studying computers ever since.  After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University), Tim joined VSR to work as an application security consultant.  While at VSR, Tim has helped clients secure their computing infrastructures through application penetration testing, security code reviews, software and systems architecture assessments, and security policy reviews.

Tim has conducted dozens of digital investigations over the past several years and recently co-founded VSR Investigations, LLC where he leads the digital forensics practice.  He is also the author and maintainer of several open source forensics tools, namely GrokEVT, RegLookup, and tableau-parm.

Meeting – Thursday Nov. 19th, 2009 3:00 – 5:30 PM at Con Way (2055 NW Savier St. Portland)

Audits and Auditors

Overview:
For most security professionals, audits are a regular occurrence. Unfortunately, they are often seen as a distraction to achieving your real priorities rather than, as they should be, an independent viewpoint with constructive suggestions for improvement. Aaron Weller has been both an auditor (both Internal and External) and also on the receiving end of a number of security audits over his career. This presentation will cover some of the common reasons why audits don’t help as much as they should, and how as someone being audited, you can work with your auditors to help ensure a useful outcome.
Presenter: Aaron Weller, Managing Director for Concise Consulting Group LLC

Seattle SecureWorld Expo – Oct. 28-29

Seattle SecureWorld Expo is a great event for CLE credits and netowrking with security professional.

Portland ISSA members get a discount off the already affordable rate.

Visit: www.secureworldexpo.com using code – PortISSA

Meeting – Thursday Oct. 15th, 2009 3:00 – 5:00 PM at Con Way (2055 NW Savier St. Portland)

Topic: Virtualization and Security

Grant Asplund, Head of Market Development, Altor Networks 

Grant Asplund is Head of Market Development and leads sales for Altor Networks. Previous to joining Altor Networks, Mr. Asplund was the Vice President, Enterprise Sales for NeuStar where he led the global sales efforts for enterprise infrastructure services. Before that, he was President and CEO of MetaInfo where he was responsible for driving the company to develop SAFE DHCP TM. At the beginning of 2007 he successfully sold MetaInfo to NeuStar. Prior to acquiring MetaInfo from Check Point Software Technologies, he was the Worldwide Senior Product Evangelist for Check Point where he traveled the globe speaking and representing Check Point at numerous industry and partner events, seminars and company conferences. Before Check Point Software, Mr. Asplund lead sales at MetaInfo. MetaInfo was subsequently acquired by Check Point software in April 1998. Mr. Asplund began his career in the technology industry in 1983 when he was involved in opening an Apple dealership and has held several sales, marketing and management positions since then with Apple, Silicon Graphics, ComputerLand and Traveling Software.

Symantec Internet Security Threat Report Briefing, 22July 2009

Internet Security Threat Report Briefing
Wednesday, July 22, 2009

11:30 am – 1:00 pm
Lunch will be served.

Portland City Grill
111 SW 5th Ave.
30th Floor
Portland, OR 97204

Click here to Register