Compliance 2010 –Local Security Leaders Discuss “What Works”

Be a part of the conversation!  Panelists representing several industry sectors will discuss challenges, the changing landscape, and “what works” in security compliance.   This promises to be a highly informative discussion with real world issues and ideas you can put to use in your organization.

See the ISSA-Portland training page for details!

Network Device Trust/NAC -  Network Admission Control

This presentation will provide an overview of Network Access Control (NAC); the problems it can potentially solve, the technologies involved, and the landscape of available NAC solutions. Tom Harpham, Senior Network and Security Consultant with Network Computing Architects, will expand on the technical components of various NAC solutions, including Juniper Networks, McAfee, and Cisco implementations. The presentation will include a live demonstration of NAC solutions from 2 OEM vendors to highlight the similarities and differences in approach.

Tom Harpham, has over 18 years of experience in Networking & Converged Technologies focusing on solution design, secured network architecture and deployment strategies. Tom has extensive experience implementing network controls such as firewalls & VPN solutions, IDS / IPS systems, SEIM’s, Network Access Controls, DSU’s, routers, switches, multiplexers, terminal servers and complex IP Telephony systems completing his core strengths in LAN / WAN troubleshooting, analyzing security risks and recommending mitigation strategies. Additionally, Tom specializes in network segmentation and compliance related business initiatives; and has performed class room style training to customers on a variety of platforms and protocols.

Special Meeting–Thursday Dec. 17th, 2009 4:00–7:00 PM at Paragon (1309 NW Hoyt Street, Portland)

The ISSA Portland meeting for December is taking place at Paragon. There will be catered Hors D’oeuvres, wine, beer, and more time to socialize than typical meetings (the holidays are coming after all).

The presentation on SQL Injection comes highly recommended from a few of our members.

See you on the 17th!

Presentation

SQL Injection

This talk provides a brief introduction to SQL injection and continues with a discussion of advanced exploitation methods.
The presentation concludes with coverage of various prevention and mitigation strategies.

Outline

- History & Background

- Basic Examples

- Common Exploitation Methods

* Exfiltration

* Escalation

- Prevention, Avoidance & Mitigaiton

* Encoding

* Data Validation

* Deployment Configuration

Speaker
Timothy D. Morgan taught himself BASIC programming when he was twelve years of age and has been studying computers ever since.  After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University), Tim joined VSR to work as an application security consultant.  While at VSR, Tim has helped clients secure their computing infrastructures through application penetration testing, security code reviews, software and systems architecture assessments, and security policy reviews.

Tim has conducted dozens of digital investigations over the past several years and recently co-founded VSR Investigations, LLC where he leads the digital forensics practice.  He is also the author and maintainer of several open source forensics tools, namely GrokEVT, RegLookup, and tableau-parm.

Audits and Auditors

Seattle SecureWorld Expo is a great event for CLE credits and netowrking with security professional.

Portland ISSA members get a discount off the already affordable rate.

Visit: www.secureworldexpo.com using code – PortISSA

Topic: Virtualization and Security

Grant Asplund, Head of Market Development, Altor Networks 

Grant Asplund is Head of Market Development and leads sales for Altor Networks. Previous to joining Altor Networks, Mr. Asplund was the Vice President, Enterprise Sales for NeuStar where he led the global sales efforts for enterprise infrastructure services. Before that, he was President and CEO of MetaInfo where he was responsible for driving the company to develop SAFE DHCP TM. At the beginning of 2007 he successfully sold MetaInfo to NeuStar. Prior to acquiring MetaInfo from Check Point Software Technologies, he was the Worldwide Senior Product Evangelist for Check Point where he traveled the globe speaking and representing Check Point at numerous industry and partner events, seminars and company conferences. Before Check Point Software, Mr. Asplund lead sales at MetaInfo. MetaInfo was subsequently acquired by Check Point software in April 1998. Mr. Asplund began his career in the technology industry in 1983 when he was involved in opening an Apple dealership and has held several sales, marketing and management positions since then with Apple, Silicon Graphics, ComputerLand and Traveling Software.

Internet Security Threat Report Briefing
Wednesday, July 22, 2009

11:30 am – 1:00 pm
Lunch will be served.

Portland City Grill
111 SW 5th Ave.
30th Floor
Portland, OR 97204

Click here to Register

While we are all aware that the economy is having a major impact on our ability to train our staff, we feel that this course will allow you to maintain a level of quality training at a cost that hopefully can be supported by your budget.

SANS Institute training is coming to

Corvallis, Oregon in March 2009.

Registration is Now Open!

Again in 2009, SANS Institute training is coming to Oregon. This opportunity is brought to you by a consortium representing state government, local government, the Oregon University System, and community colleges.

SANS Institute training is recognized as the best in the world. This year the sponsored course is SANS “Security Essentials Bootcamp Style” (SEC 401 <http://www.sans.org/training/description.php?mid=61> ) and will be hosted on the Oregon State University campus March 16 – 21, 2009 (Monday through Saturday).

Registration is now open:  http://tss.oregonstate.edu/sans2009 <http://tss.oregonstate.edu/sans2009> .

Maximize your training time and turbo-charge your career in security by learning the full SANS Security Essential curriculum. In this course you will learn the language and underlying theory of computer security. At the same time you will learn the essential, up-to-the-minute knowledge and skills required for effective performance if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to its students: (1) You will gain up-to-the-minute knowledge you can put into practice immediately upon returning to work; and, (2) You will be taught by the best security instructors in the industry.

Who should attend:

*    Security professionals who want to fill the gaps in their understanding of technical information security
*    Managers who want to understand information security beyond simple terminology and concepts
*    Anyone new to information security with some background in information systems and networking.

Registration Fees – Private Sector employees

*       Early Bird Registration | By January 30, 2009 | $3595

*       Regular Registration | By February 27, 2009 | $3800

*       Late Registration | By March 6, 2009 | $4000

Government/Education Discount:  You are eligible for the educational and government participant discount if you are a:

*    Faculty or staff member from an accredited educational institution, including colleges, universities, technical training institutes, K-12 schools or any institution with an .edu domain name
*    Law enforcement member at the state or local level
*    Employee of a state, county, or city entity

Registration fees:

*    Early Bird registration (by 1/30/2009)  $ 1,200
*    Regular registration (by 2/27/2009)             $ 1,400
*    Late registration (by 3/6/09)           $ 1,700