Greetings!

The Memphis ISSA September 2011 meeting will be held on Thursday, September 29th, 2011 from 6:00pm – 8:00pm at AutoZone Parts, Inc. We will have Fortify Software, an HP company in town for an Exciting and Educational meeting. There will free CPE’s and free food.

Pre-Registration Required: Seating is limited so you must pre-register for the event. You can register by visiting http://memphisissasept2011.eventbrite.com or http://memphis.issa.org

Abstract: How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams

Software security is often a bolt-on afterthought for dealing with potentially serious yet non-functional product issues.  However, software developers frequently have neither the time nor inclination to deal with anything but functional enhancements and bug fixes identified in their defect tracking system.  The Security Group, having a corporate mandate to “secure the enterprise,” unmercifully throws at the Development Team an enormous list of non-actionable “issues” derived from dynamic and static security testing.  The Dev Team Lead is naturally and legitimately concerned about release schedules, which are now understandably threatened by unfocused approaches to security issue identification and mitigation.  Add to this a mixture of overt distrust and skepticism between the Security Group and software developers, and organizations are left with a pile of suspected security issues and no resolution in sight. The CISO, meanwhile, could not care less about minutia such as Cross-Site Request Forgery, but instead is focused on reducing business risk.

“Status quo” or “save the day”?  The answer is obvious, but getting there is easier said than done.  This presentation outlines the dysfunction common in organizations attempting to tackle software security assurance, but offers a happy ending:  recommendations for how to bridge the divide between development, security, and the CxOs they support.  The message ultimately focuses on what developers and security teams alike can do to lift themselves out of the quagmire in support of their C-level Executive, who is endeavoring to prevent the next TJX- or Heartland- like security catastrophe.

Bio: Bruce Jenkins, Managing Consultant

Bruce C. Jenkins (Major, USAF, Ret.) is a Managing Consultant at Fortify Software, an HP Company, where he is responsible for refining software security requirements and managing HP Fortify product deployments to help customers achieve Software Security Assurance.

Prior to joining HP Fortify, he spent 26 of his 28 years in the service leading people, managing projects, and dealing with technological and organizational change.  His experiences range from managing a small team of aircraft avionics technicians to commanding a communications unit supporting over 3,000 U.S. and international forces in Southwest Asia.  As Chief of Systems Security, 554th Electronic Systems Wing, he helped lay the foundation for the Air Force’s first ever Center of Excellence for application security.

Bruce holds a BS in computer science from the University of Maryland and MS in operations research from the Air Force Institute of Technology.  He is a Certified Ethical Hacker with countless hours of Internet surf time, where he has learned that paranoia is a perfectly legitimate state of mind.

Presentation Topic How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams

Pre-Registration: http://memphisissasept2011.eventbrite.com or http://memphis.issa.org

FREE CPE CREDITS! You can earn 2 CPE credits for attending an ISSA Meeting; just make sure to register!

This event will be held at:

AutoZone Corporate

123 S. Front St.

Memphis, TN 38103

Sincerely,

Board of Directors,

Memphis ISSA