Looks like this event has already ended.
Check out upcoming events by this organizer, or organize your very own event.
Memphis ISSA September Meeting with Fortify Software, An HP Company
Thursday, September 29, 2011 from 6:00 PM to 8:00 PM (CDT)
The Memphis ISSA September 2011 meeting will be held on Thursday, September 29th, 2011 from 6:00pm – 8:00pm at AutoZone Parts, Inc. We will have Fortify Software, an HP company in town for an Exciting and Educational meeting. There will free CPE’s and free food.
Pre-Registration Required: Seating is limited so you must pre-register for the event. You can register by visiting http://memphisissasept2011.eventbrite.com or http://memphis.issa.org
Abstract: How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams
Software security is often a bolt-on afterthought for dealing with potentially serious yet non-functional product issues. However, software developers frequently have neither the time nor inclination to deal with anything but functional enhancements and bug fixes identified in their defect tracking system. The Security Group, having a corporate mandate to “secure the enterprise,” unmercifully throws at the Development Team an enormous list of non-actionable “issues” derived from dynamic and static security testing. The Dev Team Lead is naturally and legitimately concerned about release schedules, which are now understandably threatened by unfocused approaches to security issue identification and mitigation. Add to this a mixture of overt distrust and skepticism between the Security Group and software developers, and organizations are left with a pile of suspected security issues and no resolution in sight. The CISO, meanwhile, could not care less about minutia such as Cross-Site Request Forgery, but instead is focused on reducing business risk.
“Status quo” or “save the day”? The answer is obvious, but getting there is easier said than done. This presentation outlines the dysfunction common in organizations attempting to tackle software security assurance, but offers a happy ending: recommendations for how to bridge the divide between development, security, and the CxOs they support. The message ultimately focuses on what developers and security teams alike can do to lift themselves out of the quagmire in support of their C-level Executive, who is endeavoring to prevent the next TJX- or Heartland- like security catastrophe.
Bio: Bruce Jenkins, Managing Consultant
Bruce C. Jenkins (Major, USAF, Ret.) is a Managing Consultant at Fortify Software, an HP Company, where he is responsible for refining software security requirements and managing HP Fortify product deployments to help customers achieve Software Security Assurance.
Prior to joining HP Fortify, he spent 26 of his 28 years in the service leading people, managing projects, and dealing with technological and organizational change. His experiences range from managing a small team of aircraft avionics technicians to commanding a communications unit supporting over 3,000 U.S. and international forces in Southwest Asia. As Chief of Systems Security, 554th Electronic Systems Wing, he helped lay the foundation for the Air Force’s first ever Center of Excellence for application security.
Bruce holds a BS in computer science from the University of Maryland and MS in operations research from the Air Force Institute of Technology. He is a Certified Ethical Hacker with countless hours of Internet surf time, where he has learned that paranoia is a perfectly legitimate state of mind.
Presentation Topic How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams
Pre-Registration: http://memphisissasept2011.eventbrite.com or http://memphis.issa.org
FREE CPE CREDITS! You can earn 2 CPE credits for attending an ISSA Meeting; just make sure to register!
This event will be held at:
123 S. Front St.
Memphis, TN 38103
Board of Directors,
When & Where
Memphis Information Systems Security Association
Our Memphis Tennessee ISSA Chapters primary purpose is to promote the Information Security profession through education of its members and interaction with the community.
The objectives of the Chapter are: To promote the education of, and help expand the knowledge and skills of its members in the interrelated fields of information systems security, and information or data processing; To encourage a free exchange of information security techniques, approaches, and problem solving by its members; To provide adequate communication to keep members abreast of current events in information processing and security which can be beneficial to them and their employers; and To raise awareness of security issues and their resolutions in local businesses and the community. Chapter members meet every 4th Thursday of each month in the Memphis area. Individuals from across the West Tennessee region are welcome to attend. The meetings are also open to interested individuals from Northwest Tennessee, Northern Mississippi, and North East Arkansas.