Nashville Technology Council

Enterprise Security Track – Room #203

9:35 – 10:25
The New Computer Forensic Essentials – Making and Analyzing Windows Memory Images
by Ron Black, Lead for Incident Response & Intrusion Detection, Defense Commissary Agency’s (DeCA) Computer Network Defense Service Provider (CNDSP)

Once ignored in many incident response and investigative procedures, imaging system memory on active systems and analyzing those images is quickly becoming a mandatory step. It is now one of the new computer forensic essentials! From the FBI to critical infrastructure and corporate incident responders, experts recognize that unplugging active systems without collecting volatile data destroys vital evidence which can’t be recovered. Collecting volatile data through the execution of trusted binaries to gather network and process information can be subverted by malicious code. But the malicious code must exist in memory. This brief will present why memory analysis is important, a brief overview of incident response and the SANS Forensic Methodology, and then discuss tools for imaging and analyzing Windows memory in some detail.

10:40 – 11:30
Current Threats and Countermeasures – Securing the Information of an Enterprise
by Jon Miller, Director of Assessment, Accuvant

Current threats and countermeasures securing the information assets of an enterprise has never been so important or so complicated. The past several years have seen a significant increase in the number of security threats and vulnerabilities and significant advancements in attack methodologies with new tools, techniques, and attack vectors being released on a weekly basis. 

Join Mr. Miller for a lively, interactive discussion to review the latest in current vulnerabilities and tools for ensuring security.  Through presentation and live demonstration, attendees will learn about the latest attacks, tools, and techniques employed by today’s hackers, as well as countermeasures that can help protect against these attacks.

2:00 – 2:50
Web Hacking – What are they Really After?
by Seth Law, Senior Security Consultant, Fishnet Security

The security community has seen an increase in web application attacks over the last few years, exploiting a number of common vulnerabilities.  This talk will examine recent security-related events and try to discern the purpose behind each attack, as well as demonstrate exploitation of the identified web vulnerabilities to achieve a real-world goal.

3:00 – 3:50
Full Disk Encryption – Not Seeing the Forest or the Trees
by Keith Walker, Consulting Security Engineer, HCA Information Technologies & Services

Data has become a key asset for most business enterprises.  Whether the data is corporate, client, employee, or patient-related, unwanted disclosure is never welcomed.  However, with required reporting and disclosure, along with compliance brought on by Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley (SOX) Act, the Payment Card Industry (PCI) and others, the incident cost and Corporate image impact can quickly outpace the cost of implementing a comprehensive full disk encryption solution that can mitigate the risk.
 
Many encryption products can implement full disk encryption, but may not provide the implementation evidence trail and tools to facilitate safe harbor protection.  Understanding the key features and requirements of encryption solutions which provide safe harbor is crucial to achieving reasonable return on investment.
 
This presentation will cover issues of breach disclosure; encryption solutions; and the key features that can help mitigate exposure and facilitate safe harbor protections.   Also included will be a substantive large enterprise case study exploring implementation issues and opportunities to save breach disclosure costs using encryption technology.

Application Security – Room #201

9:35 – 10:25
Web Application Firewall
by Ryan Barnett, Director of Application Security Research, Breach Security

The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability. This presentation will highlight the statistics gathered from Jan – June of 2009 and provide insight into categories such as: 1) Top Attack Methods, 2) Top Compromise Outcomes, 3) Top Target Geographic Region, 4) Top Vertical Markets Hit. The presenter will also provide some in-depth analysis for specific WHID entries.

10:40 – 11:30
Delivering Security Services in the Cloud – Panacea or Propaganda?
by Michael Sutton, VP of Security Research, Zscaler Labs

‘Cloud’ has become the favored buzzword among IT vendors rushing to deliver more for less in a tight economic environment. Security vendors have certainly not failed to miss this opportunity and a variety of security solutions once available from product vendors are now being delivered as services in the cloud. From securing email and web traffic to anti-virus engines and delivering vulnerability scanning, numerous security functions can now be obtained in a service model, delivered by third parties.

Tough economic times are a selling point for such services as they enable managers to convert capex to opex at a time when budgets are being slashed. Costs can also be made more predictable.  Services delivered based on head count as opposed to software and hardware purchases are made when traffic levels exceed certain thresholds or additional office space is acquired. But what is the true cost? Are short term cost savings outweighed by the hidden costs associated with outsourcing security?

Although cloud services have recently been hyped in virtually all areas of IT thanks to over-eager marketing departments, cloud based security services are at differing levels of maturity.  Services such as email security and vulnerability scanning emerged as service based offerings before the term ‘cloud security’ was coined. In other areas such as web security and anti-virus/spyware solutions, vendors are just now deploying solutions. As such, we’ll consider the challenges inherent in delivering cloud offering among different segments of the security industry.

Cloud based security services are a relatively new phenomenon and as such, enterprises typically have a variety of concerns that need to be addressed prior to committing to such an approach. In this talk we’ll consider the following common concerns from the buyers perspective:

• Privacy – Can corporate data be adequately secured in a multi-tenant environment?
• Functionality – Can a third party services deliver equivalent functionality when compared to in-house solutions?
• Reliability – What if the service goes offline?
• Compliance – Can I meet compliance objectives if functionality is outsourced?

In order to address these issues, we’ll investigate the various categories of security offerings now being delivered ‘in the cloud’. We’ll consider the various architectural approaches taken by vendors and debate the merits of each. We’ll also consider guidance provided by industry organizations such as the Cloud Security Alliance and Jericho Forum to identify best practices. Attendees can expect to understand the pros and cons of cloud security services and leave with the questions that need to be answered upfront by all enterprises considering such offerings.

2:00 – 2:50
Application Security Threat Modeling
by Dirk Maxwell, Director of Security & Compliance, Kroll

When it comes to application security, many organizations have established security requirements as a part of their development lifecycle, adopted secure coding practices, implemented code review, regularly perform security scans of applications prior to release, and sometimes spent a lot of money on independent penetration testing of their applications.  A few organizations also utilize static source code analysis tools and other methods to help ensure secure software.  Yet, outside of some large organizations and forward thinking software development houses, relatively few organizations have implemented what is arguably one of the most cost-effective and far-reaching practices when it comes to secure software development.  In this talk, I will address Application Security Threat Modeling, how it can be used to inform virtually every other application security practice, and I believe it is foundational to achieving an effective software security program.

3:00 – 3:50
Building Security In Maturity Model (BSIMM)
by Dean Saxe, Managing Consultant, Foundstone Professional Services (A Division of McAfee)

Software insecurity affects organizations of all sizes that develop software.  No organization is immune from the ever present threat of attacks seeking to gain access to personally identifiable information (PII), protected health information, credit cards and more.  The costs associated with information loss, directly from fines and lawsuits, and indirectly from lost customers and market share are significant.  Implementing a secure software development lifecycle (S-SDLC) has been touted as the way to improve the security of software, however, guidance in such efforts has been difficult to obtain.  The Building Security In Maturity Model provide a framework to design and implement a S-SDLC based upon the best practices collected from nine large scale, successful software security initiatives.  In this talk,  we’ll explore the basis of BSI-MM, the drivers for implementing a S-SDLC and examine a handful of the 110 activities defined in BSI-MM that may be used as part of a comprehensive S-SDLC initiative.

Join the Nashville Technology Council as we flashback to the 90s to celebrate 10 years in the Middle Tennessee Technology community.  Kick it old school with Nashville’s brightest business leaders at this annual summer networking event.  Admission includes one free drink ticket and a variety of appetizers.

Click Here for Directions to Crow’s Nest

Registration is Now Closed.  You may register at the event!

Sponsored by

“Gaining a Competitive Advantage Through Social Networking”
4:00 PM – 6:00 PM
Microsoft Offices
2555 Meridian Blvd., Suite 300
Franklin, TN  37067

July 9, 2009

Registration is now closed.  You may register at the door.

Social media continues to empower business owners as a way to combat slimming budgets and still get the word out.  By leveraging social media, entrepreneurs can gain a competitive advantage through customer engagements and social interactions within the online marketplace.  However, typing a message on one of the social interfaces is not always the best way to utilize social media.  Social media can also help you gain a competitive insight on your competitors.  Just by reading comments on a site such as Twitter, one can learn the positives and negatives about a competitor’s service offering or product in order to avoid being blind-sided.

Our panel will focus on the do’s and don’t do’s to successfully utilize social media to its fullest extent.  They will also discuss some of the key strategies to optimize your effectiveness of using social media and what other options are out there besides the obvious – Twitter, Facebook and LinkedIn.  Anyone can enter into a social site such as Twitter or Facebook and post comments, but will your comments and message support your brand and help grow your company?

Panelists

Kate O’Neill, Founder / Managing Director, [meta] marketer

Kate O’Neill has earned a reputation as a passionate advocate for innovative, interactive online experiences in business. Working in online content in Silicon Valley during the 1990s heyday, she introduced the techniques of blogging (before it was called blogging and before there were fantastic tools like Wordpress) to many companies as an employee and later as a consultant. As social networks and social media have sprung up, Kate has been a vocal advocate for their inclusion in savvy business and marketing strategy, as well, both for the SEO boost they often imply and for the way they can strengthen a business’s relationship with its customers and enhance the customer experience.

Kate currently runs [meta]marketer, a web marketing un-agency and freelance consultancy she founded this year. She also maintains four blogs, three Twitter accounts, and dozens of other semi-neglected social media accounts.

 
Bill Seaver, Social Media Marketing Consultant, MicroExplosion Media

Bill Seaver is the founder of MicroExplosion Media, a social media marketing consulting firm based in Nashville, Tenn. After spending many years in traditional marketing, Seaver left his role as the Executive Vice President for a marketing firm to focus solely on social media marketing. For the last two years, Bill has spoken to thousands of people at seminars and training events about social media marketing. His clients range from non-profits to large businesses. His goal is to help people understand what social media marketing is and adopt the right mindset needed to use it effectively. Bill is an active blogger and podcaster. He can be found at MicroExplosion.com.

Registration is now CLOSED.  You may register at the door.

The Nashville Tech Story (6/10/09)

The number of search engines on the internet is constantly increasing.  Although, Google and Yahoo continue to be the top dogs in the online search market, Microsoft has decided to make another run at their competition.  Introducing a new search engine tool from Microsoft, Bing.com

Unveiled in late May, the purpose of Bing is to build on the benefits of other search engines. Bing focuses on four major areas:  making a purchase decision, planning a trip, researching a health condition or finding a local business.  Being referred to as the “Decision Engine,” Bing creates an online environment in helping information seekers obtain data quicker and with less hassle. 

According to a Microsoft press release, more than 30% of users searching for data on a common search engine, abandon their search without a decent result. However, this allows Microsoft to attack that 30% by creating a tool that works to educate the user on how to properly utilize the information he/she has uncovered, which allows the information to help searchers make smarter decisions.

Check out this new search engine by visiting www.bing.com

July 9, 2009
“Gaining a Competitive Advantage Through Social Networking”
4:00 PM – 6:00 PM
Microsoft Offices
2555 Meridian Blvd., Suite 300
Franklin, TN  37067

View Panelists  |  Online Registration

Social media continues to empower business owners as a way to combat slimming budgets and still get the word out.  By leveraging social media, entrepreneurs can gain a competitive advantage through customer engagements and social interactions within the online marketplace.  However, typing a message on one of the social interfaces is not always the best way to utilize social media.  Social media can also help you gain a competitive insight on your competitors.  Just by reading comments on a site such as Twitter, one can learn the positives and negatives about a competitor’s service offering or product in order to avoid being blind-sided.

Our panel will focus on the do’s and don’t do’s to successfully utilize social media to its fullest extent.  They will also discuss some of the key strategies to optimize your effectiveness of using social media and what other options are out there besides the obvious – Twitter, Facebook and LinkedIn.  Anyone can enter into a social site such as Twitter or Facebook and post comments, but will your comments and message support your brand and help grow your company?

Click Here to Register Online

The Nashville Tech Story (6/9/09)

Want to get back at a colleague?  Boss?  A best friend who just committed the most cardinal sin of guy code by moving in on your girlfriend?

Take them out with the new interactive gaming system for the iPhone, GPS Assassins.  Enter into a world of users where over the course of time, game players attempt to “assassinate” each other with multiple weapon options and try to avoid being caught.   Users can earn “cash” to purchase other items to add to their arsenal by simply visiting certain venues such as the local Starbucks or Panera.

It has been long awaited, but co-founder Jackson Miller announced last Thursday at our roundtable event that GPS Assassins has been released to the APP Store on Apple.  This venture was an idea conceived and built at Startup Weekend. 

Featured on News Channel 2 this morning, Jackson Miller claimed that this is an exciting time for he and his partner, centre{source} owner, Nicholas Holland.  The application has only been available in the App store for four days and is already hosting more than 700 users. 

For a small fee of $4.99, users can download and purchase the game from the iPhone store.  Holland and Miller hope to have a launch of the game for the Blackberry and Android Stores in the near future.

Check out the coverage on News 2 by clicking here

Scott Braden

Since 1994 Scott Braden has personally helped large corporate customers put together hundreds of Microsoft license deals.

As one of the major Microsoft Large Account Resellers (LAR’s), he invested countless hours building analyses of various options, costs, and alternatives. In over 14 years of large-company technology experience, he’s shepherded big deals, including the largest single Enterprise Agreement that had ever been signed. Since then, Microsoft has made many of those highly proprietary and customized terms “standard”.

Scott’s professional background includes project management, process design and implementation (such as ITIL), software and asset management, enterprise software solutions, IT Service Management and outsourcing, business process consulting, software licensing, IT Help Desk operations consulting.  Most importantly, he’s attended numerous training classes, by Microsoft and other software vendors, detailing their licensing programs, their strategies, their goals. He’s learned how Microsoft works, who has the power, and how deals really get sold and approved.

The Nashville Tech Story (6/8/09)

Our final event for the 08’-09’ fiscal year was a review of the various mobile platforms.  Heading up the panel was Mrs. Lora Stevenson from The Horizons Group.  Experts on the panel have built and distributed applications on most of the major platforms including restaurant finders, games, and enterprise solutions.

Jackson Miller broke the news to the Roundtable that GPS Assassins has been released to the APP Store on Apple.  This venture was an idea conceived and built at Startup Weekend.

While cell phone users continue to evolve and demand for new applications continues to rise, providers such as Microsoft, Apple and Blackberry are scrambling to keep up with the demand.   “We are getting to the point where an AT&T phone can work with a Verizon network,” said panel member Ben Henderson, Firefly Logic.

The mobile device is practically ubiquitous in the U.S. and the decision of what device, carrier, and applications to purchase is often based upon perceived features.  The cost of applications has declined and a majority of the panel claimed the most popular applications include Facebook, Twitter, Social Networking, Google Maps and LiveSearch.  Jackson Miller would really like to have weather added to Google Maps and Latitude.