[cs615asa] HWN
okandil
okandil at stevens.edu
Thu Apr 9 11:05:17 EDT 2015
Hello All,
Last night, I attended the OWASP NJ Cyber Security Computer Meetup
at NYI's NJ data center.The event started with a brief tour of the data
center which is a state of the art facility that was previously owned by
the payment processor,ADP.The facility features raised floors,4 USPs to
provide N+1 redundancy,secure data cages for large clients,3 layers of
fire suppression,and highly secure access(we had to go through multiple
layers of security before getting to the data center). The tour was
followed by an introduction by Tom Brennan who is the head of the NJ
chapter of OWASP. He gave a brief overview of OWASP(Open Web Application
Security Project) which is a non profit organization aimed at improving
Application Security.Tom stressed that OWASP is a 100% volunteer
community and that they are currently working on more than 150 Security
related projects.He has been chapter president since 2004 and does
forensics and penetration testing as his day job.
The next speaker to take the podium was David Weinstein. David
Weinstein currently works for the New Jersey Office of Homeland Security
and Preparedness as the New Jersey's first cyber security adviser.He
previously worked for US Cyber Command which is the military version of
the NSA.His presentation was about what this relatively new state office
is doing to promote information sharing amongst states,the federal
government,and private corporations.He introduced the concept of a
Fusion Center which is a state level office aimed to localize and
encourage information security sharing and storing threat information.He
said that one of the main goals of his team is to exchange data with
other states and corporations to promote the sharing of information.He
views the Economics of Information Sharing as a market where the the
currency is data where both corporations and government can benefit from
information exchange.He also stated that one of the big initiatives that
are ongoing at the state level is to perform vulnerability assessments
for critical infrastructure and municipal utilities.Most of the question
from the audience centered on the idea of State versus federal
government when it comes to investigating information security
breaches.He stated that the FBI always has the first right of refusal so
basically the state will investigate only information security breaches
that the FBI rejects due to the amount of load they have.For instance,in
the recent data breach at Rutgers and Farleigh Dickinson is being
investigated by the FBI and not at the state level.After David was
done,Tom Brennan briefly went over a new OWASP standard called Web
Application Edition of ASVS(Application Security and Verification
Standard).He stated that this would be OWASP's first standard.The
standard is made up of four verification levels.This is just one of the
many ready for use OWASP projects.
The final presentation was given by Thomas Ryan who is working on
creating the next generation of Security Professionals.His main concern
is that schools are not teaching students Security and that most recent
graduates don't have the proper security training for the job market.He
estimates that there are currently 2.5 million security professionals
and by 2017, there will be a need for at least 4 million security
professionals.His team is trying to put together OWASP training
materials that can be provided to the nation's universities as a guide
to how to educate students on security and help students gain Security+
certification upon graduation.
I chose this event because I wanted to know what was going on in the
security field.Security plays a huge role in Systems Administration and
it will continue to be an area of concern for all Systems
administrators.Overall, I learned a lot and I met some people who work
in the security field who gave me a brief overview of their job roles
which I though was interesting.Overall,it was good experience.
Thanks,
Omar Kandil
More information about the cs615asa
mailing list