[cs615asa] HWN

okandil okandil at stevens.edu
Thu Apr 9 11:05:17 EDT 2015


Hello All,

     Last night, I attended the OWASP NJ Cyber Security Computer Meetup 
at NYI's NJ data center.The event started with a brief tour of the data 
center which is a state of the art facility that was previously owned by 
the payment processor,ADP.The facility features raised floors,4 USPs to 
provide N+1 redundancy,secure data cages for large clients,3 layers of 
fire suppression,and highly secure access(we had to go through multiple 
layers of security before getting to the data center). The tour was 
followed by an introduction by Tom Brennan who is the head of the NJ 
chapter of OWASP. He gave a brief overview of OWASP(Open Web Application 
Security Project) which is a non profit organization aimed at improving 
Application Security.Tom stressed that OWASP is a 100% volunteer 
community and that they are currently working on more than 150 Security 
related projects.He has been chapter president since 2004 and does 
forensics and penetration testing as his day job.

    The next speaker to take the podium was David Weinstein. David 
Weinstein currently works for the New Jersey Office of Homeland Security 
and Preparedness as the New Jersey's first cyber security adviser.He 
previously worked for US Cyber Command which is the military version of 
the NSA.His presentation was about what this relatively new state office 
is doing to promote information sharing amongst states,the federal 
government,and private corporations.He introduced the concept of  a 
Fusion Center which is a state level office aimed to localize and 
encourage information security sharing and storing threat information.He 
said that one of the main goals of his team is to exchange data with 
other states and corporations to promote the sharing of information.He 
views the Economics of Information Sharing as a market where the the 
currency is data where both corporations and government can benefit from 
information exchange.He also stated that one of the big initiatives that 
are ongoing at the state level is to perform vulnerability assessments 
for critical infrastructure and municipal utilities.Most of the question 
from the audience centered on the idea of State versus federal 
government when it comes to investigating information security 
breaches.He stated that the FBI always has the first right of refusal so 
basically the state will investigate only information security breaches 
that the FBI rejects due to the amount of load they have.For instance,in 
the recent data breach at Rutgers and Farleigh Dickinson is being 
investigated by the FBI and not at the state level.After David was 
done,Tom Brennan briefly went over a new OWASP standard called Web 
Application Edition of ASVS(Application Security and Verification 
Standard).He stated that this would be OWASP's first standard.The 
standard is made up of four verification levels.This is just one of the 
many ready for use OWASP projects.

     The final presentation was given by Thomas Ryan who is working on 
creating the next generation of Security Professionals.His main concern 
is that schools are not teaching students Security and that most recent 
graduates don't have the proper security training for the job market.He 
estimates that there are currently 2.5 million security professionals 
and by 2017, there will be a need for at least 4 million security 
professionals.His team is trying to put together OWASP training 
materials that can be provided to the nation's universities as a guide 
to how to educate students on security and help students gain Security+ 
certification upon graduation.

    I chose this event because I wanted to know what was going on in the 
security field.Security plays a huge role in Systems Administration and 
it will continue to be an area of concern for all Systems 
administrators.Overall, I learned a lot and I met some people who work 
in the security field who gave me a brief overview of their job roles 
which I though was interesting.Overall,it was good experience.

Thanks,

Omar Kandil



More information about the cs615asa mailing list