Free Local Cleveland Security Event July 13th

Security B-Sides is coming to Cleveland again this year on July 13, 2012. One full day of interesting talks....for FREE! You don't want to miss it. Hurry, seating is limited!

Security B-Sides Cleveland When: Friday, July 13, 2012 Where: Embassy Suites Cleveland - Rockside Address: 5800 Rockside Woods Boulevard, Independence 44131 Cost: Free (as always!)

It is co-sponsored by the Northeast Ohio Information Security Forum (NEOISF.ORG).

Great Cleveland Security Event: BSidesCleveland

I wanted to direct your attention to a great security event being held in Cleveland next week: BSidesCleveland. It's a one-day event on Friday February 18, 2011 filled with interesting speakers and topics and great opportunities to network with your peers.

A local security group that I founded, the Northeast Ohio Information Security Forum, is one of the sponsors. The other local sponsor is SecureState.

Seating is limited and to if you don't have a ticket you are out of luck because it's sold out. You can still follow the goings on there via Twitter @BSidesCLE.

You can find out more about BSidesCleveland here:
http://www.securitybsides.com/w/page/27427415/BSidesCleveland

Even security conferences suffer from vulnerabilities

Whoops, it looks like the folks who developed the registration website for the Blackhat security conference have a little security issue themselves. As Michael Coates reported, the website that is used to register for access to some of the live talks from the conference is vulnerable to a hack where an attacker could obtain free access to paid content.

For a fee the conference offers access to select talks that are streamed live. Well Micheal found a vulnerability where he was able to access the stream without providing his credit card. Oops.

The good news out of all of this is the response from the company who developed the website responded quickly to Michael's call and within 4 hours had a fix installed. Further Michael followed responsible disclosure and did not disclose the issue until after the site was fixed.

Call-For-Papers Info Sec Summit in October

I forgot to mention in my last blog post that we are accepting submissions from presenters and trainers for the Information Security Summit on October 11-13 and 14-15, 2010.

CFP submission deadline is May 15, 2010. We look forward to your participation.

http://www.informationsecuritysummit.org

8th Annual Information Security Summit Dates Announced

Dates have been announced for the 8th Annual Information Security Summit. This years event will take place October 14-15, 2010 at Corporate College East in Warrensville Heights, Ohio. Pre-conference training class will take place on October 11, 12, and 13. Corporate College East is located at 4400 Richmond Road between Harvard and Emery Roads In Warrensville Heights. The facility is easily accessible from Interstate 271.

Last years event featured keynote talks from well respected industry leaders Richard Bejtlich, Grady Summers, Joel Snyder, and John O'Leary; over 30 sessions; and attracted over 400 security professionals. The event was a huge success and we will be building on that this year.

Registration is open, take advantage of early bird pricing of $250 before July 1, 2010.

http://www.informationsecuritysummit.org

This Years Summit is Over

Well the Information Security Summit is done and by all accounts the conference was a big success. Have heard nothing but very positive comments from the attendees many saying they learned enjoyed the presentations learning a great deal from the speakers. The topics seemed to be very timely as well.

I was pleased to hear this and pleased with how well the operations went, which was in large part due to the great folks working behind the scenes. These folks are all unpaid volunteers putting in countless hours to ensure things go well. The conference operations rivals larger national conferences in both quality of operations and content.

To recap the Information Security Summit ...

By the numbers:

• 6th year in existance
• 2 days
• 3 keynote sessions
• 36 breakout sessions
• 44 speakers
• 2 Birds-of-a-Feather sessions
• 12 sponsors
• 3 participating organizations
• ~350 attendees
  

Topics covered:

• Theme was risk management
• Measuring and managing risk
• How your security program is costing you money?
• It’s 10 PM do you know where your risks are?
• Information risk vs. information security
• PCI compliance
• SOX compliance
• Security frameworks
• Threat modeling
• Web application security myths
• Application security testing
  
• Data encrypting
  
• E-discovery
• File remnants in Windows Vista
• Data leak prevention
• Penetration testing with Fast-Track
• Risks of social networking sites
• Tiger Team pen-testing
• Bootable CD/USB environments
  
• Malware techniques
• Illicit spam networks
• Phishing
• Identity theft protection
  
• Secure building designs
• Business Continuity Planning

A big THANK YOU goes out to all everyone who helped make this event a success - from the speakers to the sponsors to the volunteers and the attendees who supported it!
See you next year at the Summit.

Anthony Reyes Keynote at Summit Conference

Currently listening to Anthony Reyes keynote address at day 2 of the 2008 Information Security Summit in NE Ohio. The talk is really good with great content and is entertaining. He's a former New York City cop from the cybercrimes group and really hits home with the insider attack risks to the company.

He says companies do not do a good job of controlling the information about them and understanding the inside risks. He's recommending employers should manage what their employees say about the company in public such as on Internet postings. He explains that such Internet postings actually pose serious risks to company business. Say's it's everyones job to keep the company safe.

If you ever have a chance to hear Anthony talk I highly recommend you attend.