Cloud Security - Deep Dive into OSSG and Threat Modeling
Details
http://photos1.meetupstatic.com/photos/event/6/a/0/6/600_403107142.jpeg
Walking Directions from Parking Lot (https://www.google.com/maps/dir/350+Ellis+St,+Mountain+View,+CA+94043/37.3975488,-122.0543586/@37.3976905,-122.0543697,217m/data=!3m1!1e3!4m9!4m8!1m5!1m1!1s0x808fb71121337ca9:0xf9a740c8a090c962!2m2!1d-122.0539066!2d37.3982869!1m0!3e2)
6:30 pm: Arrival & networking
Drinks and Pizza will be provided.
7:00 pm: How can you contribute to OSSG- Dr. Bryan Payne, Nebula
The OpenStack Security Group (OSSG) is the primary driving force for security throughout the OpenStack community. This talk will introduce OSSG by telling the story of how the group formed and grew over the past 2 years. After a brief history, we will explore the primary areas that the group is working in today including threat analysis, the OpenStack Security Notes, and a book on OpenStack Security. Come to learn about the great security work happening in this community to improve OpenStack, and to see how you can contribute.
7:45 pm: Why We Should Threat Model- Edward Bonver, Symantec
Threat modeling is one of the most important software security activities that a development team should practice as part of software development lifecycle. Though it is not always easy to kick-start this activity for a team with little or no security experience, long-term benefits are numerous. In hopes of getting the OpenStack community actively engaged in the process, in this talk Edward will explore the value behind threat modeling, will take a look at the process behind it, and will go over some do’s and don'ts based on his experience rolling out threat modeling with hundreds of product teams across Symantec.
Speakers:
Dr. Bryan D. Payne:
Dr. Bryan D. Payne (https://www.linkedin.com/profile/view?id=3884866&authType=NAME_SEARCH&authToken=rvPi&locale=en_US&trk=tyah2&trkInfo=tarId%3A1409180722779%2Ctas%3Abryan%2Cidx%3A1-1-1) is the Director of Security Research at Nebula and co-founder of the OpenStack Security Group. He authored the OpenStack Security Guide and many research papers on virtual machine introspection. He is also the creator of LibVMI, an open source software library for runtime monitoring of virtual machines.
Prior to joining Nebula, Dr. Payne worked at Sandia National Labs, the National Security Agency, BAE Systems, and IBM Research. He graduated with a Ph.D. in Computer Science from the Georgia Tech College of Computing, specializing in systems security. His research interests include operating system security, virtualization security, usable security, live and forensic memory analysis, and trusted platforms.
Edward Bonver:
Edward Bonver (https://www.linkedin.com/profile/view?id=7451181&authType=NAME_SEARCH&authToken=91Q-&locale=en_US&trk=tyah2&trkInfo=tarId%3A1409180735428%2Ctas%3Aedward%20bo%2Cidx%3A1-1-1) is a technical director and software security architect in Software Security Group under the Office of the CTO at Symantec Corporation. In this capacity, Edward is responsible for working with software developers and quality assurance (QA) professionals across Symantec to continuously enhance the company's software security practices through the adoption of methodologies, procedures, and tools for secure coding and security testing. He is a software security evangelist, leading Symantec's security training initiative, and assisting product teams across the company with all aspects of building software security into the product development lifecycle. Edward joined Symantec in 2004. Prior to joining Symantec he held software engineering positions at Digital Equipment Corporation, Nbase, and Zuma Networks.
Edward is a frequent speaker at global security events and conferences. He represents Symantec on the SAFECode Board of Directors, is on the board of the Open Web Application Security (OWASP) Los Angeles chapter, and is a co-organizer of OWASP California regional application security conferences and summits.
Edward is a Certified Information Systems Security Professional (CISSP) and a Certified Secure Software Lifecycle Professional (CSSLP). He holds a master's degree in computer science from California State University, Northridge, and a bachelor's degree in computer science from Rochester Institute of Technology.
Cloud Security - Deep Dive into OSSG and Threat Modeling