Meeting - PCI DSS Pen Testing / IAM (Identity & Access Mgmt)

Hi all,

On Thursday November 12th we have two great speakers lined up for our next chapter meeting. Both posses great experience in their respective areas, so can get across the information and answer your questions that might not be so easy to find in the books. Stephen O'Boyle will talk about PCI DSS (Payment Card Industry - Data Security Standard), the set of compliance guidelines that you must adhere to if you store, transmit or process credit card information. This will be followed up with Barry Mulcahy's valuable information on management of identity and access to data across systems.

Also, thanks to the kind sponsorship from Espion on the night there will be some food and drinks provided too. No doubt, this should be a great night :)

Talk #1 - PCI DSS v3.1 Scanning and Penetration Testing

Stephen will discuss the key changes in PCI DSS Version 3.1, examine penetration testing methodology from the auditor’s point of view, and how you can maintain compliance.

Key Takeaways will include

∙ PCI DSS Pentest / Scanning overview

∙ Migrating from V2 to V3.1

∙ Changes to penetration testing requirement 11.3

∙ Scanning vs pen testing

∙ What the auditor expects from pen testing

∙ Example methodology

Speaker Bio:

Stephen O’Boyle heads up Espion’s Professional Services team and has been a PCI Qualified Security Assessor since 2008. He is an experienced information security, risk and compliance consultant with has over ten years’ experience in information security in both domestic and international markets. Stephen has extensive experience in performing PCI audits / consultancy, information security & risk management assessments, network / architecture security reviews, application security reviews, penetration testing and assisting organisations in aligning their information security posture to their business objectives. Stephen has worked across a wide range of industry verticals, including government, financial, education and technology.

Talk #2 - Identity and Access Management (IAM)

This talk will focus on Identity and Access Management (IAM), what it is and how it fits into the security landscape. It will outline the lifecycle of an identity (Hello new hire Alice!). How we move from having an identity to having access. Some of the common pitfalls encountered during IAM integration projects. Analytics techniques for IAM that smooth the integration path, validate controls and provide valuable Business Intelligence (BI) that are useful for process improvement and security auditing. The talk will conclude by looking at some of the recent trends in IAM and some pointers for the future.

Speaker Bio:

Barry P. Mulcahy received a B.Sc. in computer science from UCC in 2001 and a Ph.D. in distributed security systems from UCC in 2008. His academic experience involves R&D in distributed security systems with an emphasis on data aggregation, analytics and workflows. While working in Waterford IT as a security researcher he was involved in several large European FP7 projects including CoMiFin, EternalS and Aniketos. His commercial roles include Identity and Access Management (IAM) Project Manager at Onaware-Mycroft. This boutique IAM integration house catered primarily for financial institutions. Barry is currently part of the Qualcomm Web Authentication team, helping design and implement security controls for authentication and authorization in Qualcomm’s global IT infrastructure.

https://ie.linkedin.com/in/barrymulcahy

Afterwards ...

We might have a few sneaky pints afterwards, and you are all welcome to join us.

We are having the talks in Cashman's Bar on Academy Street so we will stay on there.

Regards,

Darren & Fiona (OWASP Cork Team)