OWASP Minneapolis St Paul 2009 Conference

Kuai Hinojosa

OWASP MSP President

Topic: Event Introduction

The OWASP MSP chapter has had a successful year, and will be looking ahead to even more participation in the global OWASP community.

Bio: Speaker provided bio.

Seth Peter

Chief Technology Officer, NetSPI

Topic: Topic TBD.

Seth will be discussing OWASP and the PCI-DSS.

Bio: (From netspi.com) Seth Peter is a computer security expert with extensive experience with all aspects of information security. He was a founder of the computer forensics team at Kroll Ontrack where he provided expert witness testimony and depositions regarding high profile computer security cases. As the founder and CTO of NetSPI, he is a national leader in risk management and security program assessment. Seth has provided consulting to over 100 different organizations within financial services, government, health care, education, nuclear energy, and retail. Seth is a Payment Card Industry Qualified Security Assessor and Visa Qualified Payment Application Security Professional. Seth holds a B.A. degree in Mathematics from Kenyon College.

Pravir Chandra

Director of Strategic Services, Fortify

Topic: OpenSAMM

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. Pravir Chandra, creator and leader of the project, will be discussing OpenSAMM. For more information on OpenSAMM, visit http://www.opensamm.org/.

Bio: (From fortify.com) Chandra is widely recognized in the industry for his expertise in software security, security training, and code analysis, and also for his ability to apply technical knowledge strategically from a business perspective. Most recently, Chandra was an independent consultant where he worked with clients to build and optimize software security programs. Prior to that, he was affiliated with Cigital as a Principal Consultant where he developed role-based training curricula and led large software security programs at Fortune 500 companies. Chandra was also Co-Founder and Chief Security Architect at Secure Software, Inc. before the company was acquired by Fortify Software.

Topic: The Future of the Security Industry: IT is Rapidly Becoming a Commodity

More companies are outsourcing their IT infrastructure -- treating it as a service more like electricity, office cleaning, or tax preparation -- and this has profound implications for IT security. Organizational users care less about the technical details of security. Products and services change their focus from the end user to the outsourcer. Industry consolidation results, as non-security IT infrastructure companies seek to bolster their security credentials. Even the profession changes, as jobs move from individual organizations to the outsourcing companies, and in some cases overseas. This talk looks at the future of IT security in a mature IT infrastructure industry.