The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

**Special Note**

Be sure to check out the special event ISSA Security Forum that preceeds our regularly scheduled meeting. The event is free to attend for AZSPF mambers and guests, just be sure to pre-register.

Topic: VMware

VMware & Security

Presenter: Rob Randell

Virtualization is becoming a very hot topic in IT industry and in datacenters around the world. Along with the popularity comes the inevitable security concerns associated with any new technology. Virtualization is no exception to that rule. In this presentation, Rob Randell, Senior Security Specialist at VMware will talk about the security implications of virtualization. Included in this talk will be a general virtualization overview covering the different types of virtualization in the market today focusing mostly on the most recognized form, being hardware virtualization. Also covered will be the security concepts introduced by virtualization, security advantages of virtualization, and common concerns and misconceptions will also be covered.

About the Speaker:

Rob Randell. CISSP is a Senior Security Specialist at VMware where he is responsible for working with customers to help them understand the security stance of VMware and its platforms . Rob has over 14 years of experience in the IT world and over 10 years in the Security industry. Rob came to VMware as part of the acquisition of Determina, which provided software to provide true zero day protection of the most critical memory based vulnerabilities. Prior to Determina Rob was a Senior SE at Webroot software and Vericept Corporation in which he was responsible for building the SE team. Rob spent over six years prior to these positions on the operations side of the house managing and securing datacenters in the telecom industry.

ISSA Phoenix Special Security Forum
The Future of Mass Hacking Campaigns Against Web Applications & Databases

What:

This is a special ISSA Security Forum event and is *FREE* to members and guests, but you MUST register (see below).

The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

Topic: Privacy and Healthcare

Update & Assessment

Presenter: Donald Hoffman

Privacy and Protected Health Information (PHI) in the Health Care and Services Industry has moved to the fore-front of Cyber Security. Has the Health Insurance Portability and Accountability Act of 1996, (HIPAA) accomplished what it has set out to do? Some would say yes, but many would claim that it has become another paper nightmare for organizations to manage.

About the Speaker:
Donald Hoffman is currently the Director of IT Security at one of the largest Health Care facilities in the west coast. Catholic Healthcare West (CHW) is responsible for more than 40 hospitals throughout California, Arizona, and Nevada. Don, a retired Chief Master Sergeant of the Air Force, was responsible for the Information Security Management of all Air Reserve Bases located throughout the United States from 1990 through his retirement in 1997. During his tenure as Chief, Information Protection Branch, Robins AFB, Georgia, Don assisted with developing and managing the security protection efforts of all Air Force Reserve Bases which migrated from the Secure Internet Protocol Network (SIPRNET) to the NoN-Secure Internet Protocol Network (NIPRNET). This basically was the time (1990’s) that Department of Defense (DOD) started introducing government and military entities to the Internet. Since his retirement from the Air Force, Don has been the former Chief Security Officer (CSO) of a large Insurance company in New York and has held various Senior Level Security positions with numerous Financial and Healthcare organizations throughout the east coast. He is a Certified Information Security Manager (CISM) and is currently studying for level 5 for his certification in Homeland Security. Don was the Regional Director of Homeland Security for the North East Region of New York .He has a Masters Degree in Information Systems from the Community College of the Air Force and will complete his studies next year for a Bachelor of Science degree in Security Management, with an emphasis in computer forensics, from the American Military University. He recently returned to full time status with CHW after being an Independent Security Consultant for five years.

The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

Topic: Business Continuity

Lessons Learned and Opportunities Lost

Presenter: Luke McConoughey

Business Continuity Planning (the business centric evolution of IT Disaster Recovery Planning has been thrust into the forefront by events of the past 8 years. Luke will share his insights gained from experience and discuss industry best practices.

About the Speaker:
Luke McConoughey has over 13 years of experience with all aspects of information technology with a particular emphasis on information security and network engineering. Luke advises clients regarding intellectual property protection, BC/DR planning, Policy/Procedure/Process development, compliance, incident response, and computer forensics. Luke has also worked as an information security subject matter expert at American Express, Amylin Pharmaceuticals, Charles Schwab, GoDaddy, and Wells Fargo.

In observance of Memorial Day, there will be no meeting.

The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

Topic: Cryptography 102

Modern Cryptography

Presenter: Jerry Crow

A continuation of the material covered in Cryptography 101 (March 2008), this presentation addresses contemporary cryptographic techniques in greater detail, with particular emphasis on so-called "public key" cryptography. I will avoid mathematical detail to the extent possible, but certain topics, public-key cryptography in particular, require a foray into basic mathematical concepts.

The presentation is organized as follows:

• Review of Crypto 101
• An unbreakable symmetric crypto system
• Basic mathematics of asymmetric systems
• Public Key cryptography
• Hashing algorithms

About the Speaker:

Jerry Crow's 35-year career in information technology includes experience with mainframe operating systems, notably Honeywell's GCOS; formal work with software engineering and software metrics; line management of a software development group; work with local and wide area networks; and administration level experience with every major flavor of commercial UNIX and Linux. His contemporary areas of focus include information technology security, information protection and computer forensics.

Join us April 1 for our Quarterly ISSA Phoenix Training Event!

Your manager, friends and business associates are welcome. Please invite them.

Tuesday, April 1, 2008, 11:30 to 5. Registration: 11:30 to Noon. Starts at Noon.

Held at the University of Phoenix Hohokum campus at: 4635 E. Elwood Street, Phoenix, AZ Room 101-102

The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

Topic: Cryptography 101

History of Cryptography through Enigma

Presenter: Jerry Crow

This presentation will offer an overview of general cryptographic concepts and history, and then address the common cryptographic systems used prior to the advent of the digital computer.

The presentation is organized as follows:

• Historical origins of cryptography

• Notable individuals and dates
• Basics of substitution systems
• Automated substitution systems
• Military impact of cryptography
• 20th century cryptography
• Social impacts of cryptography

About the Speaker:

Jerry Crow's 35-year career in information technology includes experience with mainframe operating systems, notably Honeywell's GCOS; formal work with software engineering and software metrics; line management of a software development group; work with local and wide area networks; and administration level experience with every major flavor of commercial UNIX and Linux. His contemporary areas of focus include information technology security, information protection and computer forensics.

The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

Topic: Building Malware.

Learn to think like the Black Hats to better defend ourselves.

Presenter: Erik Graham et. al. plus forum participation!

At the February '08 AZSPF meeting we will discuss the the topic of Building Malware. This will be a highly interactive discussion lead by an industry expert with practical hands-on malware analysis experience. During the discussion we will conceptually design a piece of malware in pseudocode to illuminate the subject and facilitate discussion of catching/preventing malware.

The Arizona Security Practitioner's Forum is an organic group for InfoSEC Professionals.