The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

Topic: TBD

Tagline TBD

Presenter: TBD

Description TBD

About the Speaker:

Bio TBD

The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

Topic: Enterprise Risk Management

Introduction, big-picture, and notes from experience.

Presenter: Harry Contreras

Enterprise Risk Management is a rapidly maturing field fraught with misunderstandings. Harry provides a primer on what ERM is and is not, discusses the drivers and expectations of ERM, reviews industry research and Good Practices, and provides the lessons & anecdotes of a seasoned practitioner.

About the Speaker:
Harry Contreras is presently an IT Security Manager with a Fortune 500 enterprise. With over twenty (20) cumulative years in information security experience his present range of responsibilities includes industry benchmarking for security products and services, understanding security trends in delivering security policy and standards. Implementing security strategy through research and development of security solutions that meets enterprise needs to mitigate risks identified through Risk and Threat forecasting. Presently, working with company business IT leadership and identifying opportunities to synergize information security strategy with new business initiatives.

Prior work experience at an international aerospace company he served as Lead Security Systems Analyst and Security Strategist for their Global Security Services. Over the course of 12 years he was responsible for providing analytical consultation services in information technology and security services. Harry provided security policy management, strategies and developed standards, procedures and position statements with subject matter expertise in wireless, encryption, PKI and smart card technologies. Additional information security experience through work engagements with several global IT services companies.

Harry has a Bachelor’s of Science degree in Information Systems from the University of Phoenix and maintains a Certified Information Systems Security Professional (CSSP) certificate. He is accredited with a Green Belt in Six Sigma methodologies. Selected to serve on the advisory board for the internet publication; SearchFinancialSecurity.com.

The SDSUG is held Quarterly and is is one of my favorite local groups. The format is all day (8 to 4) and provides 4 to 5 presentations in 60-90 minute time slots. There is no fee to join, but you must register at the website. Food is provided (continental breakfast and sandwiches for lunch. The group is sponsored by CA, but don't let that scare you off, the organizers bring in a wide variety of presentations and screen them pretty well so that there are no sales pitches. Typical attendance ranges from 45 to 60, occasionally spikes higher.

The Quarterly Phoenix ISSA training events are well run, have good presenters/topics and are a good opportunity to network and mingle with your peers in other businesses and industries.

Benefits:

• Lunch, beverages and snacks
• Great networking with industry peers
• Expert speakers and leading edge security topics
• 4 hours CPE credit
• Door prizes

Check the Phoenix ISSA website for updates.

The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

Topic: BlackHat / DEFCON Roundup

What's hot, what's not, who's trying to pwn you and how

Presenter: Forum

This meeting will be a summary and discussion of hot topics from the Black Hat and DEFCON security conventions. Anyone who attends either is invited to speak/present. Please contact Christian, Barry or Ken to express intereste in being on the agenda. If you're not sure how to reach us, drop a line to Christian (dot) Price [at] gmail {dot} com with the subject line "BlackHat & DEFCON Roundup" and we'll follow up with you.

About the Speaker:
There will be many.

The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

**Special Note**

Be sure to check out the special event ISSA Security Forum that preceeds our regularly scheduled meeting. The event is free to attend for AZSPF mambers and guests, just be sure to pre-register.

Topic: VMware

VMware & Security

Presenter: Rob Randell

Virtualization is becoming a very hot topic in IT industry and in datacenters around the world. Along with the popularity comes the inevitable security concerns associated with any new technology. Virtualization is no exception to that rule. In this presentation, Rob Randell, Senior Security Specialist at VMware will talk about the security implications of virtualization. Included in this talk will be a general virtualization overview covering the different types of virtualization in the market today focusing mostly on the most recognized form, being hardware virtualization. Also covered will be the security concepts introduced by virtualization, security advantages of virtualization, and common concerns and misconceptions will also be covered.

About the Speaker:

Rob Randell. CISSP is a Senior Security Specialist at VMware where he is responsible for working with customers to help them understand the security stance of VMware and its platforms . Rob has over 14 years of experience in the IT world and over 10 years in the Security industry. Rob came to VMware as part of the acquisition of Determina, which provided software to provide true zero day protection of the most critical memory based vulnerabilities. Prior to Determina Rob was a Senior SE at Webroot software and Vericept Corporation in which he was responsible for building the SE team. Rob spent over six years prior to these positions on the operations side of the house managing and securing datacenters in the telecom industry.

ISSA Phoenix Special Security Forum
The Future of Mass Hacking Campaigns Against Web Applications & Databases

What:

This is a special ISSA Security Forum event and is *FREE* to members and guests, but you MUST register (see below).

The SDSUG is held Quarterly and is is one of my favorite local groups. The format is all day (8 to 4) and provides 4 to 5 presentations in 60-90 minute time slots. There is no fee to join, but you must register at the website. Food is provided (continental breakfast and sandwiches for lunch. The group is sponsored by CA, but don't let that scare you off, the organizers bring in a wide variety of presentations and screen them pretty well so that there are no sales pitches. Typical attendance ranges from 45 to 60, occasionally spikes higher.

The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

Topic: Privacy and Healthcare

Update & Assessment

Presenter: Donald Hoffman

Privacy and Protected Health Information (PHI) in the Health Care and Services Industry has moved to the fore-front of Cyber Security. Has the Health Insurance Portability and Accountability Act of 1996, (HIPAA) accomplished what it has set out to do? Some would say yes, but many would claim that it has become another paper nightmare for organizations to manage.

About the Speaker:
Donald Hoffman is currently the Director of IT Security at one of the largest Health Care facilities in the west coast. Catholic Healthcare West (CHW) is responsible for more than 40 hospitals throughout California, Arizona, and Nevada. Don, a retired Chief Master Sergeant of the Air Force, was responsible for the Information Security Management of all Air Reserve Bases located throughout the United States from 1990 through his retirement in 1997. During his tenure as Chief, Information Protection Branch, Robins AFB, Georgia, Don assisted with developing and managing the security protection efforts of all Air Force Reserve Bases which migrated from the Secure Internet Protocol Network (SIPRNET) to the NoN-Secure Internet Protocol Network (NIPRNET). This basically was the time (1990’s) that Department of Defense (DOD) started introducing government and military entities to the Internet. Since his retirement from the Air Force, Don has been the former Chief Security Officer (CSO) of a large Insurance company in New York and has held various Senior Level Security positions with numerous Financial and Healthcare organizations throughout the east coast. He is a Certified Information Security Manager (CISM) and is currently studying for level 5 for his certification in Homeland Security. Don was the Regional Director of Homeland Security for the North East Region of New York .He has a Masters Degree in Information Systems from the Community College of the Air Force and will complete his studies next year for a Bachelor of Science degree in Security Management, with an emphasis in computer forensics, from the American Military University. He recently returned to full time status with CHW after being an Independent Security Consultant for five years.