https://community.isc2.org/t5/Cleveland-Chapter-Discussion/June-2022-Meeting-Minutes/m-p/52260#M14 <P>&nbsp;</P><P>(ISC)2 June 28th Monthly Chapter Meeting Notes</P><P>&nbsp;</P><P>Total Registered: 49</P><P>Total Attendees: 36</P><P>Format: In-Person</P><P><STRONG>Meeting Agenda:&nbsp;</STRONG>(ISC)2 Cleveland Chapter Meeting, June 28, 2022</P><UL><LI>In person networking and conversation, Attendee Introductions</LI><LI>(ISC)2 Cleveland Chapter Meeting - In Person Welcome</LI><LI>Chatham House Rule</LI><LI>Chapter and (ISC)2 news and information</LI><LI>Officer Introductions for year 2022</LI><LI>Announcements - companies that are seeking &amp; hiring</LI><LI><STRONG>Security Friends&nbsp;</STRONG>- A fun look at and discussion of current cyber security news stories, delivered in over the top, dramatic radio style.</LI><LI>Feature Presentation - Secure Software Development – how the OWASP framework can help you.</LI></UL><P><U>&nbsp;</U></P><P><U>Notes:</U></P><P>5:30pm introductions and Announcements</P><P>5:45 – 6:15pm – Security Friends – Current Security news and events.&nbsp; Included open discussion on recent Cyber attacks and new items.</P><P>6:15pm Featured presenter – Brandon Collins – Optiv Security – CSSLP (certified secure software lifecycle professional) - pursuing</P><P>Secure Software Development - How the OWAP SAMM Framework can help.</P><UL><LI>A holistic approach.</LI><LI>SAMM 2.0</LI><LI>Broken into 5 business pillars.</LI><LI>Governance, Design, Implementation, Verification, and Operations</LI></UL><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TedKozenko_0-1659393339266.png" style="width: 400px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/6320i9D0B0B7ADB4A089F/image-size/medium?v=v2&amp;px=400" role="button" title="TedKozenko_0-1659393339266.png" alt="TedKozenko_0-1659393339266.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>Breaking down the OWASP SAMM Structure</P><P>Business Function – Security Practice – Stream A</P><P>&nbsp;</P><P>How to assess? – Never Assess Yourself – Your bias will impact your assessment…</P><P>Self-assessment – Use assessors who are not impacted by the results to ask questions to fully understand the reality.</P><P>Involve many contributors….&nbsp; Get down to the people doing the day to day…</P><P>Interview - Don’t Audit … This is to get a true gap analysis….</P><P>&nbsp;</P><P>&nbsp;</P><P>OWASP provides a spreadsheet with questions and a scoring system for each.&nbsp; This is about getting as much of the detail as possible.&nbsp; Understanding the reality, no judgement on why, and don’t solution during the assessment.</P><P>Allows you to develop a 3 yr – (12 quarter) plan to harden your SDLC environment.</P><P>&nbsp;</P><P><U>Take-aways –</U></P><P>&nbsp;Quantifiable ways to measure security posture.</P><P>Covers the ENTIRE SDLC</P><P>Low Hanging Fruit. – Focus training on Security SDLC participants – OWAS Top 10 Training.</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Include the Dev teams to help select training that is engaging...</P><P>Keep it simple to get them engaged to start the journey.</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspire E-Learning is a low cost option - around $3K.. (Attendee Suggestion)</P><P>&nbsp;</P><P>Engage a partner to help adopt SAMM V2 Framework and to perform the assessment to understand your gap and set a Roadmap to Secure Software Development.</P><P><U>Contact Info:</U></P><P>Brendon Collins</P><P><A href="mailto:Brendon.Collins@Optiv.com" target="_blank" rel="noopener">Brendon.Collins@Optiv.com</A></P><P>330.807.5564</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 01 Aug 2022 22:38:04 GMT TedKozenko 2022-08-01T22:38:04Z https://community.isc2.org/t5/Cleveland-Chapter-Discussion/June-2022-Meeting-Minutes/m-p/52260#M14 <P>&nbsp;</P><P>(ISC)2 June 28th Monthly Chapter Meeting Notes</P><P>&nbsp;</P><P>Total Registered: 49</P><P>Total Attendees: 36</P><P>Format: In-Person</P><P><STRONG>Meeting Agenda:&nbsp;</STRONG>(ISC)2 Cleveland Chapter Meeting, June 28, 2022</P><UL><LI>In person networking and conversation, Attendee Introductions</LI><LI>(ISC)2 Cleveland Chapter Meeting - In Person Welcome</LI><LI>Chatham House Rule</LI><LI>Chapter and (ISC)2 news and information</LI><LI>Officer Introductions for year 2022</LI><LI>Announcements - companies that are seeking &amp; hiring</LI><LI><STRONG>Security Friends&nbsp;</STRONG>- A fun look at and discussion of current cyber security news stories, delivered in over the top, dramatic radio style.</LI><LI>Feature Presentation - Secure Software Development – how the OWASP framework can help you.</LI></UL><P><U>&nbsp;</U></P><P><U>Notes:</U></P><P>5:30pm introductions and Announcements</P><P>5:45 – 6:15pm – Security Friends – Current Security news and events.&nbsp; Included open discussion on recent Cyber attacks and new items.</P><P>6:15pm Featured presenter – Brandon Collins – Optiv Security – CSSLP (certified secure software lifecycle professional) - pursuing</P><P>Secure Software Development - How the OWAP SAMM Framework can help.</P><UL><LI>A holistic approach.</LI><LI>SAMM 2.0</LI><LI>Broken into 5 business pillars.</LI><LI>Governance, Design, Implementation, Verification, and Operations</LI></UL><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TedKozenko_0-1659393339266.png" style="width: 400px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/6320i9D0B0B7ADB4A089F/image-size/medium?v=v2&amp;px=400" role="button" title="TedKozenko_0-1659393339266.png" alt="TedKozenko_0-1659393339266.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>Breaking down the OWASP SAMM Structure</P><P>Business Function – Security Practice – Stream A</P><P>&nbsp;</P><P>How to assess? – Never Assess Yourself – Your bias will impact your assessment…</P><P>Self-assessment – Use assessors who are not impacted by the results to ask questions to fully understand the reality.</P><P>Involve many contributors….&nbsp; Get down to the people doing the day to day…</P><P>Interview - Don’t Audit … This is to get a true gap analysis….</P><P>&nbsp;</P><P>&nbsp;</P><P>OWASP provides a spreadsheet with questions and a scoring system for each.&nbsp; This is about getting as much of the detail as possible.&nbsp; Understanding the reality, no judgement on why, and don’t solution during the assessment.</P><P>Allows you to develop a 3 yr – (12 quarter) plan to harden your SDLC environment.</P><P>&nbsp;</P><P><U>Take-aways –</U></P><P>&nbsp;Quantifiable ways to measure security posture.</P><P>Covers the ENTIRE SDLC</P><P>Low Hanging Fruit. – Focus training on Security SDLC participants – OWAS Top 10 Training.</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Include the Dev teams to help select training that is engaging...</P><P>Keep it simple to get them engaged to start the journey.</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Inspire E-Learning is a low cost option - around $3K.. (Attendee Suggestion)</P><P>&nbsp;</P><P>Engage a partner to help adopt SAMM V2 Framework and to perform the assessment to understand your gap and set a Roadmap to Secure Software Development.</P><P><U>Contact Info:</U></P><P>Brendon Collins</P><P><A href="mailto:Brendon.Collins@Optiv.com" target="_blank" rel="noopener">Brendon.Collins@Optiv.com</A></P><P>330.807.5564</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 01 Aug 2022 22:38:04 GMT https://community.isc2.org/t5/Cleveland-Chapter-Discussion/June-2022-Meeting-Minutes/m-p/52260#M14 TedKozenko 2022-08-01T22:38:04Z