Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
TedKozenko
Newcomer I
‎08-01-2022 06:38 PM
‎08-01-2022 06:38 PM

June 2022 Meeting Minutes

 

(ISC)2 June 28th Monthly Chapter Meeting Notes

 

Total Registered: 49

Total Attendees: 36

Format: In-Person

Meeting Agenda: (ISC)2 Cleveland Chapter Meeting, June 28, 2022

  • In person networking and conversation, Attendee Introductions
  • (ISC)2 Cleveland Chapter Meeting - In Person Welcome
  • Chatham House Rule
  • Chapter and (ISC)2 news and information
  • Officer Introductions for year 2022
  • Announcements - companies that are seeking & hiring
  • Security Friends - A fun look at and discussion of current cyber security news stories, delivered in over the top, dramatic radio style.
  • Feature Presentation - Secure Software Development – how the OWASP framework can help you.

 

Notes:

5:30pm introductions and Announcements

5:45 – 6:15pm – Security Friends – Current Security news and events.  Included open discussion on recent Cyber attacks and new items.

6:15pm Featured presenter – Brandon Collins – Optiv Security – CSSLP (certified secure software lifecycle professional) - pursuing

Secure Software Development - How the OWAP SAMM Framework can help.

  • A holistic approach.
  • SAMM 2.0
  • Broken into 5 business pillars.
  • Governance, Design, Implementation, Verification, and Operations

 

TedKozenko_0-1659393339266.png

 

 

Breaking down the OWASP SAMM Structure

Business Function – Security Practice – Stream A

 

How to assess? – Never Assess Yourself – Your bias will impact your assessment…

Self-assessment – Use assessors who are not impacted by the results to ask questions to fully understand the reality.

Involve many contributors….  Get down to the people doing the day to day…

Interview - Don’t Audit … This is to get a true gap analysis….

 

 

OWASP provides a spreadsheet with questions and a scoring system for each.  This is about getting as much of the detail as possible.  Understanding the reality, no judgement on why, and don’t solution during the assessment.

Allows you to develop a 3 yr – (12 quarter) plan to harden your SDLC environment.

 

Take-aways –

 Quantifiable ways to measure security posture.

Covers the ENTIRE SDLC

Low Hanging Fruit. – Focus training on Security SDLC participants – OWAS Top 10 Training.

                Include the Dev teams to help select training that is engaging...

Keep it simple to get them engaged to start the journey.

                Inspire E-Learning is a low cost option - around $3K.. (Attendee Suggestion)

 

Engage a partner to help adopt SAMM V2 Framework and to perform the assessment to understand your gap and set a Roadmap to Secure Software Development.

Contact Info:

Brendon Collins

Brendon.Collins@Optiv.com

330.807.5564

 

 

Reply
0 Kudos
0 Replies