AppSecEU2011/Industry Outreach

==Industry Outreach Working Session Generals== On Friday, 10 June 2011, the OWASP Global Industry Committee (GIC) will be hosting 3 breakout sessions. These sessions will have the general objectives of: For more information about any of the sessions or to R.S.V.P. contact [mailto:sarah.baso@owasp.org Sarah Baso]
 * 1) Educating you about OWASP tools, projects, and other initiatives that your organization may benefit from, and
 * 2) Educating us about how to better serve industry: how can the GIC and OWASP as a whole maintain industry relevancy? How can the GIC facilitate a better working relationship with non-vendor organizations?

Security for Managers and Executives
10:15-11:00 AM, Conference Day 2, 10 June 2011 Location: Arts Building room 3106

The purpose for this session is to help organizations understand why application security is important and how OWASP can help in making their applications more secure. It will give them an opportunity to learn what documentation, training, architecture, tools and infrastructure is available. The best part is all these materials are free. OWSAP provides the solution for their application security needs. We are also looking to improve collaboration by helping get more organization participating in OWASP projects. This will help us ensure that we account for the various needs of industry and develop well vetted best practices.

Security For Managers and Executives - Industry Outreach Presentation

Presented by: [mailto:nishi.kumar@owasp.org Nishi Kumar], IT Architect Specialist, FIS View Presenter's Bio  Nishi Kumar is an Architect with 20 years of broad industry experience. She is part of OWASP Global Industry Committee, project lead for OWASP CBT (Computer based training) project, and a regular contributor to the OWASP Global Education Committee. She is a committed contributor of OWASP. She is the chair of Software Security Forum at FIS. She has spearheaded Secure Code Initiative program in FIS Electronics Payment division. As part of that program, she has delivered OWASP based training to management and development teams to various groups in FIS. She has been involved with PA-DSS certification of several applications in FIS. Since joining FIS in 2004 she has worked as an architect and team lead for several financial payment and fraud applications. She has hands-on accomplishments in design, development and deployment of complex software systems on a variety of platforms. Prior to joining FIS Nishi Kumar has worked for Pavilion, HNC, Fair Isaac, Trajecta, Nationwide Insurance and Data Junction as Senior Software Engineer, Architect and in Project Management roles.

CISO Survey
12:05-12:50 PM, Conference Day 2, 10 June 2011 Location: Arts Building room 3106

The objective of this session is to solicit feedback from industry leaders to help inform the content of the upcoming OWASP CISO survey. Specifically, we are interested in what they would like to see in a survey of their peers and leaders and how they think such a survey should be executed. The session will provide participants an opportunity to meet with peers in a vendor-free environment and discuss their problems with and solutions to information security. It will also allow them to shape the focus of the upcoming survey to maximize the return value to them.

Presented by: [mailto:Rex.Booth@us.gt.com Rex Booth], Senior Manager, Grant Thornton View Presenter's Bio Rex is a Senior Manager in Grant Thornton’s Public Sector practice and leads their Cybersecurity Solution group. He has over ten years of experience providing application development, risk management and information security services to government agencies, private industry, and financial institutions.

Since joining Grant Thornton, Rex has led various information security and risk management engagements including FISMA, IV&V, SOX, and OMB A-123 engagements as well as identity management and system certification and accreditation efforts. During his tenure at previous employers, Rex designed and developed complex distributed web-based applications. As a member of a managed security services team performing research and development, he co-architected and implemented a scalable information detection and prevention information aggregation solution for use in a real-time 24/7 information security monitoring system, correlating and reporting on thousands of devices. He has presented on the topic of information security and assessment methodologies to various institutions and is currently a global committee member for the Open Web Application Security Project (OWASP).

Global Industry Roundtable
15:00-15:45 PM, Conference Day 2, 10 June 2011 Location: Arts Building room 3106

This roundtable session will involve a series of questions aimed at driving discussion to determine: How can the OWASP Global Industry Committee become more relevant and work to achieve a better working relationship with industry verticals? What would types of OWASP resources (if none are currently available) would your company find value in? If you are not currently an OWASP member or corporate supporter, why not?

The outcomes of this session, as well as similar sessions that we hope to host at the other OWASP global appsec conferences this year, will be used determine whether a new membership model (esp. for corporate supporters) is needed within OWASP as well as where committee resources should be focused in the upcoming year(s).

Facilitated by: [mailto:sarah.baso@owasp.org Sarah Baso], Operations Manager for the OWASP Global Industry Committee With remote participation from: [mailto:joe.bernik@owasp.org Joe Bernik], Chief Information Security Officer for Fifth Third Bank and OWASP GIC Committee Chair View Presenters' Bios  Sarah Baso is currently managing operations for the OWASP Global Industry, Chapters, and Conferences Committees, reporting to the Director of Operations and the committee chairs. She also provided logistical support during the course of the 2011 OWASP Global Summit and is in the process of putting together formal documentation on the Summit 2011 Outcomes. Sarah's educational background includes a B.A. in English from the University of Minnesota, and a J.D. from Hamline University School of Law in St. Paul, Minnesota. She is a licensed attorney with a variety of experiences and skills that relate to her current work with the OWASP global community including: Practicing Attorney, Judicial Law Clerk, English and Computer Skills Teacher for English Language Learners, and Retail Management.

Mr. Bernik is the Chief Information Security Officer for Fifth Third Bank, responsible for protecting Fifth Third Bank and its clients’ information systems from risks. He is also responsible for defining and implementing Enterprise-wide information security strategies for the Bank. Mr. Bernik has more than 16 years of experience as a risk professional. He has developed risk management practices, procedures and standards for several Fortune 100 companies including several global banking organizations. Prior to his role at Fifth Third Bank, Mr. Bernik served in roles including Director of Operational Risk at the Royal Bank of Scotland and Chief Information Security Officer of ABN AMRO, and its subsidiary, LaSalle Bank. Mr. Bernik received his bachelor’s degree from the University of Mary Washington in Fredericksburg, Virginia, and completed graduate work in business administration at the City University of New York. Mr. Bernik currently serves as an advisor to the Federal Reserve on matters of information security and is on the steering committee of the Financial Services Sharing and Analysis Center (FS-ISAC). He also is the current committee chair for the OWASP Global Industry Committee.