SlideShare a Scribd company logo

San Antonio Security Community

Denim Group
Denim Group

John Dickson's presentation to ISSA San Antonio about the San Antonio information security community - its past, present and future.

TechnologyBusiness
1 of 12
Download to read offline
The San Antonio Security Community – Past, Present and Future John B. Dickson, CISSP
Denim Group Background • Privately-held, professional services organization that builds secure software and mitigates risk of existing software • Takes a software-centric perspective on application security – All consultants regularly build software systems – Approach the problem of software security from a developers viewpoint – Secure development methodology used on all software builds • Solving the secure remediation challenge – The next “hard” problem in application security • Thought Leaders in Secure Development Practices – Developed Sprajax – First Open Source AJAX vulnerability scanner – Regular speakers at RSA, OWASP, CSI – OWASP National Leaders 1
My Background • Ex-Air Force Officer – ESC, AFIWC, AFCERT • Entrepreneur • Security Practitioner y – Commercial Experience at Trident Data Systems, KPMG, SecureLogix, Denim Group • Founder and Former Chairman of SATAI & Past Chair of the North Chamber 2
Cluster Theory and San Antonio’s Security Community • Michael Porter’s Cluster Theory of Economic Development – A Cluster: geographic concentration of competing and cooperating companies, suppliers, service providers and associated institutions • Sophisticated clusters produce an ecosystem of activity • Examples: – Silicon Valley semiconductor industry – Hollywood film industry • Cluster theory central to competitiveness 3
The Springs from which much flowed… Emerging Security Community in San Antonio 4
Cluster Theory and San Antonio’s Security Community • Economic analysis prepared by Silicon Valley think tank ICF Consulting led by Jim Gollub • Delivered in July 2000 for: – The City of San Antonio, Economic Development Department – San Antonio Technology Accelerator Initiative • Captured an “emerging cluster” of IT activity centered around information security • “In order for San Antonio to economically benefit from the wealth of competency in information security expertise, economic inputs must be aligned to make it advantageous for local entrepreneurs to stay in the region” 5
The Higher Education Component – A Crown Jewel • UTSA’s Center for Infrastructure Assurance and Security (CIAS) – Established 2001 – Certified by NSA as a Center of Academic Excellence in Information Assurance Education 2002 – Missions • Cyber Security Exercise Programs • Cyber Security Training • Cyber Defense Competitions – Governor’s Emerging Technology Fund • St. Mary’s St Mary s Center for Terrorism Law • OLLU InfoSec Program • ACCD and the Information Technology & Security Academy 6
Early Case Studies of Successes • WheelGroup Corporation – NetRanger: First commercial network intrusion detection technology – Acquired by Cisco Systems for $124m in February 1998 – First successful security firm liquidity event – Founders turned around and founded SecureLogix Corporation in San Antonio • Secure Network Consulting, Inc Consulting Inc., – Led by ex-Air Force and Trident Data Systems security consultants – Acquired by Axent Technologies, who subsequently were acquired by Symantec 7
Immediate Impact of Air Force Decision • Reaffirms what we know in San Antonio – Critical mass of talents, technologies, and higher ed framework – Elected officials and business leaders now acknowledge importance – Growing sense that this is an economic development opportunity for our community • 600+ new jobs – Air Force active duty and civilian positions – Indirect jobs via contracts • Immediate impact on DoD community perception • Increased interest in contractor community outside SA 8
The Possibilities Going Forward • Expand relocation of national contractors to San Antonio – SRC, SAIC, CSC, BAH, et. al. • Increase expansion of cyber security missions at: I i f b it i i t – NSA Texas – 24th AF – Other units • Expand of R&D contract dollars via the 24th AF – Replace the IW Battlelab? • Increase R&D and commercialization via UTSA and others – New commercial companies based on intellectual property spun out • Communicate to the world that we have are a cyber security leader • Pursue additional ETF opportunities P dditi l t iti 9
The ISSA Chapter – How it can Contribute • Current – Conducting educational meetings on security topics of interest – Networking via monthly meetings – Success stories… • Future (proposed) – Grow the next generation of security leadership in San Antonio – Help connect various security interests – cross pollination of security components in San Antonio – Increase profile of San Antonio via ISSA national – Attract higher profile speakers – Increase DoD presence! – Increase identification outside of the security community 10
Contact Information • John B. Dickson, CISSP – john@denimgroup.com – Twitter @johnbdickson www.denimgroup.com http://denimgroup.typepad.com/ p g p yp p 11

Recommended

ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press release
David Berkelmans
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press release
David Berkelmans
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
Shiva Bissessar
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
Agus Wicaksono
 
Minimizing cyber security risks – Digital Security School DSS380
Minimizing cyber security risks – Digital Security School DSS380Minimizing cyber security risks – Digital Security School DSS380
Minimizing cyber security risks – Digital Security School DSS380
Internews Ukraine
 
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceVirtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
College Development Network
 
ICO Presentation - Data Protection
ICO Presentation - Data ProtectionICO Presentation - Data Protection
ICO Presentation - Data Protection
NICVA
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRC
Dinesh O Bareja
 

Recommended

ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press release
David Berkelmans
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press release
David Berkelmans
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
Shiva Bissessar
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
Agus Wicaksono
 
Minimizing cyber security risks – Digital Security School DSS380
Minimizing cyber security risks – Digital Security School DSS380Minimizing cyber security risks – Digital Security School DSS380
Minimizing cyber security risks – Digital Security School DSS380
Internews Ukraine
 
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceVirtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
College Development Network
 
ICO Presentation - Data Protection
ICO Presentation - Data ProtectionICO Presentation - Data Protection
ICO Presentation - Data Protection
NICVA
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRC
Dinesh O Bareja
 
Mikie
MikieMikie
Mikie
MJBULLOCK01
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
XeniT Solutions nv
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
rrepko
 
Cyphra - Cyber Security
Cyphra - Cyber SecurityCyphra - Cyber Security
Cyphra - Cyber Security
NICVA
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
Andrew Bycroft
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
Benjamin Ang
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
Cyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityCyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on Security
Ina Luft
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
Benjamin Ang
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information Infrastructure
Dr David Probert
 
Personal cyber safety
Personal cyber safetyPersonal cyber safety
Personal cyber safety
Oladeinde Oluwakayode
 
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
Paul van Heel
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
Benjamin Ang
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityCSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber Security
Phil Agcaoili
 
Collateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisationsCollateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisations
PECB
 
IGPC Data Breach Planning braindump
IGPC Data Breach Planning braindumpIGPC Data Breach Planning braindump
IGPC Data Breach Planning braindump
James '​-- Mckinlay
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
Rama Reddy
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss Prevention
Gareth Niblett
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Compliance
ijtsrd
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
APNIC
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
vngundi
 

More Related Content

What's hot

Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
XeniT Solutions nv
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
rrepko
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
Cyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityCyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on Security
Ina Luft
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Compliance
ijtsrd
 

What's hot (20)

Mikie
MikieMikie
Mikie
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
 
Cyphra - Cyber Security
Cyphra - Cyber SecurityCyphra - Cyber Security
Cyphra - Cyber Security
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Cyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityCyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on Security
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information Infrastructure
 
Personal cyber safety
Personal cyber safetyPersonal cyber safety
Personal cyber safety
 
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityCSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber Security
 
Collateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisationsCollateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisations
 
IGPC Data Breach Planning braindump
IGPC Data Breach Planning braindumpIGPC Data Breach Planning braindump
IGPC Data Breach Planning braindump
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss Prevention
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Compliance
 

Similar to San Antonio Security Community

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
BCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_ProofBCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_Proof
Dominic Vogel
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
aletarw
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
Ulf Mattsson
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 

Similar to San Antonio Security Community (20)

Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Brochure - Jan 14
Brochure - Jan 14Brochure - Jan 14
Brochure - Jan 14
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7
 
SMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaSMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North America
 
The Cybersecurity Mess
The Cybersecurity MessThe Cybersecurity Mess
The Cybersecurity Mess
 
Fostering National Incident Response Capacity
Fostering National Incident Response CapacityFostering National Incident Response Capacity
Fostering National Incident Response Capacity
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
 
BCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_ProofBCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_Proof
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornSecuring Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 

More from Denim Group

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Denim Group
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
Denim Group
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team Sport
Denim Group
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Denim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
Denim Group
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
Denim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
Denim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
Denim Group
 

More from Denim Group (20)

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4J
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFix
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team Sport
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 

Recently uploaded

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 

Recently uploaded (20)

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 

San Antonio Security Community

  • 1. The San Antonio Security Community – Past, Present and Future John B. Dickson, CISSP
  • 2. Denim Group Background • Privately-held, professional services organization that builds secure software and mitigates risk of existing software • Takes a software-centric perspective on application security – All consultants regularly build software systems – Approach the problem of software security from a developers viewpoint – Secure development methodology used on all software builds • Solving the secure remediation challenge – The next “hard” problem in application security • Thought Leaders in Secure Development Practices – Developed Sprajax – First Open Source AJAX vulnerability scanner – Regular speakers at RSA, OWASP, CSI – OWASP National Leaders 1
  • 3. My Background • Ex-Air Force Officer – ESC, AFIWC, AFCERT • Entrepreneur • Security Practitioner y – Commercial Experience at Trident Data Systems, KPMG, SecureLogix, Denim Group • Founder and Former Chairman of SATAI & Past Chair of the North Chamber 2
  • 4. Cluster Theory and San Antonio’s Security Community • Michael Porter’s Cluster Theory of Economic Development – A Cluster: geographic concentration of competing and cooperating companies, suppliers, service providers and associated institutions • Sophisticated clusters produce an ecosystem of activity • Examples: – Silicon Valley semiconductor industry – Hollywood film industry • Cluster theory central to competitiveness 3
  • 5. The Springs from which much flowed… Emerging Security Community in San Antonio 4
  • 6. Cluster Theory and San Antonio’s Security Community • Economic analysis prepared by Silicon Valley think tank ICF Consulting led by Jim Gollub • Delivered in July 2000 for: – The City of San Antonio, Economic Development Department – San Antonio Technology Accelerator Initiative • Captured an “emerging cluster” of IT activity centered around information security • “In order for San Antonio to economically benefit from the wealth of competency in information security expertise, economic inputs must be aligned to make it advantageous for local entrepreneurs to stay in the region” 5
  • 7. The Higher Education Component – A Crown Jewel • UTSA’s Center for Infrastructure Assurance and Security (CIAS) – Established 2001 – Certified by NSA as a Center of Academic Excellence in Information Assurance Education 2002 – Missions • Cyber Security Exercise Programs • Cyber Security Training • Cyber Defense Competitions – Governor’s Emerging Technology Fund • St. Mary’s St Mary s Center for Terrorism Law • OLLU InfoSec Program • ACCD and the Information Technology & Security Academy 6
  • 8. Early Case Studies of Successes • WheelGroup Corporation – NetRanger: First commercial network intrusion detection technology – Acquired by Cisco Systems for $124m in February 1998 – First successful security firm liquidity event – Founders turned around and founded SecureLogix Corporation in San Antonio • Secure Network Consulting, Inc Consulting Inc., – Led by ex-Air Force and Trident Data Systems security consultants – Acquired by Axent Technologies, who subsequently were acquired by Symantec 7
  • 9. Immediate Impact of Air Force Decision • Reaffirms what we know in San Antonio – Critical mass of talents, technologies, and higher ed framework – Elected officials and business leaders now acknowledge importance – Growing sense that this is an economic development opportunity for our community • 600+ new jobs – Air Force active duty and civilian positions – Indirect jobs via contracts • Immediate impact on DoD community perception • Increased interest in contractor community outside SA 8
  • 10. The Possibilities Going Forward • Expand relocation of national contractors to San Antonio – SRC, SAIC, CSC, BAH, et. al. • Increase expansion of cyber security missions at: I i f b it i i t – NSA Texas – 24th AF – Other units • Expand of R&D contract dollars via the 24th AF – Replace the IW Battlelab? • Increase R&D and commercialization via UTSA and others – New commercial companies based on intellectual property spun out • Communicate to the world that we have are a cyber security leader • Pursue additional ETF opportunities P dditi l t iti 9
  • 11. The ISSA Chapter – How it can Contribute • Current – Conducting educational meetings on security topics of interest – Networking via monthly meetings – Success stories… • Future (proposed) – Grow the next generation of security leadership in San Antonio – Help connect various security interests – cross pollination of security components in San Antonio – Increase profile of San Antonio via ISSA national – Attract higher profile speakers – Increase DoD presence! – Increase identification outside of the security community 10
  • 12. Contact Information • John B. Dickson, CISSP – john@denimgroup.com – Twitter @johnbdickson www.denimgroup.com http://denimgroup.typepad.com/ p g p yp p 11