Viewing 2 current events matching “security” by Date.

Sort By: Date Event Name, Location , Default
Wednesday
Nov 8
CHIFOO Event: Now That’s Risky Business – Selling UX To The Security Techies
New Relic

CHIFOO presents "Now That’s Risky Business – Selling UX To The Security Techies" with Andrew Sweany, Tripwire!

Software for tech savvy system admins and security analysts doesn’t need to be easy to use, right? Wrong. Providing good software to the folks keeping our data safe is much more important than one click shoe shopping.

About the Speaker

Andrew (@andrewsweany) began as a Human Factors Engineer at Intel in 2000 and since that time has completed countless user research activities on a huge range of products (software, hardware, web/desk, tablet, & mobile) across the entire life cycle (from emerging concepts to well established enterprise and consumer products).

Come join CHIFOO for our eleventh and final speaker event for 2017's theme "Thriving in Chaos: Strategies for Good Design".

http://bit.ly/2imCE8Q

Website
Friday
Oct 20
Security BSides Portland
through Oregon Convention Center

Security BSides Portland 2017 is the 7th annual BSidesPDX!

The event is FREE, but register ahead of time to guarantee space: http://bsidespdx2017.eventzilla.net/ We have PCB badges, T-shirts (including women's sizes!), and bags to give away, but we will be giving them to donors first.

BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration. The Portland and greater Northwest information security community spans a broad spectrum of participation from CISOs, Fortune 100 company security experts, small business system admins, to independent security researchers.

Website

Viewing 180 past events matching “security” by Date.

Sort By: Date Event Name, Location , Default
Thursday
Jul 31, 2008
IP3's “Strategy to Reality: Don’t Look Back”
through Portland State University (PSU) - Smith Memorial Center

On July 31 & August 1, 2008, Portland State University is hosting IP3, Inc. for a comprehensive Information Assurance and Information Technology Security seminar. Ken Kousky, CISSP and CEO of IP3 (and former president of Wave Technologies, a NASDAQ publicly-traded company) will present “Strategy to Reality: Don't Look Back”, the nation’s leading IT security forum addressing issues on the cutting edge of compliance, information assurance, human capital and risk management. Go to http://www.ip3seminars.com to read our brochure.

During this two-day lecture style seminar for CEO's, Risk Management IT Executives, CPAs, Physical Security Professionals, IT Auditors, Forensic Specialists, IT professionals and students entering the IT field, you will learn about how the technologies, threats and deployment environments have changed, even since 2007.

Website
Thursday
Aug 21, 2008
From Pointy Hair to Curly Tie... Surviving Project Management
Online

This presentation will take a light-hearted approach to the challenges a QA Manager faces while illustrating techniques that can improve product quality and communication from management to testers.

Speaker Keith Meyer, Lab Director, nResult, Inc.

Thank you to our 2008 Series Sponsors: McAfee & nResult.

Website
Wednesday
Mar 18, 2009
CanSecWest
through

CanSecWest is a yearly computer security conference in Vancouver which focuses on new and applied research. It is perhaps most famous for the "pwn2own" competition which pits various vendor's software against each other with cash prizes for the first to be exploited.

Website
Thursday
Apr 23, 2009
NW ISSA Security Conference

The NW ISSA Security Conference is part of a continued ambitious community outreach program for ISSA-Oregon Chapter. The goal of our program is to provide decision makers, stakeholders, and professionals with the knowledge and understanding they need to more effectively secure their organization’s sensitive information and comply with emerging information privacy laws and regulations.

Travel budgets cut, but still want the professional development in 2009? Want 7 CPE Credit Hours for less than $65? Don’t miss this local, but quality conference for security

Topics for 2009 include:

  • Future Security Implications of Cloud Computing & Social Media
  • Botnets and the Army of Darkness
  • Windows 7.0 Sneak Peek
  • Implementing the SDL to Improve Organizations’ ROI
  • Leveraging e-Discovery to Keep Security Funding
  • Much more
Website
Friday
Sep 18, 2009
Building Systems That Enforce Measurable Security Goals
Galois, Inc

The next talk in the Galois Tech Seminar series:

[Note the Friday date, instead of the usual Tuesday slot!]

  • Date: Friday, September 18th, 2009
  • Title: Building Systems That Enforce Measurable Security Goals
  • Speaker: Trent Jaeger
  • Time: 10:30am - 11:30am
  • Location: Galois, Inc. 421 SW 6th Ave. Suite 300; Portland, OR 97204

For details (including an abstract and speaker bio), please see our blog post: http://www.galois.com/blog/2009/09/10/jaegermeasurablesecurit/

An RSVP is not required; but feel free to drop a line to [email protected] if you've any questions or comments.

Levent Erkok

Website
Tuesday
Jan 19, 2010
Portland OWASP Chapter Meeting
U.S. Bancorp Tower

We'll meet in the Morrison room on the third floor. Stop at the security desk up front if you have any problems, or give me a call (801-372-9378).

Travis Spencer has offered to give us a talk about SAML, federation, and identity.

For notices on future meetings, please sign up on the Portland OWASP mailing list (low volume): https://lists.owasp.org/mailman/listinfo/owasp-portland

Website
Thursday
May 6, 2010
InnoTech Oregon Technology Conference & Expo

InnoTech is the region's largest business to business technology conference and expo happening May 6. Over 1500 business and technology professionals will attend this year. Special events include the NW CIO Summit, NW ISSA Security Symposium, Microsoft Technology Symposium, eMarketing Summit, Mobile Track and much more.

Website
Thursday
Apr 21, 2011
NW ISSA Security Summit

Hosted by the ISSA – Portland Chapter, the NW ISSA Security Summit, held in conjunction with InnoTech Oregon, returns April 21st to the Oregon Convention Center. Join us for this one-day, in-depth conference that highlights the latest in the IT Security landscape. If you only go to one conference this year, make this the one!

The NW ISSA Security Summit will feature three (3) distinct conference tracks: 1) Business

2) Application Development

3) Technology

Each track will be comprised of top notch sessions from leading industry professionals. Whether you are an application developer, security manager, IT manager, engineer, auditors, CISO, CTO, Project Manager, or just simply interested in the security sector, the Summit is meaningful to you. Mark your calendars for April 21st and we’ll see you there! Go to www.nwsecuritysummit.com to REGISTER and more information.

Website
Tuesday
Aug 30, 2011
Galois Tech Talk: Leveraging Emerging Storage Functionality for New Security Services
Galois, Inc

Presented by Kevin Butler

The complexity of modern operating systems makes securing them a challenging problem. However, changes in the computing model, such as the rise of cloud computing and smarter peripherals, have presented opportunities to reconsider system architectures, as we move from traditional "stove-pipe" computing to distributed systems. In particular, we can build trustworthy components that act to provide security in complex systems.

This talk discusses how new disk architectures may be exploited to aid the protection of systems by acting as policy decision and enforcement points. We prototype disks that enforce data immutability at the block level on critical system data, preventing malicious code from inserting itself into system configuration and boot files. We then examine how storage may be used to ensure the integrity state of hosts prior to allowing access to data, and how such a design improves the security of portable storage devices. Using continual measurements of system state, we show through formal reasoning that such a device enforces guarantees that data is read and written while the host is in a good state. Finally, we discuss some recent initiatives to assure the identity of the host and identify future directions for exploring the interface between storage and operating system security.

Website
Friday
Nov 18, 2011
Microsoft IT Camp
Microsoft Portland

Join us for an informal event where the true agenda is up to you! The camp leader (Chris E. Avis - IT Evangelist/Microsoft) will lead off with a brief intro to the camp then open the floor up for discussion topics. We will then work through those topics until the end of the session (or until we just get tired of talking!).

This will be very interactive and works best with participation from everyone. We look forward to having you join us for this new informal event.

Website
Wednesday
Mar 14, 2012
CHIFOO presents: "Security *IS* a Game: Using the Blender Game Engine for Security" with Jeff Bryner $5
ISITE Design

SecViz.org is a great resource for security visualizations, but most suffer from a lack of interactivity. Completing kinectasploit for DEFCON19 made me realize the utility of game engines for interacting with security tools and security information. Jeff will start with a recap/encore performance of kinectasploit (http://p0wnlabs.com/defcon19), which uses gestures to drive a first-person shooter 3D game environment to break into computers on victim virtual machines. Then using the same technology, Jeff will walk through a couple scenes using standard corporate security data in a 3D, kinect-driven environment made possible by the blender game engine.

Kinect and gestures are two of the most prevalent game-changing technologies to affect user interfaces since the keyboard and mouse. Applying these tools to real-world data is challenging, fraught with pitfalls, and a heck of a lot of fun! Let’s discover the boundaries of current technology by pushing it until it fails!

Website
Thursday
May 3, 2012
InnoTech Oregon
Oregon Convention Center

Coming May 3rd, the 9th Annual InnoTech Oregon offers a unique opportunity for business and technology leaders to educate themselves about current trends and discover new, successful, innovative best practices. InnoTech focuses on the innovative uses of both mainstream and locally developed technologies to grow and enhance your business operations. More information is available at www.innotechoregon.com.

InnoTech is also hosting the NW CIO Summit & IT Executive of the Year Awards, NW ISSA Security Conference and the eMarketing Summit. See you there!

Website
Portland Linux/Unix Group: OpenBSD
PSU Maseeh Engineering Building

OpenBSD by Bryan Linton

OpenBSD is a free *nix-like operating system that focuses on security, correctness and developer freedom. With only two remote holes in the default install in over 10 years, OpenBSD has a reputation of being one of the most secure operating systems in common use.

This talk will present a basic overview of what OpenBSD is, and will heavily emphasize what its strengths are. It will also cover the various methods OpenBSD uses to remain secure.

With OpenBSD 5.1 arriving May 1st, we will also discuss some of its new features and improvements.

Many of us will go to the The Lucky Lab Northwest Beer Hall at 1945 NW Quimby after the presentation.

Website
Sunday
Jul 1, 2012
OWASP FLOSSHack - Ushahidi
Free Geek

FLOSSHack is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing.

This first ever FLOSSHack event will be focused on the Ushahidi platform. Stay tuned for more details in the coming weeks.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Thursday
Aug 2, 2012
Galois Tech Talk: Comprehensive Analysis of the Android Ecosystem
Galois, Inc

Presented by Iulian Neamtiu.

The relative novelty and rapid evolution pace of the Android ecosystem (platform, vendor-installed apps and third-party apps) means both the platform and apps receive little scrutiny. Hence there is a need for tools that assess, monitor and verify all components of the Android ecosystem. This lack of tools and scrutiny is particularly problematic when combined with the open nature of Google Play, the main app distribution channel.

In the first part of this talk we will focus on multi-layer profiling of Android apps using ProfileDroid, a tool and framework we developed at UC Riverside. ProfileDroid is useful for a variety of Android app analyses, from performance to usability to security. ProfileDroid monitors and correlates the behavior of an app at four layers: (a) static, or app specification (b) user interaction, (c) operating system, and (d) network layer. Using ProfileDroid on 27 free and paid Android apps, we have revealed: (a) discrepancies between the app specification and app execution, (b) free versions of apps could end up costing more than their paid counterparts, due to an order of magnitude increase in traffic, (c) most network traffic is not encrypted, (d) apps communicate with many more sources than users might expect.

In the second part of the talk we will present results from our long-term permission evolution study of the Android ecosystem---platform and 237 apps---over three years. We found that the platform has increased the number of dangerous permissions and does not move towards finer-grained permissions, and that app developers do not follow the principle of least privilege. We will also briefly discuss our efforts with static information flow tracking for Android apps, as well as building a log-and-replay system for Android.

Website
Wednesday
Aug 22, 2012
OWASP Chapter Meeting
Portland State University Fourth Avenue Building (FAB)

Double Feature! For this chapter meeting, we have two protocol-oriented talks at PSU. Basic refreshments will be provided.

Kevin P. Dyer presents:
What Encryption Leaks and Why Traffic Analysis Countermeasures Fail

As more applications become web-based, an increasing amount of client-server interactions are exposed to our networks and vulnerable to Traffic Analysis (TA) attacks. In one form, TA attacks exploit the lengths and timings of packets in a protocol's flow to infer sensitive information about communications. In the context of encrypted HTTP connections, such as HTTP over SSH, this means an adversary can determine which website a user is visiting. In the context of a specific web application, an adversary can determine user input by viewing only a few client-server interactions.

Recent advances in the application of Machine Learning tools demonstrate that TA attacks are possible despite industry-standard encryption such as TLS, SSH or IPSec. What is more, even if a protocol uses stronger countermeasures, such as fixed-length per-packet padding, this incurs significant overhead but only provides limited security benefit. These types of security vs. efficiency trade-offs are of immediate concern to security-aware applications such as Tor, and performance-sensitive application features such as Google Search Autocomplete.

In this talk, Kevin will address the state-of-the-art TA attacks and proposed countermeasures in the context of network and web application security. Most importantly, he will discuss open problems in this area and why a general-purpose TA countermeasure remains elusive.

Timothy D. Morgan presents:
HTTPS, Cookies, and Men-in-the-Middle: Why You Shouldn't Allow Marketing Departments to Design Your Security Protocols

Login session management in modern web applications is largely dominated by use of HTTP cookies. However, HTTP cookies were never designed for secure applications, which has led to a significant number of protocol security problems.

In this talk, Tim will start with a brief background on why HTTP cookies are a poorly-conceived mechanism to begin with, and continue with a discussion of how this impacts security. He will describe several lesser-known cookie-based session management problems that remain wide spread and allow for session hijacking through a variety of clever attacks.


Kevin P. Dyer is a PhD student at Portland State University. His research focuses on building protocols that are resistant to Traffic Analysis attacks. Prior to his academic life, Kevin worked as an engineer on various projects in telecommunications security, web security and network security. Kevin holds an MSc in the Mathematics of Cryptography and Communications from Royal

Holloway, University of London, and a BS in Computer Science and Mathematics from Santa Clara University.

Timothy D. Morgan is a consultant at Virtual Security Research, LLC (VSR). As an application security specialist and digital forensics researcher, Tim has been taking deep technical dives in security for over a decade. Tim resides in Oregon and works at VSR where he helps to secure his customers' environments through penetration testing, training, and forensics investigations. His past security research has culminated in the release of several responsibly disclosed vulnerabilities in popular software products. Tim also develops and maintains several open source digital forensics tools which implement novel data recovery algorithms.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Friday
Nov 9, 2012
Security BSides Portland
through Jupiter Hotel

An Information Security conference by the community for the community. It's free to attend and we rely on sponsorship to pay for the venue and other costs. Come mingle with local people interested in cutting edge information security topics to share and learn.

Website
Thursday
Dec 13, 2012
OWASP Chapter Meeting
Collective Agency Downtown

Matthew Lapworth will present a talk on static code analysis.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Chapter meetings are free and open to the public.

Wednesday
Jan 9, 2013
OWASP - How to (FLOSS)Hack
Collective Agency Downtown

Join us for a How to (FLOSS)Hack tutorial, which will introduce several common classes of web application vulnerabilities such as XSS, SQL injection, and XML External Entities flaws. The goal of the session is to bring novice FLOSSHack participants up to speed on how to identify new vulnerabilities that are likely to appear in the target software for this week's FLOSSHack. FLOSSHack is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing.

NOTE: For best results, please bring a laptop to participate in the hands-on exercises.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Sunday
Jan 13, 2013
OWASP - FLOSSHack Returns
Free Geek

FLOSSHack is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing.

The target software for this FLOSSHack event is OpenMRS. For more info, see the event page.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
Apr 30, 2013
Galois Tech Talk: Hardware Security's Hierarchy of Attacks
Galois, Inc

Presented by Joe FitzPatrick.

Generally, there is a very low barrier to entry when it comes to software or network-based attacks due to the fact that actual costs are minimal and most resources are readily available. This does mean that it's generally much easier to attack the software of a system than the hardware, but unfortunately that also leads to overconfidence in, as well as misplaced trust in hardware.

There is a clear 'hierarchy of attacks' in the hardware world. There are costs, often significant, involved in acquiring your hardware 'target' which might be damaged or destroyed in the process. There are a number of useful tools that cost anywhere from a few dollars to a few million dollars. I'll give a couple examples of what's possible within budgets of $100, $10,000, and $1,000,000. I'll point out how many capabilities are much more accessible than most assume, and how vulnerable to sub-$100 attacks most of our 'secure' hardware really is.

Website
Thursday
May 9, 2013
Office 365: The New Office and Rights Management
Microsoft Portland Office (Pearl District)

Topic: Compliance in the Cloud

Looking to learn about how to use the "New Office" – Microsoft Office 365? Concerned with security and compliance? This workshop will focus specifically on the security trust and compliance features included in the new Office 365. At the end of this session, you will be more familiar with its various capabilities and understand how the service uses litigation hold techniques to manage compliance archives and document searches.

At this workshop, we will cover the following topics:

Office 365

  • What is the Office 365 family of products?
  • How does Office 365 licensing work?
  • Business view on using Office 365
  • On-site ROI vs. cloud ROI

Collaboration

  • How you collaborate in the cloud
  • Demonstration: How to use Office 365 collaboration tools

Office 365 Security

  • Office 365 trust and security
  • How do archives work?
  • What is legal hold?

Using Office 365 to protect your business

  • Rights Management Services
  • Document archive - how it works
  • Office 365 encryption options
  • Demonstration: Rights Management Services in Microsoft Outlook

Document discovery

  • How document discovery works
  • SharePoint document discovery site
  • Sampling emails for compliance review
  • Demonstration: Integrated Document Discovery site

Next steps

  • Summary of Office 365 features
  • Moving to Office 365
  • Office 365 Migration offer

Featured Products Business Productivity Online Suite, Lync Online, Microsoft Exchange Online, Office 365, Office Web Apps, Online Services, SharePoint 2013, SharePoint Online

Recommended Audiences Business decision makers, C-level executives, information workers, technical decision makers, etc.

About the Host, KAMIND Inc.
KAMIND Inc. (KAMIND) is an information technology (IT) cloud consultant specializing in Microsoft Office 365 and Windows Intune software. Using these cloud-based services, KAMIND helps organizations refocus their IT resources on projects that generate true business value, reducing overall IT service costs and increasing employee productivity. As a Tier 3 Microsoft Cloud Accelerate Partner and a Black Belt Windows Intune specialist, KAMIND has more than 3,500 seats deployed in more than 250 customer locations.

KAMIND deploys scalable solutions that give each user the flexibility to utilize the cloud in his or her own way. And by integrating these cloud services with an on-site Microsoft Volume License, KAMIND can further leverage Microsoft solutions to improve efficiency and operations and reduce the cost of doing business.

In addition to Microsoft products and services, KAMIND also publishes educational material and hosts frequent seminars to teach local businesses and entrepreneurs about how to access data in the cloud.

http://www.kamind.net

Website
Office 365 – The New Office and Rights Management
Microsoft Portland Office (Pearl District)

Topic: Collaboration in the Cloud

Looking to learn about how to use the "New Office" – Microsoft Office 365? Concerned with security and compliance? This workshop will focus specifically on the security trust and compliance features included in the new Office 365. At the end of this session, you will be more familiar with its various capabilities and understand how the service uses litigation hold techniques to manage compliance archives and document searches.

At this workshop, we will cover the following topics:

Office 365

  • What is the Office 365 family of products?
  • How does Office 365 licensing work?
  • Business view on using Office 365
  • On-site ROI vs. cloud ROI

Collaboration

  • How you collaborate in the cloud
  • Demonstration: How to use Office 365 collaboration tools

Office 365 Security

  • Office 365 trust and security
  • How do archives work?
  • What is legal hold?

Using Office 365 to protect your business

  • Rights Management Services
  • Document archive - how it works
  • Office 365 encryption options
  • Demonstration: Rights Management Services in Microsoft Outlook

Document discovery

  • How document discovery works
  • SharePoint document discovery site
  • Sampling emails for compliance review
  • Demonstration: Integrated Document Discovery site

Next steps

  • Summary of Office 365 features
  • Moving to Office 365
  • Office 365 Migration offer

Featured Products:

Business Productivity Online Suite, Lync Online, Microsoft Exchange Online, Office 365, Office Web Apps, Online Services, SharePoint 2013, SharePoint Online

Recommended Audiences:

Business decision makers, C-level executives, information workers, technical decision makers, etc.

About the Host, KAMIND Inc.

KAMIND Inc. (KAMIND) is an information technology (IT) cloud consultant specializing in Microsoft Office 365 and Windows Intune software. Using these cloud-based services, KAMIND helps organizations refocus their IT resources on projects that generate true business value, reducing overall IT service costs and increasing employee productivity. As a Tier 3 Microsoft Cloud Accelerate Partner and a Black Belt Windows Intune specialist, KAMIND has more than 3,500 seats deployed in more than 250 customer locations.

KAMIND deploys scalable solutions that give each user the flexibility to utilize the cloud in his or her own way. And by integrating these cloud services with an on-site Microsoft Volume License, KAMIND can further leverage Microsoft solutions to improve efficiency and operations and reduce the cost of doing business.

In addition to Microsoft products and services, KAMIND also publishes educational material and hosts frequent seminars to teach local businesses and entrepreneurs about how to access data in the cloud.

http://www.kamind.net

Website
Tuesday
Jul 2, 2013
OWASP Chapter Meeting
Portland State University Fourth Avenue Building (FAB)

Kevin P. Dyer presents:

P0wning DPI with Format-Transforming Encryption

Deep packet inspection (DPI) technologies provide much-needed visibility and control of network traffic using port- independent protocol identification (PIPI), where a network flow is labeled with its application-layer protocol based on packet contents. In many cases PIPI can be used for good. As one example, it allows network administrators to elevate priority of time-sensitive (e.g., VoIP) data streams. In other cases PIPI can be used for harm, nation-states employ PIPI to block censorship circumvention tools such as Tor. There are many ways to perform PIPI, however, at the core of nearly all modern PIPI systems are regular expressions --- an expressive tool to compactly specify sets of strings.

In this talk, Kevin reviews the state-of-the-art research on the capabilities of state-level DPI, then presents a novel cryptographic primitive called format-transforming encryption (FTE.) An FTE scheme, intuitively, extends conventional symmetric encryption with the ability to transform the ciphertext into a user-defined format using regular expressions. An FTE-based record layer will be presented that can encrypt arbitrary TCP traffic and coerce modern DPI systems into misclassifying any data stream as a target protocol (e.g., HTTP, SMB, RSTP, etc.) of the user's choosing. What's more, this work is not only theoretical in nature --- an open-source FTE prototype is publicly available and has had success in subverting modern DPI systems, including the Great Firewall of China.

PSU is kindly providing coffee, tea, and cookies for us.


Kevin P. Dyer is a PhD student at Portland State University. His research focuses on building protocols that are resistant to traffic-analysis attacks and discriminatory routing policies.. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science and Mathematics from Santa Clara University.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Thursday
Jul 11, 2013
Portland Linux/Unix Group: Physical Security and Surveillance
PSU Maseeh Engineering Building

Steve Pasco will be discussing many aspects of physical security and the realities of our emerging surveillance culture.

Steve is a seasoned Telecommunications and security professional, with more than 27 years experience, capable of managing and maintaining operational oversight of global, enterprise wide facilities and security command and control centers. Proficient in establishing policies, procedures, standards, and personnel training programs. A Telecommunications security expert in CALEA and J-STD-25 protocols. Expert in Security Systems, Access Control, Alarm Monitoring Video Surveillance, Asset Monitoring, Tracking and Protection. Operational experience in running 24/7 Command Control and Communications system with emphasis on Intelligence (C3I).

Many will head to the Lucky Lab NW after the meeting

Website
Monday
Jul 15, 2013
Portland's Techno-Activism 3rd Monday
Puppet

Note: This event is free but please RSVP at http://ta3m-pdx-2.eventbrite.com

What is it?

This is the second Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation will organize this and future TA3M Portland events. Puppet Labs is generously providing space.

Event Description

We're excited to have Kees Cook chat with us this month. He will most likely be talking about digital surveillance and physical privacy. A little more about him: Kees Cook has been working with Free Software since 1994, and has been a Debian Developer since 2007. He is currently employed by Google to work on Chrome OS Security. From 2006 through 2011 he worked for Canonical as the Ubuntu Security Team's Tech Lead, and remains on the Ubuntu Technical Board. Before that, he worked at OSDL where he helped admin the mirrors at kernel.org, and sometimes hacked on Inkscape. He has written various utilities including GOPchop and Sendpage, and contributes randomly to other projects including fun chunks of code in Wine, MPlayer, OpenSSH,and Wireshark. He's been spending most of his time lately focused on security features in the Linux Kernel.

Website
Tuesday
Jul 30, 2013
CryptoParty PDX
Theo's Restaurant

CryptoParty is a grassroots global endeavour to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, TrueCrypt, Linux, and virtual private networks to the general public.

This is a free skill-sharing event with other Cryptography and Privacy technology experts, working along side and sharing information with people new to Crypto and Privacy.

Everyone is welcome regardless of experience, bring a Laptop if you have one, if not, bring a USB thumbdrive, a pen and a pad of paper.

If you want to learn about how to encrypt your files and communicate securely, this is the event to come to!

Look for the people with laptops.

Website
CryptoParty PDX
Theo's Restaurant

CryptoParty is a grassroots global endeavour to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, TrueCrypt, Linux, and virtual private networks to the general public.

This is a free skill-sharing event with other Cryptography and Privacy technology experts, working along side and sharing information with people new to Crypto and Privacy.

Everyone is welcome regardless of experience, bring a Laptop if you have one, if not, bring a USB thumbdrive, a pen and a pad of paper.

If you want to learn about how to encrypt your files and communicate securely, this is the event to come to!

Look for the people with laptops.

Website
Sunday
Aug 18, 2013
CryptoParty PDX
Lucky Labrador Brew Pub

CryptoParty is a grassroots global endeavour to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, TrueCrypt, Linux, and virtual private networks to the general public.

This is a free skill-sharing event with other Cryptography and Privacy technology experts, working along side and sharing information with people new to Crypto and Privacy.

Everyone is welcome regardless of experience, bring a Laptop if you have one, if not, bring a USB thumbdrive, a pen and a pad of paper.

If you want to learn about how to encrypt your files and communicate securely, this is the event to come to!

Look for the people with laptops.

Website
Monday
Aug 19, 2013
Portland's Techno-Activism 3rd Monday
Puppet

This event is free, but please RSVP: http://ta3m-pdx-3.eventbrite.com/

What is it?

This is the third Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation will organize this and future TA3M Portland events. Puppet Labs is generously providing space. The folks at OpenITP are providing refreshments.

Event Description

Steve Mancini will be speaking with us about "The impact of disruptive innovation and privacy on your average hair stylist". A bit about him: After spending way too many years and dollars pursuing college degrees, Steve Mancini eventually had to enter the real world. A trek from the East coast to the West coast landed him a job in large corporation out in the burbs and after a decade+ of working there he has learned a thing or two about computer security, hacking, forensics, and incident response. He’s worn many hats and titles; his current is Harbinger of Doom (no really, it is on his business card).

Demo time! After the talk/Q&A, we will reserve time for folks to demo their favorite security/privacy tech tool. If you would like to be be a demoer, please let us know at [email protected], and we will work you into the schedule.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Aug 27, 2013
RainSec
Lucky Labrador Beer Hall

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Website
Friday
Sep 6, 2013
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's (5th and Couch in between backspace and someday) from around 7pm to midnight. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
Sep 12, 2013
Application Security using OWASP
Thetus Corporation

EVENT INFORMATION

Application security is a moving target, but the Open Web Application Security Project (OWASP) is here in Portland to help you write and deploy applications securely. Speakers James Bohem and Tim Morgan will walk you through all of the free resources made available by OWASP to developers, application architects, and information security professionals.

As an example of how OWASP can help, we'll present some of the finer points of secure web session management, covering the variety of attacks on SSL-protected web traffic if sites are not configured properly. We'll touch on cookies, state management, SSL and some common problems and solutions.

Q&A will follow. Pizza and beverages will be served.

SPEAKER INFORMATION

James Bohem manages the security program at WebMD Health Services, which includes a large web-based application with millions of users, as well as other security technologies and risk management for a 400+ person division of WebMD in Portland. James has 15 years in security consulting with a focus on application security, design and technical compliance with a range of regulations and standards. In addition, he has experience developing large distributed applications, microkernels, the UNIX kernel, and international software systems for open systems.

Tim Morgan has been taking deep technical dives in security for over a decade as an application security specialist and vulnerability researcher. Tim resides in Oregon and works as VSR where he helps to secure his customers' environments through penetration testing, training and forensic investigations. Tim also develops and maintains several open source digital forensics tools, including Bletchley, an application cryptanalysis toolkit.

Website
Monday
Sep 16, 2013
Portland's Techno-Activism 3rd Monday
Puppet

This event is free, but please RSVP: http://ta3m-pdx-4.eventbrite.com/

What is it?

This is the third Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation will organize this and future TA3M Portland events. Puppet Labs is generously providing space. The folks at OpenITP are providing refreshments.

Event Description

Current Events - Research something that happened in the last month that is of interest to TA3M folk, then email [email protected] to be put on the schedule. These should be very short but informative updates.

  • Did we find out that all web cryptography is broken? -- Sean McGregor

Talk by Steve Wyshywaniuk! - Steve is co-founder of Small World News, an organization dedicated to helping people around the world tell better stories through media. For the last seven years he has worked in Afghanistan, Iraq, Egypt, Tunisia, as well as remotely with teams in Libya and Mexico to create content for international audiences. He has a life long passion for using technology as well as a formal education in film and media arts.

Steve will be sharing his experience of what works and fails from a technological and social perspective, and how he and his colleagues are putting their efforts into StoryMaker, an open source android app so that anybody can learn how to create great content.

Demo time! After the talk/Q&A, we will reserve time for folks to demo their favorite security/privacy tech tool. If you would like to be be a demoer, please let us know at [email protected], and we will work you into the schedule.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Sep 24, 2013
RainSec
Madison's Grill (Closed)

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Website
Friday
Sep 27, 2013
Security Bsides Portland 2013
Refuge PDX

ABOUT THE EVENT Each Security BSides event is a community-driven framework for building events for and by information security community members. The goal is to expand the conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Last year's event was a great success that surpassed our expectations. Don't miss the 3rd year of this awesome event!

THE PORTLAND TAKE A gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the infosec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration. The Portland and greater Northwest information security community spans a broad spectrum of participation from CISOs, Fortune 100 company security experts, small business system admins, to independent security researchers.

A DIFFERENT KIND OF EVENT BSides Portland will have a variety of activities to provide an opportunity to network and meet other like-minded individuals. Some of the activities include: Technical and business presentations – our only requirement is that they are engaging and fun! Networking lunch Researcher Demos and community driven information exchange (lockpicking, hardware hacking, and more).

Registration opens at 8am

Website
Friday
Oct 4, 2013
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's (5th and Couch in between backspace and someday) from around 7pm to midnight. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Monday
Oct 21, 2013
Portland's Techno-Activism 3rd Monday
Lucky Labrador Brew Pub

This event is free, but please RSVP: http://ta3m-pdx-5.eventbrite.com/

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation will organize this and future TA3M Portland events. We will host the event at Lucky Lab SE. The folks at OpenITP are providing refreshments.

Event Description

Current Events - Research something that happened in the last month that is of interest to TA3M folks, then email [email protected] to be put on the schedule. These should be very short but informative updates.

Chat! This meeting will be more informal, and a time to chat about the current events related to Techno-Activism, and ideas for future meetings.

Next month - We will be at our usual location in Puppet Labs with Logan Kleier from Portland's government, to talk about the intersection of technology and policy.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Oct 29, 2013
RainSec
Madison's Grill (Closed)

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Website
Wednesday
Oct 30, 2013
OWASP Chapter Planning Meeting
Brix Tavern

This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.

Please RSVP if you plan on showing up. Just shoot an email to

( tim DOT morgan AT owasp DOT org )

Some of the topics we expect to discuss at this meeting:

  • Chapter meetings
  • FLOSSHack events
  • Local/regional conferences and training events
  • Approaches to sponsorship
  • Long term group leadership and governance
  • YOUR ideas

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Friday
Nov 1, 2013
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's (5th and Couch in between backspace and someday) from around 7pm to midnight. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Monday
Nov 18, 2013
(CANCELLED) Portland's Techno-Activism 3rd Monday
Puppet

Due to an emergency, our speaker for this evening cannot make the event. Since so many events are happening in Portland this evening, we recommend you look at the other events on Calagator


This event is free, but please RSVP: http://ta3m-pdx-6.eventbrite.com/

Event Description

Talk by Logan Kleier Talk by Logan Kleier - Logan is the chief information security and privacy officer for the City of Portland. Prior to this role, he worked in the private sector in a variety of product management and marketing roles for software and telecommunications companies. He has a Bachelors of Arts in history and political science and a Masters in public policy from Georgetown University.

The presentation presents a framework to aid government decision makers in the publication of various data sets. While government data is generally presumed to be a public record, this presentation will talk about use cases where it is not as well as grey areas where the law and public sentiment differ on notions of what government data is and isn't private.

What is it?

This is the fifth Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation will organize this and future TA3M Portland events. Puppet Labs is generously providing space.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Nov 26, 2013
RainSec
Madison's Grill (Closed)

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Website
Thursday
Dec 12, 2013
ISSA Portland Holiday Meeting
Embassy Suites Portland-Washington Square Ambassador South Ballroom

Please register to attend the event online: http://www.eventbrite.com/e/issa-portland-holiday-party-tickets-8163746987

When: Thursday, December 12, 2013 from 3:30 to 7:30 (PST)

Location: Embassy Suites Portland-Washington Square Ambassador South Ballroom 9000 SW Washington Square Rd. Tigard, Oregon. 97223

Presentation: Considerations of a Mature Vulnerability management Program In this presentation, Jesika McEvoy with Rapid7 will address best practices for standing up an effective vulnerability management program. Key questions like the following will be answered:

  • What are the roles/responsibilities that are needed to do vulnerability management?
  • What kind of timelines are reasonable in terms of expectations for remediation of a vulnerability after a scanner finds it? Are there industry best practices?
  • When a vulnerability is found that cannot be directly remediated via a patch or configuration change, what should a company do? Are there best practices for various types of mitigating controls that should be considered? What is the role for risk acceptance, and how should risk acceptance be documented and periodically reviewed?
  • How can organizations take the results from traditional network vulnerability scanners, and manual penetration testing engagements from third parties, and static/dynamic application security testing (for example: Veracode) results and manage them all in a comprehensive vulnerability management program.

Cost: $10 (member) / $15 (non-member) / $20 (at-the-door)

CPEs: ISSA meeting are appropriate for CPE credit. The chapter maintains proof of attendance for members but it is the members responsibility to ensure that these CPE's are credited to their respective accounts.

Website
HIPAA Compliance & the Cloud
Brix Tavern

Join EasyStreet and Coalfire for appetizers, beverages and an informal discussion of today's IT security challenges for healthcare organizations.

Our presentation will be under an hour, leaving ample time for meaningful conversation.

Discussion topics:

  • The Omnibus Rule. What you're now legally required to do
  • Distributed Compliance Responsibility. How to identify which compliance pieces belong to you and which belong to your Cloud vendors
  • Managing HIPAA compliance across all players. How to create a strong Business Associates Agreement and manage your Cloud vendors to it
  • The New HIPAA IT Solutions Set. A snapshot of contemporary technologies used to effectively manage HIPAA security to mitigate risk and ensure compliance

Presenters:
Adam Shnider, Managing Director, Coalfire NW Region
Coalfire is a nationally recognized leader in IT compliance with more than 4,000 assessments, including hundreds for healthcare-related organizations. Their expertise extends beyond healthcare providers to include associated financial institutions and service providers that fall under newly implemented regulations.

Steve Knipple, CTO, EasyStreet
Founded in 1995, EasyStreet delivers Cloud Infrastructure, Data Center and Managed Security services to customers running critical IT systems with regulatory requirements including HIPAA and PCI.

The event is free, but space is limited so please RSVP today.

Website
Friday
Jan 3, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's (5th and Couch in between backspace and someday) from around 7pm to midnight. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Monday
Jan 6, 2014
OWASP Chapter Meeting
New Relic

Stephen A. Ridley will be presenting on the vulnerability of mobile applications

UPDATE: New Relic will be providing pizza for attendees. Yum.



Stephen A. Ridley is a security researcher and author with more than 10 years of experience in software development, software security, and reverse engineering. Within that last few years, he has presented his research and spoken about reverse engineering and software security research on every continent except Antarctica. Stephen and his work have been featured on NPR and NBC and in Wired, Washington Post, Fast Company, VentureBeat, Slashdot, The Register, and other publications. Prior to his current work Mr. Ridley previously served as the Chief Information Security Officer of a financial services firm. Prior to that, various information security researcher/consultant roles including his role as a founding member of the Security and Mission Assurance (SMA) group at a major U.S. Defense contractor where he did vulnerability research and reverse engineering in support of the U.S. Defense and Intelligence community. Mr. Ridley calls Portland home and was a recent speaker at the Chaos Communication Congress in Hamburg.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Monday
Jan 20, 2014
Portland's Techno-Activism 3rd Monday
Flux - Plastic Fantastics

This event is free, but please RSVP on Eventbrite (linked above)

Event Description

We plan to do a hands-on meetup, where you will get to learn how to use the internet anonymously using Tor, VPN, etc.

Have a preference about what you want to learn? Want to lead a group in teaching a method? Email us a [email protected] and we'll add you to the agenda.

What should I bring?

  • A willingness to learn or to teach
  • A laptop. If you don't have one, let us know and we can try to scrounge up an extra one for you.
  • A current news story that you want to discuss with the group related to privacy/security/surveillance/censorship (optional)

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

Flux has generously offered to host this month's meetup. Be sure to read their code of conduct (below) before coming to the event. This will ensure that everyone has a great, safe time. The Privly Foundation will organize this and future TA3M Portland events. There will be light refreshments provided.

Flux's Code of Conduct

  1. We are present, awake, and sober.
  2. We listen non-judgmentally to ourselves and to everyone else.
  3. We make mistakes: everything that happens in this space is part of a learning experience.
  4. We speak only out of and about our personal experience and understanding.
  5. When faced with a choice between being curious and being defensive, we choose to be curious.
  6. We clean up after ourselves.
  7. We make things here and consume things elsewhere.
  8. We spend some of our free time here, not most or all of it.
  9. We treat one another as the other would like to be treated. If we don’t know how, we ask.
  10. We respect each others’ personal space and possessions. Specifically, we check in before touching someone or their belongings.
  11. We respect each others’ consent and boundaries. Yes means yes, no means no, maybe means no, and silence is not consent. We accept “no”s without arguing, and say “yes” when we mean yes.
  12. We respect chosen names, pronouns, and genders. If we don’t know how, we ask.
  13. We act from an assumption of mutual respect and good will. We clarify misunderstandings and apologize for harm caused. We assume ignorance and not malice.
  14. We watch out for each other to maintain a respectful and safe community. If we don’t know how, we ask. 15.When people’s conduct falls short of these agreements, we speak with them one-on-one. If matters don’t improve, we address the issue in a small group. If matters still don’t improve after three discussions, we might ask you to leave the space. As a last resort, we may vote to dissolve your membership.

Upcoming Privacy Retreat

Are you passionate about privacy-enhancing technologies? Join us for a Privacy Technology Retreat Februrary 7-10th in Southern Oregon. For more information, please see our latest blog post.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Jan 28, 2014
RainSec
Madison's Grill (Closed)

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Friday
Feb 7, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Monday
Feb 17, 2014
Portland's Techno-Activism 3rd Monday
Mozilla

This event is free, but please RSVP on Eventbrite (linked above)

Event Description

Encryption can be easy! In this meet up we will teach you the basics of encrypting your content, then we will concentrate on making it easy for you to use crypto with **your** environment. Once we help you through the hard part, you'll be able to encrypt messages at home safely without frustration. This is a hands-on meetup with PGP.

Have a preference about what you want to learn? Want to lead a group in teaching a method? Email us a [email protected] and we'll add you to the agenda.

What should I bring?

  • A willingness to learn or to teach
  • A laptop. If you don't have one, let us know and we can try to scrounge up an extra one for you.
  • A current news story that you want to discuss with the group related to privacy/security/surveillance/censorship (optional)

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

Mozilla has generously offered to host and pay for catering. The Privly Foundation organizes the event. Nicholas Restaurant will be providing party platters of hummus, meat grape leaves, and more!

Code of Conduct

Please review our code of conduct before attending the event to ensure a safe and welcoming time for all.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Feb 25, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Friday
Mar 7, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
Mar 13, 2014
Interface Portland Security Conference
Oregon Convention Center

It’s critical to stay current with the technology that runs your organization and secures your operational infrastructure. INTERFACE addresses these IT issues through informative, non-sales oriented, educational seminars customized to the specific needs of the local business community. Using case studies and best practice examples, these exhibitor-presented sessions offer you the solutions needed to address your technology challenges and achieve your organizational goals.

Website
Monday
Mar 17, 2014
Portland's Techno-Activism 3rd Monday
Galois, Inc

This event is free, but please RSVP on Eventbrite (will be linked above)

Event Description

Introducing TA3M Drink and Draw! We are planning a fun hands-on meetup. You will get to work with a team to discuss privacy, security, anti-surveillance, and anti-censorship topics and communicate your ideas through doodling! Each discussion group will work together to create a hand-drawn poster related to TA3M topics. This is a time to network with other individuals interested in these topics, and provides a fun way to express your ideas and concerns. We will do our very best to make sure beverages of all sorts (alcoholic and not) are available to get those creative juices flowing.

After the Drink and Draw session, we invite attendees to join us for social time at a nearby bar/restaurant.

Have a preference about what you want to learn? Want to lead a group in teaching a method? Email us a [email protected] and we'll add you to the agenda.

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation organizes the event. Galois is generously providing space for the event.

Code of Conduct

Please review our code of conduct before attending the event to ensure a safe and welcoming time for all.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Thursday
Mar 20, 2014
Open Source Security ISSA Portland Symposium
Nike ED1 Air Max 360 Building

Join ISSA for a special half-day symposium on the topic of Open Source Security. This will be the second symposium format event sponsored by ISSA this year (following up on the very successful Incident Response symposium held in October).

When: Thursday, March 20, 2014 - Doors open at 8:30AM. The event will end at 1:30PM. Lunch will be provided.

Agenda: 8:30 - Doors open and networking 9:00 - 10:30 - Eyes Wide Open: Open Source Network Security Monitoring with Bro and Time Machine 10:40 - 11:30 - Using Open Source Tools to Accomplish SANS Top 20 11:40 - 12:30 - The Open Nature of Security Intelligence 12:30 - 1:30 - Lunch and networking opportunity

Location:
Thank you to our colleagues at Nike for hosting this symposium on the west side. The event will be held at the ED1 Air Max 360 Building; The address is 15475 SW Koll Parkway. Note that this is not the “main” Nike campus, but is nearby. There is plenty of parking, and the ISSA event will be held on the first floor. We will have a check-in desk visible for visitors.

Presentations: This symposium will feature several intriguing and educational presentations by experts in the area of Open Source Security. Speakers will explore specific skills that security practitioners can take away in terms of using open source tools to achieve security, as well as provide an overview of where open source tools fit in with the commercial products in the marketplace.

See EventBrite page for full presentation descriptions

Price:
The symposium is subsidized by chapter memberships and sponsors. A nominal fee of $10 (member) / $15 (non-member) / $20 (at-the-door) will be charged.

CPEs: The chapter maintains proof of attendance for members but it is the members responsibility to ensure that these CPE's are credited to their respective accounts. This symposium will offer between 3-4 CPE hours.

Website
HiMSS Oregon - Lunch and Learn "BYOD/Mobility - Best Practices within Health Delivery Systems"
Providence (St. Vincent’s) East Pavilion – Souther Auditorium

With the explosive growth of Smart Phones, Tablets and other mobile devices, Healthcare Delivery Systems (HDS) have to offer accessibility to both patients and practitioners. Mobility and support of a “Bring Your Own Device” (BYOD) environment have become increasingly necessary as we move into the digital industrial economy. Gartner predicts that Digital incompetence will cause a quarter (25 percent) of businesses to lose their market position by 2017. In the hyper-competitive HDS landscape, Hospitals have to offer more flexibility for access to both their external and internal customers to remain relevant and avoid losing market share.

This interactive panel discussion will focus on the challenges that Healthcare Delivery Systems face with these changes. This will include topics ranging from security issues, demands on the network, patient privacy, potential breach of data, and increased financial risk. The panel will discuss best practices within the clinical environment and the infrastructure required to serve the needs of the users, as well as protect the patient information.

Distinguished Panelists Include:

NAME: Michael Boyd TITLE: Chief Information Security Officer, Providence Health & Services

Mike Boyd’s background includes security engineering and risk management work in the fields of media and entertainment, insurance and financial services, higher education and more than a decade working in healthcare information security and risk management.

Mike has been with Providence Health & Services for more than six years and currently serves as the Chief Information Security Officer. Providence is a not-for-profit Catholic healthcare system that includes 32 hospitals, more than 350 physician clinics, senior services, supportive housing and many other health and educational services. Providence employs more than 64,000 people across five states – Alaska, California, Montana, Oregon and Washington. Mike’s responsibilities include oversight of information security risk assessment, security incident management, and integration of security risk management within Providence’s environment including information technology, supply chain, revenue cycle, human resources and healthcare operations. Previously Mike served as the Information Security Officer for Oregon Health & Science University and oversaw the security engineering team at Pacific Life Insurance. Mike is also the past president of the Portland chapter of the Information Systems Security Association (ISSA) and a former Captain in the United States Marine Corps.

Mike holds is a Certified Information Systems Security Professional (CISSP) and holds a Bachelor of Science in Computer Science from the United States Naval Academy in Annapolis, Maryland.

NAME: Paul Aneja TITLE: IT Architect, Salem Health
Currently working at Salem Health, prior architect experience at several Northwest companies including Intel, Xerox, and Oregon Health Authority. Passionate about planning and improving the maturity of technology platforms, applications, and solutions. Develop roadmaps for various technology domains to advance new technologies. Education includes a Health IT Informatics graduate certificate degree from OHSU and Masters in Computer Science from Old Dominion University.

NAME: Brad Reardon TITLE: Lead Wireless Technical Consultant,
Kaiser Permanente
Focus: Mobile Communications strategy and engineering

Brad started out working on his family's home network in high school. After a short stint as a student technical support representative at Berry College, he joined the Marine Corps. While stationed in Hawaii, he worked as a Tactical Data Network Technician overseeing a helpdesk and three networks spanning the Pacific. Once leaving the Marine Corps, Brad went to work leading call center teams for Dell Computers in Phoenix, Arizona. After the opportunity to play professional paintball brought him to the Pacific North West, he worked at Holiday Retirement and Symantec before landing a position working on VoWiFi for Salem Hospital. In 2009, he left Salem Hospital to begin working for Kaiser Permanente.

Website
Lockpicking Workshop
Free Geek Website
Tuesday
Mar 25, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Tuesday
Apr 1, 2014
Galois tech talk: Practical Challenges to Secure Computation
Galois, Inc

Presented by John Launchbury.

In secure computation, one or more parties collaborate to compute a result while keeping all the inputs private. That is, no-one can gain knowledge about the inputs from the other parties, except what can be determined from the output of the computation. Methods of secure computation include fully homomorphic encryption (where one party owns the input data and the other party performs the whole computation), and secure multiparty computation (where multiple parties collaborate in the computation itself). The underlying methods are still exceedingly costly in time, space, and communication requirements, but there are also many other practical problems to be solved before secure computation can be usable. For programmers, the algorithm construction is often nonintuitive; for compiler writers, the machine assumptions are very different from usual; and for application designers, the application information flow has to match the security architecture. In this talk we will highlight these challenges, and indicate promising research directions.

Website
Wednesday
Apr 2, 2014
OWASP Chapter Meeting
Jive Software

Kevin Dyer will be presenting:


High-Profile Password Database Breaches: A Tale of (Avoidable) Blunders

Over the last few years, password database breaches reported in mainstream press have increased in frequency and magnitude. There is a typical pattern and service providers, such as Adobe or Yahoo or Snapchat, fail on at least two fronts: first, network perimeters and databases are breached and then, improperly secured user data and passwords are exfiltrated and shared in cleartext. Even if the former can't be prevented, there are security best practices to mitigate the impact of the latter, which are (seemingly) ignored.

In this talk, we'll discuss specific case studies and review the essential security best practices for storing sensitive user information. The goal is to show that in every case free, off-the-shelf tools are available, that would have mitigated the scope of the breach and (possibly) the onslaught of negative publicity. As one example, we'll build intuition for why using Scrypt (a memory-hard function) is superior to traditional cryptographic hash functions for storing passwords.

Kevin P. Dyer is a PhD student at Portland State University. His research focuses on network security and building protocols resistant to traffic-analysis attacks and censorship. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science with Mathematics from Santa Clara University.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Friday
Apr 4, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Saturday
Apr 5, 2014
Lockpicking Workshop - 2 year anniversary
Flux - Plastic Fantastics

Join us for this special 2-year anniversary meeting of The Open Organization Of Lockpickers, Portland chapter. We have lots of fun plans including special guests from TOOOL headquarters, key impressioning, some interesting locks that we don't see at average monthly meetings and much more! Everyone is welcome, all ages, no experience necessary, and it is totally free!

Bring your own vice if you have one (for impressioning).

Website
Tuesday
Apr 8, 2014
Galois tech talk
Galois, Inc

Presented by Morgan Miller.

Cryptographic tools have become more powerful in the last three decades. With that power has come complexity. To use or even understand most security tools you need a thorough understanding of mathematics which makes them inaccessible to the general public. The discipline of usability has been growing as well in the past three decades. There have been few but promising overlaps in usability and security which may provide vital tools for managing our digital selves, upholding the principal of privacy, and preserving freedom of speech.

Website
Monday
Apr 21, 2014
See us next month! Portland's Techno-Activism 3rd Monday
n/a
Friday
Apr 25, 2014
Galois tech talk: A Gentle Introduction to Hiding Usage Patterns
Galois, Inc

abstract: What if you want to store encrypted files on an untrusted Cloud Server in such a way that Server does not even know if you are editing the same file today as you were yesterday, or anything else about your usage patterns other than total amount of traffic to the Server? Clearly, no matter how strong of an encryption you use, access pattern is revealed: Cloud Server can simply track where on the hard drive you read/write from – clearly encryption does not hide that information. One naive solution to prevent revealing access pattern to the Server is to simply read all your data back from the Server and re-write your entire data back to Server in its entirety for each read/write. This works, but it is clearly impractical. Oblivious Random Access Memory (ORAM) is an algorithm that allows you to completely hide arbitrary access pattern in an efficient manner. In this talk, I will describe Oblivious RAM from the ground up, starting from my own Ph.D. thesis work on this topic (STOC 1990, MIT Ph.D. 1992) which showed the first efficient ORAM. The Journal Version of this work gained over 450 references according to Google Scholar [Ostrovsky-Goldreich JACM 1996] and ORAM became an important area of research in Cryptography in the last 5 years. I will describe surprising connections of ORAM to (1) tamper-proof embedded systems, (2) Software Protection (3) Secure Multi-Party and Secure Two Party Computation as well as (4) ways to securely compile programs with loops, “goto” statements, recursion, etc. into Garbled programs without “unrolling” the execution path, yet not revealing anything about the execution path. I will also compare and contrast ORAM to Single-Server Private Information Retrieval (Single-server PIR), which I co-invented with Kushilevitz in 1997, and explain important differences of these two models. The talk will be self-contained and accessible to the general audience.

Speaker bio: Rafail Ostrovsky is a Professor of Computer Science and Professor of Mathematics at UCLA and co-founder of Stealth Software Technologies, Inc. He has over 200 papers published in refereed journals and conferences and has 11 U.S. Patents issued. In 2013, Dr. Ostrovsky was inducted as an IACR (International Association of Cryptologic Research) Fellow. He currently serves as Vice-Chair of the IEEE Technical Committee on Mathematical Foundations of Computing and has served on 38 international conference Program Committees including serving as a PC chair of FOCS 2011. He is a member of the Editorial Board of JACM, the Editorial Board of Algorithmica; and the Editorial Board of Journal of Cryptology; he serves on the Editorial and Advisory Board of the International Journal of Information and Computer Security and is a member of the steering committee of the international symposium of Security in Communication Networks (SCN). He is a recipient of multiple academic awards and honors and has google h-index factor of 55. At UCLA, Prof. Ostrovsky heads security and cryptography multi-disciplinary Research Center (http://www.cs.ucla.edu/security/) at Henry Samueli School of Engineering and Applied Science.

Website
Tuesday
Apr 29, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Friday
May 2, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
May 15, 2014
ISSA Portland May 2014 Luncheon - Application Security
Con-Way

Join ISSA for our monthly luncheon on the topic of Application Security.

Click here to register online. Lunch for this event is complimentary, and is being funded by the generous support of our chapter sponsors. We do ask that you pre-register online, so that we can plan ahead for food.

When: Thursday, May 15, 2014 - Doors open at 11:30AM. The event will end at 1:00PM.

Lunch will be provided.

Presentation: Conrad Clark will be leading a discussion on the topic of application security, entitled: “Do you trust your software?” During this presentation we will discuss the concepts of; secure development, application testing, and security program management.

Conrad is a Security Solutions Architect with the Enterprise Security Products Group within HP. He is an expert in the area of application security testing and development. He has seventeen years of experience in IT Technical and Managerial experience. He had focused on Security and Security Services since 2004. He obtained his CISSP in March of 2005 and his CISM 2009. He has been working specifically in the area of application security since 2006. Prior to his civilian career, he served honorably on active and reserve duty in the United States Marine Corps for ten years.

Price: This luncheon is subsidized by chapter memberships and sponsors, and is complimentary. We do ask that you pre-register online, so that we can plan ahead for food.

CPEs: The chapter maintains proof of attendance for members but it is the members responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Elections We will be holding a vote for chapter officers at the May meeting. The roles and candidates are listed below; please contact a current chapter board member if you are interested in running or in serving as a committee chair/committee member.

Position: President

Candidate: Bowe Hoy

Position: Vice President

Candidate: James Trumper

Position: Secretary

Candidate: Amber Pham

Position: Treasurer

Candidate: Eric Dwyer

Chapter Sponsors

ISSA Portland would like to thank our 2013-2014 program year sponsors, who help make high quality programs like this possible:

Platinum Sponsor: Rapid7

Gold Sponsor: IBM

Silver Sponsor: Sword & Shield Enterprise Security

Silver Sponsor: Zscaler

Our lunch sponsor for this event is Hewlett Packard.

Website
Monday
May 19, 2014
Portland's Techno-Activism 3rd Monday
Flux - Plastic Fantastics

This event is free, but please RSVP on Eventbrite (linked above)

Using Metadata to Compromise Privacy: An Interactive Presentation

You've probably heard that your daily interactions over the web leave "metadata" that is used for advertising, law enforcement, and intelligence activities. In this presentation we will show what metadata is and what it can do by building case files from publicly available information. What types of things can you learn about yourself or others from metadata? Come find out.

This session will be lead by a Machine Learning PhD student from Oregon State University, which is the area of computer science responsible for programmatically processing metadata.

What should I bring?

  • A willingness to learn or to teach
  • A laptop
  • (optional) A current news story that you want to discuss with the group related to privacy/security/surveillance/censorship
  • Flux accepts donations so consider bringing a few bucks to show your appreciation for their support of this and future events.

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! From their website, "Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and activists who are interested in censorship, surveillance, and open technology. Currently, TA3M are held in various cities throughout the world, with many more launching in the near future."

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

Flux is generously providing space for the event.

The Privly Foundation will organize this and future TA3M Portland events.

Code of Conduct

Please read Flux's Code of Conduct: http://fluxlab.io/conduct-agreements/ to ensure a safe space for all.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

PDX TA3M on TA3M Wiki

Website
Tuesday
May 27, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Thursday
May 29, 2014
OWASP Chapter Meeting
New Relic

Ian Melven will be presenting: The Evolving Web Security Model


Is there a single cohesive model for the web ? No, there is not. What exists today is the result of the original same-origin policy and its evolution in many directions as a response to new threats and attacks. Where did we start, what tools are available to web developers to protect their sites and users, and where might we go in the future as the line between websites and native applications continues to become more and more blurry ? Join us on a journey through the past, present, and future of the web security model and its continuing evolution.

Ian Melven is an application security engineer at New Relic. He has previously worked in technical security roles at companies including Mozilla, Adobe, McAfee, Symantec, and @stake.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Bruce Schneier: "Internet, Security, and Power"
University of Oregon Portland

Computer security guru and writer Bruce Schneier examines the various ways power manifests itself in the Internet, and how security both allows the powerful to remain so while permitting the powerless to thrive as well. On the Internet, data equals power, and the dynamic between the various forces is the fundamental societal issue of the Information Age.

Website
Friday
Jun 6, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Saturday
Jun 7, 2014
CryptoParty
Free Geek

CryptoParties are informal gatherings where peers share knowledge about how to stay safe in a surveilled world. Bring your laptop and/or a USB thumb drive so that you can setup a selection of trusted free and open source software privacy applications.

Website
Monday
Jun 16, 2014
Portland's Techno-Activism 3rd Monday
Flux - Plastic Fantastics

This event is free, but please RSVP on Eventbrite (linked above)

Event Description

This month's topic is: User Experience and Privacy Software: An Interactive Workshop

Join us to make privacy software better. We believe that privacy software should be usable for the general public, and to start the effort, we need your help!

The goal of User Experience (UX) it is to make products as usable as possible for people. In this workshop, you'll learn about UX, download privacy software, and learn how to critically analyze the user experience to make it better. We hope to file some bug reports/feature requests to projects, and make a positive impact on their usability!

This is your chance to get a sneak-peek of an Open Source Bridge talk and meet other folks who will be attending Open Source Bridge.

This session will be lead by Jen Davidson, a Human-Computer Interaction PhD candidate from Oregon State University, and Sean McGregor, founder of The Privly Foundation and Machine Learning PhD student from Oregon State University.

What should I bring?

  • A willingness to learn or to teach
  • A laptop
  • (optional) A current news story that you want to discuss with the group related to privacy/security/surveillance/censorship
  • Flux accepts donations so consider bringing a few bucks to show your appreciation for their support of this and future events.

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! From their website, "Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and activists who are interested in censorship, surveillance, and open technology. Currently, TA3M are held in various cities throughout the world, with many more launching in the near future."

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

Flux is generously providing space for the event.

The Privly Foundation will organize this and future TA3M Portland events.

Code of Conduct

Please read Flux's Code of Conduct: http://fluxlab.io/conduct-agreements/ to ensure a safe space for all.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

PDX TA3M on TA3M Wiki

Website
Tuesday
Jun 24, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Saturday
Jul 5, 2014
CryptoParty
Free Geek

A CryptoParty is free, public and fun. People bring their computers, mobile devices, and a willingness to learn! CryptoParty is a decentralized, global initiative to introduce the most basic cryptography software and the fundamental concepts of their operation to the general public, such as the Tor anonymity network, public key encryption (PGP/GPG), and OTR (Off The Record messaging).

Website
Portland 2600
Theo's Restaurant

This meeting was moved from Friday to Saturday because of the holiday!

Don't show up on Friday night! Go enjoy the fireworks instead.

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Tuesday
Jul 22, 2014
OWASP Chapter Meeting
New Relic

Tim Morgan will be presenting: What You Didn't Know About XML External Entities Attacks

The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. Certain features built into the design of XML, namely inline schemas and document type definitions (DTDs) are a well-known source of potential security problems. Despite being a publicly discussed for more than a decade, a significant percentage of software using XML remains vulnerable to malicious schemas and DTDs. This talk will describe a collection of techniques for exploiting XML external entities (XXE) vulnerabilities, some of which we believe are novel. These techniques can allow for more convenient file content theft, sending of arbitrary data to arbitrary internal TCP services, uploads of arbitrary files to known locations on a vulnerable system, as well as several possible denial of service attacks. We hope this talk will raise awareness about the overall risk associated with XXE attacks and will provide recommendations that developers and XML library implementors can use to help prevent these attacks.

Tim Morgan is credited with the discovery and responsible disclosure of several security vulnerabilities in commercial off-the-shelf and open source software including: IBM Tivoli Access Manager, Real Networks Real Player, Sun Java Runtime Environment, Google Chrome Web Browser, OpenOffice, and Oracle WebLogic Application Server. Tim develops and maintains several open source forensics tools as well as Bletchley, an application cryptanalysis tool kit. Tim regularly speaks and delivers technical training courses, his next of which will be on cryptography for developers at AppSecUSA 2014.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Wednesday
Jul 23, 2014
ForgeRock's 3rd annual social July 23rd at Kell's Irish Pub!
Kells Irish Restaurant & Pub

ForgeRock welcomes you to our 3rd annual social at Kells Irish Pub, 112 SW 2nd Ave, Portland, Oregon 97204. 



Date: July 23, 2014 
 Time: 5:30 PM - 8:30PM
 Location: Kells Irish Pub, 112 SW 2nd Ave, Portland, OR, 97204



Free beverages to guests wearing a ForgeRock wristband! Be sure to look for a ForgeRock staff member passing out wristbands during OSCON to gain entry into this exclusive event!

We look forward to an evening of discussion about: 


  • Identity Relationship Management

  • Data Stores
  • Authentication
  • Authorization 

  • User provisioning
  • Community
  • Contributions
  • Developments
  • Events
Tuesday
Jul 29, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com, Facebook, & Google+. Invite your friends!

Website
Saturday
Aug 2, 2014
CryptoParty
Free Geek

A decentralized, global initiative to introduce the most basic cryptography software and the fundamental concepts of their operation to the general public, such as the Tor anonymity network, public key encryption (PGP/GPG), and OTR (Off The Record messaging).

CryptoParties are free to attend, public, and commercially and politically non-aligned.

Website
Tuesday
Aug 26, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Sep 6, 2014
CryptoParty
Free Geek

CryptoParty is a grassroots global endeavour to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, TrueCrypt, Linux, and virtual private networks to the general public.

This is a free skill-sharing event with other Cryptography and Privacy technology experts, working along side and sharing information with people new to Crypto and Privacy.

Everyone is welcome regardless of experience, bring a Laptop if you have one, if not, bring a USB thumbdrive, a pen and a pad of paper.

Website
Thursday
Sep 18, 2014
ISSA Portland Chapter - September 2014 Luncheon
Con-Way

Please join ISSA Portland for our monthly chapter meeting luncheon on the topic of: Breaches are inevitable – what can you do to prepare?

Please register online using the URL below to attend the event. Online sales will end 09/16/2014 at 10pm after which you will need to pay at the door. Seating is limited, so sign up today. http://www.eventbrite.com/e/chapter-meeting-breaches-are-inevitable-what-can-you-do-to-prepare-tickets-12427379627

When: Thursday, September 18, 2014 - Doors open at 11:30AM. The event will end at 1:00PM. Lunch will be provided.

Presentation:
Breaches are inevitable. You can implement strong security controls but breaches are a matter of when, not if it happens. The faster you respond to a breach of personally identifiable or sensitive information, the lower the operational, financial, or reputational impact to your organization. If your organization stores information such as social security numbers, driver’s license numbers and financial information, you need to be in a position to respond and notify because it’s sound business practice and it’s the law in the State of Oregon. The purpose of this presentation is to provide an overview of the regulatory requirements when it comes to breach notification and provide tools you can use in your own organizations to quickly respond to breaches when they occur, especially when you are required to notify your customers of such a breach.

This presentation is intended for security professionals, compliance officers, chief privacy officers and legal counsel who are or may be responsible for responding to security incidents that involves the unsecure breach of personally identifiable, protected, or sensitive information.

Presenter:
Chris Apgar, CISSP, CEO and President of Apgar & Associates, LLC, is a nationally recognized information security, privacy and electronic health information exchange expert. He has over 16 years of experience assisting health care organizations comply with HIPAA, HITECH and other privacy and security laws. Mr. Apgar has assisted healthcare, utilities and financial organizations implement privacy and security safeguards to protect against organizational harm and harm to consumers. Mr. Apgar served as a member of the Workgroup for Electronic Data Interchange Board of Directors for eight years. He currently is a member of the Oregon Prescription Drug Monitoring Advisory Commission. Mr. Apgar has been a Certified Information Systems Security Professional since 2002 and is a senior member of the Information Systems Security Association.

Price:
The chapter meeting is subsidized by chapter memberships and sponsors. There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $30 cash at the door. If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Sponsors ISSA Portland would like to thank our program sponsors, who help make high quality programs like this possible.

Platinum Sponsor: Rapid7 Gold Sponsor: IBM Silver Sponsor: Sword & Shield Enterprise Security Silver Sponsor: Zscaler

Website
Friday
Oct 3, 2014
BSidesPDX

BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the infosec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration. The Portland and greater Northwest information security community spans a broad spectrum of participation from CISOs, Fortune 100 company security experts, small business system admins, to independent security researchers.

Website
Thursday
Oct 16, 2014
ISSA Portland Chapter October 2014 Luncheon - Threat Intelligence
Con-Way

Please join Information Systems Security Association (ISSA) Portland for our monthly chapter meeting luncheon on the topic of: Is Threat Intelligence Making Us Stupid?

Please register online using the URL below to attend the event. Online sales will end 10/14/2014 at 4pm after which you will need to pay at the door. Seating is limited, so sign up today.

http://www.eventbrite.com/e/monthly-chapter-meeting-is-threat-intelligence-making-us-stupid-tickets-13324679475?aff=issalist

When: Thursday, October 16, 2014 - Doors open at 11:30AM. The event will end at 1:00PM. Lunch will be provided.

Location:
Con-Way 2055 Northwest Savier Street Portland, OR 97209

Con-way's reception desk is located at west end (closest to 21st Ave.) of the AdTech II building, best accessed by turning into the entrance located on 21st Ave; the main entrance to the building is on Savier Street on the west side of the building. This entrance is manned by a security guard and you will be asked to sign in. Con-way has asked that guests park in the two lots to the East of NW 20th Avenue between NW Raleigh and NW Thurman. Please do not park in spaces that are marked with names other than Con-way since these spaces are leased. The best option is the lot on the NE corner of NW Raleigh and NW 20th.

Presentation: Too many threats not enough time? This is the challenge for security professionals today, as we become inundated with data generated security devices, sensors, applications and remote feeds we can easily become numb to what our data is trying to tell us and often end up ignoring critical warning signs of compromise. This presentation will attempt to put some method to our madness and explain how to apply threat intelligence tools and data so that it is more than just speeds and feeds, but a legitimate resource and ally against increasingly well-resourced and cunning adversaries.

Presenter: Ken Westin of Tripwire is a security analyst and "creative technologist" with 14 years’ experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and has won awards from MIT, CTIA, Oregon Technology Awards, SXSW, Entrepreneur and named in Portland Business Journal's 2013 "40 Under 40". He has worked with law enforcement and journalists utilizing various technologies to unveil organized crime rings, recover stolen cars, even a carjacking amongst other crimes.

Price:
The chapter meeting is subsidized by chapter memberships and sponsors. There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $30 cash at the door.

If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Sponsors ISSA Portland would like to thank our program sponsors, who help make high quality programs like this possible.

Gold Sponsor: IBM Silver Sponsor: Zscaler

Website
Monday
Oct 20, 2014
OWASP Chapter Planning Meeting
Tugboat Brewing Company

This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.

Please RSVP if you plan on showing up. Just shoot an email to

( tim DOT morgan AT owasp DOT org )

Some of the topics we expect to discuss at this meeting:

  • Chapter meetings
  • FLOSSHack events
  • Approaches to sponsorship
  • Long term group leadership and governance
  • YOUR ideas

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
Oct 28, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Oct 29, 2014
Bringing a Secure Cloud to Your Enterprise
Online Webinar

The Cloud’s business model allows your organization to leverage existing infrastructure and platform investments for greater convenience, but developing a secure Cloud strategy involves numerous considerations and planning. Join us for this free webinar on October 29th, 2014 at 11am PT where we we will explore Microsoft Azure and Cloud Security.

Website
Thursday
Nov 6, 2014
The Future of Security Panel & Wyatt Starnes Memorial Award Sponsored by OEN
Sentinel Hotel

In light of recent massive cyber attacks at Target, JP Morgan, and The Home Depot, among others, where do we go from here? What cyber controls are needed to meet quickly evolving new threats? What kinds of new strategies should enterprises—large and small, public and private—start employing now to build a more secure future? Join us for an evening with leading cyber security experts, including a networking hour, an armchair discussion, and audience Q&A.

This special event will mark the launch of the annual Wyatt Starnes Memorial Award, honoring William Wyatt Starnes, founder and CEO of SignaCert and cofounder of Tripwire Inc., who died on May 10, 2014 at age 59.

*This event is free and open to the public, but seats are limited and registration is required.

Moderator: Craig Wessel, Publisher of the Portland Business Journal

Featured speakers: John Stewart, Senior Vice President, Chief Security and Trust Officer, Cisco

John Stewart will present a comprehensive vision for cybersecurity in a world whose threat landscape will include Cloud and Internet of Everything systems. He leads Cisco's prestigious Security and Trust Organization, has served on numerous national cyber commissions, and was the 2014 winner of Chief Security Officer of the Year.

Rear Admiral Robert "Willie" Williamson (Retired), National Cyber Security Expert

Admiral Williamson will facilitate the panel discussion. He was a former Commanding Officer of the USS Nimitz and Commander of the USS John F. Kennedy Battle Group. He has held leadership positions at Raytheon Company and Microsoft Corporation and is currently the Strategic Advisor at Shape Security Company.

Dwayne Melancon, Chief Technology Officer, Tripwire

Dwayne Melancon will emphasize the need for customer-driven security solutions. Dwayne regularly works with enterprises on how to prevent data breaches recover from breaches that have already occurred, and coaches Fortune 500 CISOs and CIOs on effective communications with the board room and the C-Suite. He holds CISA and ITIL certifications, is a member of numerous cybersecurity groups, and is a national speaker on information security topics.

Pete O'Dell, author Cyber 24-7: Risks, Leadership and Sharing

Pete O'Dell will address the need for "tone at the top" regarding cybersecurity, and the importance of board and executive policy in preventing and responding to cyber attacks. He has a 30-year career as a high tech leader at companies including AutoDesk, Microsoft and MicroWarehouse. He has lectured about cyber security and the board through National Association of Corporate Directors to Fortune 500 board members and executives.

Abrar Ahmed, Sr. Vice President for Technical Services, Eid Passport

Abrar Ahmed will address issues related to identity and access management in the panel discussion. A national expert of trusted identity management systems, he has over 20 years' experience as a high tech executive at companies including Mentor Graphics and Micro Power Electronics.

Website
Friday
Nov 7, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
Nov 20, 2014
ISSA Portland Chapter November 2014 Symposium - Advanced Malware
Widmer Brothers Gasthaus

Presentations: Beating Cybercriminals: Preventing Compromise in the Face of Advanced Attacks

Cybercriminals combine social engineering techniques with ongoing application vulnerabilities to install advanced malware on both customer devices to compromise financial accounts and employee devices to compromise corporate networks. Advanced malware effectively bypasses authentication technologies and readily evades anti-virus applications. New endpoint solutions have emerged that have some merit, typically with a narrow focus on a single threat vector, but none have proven effective at stopping dynamic threats, and most of these approaches come with a very high operational cost. A new approach to cybercrime protection and preventing compromise is desperately needed.

This presentation will provide an overview of: · The methods cybercriminals use to successfully install advanced malware on endpoint devices · The most recent fraud cybercrime developments and compromise techniques uncovered by Trusteer research · New approaches available to mitigate the increase risk from endpoint devices · Case studies of actual cybercrime prevention results · Demonstration of preventing different advanced attack scenarios

Presented by Christopher Beier - Sr. Product Marketing Manager for IBM/Trusteer. Christopher brings impressive security DNA through his almost 20 years’ experience working for both Symantec, and McAfee. Christopher has deep knowledge and experience in the financial services and online banking security with 5 years as a technical product manager at Fiserv. He is also a 12 year US Navy veteran where he applied IT administration skills to the US submarine corp. Christopher presented on advanced malware issues at Black Hat USA 2014.

Staying Ahead of the Malware Curve Over the last five years the threat curve for dealing with advanced attackers and malware has changed significantly. Keeping ahead of signature updates used to be the battleground, but the escalating arms race has moved on to staying ahead of whitelisting, reputational, and dynamic analysis capabilities—and the people we truly care about keeping out of networks are gaining traction once again. Worse still, these capabilities are moving down the threat curve at an accelerating pace, meaning anyone has the potential to acquire these capabilities. Many in our ranks have given up on keeping our adversaries out of our ranks and instead focused on rapid detection. Though no silver bullet exists in our toolbox, there are new solutions that flip the economics to our favor.

This presentation will provide an overview of: · The methods cybercriminals use to successfully install advanced malware on endpoint devices · Insight into the evolution of malware attacks, focusing on the new techniques in use today · Discussion of cutting edge malware delivery platforms · Demonstration of commodity exploit kits (Blackhole) · Discussion around endpoint application isolation techniques · Demonstration of commodity exploit prevention leveraging non-persistent desktop browsing

Presented by Darrin Mourer - Sr. Solution Architect with Invincea specializing in advanced threat prevention, detection, and forensics. He has been involved in the information security space for over 15 years in both information security officer and vendor roles. He has held various certifications including CISSP, CISA, SANS, and ITIL. Previous to Invincea, Darrin spent over 10 years in various sr. level security roles at Symantec.

Panel Discussion – Key Advanced Malware Countermeasures

Following the two presentations, ISSA Portland will provide lunch followed by a moderated panel discussion on key advanced malware countermeasures and practical implementation concepts. The panel will consist of:

Christopher Beier - IBM Darrin Mourer – Invincea *Additional local Security Expert Panelists being confirmed

Price:
The chapter meeting is subsidized by chapter memberships and sponsors. There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $30 cash at the door.

If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Sponsors ISSA Portland would like to thank our program sponsors, who help make high quality programs like this possible.

Gold Sponsor: IBM Silver Sponsor: Zscaler

Website
Tuesday
Nov 25, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Thursday
Dec 4, 2014
OWASP Chapter Meeting
New Relic

Joseph Arpaia, MD will be presenting: Hiding in Plain Sight: A Mnemonic Method For Creating Secure Passwords

The human brain is not suited to recalling secure passwords composed of random sequences of characters especially if they are not used regularly. Humans are excellent at recalling sentences, even years after learning them, e.g. nursery rhymes, song lyrics. This ability can be used to create a mnemonic method for generating a large number of passwords from one remembered passphrase, even if the passphrase and the associated characters are not kept secret.

Joseph Arpaia received his BS in Chemistry from CalTech and his MD from UC Irvine where he also did research in electrophysiology and applications of chaos theory to psychiatry. He is a psychiatrist in private practice in Eugene, OR and applies heart rate variability analysis in his work with patients. He also teaches applications of mindfulness meditation to psychotherapy at the University of Oregon and is the co-author of Real Meditation in Minutes a Day. He has a long-standing interest in passwords and security which dates back to his experience at age 8 when he came up with a Vernam cipher in response to a challenge by his father to encrypt a text message.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Thursday
Dec 11, 2014
ISSA Portland Holiday Party 2014
Con-Way

Presentation: “Combating the Insider Threat” Malicious attacks are up 87% over last year and insider threats still remain as the leading cause of Data Breaches and IT sabotage. The threat is real, enough so that Federal agencies and Federal systems integrators were required by Executive Order #13587 to implement an “Insider Threat Detection and Prevention Program” by the end of 2013. Yet traditional Defense-in-depth methods fall flat to address the ever-present risk inherent to unstructured data management. Come learn what industry trends as well as recent research from the FBI can teach us about securing our security “soft center”.

Mr. Terry Boedeker, CISSP Solutions Engineer, Varonis Systems

Terry Boedeker has over 15 years of experience in Information Technology ranging from software development, technical writing, managed services and data center operations, to business continuity program management, and information security. He proudly served in the United States Marines from 2003 to 2007, and graduated summe cum laude from DeVry University in 2012, earning a B.S. in Networks & Communications Management. He joined Varonis Systems in 2013, and maintains the Certified Information Systems Security Professional certification from (ISC)2. For more details, visithttps://www.linkedin.com/in/terryboedeker

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This event will offer 1 CPE per hourof attendance.

Chapter Sponsors ISSA Portland would like to thank our sponsors, who help make high quality programs like this possible. Gold Sponsor: IBM Silver Sponsor: Zscaler

Website
Tuesday
Dec 16, 2014
Galois tech talk: Common crypto mistakes in Android – and how we can make it better
Galois Inc

abstract: If you do a web search for “encrypting Strings in Android”, you’ll find a lot of example code, and they all look pretty similar. They definitely input a String and output gibberish that looks like encrypted text, but they are often incorrect. Crypto is tricky: it’s hard to tell that the gibberish that’s being printed is not good crypto, and it’s hard to tell that the code example you picked up from Stack Overflow has serious flaws.

The problem here is that sites like Google and Stack Overflow rank results based on popularity, but the correctness of crypto isn’t something we can vote about. It’s not a popularity contest. To use it correctly, you have to understand the properties of the algorithm and the security goals of your code. Maybe the bad crypto someone pasted up on the Internet was acceptable for their needs, but there’s a good chance it’s completely unacceptable for yours.

In this talk, we’ll discuss the use of a very common crypto algorithm, AES, and show how code examples on the Internet usually make serious mistakes in how they use AES libraries. What are the consequences of these mistakes and what are more reasonable defaults. We’ll also talk a bit about our simple Android library that tries to do AES right.

More information on the Tozny blog: http://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/

bio: Isaac is a security researcher at Galois where he has lead authentication and collaboration projects for the DoD and IC. Isaac earned his master’s degree in Cybersecurity from the University of Maryland, University College, and his B.S. in Computer Science from Ohio State University. In 2013, Isaac founded Tozny, a Galois spin-off company aimed at solving the password conundrum. Easier and more secure than passwords, Tozny replaces passwords with an easy-to-use cryptographic key on a user’s mobile phone.

Website
Tuesday
Dec 30, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Monday
Jan 12, 2015
Galois Tech Talk: Overcoming Problems when Applying Machine Learning to Cybersecurity
Galois Inc

bio: Evan Wright is a member of the Technical Staff for the Threat Discovery Group of the CERT Coordination Center (CERT/CC). The CERT/CC is a division of the Software Engineering Institute at Carnegie Mellon University. He holds a MS in Information Security and Technology Management from Carnegie Mellon University and a BS in Technology Systems from East Carolina University. He has over 20 years experience in computer networking and holds a CCNP and six other certifications. Since joining SEI, he has supported a variety of customers in areas such as IPv6 security, ultra-large scale network monitoring, malicious network traffic detection, intelligence fusion, and cybersecurity applications of machine learning. Before joining SEI, he was a network administrator for a medium sized company and Internet Service Provider in North Carolina.

Website
Tuesday
Jan 27, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Friday
Feb 13, 2015
OWASP Chapter Meeting
New Relic

Software development is speeding up; Waterfall to Agile to Continuous Integration to Continuous Deployment. Do we still have time for security? Of course we do! But many development shops are unaware how to add security to their development process and will often use "security slows us down" as a reason to produce insecure code. This talk focuses on how to add security into a speedy development process while still remaining fast and responsive to customer requests.

The speaker will be Joe Basirico - the VP of Services for Security Innovation. Before he started leading the team, he was a developer, trainer, researcher, and security engineer. Joe spent the majority of his professional career analyzing software security behavior and researching how software development organizations mature over time from a security perspective. Through this research, he developed an understanding of application threats, tools, and methodologies that assist in the discovery and removal of security problems both software- and process-related. He manages the company’s engineering blog and has written several publications and tools that focus on source code level vulnerabilities.

Website
Monday
Feb 16, 2015
Portland's Techno-Activism 3rd Monday: The Battle for Protecting Data
Mozilla

Event is free, but please RSVP: http://ta3m-pdx-17.eventbrite.com

The Battle of Protecting Data

Join us this month for a talk and lively discussion on "The Battle of Protecting Data". With the changing world of enterprise computing ("Bring your own device", mobile, SaaS), the corporate world is having to re-think how they do security.

Presenter

Bill Giard is a Principal Engineer in Intel's IT organization and is responsible for helping to lead IT's software delivery across multiple client platforms. Bill joined Intel in 1996 with a Bachelor's degree in Computer Science and has over 20 years of IT experience.

Hosted by: Portland Techno-Activism Third Mondays. Refreshments provided.

Sponsored by: The Privly Foundation, and hosted at Mozilla

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Twitter

Event hashtag: #ta3m

Event organizers: @Privly, @TechnoActivism

Venue host: @MozPDX

Code of Conduct

Attendees are expected to read and abide by Privly's Code of Conduct

Website
Tuesday
Feb 17, 2015
ISSA Portland February 2015 Symposium - BYOD
Tiger Woods Center, Nike campus, Beaverton, OR

Two presentations on BYOD strategy, followed by a panel discussion.

Speaker 1 "BYOD Policy, Trust Continuum, and Enforcement Technologies"

In 2015, nearly every organization has had to take a position on where they stand with BYOD. Some IT leaders fully embrace it, others are still pretending it does not exist. While others have defined a "Trust Continuum" granting access in trade for control. Such a innovative approach is impossible without accompanying "Trust Continuum" technical controls to enforce the administrative policy. This presentation will cover from policy to technical enforcement of trust.

Collin Miller “Secure Mobility: IT Strategy for the Mobile Enterprise,” delivers a clear assessment of the state of mobile security today paired with an insightful look into what the future holds. He shares vetted strategies for implementing BYOD and packs his talk with practical information about available tools for mobile device and application management.

Collin Miller has spent more than a decade thinking about, designing and implementing secure IT infrastructures, especially those incorporating BYOD and mobile device management policies. He is a strategic planner, highly skilled and certified in technologies that touch nearly every part of the enterprise. Currently, Collin focuses his attention and energy on mobile device security and management, DLP, remote access and authentication, next-gen firewalls and SIEM.

Website
Tuesday
Feb 24, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Monday
Mar 16, 2015
Techno-Activism 3rd Mondays: Privacy Day Happy Hour
Lucky Labrador Beer Hall

Privacy Day is on March 16th down in Salem. You can learn more about it here: http://aclu-or.org/privacyday. We encourage you all to attend, if you can!

Portland's Techno-Activism 3rd Mondays is having a no-host evening happy hour so folks who went can share their experiences, and for folks who didn't go to learn about Privacy Day and hear about how things went. It'll also be a time to talk amongst ourselves and privacy-related events and policies that impact our lives.

What is Techno-Activism 3rd Mondays?

Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and activists who are interested in censorship, surveillance, and open technology. This is an international meetup and happens in over 20 cities around the world.

Portland's TA3M does meetups on all of the above topics (and more!). The format varies from month to month. Sometimes we have fantastic speakers, sometimes we do lightning talks, and sometimes we do hands-on workshops. It all depends on what our meetup attendees are interested in hearing about, and what we have time to plan. Have a suggestion for a topic? Let us know!

Code of Conduct

As with all of our events, there is a code of conduct. Please read it here: https://www.privly.org/content/code-conduct. All attendees are expected to abide by this code of conduct.

Website
Wednesday
Mar 18, 2015
NIKE Tech Talk
Nike Decathlon Club Cafe

NIKE Tech Talk

Thank you to the 175+ people who attended the first NIKE Tech Talk in our new program! The event was a big success and we're excited to host a second evening of talks.

Please join us at the NIKE campus on Wednesday, March 18th (3:30-7:00pm) for two tech talks, snacks, and drinks. Learn more about the talks and RSVP at: http://niketechtalks-march2015.splashthat.com.

The Insecurity of Things

Stephen A. Ridley (Principal, Xipiter LLC)

...and Hardware for All

Joe Grand (Founder and Principal Engineer, Grand Idea Studio)

For those of you who attended last time, the venue set up has been adjusted for an improved attendee experience. If you have any questions, feel free to get in touch with us.

Website
Tuesday
Mar 31, 2015
OWASP Chapter Meeting
New Relic

People in Information Security say passwords are dead. Yet the replacement solutions are not available or main stream. An independent developer, Steve Gibson, decided to do something about it and created SQRL. From his website "Proposing a comprehensive, easy-to-use, high security replacement for usernames, passwords, reminders, one-time-code authenticators . . . and everything else." Let's talk about what SQRL is, how it works, how it could work in your solution and does it have competitors.? I am as interested in your feedback as I hope you are interested in resolving the password problem!

Brian Ventura is an Information Security Architect at the City of Portland and 21 years experience in IT. Brian has enterprise, consulting and project management experience, supplying secure solutions to internal and external customers. Brian is mentoring a SANS MGT414 course in Portland between April 14th and Jun 16th. You can find more information at https://www.sans.org/instructors/brian-ventura

Website
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Thursday
Apr 16, 2015
ISSA Portland - Zero Days, Ghost Malware, and Other Current Trends
Con-Way

Please join ISSA Portland for our monthly chapter lunch meeting presenting the topic of: Zero Days, Ghost Malware, and Other Current Trends, Presented by FireEye.

You can register at the link below until Monday April 13, 2015: https://www.eventbrite.com/e/monthly-chapter-meeting-threat-intelligence-and-zero-day-malware-tickets-16218230163

When: Thursday – April 16, 2015 – 11:30 to 1pm (PST) – doors open at 11am. Then event will end at 1:00PM.
Lunch will be provided.

Presentation: Zero Days, Ghost Malware, and Other Current Trends

Tobin Sears currently leads the Western region systems engineering team at FireEye – an organization dedicated to protecting enterprises and governments against the next generation of cyber-attacks through the use of a purpose-built, virtual machine-based security platform. His expertise in the Web security space has led him to architect and consult on an extensive portfolio of secure infrastructure projects worldwide. Prior to FireEye, Tobin held various positions at F5, McAfee/Secure Computing, and NetApp. He holds a Bachelor of Science degree from the University of California, Berkeley.

Price:
The chapter meeting is subsidized by chapter memberships and sponsors. There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $30 cash at the door. If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Website
Monday
Apr 20, 2015
Techno-Activism 3rd Monday: Movie Night
The Gameroom

Free, but please RSVP with the link provided above

Movie Night

We'll have a cozy movie showing at theGameRoom. The movie is to-be-decided but will be on one of the following topics: privacy, surveillance, security, censorship.

Join us for a movie & discussion - everyone is welcome!

Appetizers will be provided, but we encourage you to support theGameRoom and indulge in a beverage and more food!

What's TA3M?

This is the Techno-Activism 3rd Monday event for Portland, Oregon. Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and activists who are interested in censorship, surveillance, and open technology. Currently, TA3M are held in various cities throughout the world, with many more launching in the near future.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation organizes this and future TA3M events.

theGameRoom is generously providing space for the event. After the meetup, theGameRoom will provide free game play to TA3M attendees.

Code of Conduct

As with all of our events, there is a code of conduct. Please read it here: https://www.privly.org/content/code-conduct. All attendees are expected to abide by this code of conduct.

Website
Tuesday
Apr 28, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
May 26, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Jun 17, 2015
OWASP Chapter Meeting
Jive Software

Bob Loihl will be presenting:
Secure Software Development Life Cycle in an Agile World

In this day and age we must do everything we can to produce secure software. But how you ask? I will be talking about some of the options available and how to get an initiative started in your workplace/project. I will cover some of the choices out there for Agile Development and then we'll examine one choice, BSIMM (https://www.bsimm.com/), in more depth. I will follow that up with a discussion of some of the challenges and some of the benefits of implementing an SSDLC.

Bob Loihl is a Software Engineer with 20+ years of experience developing business applications, leading teams and spreading the security word. He has a strong interest in delivering applications that are secure by design in an agile world. He has been helping Tripwire grow and mature its development processes for the last 10 years and his current hobby is incorporating SSDLC (Secure Software Development Life-Cycle) processes into the software manufacturing process. Bob is passionate about family, software, canoes and guitars. In his spare time he works at Tripwire producing high quality software using Agile methodologies. Oh yeah, he cares a tiny bit about security.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
Jun 30, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Jul 21, 2015
OWASP Chapter Meeting
New Relic

Talk

At the end of the day, security depends on code. Secure software demands secure code, configuration, management, testing, and constant improvement.

Security automation aligns perfectly with the modern, fast-paced environments like continuous delivery that are quickly seeping into companies of all kinds.

Automation provides drastic results with little effort, but quickly reaches a plateau where the effort involved in finding better results that provide value rises above the value of focusing elsewhere.

In this talk, I will focus on some of the lesser discussed topics of security automation and how they relate to the lines of code that produce the reason why we are discussing security automation today. The goal is to give a complete understanding of the ways that companies like _ and _ have produced secure code that runs their web applications.

Speaker

Neil is currently an engineer at GitHub, co-founder of Brakeman Security Inc., and OWASP Orange County board member. Formerly, he was an application security engineer at Twitter, OC Ruby leader, and AppSec California organizer. Neil enjoys long walks on the beach, long walks in the woods, and long walks anywhere really. His turnoffs include noisy offices, noisy people, and noisy anything really.

Website
Tuesday
Jul 28, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Aug 25, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Sep 29, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Friday
Oct 2, 2015
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Wednesday
Oct 7, 2015
OWASP Chapter Planning Meeting
Mama Mia Trattoria

This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.

Please RSVP if you plan on showing up. Just shoot an email to

( tim DOT morgan AT owasp DOT org )

Some of the topics we expect to discuss at this meeting:

  • Summary of AppSecUSA
  • Leads on speakers for Chapter Meetings
  • FLOSSHack events
  • A Possible Training Day
  • Long term group leadership and governance
  • YOUR ideas

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Thursday
Oct 22, 2015
ISSA Portland SIEM (Security Information and Event Management) Symposium
Sintenel Hotel

Please join us for this symposium on SIEM. Presentations will be provided by IBM, GBProtect and TripWire., and the topics include models for SIEM deployment and SOC optimization, a methodology to bring new sources into a SIEM, and how using SIEM technology and multiple sets of data can shorten time to detection and response. There will also be an interactive panel discussion on SIEM. The agenda and full presentation descriptions can be found in the Eventbrite registration link.

This is a half-day event that will provide 4 hours of CPEs. Lunch will be provided. The fee for this symposium is $10(member) or $30 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $50 cash at the door. If you wish to become a member, please visit http://portland.issa.org/join-issa-portland.

Please use the Eventbrite link above to register for the event.

Website
Tuesday
Oct 27, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Friday
Nov 6, 2015
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Monday
Nov 16, 2015
TA3M
Mozilla

The Privly Foundation organizes Portland TA3M. Ever wonder what they do?

Priv.ly is a platform that allows you to encrypt your content anywhere on the web, with the click of a button. Join us for a hands-on workshop on using Priv.ly.

Website
Tuesday
Nov 17, 2015
OWASP: Antivirus in the Enterprise - Is it dead yet?
Jama Software (New Office)

This month's topic is "Antivirus in the Enterprise - is it dead yet?" Read almost any article about antivirus today, and there will be an opinion somewhere in the writings about the applicability and effectiveness of antivirus software in the enterprise today. Some say yes; some say no. We will open this meeting with a pro/con presentation by security professionals Tony Carothers and Timothy D. Morgan, followed by discussion and debate in a panel style, about antivirus software and it's effectiveness in software security today. Refreshments will be provided.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Tuesday
Nov 24, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Friday
Dec 4, 2015
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Tuesday
Dec 29, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Jan 20, 2016
Cybersecurity Round Table Summit Portland
BridgePort Brew Pub

Join in a security round table discussion with the industry’s leading security vendors.

Fortinet • Palo Alto Networks • Cisco • RiskSense

An open forum for security professionals.

Don’t miss the chance to interact with the CenturyLink Cybersecurity team and some of the industry’s top security technology providers. Network with other security professionals in your industry while you learn about the latest security technology trends. Lunch, drinks and promotional giveaways will be provided.

Topics of Discussion: - Centurylink Cybersecurity Services and Analysis - Cyber threat State of the Union Analysis - Vendor Specific Threat Analysis and Response - Securing Hybrid Cloud Networks - Meeting Security Regulatory Requirements - The Future of Cyber Attacks

Website
Tuesday
Jan 26, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Monday
Feb 15, 2016
CoreOS + Techno-Activism 3rd Monday
Portland State Business Accelerator Mt. Hood room

Join us on Monday, February 15th for a joint CoreOS and Techno-Activism 3rd Monday meetup. We'll have two knowledgable CoreOS presenters, Alex Crawford and Matthew Garrett, as well as lots of tasty food! Come learn about security and CoreOS.

6:00 pm

Food, Drink, Networking

6:30 pm

New Ways to Deploy and Manage Applications at Scale

Alex Crawford, software developer at CoreOS

The last decade belonged to virtual machines and the next one belongs to containers. CoreOS is a new Linux distribution designed specifically for application containers and running them at scale. This talk will examine all the major components of CoreOS (etcd, fleet, docker, systemd) and how these components work together.

7:15 pm

Protecting Laptops Against High-Level Adversaries

Matthew Garrett, principal security software engineer at CoreOS

You’ve left your laptop in your hotel room. You come back, turn it on and type in your disk encryption passphrase. And, just like that, you've granted access to all your private data to the person who slipped in with a USB stick while you were out.

This isn't a hypothetical case. We've seen companies selling tools that are intended to bypass disk encryption by simply modifying the boot process and waiting for the user to type in their decryption key. It's a worrying situation, but it's one that we can protect users against.

This presentation will describe how some of the same techniques used to protect servers can be used to verify the state of laptops. It'll demonstrate the use of a novel but straightforward piece of software that allows users to use widely deployed hardware to let users check the security of their system at a glance. And it'll talk about why you still need to be afraid of a smaller set of really scary people.

8:00

Networking

Interested in speaking at a CoreOS meetup or hosting a future event? Please reach out to marketing at coreos.com to discuss!

Website
Wednesday
Feb 17, 2016
OWASP: Inspiring People to Embrace Risk Management
New Relic

This month's OWASP chapter meeting features Andrew Plato, President and CEO of Anitian.

Talk

Security leaders are under supreme pressure to build security programs that protect the business without disabling the business. However, the greatest impediment to success is not the technologies or regulations, but rather the people who must implement a security program. As a security leader, how do you communicate important risk, security, and compliance concepts to your team in a manner that inspires them to action? The answer is security vision. We live in world where people do not want more rules, they want meaning. The problem with so much of what we do in security is that it often seems annoying and unnecessary to users and executives. When people understand the mission and vision of the organization, they are naturally inclined to follow good practices. In this presentation, veteran security leader, as well as a CEO, Andrew Plato will discuss how to create, foster, and promote security vision to improve engagement with your co-workers. We will discuss communication, leadership, and motivational strategies that clarify and simplify security concepts to drive maximum employee engagement.

Speaker

Andrew Plato, CISSP, CISM, QSA

In 1995 while working at Microsoft, Andrew executed the first known instance of a SQL Injection attack against an early e-commerce site. When he demonstrated this attack to the developers, they dismissed the issue as irrelevant. This intrigued but also inspired Andrew to found Anitian with the goal of helping people understand the complexities of information security.
Today, Anitian is one of the most trusted names in security intelligence with clients worldwide. Anitian has a mission to Build Great Security Leaders. For the past 20 years, Andrew and Anitian have consistently executed on this mission with innovative, pragmatic answers to the most vexing security, compliance, and risk challenges. Andrew’s career encompasses nearly every dimension of information security. He has participated in thousands of security projects, written hundreds of articles, and advised hundreds of C-level executives. Being a both a business owner and security practitioner allows Andrew to bring a unique perspective to any discussion regarding security, technology, and governance. Andrew is well-known for delivering entertaining presentations that challenge conventional thinking and deliver practical answers to complex IT security challenges.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Tuesday
Feb 23, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Mar 29, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Apr 6, 2016
Build Your Incident Response Framework
Technology Association of Oregon

Don't be a target - create a do-it-yourself plan instead...

If you use technology in your day to day operations (and who doesn't), join us on the morning of Wednesday, April 6th for its first of four events on mitigating the risks of business impacts through cybersecurity. Network with peers, learn from subject matter experts and walk away with the foundation for an incident response framework for yourself and your organization.

Our four-part series will include: -alignment to the NIST Cybersecurity Framework -guidance from Cybersecurity subject matter experts - representing both private and public sectors -individual support for customizing an incident response framework for you/your organization -connectivity to peers in a safe environment for building a scalable plan that will positively impact your entire organization

This event is the kickoff to a four-part series hosted by the Tech Leadership Community around the topic of Cybersecurity. Each event will provide building blocks to help guide a do-it-yourself incident response framework for your team and entire organization. Whether you attend one event by yourself, bring your peers to the entire series, or any other combination, the subject matter experts selected for each event will provide individual guidance on the final framework for you/your company.

Our first event will focus on scalable incident response with guidance from the following leads:

Subject Matter Experts: Jerry Holcombe, Online Business Systems Dennis Tomlin, Multnomah County

Incident Response Team: David Neufeld, Online Business Systems Lance Kidd, High Strategy Consulting, LLC

Thank you to our series sponsor, Neudesic!

Tickets available here: https://www.techoregon.org/events/build-your-incident-response-framework

Website
Tuesday
Apr 26, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Monday
May 23, 2016
OWASP: Scanning APIs with OAS 2.0 (Swagger)
New Relic

Scanning APIs with OAS 2.0 (Swagger):

The Open API Specification is a relative newcomer in the history of web service interface documentation. It stands apart from its predecessors by not tying itself to a specific vendor technology, and aims to embrace all forms of RESTful HTTP. Leveraging this powerful specification for automated scanning of APIs will save time by providing a straightforward mechanism to evaluate APIs without having to proxy traffic or manually build attack vectors.

Topics covered

  • What is the OpenAPI Specification (Swagger)
  • How Swagger/REST relates to SOAP/XML
  • Tools for converting to/from swagger to 'X'.
  • Scanning a simple RESTful JSON based API with Swagger
  • Swaggering the SDLC.

Speaker

Scott Davis
Rapid7
Application Security Researcher
Portland, Oregon Area

Scott has been developing software professionally for over 15 years in a variety of contexts and technologies including wireless sensor networks, robotics, migration modeling & visualization, ERP, interactive projection art, product development and security services. Scott has spent as many years focusing on the security aspects of these technologies, and has leveraged this background to lead the engineering security team at Webtrends for several years. Currently, he serves as Application Security Research for Rapid7.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Tuesday
May 31, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Thursday
Jun 2, 2016
TechJunction
Hilton Eugene

F2F Events, Inc. (F2F) produces CPE-accredited educational conferences for IT professionals focusing on the latest developments in information security, IT infrastructure and communications. F2F’s TechJunction conference series is dedicated to providing both attending delegates and sponsors a strong return on their investment of time and resources. With a “by invitation-only” format, cutting-edge content, interactive labs & exhibits, and other complimentary delegate benefits (coffee, lunch, cocktails; etc.) TechJunction has earned the reputation as “THE technology conference” for IT professionals across the country.

Website
Wednesday
Jun 8, 2016
Risk Assessments, Initial & Ongoing
The Eliot Center

If you use technology in your day to day operations (and who doesn't), join us on the morning of Wednesday, June 8th for our second of four events on mitigating the risks of business impacts through cybersecurity.

Part two of the series will focus on risk assessment, both initial and ongoing. A hand selected subject matter expert will lead our session with a broad overview on assessments that will benefit both junior and senior level IT professionals. Selected panelists will share real life scenarios on the successes and challenges they have faced in preparing for and conducting risk assessments for their business.

Questions to be answered during this session:

-What are the impacts to your business and your role specifically if there is a security breach? -Is it lost revenue, lost brand equity, lost job, etc? -What is the first step in getting a risk assessment? -What are the best tools in conducting self / internal assessments? -When assessing risk, which threats are higher in the risk hierarchy - internal or external? -How does BYOD impact your risk assessment planning/monitoring?

Panelists - Dave Dyk, Simple Finance Eric Dahl, CorVel Corporation

Moderator Jim Robison, Anitian

Speaker Michael Lines, Cyber Security Advisor

Register here: https://www.techoregon.org/events/security-series-part-2-risk-assessments-initial-ongoing

Thank you to our series sponsor, Neudesic!

Website
Tuesday
Jun 21, 2016
OWASP: Add TAL, improve a threat model!
WebMD

Add TAL, improve a threat model!

To improve your (threat) modeling career, you need a better (threat) agent (library)! Threat modeling is a process for capturing, organizing, and analyzing the security of a system based on the perspective of a threat agent. Threat modeling enables informed decision-making about application security risk. In addition to producing a model, typical threat modeling efforts also produce a prioritized list of security improvements to the concept, requirements, design, or implementation. In 2009, OWASP posted wiki pages on threat modeling. Although there was the start of a section on threat agents, it has yet to be completed.

Intel developed a unique standardized threat agent library (TAL) that provides a consistent, up-to-date reference describing the human agents that pose threats to IT systems and other information assets. Instead of picking threat agents based on vendor recommendations and space requirements in Powerpoint, the TAL produces a repeatable, yet flexible enough for a range of risk assessment uses. We will cover both the TAL, the Threat Agent Risk Assessment (TARA), how they can be used to improve threat modeling.

Speaker

Eric Jernigan
Information Security Architect
Umpqua Bank


Eric Jernigan is an Information Security Architect at Umpqua Bank and focuses on risk assessment, Secure project support, information security governance, and security awareness. Prior to this, Eric He has also served as an information security manager and adjunct instructor at PCC. He has also served as an active duty Information Warfare Analyst in the Air National Guard in support of NORTHCOM/NORAD. He has almost twenty years of intelligence, counter-terrorism, Information warfare, information security, and compliance experience. His current professional certifications include CISM, CRISC, and CISSP, so love him. A staunch privacy advocate, he hates Facebook.



The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Tuesday
Jun 28, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Jul 26, 2016
OCCA: Advanced Network Troubleshooting
Max's Fanno Creek Brew Pub

The Oregon Computer Consultants Association presents Advanced topics in Network Troubleshooting

-Overview of switches/networking devices that offer tcpdump/pcap.
-How a span port works
-Viewing and troubleshooting via Wireshark.
-If time allows, advanced topics such as how to view SSL payloads in Wireshark.

Bio: Eric Hardin has been in IT for over 14 years and has held positions from help desk to Sr. Manager. He has worked for a few large companies in the Portland area and spent two years as a consultant. Currently Eric is a Sr. Manager, Cyber Defense Center at Nike.

Eric enjoys spending time with his family along with coin collecting and woodworking. Eric and his wife Angela have been married for ten years and they have two boys Wesley and Everett.

Website
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Thursday
Jul 28, 2016
OWASP: Social Engineering -- How to Avoid Being a Victim 
Jama Software (New Office)

Social engineering (an act of exploiting people instead of computers) is one of the most dangerous tools in the hacker’s toolkit to breach internet security. The Ubiquiti Networks fell victim to a $39.1 M fraud as one of its staff members was hit by a fraudulent “Business Email Compromise” attack. Thousands of grandmas and grandpas are victim of phishing emails and are forced to pay ransom to have their data released.

In this new millennium, the cyber security game has changed significantly from annoying harmless viruses to stealing vital personal data, causing negative financial impact, demanding ransom, and spreading international political feud. Anyone with presence in the Cyber space has to protect himself/herself, the infrastructure, customers, and also deal with the legal repercussions in the event of a breach. In this talk Bhushan will present the different types of social engineering practices including use of social networks such as Facebook, Twitter, LinkedIn, the bad guys successfully use. The victims can range from the “C” levels (CEO, CFO, CTO) down to the individual contributors in an organization to a grandparent on her laptop. The presentation will also discuss a variety of ordinary but effective measures such as awareness campaign that organizations can take to minimize the risk of breach.


Speaker Bhushan Gupta

A principal consultant at Gupta Consulting LLC., Bhushan Gupta is passionate about the integration of web application security into Agile software development lifecycle. His interests extend to Social Engineering and Attack Surface Analysis. Bhushan worked at Hewlett-Packard for 13 years in various roles including quality engineer, software process architect, and software productivity manager. He then developed a strong interest in web application security while working as a quality engineer for Nike Inc. After 5 years at Nike, he retired and since has been studying various facets of web application security. Bhushan is a certified Six Sigma Black Belt (HP and ASQ) and an adjunct faculty member at the Oregon Institute of Technology in Software Engineering. To learn more about Bhushan, visit www.bgupta.com.


This meeting will be recorded! Feel free to tune in live, or catch the recording later (~24hrs after event).


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Thursday
Aug 25, 2016
OWASP: Node.js Security
Simple

This talk will discuss the current state of Node.js security and the risks of the Node.js ecosystem and what vulnerabilities and patterns have we found in the hundreds of applications and the thousands of modules we have audited.


Speaker

Adam Baldwin

Adam is the team lead at ^Lift Security and he founded the Node Security Project 3 years ago & hasn’t stopped trying to make security a core value of the Node.js community since then. In his free time Adam enjoys doing basically the exact same stuff he does for work, also raising chickens, and spending as much time as possible with his wife and 2 children.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Tuesday
Aug 30, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Sep 14, 2016
Breach, Incident, or Spill: Your Compliance Requirements
The Eliot Center

If you use technology in your day to day operations (and who doesn't), join us on the morning of Wednesday, September 14th for our third of four events on mitigating the risks of business impacts through cybersecurity. Attendance of all 4 events is not required, so we encourage all IT professionals to join us on September 14th!

Cyber security incident management isn't just about a technical response to a breach or spill. Almost every business and government entity handles and stores regulated data and are subject to a complex tapestry of compliance requirements.

Understanding the nuance between events, incidents and breaches is key.

This Technology Leadership event explores incident response focused on compliance reporting. Subject matter experts from RADAR will engage attendees in: -Assessing an incident and the need for compliance reporting -Dinstinguishing between security and privacy incidents -Key components in building a culture of compliance into your organization's incident response

Website
Tuesday
Sep 27, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Friday
Oct 14, 2016
Security BSides Portland
through Oregon Convention Center

Security BSides Portland is the 6th annual BSides event in Portland!

This year we're excited to have Oregon's own tech- and security-savvy Senator Ron Wyden delivering a keynote, plus an amazing lineup of 27 speakers and 9 moderators, 5 hands-on workshops, and several other contests and activities.

Schedule: http://www.bsidespdx.org/schedule

The event is FREE, but register ahead of time to guarantee space: http://bsidespdx.eventzilla.net/ We have PCB badges, T-shirts (including women's sizes!), and bags to give away, but we will be giving them to donors first.


BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration. The Portland and greater Northwest information security community spans a broad spectrum of participation from CISOs, Fortune 100 company security experts, small business system admins, to independent security researchers.

Website
Tuesday
Oct 25, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Nov 2, 2016
OWASP Training Day 2016
Portland State University (PSU) - Smith Memorial Center

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. (Similar training may cost more than 10 times as much in a conference setting.) It will also be a great chance to network with the local infosec community.

For more information on the schedule and how to register, see the main event page.

Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each!


Morning Session


Cyber Hygiene - Critical Security Controls

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.


Introduction to Injection Vulnerabilities

Instructor: Timothy D. Morgan Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

Afternoon Session


Applied Physical Attacks on Embedded Systems, Introductory Version

This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.


Communications Security in Modern Software

Securing communications over untrusted networks is a critical component to any modern application's security. However, far too often developers and operations personnel become tripped up by the many pitfalls of implementation in this area, which often leads to complete failures to secure data on the wire. In this course we discuss how attackers can gain access to other users' communication through a variety of techniques and cover the strategies for preventing this. The course covers specific topics ranging from the SSL/TLS certificate authority system, to secure web session management and mobile communications security. A hands-on exercise is included in the course which helps students empirically test SSL/TLS certificate validation in a realistic scenario.


About OWASP

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Website
Tuesday
Nov 29, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Dec 27, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Jan 18
Pentesting: Find Where Your Systems are Vulnerable
Mozilla

TA3M is back, and we have a great meeting lined up for you!

There have been a number of stories in the news lately about hacking and data breaches, and we all want our personal data to be secure. In order to prevent these attacks on our privacy, an important step is to identify any vulnerabilities in the computer systems that store our private data before those faults can be used to steal the data. And that's where penetration testing comes in. Penetration testing, or "pentesting," is a process of attacking computer systems in order to find security weaknesses so that they can be fixed before criminals and other malicious actors find and take advantage of them.

Please join us for a fascinating presentation that will examine some common computer attacks and preventative steps that we can take to avoid them. Karl Fosaaen, from NetSPI, will talk about working as a pentester and will discuss avoiding exploits in applications and networks and how to counter social engineering attacks.

We'll have snacks, and there will be an opportunity for networking following the talk. We hope to see you there!

Speaker Bio:

Karl is a Managing Consultant with NetSPI who specializes in network and web application penetration testing. With over eight years of consulting experience in the computer security industry, he has worked in a variety of industries and has made his way through many Active Directory domains. Karl also holds a BS in Computer Science from the University of Minnesota. This year, he has spent a fair amount of time digging into the Skype for Business APIs. Prior to that, Karl has helped build out and maintain NetSPI's GPU cracking boxes. Karl has previously spoken at THOTCON, BSidesMSP, BSidesPDX, and DerbyCon. In his spare time, you may see him trying to sell you a t-shirt as a swag goon at DEF CON.

Website
Tuesday
Jan 31
Trends in Cybersecurity
Max's Fanno Creek Brew Pub

Trends in Cybersecurity

The presentation will be a summary of security topics and risks based on notes from 2 cybersecurity presentations from the FBI in Oct. and Nov. 2016. Topics will include:

Tips for selling security
Tips for security audits
Some best practices
Live demonstrations
Cyber attack trends
Mitigating disaster if it occurs

Agenda:

6:00--6:20 Networking
6:20--7:00 No-host dinner
7:00--7:30 Introductions and announcements
7:30--8:30 Main Presentation (followed by Q&A):

Presented by:
David Bowman
Northbridge Secure
Business Development Manager
http://netconnect.co/

David has been working in the technology industry since he was performing child labor maintaining the Dial-Up BBS for his Dad during storms. Having grown up around technology the crowning achievement of his teenage years was finally talking his parents into the Palm Pilot IIIc. He was known to use his "school laptop to write websites during class and nearly didn t graduate high school because his final Project was plagiarized from himself. (yes he sold his Project to a company and got school credit for it at the same time)

David has spent the last 10 years working for companies such as Hewlett Packard, Cisco Systems, and CenturyLink. With a strong background in switching, internet connectivity, and rooms without windows full of technology he comes to us today from Northbridge Secure a company which enables "Work to be an activity not a place."

Website
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Feb 1
CHIFOO Event: Embrace The Chaos
New Relic

CHIFOO presents "Embrace The Chaos: Client Workshops and Getting the Insights You Seek" with Alicia Nagel, Alicia Nagel Creative, LLC!

Engage the client in disruptive and engaging workshops early in website development process to elicit input from key stakeholders who might not otherwise be able to verbalize it. Learn about workshop tools to engage clients to define user personas, develop a wish-list of website features, and define voice for content.

About the Speaker

Alicia (@AliciaNagelCrtv) brings over a decade of experience in marketing strategy and branding. She creates content and makes sure the marketing for her clients is strategically crafted to meet their business goals.

She currently enjoys living in NoPo and takes any chance she can get to visit the many gardens we have within the city.

Come join CHIFOO for our second speaker event for 2017's theme "Thriving in Chaos: Strategies for Good Design".

http://bit.ly/2j998jU

Website
Monday
Feb 13
OWASP Chapter Planning Meeting
Kells Irish Restaurant & Pub

NOTE THE LAST MINUTE VENUE CHANGE!

This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.

Please RSVP if you plan on showing up. Just shoot an email to

( tim DOT morgan AT owasp DOT org )

Some of the topics we expect to discuss at this meeting:

  • Training day recap
  • Leadership roles and committments
  • Upcoming chapter meetings
  • YOUR ideas

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
Feb 28
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Mar 18
Intermediate Digital Privacy & Security
Free Geek

You already know a few online safety practices, but you’d like to go further! Learn how your digital connections can be traced, how encrypted communication works, and get tools for browser, email and mobile privacy.

Website
Advanced Digital Privacy & Security: Wi-Fi Security
Free Geek

Learn the essentials of protecting your home wifi network. Prerequisite: Must be familiar with basic networking. Bring your own computer.

Website
Monday
Mar 27
OWASP/AngularJS combined: Boosting the Security of Your Angular Application
Cambia Health Solutions

This month PDX OWASP is joining forces with the local Angular JS meetup to feature:
Philippe De Ryck, PhD
Web Security Expert @ imec-DistriNet, KU Leuven

Abstract

Angular 2 is hot, and there is a huge amount of information available on building applications, improving performance, and various other topics. But do you know how to make your Angular 2 applications secure? What kind of security features does Angular 2 offer you, and which additional steps can you take to really boost the security of your applications?

In this session, we cover one of the biggest threats in modern web applications: untrusted JavaScript code. You will learn how Angular protects you against XSS, and why you shouldn't bypass this protection. We will also dive into new security mechanisms, such as Content Security Policy. Through a few examples, I will show you how you can use these mechanisms to enhance the security in your client-side context.

Speaker

Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners.

You can find more about Philippe on https://www.websec.be


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Tuesday
Mar 28
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Apr 5
CHIFOO Event: Bottom Up Security: Doing Your Part to Secure The Future
New Relic

CHIFOO presents "Bottom Up Security: Doing Your Part to Secure The Future" with Chris Berg, Firemaple Industries!

Everyday we hear more about another big hack. First Target, then the DNC, then the NSA. Secure software and infrastructure seems impossible, so what can we do? Come to this session to learn how to make security more accessible by making it part of the software and product development process.

About the Speaker

Christopher Berg (@thechrisberg) is a consultant who has spent over 16 years supporting enterprise and startup software development teams as an engineer, architect, instructor, and advisor. He provides guidance to cross-functional teams to bridge the gap from financial success to mature product with security, architecture, and process improvement instruction and implementation.

Come join CHIFOO for our fourth speaker event for 2017's theme "Thriving in Chaos: Strategies for Good Design".

http://bit.ly/2iJtOi8

Website
Saturday
Apr 15
Advanced Digital Privacy & Security: Online Anonymity
Free Geek

Join us to understand the mechanics of being truly “anonymous” on the internet and try out various tools for being anonymous. Prerequisite: Must be familiar with basic security and privacy best practice. Bring your own computer.

Website
Thursday
Apr 20
Portland ISSA Cloud Symposium
Nike Victory (EDO)

Please join ISSA Portland April Symposium presenting the topic of: Cloud Security Symposium

You can register at the link below until end of day Tuesday April 18, 2017 for the early registration pricing.

https://www.eventbrite.com/e/issa-portland-april-2017-cloud-security-symposium-tickets-33123690851?ref=ecal

Space is limited, so please register soon.

When: Thursday – April 20, 2017 – 8:30am to 1:30pm

Agenda:

8:30am – Doors open 9 AM – Case Study: Implementing CASB @ Deloitte Paul Sukhu, Senior Manager | Cyber Risk Services
10 AM – Cloud Automation & Security Bots - DivvyCloud - Jeremy Snyder
11AM - Container Security – Twistlock - Joshua Thorngren 12-12:30 PM – Lunch Is Served 12:30-1:30 PM – Micros-Segmentation (Speaker TBD)

Where:

Nike Victory (EDO) 15475 SW Koll Pkwy Beaverton, OR 97006

Price: The chapter meeting is subsidized by chapter memberships and sponsors. There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $30 at the door. If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/ for additional details.

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Sponsors: ISSA Portland would like to thank our program sponsors, who help make high quality programs like this possible.

Platinum Sponsor: Vectra GOLD Sponsor: Optiv, Tenable, Netskope SILVER Sponsor: FireEye, RiskIQ, OBS

Additional information can be found on our website at: http://portland.issa.org/

Saturday
Apr 22
Advanced Digital Privacy & Security: Wi-Fi Security
Free Geek

Learn the essentials of protecting your home wifi network. Prerequisite: Must be familiar with basic networking. Bring your own computer.

Website
Tuesday
Apr 25
OWASP: Software Composition -- the other 95% of your app's attack surface
New Relic

Abstract

Nobody really writes their own code any more, right? We go out to GitHub and download some libraries for our favorite language to do all the hard things for us. Then we download half a dozen front end frameworks to make it all pretty and responsive and we’re off to the races. In my review I’ve found that more than 90% of the code that makes up an app these days is something we borrowed, not wrote ourselves. Now most of us scan our own code for flaws with Static Analysis tools, but what about all the stuff we didn’t write? How do we know what’s actually in there? I’ll tell you how to find out and keep track of what’s in there, and how to avoid getting pwned because you let a nasty in the back door with that whiz-bang library that does the really cool thing you couldn’t live without.

Speaker

Jeremy Anderson
Cambia Health Solutions

Jeremy Anderson is a Secure Software Architect and CSSLP, with experience developing software solutions for numerous fortune 500 companies for almost 20 years. In 2014 he had a run in with InfoSec that spurred him into action as an AppSec superhero where he’s worked for HP then Veracode. Since early 2016 he’s been working with Cambia Health Solutions, bootstrapping and scaling an Application Security program from the ground up supporting hundreds of developers for dozens of applications. He’s passionate about not just finding security defects, but training ninjas to destroy them.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
May 17
Erlang/Elixir Meetup
Househappy

The Secure Remote Password Cryptor (SRPC) addresses mobile app security in a post web-app world. SRPC provides HTTPS quality security without the explicit transfer of trust inherent in using HTTPS with PKI. SRPC is immune to HTTPS Man-in-the-Middle issues and also provides many features out-of-scope for HTTPS.

SRPC requires a pair of libraries, one on the client device and one on the server. To create an easy way for mobile app developers to try SRPC, I've built a Erlang OTP system that acts as an SRPC tunnel to an "unaltered" HTTP server. The system is comprised of:

  • srpc_lib: Low-level functionality
  • srpc_srv: The SRPC protocol
  • srpc_elli: An Elli layer to expose srpc_srv to an elli app

There are two optional pieces:

  • srpc_elli_proxy: Proxies request to the "unaltered" HTTP server
  • srpc_elli_lager: Lager module

Finally, I have a test system for testing the iOS framework (Android is underway):

  • srpc_elli_test: Test implementation

Presented by Paul Rogers, an independent software engineer with many years of development experience across multiple platforms using a number of different computer languages. He has a Master of Science in Mathematics, which helps him dig into the internals of cryptography, and a Master of Science in Physical Oceanography.

This will likely be a small talk, with room for additional mini talks.

Website
Monday
May 22
OWASP: What the experts say about Web Application Security - A Panel Discussion
Jama Software (New Office)

We are often encountered with making non-trivial decisions about Appsec. Participate in an exciting open discussion with the experts on the following (and more) aspects of Appsec:

  • Challenges in establishing a Secure SDLC
  • Growing pains with increased need for security
  • Critical things to focus on for an effective security/Appsec program
  • Effectiveness and use of developer training on Appsec
  • Relevance of OWASP top 10 in today's security landscape?

Bring your burning questions to ask the panel and take this opportunity to share your experiences with others.

Panel Member's Bio:

Brian Ventura – Security Architect at the City Of Portland focused on Information Security program management, Brian also is a SANS Instructor and ISSA education director.

Ian Melven - Ian has worked in the security field for over 15 years in various roles at companies such as @stake, McAfee, Adobe and Mozilla. He currently leads product security at New Relic.

James Bohem - James is the Chief Security Architect at WebMD Health Services in Portland, OR. For the last 16 years he has held Information Security architect and consulting positions, with experience in application security, architecture and compliance strategy across healthcare, technology, retail, financial and manufacturing industries. Before focusing on security, he was a software developer and architect on the UNIX kernel, microkernels, distributed applications and standards development.

Eric Jernigan – Eric is the IT Security Manager at Genesis Financial Solutions and has broad security experience in financial industry.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
May 30
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Jun 14
How Does the Internet Work?
Hatch

Frontend, Backend, DevOps! Server-side rendering! SSL and HTTPS and SQL injection?! What the heck does all this jargon actually mean? If you're in a leadership position and you need to fill a tech role, it can be hard to know up from down. If your software engineer tells you to pay for an expensive service "for security reasons", how do you know whether its worth your money?

In this workshop, we'll answer the question "how does the internet work" from a Helicopter's perspective. You don't need any programming skills to attend, but be sure to come with questions! By the end, you'll understand the following concepts and how they fit together:

  • The difference between websites, apps, and servers
  • Cybersecurity hygeine (and how to avoid being hacked)
  • Common software developer job descriptions
  • Basics of computer programming (bring a laptop if you want!)

Tickets: Free for Hatch Members, $20 for non members

Workshop Leader: Finn Terdal, Technology Manager at Hatch

Website
Saturday
Jun 17
Create Your Own Firewall
Free Geek

Protect your computer from outside attacks. How? Learn to install and configure a firewall. This workshop will cover essential rules and best practices for set-up. Bring your own computer.

Website
Monday
Jun 19
OWASP: Cheating a Hacking Game for Fun and Profit
WebMD

Abstract

All modern software, but the most trivial one, relies on common libraries to perform routine work. Your software may be bastion of security, exhaustively tested and evaluated, but once a vulnerability is discovered in a library you depend on, all bets are off. These large and pervasive vulnerabilities quickly become popular targets, exploited by everybody from script kiddies, to professional hackers, to state actors. It is no surprise that the use of vulnerable libraries is included in the OWASP Top 10 list. The Australian Signals Directorate (ASD) lists patching operating systems and applications as two of their top four strategies to mitigate security incidents!

During a recent hacking game, we've identified and exploited a vulnerability not anticipated by the developers. One little crack in a widely used library gave us the footing we needed to construct an attack chain of remote code execution, file upload, data exfil, source code disassembly, and branching into a private network, all despite extremely high level of hardening on the target from unintended attacks. We'll share with you how a safe and fun library exploitation can be in the confines of a hacking game, and how there are serious implications for your corporate applications where the stakes are much higher.

Speakers:

Alexei Kojenov is a Senior Application Security Engineer with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications.

Alex Ivkin is a senior security architect with experience in a broad array of computer security domains, focusing on Identity and Access Governance (IAG/IAM), Application Security, Security Information and Event management (SIEM), Governance, Risk and Compliance (GRC). Throughout his consulting career Alex has worked with large and small organizations to help drive security initiatives and deploy various types of enterprise-class identity management and application security systems. Alex is an established and recognized security expert, a speaker at various industry conferences, holds numerous security certifications, including CISSP and CISM, two bachelor’s degrees and a master’s degree in computer science with a minor in psychology.

Website
Tuesday
Jun 27
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Jul 15
Create a Security Center for your Home
Free Geek

You’d be surprised to see how insecure the default settings for many of our home technologies are! Join us for a workshop to learn how to step up the security of your home computer, wifi network, and more. Bring your own computer.

Website
Tuesday
Jul 25
OWASP: How Billion Dollar Enterprises Manage Application Security at Scale
New Relic

Abstract: Security Compass recently completed a research study by surveying companies across multiple industries with the goal of discovering how large, complex organizations address application security at scale. The majority of respondents surveyed were multinational organizations who reported annual earnings greater than $1 billion USD. Through this new research study, we have gleamed novel insights on how large organizations manage application security at scale. Through this presentation, we will reveal aggregated insights, industry trends, and best practices that illuminate how organizations are addressing application security at scale, so that you may apply and compare these learnings to the state of application security at your own organization.

Speaker: Rohit Sethi - Chief Operating Officer, Security Compass

Rohit Sethi joined Security Compass as the second full-time employee. As COO, Rohit is responsible for setting and achieving corporate objectives, company alignment and driving strategy to execution. Previous to this role, he managed the SD Elements team. Rohit specializes in building security into software, working with several large companies in different organizations. Rohit has appeared as a security expert on television outlets as such as Bloomberg, CNBC, FoxNews, and several others. He has also spoken at numerous industry conferences and/or written articles on major websites such as CNN.com, the Huffington Post and InfoQ.

Website