Viewing 3 current events matching “security” by Date.

Sort By: Date Event Name, Location , Default
Friday
Jun 7
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Friday
May 3
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Friday
Apr 5
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website

Viewing 339 past events matching “security” by Date.

Sort By: Date Event Name, Location , Default
Thursday
Jul 31, 2008
IP3's “Strategy to Reality: Don’t Look Back”
through Portland State University (PSU) - Smith Memorial Center

On July 31 & August 1, 2008, Portland State University is hosting IP3, Inc. for a comprehensive Information Assurance and Information Technology Security seminar. Ken Kousky, CISSP and CEO of IP3 (and former president of Wave Technologies, a NASDAQ publicly-traded company) will present “Strategy to Reality: Don't Look Back”, the nation’s leading IT security forum addressing issues on the cutting edge of compliance, information assurance, human capital and risk management. Go to http://www.ip3seminars.com to read our brochure.

During this two-day lecture style seminar for CEO's, Risk Management IT Executives, CPAs, Physical Security Professionals, IT Auditors, Forensic Specialists, IT professionals and students entering the IT field, you will learn about how the technologies, threats and deployment environments have changed, even since 2007.

Website
Thursday
Aug 21, 2008
From Pointy Hair to Curly Tie... Surviving Project Management
Online

This presentation will take a light-hearted approach to the challenges a QA Manager faces while illustrating techniques that can improve product quality and communication from management to testers.

Speaker Keith Meyer, Lab Director, nResult, Inc.

Thank you to our 2008 Series Sponsors: McAfee & nResult.

Website
Wednesday
Mar 18, 2009
CanSecWest
through

CanSecWest is a yearly computer security conference in Vancouver which focuses on new and applied research. It is perhaps most famous for the "pwn2own" competition which pits various vendor's software against each other with cash prizes for the first to be exploited.

Website
Thursday
Apr 23, 2009
NW ISSA Security Conference

The NW ISSA Security Conference is part of a continued ambitious community outreach program for ISSA-Oregon Chapter. The goal of our program is to provide decision makers, stakeholders, and professionals with the knowledge and understanding they need to more effectively secure their organization’s sensitive information and comply with emerging information privacy laws and regulations.

Travel budgets cut, but still want the professional development in 2009? Want 7 CPE Credit Hours for less than $65? Don’t miss this local, but quality conference for security

Topics for 2009 include:

  • Future Security Implications of Cloud Computing & Social Media
  • Botnets and the Army of Darkness
  • Windows 7.0 Sneak Peek
  • Implementing the SDL to Improve Organizations’ ROI
  • Leveraging e-Discovery to Keep Security Funding
  • Much more
Website
Friday
Sep 18, 2009
Building Systems That Enforce Measurable Security Goals
Galois, Inc

The next talk in the Galois Tech Seminar series:

[Note the Friday date, instead of the usual Tuesday slot!]

  • Date: Friday, September 18th, 2009
  • Title: Building Systems That Enforce Measurable Security Goals
  • Speaker: Trent Jaeger
  • Time: 10:30am - 11:30am
  • Location: Galois, Inc. 421 SW 6th Ave. Suite 300; Portland, OR 97204

For details (including an abstract and speaker bio), please see our blog post: http://www.galois.com/blog/2009/09/10/jaegermeasurablesecurit/

An RSVP is not required; but feel free to drop a line to [email protected] if you've any questions or comments.

Levent Erkok

Website
Tuesday
Jan 19, 2010
Portland OWASP Chapter Meeting
U.S. Bancorp Tower

We'll meet in the Morrison room on the third floor. Stop at the security desk up front if you have any problems, or give me a call (801-372-9378).

Travis Spencer has offered to give us a talk about SAML, federation, and identity.

For notices on future meetings, please sign up on the Portland OWASP mailing list (low volume): https://lists.owasp.org/mailman/listinfo/owasp-portland

Website
Thursday
May 6, 2010
InnoTech Oregon Technology Conference & Expo

InnoTech is the region's largest business to business technology conference and expo happening May 6. Over 1500 business and technology professionals will attend this year. Special events include the NW CIO Summit, NW ISSA Security Symposium, Microsoft Technology Symposium, eMarketing Summit, Mobile Track and much more.

Website
Thursday
Apr 21, 2011
NW ISSA Security Summit

Hosted by the ISSA – Portland Chapter, the NW ISSA Security Summit, held in conjunction with InnoTech Oregon, returns April 21st to the Oregon Convention Center. Join us for this one-day, in-depth conference that highlights the latest in the IT Security landscape. If you only go to one conference this year, make this the one!

The NW ISSA Security Summit will feature three (3) distinct conference tracks: 1) Business

2) Application Development

3) Technology

Each track will be comprised of top notch sessions from leading industry professionals. Whether you are an application developer, security manager, IT manager, engineer, auditors, CISO, CTO, Project Manager, or just simply interested in the security sector, the Summit is meaningful to you. Mark your calendars for April 21st and we’ll see you there! Go to www.nwsecuritysummit.com to REGISTER and more information.

Website
Tuesday
Aug 30, 2011
Galois Tech Talk: Leveraging Emerging Storage Functionality for New Security Services
Galois, Inc

Presented by Kevin Butler

The complexity of modern operating systems makes securing them a challenging problem. However, changes in the computing model, such as the rise of cloud computing and smarter peripherals, have presented opportunities to reconsider system architectures, as we move from traditional "stove-pipe" computing to distributed systems. In particular, we can build trustworthy components that act to provide security in complex systems.

This talk discusses how new disk architectures may be exploited to aid the protection of systems by acting as policy decision and enforcement points. We prototype disks that enforce data immutability at the block level on critical system data, preventing malicious code from inserting itself into system configuration and boot files. We then examine how storage may be used to ensure the integrity state of hosts prior to allowing access to data, and how such a design improves the security of portable storage devices. Using continual measurements of system state, we show through formal reasoning that such a device enforces guarantees that data is read and written while the host is in a good state. Finally, we discuss some recent initiatives to assure the identity of the host and identify future directions for exploring the interface between storage and operating system security.

Website
Friday
Nov 18, 2011
Microsoft IT Camp
Microsoft Portland

Join us for an informal event where the true agenda is up to you! The camp leader (Chris E. Avis - IT Evangelist/Microsoft) will lead off with a brief intro to the camp then open the floor up for discussion topics. We will then work through those topics until the end of the session (or until we just get tired of talking!).

This will be very interactive and works best with participation from everyone. We look forward to having you join us for this new informal event.

Website
Wednesday
Mar 14, 2012
CHIFOO presents: "Security *IS* a Game: Using the Blender Game Engine for Security" with Jeff Bryner $5
ISITE Design

SecViz.org is a great resource for security visualizations, but most suffer from a lack of interactivity. Completing kinectasploit for DEFCON19 made me realize the utility of game engines for interacting with security tools and security information. Jeff will start with a recap/encore performance of kinectasploit (http://p0wnlabs.com/defcon19), which uses gestures to drive a first-person shooter 3D game environment to break into computers on victim virtual machines. Then using the same technology, Jeff will walk through a couple scenes using standard corporate security data in a 3D, kinect-driven environment made possible by the blender game engine.

Kinect and gestures are two of the most prevalent game-changing technologies to affect user interfaces since the keyboard and mouse. Applying these tools to real-world data is challenging, fraught with pitfalls, and a heck of a lot of fun! Let’s discover the boundaries of current technology by pushing it until it fails!

Website
Thursday
May 3, 2012
InnoTech Oregon
Oregon Convention Center

Coming May 3rd, the 9th Annual InnoTech Oregon offers a unique opportunity for business and technology leaders to educate themselves about current trends and discover new, successful, innovative best practices. InnoTech focuses on the innovative uses of both mainstream and locally developed technologies to grow and enhance your business operations. More information is available at www.innotechoregon.com.

InnoTech is also hosting the NW CIO Summit & IT Executive of the Year Awards, NW ISSA Security Conference and the eMarketing Summit. See you there!

Website
Portland Linux/Unix Group: OpenBSD
PSU Maseeh Engineering Building

OpenBSD by Bryan Linton

OpenBSD is a free *nix-like operating system that focuses on security, correctness and developer freedom. With only two remote holes in the default install in over 10 years, OpenBSD has a reputation of being one of the most secure operating systems in common use.

This talk will present a basic overview of what OpenBSD is, and will heavily emphasize what its strengths are. It will also cover the various methods OpenBSD uses to remain secure.

With OpenBSD 5.1 arriving May 1st, we will also discuss some of its new features and improvements.

Many of us will go to the The Lucky Lab Northwest Beer Hall at 1945 NW Quimby after the presentation.

Website
Sunday
Jul 1, 2012
OWASP FLOSSHack - Ushahidi
Free Geek

FLOSSHack is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing.

This first ever FLOSSHack event will be focused on the Ushahidi platform. Stay tuned for more details in the coming weeks.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Thursday
Aug 2, 2012
Galois Tech Talk: Comprehensive Analysis of the Android Ecosystem
Galois, Inc

Presented by Iulian Neamtiu.

The relative novelty and rapid evolution pace of the Android ecosystem (platform, vendor-installed apps and third-party apps) means both the platform and apps receive little scrutiny. Hence there is a need for tools that assess, monitor and verify all components of the Android ecosystem. This lack of tools and scrutiny is particularly problematic when combined with the open nature of Google Play, the main app distribution channel.

In the first part of this talk we will focus on multi-layer profiling of Android apps using ProfileDroid, a tool and framework we developed at UC Riverside. ProfileDroid is useful for a variety of Android app analyses, from performance to usability to security. ProfileDroid monitors and correlates the behavior of an app at four layers: (a) static, or app specification (b) user interaction, (c) operating system, and (d) network layer. Using ProfileDroid on 27 free and paid Android apps, we have revealed: (a) discrepancies between the app specification and app execution, (b) free versions of apps could end up costing more than their paid counterparts, due to an order of magnitude increase in traffic, (c) most network traffic is not encrypted, (d) apps communicate with many more sources than users might expect.

In the second part of the talk we will present results from our long-term permission evolution study of the Android ecosystem---platform and 237 apps---over three years. We found that the platform has increased the number of dangerous permissions and does not move towards finer-grained permissions, and that app developers do not follow the principle of least privilege. We will also briefly discuss our efforts with static information flow tracking for Android apps, as well as building a log-and-replay system for Android.

Website
Wednesday
Aug 22, 2012
OWASP Chapter Meeting
Portland State University Fourth Avenue Building (FAB)

Double Feature! For this chapter meeting, we have two protocol-oriented talks at PSU. Basic refreshments will be provided.

Kevin P. Dyer presents:
What Encryption Leaks and Why Traffic Analysis Countermeasures Fail

As more applications become web-based, an increasing amount of client-server interactions are exposed to our networks and vulnerable to Traffic Analysis (TA) attacks. In one form, TA attacks exploit the lengths and timings of packets in a protocol's flow to infer sensitive information about communications. In the context of encrypted HTTP connections, such as HTTP over SSH, this means an adversary can determine which website a user is visiting. In the context of a specific web application, an adversary can determine user input by viewing only a few client-server interactions.

Recent advances in the application of Machine Learning tools demonstrate that TA attacks are possible despite industry-standard encryption such as TLS, SSH or IPSec. What is more, even if a protocol uses stronger countermeasures, such as fixed-length per-packet padding, this incurs significant overhead but only provides limited security benefit. These types of security vs. efficiency trade-offs are of immediate concern to security-aware applications such as Tor, and performance-sensitive application features such as Google Search Autocomplete.

In this talk, Kevin will address the state-of-the-art TA attacks and proposed countermeasures in the context of network and web application security. Most importantly, he will discuss open problems in this area and why a general-purpose TA countermeasure remains elusive.

Timothy D. Morgan presents:
HTTPS, Cookies, and Men-in-the-Middle: Why You Shouldn't Allow Marketing Departments to Design Your Security Protocols

Login session management in modern web applications is largely dominated by use of HTTP cookies. However, HTTP cookies were never designed for secure applications, which has led to a significant number of protocol security problems.

In this talk, Tim will start with a brief background on why HTTP cookies are a poorly-conceived mechanism to begin with, and continue with a discussion of how this impacts security. He will describe several lesser-known cookie-based session management problems that remain wide spread and allow for session hijacking through a variety of clever attacks.


Kevin P. Dyer is a PhD student at Portland State University. His research focuses on building protocols that are resistant to Traffic Analysis attacks. Prior to his academic life, Kevin worked as an engineer on various projects in telecommunications security, web security and network security. Kevin holds an MSc in the Mathematics of Cryptography and Communications from Royal

Holloway, University of London, and a BS in Computer Science and Mathematics from Santa Clara University.

Timothy D. Morgan is a consultant at Virtual Security Research, LLC (VSR). As an application security specialist and digital forensics researcher, Tim has been taking deep technical dives in security for over a decade. Tim resides in Oregon and works at VSR where he helps to secure his customers' environments through penetration testing, training, and forensics investigations. His past security research has culminated in the release of several responsibly disclosed vulnerabilities in popular software products. Tim also develops and maintains several open source digital forensics tools which implement novel data recovery algorithms.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Friday
Nov 9, 2012
Security BSides Portland
through Jupiter Hotel

An Information Security conference by the community for the community. It's free to attend and we rely on sponsorship to pay for the venue and other costs. Come mingle with local people interested in cutting edge information security topics to share and learn.

Website
Thursday
Dec 13, 2012
OWASP Chapter Meeting
Collective Agency Downtown

Matthew Lapworth will present a talk on static code analysis.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Chapter meetings are free and open to the public.

Wednesday
Jan 9, 2013
OWASP - How to (FLOSS)Hack
Collective Agency Downtown

Join us for a How to (FLOSS)Hack tutorial, which will introduce several common classes of web application vulnerabilities such as XSS, SQL injection, and XML External Entities flaws. The goal of the session is to bring novice FLOSSHack participants up to speed on how to identify new vulnerabilities that are likely to appear in the target software for this week's FLOSSHack. FLOSSHack is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing.

NOTE: For best results, please bring a laptop to participate in the hands-on exercises.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Sunday
Jan 13, 2013
OWASP - FLOSSHack Returns
Free Geek

FLOSSHack is an experimental workshop project designed to bring together those who want to learn more about "hacking" (secure programming and application penetration testing) with those who are in need of low cost or pro bono security auditing.

The target software for this FLOSSHack event is OpenMRS. For more info, see the event page.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
Apr 30, 2013
Galois Tech Talk: Hardware Security's Hierarchy of Attacks
Galois, Inc

Presented by Joe FitzPatrick.

Generally, there is a very low barrier to entry when it comes to software or network-based attacks due to the fact that actual costs are minimal and most resources are readily available. This does mean that it's generally much easier to attack the software of a system than the hardware, but unfortunately that also leads to overconfidence in, as well as misplaced trust in hardware.

There is a clear 'hierarchy of attacks' in the hardware world. There are costs, often significant, involved in acquiring your hardware 'target' which might be damaged or destroyed in the process. There are a number of useful tools that cost anywhere from a few dollars to a few million dollars. I'll give a couple examples of what's possible within budgets of $100, $10,000, and $1,000,000. I'll point out how many capabilities are much more accessible than most assume, and how vulnerable to sub-$100 attacks most of our 'secure' hardware really is.

Website
Thursday
May 9, 2013
Office 365: The New Office and Rights Management
Microsoft Portland Office (Pearl District)

Topic: Compliance in the Cloud

Looking to learn about how to use the "New Office" – Microsoft Office 365? Concerned with security and compliance? This workshop will focus specifically on the security trust and compliance features included in the new Office 365. At the end of this session, you will be more familiar with its various capabilities and understand how the service uses litigation hold techniques to manage compliance archives and document searches.

At this workshop, we will cover the following topics:

Office 365

  • What is the Office 365 family of products?
  • How does Office 365 licensing work?
  • Business view on using Office 365
  • On-site ROI vs. cloud ROI

Collaboration

  • How you collaborate in the cloud
  • Demonstration: How to use Office 365 collaboration tools

Office 365 Security

  • Office 365 trust and security
  • How do archives work?
  • What is legal hold?

Using Office 365 to protect your business

  • Rights Management Services
  • Document archive - how it works
  • Office 365 encryption options
  • Demonstration: Rights Management Services in Microsoft Outlook

Document discovery

  • How document discovery works
  • SharePoint document discovery site
  • Sampling emails for compliance review
  • Demonstration: Integrated Document Discovery site

Next steps

  • Summary of Office 365 features
  • Moving to Office 365
  • Office 365 Migration offer

Featured Products Business Productivity Online Suite, Lync Online, Microsoft Exchange Online, Office 365, Office Web Apps, Online Services, SharePoint 2013, SharePoint Online

Recommended Audiences Business decision makers, C-level executives, information workers, technical decision makers, etc.

About the Host, KAMIND Inc.
KAMIND Inc. (KAMIND) is an information technology (IT) cloud consultant specializing in Microsoft Office 365 and Windows Intune software. Using these cloud-based services, KAMIND helps organizations refocus their IT resources on projects that generate true business value, reducing overall IT service costs and increasing employee productivity. As a Tier 3 Microsoft Cloud Accelerate Partner and a Black Belt Windows Intune specialist, KAMIND has more than 3,500 seats deployed in more than 250 customer locations.

KAMIND deploys scalable solutions that give each user the flexibility to utilize the cloud in his or her own way. And by integrating these cloud services with an on-site Microsoft Volume License, KAMIND can further leverage Microsoft solutions to improve efficiency and operations and reduce the cost of doing business.

In addition to Microsoft products and services, KAMIND also publishes educational material and hosts frequent seminars to teach local businesses and entrepreneurs about how to access data in the cloud.

http://www.kamind.net

Website
Office 365 – The New Office and Rights Management
Microsoft Portland Office (Pearl District)

Topic: Collaboration in the Cloud

Looking to learn about how to use the "New Office" – Microsoft Office 365? Concerned with security and compliance? This workshop will focus specifically on the security trust and compliance features included in the new Office 365. At the end of this session, you will be more familiar with its various capabilities and understand how the service uses litigation hold techniques to manage compliance archives and document searches.

At this workshop, we will cover the following topics:

Office 365

  • What is the Office 365 family of products?
  • How does Office 365 licensing work?
  • Business view on using Office 365
  • On-site ROI vs. cloud ROI

Collaboration

  • How you collaborate in the cloud
  • Demonstration: How to use Office 365 collaboration tools

Office 365 Security

  • Office 365 trust and security
  • How do archives work?
  • What is legal hold?

Using Office 365 to protect your business

  • Rights Management Services
  • Document archive - how it works
  • Office 365 encryption options
  • Demonstration: Rights Management Services in Microsoft Outlook

Document discovery

  • How document discovery works
  • SharePoint document discovery site
  • Sampling emails for compliance review
  • Demonstration: Integrated Document Discovery site

Next steps

  • Summary of Office 365 features
  • Moving to Office 365
  • Office 365 Migration offer

Featured Products:

Business Productivity Online Suite, Lync Online, Microsoft Exchange Online, Office 365, Office Web Apps, Online Services, SharePoint 2013, SharePoint Online

Recommended Audiences:

Business decision makers, C-level executives, information workers, technical decision makers, etc.

About the Host, KAMIND Inc.

KAMIND Inc. (KAMIND) is an information technology (IT) cloud consultant specializing in Microsoft Office 365 and Windows Intune software. Using these cloud-based services, KAMIND helps organizations refocus their IT resources on projects that generate true business value, reducing overall IT service costs and increasing employee productivity. As a Tier 3 Microsoft Cloud Accelerate Partner and a Black Belt Windows Intune specialist, KAMIND has more than 3,500 seats deployed in more than 250 customer locations.

KAMIND deploys scalable solutions that give each user the flexibility to utilize the cloud in his or her own way. And by integrating these cloud services with an on-site Microsoft Volume License, KAMIND can further leverage Microsoft solutions to improve efficiency and operations and reduce the cost of doing business.

In addition to Microsoft products and services, KAMIND also publishes educational material and hosts frequent seminars to teach local businesses and entrepreneurs about how to access data in the cloud.

http://www.kamind.net

Website
Tuesday
Jul 2, 2013
OWASP Chapter Meeting
Portland State University Fourth Avenue Building (FAB)

Kevin P. Dyer presents:

P0wning DPI with Format-Transforming Encryption

Deep packet inspection (DPI) technologies provide much-needed visibility and control of network traffic using port- independent protocol identification (PIPI), where a network flow is labeled with its application-layer protocol based on packet contents. In many cases PIPI can be used for good. As one example, it allows network administrators to elevate priority of time-sensitive (e.g., VoIP) data streams. In other cases PIPI can be used for harm, nation-states employ PIPI to block censorship circumvention tools such as Tor. There are many ways to perform PIPI, however, at the core of nearly all modern PIPI systems are regular expressions --- an expressive tool to compactly specify sets of strings.

In this talk, Kevin reviews the state-of-the-art research on the capabilities of state-level DPI, then presents a novel cryptographic primitive called format-transforming encryption (FTE.) An FTE scheme, intuitively, extends conventional symmetric encryption with the ability to transform the ciphertext into a user-defined format using regular expressions. An FTE-based record layer will be presented that can encrypt arbitrary TCP traffic and coerce modern DPI systems into misclassifying any data stream as a target protocol (e.g., HTTP, SMB, RSTP, etc.) of the user's choosing. What's more, this work is not only theoretical in nature --- an open-source FTE prototype is publicly available and has had success in subverting modern DPI systems, including the Great Firewall of China.

PSU is kindly providing coffee, tea, and cookies for us.


Kevin P. Dyer is a PhD student at Portland State University. His research focuses on building protocols that are resistant to traffic-analysis attacks and discriminatory routing policies.. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science and Mathematics from Santa Clara University.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Thursday
Jul 11, 2013
Portland Linux/Unix Group: Physical Security and Surveillance
PSU Maseeh Engineering Building

Steve Pasco will be discussing many aspects of physical security and the realities of our emerging surveillance culture.

Steve is a seasoned Telecommunications and security professional, with more than 27 years experience, capable of managing and maintaining operational oversight of global, enterprise wide facilities and security command and control centers. Proficient in establishing policies, procedures, standards, and personnel training programs. A Telecommunications security expert in CALEA and J-STD-25 protocols. Expert in Security Systems, Access Control, Alarm Monitoring Video Surveillance, Asset Monitoring, Tracking and Protection. Operational experience in running 24/7 Command Control and Communications system with emphasis on Intelligence (C3I).

Many will head to the Lucky Lab NW after the meeting

Website
Monday
Jul 15, 2013
Portland's Techno-Activism 3rd Monday
Puppet

Note: This event is free but please RSVP at http://ta3m-pdx-2.eventbrite.com

What is it?

This is the second Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation will organize this and future TA3M Portland events. Puppet Labs is generously providing space.

Event Description

We're excited to have Kees Cook chat with us this month. He will most likely be talking about digital surveillance and physical privacy. A little more about him: Kees Cook has been working with Free Software since 1994, and has been a Debian Developer since 2007. He is currently employed by Google to work on Chrome OS Security. From 2006 through 2011 he worked for Canonical as the Ubuntu Security Team's Tech Lead, and remains on the Ubuntu Technical Board. Before that, he worked at OSDL where he helped admin the mirrors at kernel.org, and sometimes hacked on Inkscape. He has written various utilities including GOPchop and Sendpage, and contributes randomly to other projects including fun chunks of code in Wine, MPlayer, OpenSSH,and Wireshark. He's been spending most of his time lately focused on security features in the Linux Kernel.

Website
Tuesday
Jul 30, 2013
CryptoParty PDX
Theo's Restaurant

CryptoParty is a grassroots global endeavour to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, TrueCrypt, Linux, and virtual private networks to the general public.

This is a free skill-sharing event with other Cryptography and Privacy technology experts, working along side and sharing information with people new to Crypto and Privacy.

Everyone is welcome regardless of experience, bring a Laptop if you have one, if not, bring a USB thumbdrive, a pen and a pad of paper.

If you want to learn about how to encrypt your files and communicate securely, this is the event to come to!

Look for the people with laptops.

Website
CryptoParty PDX
Theo's Restaurant

CryptoParty is a grassroots global endeavour to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, TrueCrypt, Linux, and virtual private networks to the general public.

This is a free skill-sharing event with other Cryptography and Privacy technology experts, working along side and sharing information with people new to Crypto and Privacy.

Everyone is welcome regardless of experience, bring a Laptop if you have one, if not, bring a USB thumbdrive, a pen and a pad of paper.

If you want to learn about how to encrypt your files and communicate securely, this is the event to come to!

Look for the people with laptops.

Website
Sunday
Aug 18, 2013
CryptoParty PDX
Lucky Labrador Brew Pub

CryptoParty is a grassroots global endeavour to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, TrueCrypt, Linux, and virtual private networks to the general public.

This is a free skill-sharing event with other Cryptography and Privacy technology experts, working along side and sharing information with people new to Crypto and Privacy.

Everyone is welcome regardless of experience, bring a Laptop if you have one, if not, bring a USB thumbdrive, a pen and a pad of paper.

If you want to learn about how to encrypt your files and communicate securely, this is the event to come to!

Look for the people with laptops.

Website
Monday
Aug 19, 2013
Portland's Techno-Activism 3rd Monday
Puppet

This event is free, but please RSVP: http://ta3m-pdx-3.eventbrite.com/

What is it?

This is the third Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation will organize this and future TA3M Portland events. Puppet Labs is generously providing space. The folks at OpenITP are providing refreshments.

Event Description

Steve Mancini will be speaking with us about "The impact of disruptive innovation and privacy on your average hair stylist". A bit about him: After spending way too many years and dollars pursuing college degrees, Steve Mancini eventually had to enter the real world. A trek from the East coast to the West coast landed him a job in large corporation out in the burbs and after a decade+ of working there he has learned a thing or two about computer security, hacking, forensics, and incident response. He’s worn many hats and titles; his current is Harbinger of Doom (no really, it is on his business card).

Demo time! After the talk/Q&A, we will reserve time for folks to demo their favorite security/privacy tech tool. If you would like to be be a demoer, please let us know at [email protected], and we will work you into the schedule.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Aug 27, 2013
RainSec
Lucky Labrador Beer Hall

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Website
Friday
Sep 6, 2013
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's (5th and Couch in between backspace and someday) from around 7pm to midnight. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
Sep 12, 2013
Application Security using OWASP
Thetus Corporation

EVENT INFORMATION

Application security is a moving target, but the Open Web Application Security Project (OWASP) is here in Portland to help you write and deploy applications securely. Speakers James Bohem and Tim Morgan will walk you through all of the free resources made available by OWASP to developers, application architects, and information security professionals.

As an example of how OWASP can help, we'll present some of the finer points of secure web session management, covering the variety of attacks on SSL-protected web traffic if sites are not configured properly. We'll touch on cookies, state management, SSL and some common problems and solutions.

Q&A will follow. Pizza and beverages will be served.

SPEAKER INFORMATION

James Bohem manages the security program at WebMD Health Services, which includes a large web-based application with millions of users, as well as other security technologies and risk management for a 400+ person division of WebMD in Portland. James has 15 years in security consulting with a focus on application security, design and technical compliance with a range of regulations and standards. In addition, he has experience developing large distributed applications, microkernels, the UNIX kernel, and international software systems for open systems.

Tim Morgan has been taking deep technical dives in security for over a decade as an application security specialist and vulnerability researcher. Tim resides in Oregon and works as VSR where he helps to secure his customers' environments through penetration testing, training and forensic investigations. Tim also develops and maintains several open source digital forensics tools, including Bletchley, an application cryptanalysis toolkit.

Website
Monday
Sep 16, 2013
Portland's Techno-Activism 3rd Monday
Puppet

This event is free, but please RSVP: http://ta3m-pdx-4.eventbrite.com/

What is it?

This is the third Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation will organize this and future TA3M Portland events. Puppet Labs is generously providing space. The folks at OpenITP are providing refreshments.

Event Description

Current Events - Research something that happened in the last month that is of interest to TA3M folk, then email [email protected] to be put on the schedule. These should be very short but informative updates.

  • Did we find out that all web cryptography is broken? -- Sean McGregor

Talk by Steve Wyshywaniuk! - Steve is co-founder of Small World News, an organization dedicated to helping people around the world tell better stories through media. For the last seven years he has worked in Afghanistan, Iraq, Egypt, Tunisia, as well as remotely with teams in Libya and Mexico to create content for international audiences. He has a life long passion for using technology as well as a formal education in film and media arts.

Steve will be sharing his experience of what works and fails from a technological and social perspective, and how he and his colleagues are putting their efforts into StoryMaker, an open source android app so that anybody can learn how to create great content.

Demo time! After the talk/Q&A, we will reserve time for folks to demo their favorite security/privacy tech tool. If you would like to be be a demoer, please let us know at [email protected], and we will work you into the schedule.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Sep 24, 2013
RainSec
Madison's Grill (Closed)

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Website
Friday
Sep 27, 2013
Security Bsides Portland 2013
Refuge PDX

ABOUT THE EVENT Each Security BSides event is a community-driven framework for building events for and by information security community members. The goal is to expand the conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Last year's event was a great success that surpassed our expectations. Don't miss the 3rd year of this awesome event!

THE PORTLAND TAKE A gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the infosec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration. The Portland and greater Northwest information security community spans a broad spectrum of participation from CISOs, Fortune 100 company security experts, small business system admins, to independent security researchers.

A DIFFERENT KIND OF EVENT BSides Portland will have a variety of activities to provide an opportunity to network and meet other like-minded individuals. Some of the activities include: Technical and business presentations – our only requirement is that they are engaging and fun! Networking lunch Researcher Demos and community driven information exchange (lockpicking, hardware hacking, and more).

Registration opens at 8am

Website
Friday
Oct 4, 2013
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's (5th and Couch in between backspace and someday) from around 7pm to midnight. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Monday
Oct 21, 2013
Portland's Techno-Activism 3rd Monday
Lucky Labrador Brew Pub

This event is free, but please RSVP: http://ta3m-pdx-5.eventbrite.com/

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation will organize this and future TA3M Portland events. We will host the event at Lucky Lab SE. The folks at OpenITP are providing refreshments.

Event Description

Current Events - Research something that happened in the last month that is of interest to TA3M folks, then email [email protected] to be put on the schedule. These should be very short but informative updates.

Chat! This meeting will be more informal, and a time to chat about the current events related to Techno-Activism, and ideas for future meetings.

Next month - We will be at our usual location in Puppet Labs with Logan Kleier from Portland's government, to talk about the intersection of technology and policy.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Oct 29, 2013
RainSec
Madison's Grill (Closed)

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Website
Wednesday
Oct 30, 2013
OWASP Chapter Planning Meeting
Brix Tavern

This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.

Please RSVP if you plan on showing up. Just shoot an email to

( tim DOT morgan AT owasp DOT org )

Some of the topics we expect to discuss at this meeting:

  • Chapter meetings
  • FLOSSHack events
  • Local/regional conferences and training events
  • Approaches to sponsorship
  • Long term group leadership and governance
  • YOUR ideas

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Friday
Nov 1, 2013
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's (5th and Couch in between backspace and someday) from around 7pm to midnight. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Monday
Nov 18, 2013
(CANCELLED) Portland's Techno-Activism 3rd Monday
Puppet

Due to an emergency, our speaker for this evening cannot make the event. Since so many events are happening in Portland this evening, we recommend you look at the other events on Calagator


This event is free, but please RSVP: http://ta3m-pdx-6.eventbrite.com/

Event Description

Talk by Logan Kleier Talk by Logan Kleier - Logan is the chief information security and privacy officer for the City of Portland. Prior to this role, he worked in the private sector in a variety of product management and marketing roles for software and telecommunications companies. He has a Bachelors of Arts in history and political science and a Masters in public policy from Georgetown University.

The presentation presents a framework to aid government decision makers in the publication of various data sets. While government data is generally presumed to be a public record, this presentation will talk about use cases where it is not as well as grey areas where the law and public sentiment differ on notions of what government data is and isn't private.

What is it?

This is the fifth Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation will organize this and future TA3M Portland events. Puppet Labs is generously providing space.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Nov 26, 2013
RainSec
Madison's Grill (Closed)

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Website
Thursday
Dec 12, 2013
ISSA Portland Holiday Meeting
Embassy Suites Portland-Washington Square Ambassador South Ballroom

Please register to attend the event online: http://www.eventbrite.com/e/issa-portland-holiday-party-tickets-8163746987

When: Thursday, December 12, 2013 from 3:30 to 7:30 (PST)

Location: Embassy Suites Portland-Washington Square Ambassador South Ballroom 9000 SW Washington Square Rd. Tigard, Oregon. 97223

Presentation: Considerations of a Mature Vulnerability management Program In this presentation, Jesika McEvoy with Rapid7 will address best practices for standing up an effective vulnerability management program. Key questions like the following will be answered:

  • What are the roles/responsibilities that are needed to do vulnerability management?
  • What kind of timelines are reasonable in terms of expectations for remediation of a vulnerability after a scanner finds it? Are there industry best practices?
  • When a vulnerability is found that cannot be directly remediated via a patch or configuration change, what should a company do? Are there best practices for various types of mitigating controls that should be considered? What is the role for risk acceptance, and how should risk acceptance be documented and periodically reviewed?
  • How can organizations take the results from traditional network vulnerability scanners, and manual penetration testing engagements from third parties, and static/dynamic application security testing (for example: Veracode) results and manage them all in a comprehensive vulnerability management program.

Cost: $10 (member) / $15 (non-member) / $20 (at-the-door)

CPEs: ISSA meeting are appropriate for CPE credit. The chapter maintains proof of attendance for members but it is the members responsibility to ensure that these CPE's are credited to their respective accounts.

Website
HIPAA Compliance & the Cloud
Brix Tavern

Join EasyStreet and Coalfire for appetizers, beverages and an informal discussion of today's IT security challenges for healthcare organizations.

Our presentation will be under an hour, leaving ample time for meaningful conversation.

Discussion topics:

  • The Omnibus Rule. What you're now legally required to do
  • Distributed Compliance Responsibility. How to identify which compliance pieces belong to you and which belong to your Cloud vendors
  • Managing HIPAA compliance across all players. How to create a strong Business Associates Agreement and manage your Cloud vendors to it
  • The New HIPAA IT Solutions Set. A snapshot of contemporary technologies used to effectively manage HIPAA security to mitigate risk and ensure compliance

Presenters:
Adam Shnider, Managing Director, Coalfire NW Region
Coalfire is a nationally recognized leader in IT compliance with more than 4,000 assessments, including hundreds for healthcare-related organizations. Their expertise extends beyond healthcare providers to include associated financial institutions and service providers that fall under newly implemented regulations.

Steve Knipple, CTO, EasyStreet
Founded in 1995, EasyStreet delivers Cloud Infrastructure, Data Center and Managed Security services to customers running critical IT systems with regulatory requirements including HIPAA and PCI.

The event is free, but space is limited so please RSVP today.

Website
Friday
Jan 3, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's (5th and Couch in between backspace and someday) from around 7pm to midnight. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Monday
Jan 6, 2014
OWASP Chapter Meeting
New Relic

Stephen A. Ridley will be presenting on the vulnerability of mobile applications

UPDATE: New Relic will be providing pizza for attendees. Yum.



Stephen A. Ridley is a security researcher and author with more than 10 years of experience in software development, software security, and reverse engineering. Within that last few years, he has presented his research and spoken about reverse engineering and software security research on every continent except Antarctica. Stephen and his work have been featured on NPR and NBC and in Wired, Washington Post, Fast Company, VentureBeat, Slashdot, The Register, and other publications. Prior to his current work Mr. Ridley previously served as the Chief Information Security Officer of a financial services firm. Prior to that, various information security researcher/consultant roles including his role as a founding member of the Security and Mission Assurance (SMA) group at a major U.S. Defense contractor where he did vulnerability research and reverse engineering in support of the U.S. Defense and Intelligence community. Mr. Ridley calls Portland home and was a recent speaker at the Chaos Communication Congress in Hamburg.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Monday
Jan 20, 2014
Portland's Techno-Activism 3rd Monday
Flux - Plastic Fantastics

This event is free, but please RSVP on Eventbrite (linked above)

Event Description

We plan to do a hands-on meetup, where you will get to learn how to use the internet anonymously using Tor, VPN, etc.

Have a preference about what you want to learn? Want to lead a group in teaching a method? Email us a [email protected] and we'll add you to the agenda.

What should I bring?

  • A willingness to learn or to teach
  • A laptop. If you don't have one, let us know and we can try to scrounge up an extra one for you.
  • A current news story that you want to discuss with the group related to privacy/security/surveillance/censorship (optional)

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

Flux has generously offered to host this month's meetup. Be sure to read their code of conduct (below) before coming to the event. This will ensure that everyone has a great, safe time. The Privly Foundation will organize this and future TA3M Portland events. There will be light refreshments provided.

Flux's Code of Conduct

  1. We are present, awake, and sober.
  2. We listen non-judgmentally to ourselves and to everyone else.
  3. We make mistakes: everything that happens in this space is part of a learning experience.
  4. We speak only out of and about our personal experience and understanding.
  5. When faced with a choice between being curious and being defensive, we choose to be curious.
  6. We clean up after ourselves.
  7. We make things here and consume things elsewhere.
  8. We spend some of our free time here, not most or all of it.
  9. We treat one another as the other would like to be treated. If we don’t know how, we ask.
  10. We respect each others’ personal space and possessions. Specifically, we check in before touching someone or their belongings.
  11. We respect each others’ consent and boundaries. Yes means yes, no means no, maybe means no, and silence is not consent. We accept “no”s without arguing, and say “yes” when we mean yes.
  12. We respect chosen names, pronouns, and genders. If we don’t know how, we ask.
  13. We act from an assumption of mutual respect and good will. We clarify misunderstandings and apologize for harm caused. We assume ignorance and not malice.
  14. We watch out for each other to maintain a respectful and safe community. If we don’t know how, we ask. 15.When people’s conduct falls short of these agreements, we speak with them one-on-one. If matters don’t improve, we address the issue in a small group. If matters still don’t improve after three discussions, we might ask you to leave the space. As a last resort, we may vote to dissolve your membership.

Upcoming Privacy Retreat

Are you passionate about privacy-enhancing technologies? Join us for a Privacy Technology Retreat Februrary 7-10th in Southern Oregon. For more information, please see our latest blog post.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Jan 28, 2014
RainSec
Madison's Grill (Closed)

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Friday
Feb 7, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Monday
Feb 17, 2014
Portland's Techno-Activism 3rd Monday
Mozilla

This event is free, but please RSVP on Eventbrite (linked above)

Event Description

Encryption can be easy! In this meet up we will teach you the basics of encrypting your content, then we will concentrate on making it easy for you to use crypto with **your** environment. Once we help you through the hard part, you'll be able to encrypt messages at home safely without frustration. This is a hands-on meetup with PGP.

Have a preference about what you want to learn? Want to lead a group in teaching a method? Email us a [email protected] and we'll add you to the agenda.

What should I bring?

  • A willingness to learn or to teach
  • A laptop. If you don't have one, let us know and we can try to scrounge up an extra one for you.
  • A current news story that you want to discuss with the group related to privacy/security/surveillance/censorship (optional)

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

Mozilla has generously offered to host and pay for catering. The Privly Foundation organizes the event. Nicholas Restaurant will be providing party platters of hummus, meat grape leaves, and more!

Code of Conduct

Please review our code of conduct before attending the event to ensure a safe and welcoming time for all.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Tuesday
Feb 25, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Friday
Mar 7, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
Mar 13, 2014
Interface Portland Security Conference
Oregon Convention Center

It’s critical to stay current with the technology that runs your organization and secures your operational infrastructure. INTERFACE addresses these IT issues through informative, non-sales oriented, educational seminars customized to the specific needs of the local business community. Using case studies and best practice examples, these exhibitor-presented sessions offer you the solutions needed to address your technology challenges and achieve your organizational goals.

Website
Monday
Mar 17, 2014
Portland's Techno-Activism 3rd Monday
Galois, Inc

This event is free, but please RSVP on Eventbrite (will be linked above)

Event Description

Introducing TA3M Drink and Draw! We are planning a fun hands-on meetup. You will get to work with a team to discuss privacy, security, anti-surveillance, and anti-censorship topics and communicate your ideas through doodling! Each discussion group will work together to create a hand-drawn poster related to TA3M topics. This is a time to network with other individuals interested in these topics, and provides a fun way to express your ideas and concerns. We will do our very best to make sure beverages of all sorts (alcoholic and not) are available to get those creative juices flowing.

After the Drink and Draw session, we invite attendees to join us for social time at a nearby bar/restaurant.

Have a preference about what you want to learn? Want to lead a group in teaching a method? Email us a [email protected] and we'll add you to the agenda.

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! Read more about techno-activism 3rd mondays.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation organizes the event. Galois is generously providing space for the event.

Code of Conduct

Please review our code of conduct before attending the event to ensure a safe and welcoming time for all.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

Website
Thursday
Mar 20, 2014
Open Source Security ISSA Portland Symposium
Nike ED1 Air Max 360 Building

Join ISSA for a special half-day symposium on the topic of Open Source Security. This will be the second symposium format event sponsored by ISSA this year (following up on the very successful Incident Response symposium held in October).

When: Thursday, March 20, 2014 - Doors open at 8:30AM. The event will end at 1:30PM. Lunch will be provided.

Agenda: 8:30 - Doors open and networking 9:00 - 10:30 - Eyes Wide Open: Open Source Network Security Monitoring with Bro and Time Machine 10:40 - 11:30 - Using Open Source Tools to Accomplish SANS Top 20 11:40 - 12:30 - The Open Nature of Security Intelligence 12:30 - 1:30 - Lunch and networking opportunity

Location:
Thank you to our colleagues at Nike for hosting this symposium on the west side. The event will be held at the ED1 Air Max 360 Building; The address is 15475 SW Koll Parkway. Note that this is not the “main” Nike campus, but is nearby. There is plenty of parking, and the ISSA event will be held on the first floor. We will have a check-in desk visible for visitors.

Presentations: This symposium will feature several intriguing and educational presentations by experts in the area of Open Source Security. Speakers will explore specific skills that security practitioners can take away in terms of using open source tools to achieve security, as well as provide an overview of where open source tools fit in with the commercial products in the marketplace.

See EventBrite page for full presentation descriptions

Price:
The symposium is subsidized by chapter memberships and sponsors. A nominal fee of $10 (member) / $15 (non-member) / $20 (at-the-door) will be charged.

CPEs: The chapter maintains proof of attendance for members but it is the members responsibility to ensure that these CPE's are credited to their respective accounts. This symposium will offer between 3-4 CPE hours.

Website
HiMSS Oregon - Lunch and Learn "BYOD/Mobility - Best Practices within Health Delivery Systems"
Providence (St. Vincent’s) East Pavilion – Souther Auditorium

With the explosive growth of Smart Phones, Tablets and other mobile devices, Healthcare Delivery Systems (HDS) have to offer accessibility to both patients and practitioners. Mobility and support of a “Bring Your Own Device” (BYOD) environment have become increasingly necessary as we move into the digital industrial economy. Gartner predicts that Digital incompetence will cause a quarter (25 percent) of businesses to lose their market position by 2017. In the hyper-competitive HDS landscape, Hospitals have to offer more flexibility for access to both their external and internal customers to remain relevant and avoid losing market share.

This interactive panel discussion will focus on the challenges that Healthcare Delivery Systems face with these changes. This will include topics ranging from security issues, demands on the network, patient privacy, potential breach of data, and increased financial risk. The panel will discuss best practices within the clinical environment and the infrastructure required to serve the needs of the users, as well as protect the patient information.

Distinguished Panelists Include:

NAME: Michael Boyd TITLE: Chief Information Security Officer, Providence Health & Services

Mike Boyd’s background includes security engineering and risk management work in the fields of media and entertainment, insurance and financial services, higher education and more than a decade working in healthcare information security and risk management.

Mike has been with Providence Health & Services for more than six years and currently serves as the Chief Information Security Officer. Providence is a not-for-profit Catholic healthcare system that includes 32 hospitals, more than 350 physician clinics, senior services, supportive housing and many other health and educational services. Providence employs more than 64,000 people across five states – Alaska, California, Montana, Oregon and Washington. Mike’s responsibilities include oversight of information security risk assessment, security incident management, and integration of security risk management within Providence’s environment including information technology, supply chain, revenue cycle, human resources and healthcare operations. Previously Mike served as the Information Security Officer for Oregon Health & Science University and oversaw the security engineering team at Pacific Life Insurance. Mike is also the past president of the Portland chapter of the Information Systems Security Association (ISSA) and a former Captain in the United States Marine Corps.

Mike holds is a Certified Information Systems Security Professional (CISSP) and holds a Bachelor of Science in Computer Science from the United States Naval Academy in Annapolis, Maryland.

NAME: Paul Aneja TITLE: IT Architect, Salem Health
Currently working at Salem Health, prior architect experience at several Northwest companies including Intel, Xerox, and Oregon Health Authority. Passionate about planning and improving the maturity of technology platforms, applications, and solutions. Develop roadmaps for various technology domains to advance new technologies. Education includes a Health IT Informatics graduate certificate degree from OHSU and Masters in Computer Science from Old Dominion University.

NAME: Brad Reardon TITLE: Lead Wireless Technical Consultant,
Kaiser Permanente
Focus: Mobile Communications strategy and engineering

Brad started out working on his family's home network in high school. After a short stint as a student technical support representative at Berry College, he joined the Marine Corps. While stationed in Hawaii, he worked as a Tactical Data Network Technician overseeing a helpdesk and three networks spanning the Pacific. Once leaving the Marine Corps, Brad went to work leading call center teams for Dell Computers in Phoenix, Arizona. After the opportunity to play professional paintball brought him to the Pacific North West, he worked at Holiday Retirement and Symantec before landing a position working on VoWiFi for Salem Hospital. In 2009, he left Salem Hospital to begin working for Kaiser Permanente.

Website
Lockpicking Workshop
Free Geek

The local chapter of Toool meets every third Thursday at FreeGeek. Doors open at 7p. Beginner's lesson starts at 7:15p and repeated as needed. Play time ends around 9:30. We supply locks, tools, guidance, and community.

Please RSVP to [email protected] . It helps us know how to set up the room.

Website
Tuesday
Mar 25, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Tuesday
Apr 1, 2014
Galois tech talk: Practical Challenges to Secure Computation
Galois, Inc

Presented by John Launchbury.

In secure computation, one or more parties collaborate to compute a result while keeping all the inputs private. That is, no-one can gain knowledge about the inputs from the other parties, except what can be determined from the output of the computation. Methods of secure computation include fully homomorphic encryption (where one party owns the input data and the other party performs the whole computation), and secure multiparty computation (where multiple parties collaborate in the computation itself). The underlying methods are still exceedingly costly in time, space, and communication requirements, but there are also many other practical problems to be solved before secure computation can be usable. For programmers, the algorithm construction is often nonintuitive; for compiler writers, the machine assumptions are very different from usual; and for application designers, the application information flow has to match the security architecture. In this talk we will highlight these challenges, and indicate promising research directions.

Website
Wednesday
Apr 2, 2014
OWASP Chapter Meeting
Jive Software

Kevin Dyer will be presenting:


High-Profile Password Database Breaches: A Tale of (Avoidable) Blunders

Over the last few years, password database breaches reported in mainstream press have increased in frequency and magnitude. There is a typical pattern and service providers, such as Adobe or Yahoo or Snapchat, fail on at least two fronts: first, network perimeters and databases are breached and then, improperly secured user data and passwords are exfiltrated and shared in cleartext. Even if the former can't be prevented, there are security best practices to mitigate the impact of the latter, which are (seemingly) ignored.

In this talk, we'll discuss specific case studies and review the essential security best practices for storing sensitive user information. The goal is to show that in every case free, off-the-shelf tools are available, that would have mitigated the scope of the breach and (possibly) the onslaught of negative publicity. As one example, we'll build intuition for why using Scrypt (a memory-hard function) is superior to traditional cryptographic hash functions for storing passwords.

Kevin P. Dyer is a PhD student at Portland State University. His research focuses on network security and building protocols resistant to traffic-analysis attacks and censorship. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science with Mathematics from Santa Clara University.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Friday
Apr 4, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Saturday
Apr 5, 2014
Lockpicking Workshop - 2 year anniversary
Flux - Plastic Fantastics

Join us for this special 2-year anniversary meeting of The Open Organization Of Lockpickers, Portland chapter. We have lots of fun plans including special guests from TOOOL headquarters, key impressioning, some interesting locks that we don't see at average monthly meetings and much more! Everyone is welcome, all ages, no experience necessary, and it is totally free!

Bring your own vice if you have one (for impressioning).

Website
Tuesday
Apr 8, 2014
Galois tech talk
Galois, Inc

Presented by Morgan Miller.

Cryptographic tools have become more powerful in the last three decades. With that power has come complexity. To use or even understand most security tools you need a thorough understanding of mathematics which makes them inaccessible to the general public. The discipline of usability has been growing as well in the past three decades. There have been few but promising overlaps in usability and security which may provide vital tools for managing our digital selves, upholding the principal of privacy, and preserving freedom of speech.

Website
Monday
Apr 21, 2014
See us next month! Portland's Techno-Activism 3rd Monday
n/a

We will probably not have an April TA3M, but come see us in May! If you have suggestions about a speaker for our May event please email us at [email protected].

Friday
Apr 25, 2014
Galois tech talk: A Gentle Introduction to Hiding Usage Patterns
Galois, Inc

abstract: What if you want to store encrypted files on an untrusted Cloud Server in such a way that Server does not even know if you are editing the same file today as you were yesterday, or anything else about your usage patterns other than total amount of traffic to the Server? Clearly, no matter how strong of an encryption you use, access pattern is revealed: Cloud Server can simply track where on the hard drive you read/write from – clearly encryption does not hide that information. One naive solution to prevent revealing access pattern to the Server is to simply read all your data back from the Server and re-write your entire data back to Server in its entirety for each read/write. This works, but it is clearly impractical. Oblivious Random Access Memory (ORAM) is an algorithm that allows you to completely hide arbitrary access pattern in an efficient manner. In this talk, I will describe Oblivious RAM from the ground up, starting from my own Ph.D. thesis work on this topic (STOC 1990, MIT Ph.D. 1992) which showed the first efficient ORAM. The Journal Version of this work gained over 450 references according to Google Scholar [Ostrovsky-Goldreich JACM 1996] and ORAM became an important area of research in Cryptography in the last 5 years. I will describe surprising connections of ORAM to (1) tamper-proof embedded systems, (2) Software Protection (3) Secure Multi-Party and Secure Two Party Computation as well as (4) ways to securely compile programs with loops, “goto” statements, recursion, etc. into Garbled programs without “unrolling” the execution path, yet not revealing anything about the execution path. I will also compare and contrast ORAM to Single-Server Private Information Retrieval (Single-server PIR), which I co-invented with Kushilevitz in 1997, and explain important differences of these two models. The talk will be self-contained and accessible to the general audience.

Speaker bio: Rafail Ostrovsky is a Professor of Computer Science and Professor of Mathematics at UCLA and co-founder of Stealth Software Technologies, Inc. He has over 200 papers published in refereed journals and conferences and has 11 U.S. Patents issued. In 2013, Dr. Ostrovsky was inducted as an IACR (International Association of Cryptologic Research) Fellow. He currently serves as Vice-Chair of the IEEE Technical Committee on Mathematical Foundations of Computing and has served on 38 international conference Program Committees including serving as a PC chair of FOCS 2011. He is a member of the Editorial Board of JACM, the Editorial Board of Algorithmica; and the Editorial Board of Journal of Cryptology; he serves on the Editorial and Advisory Board of the International Journal of Information and Computer Security and is a member of the steering committee of the international symposium of Security in Communication Networks (SCN). He is a recipient of multiple academic awards and honors and has google h-index factor of 55. At UCLA, Prof. Ostrovsky heads security and cryptography multi-disciplinary Research Center (http://www.cs.ucla.edu/security/) at Henry Samueli School of Engineering and Applied Science.

Website
Tuesday
Apr 29, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Friday
May 2, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
May 15, 2014
ISSA Portland May 2014 Luncheon - Application Security
Con-Way

Join ISSA for our monthly luncheon on the topic of Application Security.

Click here to register online. Lunch for this event is complimentary, and is being funded by the generous support of our chapter sponsors. We do ask that you pre-register online, so that we can plan ahead for food.

When: Thursday, May 15, 2014 - Doors open at 11:30AM. The event will end at 1:00PM.

Lunch will be provided.

Presentation: Conrad Clark will be leading a discussion on the topic of application security, entitled: “Do you trust your software?” During this presentation we will discuss the concepts of; secure development, application testing, and security program management.

Conrad is a Security Solutions Architect with the Enterprise Security Products Group within HP. He is an expert in the area of application security testing and development. He has seventeen years of experience in IT Technical and Managerial experience. He had focused on Security and Security Services since 2004. He obtained his CISSP in March of 2005 and his CISM 2009. He has been working specifically in the area of application security since 2006. Prior to his civilian career, he served honorably on active and reserve duty in the United States Marine Corps for ten years.

Price: This luncheon is subsidized by chapter memberships and sponsors, and is complimentary. We do ask that you pre-register online, so that we can plan ahead for food.

CPEs: The chapter maintains proof of attendance for members but it is the members responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Elections We will be holding a vote for chapter officers at the May meeting. The roles and candidates are listed below; please contact a current chapter board member if you are interested in running or in serving as a committee chair/committee member.

Position: President

Candidate: Bowe Hoy

Position: Vice President

Candidate: James Trumper

Position: Secretary

Candidate: Amber Pham

Position: Treasurer

Candidate: Eric Dwyer

Chapter Sponsors

ISSA Portland would like to thank our 2013-2014 program year sponsors, who help make high quality programs like this possible:

Platinum Sponsor: Rapid7

Gold Sponsor: IBM

Silver Sponsor: Sword & Shield Enterprise Security

Silver Sponsor: Zscaler

Our lunch sponsor for this event is Hewlett Packard.

Website
Monday
May 19, 2014
Portland's Techno-Activism 3rd Monday
Flux - Plastic Fantastics

This event is free, but please RSVP on Eventbrite (linked above)

Using Metadata to Compromise Privacy: An Interactive Presentation

You've probably heard that your daily interactions over the web leave "metadata" that is used for advertising, law enforcement, and intelligence activities. In this presentation we will show what metadata is and what it can do by building case files from publicly available information. What types of things can you learn about yourself or others from metadata? Come find out.

This session will be lead by a Machine Learning PhD student from Oregon State University, which is the area of computer science responsible for programmatically processing metadata.

What should I bring?

  • A willingness to learn or to teach
  • A laptop
  • (optional) A current news story that you want to discuss with the group related to privacy/security/surveillance/censorship
  • Flux accepts donations so consider bringing a few bucks to show your appreciation for their support of this and future events.

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! From their website, "Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and activists who are interested in censorship, surveillance, and open technology. Currently, TA3M are held in various cities throughout the world, with many more launching in the near future."

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

Flux is generously providing space for the event.

The Privly Foundation will organize this and future TA3M Portland events.

Code of Conduct

Please read Flux's Code of Conduct: http://fluxlab.io/conduct-agreements/ to ensure a safe space for all.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

PDX TA3M on TA3M Wiki

Website
Tuesday
May 27, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Thursday
May 29, 2014
OWASP Chapter Meeting
New Relic

Ian Melven will be presenting: The Evolving Web Security Model


Is there a single cohesive model for the web ? No, there is not. What exists today is the result of the original same-origin policy and its evolution in many directions as a response to new threats and attacks. Where did we start, what tools are available to web developers to protect their sites and users, and where might we go in the future as the line between websites and native applications continues to become more and more blurry ? Join us on a journey through the past, present, and future of the web security model and its continuing evolution.

Ian Melven is an application security engineer at New Relic. He has previously worked in technical security roles at companies including Mozilla, Adobe, McAfee, Symantec, and @stake.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Bruce Schneier: "Internet, Security, and Power"
University of Oregon Portland

Computer security guru and writer Bruce Schneier examines the various ways power manifests itself in the Internet, and how security both allows the powerful to remain so while permitting the powerless to thrive as well. On the Internet, data equals power, and the dynamic between the various forces is the fundamental societal issue of the Information Age.

Website
Friday
Jun 6, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Saturday
Jun 7, 2014
CryptoParty
Free Geek

CryptoParties are informal gatherings where peers share knowledge about how to stay safe in a surveilled world. Bring your laptop and/or a USB thumb drive so that you can setup a selection of trusted free and open source software privacy applications.

Website
Monday
Jun 16, 2014
Portland's Techno-Activism 3rd Monday
Flux - Plastic Fantastics

This event is free, but please RSVP on Eventbrite (linked above)

Event Description

This month's topic is: User Experience and Privacy Software: An Interactive Workshop

Join us to make privacy software better. We believe that privacy software should be usable for the general public, and to start the effort, we need your help!

The goal of User Experience (UX) it is to make products as usable as possible for people. In this workshop, you'll learn about UX, download privacy software, and learn how to critically analyze the user experience to make it better. We hope to file some bug reports/feature requests to projects, and make a positive impact on their usability!

This is your chance to get a sneak-peek of an Open Source Bridge talk and meet other folks who will be attending Open Source Bridge.

This session will be lead by Jen Davidson, a Human-Computer Interaction PhD candidate from Oregon State University, and Sean McGregor, founder of The Privly Foundation and Machine Learning PhD student from Oregon State University.

What should I bring?

  • A willingness to learn or to teach
  • A laptop
  • (optional) A current news story that you want to discuss with the group related to privacy/security/surveillance/censorship
  • Flux accepts donations so consider bringing a few bucks to show your appreciation for their support of this and future events.

What is it?

This is the Techno-Activism 3rd Monday event for Portland, Oregon! From their website, "Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and activists who are interested in censorship, surveillance, and open technology. Currently, TA3M are held in various cities throughout the world, with many more launching in the near future."

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

Flux is generously providing space for the event.

The Privly Foundation will organize this and future TA3M Portland events.

Code of Conduct

Please read Flux's Code of Conduct: http://fluxlab.io/conduct-agreements/ to ensure a safe space for all.

PDXTech4Good

If you're interested in this event, you might also be interested in the PDXTech4Good meetup.

PDX TA3M on TA3M Wiki

Website
Tuesday
Jun 24, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal meetup of like-minded security professionals to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates.

Website
Saturday
Jul 5, 2014
CryptoParty
Free Geek

A CryptoParty is free, public and fun. People bring their computers, mobile devices, and a willingness to learn! CryptoParty is a decentralized, global initiative to introduce the most basic cryptography software and the fundamental concepts of their operation to the general public, such as the Tor anonymity network, public key encryption (PGP/GPG), and OTR (Off The Record messaging).

Website
Portland 2600
Theo's Restaurant

This meeting was moved from Friday to Saturday because of the holiday!

Don't show up on Friday night! Go enjoy the fireworks instead.

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Tuesday
Jul 22, 2014
OWASP Chapter Meeting
New Relic

Tim Morgan will be presenting: What You Didn't Know About XML External Entities Attacks

The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. Certain features built into the design of XML, namely inline schemas and document type definitions (DTDs) are a well-known source of potential security problems. Despite being a publicly discussed for more than a decade, a significant percentage of software using XML remains vulnerable to malicious schemas and DTDs. This talk will describe a collection of techniques for exploiting XML external entities (XXE) vulnerabilities, some of which we believe are novel. These techniques can allow for more convenient file content theft, sending of arbitrary data to arbitrary internal TCP services, uploads of arbitrary files to known locations on a vulnerable system, as well as several possible denial of service attacks. We hope this talk will raise awareness about the overall risk associated with XXE attacks and will provide recommendations that developers and XML library implementors can use to help prevent these attacks.

Tim Morgan is credited with the discovery and responsible disclosure of several security vulnerabilities in commercial off-the-shelf and open source software including: IBM Tivoli Access Manager, Real Networks Real Player, Sun Java Runtime Environment, Google Chrome Web Browser, OpenOffice, and Oracle WebLogic Application Server. Tim develops and maintains several open source forensics tools as well as Bletchley, an application cryptanalysis tool kit. Tim regularly speaks and delivers technical training courses, his next of which will be on cryptography for developers at AppSecUSA 2014.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Wednesday
Jul 23, 2014
ForgeRock's 3rd annual social July 23rd at Kell's Irish Pub!
Kells Irish Restaurant & Pub

ForgeRock welcomes you to our 3rd annual social at Kells Irish Pub, 112 SW 2nd Ave, Portland, Oregon 97204. 



Date: July 23, 2014 
 Time: 5:30 PM - 8:30PM
 Location: Kells Irish Pub, 112 SW 2nd Ave, Portland, OR, 97204



Free beverages to guests wearing a ForgeRock wristband! Be sure to look for a ForgeRock staff member passing out wristbands during OSCON to gain entry into this exclusive event!

We look forward to an evening of discussion about: 


  • Identity Relationship Management

  • Data Stores
  • Authentication
  • Authorization 

  • User provisioning
  • Community
  • Contributions
  • Developments
  • Events
Tuesday
Jul 29, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com, Facebook, & Google+. Invite your friends!

Website
Saturday
Aug 2, 2014
CryptoParty
Free Geek

A decentralized, global initiative to introduce the most basic cryptography software and the fundamental concepts of their operation to the general public, such as the Tor anonymity network, public key encryption (PGP/GPG), and OTR (Off The Record messaging).

CryptoParties are free to attend, public, and commercially and politically non-aligned.

Website
Tuesday
Aug 26, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Sep 6, 2014
CryptoParty
Free Geek

CryptoParty is a grassroots global endeavour to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, TrueCrypt, Linux, and virtual private networks to the general public.

This is a free skill-sharing event with other Cryptography and Privacy technology experts, working along side and sharing information with people new to Crypto and Privacy.

Everyone is welcome regardless of experience, bring a Laptop if you have one, if not, bring a USB thumbdrive, a pen and a pad of paper.

Website
Thursday
Sep 18, 2014
ISSA Portland Chapter - September 2014 Luncheon
Con-Way

Please join ISSA Portland for our monthly chapter meeting luncheon on the topic of: Breaches are inevitable – what can you do to prepare?

Please register online using the URL below to attend the event. Online sales will end 09/16/2014 at 10pm after which you will need to pay at the door. Seating is limited, so sign up today. http://www.eventbrite.com/e/chapter-meeting-breaches-are-inevitable-what-can-you-do-to-prepare-tickets-12427379627

When: Thursday, September 18, 2014 - Doors open at 11:30AM. The event will end at 1:00PM. Lunch will be provided.

Presentation:
Breaches are inevitable. You can implement strong security controls but breaches are a matter of when, not if it happens. The faster you respond to a breach of personally identifiable or sensitive information, the lower the operational, financial, or reputational impact to your organization. If your organization stores information such as social security numbers, driver’s license numbers and financial information, you need to be in a position to respond and notify because it’s sound business practice and it’s the law in the State of Oregon. The purpose of this presentation is to provide an overview of the regulatory requirements when it comes to breach notification and provide tools you can use in your own organizations to quickly respond to breaches when they occur, especially when you are required to notify your customers of such a breach.

This presentation is intended for security professionals, compliance officers, chief privacy officers and legal counsel who are or may be responsible for responding to security incidents that involves the unsecure breach of personally identifiable, protected, or sensitive information.

Presenter:
Chris Apgar, CISSP, CEO and President of Apgar & Associates, LLC, is a nationally recognized information security, privacy and electronic health information exchange expert. He has over 16 years of experience assisting health care organizations comply with HIPAA, HITECH and other privacy and security laws. Mr. Apgar has assisted healthcare, utilities and financial organizations implement privacy and security safeguards to protect against organizational harm and harm to consumers. Mr. Apgar served as a member of the Workgroup for Electronic Data Interchange Board of Directors for eight years. He currently is a member of the Oregon Prescription Drug Monitoring Advisory Commission. Mr. Apgar has been a Certified Information Systems Security Professional since 2002 and is a senior member of the Information Systems Security Association.

Price:
The chapter meeting is subsidized by chapter memberships and sponsors. There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $30 cash at the door. If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Sponsors ISSA Portland would like to thank our program sponsors, who help make high quality programs like this possible.

Platinum Sponsor: Rapid7 Gold Sponsor: IBM Silver Sponsor: Sword & Shield Enterprise Security Silver Sponsor: Zscaler

Website
Friday
Oct 3, 2014
BSidesPDX

BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the infosec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration. The Portland and greater Northwest information security community spans a broad spectrum of participation from CISOs, Fortune 100 company security experts, small business system admins, to independent security researchers.

Website
Thursday
Oct 16, 2014
ISSA Portland Chapter October 2014 Luncheon - Threat Intelligence
Con-Way

Please join Information Systems Security Association (ISSA) Portland for our monthly chapter meeting luncheon on the topic of: Is Threat Intelligence Making Us Stupid?

Please register online using the URL below to attend the event. Online sales will end 10/14/2014 at 4pm after which you will need to pay at the door. Seating is limited, so sign up today.

http://www.eventbrite.com/e/monthly-chapter-meeting-is-threat-intelligence-making-us-stupid-tickets-13324679475?aff=issalist

When: Thursday, October 16, 2014 - Doors open at 11:30AM. The event will end at 1:00PM. Lunch will be provided.

Location:
Con-Way 2055 Northwest Savier Street Portland, OR 97209

Con-way's reception desk is located at west end (closest to 21st Ave.) of the AdTech II building, best accessed by turning into the entrance located on 21st Ave; the main entrance to the building is on Savier Street on the west side of the building. This entrance is manned by a security guard and you will be asked to sign in. Con-way has asked that guests park in the two lots to the East of NW 20th Avenue between NW Raleigh and NW Thurman. Please do not park in spaces that are marked with names other than Con-way since these spaces are leased. The best option is the lot on the NE corner of NW Raleigh and NW 20th.

Presentation: Too many threats not enough time? This is the challenge for security professionals today, as we become inundated with data generated security devices, sensors, applications and remote feeds we can easily become numb to what our data is trying to tell us and often end up ignoring critical warning signs of compromise. This presentation will attempt to put some method to our madness and explain how to apply threat intelligence tools and data so that it is more than just speeds and feeds, but a legitimate resource and ally against increasingly well-resourced and cunning adversaries.

Presenter: Ken Westin of Tripwire is a security analyst and "creative technologist" with 14 years’ experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and has won awards from MIT, CTIA, Oregon Technology Awards, SXSW, Entrepreneur and named in Portland Business Journal's 2013 "40 Under 40". He has worked with law enforcement and journalists utilizing various technologies to unveil organized crime rings, recover stolen cars, even a carjacking amongst other crimes.

Price:
The chapter meeting is subsidized by chapter memberships and sponsors. There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $30 cash at the door.

If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Sponsors ISSA Portland would like to thank our program sponsors, who help make high quality programs like this possible.

Gold Sponsor: IBM Silver Sponsor: Zscaler

Website
Monday
Oct 20, 2014
OWASP Chapter Planning Meeting
Tugboat Brewing Company

This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.

Please RSVP if you plan on showing up. Just shoot an email to

( tim DOT morgan AT owasp DOT org )

Some of the topics we expect to discuss at this meeting:

  • Chapter meetings
  • FLOSSHack events
  • Approaches to sponsorship
  • Long term group leadership and governance
  • YOUR ideas

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
Oct 28, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Oct 29, 2014
Bringing a Secure Cloud to Your Enterprise
Online Webinar

The Cloud’s business model allows your organization to leverage existing infrastructure and platform investments for greater convenience, but developing a secure Cloud strategy involves numerous considerations and planning. Join us for this free webinar on October 29th, 2014 at 11am PT where we we will explore Microsoft Azure and Cloud Security.

Website
Thursday
Nov 6, 2014
The Future of Security Panel & Wyatt Starnes Memorial Award Sponsored by OEN
Sentinel Hotel

In light of recent massive cyber attacks at Target, JP Morgan, and The Home Depot, among others, where do we go from here? What cyber controls are needed to meet quickly evolving new threats? What kinds of new strategies should enterprises—large and small, public and private—start employing now to build a more secure future? Join us for an evening with leading cyber security experts, including a networking hour, an armchair discussion, and audience Q&A.

This special event will mark the launch of the annual Wyatt Starnes Memorial Award, honoring William Wyatt Starnes, founder and CEO of SignaCert and cofounder of Tripwire Inc., who died on May 10, 2014 at age 59.

*This event is free and open to the public, but seats are limited and registration is required.

Moderator: Craig Wessel, Publisher of the Portland Business Journal

Featured speakers: John Stewart, Senior Vice President, Chief Security and Trust Officer, Cisco

John Stewart will present a comprehensive vision for cybersecurity in a world whose threat landscape will include Cloud and Internet of Everything systems. He leads Cisco's prestigious Security and Trust Organization, has served on numerous national cyber commissions, and was the 2014 winner of Chief Security Officer of the Year.

Rear Admiral Robert "Willie" Williamson (Retired), National Cyber Security Expert

Admiral Williamson will facilitate the panel discussion. He was a former Commanding Officer of the USS Nimitz and Commander of the USS John F. Kennedy Battle Group. He has held leadership positions at Raytheon Company and Microsoft Corporation and is currently the Strategic Advisor at Shape Security Company.

Dwayne Melancon, Chief Technology Officer, Tripwire

Dwayne Melancon will emphasize the need for customer-driven security solutions. Dwayne regularly works with enterprises on how to prevent data breaches recover from breaches that have already occurred, and coaches Fortune 500 CISOs and CIOs on effective communications with the board room and the C-Suite. He holds CISA and ITIL certifications, is a member of numerous cybersecurity groups, and is a national speaker on information security topics.

Pete O'Dell, author Cyber 24-7: Risks, Leadership and Sharing

Pete O'Dell will address the need for "tone at the top" regarding cybersecurity, and the importance of board and executive policy in preventing and responding to cyber attacks. He has a 30-year career as a high tech leader at companies including AutoDesk, Microsoft and MicroWarehouse. He has lectured about cyber security and the board through National Association of Corporate Directors to Fortune 500 board members and executives.

Abrar Ahmed, Sr. Vice President for Technical Services, Eid Passport

Abrar Ahmed will address issues related to identity and access management in the panel discussion. A national expert of trusted identity management systems, he has over 20 years' experience as a high tech executive at companies including Mentor Graphics and Micro Power Electronics.

Website
Friday
Nov 7, 2014
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
Nov 20, 2014
ISSA Portland Chapter November 2014 Symposium - Advanced Malware
Widmer Brothers Gasthaus

Presentations: Beating Cybercriminals: Preventing Compromise in the Face of Advanced Attacks

Cybercriminals combine social engineering techniques with ongoing application vulnerabilities to install advanced malware on both customer devices to compromise financial accounts and employee devices to compromise corporate networks. Advanced malware effectively bypasses authentication technologies and readily evades anti-virus applications. New endpoint solutions have emerged that have some merit, typically with a narrow focus on a single threat vector, but none have proven effective at stopping dynamic threats, and most of these approaches come with a very high operational cost. A new approach to cybercrime protection and preventing compromise is desperately needed.

This presentation will provide an overview of: · The methods cybercriminals use to successfully install advanced malware on endpoint devices · The most recent fraud cybercrime developments and compromise techniques uncovered by Trusteer research · New approaches available to mitigate the increase risk from endpoint devices · Case studies of actual cybercrime prevention results · Demonstration of preventing different advanced attack scenarios

Presented by Christopher Beier - Sr. Product Marketing Manager for IBM/Trusteer. Christopher brings impressive security DNA through his almost 20 years’ experience working for both Symantec, and McAfee. Christopher has deep knowledge and experience in the financial services and online banking security with 5 years as a technical product manager at Fiserv. He is also a 12 year US Navy veteran where he applied IT administration skills to the US submarine corp. Christopher presented on advanced malware issues at Black Hat USA 2014.

Staying Ahead of the Malware Curve Over the last five years the threat curve for dealing with advanced attackers and malware has changed significantly. Keeping ahead of signature updates used to be the battleground, but the escalating arms race has moved on to staying ahead of whitelisting, reputational, and dynamic analysis capabilities—and the people we truly care about keeping out of networks are gaining traction once again. Worse still, these capabilities are moving down the threat curve at an accelerating pace, meaning anyone has the potential to acquire these capabilities. Many in our ranks have given up on keeping our adversaries out of our ranks and instead focused on rapid detection. Though no silver bullet exists in our toolbox, there are new solutions that flip the economics to our favor.

This presentation will provide an overview of: · The methods cybercriminals use to successfully install advanced malware on endpoint devices · Insight into the evolution of malware attacks, focusing on the new techniques in use today · Discussion of cutting edge malware delivery platforms · Demonstration of commodity exploit kits (Blackhole) · Discussion around endpoint application isolation techniques · Demonstration of commodity exploit prevention leveraging non-persistent desktop browsing

Presented by Darrin Mourer - Sr. Solution Architect with Invincea specializing in advanced threat prevention, detection, and forensics. He has been involved in the information security space for over 15 years in both information security officer and vendor roles. He has held various certifications including CISSP, CISA, SANS, and ITIL. Previous to Invincea, Darrin spent over 10 years in various sr. level security roles at Symantec.

Panel Discussion – Key Advanced Malware Countermeasures

Following the two presentations, ISSA Portland will provide lunch followed by a moderated panel discussion on key advanced malware countermeasures and practical implementation concepts. The panel will consist of:

Christopher Beier - IBM Darrin Mourer – Invincea *Additional local Security Expert Panelists being confirmed

Price:
The chapter meeting is subsidized by chapter memberships and sponsors. There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $30 cash at the door.

If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Sponsors ISSA Portland would like to thank our program sponsors, who help make high quality programs like this possible.

Gold Sponsor: IBM Silver Sponsor: Zscaler

Website
Tuesday
Nov 25, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience are folks experienced with information security in a professional capacity.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Thursday
Dec 4, 2014
OWASP Chapter Meeting
New Relic

Joseph Arpaia, MD will be presenting: Hiding in Plain Sight: A Mnemonic Method For Creating Secure Passwords

The human brain is not suited to recalling secure passwords composed of random sequences of characters especially if they are not used regularly. Humans are excellent at recalling sentences, even years after learning them, e.g. nursery rhymes, song lyrics. This ability can be used to create a mnemonic method for generating a large number of passwords from one remembered passphrase, even if the passphrase and the associated characters are not kept secret.

Joseph Arpaia received his BS in Chemistry from CalTech and his MD from UC Irvine where he also did research in electrophysiology and applications of chaos theory to psychiatry. He is a psychiatrist in private practice in Eugene, OR and applies heart rate variability analysis in his work with patients. He also teaches applications of mindfulness meditation to psychotherapy at the University of Oregon and is the co-author of Real Meditation in Minutes a Day. He has a long-standing interest in passwords and security which dates back to his experience at age 8 when he came up with a Vernam cipher in response to a challenge by his father to encrypt a text message.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Thursday
Dec 11, 2014
ISSA Portland Holiday Party 2014
Con-Way

Presentation: “Combating the Insider Threat” Malicious attacks are up 87% over last year and insider threats still remain as the leading cause of Data Breaches and IT sabotage. The threat is real, enough so that Federal agencies and Federal systems integrators were required by Executive Order #13587 to implement an “Insider Threat Detection and Prevention Program” by the end of 2013. Yet traditional Defense-in-depth methods fall flat to address the ever-present risk inherent to unstructured data management. Come learn what industry trends as well as recent research from the FBI can teach us about securing our security “soft center”.

Mr. Terry Boedeker, CISSP Solutions Engineer, Varonis Systems

Terry Boedeker has over 15 years of experience in Information Technology ranging from software development, technical writing, managed services and data center operations, to business continuity program management, and information security. He proudly served in the United States Marines from 2003 to 2007, and graduated summe cum laude from DeVry University in 2012, earning a B.S. in Networks & Communications Management. He joined Varonis Systems in 2013, and maintains the Certified Information Systems Security Professional certification from (ISC)2. For more details, visithttps://www.linkedin.com/in/terryboedeker

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This event will offer 1 CPE per hourof attendance.

Chapter Sponsors ISSA Portland would like to thank our sponsors, who help make high quality programs like this possible. Gold Sponsor: IBM Silver Sponsor: Zscaler

Website
Tuesday
Dec 16, 2014
Galois tech talk: Common crypto mistakes in Android – and how we can make it better
Galois Inc

abstract: If you do a web search for “encrypting Strings in Android”, you’ll find a lot of example code, and they all look pretty similar. They definitely input a String and output gibberish that looks like encrypted text, but they are often incorrect. Crypto is tricky: it’s hard to tell that the gibberish that’s being printed is not good crypto, and it’s hard to tell that the code example you picked up from Stack Overflow has serious flaws.

The problem here is that sites like Google and Stack Overflow rank results based on popularity, but the correctness of crypto isn’t something we can vote about. It’s not a popularity contest. To use it correctly, you have to understand the properties of the algorithm and the security goals of your code. Maybe the bad crypto someone pasted up on the Internet was acceptable for their needs, but there’s a good chance it’s completely unacceptable for yours.

In this talk, we’ll discuss the use of a very common crypto algorithm, AES, and show how code examples on the Internet usually make serious mistakes in how they use AES libraries. What are the consequences of these mistakes and what are more reasonable defaults. We’ll also talk a bit about our simple Android library that tries to do AES right.

More information on the Tozny blog: http://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/

bio: Isaac is a security researcher at Galois where he has lead authentication and collaboration projects for the DoD and IC. Isaac earned his master’s degree in Cybersecurity from the University of Maryland, University College, and his B.S. in Computer Science from Ohio State University. In 2013, Isaac founded Tozny, a Galois spin-off company aimed at solving the password conundrum. Easier and more secure than passwords, Tozny replaces passwords with an easy-to-use cryptographic key on a user’s mobile phone.

Website
Tuesday
Dec 30, 2014
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Monday
Jan 12, 2015
Galois Tech Talk: Overcoming Problems when Applying Machine Learning to Cybersecurity
Galois Inc

bio: Evan Wright is a member of the Technical Staff for the Threat Discovery Group of the CERT Coordination Center (CERT/CC). The CERT/CC is a division of the Software Engineering Institute at Carnegie Mellon University. He holds a MS in Information Security and Technology Management from Carnegie Mellon University and a BS in Technology Systems from East Carolina University. He has over 20 years experience in computer networking and holds a CCNP and six other certifications. Since joining SEI, he has supported a variety of customers in areas such as IPv6 security, ultra-large scale network monitoring, malicious network traffic detection, intelligence fusion, and cybersecurity applications of machine learning. Before joining SEI, he was a network administrator for a medium sized company and Internet Service Provider in North Carolina.

Website
Tuesday
Jan 27, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Friday
Feb 13, 2015
OWASP Chapter Meeting
New Relic

Software development is speeding up; Waterfall to Agile to Continuous Integration to Continuous Deployment. Do we still have time for security? Of course we do! But many development shops are unaware how to add security to their development process and will often use "security slows us down" as a reason to produce insecure code. This talk focuses on how to add security into a speedy development process while still remaining fast and responsive to customer requests.

The speaker will be Joe Basirico - the VP of Services for Security Innovation. Before he started leading the team, he was a developer, trainer, researcher, and security engineer. Joe spent the majority of his professional career analyzing software security behavior and researching how software development organizations mature over time from a security perspective. Through this research, he developed an understanding of application threats, tools, and methodologies that assist in the discovery and removal of security problems both software- and process-related. He manages the company’s engineering blog and has written several publications and tools that focus on source code level vulnerabilities.

Website
Monday
Feb 16, 2015
Portland's Techno-Activism 3rd Monday: The Battle for Protecting Data
Mozilla

Event is free, but please RSVP: http://ta3m-pdx-17.eventbrite.com

The Battle of Protecting Data

Join us this month for a talk and lively discussion on "The Battle of Protecting Data". With the changing world of enterprise computing ("Bring your own device", mobile, SaaS), the corporate world is having to re-think how they do security.

Presenter

Bill Giard is a Principal Engineer in Intel's IT organization and is responsible for helping to lead IT's software delivery across multiple client platforms. Bill joined Intel in 1996 with a Bachelor's degree in Computer Science and has over 20 years of IT experience.

Hosted by: Portland Techno-Activism Third Mondays. Refreshments provided.

Sponsored by: The Privly Foundation, and hosted at Mozilla

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Twitter

Event hashtag: #ta3m

Event organizers: @Privly, @TechnoActivism

Venue host: @MozPDX

Code of Conduct

Attendees are expected to read and abide by Privly's Code of Conduct

Website
Tuesday
Feb 17, 2015
ISSA Portland February 2015 Symposium - BYOD
Tiger Woods Center, Nike campus, Beaverton, OR

Two presentations on BYOD strategy, followed by a panel discussion.

Speaker 1 "BYOD Policy, Trust Continuum, and Enforcement Technologies"

In 2015, nearly every organization has had to take a position on where they stand with BYOD. Some IT leaders fully embrace it, others are still pretending it does not exist. While others have defined a "Trust Continuum" granting access in trade for control. Such a innovative approach is impossible without accompanying "Trust Continuum" technical controls to enforce the administrative policy. This presentation will cover from policy to technical enforcement of trust.

Collin Miller “Secure Mobility: IT Strategy for the Mobile Enterprise,” delivers a clear assessment of the state of mobile security today paired with an insightful look into what the future holds. He shares vetted strategies for implementing BYOD and packs his talk with practical information about available tools for mobile device and application management.

Collin Miller has spent more than a decade thinking about, designing and implementing secure IT infrastructures, especially those incorporating BYOD and mobile device management policies. He is a strategic planner, highly skilled and certified in technologies that touch nearly every part of the enterprise. Currently, Collin focuses his attention and energy on mobile device security and management, DLP, remote access and authentication, next-gen firewalls and SIEM.

Website
Tuesday
Feb 24, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Monday
Mar 16, 2015
Techno-Activism 3rd Mondays: Privacy Day Happy Hour
Lucky Labrador Beer Hall

Privacy Day is on March 16th down in Salem. You can learn more about it here: http://aclu-or.org/privacyday. We encourage you all to attend, if you can!

Portland's Techno-Activism 3rd Mondays is having a no-host evening happy hour so folks who went can share their experiences, and for folks who didn't go to learn about Privacy Day and hear about how things went. It'll also be a time to talk amongst ourselves and privacy-related events and policies that impact our lives.

What is Techno-Activism 3rd Mondays?

Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and activists who are interested in censorship, surveillance, and open technology. This is an international meetup and happens in over 20 cities around the world.

Portland's TA3M does meetups on all of the above topics (and more!). The format varies from month to month. Sometimes we have fantastic speakers, sometimes we do lightning talks, and sometimes we do hands-on workshops. It all depends on what our meetup attendees are interested in hearing about, and what we have time to plan. Have a suggestion for a topic? Let us know!

Code of Conduct

As with all of our events, there is a code of conduct. Please read it here: https://www.privly.org/content/code-conduct. All attendees are expected to abide by this code of conduct.

Website
Wednesday
Mar 18, 2015
NIKE Tech Talk
Nike Decathlon Club Cafe

NIKE Tech Talk

Thank you to the 175+ people who attended the first NIKE Tech Talk in our new program! The event was a big success and we're excited to host a second evening of talks.

Please join us at the NIKE campus on Wednesday, March 18th (3:30-7:00pm) for two tech talks, snacks, and drinks. Learn more about the talks and RSVP at: http://niketechtalks-march2015.splashthat.com.

The Insecurity of Things

Stephen A. Ridley (Principal, Xipiter LLC)

...and Hardware for All

Joe Grand (Founder and Principal Engineer, Grand Idea Studio)

For those of you who attended last time, the venue set up has been adjusted for an improved attendee experience. If you have any questions, feel free to get in touch with us.

Website
Tuesday
Mar 31, 2015
OWASP Chapter Meeting
New Relic

People in Information Security say passwords are dead. Yet the replacement solutions are not available or main stream. An independent developer, Steve Gibson, decided to do something about it and created SQRL. From his website "Proposing a comprehensive, easy-to-use, high security replacement for usernames, passwords, reminders, one-time-code authenticators . . . and everything else." Let's talk about what SQRL is, how it works, how it could work in your solution and does it have competitors.? I am as interested in your feedback as I hope you are interested in resolving the password problem!

Brian Ventura is an Information Security Architect at the City of Portland and 21 years experience in IT. Brian has enterprise, consulting and project management experience, supplying secure solutions to internal and external customers. Brian is mentoring a SANS MGT414 course in Portland between April 14th and Jun 16th. You can find more information at https://www.sans.org/instructors/brian-ventura

Website
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Thursday
Apr 16, 2015
ISSA Portland - Zero Days, Ghost Malware, and Other Current Trends
Con-Way

Please join ISSA Portland for our monthly chapter lunch meeting presenting the topic of: Zero Days, Ghost Malware, and Other Current Trends, Presented by FireEye.

You can register at the link below until Monday April 13, 2015: https://www.eventbrite.com/e/monthly-chapter-meeting-threat-intelligence-and-zero-day-malware-tickets-16218230163

When: Thursday – April 16, 2015 – 11:30 to 1pm (PST) – doors open at 11am. Then event will end at 1:00PM.
Lunch will be provided.

Presentation: Zero Days, Ghost Malware, and Other Current Trends

Tobin Sears currently leads the Western region systems engineering team at FireEye – an organization dedicated to protecting enterprises and governments against the next generation of cyber-attacks through the use of a purpose-built, virtual machine-based security platform. His expertise in the Web security space has led him to architect and consult on an extensive portfolio of secure infrastructure projects worldwide. Prior to FireEye, Tobin held various positions at F5, McAfee/Secure Computing, and NetApp. He holds a Bachelor of Science degree from the University of California, Berkeley.

Price:
The chapter meeting is subsidized by chapter memberships and sponsors. There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $30 cash at the door. If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Website
Monday
Apr 20, 2015
Techno-Activism 3rd Monday: Movie Night
The Gameroom

Free, but please RSVP with the link provided above

Movie Night

We'll have a cozy movie showing at theGameRoom. The movie is to-be-decided but will be on one of the following topics: privacy, surveillance, security, censorship.

Join us for a movie & discussion - everyone is welcome!

Appetizers will be provided, but we encourage you to support theGameRoom and indulge in a beverage and more food!

What's TA3M?

This is the Techno-Activism 3rd Monday event for Portland, Oregon. Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and activists who are interested in censorship, surveillance, and open technology. Currently, TA3M are held in various cities throughout the world, with many more launching in the near future.

Who should come?

Anyone interested in techno-activism. We invite coders, geeks, artists, and anyone else. No technical experience required.

Who's hosting?

The Privly Foundation organizes this and future TA3M events.

theGameRoom is generously providing space for the event. After the meetup, theGameRoom will provide free game play to TA3M attendees.

Code of Conduct

As with all of our events, there is a code of conduct. Please read it here: https://www.privly.org/content/code-conduct. All attendees are expected to abide by this code of conduct.

Website
Tuesday
Apr 28, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
May 26, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Jun 17, 2015
OWASP Chapter Meeting
Jive Software

Bob Loihl will be presenting:
Secure Software Development Life Cycle in an Agile World

In this day and age we must do everything we can to produce secure software. But how you ask? I will be talking about some of the options available and how to get an initiative started in your workplace/project. I will cover some of the choices out there for Agile Development and then we'll examine one choice, BSIMM (https://www.bsimm.com/), in more depth. I will follow that up with a discussion of some of the challenges and some of the benefits of implementing an SSDLC.

Bob Loihl is a Software Engineer with 20+ years of experience developing business applications, leading teams and spreading the security word. He has a strong interest in delivering applications that are secure by design in an agile world. He has been helping Tripwire grow and mature its development processes for the last 10 years and his current hobby is incorporating SSDLC (Secure Software Development Life-Cycle) processes into the software manufacturing process. Bob is passionate about family, software, canoes and guitars. In his spare time he works at Tripwire producing high quality software using Agile methodologies. Oh yeah, he cares a tiny bit about security.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
Jun 30, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Jul 21, 2015
OWASP Chapter Meeting
New Relic

Talk

At the end of the day, security depends on code. Secure software demands secure code, configuration, management, testing, and constant improvement.

Security automation aligns perfectly with the modern, fast-paced environments like continuous delivery that are quickly seeping into companies of all kinds.

Automation provides drastic results with little effort, but quickly reaches a plateau where the effort involved in finding better results that provide value rises above the value of focusing elsewhere.

In this talk, I will focus on some of the lesser discussed topics of security automation and how they relate to the lines of code that produce the reason why we are discussing security automation today. The goal is to give a complete understanding of the ways that companies like _ and _ have produced secure code that runs their web applications.

Speaker

Neil is currently an engineer at GitHub, co-founder of Brakeman Security Inc., and OWASP Orange County board member. Formerly, he was an application security engineer at Twitter, OC Ruby leader, and AppSec California organizer. Neil enjoys long walks on the beach, long walks in the woods, and long walks anywhere really. His turnoffs include noisy offices, noisy people, and noisy anything really.

Website
Tuesday
Jul 28, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Aug 25, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Sep 29, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Friday
Oct 2, 2015
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Wednesday
Oct 7, 2015
OWASP Chapter Planning Meeting
Mama Mia Trattoria

This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.

Please RSVP if you plan on showing up. Just shoot an email to

( tim DOT morgan AT owasp DOT org )

Some of the topics we expect to discuss at this meeting:

  • Summary of AppSecUSA
  • Leads on speakers for Chapter Meetings
  • FLOSSHack events
  • A Possible Training Day
  • Long term group leadership and governance
  • YOUR ideas

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Thursday
Oct 22, 2015
ISSA Portland SIEM (Security Information and Event Management) Symposium
Sintenel Hotel

Please join us for this symposium on SIEM. Presentations will be provided by IBM, GBProtect and TripWire., and the topics include models for SIEM deployment and SOC optimization, a methodology to bring new sources into a SIEM, and how using SIEM technology and multiple sets of data can shorten time to detection and response. There will also be an interactive panel discussion on SIEM. The agenda and full presentation descriptions can be found in the Eventbrite registration link.

This is a half-day event that will provide 4 hours of CPEs. Lunch will be provided. The fee for this symposium is $10(member) or $30 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $50 cash at the door. If you wish to become a member, please visit http://portland.issa.org/join-issa-portland.

Please use the Eventbrite link above to register for the event.

Website
Tuesday
Oct 27, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Friday
Nov 6, 2015
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Monday
Nov 16, 2015
TA3M
Mozilla

The Privly Foundation organizes Portland TA3M. Ever wonder what they do?

Priv.ly is a platform that allows you to encrypt your content anywhere on the web, with the click of a button. Join us for a hands-on workshop on using Priv.ly.

Website
Tuesday
Nov 17, 2015
OWASP: Antivirus in the Enterprise - Is it dead yet?
Jama Software (New Office)

This month's topic is "Antivirus in the Enterprise - is it dead yet?" Read almost any article about antivirus today, and there will be an opinion somewhere in the writings about the applicability and effectiveness of antivirus software in the enterprise today. Some say yes; some say no. We will open this meeting with a pro/con presentation by security professionals Tony Carothers and Timothy D. Morgan, followed by discussion and debate in a panel style, about antivirus software and it's effectiveness in software security today. Refreshments will be provided.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Tuesday
Nov 24, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Friday
Dec 4, 2015
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Tuesday
Dec 29, 2015
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Jan 20, 2016
Cybersecurity Round Table Summit Portland
BridgePort Brew Pub

Join in a security round table discussion with the industry’s leading security vendors.

Fortinet • Palo Alto Networks • Cisco • RiskSense

An open forum for security professionals.

Don’t miss the chance to interact with the CenturyLink Cybersecurity team and some of the industry’s top security technology providers. Network with other security professionals in your industry while you learn about the latest security technology trends. Lunch, drinks and promotional giveaways will be provided.

Topics of Discussion: - Centurylink Cybersecurity Services and Analysis - Cyber threat State of the Union Analysis - Vendor Specific Threat Analysis and Response - Securing Hybrid Cloud Networks - Meeting Security Regulatory Requirements - The Future of Cyber Attacks

Website
Tuesday
Jan 26, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Monday
Feb 15, 2016
CoreOS + Techno-Activism 3rd Monday
Portland State Business Accelerator Mt. Hood room

Join us on Monday, February 15th for a joint CoreOS and Techno-Activism 3rd Monday meetup. We'll have two knowledgable CoreOS presenters, Alex Crawford and Matthew Garrett, as well as lots of tasty food! Come learn about security and CoreOS.

6:00 pm

Food, Drink, Networking

6:30 pm

New Ways to Deploy and Manage Applications at Scale

Alex Crawford, software developer at CoreOS

The last decade belonged to virtual machines and the next one belongs to containers. CoreOS is a new Linux distribution designed specifically for application containers and running them at scale. This talk will examine all the major components of CoreOS (etcd, fleet, docker, systemd) and how these components work together.

7:15 pm

Protecting Laptops Against High-Level Adversaries

Matthew Garrett, principal security software engineer at CoreOS

You’ve left your laptop in your hotel room. You come back, turn it on and type in your disk encryption passphrase. And, just like that, you've granted access to all your private data to the person who slipped in with a USB stick while you were out.

This isn't a hypothetical case. We've seen companies selling tools that are intended to bypass disk encryption by simply modifying the boot process and waiting for the user to type in their decryption key. It's a worrying situation, but it's one that we can protect users against.

This presentation will describe how some of the same techniques used to protect servers can be used to verify the state of laptops. It'll demonstrate the use of a novel but straightforward piece of software that allows users to use widely deployed hardware to let users check the security of their system at a glance. And it'll talk about why you still need to be afraid of a smaller set of really scary people.

8:00

Networking

Interested in speaking at a CoreOS meetup or hosting a future event? Please reach out to marketing at coreos.com to discuss!

Website
Wednesday
Feb 17, 2016
OWASP: Inspiring People to Embrace Risk Management
New Relic

This month's OWASP chapter meeting features Andrew Plato, President and CEO of Anitian.

Talk

Security leaders are under supreme pressure to build security programs that protect the business without disabling the business. However, the greatest impediment to success is not the technologies or regulations, but rather the people who must implement a security program. As a security leader, how do you communicate important risk, security, and compliance concepts to your team in a manner that inspires them to action? The answer is security vision. We live in world where people do not want more rules, they want meaning. The problem with so much of what we do in security is that it often seems annoying and unnecessary to users and executives. When people understand the mission and vision of the organization, they are naturally inclined to follow good practices. In this presentation, veteran security leader, as well as a CEO, Andrew Plato will discuss how to create, foster, and promote security vision to improve engagement with your co-workers. We will discuss communication, leadership, and motivational strategies that clarify and simplify security concepts to drive maximum employee engagement.

Speaker

Andrew Plato, CISSP, CISM, QSA

In 1995 while working at Microsoft, Andrew executed the first known instance of a SQL Injection attack against an early e-commerce site. When he demonstrated this attack to the developers, they dismissed the issue as irrelevant. This intrigued but also inspired Andrew to found Anitian with the goal of helping people understand the complexities of information security.
Today, Anitian is one of the most trusted names in security intelligence with clients worldwide. Anitian has a mission to Build Great Security Leaders. For the past 20 years, Andrew and Anitian have consistently executed on this mission with innovative, pragmatic answers to the most vexing security, compliance, and risk challenges. Andrew’s career encompasses nearly every dimension of information security. He has participated in thousands of security projects, written hundreds of articles, and advised hundreds of C-level executives. Being a both a business owner and security practitioner allows Andrew to bring a unique perspective to any discussion regarding security, technology, and governance. Andrew is well-known for delivering entertaining presentations that challenge conventional thinking and deliver practical answers to complex IT security challenges.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Tuesday
Feb 23, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Mar 29, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Apr 6, 2016
Build Your Incident Response Framework
Technology Association of Oregon

Don't be a target - create a do-it-yourself plan instead...

If you use technology in your day to day operations (and who doesn't), join us on the morning of Wednesday, April 6th for its first of four events on mitigating the risks of business impacts through cybersecurity. Network with peers, learn from subject matter experts and walk away with the foundation for an incident response framework for yourself and your organization.

Our four-part series will include: -alignment to the NIST Cybersecurity Framework -guidance from Cybersecurity subject matter experts - representing both private and public sectors -individual support for customizing an incident response framework for you/your organization -connectivity to peers in a safe environment for building a scalable plan that will positively impact your entire organization

This event is the kickoff to a four-part series hosted by the Tech Leadership Community around the topic of Cybersecurity. Each event will provide building blocks to help guide a do-it-yourself incident response framework for your team and entire organization. Whether you attend one event by yourself, bring your peers to the entire series, or any other combination, the subject matter experts selected for each event will provide individual guidance on the final framework for you/your company.

Our first event will focus on scalable incident response with guidance from the following leads:

Subject Matter Experts: Jerry Holcombe, Online Business Systems Dennis Tomlin, Multnomah County

Incident Response Team: David Neufeld, Online Business Systems Lance Kidd, High Strategy Consulting, LLC

Thank you to our series sponsor, Neudesic!

Tickets available here: https://www.techoregon.org/events/build-your-incident-response-framework

Website
Tuesday
Apr 26, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Monday
May 23, 2016
OWASP: Scanning APIs with OAS 2.0 (Swagger)
New Relic

Scanning APIs with OAS 2.0 (Swagger):

The Open API Specification is a relative newcomer in the history of web service interface documentation. It stands apart from its predecessors by not tying itself to a specific vendor technology, and aims to embrace all forms of RESTful HTTP. Leveraging this powerful specification for automated scanning of APIs will save time by providing a straightforward mechanism to evaluate APIs without having to proxy traffic or manually build attack vectors.

Topics covered

  • What is the OpenAPI Specification (Swagger)
  • How Swagger/REST relates to SOAP/XML
  • Tools for converting to/from swagger to 'X'.
  • Scanning a simple RESTful JSON based API with Swagger
  • Swaggering the SDLC.

Speaker

Scott Davis
Rapid7
Application Security Researcher
Portland, Oregon Area

Scott has been developing software professionally for over 15 years in a variety of contexts and technologies including wireless sensor networks, robotics, migration modeling & visualization, ERP, interactive projection art, product development and security services. Scott has spent as many years focusing on the security aspects of these technologies, and has leveraged this background to lead the engineering security team at Webtrends for several years. Currently, he serves as Application Security Research for Rapid7.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Tuesday
May 31, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Thursday
Jun 2, 2016
TechJunction
Hilton Eugene

F2F Events, Inc. (F2F) produces CPE-accredited educational conferences for IT professionals focusing on the latest developments in information security, IT infrastructure and communications. F2F’s TechJunction conference series is dedicated to providing both attending delegates and sponsors a strong return on their investment of time and resources. With a “by invitation-only” format, cutting-edge content, interactive labs & exhibits, and other complimentary delegate benefits (coffee, lunch, cocktails; etc.) TechJunction has earned the reputation as “THE technology conference” for IT professionals across the country.

Website
Wednesday
Jun 8, 2016
Risk Assessments, Initial & Ongoing
The Eliot Center

If you use technology in your day to day operations (and who doesn't), join us on the morning of Wednesday, June 8th for our second of four events on mitigating the risks of business impacts through cybersecurity.

Part two of the series will focus on risk assessment, both initial and ongoing. A hand selected subject matter expert will lead our session with a broad overview on assessments that will benefit both junior and senior level IT professionals. Selected panelists will share real life scenarios on the successes and challenges they have faced in preparing for and conducting risk assessments for their business.

Questions to be answered during this session:

-What are the impacts to your business and your role specifically if there is a security breach? -Is it lost revenue, lost brand equity, lost job, etc? -What is the first step in getting a risk assessment? -What are the best tools in conducting self / internal assessments? -When assessing risk, which threats are higher in the risk hierarchy - internal or external? -How does BYOD impact your risk assessment planning/monitoring?

Panelists - Dave Dyk, Simple Finance Eric Dahl, CorVel Corporation

Moderator Jim Robison, Anitian

Speaker Michael Lines, Cyber Security Advisor

Register here: https://www.techoregon.org/events/security-series-part-2-risk-assessments-initial-ongoing

Thank you to our series sponsor, Neudesic!

Website
Tuesday
Jun 21, 2016
OWASP: Add TAL, improve a threat model!
WebMD

Add TAL, improve a threat model!

To improve your (threat) modeling career, you need a better (threat) agent (library)! Threat modeling is a process for capturing, organizing, and analyzing the security of a system based on the perspective of a threat agent. Threat modeling enables informed decision-making about application security risk. In addition to producing a model, typical threat modeling efforts also produce a prioritized list of security improvements to the concept, requirements, design, or implementation. In 2009, OWASP posted wiki pages on threat modeling. Although there was the start of a section on threat agents, it has yet to be completed.

Intel developed a unique standardized threat agent library (TAL) that provides a consistent, up-to-date reference describing the human agents that pose threats to IT systems and other information assets. Instead of picking threat agents based on vendor recommendations and space requirements in Powerpoint, the TAL produces a repeatable, yet flexible enough for a range of risk assessment uses. We will cover both the TAL, the Threat Agent Risk Assessment (TARA), how they can be used to improve threat modeling.

Speaker

Eric Jernigan
Information Security Architect
Umpqua Bank


Eric Jernigan is an Information Security Architect at Umpqua Bank and focuses on risk assessment, Secure project support, information security governance, and security awareness. Prior to this, Eric He has also served as an information security manager and adjunct instructor at PCC. He has also served as an active duty Information Warfare Analyst in the Air National Guard in support of NORTHCOM/NORAD. He has almost twenty years of intelligence, counter-terrorism, Information warfare, information security, and compliance experience. His current professional certifications include CISM, CRISC, and CISSP, so love him. A staunch privacy advocate, he hates Facebook.



The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Tuesday
Jun 28, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Jul 26, 2016
OCCA: Advanced Network Troubleshooting
Max's Fanno Creek Brew Pub

The Oregon Computer Consultants Association presents Advanced topics in Network Troubleshooting

-Overview of switches/networking devices that offer tcpdump/pcap.
-How a span port works
-Viewing and troubleshooting via Wireshark.
-If time allows, advanced topics such as how to view SSL payloads in Wireshark.

Bio: Eric Hardin has been in IT for over 14 years and has held positions from help desk to Sr. Manager. He has worked for a few large companies in the Portland area and spent two years as a consultant. Currently Eric is a Sr. Manager, Cyber Defense Center at Nike.

Eric enjoys spending time with his family along with coin collecting and woodworking. Eric and his wife Angela have been married for ten years and they have two boys Wesley and Everett.

Website
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Thursday
Jul 28, 2016
OWASP: Social Engineering -- How to Avoid Being a Victim 
Jama Software (New Office)

Social engineering (an act of exploiting people instead of computers) is one of the most dangerous tools in the hacker’s toolkit to breach internet security. The Ubiquiti Networks fell victim to a $39.1 M fraud as one of its staff members was hit by a fraudulent “Business Email Compromise” attack. Thousands of grandmas and grandpas are victim of phishing emails and are forced to pay ransom to have their data released.

In this new millennium, the cyber security game has changed significantly from annoying harmless viruses to stealing vital personal data, causing negative financial impact, demanding ransom, and spreading international political feud. Anyone with presence in the Cyber space has to protect himself/herself, the infrastructure, customers, and also deal with the legal repercussions in the event of a breach. In this talk Bhushan will present the different types of social engineering practices including use of social networks such as Facebook, Twitter, LinkedIn, the bad guys successfully use. The victims can range from the “C” levels (CEO, CFO, CTO) down to the individual contributors in an organization to a grandparent on her laptop. The presentation will also discuss a variety of ordinary but effective measures such as awareness campaign that organizations can take to minimize the risk of breach.


Speaker Bhushan Gupta

A principal consultant at Gupta Consulting LLC., Bhushan Gupta is passionate about the integration of web application security into Agile software development lifecycle. His interests extend to Social Engineering and Attack Surface Analysis. Bhushan worked at Hewlett-Packard for 13 years in various roles including quality engineer, software process architect, and software productivity manager. He then developed a strong interest in web application security while working as a quality engineer for Nike Inc. After 5 years at Nike, he retired and since has been studying various facets of web application security. Bhushan is a certified Six Sigma Black Belt (HP and ASQ) and an adjunct faculty member at the Oregon Institute of Technology in Software Engineering. To learn more about Bhushan, visit www.bgupta.com.


This meeting will be recorded! Feel free to tune in live, or catch the recording later (~24hrs after event).


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Thursday
Aug 25, 2016
OWASP: Node.js Security
Simple Website
Tuesday
Aug 30, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Sep 14, 2016
Breach, Incident, or Spill: Your Compliance Requirements
The Eliot Center

If you use technology in your day to day operations (and who doesn't), join us on the morning of Wednesday, September 14th for our third of four events on mitigating the risks of business impacts through cybersecurity. Attendance of all 4 events is not required, so we encourage all IT professionals to join us on September 14th!

Cyber security incident management isn't just about a technical response to a breach or spill. Almost every business and government entity handles and stores regulated data and are subject to a complex tapestry of compliance requirements.

Understanding the nuance between events, incidents and breaches is key.

This Technology Leadership event explores incident response focused on compliance reporting. Subject matter experts from RADAR will engage attendees in: -Assessing an incident and the need for compliance reporting -Dinstinguishing between security and privacy incidents -Key components in building a culture of compliance into your organization's incident response

Website
Tuesday
Sep 27, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Friday
Oct 14, 2016
Security BSides Portland
through Oregon Convention Center

Security BSides Portland is the 6th annual BSides event in Portland!

This year we're excited to have Oregon's own tech- and security-savvy Senator Ron Wyden delivering a keynote, plus an amazing lineup of 27 speakers and 9 moderators, 5 hands-on workshops, and several other contests and activities.

Schedule: http://www.bsidespdx.org/schedule

The event is FREE, but register ahead of time to guarantee space: http://bsidespdx.eventzilla.net/ We have PCB badges, T-shirts (including women's sizes!), and bags to give away, but we will be giving them to donors first.


BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration. The Portland and greater Northwest information security community spans a broad spectrum of participation from CISOs, Fortune 100 company security experts, small business system admins, to independent security researchers.

Website
Tuesday
Oct 25, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Nov 2, 2016
OWASP Training Day 2016
Portland State University (PSU) - Smith Memorial Center

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. (Similar training may cost more than 10 times as much in a conference setting.) It will also be a great chance to network with the local infosec community.

For more information on the schedule and how to register, see the main event page.

Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each!


Morning Session


Cyber Hygiene - Critical Security Controls

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.


Introduction to Injection Vulnerabilities

Instructor: Timothy D. Morgan Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

Afternoon Session


Applied Physical Attacks on Embedded Systems, Introductory Version

This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.


Communications Security in Modern Software

Securing communications over untrusted networks is a critical component to any modern application's security. However, far too often developers and operations personnel become tripped up by the many pitfalls of implementation in this area, which often leads to complete failures to secure data on the wire. In this course we discuss how attackers can gain access to other users' communication through a variety of techniques and cover the strategies for preventing this. The course covers specific topics ranging from the SSL/TLS certificate authority system, to secure web session management and mobile communications security. A hands-on exercise is included in the course which helps students empirically test SSL/TLS certificate validation in a realistic scenario.


About OWASP

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Website
Tuesday
Nov 29, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Tuesday
Dec 27, 2016
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Jan 18, 2017
Pentesting: Find Where Your Systems are Vulnerable
Mozilla

TA3M is back, and we have a great meeting lined up for you!

There have been a number of stories in the news lately about hacking and data breaches, and we all want our personal data to be secure. In order to prevent these attacks on our privacy, an important step is to identify any vulnerabilities in the computer systems that store our private data before those faults can be used to steal the data. And that's where penetration testing comes in. Penetration testing, or "pentesting," is a process of attacking computer systems in order to find security weaknesses so that they can be fixed before criminals and other malicious actors find and take advantage of them.

Please join us for a fascinating presentation that will examine some common computer attacks and preventative steps that we can take to avoid them. Karl Fosaaen, from NetSPI, will talk about working as a pentester and will discuss avoiding exploits in applications and networks and how to counter social engineering attacks.

We'll have snacks, and there will be an opportunity for networking following the talk. We hope to see you there!

Speaker Bio:

Karl is a Managing Consultant with NetSPI who specializes in network and web application penetration testing. With over eight years of consulting experience in the computer security industry, he has worked in a variety of industries and has made his way through many Active Directory domains. Karl also holds a BS in Computer Science from the University of Minnesota. This year, he has spent a fair amount of time digging into the Skype for Business APIs. Prior to that, Karl has helped build out and maintain NetSPI's GPU cracking boxes. Karl has previously spoken at THOTCON, BSidesMSP, BSidesPDX, and DerbyCon. In his spare time, you may see him trying to sell you a t-shirt as a swag goon at DEF CON.

Website
Tuesday
Jan 31, 2017
Trends in Cybersecurity
Max's Fanno Creek Brew Pub

Trends in Cybersecurity

The presentation will be a summary of security topics and risks based on notes from 2 cybersecurity presentations from the FBI in Oct. and Nov. 2016. Topics will include:

Tips for selling security
Tips for security audits
Some best practices
Live demonstrations
Cyber attack trends
Mitigating disaster if it occurs

Agenda:

6:00--6:20 Networking
6:20--7:00 No-host dinner
7:00--7:30 Introductions and announcements
7:30--8:30 Main Presentation (followed by Q&A):

Presented by:
David Bowman
Northbridge Secure
Business Development Manager
http://netconnect.co/

David has been working in the technology industry since he was performing child labor maintaining the Dial-Up BBS for his Dad during storms. Having grown up around technology the crowning achievement of his teenage years was finally talking his parents into the Palm Pilot IIIc. He was known to use his "school laptop to write websites during class and nearly didn t graduate high school because his final Project was plagiarized from himself. (yes he sold his Project to a company and got school credit for it at the same time)

David has spent the last 10 years working for companies such as Hewlett Packard, Cisco Systems, and CenturyLink. With a strong background in switching, internet connectivity, and rooms without windows full of technology he comes to us today from Northbridge Secure a company which enables "Work to be an activity not a place."

Website
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Feb 1, 2017
CHIFOO Event: Embrace The Chaos
New Relic

CHIFOO presents "Embrace The Chaos: Client Workshops and Getting the Insights You Seek" with Alicia Nagel, Alicia Nagel Creative, LLC!

Engage the client in disruptive and engaging workshops early in website development process to elicit input from key stakeholders who might not otherwise be able to verbalize it. Learn about workshop tools to engage clients to define user personas, develop a wish-list of website features, and define voice for content.

About the Speaker

Alicia (@AliciaNagelCrtv) brings over a decade of experience in marketing strategy and branding. She creates content and makes sure the marketing for her clients is strategically crafted to meet their business goals.

She currently enjoys living in NoPo and takes any chance she can get to visit the many gardens we have within the city.

Come join CHIFOO for our second speaker event for 2017's theme "Thriving in Chaos: Strategies for Good Design".

http://bit.ly/2j998jU

Website
Monday
Feb 13, 2017
OWASP Chapter Planning Meeting
Kells Irish Restaurant & Pub

NOTE THE LAST MINUTE VENUE CHANGE!

This is a planning meeting for the Portland OWASP chapter. Please join us if you are interested in helping us plan and organize the activities of the chapter for the next year.

Please RSVP if you plan on showing up. Just shoot an email to

( tim DOT morgan AT owasp DOT org )

Some of the topics we expect to discuss at this meeting:

  • Training day recap
  • Leadership roles and committments
  • Upcoming chapter meetings
  • YOUR ideas

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
Feb 28, 2017
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates & point your IRC client to #rainsec on freenode.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Mar 18, 2017
Intermediate Digital Privacy & Security
Free Geek

You already know a few online safety practices, but you’d like to go further! Learn how your digital connections can be traced, how encrypted communication works, and get tools for browser, email and mobile privacy.

Website
Advanced Digital Privacy & Security: Wi-Fi Security
Free Geek

Learn the essentials of protecting your home wifi network. Prerequisite: Must be familiar with basic networking. Bring your own computer.

Website
Monday
Mar 27, 2017
OWASP/AngularJS combined: Boosting the Security of Your Angular Application
Cambia Health Solutions

This month PDX OWASP is joining forces with the local Angular JS meetup to feature:
Philippe De Ryck, PhD
Web Security Expert @ imec-DistriNet, KU Leuven

Abstract

Angular 2 is hot, and there is a huge amount of information available on building applications, improving performance, and various other topics. But do you know how to make your Angular 2 applications secure? What kind of security features does Angular 2 offer you, and which additional steps can you take to really boost the security of your applications?

In this session, we cover one of the biggest threats in modern web applications: untrusted JavaScript code. You will learn how Angular protects you against XSS, and why you shouldn't bypass this protection. We will also dive into new security mechanisms, such as Content Security Policy. Through a few examples, I will show you how you can use these mechanisms to enhance the security in your client-side context.

Speaker

Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners.

You can find more about Philippe on https://www.websec.be


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Tuesday
Mar 28, 2017
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Apr 5, 2017
CHIFOO Event: Bottom Up Security: Doing Your Part to Secure The Future
New Relic

CHIFOO presents "Bottom Up Security: Doing Your Part to Secure The Future" with Chris Berg, Firemaple Industries!

Everyday we hear more about another big hack. First Target, then the DNC, then the NSA. Secure software and infrastructure seems impossible, so what can we do? Come to this session to learn how to make security more accessible by making it part of the software and product development process.

About the Speaker

Christopher Berg (@thechrisberg) is a consultant who has spent over 16 years supporting enterprise and startup software development teams as an engineer, architect, instructor, and advisor. He provides guidance to cross-functional teams to bridge the gap from financial success to mature product with security, architecture, and process improvement instruction and implementation.

Come join CHIFOO for our fourth speaker event for 2017's theme "Thriving in Chaos: Strategies for Good Design".

http://bit.ly/2iJtOi8

Website
Saturday
Apr 15, 2017
Advanced Digital Privacy & Security: Online Anonymity
Free Geek

Join us to understand the mechanics of being truly “anonymous” on the internet and try out various tools for being anonymous. Prerequisite: Must be familiar with basic security and privacy best practice. Bring your own computer.

Website
Thursday
Apr 20, 2017
Portland ISSA Cloud Symposium
Nike Victory (EDO)

Please join ISSA Portland April Symposium presenting the topic of: Cloud Security Symposium

You can register at the link below until end of day Tuesday April 18, 2017 for the early registration pricing.

https://www.eventbrite.com/e/issa-portland-april-2017-cloud-security-symposium-tickets-33123690851?ref=ecal

Space is limited, so please register soon.

When: Thursday – April 20, 2017 – 8:30am to 1:30pm

Agenda:

8:30am – Doors open 9 AM – Case Study: Implementing CASB @ Deloitte Paul Sukhu, Senior Manager | Cyber Risk Services
10 AM – Cloud Automation & Security Bots - DivvyCloud - Jeremy Snyder
11AM - Container Security – Twistlock - Joshua Thorngren 12-12:30 PM – Lunch Is Served 12:30-1:30 PM – Micros-Segmentation (Speaker TBD)

Where:

Nike Victory (EDO) 15475 SW Koll Pkwy Beaverton, OR 97006

Price: The chapter meeting is subsidized by chapter memberships and sponsors. There is a nominal fee of $10 (member) or $25 (non-member) for preregistered attendees. Walk in attendee’s are welcome but will be charged $30 at the door. If you wish to become a member, please visit http://portland.issa.org/join-issa-portland/ for additional details.

CPEs: The chapter maintains proof of attendance for members but it is the member’s responsibility to ensure that these CPE's are credited to their respective accounts. This luncheon will offer 1 CPE per hour of attendance.

Chapter Sponsors: ISSA Portland would like to thank our program sponsors, who help make high quality programs like this possible.

Platinum Sponsor: Vectra GOLD Sponsor: Optiv, Tenable, Netskope SILVER Sponsor: FireEye, RiskIQ, OBS

Additional information can be found on our website at: http://portland.issa.org/

Saturday
Apr 22, 2017
Advanced Digital Privacy & Security: Wi-Fi Security
Free Geek

Learn the essentials of protecting your home wifi network. Prerequisite: Must be familiar with basic networking. Bring your own computer.

Website
Tuesday
Apr 25, 2017
OWASP: Software Composition -- the other 95% of your app's attack surface
New Relic

Abstract

Nobody really writes their own code any more, right? We go out to GitHub and download some libraries for our favorite language to do all the hard things for us. Then we download half a dozen front end frameworks to make it all pretty and responsive and we’re off to the races. In my review I’ve found that more than 90% of the code that makes up an app these days is something we borrowed, not wrote ourselves. Now most of us scan our own code for flaws with Static Analysis tools, but what about all the stuff we didn’t write? How do we know what’s actually in there? I’ll tell you how to find out and keep track of what’s in there, and how to avoid getting pwned because you let a nasty in the back door with that whiz-bang library that does the really cool thing you couldn’t live without.

Speaker

Jeremy Anderson
Cambia Health Solutions

Jeremy Anderson is a Secure Software Architect and CSSLP, with experience developing software solutions for numerous fortune 500 companies for almost 20 years. In 2014 he had a run in with InfoSec that spurred him into action as an AppSec superhero where he’s worked for HP then Veracode. Since early 2016 he’s been working with Cambia Health Solutions, bootstrapping and scaling an Application Security program from the ground up supporting hundreds of developers for dozens of applications. He’s passionate about not just finding security defects, but training ninjas to destroy them.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
May 17, 2017
Erlang/Elixir Meetup
Househappy

The Secure Remote Password Cryptor (SRPC) addresses mobile app security in a post web-app world. SRPC provides HTTPS quality security without the explicit transfer of trust inherent in using HTTPS with PKI. SRPC is immune to HTTPS Man-in-the-Middle issues and also provides many features out-of-scope for HTTPS.

SRPC requires a pair of libraries, one on the client device and one on the server. To create an easy way for mobile app developers to try SRPC, I've built a Erlang OTP system that acts as an SRPC tunnel to an "unaltered" HTTP server. The system is comprised of:

  • srpc_lib: Low-level functionality
  • srpc_srv: The SRPC protocol
  • srpc_elli: An Elli layer to expose srpc_srv to an elli app

There are two optional pieces:

  • srpc_elli_proxy: Proxies request to the "unaltered" HTTP server
  • srpc_elli_lager: Lager module

Finally, I have a test system for testing the iOS framework (Android is underway):

  • srpc_elli_test: Test implementation

Presented by Paul Rogers, an independent software engineer with many years of development experience across multiple platforms using a number of different computer languages. He has a Master of Science in Mathematics, which helps him dig into the internals of cryptography, and a Master of Science in Physical Oceanography.

This will likely be a small talk, with room for additional mini talks.

Website
Monday
May 22, 2017
OWASP: What the experts say about Web Application Security - A Panel Discussion
Jama Software (New Office)

We are often encountered with making non-trivial decisions about Appsec. Participate in an exciting open discussion with the experts on the following (and more) aspects of Appsec:

  • Challenges in establishing a Secure SDLC
  • Growing pains with increased need for security
  • Critical things to focus on for an effective security/Appsec program
  • Effectiveness and use of developer training on Appsec
  • Relevance of OWASP top 10 in today's security landscape?

Bring your burning questions to ask the panel and take this opportunity to share your experiences with others.

Panel Member's Bio:

Brian Ventura – Security Architect at the City Of Portland focused on Information Security program management, Brian also is a SANS Instructor and ISSA education director.

Ian Melven - Ian has worked in the security field for over 15 years in various roles at companies such as @stake, McAfee, Adobe and Mozilla. He currently leads product security at New Relic.

James Bohem - James is the Chief Security Architect at WebMD Health Services in Portland, OR. For the last 16 years he has held Information Security architect and consulting positions, with experience in application security, architecture and compliance strategy across healthcare, technology, retail, financial and manufacturing industries. Before focusing on security, he was a software developer and architect on the UNIX kernel, microkernels, distributed applications and standards development.

Eric Jernigan – Eric is the IT Security Manager at Genesis Financial Solutions and has broad security experience in financial industry.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
May 30, 2017
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Wednesday
Jun 14, 2017
How Does the Internet Work?
Hatch

Frontend, Backend, DevOps! Server-side rendering! SSL and HTTPS and SQL injection?! What the heck does all this jargon actually mean? If you're in a leadership position and you need to fill a tech role, it can be hard to know up from down. If your software engineer tells you to pay for an expensive service "for security reasons", how do you know whether its worth your money?

In this workshop, we'll answer the question "how does the internet work" from a Helicopter's perspective. You don't need any programming skills to attend, but be sure to come with questions! By the end, you'll understand the following concepts and how they fit together:

  • The difference between websites, apps, and servers
  • Cybersecurity hygeine (and how to avoid being hacked)
  • Common software developer job descriptions
  • Basics of computer programming (bring a laptop if you want!)

Tickets: Free for Hatch Members, $20 for non members

Workshop Leader: Finn Terdal, Technology Manager at Hatch

Website
Saturday
Jun 17, 2017
Create Your Own Firewall
Free Geek

Protect your computer from outside attacks. How? Learn to install and configure a firewall. This workshop will cover essential rules and best practices for set-up. Bring your own computer.

Website
Monday
Jun 19, 2017
OWASP: Cheating a Hacking Game for Fun and Profit
WebMD

Abstract

All modern software, but the most trivial one, relies on common libraries to perform routine work. Your software may be bastion of security, exhaustively tested and evaluated, but once a vulnerability is discovered in a library you depend on, all bets are off. These large and pervasive vulnerabilities quickly become popular targets, exploited by everybody from script kiddies, to professional hackers, to state actors. It is no surprise that the use of vulnerable libraries is included in the OWASP Top 10 list. The Australian Signals Directorate (ASD) lists patching operating systems and applications as two of their top four strategies to mitigate security incidents!

During a recent hacking game, we've identified and exploited a vulnerability not anticipated by the developers. One little crack in a widely used library gave us the footing we needed to construct an attack chain of remote code execution, file upload, data exfil, source code disassembly, and branching into a private network, all despite extremely high level of hardening on the target from unintended attacks. We'll share with you how a safe and fun library exploitation can be in the confines of a hacking game, and how there are serious implications for your corporate applications where the stakes are much higher.

Speakers:

Alexei Kojenov is a Senior Application Security Engineer with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications.

Alex Ivkin is a senior security architect with experience in a broad array of computer security domains, focusing on Identity and Access Governance (IAG/IAM), Application Security, Security Information and Event management (SIEM), Governance, Risk and Compliance (GRC). Throughout his consulting career Alex has worked with large and small organizations to help drive security initiatives and deploy various types of enterprise-class identity management and application security systems. Alex is an established and recognized security expert, a speaker at various industry conferences, holds numerous security certifications, including CISSP and CISM, two bachelor’s degrees and a master’s degree in computer science with a minor in psychology.

Website
Tuesday
Jun 27, 2017
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Jul 15, 2017
Create a Security Center for your Home
Free Geek

You’d be surprised to see how insecure the default settings for many of our home technologies are! Join us for a workshop to learn how to step up the security of your home computer, wifi network, and more. Bring your own computer.

Website
Tuesday
Jul 25, 2017
OWASP: How Billion Dollar Enterprises Manage Application Security at Scale
New Relic

Abstract: Security Compass recently completed a research study by surveying companies across multiple industries with the goal of discovering how large, complex organizations address application security at scale. The majority of respondents surveyed were multinational organizations who reported annual earnings greater than $1 billion USD. Through this new research study, we have gleamed novel insights on how large organizations manage application security at scale. Through this presentation, we will reveal aggregated insights, industry trends, and best practices that illuminate how organizations are addressing application security at scale, so that you may apply and compare these learnings to the state of application security at your own organization.

Speaker: Rohit Sethi - Chief Operating Officer, Security Compass

Rohit Sethi joined Security Compass as the second full-time employee. As COO, Rohit is responsible for setting and achieving corporate objectives, company alignment and driving strategy to execution. Previous to this role, he managed the SD Elements team. Rohit specializes in building security into software, working with several large companies in different organizations. Rohit has appeared as a security expert on television outlets as such as Bloomberg, CNBC, FoxNews, and several others. He has also spoken at numerous industry conferences and/or written articles on major websites such as CNN.com, the Huffington Post and InfoQ.

Website
Tuesday
Aug 29, 2017
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Thursday
Sep 14, 2017
2nd Annual IT Event at TopGolf
TopGolf - Hillsboro

IT Professionals: Join Xiologix along with our sponsors Dell EMC and Fortinet for an informative and fun afternoon! TopGolf Thursday, September 14, 2017 12:00-3:00pm

Enjoy lunch, mingling with your peers and learning more about Dell EMC, Fortinet and Xiologix while experiencing Top Golf! Space is limited so register today!

(To attend you must have a corporate email address and hold an active role in your organization’s IT department.)

Website
Saturday
Sep 16, 2017
Personal Home Computing Security
Free Geek

Learn common attacks on home computers, how to set up encrypted email and a password manager, sans.org tips, and more. Feel free to bring your own computer.

Website
Monday
Sep 18, 2017
OWASP: Crypto 101 - Part 1
New Relic

The media keeps talking about this Cryptography thing. Information Security teams pressure internal operations and development, as well as, vendors to support encrypted data and transport.How can we responsibly implement cryptography in our projects?

In the first of a 2-part series, we will discuss major types of encryption, including symmetric, asymmetric and hashing. We will cover the simple principles behind symmetric encryption, then lightly touch modern asymmetric functions, without the math! We will also cover certificate usage.

After our talk, you will understand the difference between AES, RSA and SHA. You will also understand how the web uses encryption and certificates to keep our transactions secure.

The second part of the series presented by Tim Morgan, will focus on, SSL/TLS's PKI, certificate validation, how basic crypto goes wrong (lacking integrity protection, padding oracle attacks, weak password hashes, etc), and explore what safe cryptographic libraries are out there and how to use them.

SPEAKER: Brian Ventura

Brian is a SANS Instructor and works locally for the City of Portland as an Information Security Architect. Brian co-teaches a PCC course this fall, focused on preparing for the CISSP certification.

Website
Tuesday
Sep 26, 2017
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Friday
Oct 13, 2017
Intro to Digital Privacy & Safety
Free Geek

From high-profile data breaches to advertising that follows you around the internet… There are plenty of reasons to be concerned about digital safety and privacy. This introductory class will help you understand online privacy and security threats, how they work, and how to avoid problems. You'll leave with a toolkit of resources for staying safe online.

Website
Saturday
Oct 14, 2017
Mop Street Swap Meet
PASCAL

PASCAL is hosting a swap meet free to anyone at Portland's new Hackerspace located at 2410 N Mississippi Ave on Oct 14 from noon to 10:00pm. This event is for people who like to swap cool tech and electronics!

This event will have space for 15 booths with tables and nice comfy seats. There will be onsite snacks, a food truck outside with covered seating and smoking area, and a local DJ. Parking is available street side close to Widmer Brewery and McMenamins.

We are here to make connections with our community and collaborate with our neighbors- and have an opportunity to sell and trade!

Tuesday
Oct 17, 2017
Portland Java User Group (PJUG)
New Relic

Agenda:

  • Discuss how we're planning to help PJUG appeal to a broader more diverse audience.
  • Chris Hansen will present his take-aways from JavaOne last month.
  • Sean Sullivan from gilt.com will present on web application security and Apache Struts.

Abstract:

In September 2017, Equifax announced a major security breach. The breach may have exposed sensitive data for over 100 million US consumers. The breach was due, in part, to a vulnerability in an older release of Apache Struts 2.x

This talk will examine the vulnerabilities from the Apache Struts framework. We will review the underlying Java code and discuss the fixes that were applied by the Apache Struts team.

Presenter:

Sean Sullivan is a Principal Software Engineer at HBC Digital. Sean has been a member of the HBC/Gilt team since 2011.

Slides: https://speakerdeck.com/sullis/apache-struts-and-the-equifax-data-breach

Website
Friday
Oct 20, 2017
Security BSides Portland
through Oregon Convention Center

Security BSides Portland 2017 is the 7th annual BSidesPDX!

The event is FREE, but register ahead of time to guarantee space: http://bsidespdx2017.eventzilla.net/ We have PCB badges, T-shirts (including women's sizes!), and bags to give away, but we will be giving them to donors first.

BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration. The Portland and greater Northwest information security community spans a broad spectrum of participation from CISOs, Fortune 100 company security experts, small business system admins, to independent security researchers.

Website
Saturday
Oct 21, 2017
Intermediate Digital Privacy & Safety
Free Geek

You already know a few online safety practices, but you’d like to go further! Learn about encrypted communication, email and mobile privacy, and more. This class provides tools and resources to navigate the web securely.

Website
Getting Started with VMware
Free Geek

Learn to set up and use a virtual machine.

Website
Thursday
Oct 26, 2017
Intro to Digital Privacy & Safety
Free Geek

From high-profile data breaches to advertising that follows you around the internet… There are plenty of reasons to be concerned about digital safety and privacy. This introductory class will help you understand online privacy and security threats, how they work, and how to avoid problems. You'll leave with a toolkit of resources for staying safe online.

Website
Thursday
Nov 9, 2017
CHIFOO Event: Now That’s Risky Business – Selling UX To The Security Techies
1st Floor Conference Room- Big Pink (Us Bancorp Tower), 111 SW 5th Avenue, Portland, OR 97204

CHIFOO presents "Now That’s Risky Business – Selling UX To The Security Techies" with Andrew Sweany, Tripwire!

Software for tech savvy system admins and security analysts doesn’t need to be easy to use, right? Wrong. Providing good software to the folks keeping our data safe is much more important than one click shoe shopping.

About the Speaker

Andrew (@andrewsweany) began as a Human Factors Engineer at Intel in 2000 and since that time has completed countless user research activities on a huge range of products (software, hardware, web/desk, tablet, & mobile) across the entire life cycle (from emerging concepts to well established enterprise and consumer products).

Come join CHIFOO for our eleventh and final speaker event for 2017's theme "Thriving in Chaos: Strategies for Good Design".

http://bit.ly/2imCE8Q

Website
Saturday
Nov 11, 2017
PASCAL Open Day
PASCAL

Join PASCAL on Saturday the 11th of November for a day of tours, entertainment and dialogue.

Drop on by if you would like to: - Learn more about who PASCAL be, and what do PASCAL - Start hacking stuff immediately - Learn about current threats and how they work, or - Simply mingle and have a relaxing afternoon with Infosec nerds.

Basic concessions will also be available!

Website
Tuesday
Nov 14, 2017
OWASP: Cryptography 101/Part 2 - When Good Crypto Goes Bad
Jama Software (New Office)

Abstract

A well known security expert and cryptographer, Thomas H. Ptáček, once said:

"If You're Typing the Letters A-E-S Into Your Code You're Doing It Wrong".

Wait, what?!? Doesn't everyone use AES? Of course we do. Is AES broken? Nope. In this developer-oriented talk I'll explore the kinds of mistakes programmers commonly make when implementing cryptosystems; just how easily these problems can be exploited in the real world; and what Thomas meant by his statement.

Speaker's Bio

Tim taught himself how to write software at the age of twelve and has been a die-hard technologist ever since. After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University), Tim spent 8 years helping build a Boston-based information security consulting practice that was recently acquired. In 2014, Tim founded Blindspot Security where he has continued his work as a security consultant, helping his customers understand how digital intruders can gain access to their critical business assets through network, application, and comprehensive security assessments.

Website
Friday
Nov 24, 2017
Hacksgiving @ PASCAL
PASCAL

PASCAL will be hosting the very first annual post-thanksgiving potluck event at the hackerspace this year. There will be good food, board/yard/video games, and great company. So if you've run out of Black Friday sales and are looking to meet up with your computer friends and possibly make some new ones, look no further than Hacksgiving!

Hacksgiving will be a family friendly event. Everyone is welcome and invited. RSVP on meetup. https://www.meetup.com/pascalhackerspace/events/245248296/

• What to bring?

-Potluck food item. (Leftovers are always great!)

-Beverages. (Whatever you like. BYOB.)

-A way to heat or cool your items if needed. (crockpots, hot plates, and anything else that works well indoors.)

• Important to know

We will be providing plates, utensils, cups, a few chafing dishes, and ice. If you are bringing something homemade, please have the recipe or ingredients list handy so we can label allergens accordingly.

Website
Tuesday
Nov 28, 2017
RainSec
Local Celebrity

This is our first meetup at our new venue - see this post.

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Dec 9, 2017
Digital Privacy: Identifying Holiday Scams
Free Geek

Is that holiday deal too good to be true? It just might be. In this special workshop, you’ll learn how to identify and protect yourself from classic online scams like phishing, too-good deals and fake delivery emails.

This workshop will help you understand online threats, how they work, and how to avoid problems. You’ll leave with the tools and resources to navigate the web securely.

Website
Tuesday
Dec 26, 2017
RainSec
Local Celebrity

This is our first meetup at our new venue - see this post.

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Jan 20, 2018
Intermediate Digital Privacy & Safety
Free Geek

You already know a few online safety practices, but you’d like to go further! Learn about encrypted communication, email and mobile privacy, and more. This class provides tools and resources to navigate the web securely.

Website
Tuesday
Jan 23, 2018
OWASP: AppSec Testing Beyond Pen Test
Jama Software (New Office)

Abstract: Most web application security testing efforts are concentrated around penetration testing which is an art based on a hacker’s psyche, thought process, and determination to exploit vulnerabilities. But, does it yield a high level of confidence and sense of security in a developer’s mind? The answer is a “maybe” especially when the bad guy is obsessed with figuring out new exploits to hack your application. The web application developers have to think about intrinsic security - that is, building security throughout the SDLC. We build applications based upon well-formed customer requirements. Why should we not, then, build our applications based upon the fundamental principles of security and then harden security from the hacker’s perspective?

Bio: Principal consultant at Gupta Consulting LLC., Bhushan Gupta is passionate about development methods and tools that yield more secure web applications especially in the agile software development environment. As a researcher he has keen interest in understanding and applying fundamental principles and known methodologies to develop dependable and secure software solutions. His interests extend to Social Engineering and Attack Surface Analysis. Bhushan worked at Hewlett-Packard for 13 years in various roles including software quality lead, engineer, software process architect, and software productivity manager. He then developed a strong interest in web application security while working as a quality engineer for Nike Inc. Bhushan has been studying various facets of web application security and promoting how to apply common sense approach to build secure solutions. He is a certified Six Sigma Black Belt (HP and ASQ) and an adjunct faculty member at the Oregon Institute of Technology in Software Engineering. To learn more about Bhushan’s contributions to SDLC, visit www.bgupta.com

Website
Tuesday
Jan 30, 2018
RainSec
Lucky Labrador Brew Pub

We are returning to Lucky Lab SE for the January meetup

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Feb 17, 2018
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

This workshop is offered every third Saturday of the month. The full title is "Intermediate Digital Privacy & Safety." Class is held in the Free Geek meeting room.

Find all of Free Geek's classes at freegeek.org/education.

Website
Monday
Feb 26, 2018
OWASP February Chapter Meeting : Jon Bottarini on Bug Bounties
Jive Software

Jon Bottarini will be presenting on bug bounties (from both a hacker and a program perspective), common mistakes in the software development lifecycle that make it easier to find bugs, and what developers can do to understand their full attack surface.

Bio:

Jon Bottarini is a Technical Program Manager at HackerOne, where he is responsible for managing the bug bounty programs for the US Department of Defense and other companies looking to leverage talent from hacker-powered security. In his free time he is also a hacker and bug bounty hunter who has reported vulnerabilities to worldwide brands and organizations such as New Relic, Apple, Google, the US Department of Defense, and many more.

Twitter: https://www.twitter.com/jon_bottarini
LinkedIn: http://www.linkedin.com/in/jonbottarini

Website
Thursday
Mar 8, 2018
Portland OWASP - Container Security presentation by Deron Jensen
New Relic

Deron Jensen, manager of the Product Security team at New Relic, will speak about container security!

This presentation will show how the Linux kernel and container technologies can isolate and control the processes to provide a secure, isolated compute system. Docker or other technologies can be used to manage capabilities and securely deploy containers. This will demonstrate vulnerabilities unique to containers, and techniques to break out of vulnerable containers. We will show examples of deploying microservices securely with containers and areas that need further research to allow other applications to run securely in a private or public cloud.

Wednesday
Mar 14, 2018
Automating Security in AWS Cloud
AWS Elemental

AWS customers continue to struggle demonstrating alignment with security, compliance and audit requirements, such as the PCI-DSS. Additionally, many compliance requirements necessitate administrative and operational security controls that lack technical validation.

This workshop is designed to instruct AWS cloud engineers, DevOps team members, security practitioners, and Managed Security Service Providers (MSSP) how to secure and manage regulated customer workloads in AWS. This class will focus on the security of an AWS customer account design (e.g. AWS CIS Foundation Benchmark), security architecture (e.g. AWS CIS 3-Tier Web Benchmark) and security automation leading practices. This workshop is an intermediate to advanced workshop with an emphasis on designing security automation for regulated workloads in AWS (e.g. PCI, DoD, CJIS, HIPAA, DFARs (800-171), FERPA and others).

The result will enable cloud engineers and security practitioners to design, architect and implement automation in an AWS customer account to automatically enforce compliance requirements. It will also enable attendees to document their security governance/audit readiness through integration of AWS Security Partners from our AWS Marketplace and Security Competency Partners and Solutions.

What will I learn in this class?

How to design automation in AWS to enforce security controls and compliance requirements Automate audit findings to accelerate the compliance process Use AWS Partners and Marketplace tools to create more secure and reliable environments Course Objectives:

Establish secure foundational account design and/or remediation of existing customer accounts Configure and manage AWS Security Services with a focus on automation Implement and design security automation services through AWS services and partner solutions Manage, secure and audit the use of AWS services using real-time risk management processes Leverage shared compliance across multiple security frameworks (e.g. PCI, DoD, CJIS, etc.) Learn about and leverage key security partners from the AWS Partner Network (APN) Learn about Container Security, Serverless Architecture, Advanced Encryption, and Auto-Healing in AWS

Website
Anitian and AWS Security Automation in the Cloud Free Workshop
AWS Elemental

FREE all day workshop focused on security automation in the cloud.

AWS customers continue to struggle demonstrating alignment with security, compliance and audit requirements, such as the PCI-DSS. Additionally, many compliance requirements necessitate administrative and operational security controls that lack technical validation.

This workshop is designed to instruct AWS cloud engineers, DevOps team members, security practitioners, and Managed Security Service Providers (MSSP) how to secure and manage regulated customer workloads in AWS. This class will focus on the security of an AWS customer account design (e.g. AWS CIS Foundation Benchmark), security architecture (e.g. AWS CIS 3-Tier Web Benchmark) and security automation leading practices. This workshop is an intermediate to advanced workshop with an emphasis on designing security automation for regulated workloads in AWS (e.g. PCI, DoD, CJIS, HIPAA, DFARs (800-171), FERPA and others).

The result will enable cloud engineers and security practitioners to design, architect and implement automation in an AWS customer account to automatically enforce compliance requirements. It will also enable attendees to document their security governance/audit readiness through integration of AWS Security Partners from our AWS Marketplace and Security Competency Partners and Solutions.

What will I learn in this class?

How to design automation in AWS to enforce security controls and compliance requirements

Automate audit findings to accelerate the compliance process

Use AWS Partners and Marketplace tools to create more secure and reliable environments

Course Objectives:

Establish secure foundational account design and/or remediation of existing customer accounts Configure and manage AWS Security Services with a focus on automation

Implement and design security automation services through AWS services and partner solutions

Manage, secure and audit the use of AWS services using real-time risk management processes Leverage shared compliance across multiple security frameworks (e.g. PCI, DoD, CJIS, etc.)

Learn about and leverage key security partners from the AWS Partner Network (APN)

Learn about Container Security, Serverless Architecture, Advanced Encryption, and Auto-Healing in AWS

REGISTER TODAY, SPACE IS LIMITED

Website
Saturday
Mar 17, 2018
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

You must register via Eventbrite to attend: http://privacyprimer.eventbrite.com

Website
Tuesday
Mar 27, 2018
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Apr 14, 2018
PASCAL Open Day
PASCAL

Join PASCAL on the second Saturday of the month for a day of tours, entertainment and dialogue.

Drop on by if you would like to:

  • Learn more about who PASCAL be, and what do PASCAL
  • Start hacking stuff immediately
  • Learn about current threats and how they work, or
  • Simply mingle and have a relaxing afternoon with Infosec nerds.

Basic concessions will also be available!

Website
Monday
Apr 16, 2018
OWASP Chapter Meeting: Alexei Kojenov on Deserialization Attacks
Cambia Health Solutions

Overview

Insecure deserialization was recently added to OWASP's list of the top 10 most critical web application security risks, yet it is by no means a new vulnerability category. Data serialization and deserialization have been used widely in applications, services and frameworks, with many programming languages supporting them natively. Deserialization got more attention recently as a potential vehicle to conduct several types of attacks: data tampering, authentication bypass, privilege escalation, various injections and, finally, remote code execution. Two recent vulnerabilities in Apache Commons and Apache Struts, both allowing remote code execution, helped raise awareness of this risk.

We will discuss how data serialization and deserialization are used in software, the dangers of deserializing untrusted input, and how to avoid insecure deserialization vulnerabilities.

Speaker

Alexei Kojenov is a Senior Application Security Consultant with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications. Aspect Security was recently acquired by Ernst&Young and joined EY Advisory cybersecurity practice.



The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Saturday
Apr 21, 2018
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

You must register via Eventbrite to attend: http://privacyprimer.eventbrite.com

Website
Using WiFi Securely: What Should I Know?
Free Geek

Learn the essentials of protecting your home wifi network.

You must register on Eventbrite for this class: https://www.eventbrite.com/e/using-wifi-securely-what-should-i-know-tickets-43574848545

Website
Tuesday
Apr 24, 2018
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Thursday
Apr 26, 2018
CNPDX April: Container Security & KataContainers
Puppet

This event is listed on Meetup, please RSVP there if you can: https://www.meetup.com/Cloud-Native-PDX/events/249368520/

First, Chris Foster will share his tips for Security Docker on the Cheap. Better Docker security doesn't have to use expensive tools to achieve. Following a few security practices and using DE built-in features, along with some free, open source tools, can significantly raise the standard. We'll take a look at some things that can bring higher security without breaking the budget.

Next, Eric Ernst will demo KataContainers, a way to combine hardware virtualization with Kubernetes containers for more isolated, secure services without sacrificing startup times. In this talk he'll provide some background on the Kata Containers project and describe how Kata Containers works with CRI-O and Kubernetes. Then, he'll walk you through creating a K8S configuration which uses a mix of runc and Kata containers to secure workloads with varying levels of trust.

Website
Thursday
May 10, 2018
SANS Community Event
Portland City Grill

Join SANS Instructors Brian Ventura and Derek Hill for an evening of conversation regarding Secure configurations - Built-in Security Enhancements and the benefit of the CISSP certification from a hiring manager perspective.

TOPICS 1. In the information security news, we regularly hear about the latest vulnerabilities with recommendations to scramble and patch immediately. This is an important aspect of our industry, however there are other security considerations. Are there configurations we can set now in our systems and software that will protect us? Let's explore secure configurations and see what we find.

  1. The Hiring Manager is looking at your resume – why does CISSP matter? While the CISSP is not the only thing we look at, it is a great starting point. What knowledge does the CISSP provide and how does one prepare for the exam?

Who is Brian Ventura: Brian Ventura is an Information Security Architect by day and SANS instructor by night. Brian volunteers with the Portland ISSA and OWASP chapters, focusing on educational opportunities. For SANS, he regularly teaches CyberDefense courses like the CIS Controls, Risk Management, and Security Essentials. Brian has a Security Essentials (SEC401) course in Portland, June 18-23. Come join in the learning experience!

Who is Derek Hill? Derek Hill has over 25 years of experience in IT and Information Security. He currently manages an Application Security Team, an Infrastructure Security Team (Blue Team) and a Data Privacy Engineering team at HP Inc. in Vancouver, WA. His teams are responsible for ensuring that HP’s internally developed applications are secure as well as the AWS infrastructure that is hosting these applications. Prior to his current position, Derek held IT management and technical roles at both large and small companies. In each role, he has focused on delivering excellent services, uptime and security for all the projects/staff he managed.

Derek holds an MBA from Willamette University and an undergraduate degree in Management Information Systems from Oregon State University. He has various security credentials including a CISSP and multiple GIAC certifications.

DATE: Thursday, May 10, 2018

Registration: 6:30 PM

Presentation: 7 :00 PM - 8:30 PM

RSVP by sending a confirmation email to Shelley Wark-Martyn @ [email protected]

Appetizers and drinks will be served.

We look forward to having you join us.

Website
Saturday
May 12, 2018
PASCAL Open Day
PASCAL

Join PASCAL on Saturday the 12th of May for a day of tours, entertainment and dialogue.
Drop on by if you would like to:

  • Learn more about who PASCAL be, and what do PASCAL
  • Start hacking stuff immediately
  • Learn about current threats and how they work, or
  • Simply mingle and have a relaxing afternoon with Infosec nerds.

Basic concessions will also be available!

Website
Thursday
May 17, 2018
@DAMAPDX Chapter Meeting: All Those Other Important Parts of Data Modeling: Security, Privacy and More
Standard Insurance Center Auditorium

Presented by Karen Lopez, Senior Project Manager and Architect at InfoAdvisors

Abstract

Modern database systems have introduced more support for security, privacy and compliance over the last few years. We expect this to increase as compliance issues such as GDPR and other data compliance challenges arise.

In this session, Karen will be discussing the newer features from a database designers points of view, including:

  • Data Masking
  • End-to-end Encryption
  • Row Level Security
  • New Data Types
  • Data Categorization and Classification

We'll look at the new features, why you should consider them, where they work, where they don't, who needs to be involved in using them, and what changes, if any, need to be made to applications or tools that you support.

Speaker

Karen is a senior data architect with an extensive background in development processes and data management. She specializes in taking practical approaches to solutions development. Karen has helped many IT organizations choose appropriate methods and standards based on the group's culture, experience, and focus. She is an international speaker on modern development and design processes, specializing in engaging, often irreverent presentations on data and career-related topics. She blogs at datamodel.com and can be found on Twitter @datachick.

Cost

Free for Members!

$5 for Students with valid student ID

$15 for Non-Members

See our corporate members at
https://damapdx.wordpress.com/about-damapdx/corporate-members/

Website
Saturday
May 19, 2018
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

You must register via Eventbrite to attend: http://privacyprimer.eventbrite.com

Website
Tuesday
May 22, 2018
OWASP Chapter Meeting - Pen Testing: How to Get Bigger Bang for your Buck
Jama Software (New Office)

Panel Discussion - Join local industry practitioners as they discuss the best practices used in getting superior results from your Pen Testing. Also share your ideas on Dos and Dont's of Pen testing.

Moderator - Brian Ventura

Panelists - Alexie Kojenov, Ian Melven, Benny Zhao, and Scott Cutler

Alexei Kojenov is a Senior Application Security Consultant with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications. Aspect Security was recently acquired by Ernst&Young and joined EY Advisory cybersecurity practice.

Ian Melven is Principal Security Engineer at New Relic. He has worked in security for almost 20 years, including roles at Mozilla, Adobe, McAfee and @stake.

Benny Zhao is a Security Engineer at Jive Software. His experience focuses on identifying code vulnerabilities and securing software by building tools to help automate security testing.

Scott Cutler has been interested in computer security since he was a kid, and started attending DefCon in 2004. He got his Computer Science degree from UC Irvine in 2009 while working for the on-campus residential network department for 4 years. After graduating he worked first as QA for a SAN NIC card manufacturer, then switched to essentially create their DevOps program from scratch. From these jobs he has gained a lot of experience with networking, build processes, Linux/Unix administration and scripting, and Python development. In 2012 Scott began working in the security field full time as a FIPS, Common Criteria, and PCI Open Protocol evaluator for InfoGard Laboratories (now UL Transaction Security). During this time he got his OSCP and a good understanding of federal security requirements, assessment processes, and documentation (ask him about NIST SPs!). In 2015 scott switched over to Aspect Security (now EY) to put his OSCP to good use and became a full-time application security engineer, doing pen-tests as well as developing both internal and external training.

Website
Tuesday
May 29, 2018
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Jun 16, 2018
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Understanding the Internet of Things
Free Geek

What is the Internet of Things (IOT)? How does this emerging technology change our understanding of online privacy and safety? What do we need to know to use and embrace this technology safely? Will our fridges and watches be used to hack into our houses?

Join us at Free Geek for this special workshop!

Website
Monday
Jun 18, 2018
OWASP Portland Chapter Meeting - Machine Learning vs Cryptocoin Miners
WebMD

Machine Learning vs Cryptocoin Miners Description: With the advent of cryptocurrencies as a prevalent economic entity, attackers have begun turning compromised boxes and environments into cash via cryptocoin mining. This has given rise for the opportunity to detect compromised environments by analyzing network traffic logs for evidence of cryptocoin miners. Specifically, I'll be reviewing various ML and statistical analysis techniques leveraged against VPC Flow Logs. This talk will not be a deep dive of the math involved but instead a general discussion of these techniques and why I chose them.

Speaker's Bio: Jonn Callahan is a principal appsec consultant at nVisium. Jonn was previously heavily involved in the OWASP DC and NoVA chapters. He has been working in appsec for half a decade now, initially within the DoD and now commercially with many high-visibility companies. Recently, Jonn has been digging into ML to find ways to bridge it and the security industry in an intelligent and usable fashion.

Website
Senator Wyden's Work on Privacy
Northwest Academy

Learn about what Senator Ron Wyden and his team are doing to protect your privacy! Grace Stratton (from Sen. Wyden's local office) will be at the meeting, and Chris Soghoian (from the DC office) will join us remotely, and they'll discuss the following topics:

  • Surveillance: including stingrays, cell phone tracking by law enforcement, border searches of laptops and phones.

  • Cybersecurity: how to stay safe online and what Senator Wyden is doing to make sure that Oregonians are more secure from hackers.

  • Consumer privacy: Facebook, Cambridge Analytica, etc.

Join us for a great presentation and discussion! We'll have snacks, and there will be an opportunity for networking afterwards. We hope to see you there!

Schedule:

  • 6:00 PM: Doors

  • 6:10 PM: Introductions and news

  • 6:15 PM: Presentation

  • 7:15 PM: Q&A

  • 7:30 PM: Wrap up and networking

Speaker bios:

Grace Stratton is Senator Wyden’s Multnomah County Field Representative and focuses on all issues related to this region.

Chris Soghoian is a TechCongress Fellow in Senator Wyden’s Washington DC office and focuses on Cybersecurity and Surveillance policy.

By attending this TA3M meeting, you agree to follow our Code of Conduct: https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/

{short} Code of Conduct Portland's Techno-Activism 3rd Mondays is dedicated to providing an informative and positive experience for everyone who participates in or supports our community, regardless of gender, gender identity and expression, sexual orientation, ability, physical appearance, body size, race, ethnicity, age, religion, socioeconomic status, caste, or creed.

Our events are intended to educate and share information related to technology and activism, and anyone who is there for this purpose is welcome. Because we value the safety and security of our members and strive to have an inclusive community, we do not tolerate harassment of members or event participants in any form.

Audio and video recording are not permitted at meetings without prior approval.

Our Code of Conduct (https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/) applies to all events run by Portland's TA3M. Please report any incidents to the event organizer.

Website
Wednesday
Jun 20, 2018
CNPDX June: Oauth All The Things
Mozilla

Please RSVP to this event via Meetup.com if you have an account there!

For June's meetup, we're talking about a technology/API that everyone designing microservices will need to deal with sooner or later: OAuth. Or speaker is Aaron Parecki of Okta.

"The OAuth 2.0 authorization framework has become the industry standard in providing secure access to web APIs. OAuth allows users to grant external applications access to their data, such as profile data, photos, and email, without compromising security. However, OAuth can be intimidating when first starting out. In this talk, Aaron Parecki will break down the various OAuth workflows and provide a simplified overview of the framework, highlighting a few typical use cases."

We will also have a brief update on what's coming in Kubernetes 1.11, by Josh Berkus of Red Hat.

This meetup is hosted and sponsored by Mozilla!

Website
Tuesday
Jun 26, 2018
RainSec
Lucky Labrador Brew Pub

RainSec is an informal group of like-minded security professionals who meet to discuss topics of interest in a non-work, non-vendor setting. Preferably while drinking just enough to forget our day jobs.

While this is a public event open to any interested parties, our target audience is experienced information security professionals.

Follow @PDXRainSec for updates.

This event is also on meetup.com. Invite your friends!

Website
Saturday
Jun 30, 2018
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Thursday
Jul 12, 2018
Online Safety & Privacy for Beginners
Free Geek

From high-profile data breaches to advertising that follows you around the Internet… There are plenty of reasons to be concerned about digital safety and privacy.

This introductory class will help you understand online privacy and security threats, how they work, and how to avoid problems. You'll leave with a toolkit of resources for staying safe online.

Website
Friday
Jul 13, 2018
Galois Tech Talk: Vellvm -- Verifying the LLVM
Galois Inc

Abstract: In this talk, I’ll give a high-level overview of Penn’s Vellvm (Verified LLVM) project, which aims to build formal semantics in Coq for the LLVM IR. I’ll sketch some of our past results, in which we verified memory safety transformations and a variant of LLVM’s mem2reg optimization, focusing on the structure of the proof techniques. Along the way, I’ll highlight some of the challenges of reasoning about LLVM code (many of which are still open issues). I’ll wrap up with a status report about our ongoing efforts to re-engineer Vellvm as part of the DeepSpec NSF Expeditions project.

No experience with LLVM or Coq will be assumed.

Bio: I study programming languages and computer security. I have wide-ranging interests, and some of my most recent work touches on: Coq verification of LLVM program transformations and randomized algorithms, type-directed program synthesis, linear types and GUI programming. I have also spent a lot of time thinking about language-based enforcement of information-flow policies, low-level code memory safety, understanding dynamic security policies, and authorization logic. I am also interested in secure concurrent and distributed computing, functional programming languages, type theory, linear and modal logics, theorem proving and mechanized metatheory.

Website
Monday
Jul 16, 2018
OWASP Portland Chapter Meeting - OAuth 2.0 Simplified
NWEA

OAuth 2.0 Simplified: The OAuth 2.0 authorization framework has become the industry standard in providing secure access to web APIs. OAuth allows users to grant external applications access to their data, such as profile data, photos, and email, without compromising security. However, OAuth can be intimidating when first starting out. In this talk, Aaron Parecki will break down the various OAuth workflows and provide a simplified overview of the framework, highlighting a few typical use cases for web apps, mobile apps and browserless devices.

Speaker's Bio: Aaron Parecki is a developer advocate at Okta, and maintains oauth.net. He's the co-founder of IndieWebCamp, a yearly unconference focusing on data ownership and online identity, and is the editor of the W3C Webmention and Micropub specifications.

Website
Saturday
Jul 21, 2018
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Thursday
Aug 9, 2018
OWASP Portland Chapter Meeting - Security Internships: Bringing up the next generation of hackers
New Relic

Anna Lorimer will present Security Internships: Bringing up the next generation of hackers

Software engineering internships are increasingly popular and are becoming an integral part of career development for newcomers to the tech scene.They’re also valuable to any organization because they give senior engineers the opportunity to pass on knowledge and make it easier to find full time hires down the road. While there’s plenty of information about how to run a software engineering internship, the same can’t be said for security internships. In this talk I’ll discuss how security internships differ from regular software engineering internships, how to find interns, and how to structure internships to set up both your organization and the intern(s) for success.

Bio:

Anna Lorimer is an undergraduate student studying math and computer science at the University of Waterloo in Waterloo, Canada. She’s done 5 internships over the course of her undergraduate career and is currently doing her sixth with New Relic’s Product Security Team in Portland. She is also the co-founder of StarCon, a technology conference focused on the joy of technology and building a community around sharing technical knowledge.

Saturday
Aug 11, 2018
Understanding the Internet of Things
Free Geek

What is the Internet of Things (IOT)? How does this emerging technology change our understanding of online privacy and safety? What do we need to know to use and embrace this technology safely? Will our fridges and watches be used to hack into our houses?

Join us at Free Geek for this special workshop!

Website
Home Networking & Wi-Fi Security Workshop
Free Geek

Learn the essentials of protecting your home network. This class will journey from the basics to advanced networking. Feel free to bring your own computer.

Website
Saturday
Aug 18, 2018
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Monday
Aug 20, 2018
Digital Forensics
Northwest Academy

News today is thick with stories of government agencies trying to find digital evidence of wrongdoing: interrogating mobile phones for evidence, tracing emails to find a stalker or looking at a killer’s search history to discover motives. Digital forensic analysis now plays a pivotal role in both corporate and legal investigations. However, few outside of the industry understand the intricacies involved in a forensic undertaking — the capabilities and limitations of the forensics investigative process, the role of the digital forensic investigator or the extent of the laws governing these actions.

In this session, Tiberius Hefflin, Founder of Go Boldly, will delve into the basics of digital forensics. Attendees will learn what digital forensics draws from forensic science, how the law informs what a forensic investigator is ethically able to do, the many uses of digital forensics, evidence collection methods, anti-forensics methods, what the incident response process should look like and how they can maintain crime scene integrity until investigators can carry out an assessment.

While the subject is dense and could certainly be expanded, this introduction is aimed at those new to digital forensics with the goal of providing a solid foundational understanding which can be built upon with self directed learning.

Trigger Warning: Violent Crime, Child Abuse, Murder

While the talk will not cover these topics in great detail, Tiberius Hefflin will be discussing real crimes that have been solved due to digital forensics.

Join us for a great presentation and discussion! We'll have snacks, and there will be an opportunity for networking afterwards. We hope to see you there!

Schedule: 6:00 PM: Doors 6:10 PM: Introductions and news 6:15 PM: Presentation 7:15 PM: Q&A 7:30 PM: Wrap up and networking

Speaker bio:

Tibbs graduated from the University of the West of Scotland with a degree in computer security. She has since relocated to Portland, OR, where she evangelizes for privacy and security while doing Open Source Security Research at a large blue chip company. She is passionate about creating opportunity for diversity in the InfoSec community, teaching InfoSec best practices to average computer users, encouraging small children to learn more about STEM topics and about laughing at cats on the internet.

By attending this TA3M meeting, you agree to follow our Code of Conduct: https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/

{short} Code of Conduct Portland's Techno-Activism 3rd Mondays is dedicated to providing an informative and positive experience for everyone who participates in or supports our community, regardless of gender, gender identity and expression, sexual orientation, ability, physical appearance, body size, race, ethnicity, age, religion, socioeconomic status, caste, or creed.

Our events are intended to educate and share information related to technology and activism, and anyone who is there for this purpose is welcome. Because we value the safety and security of our members and strive to have an inclusive community, we do not tolerate harassment of members or event participants in any form.

Audio and video recording are not permitted at meetings without prior approval.

Our Code of Conduct (https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/) applies to all events run by Portland's TA3M. Please report any incidents to the event organizer.

Website
Monday
Sep 17, 2018
Newsroom Security in the US and Abroad
Northwest Academy

In the past decade, media organizations and newsrooms have become high value targets for digital attacks. Whether it is governments purchasing spyware to illegally surveil reporters in the diaspora, like the government of Ethiopia has been caught doing twice, or information campaigns to discredit news sources, newsrooms have become targets of government 'cyber warfare'.

Norman Shamas will lead a conversation on some of the current threats and the state of security in newsrooms in the US and around the globe (primary focus on South Africa) followed by a conversation on a new training guide for US-based newsrooms([1]), which Norman helped write.

This month's TA3M will be interactive and an open discussion. If you are interested in walking through any of the modules during the meeting, please post a comment in the discussion or send the organizer a message through Meetup.

[1] https://the-field-guide-to-security-training-in-the-newsroom.readthedocs.io/en/latest/

Schedule: 6:00 PM: Doors 6:10 PM: Introductions and news 6:15 PM: Presentation 7:15 PM: Q&A 7:30 PM: Wrap up and networking

Speaker bio:

Norman Shamas is an activist and educator whose work focuses on human-centered information and digital security and privacy.

By attending this TA3M meeting, you agree to follow our Code of Conduct: https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/

{short} Code of Conduct Portland's Techno-Activism 3rd Mondays is dedicated to providing an informative and positive experience for everyone who participates in or supports our community, regardless of gender, gender identity and expression, sexual orientation, ability, physical appearance, body size, race, ethnicity, age, religion, socioeconomic status, caste, or creed.

Our events are intended to educate and share information related to technology and activism, and anyone who is there for this purpose is welcome. Because we value the safety and security of our members and strive to have an inclusive community, we do not tolerate harassment of members or event participants in any form.

Audio and video recording are not permitted at meetings without prior approval.

Our Code of Conduct (https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/) applies to all events run by Portland's TA3M. Please report any incidents to the event organizer.

Website
Tuesday
Sep 18, 2018
OWASP Portland Chapter Meeting - SAST and the Bad Human Code Project
Simple 120 SE Clay St Floor 2, Portland, OR 97214

SAST and the Bad Human Code Project

Static application security testing (SAST) is the automated analysis of source code both in its text and compiled forms. Lint is considered to be one of the first tools to analyze source code and this year marks its 40th anniversary. Even though it wasn't explicitly searching for security vulnerabilities back then, it did flag suspicious constructs. Today there are a myriad of tools to choose from both open source and commercial. We’ll talk about things to consider when evaluating web application scanners then turn our attention to finding additional ways to aggregate and correlate data from other sources such as git logs, code complexity analyzers and even rosters of students who completed secure coding training in an attempt to build a predictive vulnerability model for any new application that comes along. We’re also looking for people to contribute to a new open source initiative called “The Bad Human Code Project.” The goal is to create a one-stop corpus of intentionally vulnerable code snippets in as many languages as possible.

Speaker's Bio: John L. Whiteman is a web application security engineer at Oregon Health and Science University. He builds security tools and teaches a hands-on secure coding class to developers, researchers and anyone else interested in protecting data at the institution. He previously worked as a security researcher for Intel's Open Source Technology Center. John recently completed a Master of Computer Science at Georgia Institute of Technology specializing in Interactive Intelligence. He loves talking with like-minded people who are interested in building the next generation of security controls using technologies such as machine learning and AI.

Saturday
Sep 22, 2018
Using WiFi Securely: What Should I Know?
Free Geek

Do you use wi-fi? Probably. Most people do! But do you use wi-fi in a secure way? ¯_(ツ)_/¯ How can you tell? In this Free Geek workshop, learn how to use wi-fi securely when in public, and the essentials of protecting your home wi-fi network.

Website
Wednesday
Oct 3, 2018
OWASP Portland 2018 Training Day
World Trade Center

For the third year in a row, the Portland OWASP chapter is proud to host our information security training day! This is be an excellent opportunity for those interested to receive top quality information security and application security training for prices far lower than normally offered. It's also a great chance to network with the local infosec community and meet those who share your interests.

OWASP Portland 2018 Training Day will be October 3, 2018.

Courses Courses will be held in two tracks: four in the morning session, and four in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each.

The Portland OWASP chapter is hosting its 3rd annual training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community. For more information, see the main event page.

Courses are held in four tracks: four in the morning session, and four in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each!

NOTE: If you see that a course is sold out, then it is unlikely we will have any additional seats in that course. You can email ian DOT melven AT owasp.org OR benny DOT zhao AT owasp.org OR bhushan DOT Gupta AT owasp.org to request being added to the waiting list. Please be sure to specify which class(es) you want to be added to the wait list for.

OWASP Portland 2018 Training Day will be October 3, 2018. This year we'll be located at:

World Trade Center Portland 121 SW Salmon St. Portland, OR 97204. Later in the evening, a social mixer will also be held at Rock Bottom Restaurant & Brewery, just a short walk away:

206 SW Morrison St Portland, OR 97204

Time Activity 8:00 AM - 8:30 AM Morning Registration and Continental Breakfast 8:30 AM - 12:00 PM Intro to Hacking Web 3.0 (Mick Ayzenberg)

Introduction to Computer Forensics (Kris Rosenberg)

Intro to Practical Internal Vulnerability Scanning (Patterson Cake)

Incident Handling in Cloud Environment - a primer (Derek Hill)

12:00 PM - 1:30 PM Lunch on your own - Meet a new friend and grab a bite!

1:00 PM - 1:30 PM Afternoon Registration (for those attending only in the afternoon)

1:30 PM - 5:00 PM Advanced Application Security Testing (Timothy Morgan)

AppSec Testing Beyond Pen Test (Bhushan Gupta)

Applied Physical Attacks on Embedded Systems, Introductory Version (Joe FitzPatrick)

Advanced Custom Network Protocol Fuzzing (Joshua Pereyda)

5:00 PM - 7:30 PM Evening Mixer @ Rock Bottom Restaurant and Brewery

Want to get news and information on our 2018 Training Day? Subscribe to the Portland OWASP mailing list or follow @PortlandOWASP on Twitter!

Website
ACT-W Evenings
CENTRL east

ACT-W (Advancing the Careers of Tech Women) PDX Evenings are events hosted on the 1st Wednesday of the month intended to bring women and allies in technology together for a night of local inspiration!

Every ACT-W PDX Evening will feature a local leader in the women in tech community and offers the opportunity for you to authentically connect with others in the Portland tech community. This event is hosted in the lobby of CENTRL Office Eastside from 5:30-7:30pm, with the talk beginning at 6:15pm and networking before and after. Drinks and appetizers will be served.

Our October ACT-W PDX Evening will feature Maigen Thomas, Chief Motivational Officer of Empowered Women in Tech and UX Designer for Compli, who will share her personal story of pivoting from being a Flight Attendant to Full Stack Developer to UX Designer. Her talk will focus on actionable ways you can get and stay radically motivated to reach your long term goals.

Please make sure you have read and agree to the ACT-W Code of Conduct! (http://www.act-w.org/about-act-w/conduct/)

Website
Saturday
Oct 13, 2018
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Monday
Oct 15, 2018
Election security: How hackable are Oregon's vote scanners?
Northwest Academy

As Oregonians know, our state has a mail-in voting system, where all ballots are cast either by mail or by dropping them into collection boxes available throughout the area. But, what happens to your ballot after election workers pick it up, and how do you know that your vote will actually be counted?

Sheila Golden has researched the use of optical scanners in scanning our ballots and will report her findings as to the accuracy of the scanners and the results of the vote tally systems. She'll also update us on the current status of legislative efforts to ensure valid election results in the state of Oregon.

Join us for a great presentation and discussion! We'll have snacks, and there will be an opportunity for networking afterwards. We hope to see you there!

Schedule: 6:00 PM: Doors 6:10 PM: Introductions and news 6:15 PM: Presentation 7:15 PM: Q&A 7:30 PM: Wrap up and networking

Speaker bio:

Sheila Golden is an activist focusing on election integrity, civil liberties/immigrant rights, and climate justice. She works with the ACLU, 350PDX, and currently, Sen. Lew Frederick.

By attending this TA3M meeting, you agree to follow our Code of Conduct: https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/

{short} Code of Conduct Portland's Techno-Activism 3rd Mondays is dedicated to providing an informative and positive experience for everyone who participates in or supports our community, regardless of gender, gender identity and expression, sexual orientation, ability, physical appearance, body size, race, ethnicity, age, religion, socioeconomic status, caste, or creed.

Our events are intended to educate and share information related to technology and activism, and anyone who is there for this purpose is welcome. Because we value the safety and security of our members and strive to have an inclusive community, we do not tolerate harassment of members or event participants in any form.

Audio and video recording are not permitted at meetings without prior approval.

Our Code of Conduct (https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/) applies to all events run by Portland's TA3M. Please report any incidents to the event organizer.

Website
Saturday
Oct 20, 2018
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Data Privacy
Free Geek

Join us for an important online safety workshop. Have you ever wondered what Cambridge Analytica is or why it matters? Or what does a company (like facebook or fitbit) do with your data? Where does it go? Who owns it? In this class we will discuss the importance of Data Privacy. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Thursday
Nov 8, 2018
OWASP Portland Chapter Meeting - OWASP Juice Shop!
New Relic

The Portland Chapter of the Open Web Application Security Project (OWASP) will be hosting an introduction to OWASP Juice Shop [https://github.com/bkimminich/juice-shop]. OWASP Juice Shop is an intentionally insecure web application for security trainings written entirely in JavaScript which encompasses the entire OWASP Top Ten [https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project] and other severe security flaws. The session will provide a top level overview of the Juice Shop playground and how to get started with it, as well as an opportunity for attendees to team up to teach and learn from each other in a fun Capture The Flag competition.

David Quisenberry (@dmqpdx16) will be facilitating the session. He's a developer with Daylight Studio and explorer of application security issues.

Website
Wednesday
Nov 14, 2018
ACT-W Career Advance at iovation
Iovation

ACT-W (Advancing the Careers of Tech Women) Career Advance is designed to share tangible job search skills for women and allies in technology. We partner with local technology companies to provide interview tips, resume coaching, professional headshot photos and introduce you to hiring managers. Whether you are simply curious about technology careers or looking for a senior role, Career Advance will help you grow your career in an inclusive environment.

Join us on November 14th from 5:30 pm to 7:30 pm at iovation. iovation develops software to help companies fight fraud and ensure their customers have a seamless experience. They are currently hiring for roles in engineering, information technology, sales, marketing and more. Please join us for an evening to learn more about iovation and to visit many career advancement themed tables that are listed below:

Interview Tips Resume Tips Headshot Photography Service Reliability Engineering Roles Security Analyst Roles Marketing Roles Sales Roles

Agenda

5:30-6:00 Networking 6:00-6:15 Welcome from ACT-W and Iovation 6:15-7:30 Rotation to different Career Advance tables including: Service Reliability Engineering Roles, Security Analyst Roles, Marketing Roles, Sales Roles, Interview Tips, Resume Tips, Headshot Photography.

Please make sure you have read and agree to the ACT-W Code of Conduct!

FAQs

Who should attend? People of all genders interested in learning job skills in technology! Men, nonbinary people, trans people, and women are all welcome.

Is the event 21+? No, minors are welcome to attend.

Is the venue ADA accessible? Yes, elevators are located in the lobby.

Are there gender-neutral bathrooms? Yes, they are located in the hallway.

Website
Thursday
Dec 6, 2018
OWASP Portland Chapter Meeting
Jama Software (New Office)

Interested in web application security? OWASP is for you. The Open Web Application Security Project aims to improve the security of software. Portland has a vibrant chapter and this is our regular chapter meeting.

Unfortunately, our speaker this month has come down with laryngitis so we're going to be showing a few of the talks from this year's AppSecUSA conference with pizza. To vote on which talk you would be interested in viewing go to this tweet

Website
Saturday
Dec 8, 2018
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Saturday
Dec 15, 2018
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Digital Holiday Safety
Free Geek

Is the gingerbread man after your dough? Is Rudolph after your bucks?

Join us for a workshop to learn to keep you and yours safe this holiday season. Scammers don't take holidays off—whether you are gift shopping online or receive suspicious email for Holiday Dealz, we all need this information. Join us to learn how to protect yourself. Everyone is welcome. Come learn with Free Geek!

Website
Wednesday
Jan 9, 2019
OWASP Portland Chapter Meeting - Docker Security
New Relic

Docker has become a very popular tool for deploying server applications. It aims to solve many problems with dependency management and drift between development and production environments, and make it easy for developers to deploy their software quickly.

This talk is about how to use all of this wonderful convenience for evil. It will cover Docker containers and how they work (and how to infect them with malware), some services commonly used in Docker infrastructure and how to find and exploit them, and some Docker-specific post-exploitation strategies. It will also cover best practices for mitigating and detecting attacks on your Docker infrastructure and how to create a healthy security culture among your Docker engineers.

Josh is a Linux security practitioner and developer based in Portland, Oregon. He works as a security engineer at New Relic, where he builds security visibility tools, breaks SaaS software, and helps developers build secure infrastructure.

Website
Saturday
Jan 19, 2019
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Understanding the Internet of Things
Free Geek

What is the Internet of Things (IOT)? How does this emerging technology change our understanding of online privacy and safety? What do we need to know to use and embrace this technology safely? Will our fridges and watches be used to hack into our houses?

Join us at Free Geek for this special workshop!

Website
Saturday
Jan 26, 2019
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Thursday
Feb 14, 2019
ISSA Portland Annual Hackathon
Salesforce

Calling all hackers! Join ISSA Portland on Thursday, February 14th at Salesforce in Hillsboro for our annual half-day Hackathon! We're teaming up with Security Innovation to provide an immersive, hands-on experience with challenges for hackers of all skill levels.

Amazon gift cards awarded for...

  • Highest score - $100
  • Runner up - $50
  • Hardest vulnerability found - $50
  • First vulnerability found - $25

Event cost $10-$30, morning pastries/coffee and lunch included and catered by Salesforce (great food, good variety, vegan and gluten free options available). Open to members and non-members of ISSA. Questions? Email secretary[at]portland.issa.org

Register on Eventbrite: https://www.eventbrite.com/e/issa-portland-february-symposium-12-day-hackathon-tickets-54982346679

Website
Wednesday
Feb 20, 2019
Website / Internet Security for Small Organizations
Northwest Academy

Please note that this meeting is on the 3rd WEDNESDAY this month because of the President's Day holiday on Monday!

Last year, KBOO suffered a website breach/hack from cryptocurrency miners. Jenka Soderberg and Gaba Rodriguez will share the lessons they learned from the attack and will offer tips on how you can better secure your website and/or online presence. Most smaller organizations, such as radio stations, non-profits, and small businesses, often depend on just one or two people to maintain their sites. This can be both a good and bad thing. As a result of the breach, Jenka, Gaba, and other KBOO personnel learned some techniques to lock everything down and keep their systems secure — even with limited resources!

Join us for a great presentation about their experience along with a discussion of ways to help you prevent a hack of your own systems! We'll have snacks, and there will be an opportunity for networking afterwards. We hope to see you there!

Schedule:

6:00 PM: Doors

6:10 PM: Introductions and news

6:15 PM: Presentation

7:15 PM: Q&A

7:30 PM: Wrap up and networking

Speaker bios:

Jenka Soderberg is the Web/New Media Coordinator at KBOO Community Radio. She studied International Affairs at Georgetown University and Peace Studies at the Bancaixa Institute for Justice and Peace in Spain. She joined KBOO in 2007, after helping to organize Indymedia Centers around the world to provide an open publishing platform for activists.

Gaba Rodriguez has been a software engineer for almost 20 years. She founded DATA, an open data non-profit in South America, helped start and implement the open contracting data standard in Mexico City, and worked with the Coral Project: building tools and guides to improve community spaces around journalism online. She currently works at the Tor Project.

By attending this TA3M meeting, you agree to follow our Code of Conduct: https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/

{short} Code of Conduct: Portland's Techno-Activism 3rd Mondays is dedicated to providing an informative and positive experience for everyone who participates in or supports our community, regardless of gender, gender identity and expression, sexual orientation, ability, physical appearance, body size, race, ethnicity, age, religion, socioeconomic status, caste, or creed.

Our events are intended to educate and share information related to technology and activism, and anyone who is there for this purpose is welcome. Because we value the safety and security of our members and strive to have an inclusive community, we do not tolerate harassment of members or event participants in any form.

Audio and video recording are not permitted at meetings without prior approval.

Our Code of Conduct: (https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/) applies to all events run by Portland's TA3M. Please report any incidents to the event organizer.

Website
Tuesday
Feb 26, 2019
Portland OWASP Chapter Meeting - Building a Security Program From Nothing with Kendra Ash
Vacasa

Companies are starting to build security programs with no prior experience as awareness about cyber threats increases. Often this is at a later stage when the company has a fully staffed engineering team and accumulated security debt. This talk is about how to build a security program from nothing using stakeholder analysis and risk assessments to help prioritize remediation efforts and avoid getting overwhelmed. A healthy and effective security program relies on building relationships throughout the company, enlisting security champions, and leveraging tooling and automation as effectively as possible. Kendra Ash will be sharing some of the lessons learned on our journey building a security program from scratch over the last several months.

Kendra Ash (@securelykash) is an information security engineer at Vacasa, actively building a security team and program by leveraging guidance from her network and industry standards.

Website
Saturday
Mar 9, 2019
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Tuesday
Mar 12, 2019
Portland OWASP - Breaching the Cyber Security Job Industry with Ryan Krause
Simple 120 SE Clay St Floor 2, Portland, OR 97214

Breaching the Cyber Security Job Industry

Despite the growing popularity of the cyber security industry, many job hunters still find it challenging to break into the field. With numerous entry-level cyber security jobs requiring one, two, or sometimes even three years of security-related experience, how are inexperienced applicants supposed to get their foot in the door?

This talk will discuss some of the challenges that potential employees face while looking for careers in the cyber security industry. It will explore potential career paths for new high school and college graduates, mid-career employees with a technical background, as well as mid-career employees with no technical background. The discussion will also focus on ways to help position yourself for success in the industry, touching on security internships, university diplomas, industry certificates, Portland-based security meetings, and self-study resources.

Ryan Krause is a penetration tester based in the Portland, Oregon area. He has worked in various areas of the security field for the past 11 years for companies such as HP, eEye Digital Security/BeyondTrust, and Comcast with a primary focus on application security and development. He is currently a consultant at NetSPI where he performs web and network penetration tests and assists clients with reducing their overall security exposure.

Website
Saturday
Mar 16, 2019
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Data Privacy
Free Geek

Join us for an important online safety workshop. Have you ever wondered what Cambridge Analytica is or why it matters? Or what does a company (like facebook or fitbit) do with your data? Where does it go? Who owns it? In this class we will discuss the importance of Data Privacy. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Wednesday
Apr 10, 2019
Portland OWASP - OWASP Top Ten For Javascript Developers with Lewis Ardern
New Relic

OWASP Top 10 for JavaScript Developers

The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications.

With the release of the OWASP TOP 10 2017 we saw new issues rise as contenders of most common issues in the web landscape. Much of the OWASP documentation displays issues, and remediation advice/code relating to Java, C++, and C#; however not much relating to JavaScript. JavaScript has drastically changed over the last few years with the release of Angular, React, and Vue, alongside the popular use of NodeJS and its libraries/frameworks. This talk will introduce you to the OWASP Top 10 explaining JavaScript client and server-side vulnerabilities.

Lewis Ardern is a Senior Security Consultant at Synopsys. His primary areas of expertise are in web security and security engineering. Lewis enjoys creating and delivering security training to various types of organizations and institutes in topics such as web and JavaScript security. He is also the founder of the Leeds Ethical Hacking Society and has helped develop projects such as bXSS (https://github.com/LewisArdern/bXSS) and SecGen (https://github.com/cliffe/secgen).

Website
Saturday
Apr 13, 2019
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Monday
Apr 15, 2019
City of Portland Privacy and information protection principles
Northwest Academy 1208 SW 13th Ave, 2nd floor Portland, OR

Note: Doors will be monitored for access until 6:20 PM. If you arrive later, please post a note to the meeting page on Meetup, and we'll work to respond and let you in.

Cities around the world are using data to become more efficient and to better meet the needs of their residents. The problem, though, is that as more and more information is gathered, cities may be inadvertently surveilling their populations. Additionally, improper storage and handling of collected data can lead to theft or other losses. The good news is that the City of Portland is working to protect your data and your privacy!

Hector Dominguez, the Open Data Coordinator at Smart City PDX, within Portland's Bureau of Planning and Sustainability, is working with other city groups, and even groups from other cities, to determine the best policies and practices for privacy and data protection in Portland. The result of their work is a set of privacy and information principles to be approved by Portland City Council and then implemented as citywide policy.

In this interactive presentation, Hector will review the privacy and information principles as well as the impacts on both city services and the various communities within the city.

Join us for a great presentation and discussion about privacy in Portland, how the privacy and information principles will affect you, and how you can help! We'll have snacks, and there will be an opportunity for networking afterwards. We hope to see you there!

Schedule:

6:00 PM: Doors

6:10 PM: Introductions

6:15 PM: Presentation

Speaker bio:

Hector Dominguez is the Open Data Coordinator at the City of Portland. In 2009, Portland became the first city in the United States to adopt an Open Data Resolution to encourage the expansion of the technological community by promoting open data and partnerships between City government and the public, private and nonprofit sectors, academia, and labor.

By attending this TA3M meeting, you agree to follow our Code of Conduct: https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/

{short} Code of Conduct Portland's Techno-Activism 3rd Mondays is dedicated to providing an informative and positive experience for everyone who participates in or supports our community, regardless of gender, gender identity and expression, sexual orientation, ability, physical appearance, body size, race, ethnicity, age, religion, socioeconomic status, caste, or creed.

Our events are intended to educate and share information related to technology and activism, and anyone who is there for this purpose is welcome. Because we value the safety and security of our members and strive to have an inclusive community, we do not tolerate harassment of members or event participants in any form.

Audio and video recording are not permitted at meetings without prior approval.

Our Code of Conduct (https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/) applies to all events run by Portland's TA3M. Please report any incidents to the event organizer.

Website
Saturday
Apr 20, 2019
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Using WiFi Securely: What Should I Know?
Free Geek

Do you use wi-fi? Probably. Most people do! But do you use wi-fi in a secure way? ¯_(ツ)_/¯ How can you tell? In this Free Geek workshop, learn how to use wi-fi securely when in public, and the essentials of protecting your home wi-fi network.

Website
Wednesday
Apr 24, 2019
Hackboat (Hackers on a Boat!)
Portland Spirit Dock

FAQ:

WTF is an unconference? There will be talks, but no formal CFP. Registrants will be asked for potential speaking topics, and we will likely set up some voting mechanism closer to the event to decide which speaking topics will get time on the mic.

Does this cost money? Yes, $100 for a regular ticket, and premium tickets up to $500.

Will there be a free hat? Yes, free hat! (for paying attendees only)

What hours will the boat be cruising? Time on the water has not been 100% finalized, but will likely be around 11am-3pm, with a couple hours docked on both ends where you can hang out on the boat.

How do I get on the boat? The boat will be docked by the Salmon Street Springs fountain on the Portland waterfront.

Food? Lunch buffet provided.

Drinks? There will be a bar.

Internet? There will be internet, but it will be boat internet.

Is this an infinitely sized boat? No, there will a limit of 100 people on this boat.

How much money are you making from this? Ticket costs are structured to just almost cover costs. No one is making money from any of this.

Can I register with my 31337 h4x0r alias? Sorry, due to strict boat law, your legal name will need to match the boat manifest.

Are you sure this is a good idea? Too late to back out now. We have the boat, so it's happening either way.

This FAQ is boring, is there a better one I can read? The official boat FAQ can be found here: https://www.portlandspirit.com/faq.php

Website
Saturday
May 4, 2019
Using WiFi Securely: What Should I Know?
Free Geek

Do you use wi-fi? Probably. Most people do! But do you use wi-fi in a secure way? ¯_(ツ)_/¯ How can you tell? In this Free Geek workshop, learn how to use wi-fi securely when in public, and the essentials of protecting your home wi-fi network.

Website
Saturday
May 11, 2019
Using WiFi Securely: What Should I Know?
Free Geek

Do you use wi-fi? Probably. Most people do! But do you use wi-fi in a secure way? ¯_(ツ)_/¯ How can you tell? In this Free Geek workshop, learn how to use wi-fi securely when in public, and the essentials of protecting your home wi-fi network.

Website
Tuesday
May 14, 2019
Portland OWASP - InfoSec and AppSec: Recruiting, Interviewing, Hiring Q&A
Zapproved

Following up Ryan Krause's talk on breaking into the cybersecurity industry, May's chapter meeting hosted by Zapproved will offer attendees an opportunity to hear from hiring managers and InfoSec/AppSec leaders on what they look for in hiring for their roles and thoughts on career progression. Attendees will have ample opportunity to ask questions and engage our panel.

Panel:

Zefren Edior - Umpqua Bank

Zefren currently works at Umpqua Bank, and he is the Information Security Assurance Lead. He has 10 plus years of experience in IT operations, information security, risk management, compliance and audit. He mentors and advises students, who have worked at public accounting firms, big tech companies, and startups. He is passionate about technology, cybersecurity, and helping people align their knowledge, skills, and abilities to achieve personal and professional growth.

Patterson Cake - Haven Information Security / PeaceHealth

Patterson has been in information technology for over 20 years, focusing on security for the past several years in offensive, defensive and leadership roles. He is the founder of Haven Information Security, an instructor for SANS, and the Principal Cybersecurity Engineer for PeaceHealth.

Josha Bronson - Bronsec

Josha is a founder at bronsec, working with clients big and small on all aspects of security. Former security team founder at yammer.

Sam Harwin - Salesforce

Sam leads a technical team of security engineers that assess a wide variety of Enterprise facing infrastructure for the organization. They focus on performing technical security testing, risk assessments, and providing business risk guidance on a wide variety of infrastructure technologies such as operating systems (Mac, Linux, Windows, iOS, Android), devices (mobile, embedded technologies, IOT), networks (wired, wireless, cloud), and applications (endpoint, mobile, public cloud).

Philip Jenkins - Zapproved

Philip is director of compliance and IT at Zapproved. He has over 20 years’ experience in IT security, network management, system engineering, and IT processes. His past experience includes Director of Security at Jama Software and CISO at Strands Finance. Philip holds his CISSP and CISM certifications and is a recognized leader in information security. He is active in (ISC)2, ISACA, OWASP, InfraGard, and ISSA.

Website
Saturday
May 18, 2019
Intro to Social Engineering
Free Geek

This class is designed to teach you how to recognize and safely avoid scams. By the end of this class, students will have an understanding of:

  • What social engineering is
  • How to detect scams
  • The importance of strong passwords

This class is ideal for anyone who is comfortable using a computer for email, and web browsing, but concerned about online safety.

Website
Monday
May 20, 2019
Artificial Intelligence and the “Barrier of Meaning”
Northwest Academy 1208 SW 13th Ave, 2nd floor Portland, OR

In today's news, we see plenty of stories about how Artificial Intelligence (AI) is changing the world. There are many potential benefits to be gained from AI, but there are also a number of concerns about how it will affect our lives moving into the future. What exactly is artificial intelligence anyway?

In 1986, the mathematician and philosopher Gian-Carlo Rota wrote, “I wonder whether or when artificial intelligence will ever crash the barrier of meaning.” Here, the phrase “barrier of meaning” refers to a belief about humans versus machines. Humans are able to “actually understand” the situations they encounter, whereas AI systems (at least current ones) do not possess such understanding. The internal representations learned by (or programmed into) AI systems do not capture the rich “meanings” that humans bring to bear in perception, language, and reasoning.

In this talk, Melanie Mitchell, a professor of Artificial Intelligence and Machine Learning at Portland State University, will assess the state of the art of artificial intelligence in several domains and describe some of their current limitations and vulnerabilities, which can be accounted for by a lack of true understanding of the domains they work in.

Audience participation in the discussion will be encouraged, and together, we'll explore the following questions:

- To be reliable in human domains, what do AI systems actually need to “understand”?
- Which domains require human-like understanding?
- What does such understanding entail?

Join us for a great presentation and discussion about artificial intelligence! We'll have snacks, and there will be an opportunity for networking afterwards. We hope to see you there!

Schedule:

6:00 PM: Doors

6:10 PM: Introductions

6:15 PM: Presentation

Speaker bio:

Melanie Mitchell is Professor of Computer Science at Portland State University, and External Professor and Member of the Science Board at the Santa Fe Institute. She attended Brown University, where she majored in mathematics and did research in astronomy, and the University of Michigan, where she received a Ph.D. in computer science, Her dissertation, in collaboration with her advisor Douglas Hofstadter, was the development of Copycat, a computer program that makes analogies. She has held faculty or professional positions at the University of Michigan, the Santa Fe Institute, Los Alamos National Laboratory, the OGI School of Science and Engineering, and Portland State University.

She is the author or editor of five books and over 80 scholarly papers in the fields of artificial intelligence, cognitive science, and complex systems. Her most recent book, Complexity: A Guided Tour, published in 2009 by Oxford University Press, is the winner of the 2010 Phi Beta Kappa Science Book Award. It was also named by Amazon.com as one of the ten best science books of 2009 and was long-listed for the Royal Society's 2010 book prize. Melanie originated the Santa Fe Institute's Complexity Explorer online education program, which offers online courses and other educational resources related to the field of complex systems.

By attending this TA3M meeting, you agree to follow our Code of Conduct: https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/

{short} Code of Conduct Portland's Techno-Activism 3rd Mondays is dedicated to providing an informative and positive experience for everyone who participates in or supports our community, regardless of gender, gender identity and expression, sexual orientation, ability, physical appearance, body size, race, ethnicity, age, religion, socioeconomic status, caste, or creed.

Our events are intended to educate and share information related to technology and activism, and anyone who is there for this purpose is welcome. Because we value the safety and security of our members and strive to have an inclusive community, we do not tolerate harassment of members or event participants in any form.

Audio and video recording are not permitted at meetings without prior approval.

Our Code of Conduct (https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/) applies to all events run by Portland's TA3M. Please report any incidents to the event organizer.

Website
Saturday
Jun 8, 2019
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Saturday
Jun 15, 2019
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Understanding the Internet of Things
Free Geek

What is the Internet of Things (IOT)? How does this emerging technology change our understanding of online privacy and safety? What do we need to know to use and embrace this technology safely? Will our fridges and watches be used to hack into our houses?

Join us at Free Geek for this special workshop!

Website
Monday
Jun 17, 2019
Geeks Without Bounds
Northwest Academy 1208 SW 13th Ave, 2nd floor Portland, OR

Please note that this meeting starts at 7:00 PM! Doors will be monitored for access until 7:20 PM

Join us for a combined meeting with TA3M Seattle!

Geeks Without Bounds (GWOB) is a humanitarian organization of technologists, first responders, policymakers, and volunteers that works towards improving access to communication and technology. With a focus on working with communities that have limited infrastructure due to violence, negligence, or catastrophe, GWOB organizes hack-a-thons for humanitarian technology, and helps prototype projects intended to turn into long-term initiatives through their Accelerator for Humanitarian Projects.

Lisha Sterling, executive director of GWOB, recently returned to Washington state from the US-Mexico border. She'll be talking to our groups about her month in Tijuana supporting Al Otro Lado and Frontline Wellness United, and ongoing technology projects supporting the health and legal rights of asylum seekers. We'll join her talk via teleconference.

Join us for a great presentation! We'll have snacks, and there will be an opportunity for networking afterwards. We hope to see you there!

Speaker bio:

Lisha Sterling is executive director of Geeks Without Bounds, which was formed in October 2010.

By attending this TA3M meeting, you agree to follow our Code of Conduct: https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/

{short} Code of Conduct Portland's Techno-Activism 3rd Mondays is dedicated to providing an informative and positive experience for everyone who participates in or supports our community, regardless of gender, gender identity and expression, sexual orientation, ability, physical appearance, body size, race, ethnicity, age, religion, socioeconomic status, caste, or creed.

Our events are intended to educate and share information related to technology and activism, and anyone who is there for this purpose is welcome. Because we value the safety and security of our members and strive to have an inclusive community, we do not tolerate harassment of members or event participants in any form.

Audio and video recording are not permitted at meetings without prior approval.

Our Code of Conduct (https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/) applies to all events run by Portland's TA3M. Please report any incidents to the event organizer.

Website
Wednesday
Jun 19, 2019
**Choosing the Right Cloud Environment**
Online Webinar

RSVP: https://register.gotowebinar.com/register/2731951442299603715?source=Morgan

In pursuit of enhanced connectivity, scalability, and efficiency, cloud migration is hastening across all industry sectors. In order to unlock the cloud’s benefits, these environments – public, private, and hybrid – must be explicitly architected and engineered to suit the respective applications they will host, while also meeting security and compliance requirements.

How do businesses determine their ideal cloud environment and optimize it post-migration?

In this presentation, we will review and compare: - The physical and virtual components of public, private, and hybrid cloud environments; - The business considerations that differentiate each environment, including storage space, workloads, compliance, internal staff, and other business requirements; - The relationship between organizations, cloud providers, and MSPs; - The best practices organizations should consider keeping their cloud environment secure, compliant, and optimized post-migration.

Presenter: Scott Harvey VP of Operations & Engineering, Atmosera

RSVP: https://register.gotowebinar.com/register/2731951442299603715?source=Morgan

Website
Portland OWASP - Security Requirement Elicitation with Bhushan Gupta
CloudBolt Software

Web Application Security spreads over the application functionality, the platform it is running on, the development and deployment environment, third-party applications used, and last but not least, the open source code it utilizes. The requirements breadth is mind-boggling. You ignore any of these aspects and you become vulnerable.

This talk will discuss a structured approach to establish essential security requirements based on the CIA triad. The discussion will then expand over how these requirements manifest in the industry standards such as PCI, Government agencies, and globally. It will also delve into third party and open source code scenarios. The audience will take home a checklist of different aspects of security requirements to consider when building a Web application.

Bio: Bhushan Gupta, Gupta Consulting, LLC.

Proven champion for quality and well-versed with software quality engineering, and an AppSec researcher, Bhushan is the principal consultant at Gupta Consulting, LLC. A Certified Six Sigma Black Belt (ASQ), he possesses deep and broad experience in solving complex problems, change management, and coaching and mentoring. As a member of Open Web Application Security Project (OWASP), he is dedicated to driving the AppSec to higher levels via integration of security into Agile software development life cycle. His research areas are: elicitation of security requirements, comprehensive testing approaches beyond penetration testing, application of test tools and use of AI (Machine Learning) in secure web application development.

Bhushan has a MS in Computer Science (1985) from New Mexico Tech and has worked at Hewlett-Packard and Nike Inc. in various roles. He was a faculty member at the Oregon Institute of Technology, Software Engineering department, from 1985 to 1995 and is currently an Adjunct Faculty member.

Website
Friday
Jul 5, 2019
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Wednesday
Jul 10, 2019
Portland OWASP - The Easy (and Secure!) Way to Build JavaScript Web Apps with OAuth 2 & OIDC with Jake Feasel
New Relic

What are the best current practices for building modern, completely standards-based (OIDC) web applications? Which flow should you use? How should you renew expired access tokens? How do you work with multiple resource servers? How do you achieve single-sign on? How can you make logging into your app as seamless as possible? We will demonstrate how simple it is to do all of this using open source libraries maintained by ForgeRock. Together we will deep dive into what these libraries are doing for you behind the scenes: PKCE, service workers, IndexedDB storage, hidden iframes, and more. In the end you will have all the tools at your disposal to easily build your next modern web app with OIDC.

Jake Feasel Developer Experience Lead; Forgerock

Jake has been working in the web platform for 20 years, all the while primarily interested in the use of standards and open source technologies. Jake is currently a senior engineer at ForgeRock, where he has been for the last seven years. He is most recently responsible for improving the ways in which developers interact with the ForgeRock Identity Platform.

Website
Saturday
Jul 13, 2019
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Saturday
Aug 10, 2019
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Friday
Sep 6, 2019
Portland 2600
Theo's Restaurant

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month at Theo's. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Saturday
Sep 14, 2019
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Monday
Sep 16, 2019
Privacy Happy Hour!
Jack Knife

Let's close out the summer with a privacy-related happy hour!

Join us for some great conversations around privacy and other TA3M topics or whatever else you'd like to discuss. Come get to know our other members better and give us ideas about what you'd like to do and/or learn in our meetings in the coming year. There will be food and drink available for purchase, and we hope to see you there!

By attending this TA3M meeting, you agree to follow our Code of Conduct: https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/

{short} Code of Conduct Portland's Techno-Activism 3rd Mondays is dedicated to providing an informative and positive experience for everyone who participates in or supports our community, regardless of gender, gender identity and expression, sexual orientation, ability, physical appearance, body size, race, ethnicity, age, religion, socioeconomic status, caste, or creed.

Our events are intended to educate and share information related to technology and activism, and anyone who is there for this purpose is welcome. Because we value the safety and security of our members and strive to have an inclusive community, we do not tolerate harassment of members or event participants in any form.

Audio and/or video recording are not permitted at meetings without prior approval.

Our Code of Conduct (https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/) applies to all events run by Portland's TA3M. Please report any incidents to the event organizer.

Website
Saturday
Sep 21, 2019
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Wednesday
Oct 2, 2019
CNPDX October: Microservice Network Security
Autodesk

This meetup is generously hosted by Autodesk!

Topic: Network Security for Microservices

Speaker: Karthik Prabhakar, Director of Solution Architecture at Tigera

Leveraging experience from the design and deployment of network security across numerous high profile deployments, Karthik will provide a demo-driven walkthrough of recent network security architectures for microservices. Specifically, this will highlight: 1. Transitioning to declarative policy-as-code for security controls. 2. Automating security and compliance workflows and adapting them for microservices. 3. Integrating Kubernetes and Envoy/Istio/Service-Mesh capabilities to enable zero-trust.

Website
Wednesday
Oct 9, 2019
Portland OWASP - Threat Modeling in 2019 with Adam Shostack
New Relic

Attacks always get better, so your threat modeling needs to evolve. Learn what's new and important in threat modeling in 2019. Computers that are things are subject to different threats, and systems face new threats from voice cloning and computational propaganda and the growing importance of threats “at the human layer.” Take home actionable ways to ensure your security engineering is up to date.

Speaker: Adam Shostack Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

Website
Saturday
Oct 12, 2019
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Tuesday
Oct 15, 2019
At-Rest Encryption for Complete Data Protection
Vacasa

Join us for pizza and learning with the fabulous PHP Community! Doors open at 6, presentation 6:30-7:30 and join us for drinks or chatting after.

This month Vacasa's own Eric Mann shares At-Rest Encryption for Complete Data Protection

Many developers using hosted database solutions like Amazon RDS or Microsoft Azure are familiar with the “encrypt at rest” checkbox provided by their host. This will provide a modicum of security, but only defends your data against a narrow set of potential threats. Instead, we’ll discuss both the threats this feature does and does not protect against and some practical approaches to handling the uncovered edge cases. Attendees will learn how their application can both encrypt and decrypt data before communicating with an external data store for complete data protection.

Website
Saturday
Oct 19, 2019
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Using WiFi Securely: What Should I Know?
Free Geek

Do you use wi-fi? Probably. Most people do! But do you use wi-fi in a secure way? ¯_(ツ)_/¯ How can you tell? In this Free Geek workshop, learn how to use wi-fi securely when in public, and the essentials of protecting your home wi-fi network.

Website
Friday
Oct 25, 2019
BSides PDX 2019
through Oregon Convention Center

BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration. The Portland and greater Northwest information security community spans a broad spectrum of participation from CISOs, Fortune 100 company security experts, small business system admins, to independent security researcher.

Website
Wednesday
Oct 30, 2019
10 Ways to Optimize Azure ROI and Security
Webinar

How do organizations fully leverage the advantages of cloud platforms like Azure? By thinking differently.

Migrating workloads to Microsoft Azure is just the beginning of your cloud journey. A well-managed Azure environment should continuously improve, while maximizing ROI and security. Companies that successfully use Azure also keep up with active monitoring, security, scaling, and ongoing planning.

Join this webinar for actionable recommendations on: • Reducing Azure costs • Utilizing features and tools within Azure for effective management • Meeting industry and regional compliance regulations • Maximizing security and protecting sensitive data in Azure • Keeping Azure environments aligned with changing business goals and demand

RSVP: https://register.gotowebinar.com/register/6683993159946280715?source=Morgan

Questions? Morgan Robinson | https://www.linkedin.com/in/morgannrobinson/

Website
Saturday
Nov 9, 2019
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Saturday
Nov 16, 2019
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Holiday Scams - And How to Avoid Them!
Free Geek

Is the gingerbread man after your dough? Is Rudolph after your bucks? Holiday scams can be hard to spot, so this year apply all the knowledge we've got! Take this class so you don't feel like a rookie, stop on by for some info and a cookie!

We'll have some holiday treats and hot beverages to keep you cozy while you learn how to keep you and yours safe this holiday season. Scammers don't take holidays off—whether you are gift shopping online or receive a suspicious email for Holiday Dealz, we all need this information. Join us to learn how to protect yourself. Everyone is welcome. Come learn with Free Geek!

Website
Saturday
Dec 14, 2019
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Saturday
Dec 21, 2019
Holiday Scams - And How to Avoid Them!
Free Geek

Is the gingerbread man after your dough? Is Rudolph after your bucks? Holiday scams can be hard to spot, so this year apply all the knowledge we've got! Take this class so you don't feel like a rookie, stop on by for some info and a cookie!

We'll have some holiday treats and hot beverages to keep you cozy while you learn how to keep you and yours safe this holiday season. Scammers don't take holidays off—whether you are gift shopping online or receive a suspicious email for Holiday Dealz, we all need this information. Join us to learn how to protect yourself. Everyone is welcome. Come learn with Free Geek!

Website
Saturday
Jan 18, 2020
Digital Privacy Primer
Free Geek

Join us for an important online safety workshop. Learn how digital privacy works (or doesn't!) and learn how to get started with password managers, encrypted communication, email and mobile privacy tools, and more. We all need this information. Everyone is welcome. Come learn with Free Geek!

Website
Saturday
Feb 8, 2020
Social Media Privacy
Free Geek

Are you one of the one billion people using Facebook today?

With news of companies like Cambridge Analytica, we are increasingly aware of how our personal lives and contact information are used by social media companies. Now it's time to get educated and protect ourselves!

Join Free Geek for a deep dive into what you need to know to use social media like Facebook as privately as possible.

Website
Thursday
Sep 17, 2020
@DAMAPDX Chapter Meeting September 2020: How VPNs Work- The Ins and Outs with Daniel Lenski, PhD, OpenConnect
Zoom Conference

RSVP at DAMAPDX.org for registration info for this online event.

Presented by Daniel Lenski, PhD

Virtual private network (VPN) software creates a connection between peers across a wide-area network (normally, the Internet!) and builds an encrypted tunnel that behaves like a direct connection to the same local, private network. VPNs have become a pervasive feature of modern workplaces, and even more indispensable in this era of COVID-19 and widespread remote work.

The most widely-deployed VPN client and server software in workplace environments — including Cisco AnyConnect, Juniper/Pulse Networks, PAN GlobalProtect, and others — is all proprietary and closed-source. These VPNs differ in idiosyncratic ways, ranging from authentication to security requirements imposed on the client computers. Combined with bugs, missing features, and often mystifyingly vague error reporting, they can be very difficult to use, especially for those who need to access multiple VPNs. Under the hood, however, they all work in extremely similar ways.

The speaker is one of the main developers of OpenConnect, an open-source VPN client which can connect to all of the aforementioned VPNs using a common interface (with several others in development). In this talk, he will explain in detail how modern client-server VPNs work, in terms of authentication, encrypted tunneling, Internet protocol routing, and client roaming. He will illustrate how the operation of a VPN can be reverse-engineered and reimplemented in OpenConnect, using an implementation of PAN GlobalProtect as an example. He’ll show some of the advantages of being able to connect to different VPNs in a consistent and automated way, which can be particularly indispensable for those who work as consultants or vendors to multiple companies using different VPNs. Finally, he’ll discuss some recent and ongoing developments in VPNs and other kinds of remote connectivity software

Speaker

Daniel Lenski received his PhD in semiconductor physics and has worked at Seagate, Intel, and Amazon Elemental, and he has been using Linux and open-source software since the ’90s. He started modifying and contributing to OpenConnect out of the necessity of interfacing with many different companies’ VPNs while at a semiconductor consulting startup (FPS, now part of Inficon) and has continued developing it as a side project.

Where

Virtual event, RSVP for Zoom registration details

When

Date – Thursday, Sept. 17th

Time – 8:30 – 10:30am

Website
Thursday
Apr 1, 2021
Portland Linux/Unix Group: 360Cloud based on FreeBSD
Online

Portland Linux/Unix Group General Meeting Announcement

Who: Antranig Vartanian
What: 360Cloud based on FreeBSD
Where: https://li584-253.members.linode.com/PLUG
When: Thursday, April 1st, 2021 at 7pm
Why: The pursuit of technology freedom

"From Armenia With Love": Reaching out on Twitter brought a presentation from a colleague:

This talk is separated into two parts: 1) How to make a presentation in 25 hours due to errors in timezone math 2) How to setup a self-hosted Cloud Environment under 360 seconds a.k.a. 6 minutes.

The "Cloud", a.k.a. Someone else's computer has been very popular because it gives you the ability to have a machine/container up and running in seconds. I will demonstrate my new script https://360cloud.sh which "turns" your default FreeBSD Installation into a cloud using FreeBSD's Networking (pf, epairs, bridge), Storage (ZFS), Containers (Jails) and Virtual Machines (bhyve via vm-bhyve) automated with small CLI tools for DHCP and DNS integration.

Antranig Vartanian Is the co-founder and CEO of illuria Security, Inc., a Deception-as-a-Service company, also known as honeypots on steroids. I always wanted to write stories and be a columnist, ended up writing code and being a systems engineer.

Plan B connection information if Plan A using jit.si on linode linked above does not work. Going to this will place you in a waiting room if the other link is working.

Join Zoom Meeting https://zoom.us/j/95390745320?pwd=bHVtVUJ4Ujl5QjFheTVpZGVBWGo3UT09

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Website
Thursday
May 6, 2021
Portland Linux/Unix Group: Object Pascal Development with Lazarus and Free Pascal
Online

Portland Linux/Unix Group Online Meeting Announcement

Who: Glenn Dufke
What: Object Pascal Development with Lazarus and Free Pascal
Where: https://li584-253.members.linode.com/PLUG
When: Thursday, May 6th, 2021 at 7pm Pacific
Why: The pursuit of technology freedom

When developing software for multiple platforms, designing a functional user interface can often be a challenge.

Often C/C++, C# or even Python is used, but an overlooked, full-fledged IDE and development tool is Lazarus / Free Pascal.

Using Object Pascal, a strongly typed, easy to read, learn and modern compiled programming language, you can quickly write advanced applications and design beautiful user interfaces with the strong component based model and form designer.

It has its inspiration from Delphi, a commercial development tool which also can target multiple platforms, though the IDE itself runs on Windows only.

The underlying Free Pascal compiler has a high degree of compatibility, which means you can share code between Delphi and Free Pascal fairly easy.

In this presentation I will touch on the versatility and benefits of using this development tool for your next open source project and how easy it is to get started.

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

PLUG Page with information about all PLUG events: https://pdxlinux.org/ Follow PLUG on Twitter: http://twitter.com/pdxlinux

Website
Thursday
Jun 3, 2021
Portland Linux/Unix Group: Lessons Learned from Four Years as a County Party Officer
Online

Portland Linux/Unix Group General Meeting Announcement

Who: Michael Smith
What: Lessons Learned from Four Years as a County Party Officer
Where: https://li584-253.members.linode.com/PLUG
When: Thursday, June 3rd, 2021 at 7pm Pacific
Why: The pursuit of technology freedom

This talk will cover lessons learned from four years serving as an Officer for the Democratic Party of Multnomah County, two as Technology Officer, two as Vice Chair. Topics covered will include team building, web presence, virtual meetings, data management, and how to get involved by showing up.

Mike Smith is a network analyst and former software engineer. His only other PLUG talk was on Open Source in State Government. Since 2017 he has been part of the Democratic Party apparatus in one form or another, including serving as an officer for the Multnomah Democrats, delegate to the State Central Committee of the Democratic Party of Oregon (DPO), Chair of the DPO Gun Owners Caucus, and Delegate to the DPO Rules Committee. He holds masters degrees in Computer Science (2008, Portland State University) and Mathematics (1998, Loyola University Chicago). His wife, Liv Rainey-Smith, is a renowned woodcut print artist.

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Website
Thursday
Jul 1, 2021
Portland Linux/Unix Group: How Free Software Continues the Legacy of Open Communication
Online

Portland Linux/Unix Group General Meeting Announcement

Who: Daniel Pono Takamori
What: How Free Software Continues the Legacy of Open Communication
Where: https://li584-253.members.linode.com/PLUG
When: Thursday, July 1st, 2021 at 7pm Pacific
Why: The pursuit of technology freedom

Daniel Pono Takamori of the Software Freedom Conservancy will present "How Free Software Continues the Legacy of Open Communication".

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Website
Thursday
Aug 5, 2021
Portland Linux/Unix Group: Userspace live patching with Libpulp
Online

Portland Linux/Unix Group General Meeting Announcement

Who: Gabriel F. T. Gomes
What: Userspace live patching with Libpulp
Where: https://li584-253.members.linode.com/PLUG
When: Thursday, August 5th, 2021 at 7pm Pacific
Why: The pursuit of technology freedom

Live patching enables software programs to be modified while running. With live patching, there's no need to "turn it off and on again". There are multiple implementations around for both kernel and userspace live patching. In this presentation, I will cover Libpulp, a framework for userspace live patching, and you will learn: what Libpulp does, how it applies patches and what a live patch looks like, the tools that it provides, how to build and test, and how to contribute.

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Website
Thursday
Sep 2, 2021
Portland Linux/Unix Group: Hardware-Assisted Fine-Grained Control-Flow Integrity: Adding Lasers to Intel's CET/IBT
Online

Portland Linux/Unix Group General Meeting Announcement

Who: João Corrêa
What: Hardware-Assisted Fine-Grained Control-Flow Integrity: Adding Lasers to Intel's CET/IBT
Where: https://li584-253.members.linode.com/PLUG
When: Thursday, September 2nd, 2021 at 7pm Pacific
Why: The pursuit of technology freedom

his talk presents FineIBT, a compiler-based enhancement that enables fine-grained forward-edge Control-Flow Integrity (CFI) policies on top of Intel's Control-flow Enforcement Technology (CET). By combining the new hardware features with compiler instrumentation, FineIBT anchors indirect control transfers to sanity checks, enabling policies more restrictive than those supported solely by CET and increasing its effectiveness against control-flow hijacking attacks. An evaluation through custom benchmarks shown that FineIBT provides similar security guarantees with less performance costs when compared to Clang CFI, retaining its penalty between 1% and 7% while the latter added overheads between 5% and 53%. Beyond that, FineIBT also has other perks, such as benefiting from the CET's hardening against transient execution attacks and not depending on Link-Time Optimizations. This talk will explore the FineIBT implementation recently sent to the kernel-hardening mailing list, then discuss specific scenarios, such as how it could be used in the Linux kernel, possible improvements and expected challenges. Technical reference: https://www.openwall.com/lists/kernel-hardening/2021/02/11/1

Joao is an Offensive Security Researcher at Intel. His research interests are mostly focused in compiler-enabled features and analyses, but he will normally be down to chat about anything that involves binaries. Joao holds a PhD from the University of Campinas, where he worked on kCFI, a Control-Flow Integrity implementation for the Linux kernel (featured at Black Hat Asia 2017) and he also spent some time working for SUSE, where he bootstrapped the development of libpulp, an user-space live patching framework (featured at Linux Developers Conference Brazil 2019 and SUSE Labs Conference 2018).

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Website
Tuesday
Sep 28, 2021
What are we doing to mitigate the increased attack surface we create by supporting clients?
Cooper Mountain Ale Works Public House

The Oregon Computer Consultant's Association presents our monthly meeting, with the topic of security: What are we doing to mitigate the increased attack surface we create by supporting clients?

IT providers have become a target for hackers. The software we use to remotely manage client computers and networks adds an attack vector. Losing control of one of these tools would allow remote access not only to our systems, but all client systems we service.

We will discuss:

  • What network and system access levels are appropriate for service providers.

  • Who is responsible for security and operations when outsourcing IT services.

  • What are we doing to reduce the risk to our clients.

  • As this issue comes to the attention of our clients, how do we discuss it with them?

Website
Thursday
Oct 7, 2021
Portland Linux/Unix Group: Russell's Excellent High Altitude Balloon Adventure
Online

Portland Linux/Unix Group General Meeting Announcement

Who: Russell Senior
What: Russell's Excellent High Altitude Balloon Adventure
Where: https://meet.jit.si/pdxlinux
When: Thursday, October 7th, 2021 at 7pm
Why: The pursuit of technology freedom

Russell volunteers with the Portland State Aerospace Society's (PSAS) OreSat program as an Industry Advisor. PSAS is a rocket club at Portland State University. The OreSat program works towards having small interactive satellites put into orbit by friendly launch services. OreSat currently consists of three small satellites based on a common design, the first one is due to launch in January. Russell's role is to help out with a system called dxwifi, a long distance S-band communication link. The goal is for ground-based student groups around the state to receive live video broadcast from orbit as the satellite passes overhead. Earlier this year, a high school student applied and got our satellite a ride on a high altitude balloon through a NASA program. One of the goals was to capture wifi data being transmitted by the payload. Because of the distances involved, this requires aiming a directional antenna at the balloon. This talk will tell the story of how Russell waded his way towards a solution using math, some hand tools, open-source software and some ingenuity.

About Russell:

Russell has been a Linux user since 1992. He worked for a few decades doing data management, programming, and analysis for a small scientific consulting firm. Since 2005 he has been deeply involved in the Personal Telco Project and trying to bring about telecommunications policy in the users interests, while also hacking on router firmware. Since 2018, he's been involved in an effort to bring at-cost fiber infrastructure to the Portland metro area, Municipal Broadband PDX.

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Website
Tuesday
Oct 19, 2021
Portland Linux/Unix Group: Linux on RISC-V
Online

Portland Linux/Unix Group General Meeting Announcement

Who: Drew Fustini
What: Linux on RISC-V
Where: https://meet.jit.si/pdxlinux
When: Thursday, November 4th, 2021 at 7pm
Why: The pursuit of technology freedom

This talk will explore the future of Linux on RISC-V, an open instruction set (ISA). I will introduce the open source FPGA ecosystem including Migen and LiteX, and explain how they make it possible to quickly implement SoC designs in an FPGA capable of running Linux on a RISC-V. I will also look at the current RISC-V SoC's that are capable of running Linux and available dev boards. I will also talk about how support in Linux for RISC-V is continuing to evolve such as the introduction of KVM RISC-V support and look at RISC-V hardware support that is in the process of being upstreamed. I will describe how the RISC-V Platform Specification Task Group is trying to standardize boot and runtime requirements with the creation of the Linux-2022 specification.

About Drew Drew Fustini is a Linux developer at BayLibre and serves as an ambassador for RISC-V International. He sits on the board of directors for the BeagleBoard.org Foundation and the Open Source Hardware Association (OSHWA). When not hacking on Linux, Drew enjoys designing open source hardware projects in KiCad that are fabricated in purple and gold by OSH Park.

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Website
Thursday
Dec 2, 2021
Portland Linux/Unix Group: Pipewire Audio Server
Online

Portland Linux/Unix Group General Meeting Announcement

Who: Ben Koenig
What: Pipewire Audio Server
Where: https://meet.jit.si/pdxlinux
When: Thursday, December 2nd, 2021 at 7pm
Why: The pursuit of technology freedom

Who: Ben Koenig What: Pipewire Audio Server Where: https://meet.jit.si/pdxlinux When: Thursday, December 2nd, 2021 at 7pm Why: The pursuit of technology freedom

Sound is a major part of the Linux desktop and now there's a new project to make your audio experience even better! Or maybe not. This talk will explore the features and changes involved in switching a system from Pulseaudio to Pipwire for audio device management.

The new Pipewire daemon promises to improve the state of audio playback on Linux but with this change comes questions regarding the impact to different users and use cases. In this talk I'll go over the impact Pipewire can have for various different users and provide a basic configuration for those brave enough to give it a try. I will also outline some of the history surrounding the audio stack in Linux with a focus on how Pipewire plans to implement new features while maintaining compatibility with older applications.

About Ben I am a QA Test Technician with a background in tech support for Mac/Windows/Linux desktop users. When not talking to customers I can be found customizing Linux distros and building systems that solve problems before they occur.

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Website
Thursday
Jan 6, 2022
Portland Linux/Unix Group: The Transit Appliance Project
Online

Portland Linux/Unix Group General Meeting Announcement

Who: Chris Smith
What: The Transit Appliance Project
Where: Zoom, flawed as it is, link below
When: Thursday, January 6th, 2022 at 7pm
Why: The pursuit of technology freedom

This talk will explore the history and future of the Transit Appliance project, an open source project which makes use of TriMet and other public web services to display transit arrivals on fixed location screens in apartment and office lobbies, cafes, schools and other community locations. The project is hosted by the non-profit Portland Transport and currently operates more than 60 screens around the region. The project relies on Raspberry Pi processors and a variety of cloud services to provide a minimal cost solution to the display of transit and micromobility information.

About Chris Chris Smith is the lead developer of the non-profit, open source Transit Appliance project. For two decades his day job was leading web architecture for Xerox. He serves on the board of Portland Streetcar Inc. and also served for twelve years on the Portland Planning and Sustainability Commission. His passion is the intersection of technology and sustainable urban policy.

Returning to Zoom for now

PLUG aims to dogfood free and open source technologies whenever possible and Jit.si had a good run. It is quirky and very difficult to manage as a moderator, but it is free software. Recording meetings proved unworkable but thank you Vincent for spinning up a Jit.si VM during a meeting and removing the watermark. Many colleagues have reported that web-based Zoom is working better than ever with free and open source desktop operating systems and for the success of PLUG and my sanity as a moderator, I need to use the best tool for the job. Please continue to send your ideas for better tools and I would not rule out moving to a solution that someone is willing to take ownership of, as Vincent did with the Jit.si VM.

https://us06web.zoom.us/j/85249530401?pwd=dWZPTllGRk1udWtVRXB0STZ2VlJXZz09

Meeting ID: 852 4953 0401 Passcode: 8675309 One tap mobile +13462487799,,85249530401# US (Houston) +17207072699,,85249530401# US (Denver)

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Website
Thursday
Feb 3, 2022
Portland Linux/Unix Group: This is a test(1): A shell scripter's guide to ubiquitous assumption testing
Online

Portland Linux/Unix Group General Meeting Announcement

Who: Michael Dexter
What: This is a test(1): A shell scripter's guide to ubiquitous assumption testing
Where: Zoom, flawed as it is, link below
When: Thursday, February 3rd, 2022 at 7pm
Why: The pursuit of technology freedom

"Look before you leap" is a valuable lesson in many aspects of life but particularly in computer science and administration. Responsible developers make extensive use of the test(1), a.k.a. "[" utility which quickly and programmatically tests assumptions as simple as, "does this file exist", relying on zero and non-zero return values to answer that question. This deceptively-simple yet highly-efficient use of return values can avoid hours of debugging and achieve goals such as idempotence. This talk will explain the importance of the test(1) utility, and explain similar functionality in other utilities such as FreeBSD's grep(1), kldstat(8), and others that support "-q quiet" mode. It will also identify opportunities for additional "quiet mode" functionality.

About Michael

He broke it, he bought it. Michael has organized PLUG since late 2009 and did not find a speaker. By day, Michael has nursed depressed NAS systems back to life since 2012.

Returning to Zoom for now

PLUG aims to dogfood free and open source technologies whenever possible and Jit.si had a good run. It is quirky and very difficult to manage as a moderator, but it is free software. Recording meetings proved unworkable but thank you Vincent for spinning up a Jit.si VM during a meeting and removing the watermark. Many colleagues have reported that web-based Zoom is working better than ever with free and open source desktop operating systems and for the success of PLUG and my sanity as a moderator, I need to use the best tool for the job. Please continue to send your ideas for better tools and I would not rule out moving to a solution that someone is willing to take ownership of, as Vincent did with the Jit.si VM.

https://us06web.zoom.us/j/85249530401?pwd=dWZPTllGRk1udWtVRXB0STZ2VlJXZz09

Meeting ID: 852 4953 0401 Passcode: 8675309 One tap mobile +13462487799,,85249530401# US (Houston) +17207072699,,85249530401# US (Denver)

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings.

Website
Monday
May 16, 2022
Cellphone voting
Online

Earlier this year, the Oregon State Legislature was considering adoption of bill HB 4136, which would have required the Secretary of State to establish a digital voting system allowing voters to cast their ballots electronically—via a computer, electronic tablet, cellphone, or another digital device.

The measure remained in committee and never came to a vote, but legislators may be planning to introduce a new version of the bill in next year's longer session.

Should you be happy or concerned about the prospect of cellphone voting?

Currently, over twenty pilot programs are in place across the country to test the feasibility of mobile voting. Proponents argue that cellphone voting could increase voter turnout, and voting from the comfort of your mobile phone sounds easy, right? But is it really a good idea?

Before giving this technology a stamp of approval, we need to consider some of the issues around the process of electronic voting. For example, is it secure? Does it protect voter privacy? And how would we verify election results?

Dr. Stephanie Singer and Sheila Golden have been focused on election systems for many years. Ms. Golden is well known in Oregon for her advocacy around election technology, while Dr. Singer is known nationwide for her expertise on election technology and processes. They'll join us this month to explore the pros and cons of voting via cellphone and will explain how such a system would work, who's behind the effort to adopt mobile voting, and why voting from our phones may or may not be a good course of action.

Bring your questions, and come learn how you can make your voice heard on this issue!

Please RSVP via Meetup or by sending an email to [email protected].

Speaker bios:

Sheila Golden is an activist focusing on election integrity, civil liberties/immigrant rights, and climate justice. She works with the League of Women Voters-OR and Scrutineers.

Stephanie Singer is a data scientist and former election official. She has assembled, analyzed and explained data for private business, public agencies, campaigns and election oversight. Her public service projects have been funded by the National Science Foundation and the Knight Foundation. In 2020 she created the VoteVisualizer, a web app allowing users to explore election results from across the country. Her client list includes the Orange County Registrar of Voters and the nonpartisan nonprofit Verified Voting. She has advised elected officials across the country, including Oregon Secretary of State Shemia Fagan. From 2012-2016 she served on the Philadelphia County Board of Elections -- including one year as chair -- where she made data freely available, used data analysis to fight unconstitutional burdens on the voting process, and introduced "I Voted Today" stickers to all Philadelphia polling places. She won the post by defeating a 36-year incumbent in a citywide election. Singer co-chaired the statewide Election Reform Committee of the County Commissioners Association of Pennsylvania. Singer studied math and computer science at Yale and Stanford, completed a Ph.D. at New York University and earned tenure from Haverford College. She has written two books on mathematical physics.

By attending this TA3M meeting, you agree to follow our Code of Conduct: https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/

{short} Code of Conduct Portland's Techno-Activism 3rd Mondays is dedicated to providing an informative and positive experience for everyone who participates in or supports our community, regardless of gender, gender identity and expression, sexual orientation, ability, physical appearance, body size, race, ethnicity, age, religion, socioeconomic status, caste, or creed.

Our events are intended to educate and share information related to technology and activism, and anyone who is there for this purpose is welcome. Because we value the safety and security of our members and strive to have an inclusive community, we do not tolerate harassment of members or event participants in any form.

Audio and video recording are not permitted at meetings without prior approval.

Our Code of Conduct (https://www.meetup.com/Portlands-Techno-Activism-3rd-Mondays/pages/22681732/Code_of_Conduct/) applies to all events run by Portland's TA3M. Please report any incidents to the event organizer.

Website
Wednesday
Aug 3, 2022
WorldFestival 2022
through Virtual Event

WorldFestival 2022 | August 3-4, 2022 Technology innovation moves the world forward. WorldFestival is the global virtual conference supporting worldwide technology innovation. Join 20,000+ participants across 130+ nations in discovering and learning about the top 1,000 emerging innovations and trends of 2022.

WorldFestival includes:

Technology Innovation Conference: Hear talks from 300+ speakers covering the newest innovations in 20 industry verticals: from Virtual Reality and Blockchain to Cloud Computing and Artificial Intelligence. Award Competition: Discover and vote on the top 1,000 innovations of 2022, from 6 continents, competing to pitch on-stage as the Top 50 WorldFestival Innovations. Virtual Expo: Visit and learn about 100+ emerging technologies at our virtual expo. Networking & Receptions: Certain pass types will be invited to 1:1 networking breaks and our VIP receptions, where you can meet and chat with top executives, supporters, and contributors.

Website
MobileWeek 2022
through Online Event

Join 2,000+ participants at the global virtual conference on the next iteration and future of mobile innovation.

About this event MobileWeek | August 3-4, 2022 | Virtual Conference

The global event where thousands of mobile industry professionals: software creators, telecom business leaders, mobile team leads, mobile growth & strategy professionals, and executives -- come together digitally to collaborate on the next iteration and future of mobile innovation.

Join us online August 3-4 for:

6+ tracks of content: -5G, Devices & Communication -iOS Development -Android Development -Mobile Product Management -Mobile Networks, Hardware & IoT -Mobile Business Strategy -Mobile DevOps & Analytics -Mobile Dev Innovation ...with 80+ live virtual sessions converge to discover this year’s newest mobile & connected technology best practices & innovation.

Award Competition: Discover and vote on the top 1,000+ innovations of 2022, from 6 continents, competing to pitch on-stage as the Top 50 Startups @ the WorldFestival Innovation Awards. Virtual World Expo: Visit and learn about 100+ emerging technologies at our 2-day virtual expo. Networking & Receptions: PRO & PREMIUM pass types will be invited to 1:1 networking breaks and our VIP receptions, where you can meet and chat with top executives, speakers, supporters, and contributors. MobileWeek 2022 is co-located with WorldFestival 2022.

Website
Thursday
Feb 2, 2023
Portland Linux/Unix Group: Setting up inexpensive home security cameras with ZoneMinder to secure your home or business
Oregon Latvian Community Center

Portland Linux/Unix Group General Meeting Announcement

Who: Ted Mittelstaedt
What: Setting up inexpensive home security cameras with ZoneMinder to secure your home or business
Where: 5500 SW Dosch Rd, Portland
When: Thursday, February 2nd, 2023 at 7pm
Why: The pursuit of technology freedom

Today there are a number of inexpensive home security cameras on the market that can be used to decrease the chance that your home or property will be tampered with. There's been a rash of catalytic converter and gasoline thefts in the Portland area in recent years, these require expensive replacements and repair of vehicle gas tanks that have been drilled into. Many homes in Portland do not have garages and residents use street parking. With the increasing use of electric vehicles and portable charging cables, the potential for theft and mischief exists as well. While a camera system may not prevent a theft, a good system can get a clear picture of the perpetrators and allow police to make an arrest. These systems also serve as a visual deterrent. This presentation will cover several camera systems and different concerns for mounting, cabling, and camera selection as well as recording camera data using ZoneMinder running on Linux and considerations for setting up this system.

Rules and Requests:

Please bring and properly fit a mask unless actively presenting

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings

Do not leave valuables in your car

Website
Friday
Apr 7, 2023
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
May 4, 2023
Portland Linux/Unix Group: Setting up inexpensive home security cameras with ZoneMinder to secure your home or business Part II
Oregon Latvian Community Center

Portland Linux/Unix Group General Meeting Announcement

Who: Ted Mittelstaedt
What: Setting up inexpensive home security cameras with ZoneMinder to secure your home or business Part II
Where: 5500 SW Dosch Rd, Portland
When: Thursday, February 2nd, 2023 at 7pm
Why: The pursuit of technology freedom

Today there are a number of inexpensive home security cameras on the market that can be used to decrease the chance that your home or property will be tampered with. There's been a rash of catalytic converter and gasoline thefts in the Portland area in recent years, these require expensive replacements and repair of vehicle gas tanks that have been drilled into. Many homes in Portland do not have garages and residents use street parking. With the increasing use of electric vehicles and portable charging cables, the potential for theft and mischief exists as well. While a camera system may not prevent a theft, a good system can get a clear picture of the perpetrators and allow police to make an arrest. These systems also serve as a visual deterrent. This presentation will cover several camera systems and different concerns for mounting, cabling, and camera selection as well as recording camera data using ZoneMinder running on Linux and considerations for setting up this system.

Rules and Requests:

Please bring and properly fit a mask unless actively presenting

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings

Do not leave valuables in your car

Website
Friday
May 5, 2023
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Friday
May 19, 2023
Data PDX: "Data Modeling for Security and Compliance" with Karen Lopez
Google Meet

Karen Lopez, Data Evangelist for InfoAdvisors, Space Enthusiast, & TeamData Coach

Karen is a senior project manager and architect with an extensive background in development processes and information management. She specializes in taking practical approaches to systems development. She has 20+ years of public speaking (keynotes, speeches, and demonstrations). She wants attendees to have fun, gain insights and take away inspiration for working with new technologies and methods.

She’s known for her slightly irreverent and practical approach to IT training and speaking. She wants you to be part of #TEAMDATA.

Abstract

Modern database systems have introduced more support for security, privacy, and compliance over the last few years. We expect this to increase as compliance issues such as GDPR and other data compliance challenges arise. In this session, Karen will be discussing the newer features from a data modelers/database designers' point of view, including:

Data Masking End-to-End encryption Row Level Security New Data Types Data Categorization and Classification

What You Will Learn

We'll look at the new database and modeling tool features, why you should consider them, where they work, where they don't. We will also discuss how to negotiate on behalf of data protection in a world of Agile, MVP, Lean and DevOps.

Cost

Free!

If you’ve paid any Data PDX or DAMA membership dues during 2019-2021 or are an employee of a corporate member, please choose Member RSVP.

Where

RSVP for join code, this is an VIRTUAL event via Google Meet Date – Friday, May, 19th Noon – 1pm

Website
Friday
Jun 2, 2023
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Friday
Jul 7, 2023
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
Jul 20, 2023
Data PDX: "Data Governance Communication-Making it CLEAR" with Valerie Calvo
Google Meet

Valerie Calvo is a Data Governance Manager for CBRE Investment Management, joining the firm in 2022. She directly supports data-driven ambitions by setting and realizing the firm’s Data Governance strategy and championing data democratization. In this role, she is responsible for ensuring consistent practices while creating processes for metadata management, reference data, and data quality management.

Immediately prior to joining CBRE IM, Valerie led a team responsible for the design and implementation of semantic models, reference data, taxonomies, and master data inventories as well as the enterprise adoption of data management practices at Bloomberg LP.

Valerie is an attorney admitted to practice in New York & New Jersey, graduating from the University of Miami School of Law and Rutgers College. She also holds Certificates in the Data Management Capability Assessment Model (DCAM) v2.2 (EDM Council) and Advanced Data Analytics (General Assembly).

Abstract

Considerable time and effort are devoted to developing and executing a data governance strategy. However, effective, and sustained communication is an often-overlooked critical factor. To formalize and foster a data-driven program and culture, organizations must remember to communicate clearly and often to drive buy-in and promote a two-way governance dialogue.

In this talk we’ll cover:

Why DG communication is important at all stages from program kick-off to business-as-usual;

  • Different types of DG communication
  • Components of CLEAR communication with examples to use in your own organization

Creative Lingo-free Efficient Applicable Regular

Where

RSVP for join code, this is an VIRTUAL event via Google Meet

Date – Thursday, July 20th

Noon – 1pm

Website
Thursday
Aug 3, 2023
(RESCHEDULED) Data PDX: "Data Governance Communication-Making it CLEAR" with Valerie Calvo
Google Meet

Valerie Calvo is a Data Governance Manager for CBRE Investment Management, joining the firm in 2022. She directly supports data-driven ambitions by setting and realizing the firm’s Data Governance strategy and championing data democratization. In this role, she is responsible for ensuring consistent practices while creating processes for metadata management, reference data, and data quality management.

Immediately prior to joining CBRE IM, Valerie led a team responsible for the design and implementation of semantic models, reference data, taxonomies, and master data inventories as well as the enterprise adoption of data management practices at Bloomberg LP.

Valerie is an attorney admitted to practice in New York & New Jersey, graduating from the University of Miami School of Law and Rutgers College. She also holds Certificates in the Data Management Capability Assessment Model (DCAM) v2.2 (EDM Council) and Advanced Data Analytics (General Assembly).

Abstract

Considerable time and effort are devoted to developing and executing a data governance strategy. However, effective, and sustained communication is an often-overlooked critical factor. To formalize and foster a data-driven program and culture, organizations must remember to communicate clearly and often to drive buy-in and promote a two-way governance dialogue.

In this talk we’ll cover:

Why DG communication is important at all stages from program kick-off to business-as-usual;

  • Different types of DG communication
  • Components of CLEAR communication with examples to use in your own organization

Creative Lingo-free Efficient Applicable Regular

Where

RSVP for join code, this is an VIRTUAL event via Google Meet

Website
Portland Linux/Unix Group: Using DRBD and LINSTOR to Facilitate Cloud Migration and Mobility (In person!)
Oregon Latvian Community Center

Portland Linux/Unix Group General Meeting Announcement

Who: Julia Iacoviello
What: Using DRBD and LINSTOR to Facilitate Cloud Migration and Mobility
Where: 5500 SW Dosch Rd, Portland
When: Thursday, August 3rd, 2023 at 7pm
Why: The pursuit of technology freedom

There are many advantages to flexible cloud storage, but even with a good idea of how you might implement your environment in the cloud, the challenge of transferring legacy data may stand in your way. In this talk, Julia Iacoviello from LINBIT will explain core concepts of the open source, distributed replicated storage system, DRBD, as well as the open source storage management software, LINSTOR. Then, we will explore how these technologies can be leveraged to mitigate pain points in migrating production databases and other services into the cloud, including to containerized applications that rely on persistent stateful storage. Special considerations to be made for migration of existing data will be highlighted in this talk; additionally, a broad base of information about DRBD and general high-availability storage will be provided, with the hope that all that attend may learn something applicable to their particular use case, now or in the future.

Rules and Requests:

Please bring and properly fit a mask unless actively presenting

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings

Do not leave valuables in your car

Website
Friday
Aug 4, 2023
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Friday
Sep 1, 2023
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
Oct 5, 2023
Portland Linux/Unix Group: Firejail and Linux VPNs (In person!)
Oregon Latvian Community Center

Portland Linux/Unix Group General Meeting Announcement

Who: Mark/Xe1phix
What: Firejail and Linux VPNs
Where: 5500 SW Dosch Rd, Portland
When: Thursday, October 5th, 2023 at 7pm
Why: The pursuit of technology freedom

In this presentation, Xe1phix will cover:

Firejail - Sandbox - Namespace isolation (network namespaces, mount namespaces, user namespaces, PID namespaces), Seccomp-BPF - Syscall filtering Linux Capabilities (POSIX 1003.1e) filter AppArmor - Kernel module used to sandbox programs DNS-Over-HTTPS (DoH) - Encrypted DNS resolution using Mullvad DNS OpenVPN - Secure VPN setup Wireguard - Secure VPN setup Wireguard tunnels - Multihop VPN connections. Telegram - Instant Messenger Securely connecting to Telegram using Wireguard SOCKS5 proxy. Securely connecting to Telegram using OpenVPN SOCKS5 proxy. Sandboxing Telegram with Firejail Sandboxing Telegram with AppArmor qBittorrent Securely connecting to qBittorrent using Wireguard SOCKS5 proxy. Securely connecting to qBittorrent using OpenVPN SOCKS5 proxy. Using IPFilters to blacklist bad peers ProtonVPN - Trusted VPN setup DNS leak protection VPN Killswitch IPTables - Netfilter packet filter/firewall OPNSense/PFSense - OpenVPN setup Network forensics cheatsheets TCPDump, TShark, ngrep, ss, nfdump, etc Process logging cheatsheets Journalctl, lsof, ps, fuser, etc.

Xe1phix is a Linux systems engineer (Linux+, LPIC-1, LPIC-2).

He has studied Linux for 12 years, and has read over 200 books on Linux security. His primary focus, and passion in life is studying:

Linux system hardening/security Linux memory forensics & malware analysis Intrusion Detection Systems (IDS)

Rules and Requests:

Please bring and properly fit a mask unless actively presenting

PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings

Do not leave valuables in your car

Website
Friday
Oct 6, 2023
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Friday
Nov 3, 2023
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Thursday
Nov 16, 2023
Cloud and AI: Secure Every Second at the Speed of Cloud
Level Beer (Level 1)

Join Defy Security and Sysdig for an event at Level One Beer on Thursday, November 16, 2023 at 4:00pm.

Join us for a funfilled and educational evening to discuss how Cloud and AI could impact your business needs.

Space is limited, so register to reserve your spot now!

Please reach out to Ken Robertson ([email protected]) with any questions.

Website
Friday
Dec 1, 2023
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Friday
Jan 5
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Friday
Feb 2
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website
Friday
Mar 1
Portland 2600
Sizzle Pie (East Burnside)

PDX2600 is a monthly open forum for hackers in Portland Oregon. It happens on the first Friday of every month. There are no memberships, no leaders, and no real structure. Only the free exchange of ideas.

Website