Registration is required to attend this event. Please register at: https://www.eventbrite.com/e/pdxwit-present-fill-your-cup-grace-community-at-pdxwit-tickets-622884663797

In support of Mental Health Awareness Month, Lori Eberly, LCSW is curating a panel to explore:

• How arts and creativity support our mental health
• The importance of building and maintaining boundaries
• Simple tools to regulate our nervous system
• Ways to cultivate Grace & Community

Our conversation is rooted in the complexities of our time, acknowledging how collective trauma, oppressive systems, COVID grief, and layoffs threaten our wellbeing.

Agenda:

• 5:00pm Doors Open
• 5:30pm Welcome, Announcements, Introductions
• 5:45pm Panel Begins
• 6:30pm Networking
• 7:00pm Event Ends

PDXWIT is building a better tech industry by creating access, dismantling inequities and fueling belonging. Our events are inclusive. ALL people who support our purpose are welcome.

COVID Safety FAQ:

Q: Will masks be required in indoor spaces? Will masks be required outside? Will hand sanitizer be provided and plentiful? A: Masks are strongly encouraged and our host will provide hand sanitizer. We will ask all attendees to show proof of vaccination OR have a negative COVID test within 48 hours of the event. If you are not feeling well, we encourage you to stay at home.

Event FAQ

Q: What is the in-person event capacity? A: 130

Q: Will there be gender neutral restrooms? A: Yes

Q: Is the space ADA accessible? A: Yes

Q: Will there be food and drink at this event? A: Yes.

Q: What is the parking situation?

A: There is free 2-hour parking located in the Montgomery Park parking lot.

Q: Is there any special information that might help me find the entrance?

A: The event will be located at WebMD Health Services located in the Montgomery Park building on the 7th floor. Attendees will need to take the elevators in the middle of the lobby to the 7th floor. Attendees will be asked to check-in with PDXWIT for their name tag and sign-in with WebMD in order to receive a guest badge. Guest badges must be returned upon exit.

Q: Is there secured bike parking?

A: Yes. There is an indoor bike rack on the North side of the building and there are bike racks outside the front entrance.

Q: Should I consider using public transportation?

A: Public transportation is available via TriMet bus. Please use the TriMet Trip Planner if you plan to use public transportation.

Q: Can I bring my dog? A: Sadly, no.

Q: Are the exits clearly marked? A: Yes.

Machine Learning vs Cryptocoin Miners Description: With the advent of cryptocurrencies as a prevalent economic entity, attackers have begun turning compromised boxes and environments into cash via cryptocoin mining. This has given rise for the opportunity to detect compromised environments by analyzing network traffic logs for evidence of cryptocoin miners. Specifically, I'll be reviewing various ML and statistical analysis techniques leveraged against VPC Flow Logs. This talk will not be a deep dive of the math involved but instead a general discussion of these techniques and why I chose them.

Speaker's Bio: Jonn Callahan is a principal appsec consultant at nVisium. Jonn was previously heavily involved in the OWASP DC and NoVA chapters. He has been working in appsec for half a decade now, initially within the DoD and now commercially with many high-visibility companies. Recently, Jonn has been digging into ML to find ways to bridge it and the security industry in an intelligent and usable fashion.

Abstract

All modern software, but the most trivial one, relies on common libraries to perform routine work. Your software may be bastion of security, exhaustively tested and evaluated, but once a vulnerability is discovered in a library you depend on, all bets are off. These large and pervasive vulnerabilities quickly become popular targets, exploited by everybody from script kiddies, to professional hackers, to state actors. It is no surprise that the use of vulnerable libraries is included in the OWASP Top 10 list. The Australian Signals Directorate (ASD) lists patching operating systems and applications as two of their top four strategies to mitigate security incidents!

During a recent hacking game, we've identified and exploited a vulnerability not anticipated by the developers. One little crack in a widely used library gave us the footing we needed to construct an attack chain of remote code execution, file upload, data exfil, source code disassembly, and branching into a private network, all despite extremely high level of hardening on the target from unintended attacks. We'll share with you how a safe and fun library exploitation can be in the confines of a hacking game, and how there are serious implications for your corporate applications where the stakes are much higher.

Speakers:

Alexei Kojenov is a Senior Application Security Engineer with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications.

Alex Ivkin is a senior security architect with experience in a broad array of computer security domains, focusing on Identity and Access Governance (IAG/IAM), Application Security, Security Information and Event management (SIEM), Governance, Risk and Compliance (GRC). Throughout his consulting career Alex has worked with large and small organizations to help drive security initiatives and deploy various types of enterprise-class identity management and application security systems. Alex is an established and recognized security expert, a speaker at various industry conferences, holds numerous security certifications, including CISSP and CISM, two bachelor’s degrees and a master’s degree in computer science with a minor in psychology.

Add TAL, improve a threat model!

To improve your (threat) modeling career, you need a better (threat) agent (library)! Threat modeling is a process for capturing, organizing, and analyzing the security of a system based on the perspective of a threat agent. Threat modeling enables informed decision-making about application security risk. In addition to producing a model, typical threat modeling efforts also produce a prioritized list of security improvements to the concept, requirements, design, or implementation. In 2009, OWASP posted wiki pages on threat modeling. Although there was the start of a section on threat agents, it has yet to be completed.

Intel developed a unique standardized threat agent library (TAL) that provides a consistent, up-to-date reference describing the human agents that pose threats to IT systems and other information assets. Instead of picking threat agents based on vendor recommendations and space requirements in Powerpoint, the TAL produces a repeatable, yet flexible enough for a range of risk assessment uses. We will cover both the TAL, the Threat Agent Risk Assessment (TARA), how they can be used to improve threat modeling.

Speaker

Eric Jernigan
Information Security Architect
Umpqua Bank

Eric Jernigan is an Information Security Architect at Umpqua Bank and focuses on risk assessment, Secure project support, information security governance, and security awareness. Prior to this, Eric He has also served as an information security manager and adjunct instructor at PCC. He has also served as an active duty Information Warfare Analyst in the Air National Guard in support of NORTHCOM/NORAD. He has almost twenty years of intelligence, counter-terrorism, Information warfare, information security, and compliance experience. His current professional certifications include CISM, CRISC, and CISSP, so love him. A staunch privacy advocate, he hates Facebook.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.