NovaInfosecPortal.com

Here is some information regarding this week’s Thursday CharmSec infosec meetup event. There isn’t an O’s game so the bar shouldn’t be that crowded. Read the rest of this entry »

Here is some information regarding this week’s Wednesday CapSecDC infosec meetup event. Sorry for the late posting… Read the rest of this entry »

The NoVA Sec infosec meetup event back in April featured Aaron Walters discussing memory forensics. I’m not much of a forensics person at this point and so much of the information was over my head. Richard Bejtlich however has recently posted his notes from this session for those interested. See our original post for more information.

Here is some information regarding this week’s Thursday ISSA - NoVA Chapter infosec meetup event. The presenter is Marcus Sachs, who I had once as a SANS instructor. It’ll be interesting to hear what he has to say on this topic. Read the rest of this entry »

Rybolov from The Guerilla CISO, a local infosec NoVA-based blog, has put together a great blog post about NIST’s latest effort to modernize SP 800-30: Risk Management Guide for Information Systems. In his post he stresses how NIST should not change this document into a “catalog of controls gap analysis” process to favor compliance management over risk management.

Overall, Rybolov is right on point! We really need to stop stressing being compliant and start focusing on risk management. Compliance should be a by-product of risk management, not the other way around.

Just a quick update that the The Last HOPE infosec conference event is in 5 weeks. Recently, they’ve announced Steven Levy as the keynote speaker along with other talks by Adam Savage (from Mythbusters), Kevin Mitnick (no intro needed), Jello Biafra, and Steven Rambam. Beyond that, additional speakers have been announced and there are still slots open for those who would like to submit. Also, the Hotel Penn discount rooms have sold out so they’ve posted some other hotel options. See our original post for more information about this conference.

I noticed that OWASP AppSec has recently announced this year’s OWASP NYC AppSec infosec conference event. These AppSec conferences have really been expanding in recent years. The last one I went to was the OWASP/NIST event they had about two years ago up in Gaithersburg. Since then they’ve seemed to have expanded into offering a vendor area as well as several training courses prior to the main conference. Although the training is a little pricey for those paying out of pocket, access to the main speaker sessions is still just $300! Here are the logistics for this year’ conference: Read the rest of this entry »

Over at the Carnal0wnage Blog, CG made a nice post about the updated draft version of DoD 8570.1M that is probably relevant to many of us in NoVA. This is the directive that requires many of us to have some kind of IA certification if we want to do work for the government. CG focused on requiring the CISA or GSNA to perform any auditing activities however this draft document is well worth reading as its implementation becomes more of a reality. You can review the latest draft version of DoD 8570.1M here.

Here is some information regarding this week’s Thursday OWASP - VA Local Chapter infosec meetup event. This looks to be another set of great talks. Too bad we’ll have to decide between this meeting and NoVA Sec’s. Pizza will be provided for a small fee. If you plan on attending, RSVP so they can get your badge processing started. Read the rest of this entry »

Here is some information regarding this week’s Thursday NoVA Sec infosec meetup event. Looks like NoVA Sec is deviating from their normal forth Thursday of the month schedule. Regardless, the topic looks interesting. Plus I hope Chris talks about LearnSecurityOnline.com as I’ve been interested in trying it out. Read the rest of this entry »