NovaInfosecPortal.com

SANS: The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. See our Infosec Conferences, Infosec Blogs/Podcasts, and Training pages for specific offerings related to SANS.

OWASP: The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Their mission is to make application security “visible,” so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of their materials are available under an open source license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. See our Infosec Conferences, NoVA Meetups, Training , and NoVA Email Lists/Networking pages for specific offerings related to OWASP.

ISSA: The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members. See our NoVA Meetups page for specific offerings related to the ISSA.

IEEE: There are several security related groups including Security & Privacy.

2600: Emmanuel Goldstein found this organization, officially called 2600 Enterprises, Inc., as a non-profit company that covers many of its activities, including The Hacker Quarterly, H.O.P.E., and many local meetings. The Hacker Quarterly is a quarterly publication that specializes in publishing technical information on a variety of subjects including telephone switching systems, Internet protocols and services, as well as general news concerning the computer “underground” and libertarian issues. The magazine is published and edited by Emmanual. 2600 has also established the H.O.P.E. (Hackers On Planet Earth) conferences as well as monthly meetings in various countries around the world. See our Infosec Conferences and NoVA Meetups pages for specific offerings related to 2600.

CitySec: CitySec meetups are gatherings of information security professionals. Are you an information security professional? You are if you (ever) write firewall rules, read log files, apply patches, follow Bugtraq, help select products, rack and stack security appliances, find vulnerabilities, write secure code, test other people’s code, write policies, manage people who do any of these things, assist people who do any of these things, or just want to one day do any of these things. The rule of thumb is, no more structure than is absolutely necessary to get people into a room (where “room” usually means “bar”): if structure (like “name tags” or “surveys”) would even possibly prevent one person from attending the meeting, don’t use it. See our NoVA Meetups page for specific offerings related to CitySec.

The Shmoo Group: The Shmoo Group is a non-profit think-tank comprised of security professionals from around the world who donate their free time and energy to information security research and development. In addition to all of their internal projects, (ShmooCon, AirSnort, Rainbow Tables to name a few), their work extends into some of the most widely used infosec software (and books!) around. From Lord of the Rings, to Mixmaster, to Apache, to PGP, to Snort, to OpenSSL, to StackGuard/FormatGuard … the list goes on and on. Oh, and sometimes you can catch them teaching, preaching, and expounding various topics we find interesting at conferences around the planet. See our Infosec Conferences, NoVA Meetups, Training , and NoVA Email Lists/Networking pages for specific offerings related to The Shmoo Group.

The Ethical Hacker Network: Free Online Magazine for the Security Professional (may not fit here; move to blogs and reference TDCC?)

Offensive Security: This organization is an online training spinoff of the BackTrack live CD. Their courses are tailored for System Administrators and Security Professionals who want to learn how to get the most out of BackTrack - directly from it’s creators! See our Training page for specific offerings related to Offensive Security.

Heorot: This organization provides commercial support for the Open Source Project “De-ICE.net Penetration Test LiveCDs,” which has been covered in the press, both in article and book form. Designed for engineers and managers with a wide-range of experiences within Information Security Penetration Testing, Heorot.net provides training opportunities in the form of online and face-to-face classes. Whether you are new to Penetration Testing, or a seasoned engineer with years of experience, Heorot.net provides training to improve your skills. See our Training page for specific offerings related to Heorot.

RSA: RSA is the premier provider of security solutions for business acceleration. As the chosen security partner of more than 90 percent of the Fortune 500, RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. In September 2006, after over 20 years providing leadership to the security industry, RSA Security joined forces with EMC Corporation and Network Intelligence to form the Security Division of EMC. Driving this merger is the recognition that customer needs have changed, and traditional approaches to information security are no longer sufficient. Increasingly, what should be your most important company asset—information—is your greatest liability. In response, RSA is ushering in a new information-centric approach to security that will empower leading companies worldwide to address these challenges and move ahead with the confidence to compete and win in today’s marketplace. Fueling our mission is the passionate belief that security should be about lifting business limitations, not imposing them. See our Infosec Conferences and Training pages for specific offerings related to RSA.

The Digital Construction Company (TDCC): Runs ChicagoCon, The Ethical Hacker Network, and The Certified Security Professional (an online magazine and resource). See our Infosec Conferences and Training pages for specific offerings related to TDCC.

F-Secure: F-Secure Corporation protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. We want to be the most reliable provider of security services in the market. One way to demonstrate this is the speed of our response. F-Secure’s award-winning solutions are available as a service subscription through more than 160 Internet service providers and mobile operator partners around the world, making F-Secure the global leader in this market.  The solutions are also available as licensed products through thousands of resellers globally. F-Secure aspires to be the most reliable security provider, helping make computer and smartphone users’ networked lives safe and easy. This is substantiated by the company’s independently proven ability to respond faster to new threats than its main competitors. Founded in 1988 and headquartered in Finland, F-Secure has been listed on the OMX Nordic Exchange Helsinki since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry. The latest news on real-time virus threat scenarios is available at the F-Secure Data Security Lab weblog. See our Infosec Blogs/Podcasts page for specific offerings related to F-Secure.

SecurityFocus: SecurityFocus is the most comprehensive and trusted source of security information on the Internet. SecurityFocus is a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs. See our Infosec Blogs/Podcasts and NoVA Email Lists/Networking pages for specific offerings related to SecurityFocus.

The Register: A popular UK-based IT news site. See our Infosec Blogs/Podcasts page for specific offerings related to SecurityFocus.

Foundstone:  Foundstone was formed in 2001 by the industry leading security experts who first built the network security consulting practices at two Big 6 accounting firms. As an independent firm Foundstone built its reputation as enterprise network security experts through publication of numerous books and articles that enhanced the knowledge base of the network security community. Foundstone’s practice includes strategic functions such as overall network security policy development, secure software lifecycle development, patch management program development and other process related program development projects. From the tactical perspective Foundstone will perform in-depth technical testing of networks, applications, and various security related infrastructure components such as firewalls, VPNs, and wireless networks. Due to its significant growth and excellent reputation in the enterprise network security community Foundstone was acquired by McAfee, Inc. in September, 2004. Foundstone’s Enterprise Vulnerability Management product has been integrated into McAfee’s general suite of security products. Foundstone Professional Services continues to deliver the high-quality security services operating as a division of McAfee. See our Training page for specific offerings related to Foundstone.

Learn Security Online: LSO is primarily an online training organization helps develop the foundation necessary to move into the security field through a monthly membership program. They offer a fairly comprehensive training regemin that includes tutorials, games and challenges, courses, and labs and competitions assembled in a very thought out learning model. You can start off with written articles and tutorials and then progress to computer simulators and interactive tutorials. Next you can continue on with online games and finally move to challenge servers. To support your progression LSO offers self-paced or instructor led courses as well as research/practice labs and competitions. See our Training page for specific offerings related to LSO.

Applied Security: TBD. See our Training page for specific offerings related to Applied Security.

ISACA: The Information Systems Audit and Control Association (ISACA) got its start in 1967, when a small group of individuals with similar jobs—auditing controls in the computer systems that were becoming increasingly critical to the operations of their organizations—sat down to discuss the need for a centralized source of information and guidance in the field. In 1969, the group formalized, incorporating as the EDP Auditors Association. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field. Today, ISACA’s membership—more than 75,000 strong worldwide—is characterized by its diversity. Members live and work in more than 160 countries and cover a variety of professional IT-related positions—to name just a few, IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. Some are new to the field, others are at middle management levels and still others are in the most senior ranks. They work in nearly all industry categories, including financial and banking, public accounting, government and the public sector, utilities and manufacturing. This diversity enables members to learn from each other, and exchange widely divergent viewpoints on a variety of professional topics. It has long been considered one of ISACA’s strengths.  Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves. Another of ISACA’s strengths is its chapter network. ISACA has more than 175 chapters established in over 70 countries worldwide, and those chapters provide members education, resource sharing, advocacy, professional networking and a host of other benefits on a local level. Find out if there’s a chapter near you. Since its inception, ISACA has become a pace-setting global organization for information governance, control, security and audit professionals. Its IS auditing and IS control standards are followed by practitioners worldwide. Its research pinpoints professional issues challenging its constituents. Its Certified Information Systems Auditor (CISA) certification is recognized globally and has been earned by more than 60,000 professionals since inception. The Certified Information Security Manager (CISM) certification uniquely targets the information security management audience and has been earned by more than 9,000 professionals. The Certified in the Governance of Enterprise IT (CGEIT) designation promotes the advancement of professionals who wish to be recognized for their IT governance-related experience and knowledge and has been earned by more than 200 professionals. It publishes a leading technical journal in the information control field, the Information Systems Control Journal. It hosts a series of international conferences focusing on both technical and managerial topics pertinent to the IS assurance, control, security and IT governance professions. Together, ISACA and its affiliated IT Governance Institute lead the information technology control community and serve its practitioners by providing the elements needed by IT professionals in an ever-changing worldwide environment.

InfraGard: InfraGard is a Federal Bureau of Investigation (FBI) program that began in the Cleveland Field Office in 1996. It was a local effort to gain support from the information technology industry and academia for the FBI’s investigative efforts in the cyber arena. The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former National Infrastructure Protection Center (NIPC) and to the Cyber Division in 2003. InfraGard and the FBI have developed a relationship of trust and credibility in the exchange of information concerning various terrorism, intelligence, criminal, and security matters. InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories. Each InfraGard Chapter has an FBI Special Agent Coordinator assigned to it, and the FBI Coordinator works closely with Supervisory Special Agent Program Managers in the Cyber Division at FBI Headquarters in Washington, D.C. While under the direction of NIPC, the focus of InfraGard was cyber infrastructure protection. After September 11, 2001 NIPC expanded its efforts to include physical as well as cyber threats to critical infrastructures. InfraGard’s mission expanded accordingly. In March 2003, NIPC was transferred to the Department of Homeland Security (DHS), which now has responsibility for Critical Infrastructure Protection (CIP) matters. The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

CSO Breakfast Club: When club founder Bill Sieglein was a CSO a few years ago he found it very powerful to speak with his peers to learn what they were doing, how well things were going for them and simply share ideas. While there were a number of associations he belonged to, none seemed to provide the opportunity for his security executive peers and he to talk about concepts in an environment where sharing was safe. From that desire, to have peer-to-peer contact with other security executives in a safe environment, grew the CSO Breakfast Club. The goal of the club is to SHARE, EDUCATE and ELEVATE. About every six weeks or so we meet at a location in one of the cities where we have a club. We will post events on this site under the News/Events page and send invites to those of you on our contact list. Feel free to spread the word to your colleagues. We will have a general topic for discussion and, when you show up we eat some breakfast, drink some coffee and discuss our topic. We will have expert speakers, panels and occaisionally invite vendors to share their solutions with us when you agree you want to hear from them. You pick the topics! We have found that in a casual atmosphere, such as this, folks are willing to be open and honest and share. In such a setting we can help each other out. Let’s say, for example, that you are about to embark on an identity and access management project and you have a few concerns. Let’s also assume that one of the other attendees happens to have just completed an identity management project. That’s a perfect opportunity to discuss lessons learned and benefit from one-another’s experiences. You know the hackers are working together, why shouldn’t we?

AFCEA International: Armed Forces Communications and Electronics Association (AFCEA) International is a non-profit membership association serving the military, government, industry, and academia as an ethical forum for advancing professional knowledge and relationships in the fields of communications, IT, intelligence, and global security. AFCEA’s members, sponsors and associates are among the world’s leading designers, planners, manufacturers, testers and users of systems, services and components for communications, intelligence, imaging and information systems.