The conference delivered topics from different security sectors, including cloud computing, cyber security, data center and virtualization, and defense innovations. The event featured top industry experts from well known companies and government institutions.

The keynote speeches at GovSec included its usual mix of law enforcement and technology with Bill Bratton, former police chief of Los Angeles, New York and Boston, Anthony Zuiker, creator and executive producer of CSI: Crime Scene Investigation, and Steven R. Chabinsky, the deputy assistant director in the FBI’s Cyber Security Division.

Bratton talked about technology’s role in police work and its likely role in the future.  He also noted that local police departments have the knowledge but lack the resources for cyber security-related police efforts.

Meanwhile, Zuiker discussed cross-platforming. He noted “traditional media is dead, and that newspapers, magazines and TV must become more interactive.”

In the last keynote of the day Chabinsky said that “How the United States handles cybercrime could help determine the future of the country.” He framed the issue of online crimes, including hacking and copyright infringement, as a question of both economic and national security. Chabinsky added that almost every cyber criminal is now a member of an online forum or chat service and that “… like you have doctors who are specialists instead of general practitioners, we have cyber criminals who are specialists instead of general practitioners.”

Chabinsky described 10 types of specialized cyber criminals:

• Programmers who write malware and exploits
• Vendors who sell stolen data
• Techies who maintain the needed information technology infrastructures
• Hackers who exploit the vulnerabilities
• Fraudsters who create social engineering schemes
• Hosters
• Cashiers who control accounts
• Money movers
• Tellers
• Leaders, who assemble the teams

The only education session that I was able to attend was the International & Initiatives on Cybersecurity. The training included six mini sessions and was presented by the American Bar Association’s Privacy & Computer Crime Committee. The discussion focused on an international legal framework to counter cyber security. Some countries have no cybercrime laws and to close this divide in cyber security, an ITU Toolkit for Cybercrime Legislation is made available. The ITU Toolkit aims to provide countries with sample legislative language and reference material that can assist in the establishment of harmonized cybercrime laws and procedural rules.

Well those are some quick notes on some of the activities from day 1. We’ll be in attendance tomorrow as well and look forward to some interesting topics. If you would like to learn more about GovSec, see its description in our Infosec Conferences section as well as the main GovSec conference site. They also have a Twitter account at @GovSecUSLaw so be sure to follow them tomorrow for all the latest conference happenings.

Doug Wilson discussed an OWASP project that combine a variety of vulnerable web applications on a virtual machine that can be used for testing web application security tools and techniques. The project is entirely free and open source. The project is also useful for testing white box tools and techniques such as source code analysis.

Trevor Hawthorn’s talk “The New World of Smartphone Security” tackled security concerns that are not being discussed and have not been publicly disclosed. In the talk he examined mobile-to-mobile attacks within cellular IP networks, specifically focusing on iPhone attack surfaces,  worms, location-based gaming privacy concerns, and web application security.

Richard Goldberg’s discussion was about the less obvious legal risks inherent in storing and accessing data in the cloud. He focused on real-world problems and solutions.

“The aim is to foster a greater understanding of the relevant issues, legal and privacy risks, potential solutions, and which problems do not have solutions.”

Finally, Pete Markowsky covered the differences among reviews system management mode and the relationship between SMM and Virtualization on the AMD-V platform and how to install a SMI handler.

See InfosecEvent’s ShmooCon 2010 - Wrap Up post for a complete list of all conference coverage.

Taking place over dinner and drinks, the CharmSec meetups are a relaxed way to meet local security professionals.

If you’d like more details about this meetup, continue reading below.

• Who: CharmSec
• What: Normal Meeting
• When: 09-24, 7:00 PM EST
• Where: Slainte (1700 Thames St. Baltimore, MD 21231)

For more information on CharmSec, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Also be sure to check out the CharmSec meetup page.

o o o o o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.

HacDC ecourages people to stop by with their microcontroller project to either “learn, teach or just hang out with other microcontroller enthusiasts.”

If this sounds like a meetup you’d be interested in attending, continue reading below.

• Who: HacDC
• What: “Microcontroller Mondays”
• When: 09-14, 7:00 – 8:00 PM EST
• Where: HacDC (1525 Newton St NW, Washington DC 20010; near the corner of 16th and Newton NW)

For more information about HacDC, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area.

o o o o o

Get your own Microcontroller Kit if you don’t have one already.

But speaking of interesting, here’s our pick for tweet of the week:

grecs RT @dallendoug @rybolov has QOTD “It’s Hactivism 4 tech challenged. Just tell them to click link & leave their computer on.” #OWASPDC #totw

We also wanted to give this #totw honorable mention:

grecs RT @briankrebs lol, there’s prob no surer way to push a site that’s having trouble over the edge than asking if ppl can get to it. #totw

In addition to the three bloggers we’ve featured this week, you can find a list of other great bloggers in the NoVA, DC, and MD area here.

You can also follow us @grecs during the week for more great blog posts as they happen. Now, on to those posts!

#3 – Wade Is Back: Like we mentioned last week, Wade is back on the blogging scene with some great weekly commentary. Choosing six posts to comment on this week, Wade provides some insightful and in-depth commentary on subjects ranging from the National Retail Federation Poll to the trials and tribulations of public sector CISOs. Definitely be sure to check out the full post here.

#2 – Risky Business: It’s hard to remember what existed before risk management. It seems to be on the tip of everyone’s tongue, and when used correctly, it can be pretty effective. In their post “Risk Management,” @geminisecurity discusses risk management in detail, exposing both the pros and the cons. If you’re interested in finding out if risk management is really ‘worth the risk’ (pun intended), you can check out the full post.

#1 – OWASP and SAMM: It seems that @danphilpott is on a roll. Not only did he make our Top 3 last week, he takes the top slot this week for his guest post “OWASP and Uncle SAMM.” Writing for the Ariel Silverstone blog, @danphilpott addresses the goal of OWASP as well as a specific OWASP project— the Software Assurance Maturity Model (SAMM). Describing SAMM as “an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization,” @danphilpott goes on to say that “SAMM seeks to improve security by enhancing application development business functions.” You can read more about those specific functions as well as the rest of @danphilpott’s excellent post here.

Well, that’s all for this week. Be sure to check back next week for more great posts by local security bloggers.

Because while we can all whine until the cows come home that cutting security budgets is wrong and unwise, that won’t change the reality that security budgets will continue to be cut or significantly reduced. So instead of just complaining about it, why not attend this meetup? And while you’re at it, why not write about if for us.

If you’d like more information about this meetup (extra incentive because it’s being held at a restaurant), continue reading below.

• Who: Frank Aiello
• What: “Dude, Where’s My Security Budget?”
  • Will discuss effective strategies for coping with the reductions in information security spending while still managing your organization’s risk.
• When: 09-09, 3:00 – 8:00 PM EST
• Where: Chiaparellis Restaurant (237 South High Street, Baltimore, MD)

For more information on the ISACA – CM Chapter, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the ISACA meetup page.

Please spread the word so no one shows up at Capitol College and has nothing to do!

HacDC ecourages people to stop by with their microcontroller project to either “learn, teach or just hang out with other microcontroller enthusiasts.”

If this sounds like a meetup you’d be interested in attending, continue reading below.

• Who: HacDC
• What: “Microcontroller Mondays”
• When: 09-07, 7:00 – 8:00 PM EST
• Where: HacDC (1525 Newton St NW, Washington DC 20010; near the corner of 16th and Newton NW)

For more information about HacDC, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area.

o o o o o

Get your own Microcontroller Kit if you don’t have one already.

These meetings take place at the Load of Fun building (also known as a hackerspace), and are for members or prospective members only.

While the membership fee to belong to Baltimore Node is currently $50 per month, they do their best to work with those that are unable to pay the full amount. You can read more about that here.

For additional details about the weekly Baltimore Node meeting, continue reading below.

• Who: Baltimore Node
• What: Normal Meeting
• When: 09-08, 7:30 PM EST
• Where: The Load of Fun Building (120 W North Ave Baltimore, MD 21201)

For more information about Baltimore Node, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Check out the Baltimore Node page for even more hacker goodness.

o o o o o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.

But, on the bright side, October will be the one-year anniversary of DojoSec meetups, so be sure to make the October DojoSec meetup if you can!

Please be sure to spread the word about this; we don’t want anyone showing up at Capitol College with nothing to do.