September 2017 Monthly Meeting
Robert (Bob) Cowles is principal in BrightLite Information Security performing cybersecurity assessments and consulting in research and education about information security and identity management. He served as CISO at SLAC National Accelerator Laboratory (1997-2012); participated in security policy development for LHC Computing Grid (2001-2008); and was an instructor at University of Hong Kong in information security (2000-2003). His CACR contributions include research for the XSIM project and the NSF Cybersecurity Center of Excellence.
_________________________________________________________________________
Topic 2: Outsource Safely or Else!
Abstract:
Software outsourcing is a way to address the developer talent shortage and a shortcut to building a development team. This talk tells the story of managing a year-long personal journey to develop a two-sided online business platform, using an outsourced software design and development team.
Mezak will share how he handled it and the inevitable "course corrections" along the way including major security flaws that were discovered by a separately outsourced penetration test (Pentest). Attendees will discover the types of white, gray and black box Pentest you can perform and the critical elements they contain. In the end, attendees will walk away from the session with the knowledge of how and when to perform a Pentest when creating a secure business platform application with an outsourced or internal software development team.
Speaker: