Out and About: GrrCon 2012

Archive for the ‘Out and About’ Category

Out and About: GrrCon 2012

Posted by

September 27 and 28, I will be out in Grand Rapids for the GrrCon conference. I am working on a fun little project using .Net Framework to create covert channels, and then use the same tools along with OS controls to block and shutdown those channels. Come on out, visit with the Grand Rapids folks, and enjoy a great conference.

Punch and Counter-punch with .Net Apps
Presentation Abstract: Alice wants to send a message to Bob. Not on our network, she won’t! Who are these people? Then Alice punches a hole in the OS to send the message using some .Net code. We punch back with Windows and .Net security configurations. Punch and counter-punch, breach and block, attack and defend, the attack goes on. With this as the back story, we will walk thru sample .Net apps and Windows configurations that defenders use and attackers abuse. Short on slides and long on demo, this presentation will step thru the latest in .Net application security.

Out and About: Stir Trek

Posted by

This coming May 4, I will be out at the Stir Trek conference in Columbus, OH. Tickets go on sale today at 1:59 pm. (3/14 1:59 for Pi day, get it?) I hear the conference sold out last year within five days, so if you are joining us, act fast. Stir Trek is a unique developer conference in that it combines technology talks with a private screening of a movie. This year, it is The Avengers. Quite the event.

I am in the Cloud computing track and will be sharing my experiences on DevOps and private/public cloud computing. Hope to see you there.

Running DevOps on a Microsoft Cloud
You have heard the rumors. DevOps is this touchy-feely culture thing where the developers run cowboy over the infrastructure using open source tools. But what if you are running a Microsoft infrastructure? What if you are in a highly regulated industry, say like finance? And what if you need to show hard dollar savings to support culture changes? Forget the rumors. We have the facts. In this session, we will present how a Midwest investment firm implemented DevOps on a cloud computing model. The tool stack is SharePoint, SQL Server Business Intelligence, and System Center. Let’s get past the rumors and see how existing organizations are getting the most from DevOps and the cloud.

Peer Incites next week

Posted by

I will be on Peer Incites next Tuesday, March 6th, for a lunch time chat on team management. The talk is scheduled for 12-1pm ET / 9-10am PT.

DevOps — the integration of software developement and IT operations — is a hot topic these days. In my current role, I took on IT operations in 2008 and took on software development in 2010. I have been driving the combined team using value proposition lens of the nexus of passion, skillsets, and business value. Add to this my favorite topic, training and skill hops, and we get a winning mix for leading a productive DevOps team.

I will dig into the nuts-and-bolts next Tuesday. Details are below. Hope you can join us.

Wolfgang

 

Mar 6 Peer Incite: Achieving Hyper Productivity Through DevOps – A new Methodology for Business Technology Management

By combining IT operations management and application development disciplines with highly-motivating human capital techniques, IT organizations can achieve amazing breakthroughs in productivity, IT quality, and time to deployment. DevOps, the intersection of application development and IT operations, is delivering incredible value through collaborative techniques and new IT management principles.

 

More details at:
http://wikibon.org/wiki/v/Mar_6_Peer_Incite:_Achieving_Hyper_Productivity_Through_DevOps_-_A_new_Methodology_for_Business_Technology_Management

Grand Rapids on Friday (GrrCon)

Posted by

I will be in Grand Rapids this Friday, attending the information security conference GrrCon. I am speaking on business continuity and risk management in the executive management track. Meantime, there is a slate of excellent speakers covering everything from OS kernel attacks, SSL trust, social engineering, to hacking smart meters and hacking airplanes.

Come out and see the conference. Drop me an email if you want to hook up.

Out and About: GrrCon

Posted by

I will be out at the GrrCON conference in Grand Rapids on Friday, September 16. I am giving a session in the InfoSec Management track. The topic is on business continuity planning and risk management. Sound boring? No worries. There is an amazing line up of speakers covering a wide range of topics. Hope to see you there.

How asteroids falling from the sky improves security
An asteroid fell from the sky and the data center is now a smoking crater. At least, that’s the scenario that launches your business continuity planning. BCP asks the questions: what do we have, what does it do, what is the risk and what is the value? The answers to these questions are also essential build blocks of a risk management program. This presents an opportunity for the savvy information security professional. In this session, we will look at ways to co-opt business continuity to advance an organization’s information security.

Back from the mountains

Posted by

I am back from hiking the Shenandoah national forest.

John le Carre: “Coming home from very lonely places, all of us go a little mad: whether from great personal success, or just an all-night drive, we are the sole survivors of a world no one else has ever seen.”

Out and About: Practical Risk Management

Posted by

Contact: Cynthia Meinke
Ph: 248-373-8494
Date(s): 9/18/08
Time: 6:00 PM
Location: Cisco Systems, 2000 Town Center, Suite 450, Southfield, MI 48075

Event Description:

The Motor City Chapter of the Information Systems Security Association (ISSA) will be hosting their September meeting with a presentation on Practical Risk Management. Their speaker,  J. Wolfgang Goerlich, CISSP, CISA,  is an information security professional with over a decade of experience in IT.  Currently Mr. Goerlich is the Network Operations and Security Manager for a large financial institution in Michigan.  In this presentation, Mr. Goerlich will describe some of the challenges he faced while developing an enterprise risk management program and explain how he ultimately solved them with a leading governance risk and compliance (GRC) technology. This presentation will discuss the practical implementation of GRC technology, discuss its uses, and review lessons learned.

This event is open to non-members.  Please RSVP to secretary@issa-motorcity.org.  For further information, please contact Cynthia Meinke at 248-373-8494 ext. 405.