From 1c5787e80484550dc4415c58bad2dcc2586fece8 Mon Sep 17 00:00:00 2001 From: OWASP Foundation Date: Thu, 27 Jun 2024 00:04:53 -0400 Subject: [PATCH] remote update file --- _data/community_events.json | 80 ++++++++++++++++++------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/_data/community_events.json b/_data/community_events.json index d6d9e11c..4d632143 100644 --- a/_data/community_events.json +++ b/_data/community_events.json @@ -9,16 +9,6 @@ "timezone": "America/New_York", "description": "In the ever-evolving landscape of cybersecurity, understanding your attack surface and adopting an adversarial perspective are critical components for building a robust security program. This talk will delve into the strategic importance of these concepts, emphasizing how they can preemptively identify and mitigate potential security threats. We will explore the methodologies behind attack surface mapping, highlighting the necessity of viewing your infrastructure through the lens of an attacker to uncover vulnerabilities that might otherwise go unnoticed. By embracing this mindset, organizations can proactively defend against sophisticated attacks, ensuring their defenses are as robust and comprehensive as possible.\n\nThe talk will shift to a demonstration, centered around the Amass Project, OWASP\u2019s powerful tool designed for in-depth attack surface mapping and asset discovery. Attendees will have the opportunity to gain hands-on experience with Amass, learning how to leverage its capabilities to uncover and visualize the full extent of an organization\u2019s external exposure. The session will cover practical examples, showcasing how Amass can be integrated into security workflows to enhance situational awareness and threat intelligence. By the end of the presentation, participants will have a clear understanding of how to implement these strategies in their security programs, ultimately fortifying their defenses against potential adversaries." }, - { - "group": "Augsburg", - "repo": "www-chapter-augsburg", - "name": "3. OWASP Augsburg Stammtisch", - "date": "2024-06-26", - "time": "19:00+02:00", - "link": "https://www.meetup.com/owasp-augsburg-chapter/events/301438471", - "timezone": "Europe/Berlin", - "description": "!WANTED! --> Women in IT Security <-- !WANTED!\n\nAgenda\n\nVortrag: SSL/TLS-Test, braucht man das noch? (Achim Hoffmann)\nDie Verschl\u00fcsselung der \u00dcbertragung von Daten (Data in Transit) mithilfe von TLS hat sich inzwischen als 'Best Practice' etabliert. Sobald ein Zertifikat erworben oder automatisch eingerichtet wurde, kann die Verschl\u00fcsselung inzwischen auch auf Servern meist relativ einfach 'eingeschaltet' werden.\n\nReicht das? Lohnt es sich nachzupr\u00fcfen, was da aktiviert wurde? Wie geht das? Achim zeigt uns am Beispiel des, von ihm als OWASP-Projekt entwickelten SSL/TLS-Test-Tools 'O-Saft (https://owasp.org/www-project-o-saft/)', wie wir diese Tests einfach f\u00fcr verschiedene Protokolle durchf\u00fchren k\u00f6nnen. Die Interpretation der Ergebnisse und worauf es dabei ankommt, wird anhand von Beispielen aus der Praxis gezeigt und mit den Teilnehmern des Stammtischs diskutiert.\n\nAchim Hoffmann ist als 'OWASP-Urgestein' ein langj\u00e4hriger (>25 Jahre), auf Web Application Security spezialisierter Berater, (Pen-)Tester, Trainer und Sprecher; Er ist Board Member von OWASP-Germany und OWASP-Project-Leader u.a. f\u00fcr O-Saft\n\nFreie Diskussion\nNetzwerken\n\nBitte gebt Bescheid, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben.\n\nDu hast eine Idee oder willst einen Talk halten? Melde dich einfach!Wichtiges f\u00fcr Talks in aller K\u00fcrze:\n\nVerwende einen neutralen Foliensatz - ohne Logo, ohne WerbungAuf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit LogoGib kurz Bescheid, ob du den Vortrag auch auf Englisch halten k\u00f6nntestVertriebler, die eine Verkaufsveranstaltung durchf\u00fchren wollen, werden ausgebuht und m\u00fcssen diverse Runden Bier ausgeben" - }, { "group": "Austin", "repo": "www-chapter-austin", @@ -69,16 +59,6 @@ "timezone": "America/Los_Angeles", "description": "**Want to tap into your inner evildoer and test your skills in hunting down web application vulnerabilities?**\nJoin us at this joint event between Pacific Hackers and OWASP Bay Area to immerse yourself in the industry\u2019s most authentic environment, where players exploit their way through hundreds of vulnerabilities that lurk in business applications today. Success means learning quickly that attack and defense are all about thinking on your feet. For each vulnerability you uncover, you are awarded points. Climb the interactive leaderboard as you vie for the top spot!\n\n**About the Range:**\nThe CMD+CTRL Cyber Range is ideal for anyone interested in learning how web applications are attacked, furthering their cybersecurity acumen, or honing the skills needed to protect the enterprise. From curious bystanders to active practitioners to Risk and Security Executives, there\u2019s something for everyone.\n\nRegistration:\nPlease register here to get more event details and help us organize food and drinks [https://web.securityinnovation.com/owasp-bayarea](https://web.securityinnovation.com/owasp-bayarea)\n\n**Agenda:**\n5 PM \u2013 Food & Networking\n5:30 PM \u2013 8:30 PM \u2013 CTF Time\n8:30 PM \u2013 Prizes" }, - { - "group": "Bay Area", - "repo": "www-chapter-bay-area", - "name": "Bay Area OWASP June Meetup", - "date": "2024-06-26", - "time": "17:00-07:00", - "link": "https://www.meetup.com/bay-area-owasp/events/301448414", - "timezone": "America/Los_Angeles", - "description": "We're excited to announce our upcoming June meetup, which will be hosted by the wonderful **Traceable** team at **Harness** HQ in San Francisco. Refreshments will be sponsored by **Defy Security**. Get ready for insightful discussions and the chance to network with some of the brightest minds in the industry.\n\n**Agenda:**\n5:00 - 5:45: Doors open, networking and food\n\n5:45 - 6:30: Talk 1: API Security Blunders: Tales from the Cyber Trenches - Anjum Ahuja\n6:30 - 7:15: Talk 2: Had a Cyber Incident? Better Call Saul! - Daniel Davis\n7:15 - 8:00: Talk 3: Details to follow\n\n**Talk 1:**\nSpeaker:\nAnjum Ahuja\n\nTitle:\nAPI Security Blunders: Tales from the Cyber Trenches\n\nAbstract:\nIn this session, we dive into API Security by dissecting real-world blunders that have caused security breaches. We'll guide you through the process of identifying these anti-patterns and provide insights to effectively defend against such attacks.\n\nSpeaker Bio:\nAnjum is the Director of Security Research at Traceable.ai. He has worked on different aspects of security engineering specifically Detection engineering & Incident response, AppSec and Threat Intelligence. He has presented at conferences like BSidesSF, BSidesCharm, and has multiple patents issued for IOT Security.\n\n**Talk 2:**\nSpeaker: Daniel Davis\n\nTitle: Had a Cyber Incident? Better Call Saul!\n\nAbstract: If you\u2019re a CISO, you\u2019re already calling your lawyer. The rest of you are going - huh??? From the SEC\u2019s legal action against Solarwinds to the looming specters of CMMC 2.0 and CIRCIA, when will cybersecurity\u2019s transformation into a legal domain be complete?\n\nSpeaker Bio:\nNo, Daniel isn\u2019t a lawyer, but he did stay at a Holiday Inn Express last night (does that one still hold up???). Cybersecurity isn\u2019t the first technical discipline to be \u201clegal-lite\u201d as he learned running safety programs for military aerospace programs. When things go wrong, people will always want to know who \u201csigned off on it\u201d.\nThis experience led Daniel to Lyft\u2019s autonomous vehicle division to create a public-private partnership to develop a framework for safety and cybersecurity for AVs. Today, he\u2019s the founder of Mindpipe, which will be open sourcing a next generation, end-to-end RAG pipeline leveraging open knowledge graph frameworks." - }, { "group": "Belo Horizonte", "repo": "www-chapter-belo-horizonte", @@ -89,6 +69,16 @@ "timezone": "America/Sao_Paulo", "description": "**OWASP BH est\u00e1 de volta!**\n\nJunte-se a n\u00f3s no nosso primeiro meetup de 2024 e celebre a reabertura do cap\u00edtulo OWASP BH!\n\nAgenda:\n**10h00 - 10h30:** Boas-vindas e reabertura oficial do cap\u00edtulo OWASP BH: Apresenta\u00e7\u00e3o da OWASP e dos planos do cap\u00edtulo para 2024.\n**10h30 - 11h30:** Palestra \"IA Generativa e o Cen\u00e1rio da Seguran\u00e7a Cibern\u00e9tica\": Descubra os desafios e oportunidades da intelig\u00eancia artificial na seguran\u00e7a.\n**11h30 - 12h00:** Palestra a definir\n**12h00 - 13h00:** Networking e encerramento" }, + { + "group": "Boston", + "repo": "www-chapter-boston", + "name": "OWASP Boston Chapter Meeting - July 2024", + "date": "2024-07-10", + "time": "18:30-04:00", + "link": "https://www.meetup.com/owaspboston/events/301854743", + "timezone": "America/New_York", + "description": "This month we will be welcoming Thomas Gleason as our presenter. Thomas will be giving his presentation Be a Better Robert Oppenheimer.\n\nIn the tech world, developers, likened to modern Oppenheimers, innovate quickly but may overlook security. This presentation proposes a unified language for AppSec, balancing development and security priorities. It emphasizes understanding open-source usage, risks in tooling practices, and contextualizing vulnerabilities. Join us to align security with development goals, fostering rapid innovation while ensuring security.\n\nThomas Gleason is an AppSec enthusiast who enjoys building teams and tools to enhance security. He has hands-on experience with the pros and cons of DevSecOps. Outside of work, he cherishes his Rhode Island home and has a penchant for a well-cooked risotto. His professional expertise and personal interests make him a well-rounded individual in the field." + }, { "group": "Brisbane", "repo": "www-chapter-brisbane", @@ -99,6 +89,16 @@ "timezone": "Australia/Brisbane", "description": "The software supply chain is under increasing threat. New attacks and threats have popped up that we couldn't have imagined even two years ago. Total attacks on the software supply chain are increasing by more than 730% year on year since 2019. One way for organizations to combat this growing threat is to empower their red teams to test the software supply chains for that organization. But many red teams are ill-prepared to tackle this new attack surface.\n\nThis talk will have three distinct parts:\n\n1\\. I will describe how security teams\\, red teams\\, or security researchers can quickly identify the multiple components in a particular applications software supply chain\\, and then how to find soft targets to focus on\\.\n2\\. I will describe my VBP framework \\(value\\, behaviour and patterns\\) which is an applied threat modelling framework for software supply chains\\.\n3\\. Finally\\, I will visually describe one of my red team operations on an open\\-source project and the tools that I use \\(or have written\\) to make that possible\\." }, + { + "group": "Chile", + "repo": "www-chapter-chile", + "name": "OWASP TOP10 para Inteligencia Artificial (LLM)", + "date": "2024-07-03", + "time": "20:00-04:00", + "link": "https://www.meetup.com/owasp-chile-meetup-group/events/301844683", + "timezone": "America/Santiago", + "description": "La charla abordar\u00e1 los 10 riesgos de seguridad m\u00e1s importantes identificados por OWASP, en el contexto de los Modelos Ling\u00fc\u00edstico Grandes (LLM).\n\nRevisaremos los desaf\u00edos de seguridad que enfrentan estas tecnolog\u00edas de Inteligencia Artificial y c\u00f3mo puedes mitigarlos.\n\nNo te pierdas esta oportunidad de mantenerte a la vanguardia de la ciberseguridad en el campo de la IA." + }, { "group": "Colorado Springs", "repo": "www-chapter-colorado-springs", @@ -159,16 +159,6 @@ "timezone": "America/Los_Angeles", "description": "**TOPIC**: Breaking Through CVE Noise: Analyzing 5 Key Prioritization Inputs\nJoin us for great networking, dinner and drinks, and see a presentation by **Chelsea Boling**, a Customer Success Architect at **FOSSA**\n\n**ABSTRACT**: Thousands of new Common Vulnerabilities and Exposures (CVEs) are reported each year, which puts a massive burden on security teams to prioritize and address the most critical threats effectively. This is especially true since most vulnerabilities aren\u2019t actually exploitable in their real-world context, and wasting time on non-exploitable issues can get in the way of remediating the most impactful vulnerabilities.\nThis talk will explore strategies to mitigate CVE overload and streamline the vulnerability resolution process. In addition to exploring complexities around CVE noise \u2014 such as the difficulty in distinguishing between high-risk, low-risk, and no-risk vulnerabilities and the pressure to maintain business continuity while ensuring robust security \u2014 we\u2019ll analyze five specific vulnerability prioritization inputs:\n\n1. CVSS scores\n2. EPSS scores\n3. VEX\n4. The CISA KEV Catalog\n5. Reachability analysis\n\nAdditionally, the talk will cover the role of automation and tooling to prioritize vulnerabilities at scale as well as recommended workflows between IT, security teams, and business units to ensure comprehensive risk management.\n\n**Thanks to our Sponsor**: *[FOSSA](https://fossa.com/)*\n*FOSSA is a leading application security and compliance platform that specializes in helping engineering teams deliver trusted software. FOSSA enables companies to prioritize real vulnerabilities in their open source dependencies with comprehensive SCA (software composition analysis) capabilities, while also making it possible for organizations to automate compliance reporting and SBOM (software bill of materials) lifecycle management to meet customer and regulatory requirements. Founded in 2015, FOSSA is trusted by thousands of global organizations, has been downloaded nearly two million times, and has conducted nearly 100 million open-source scans.*\n\n**SPONSORSHIP Opportunities Available**\n*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*\n\n**CODE OF CONDUCT**\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:\n[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)" }, - { - "group": "Los Angeles", - "repo": "www-chapter-los-angeles", - "name": "OWASP LA Monthly In-Person Meeting - JUN 26, 2024", - "date": "2024-06-26", - "time": "17:30-07:00", - "link": "https://www.meetup.com/owasp-los-angeles/events/298386242", - "timezone": "America/Los_Angeles", - "description": "**TOPIC**: What's in your AI code? Learn why every SCA tool is wrong, and how to deal with it.\nJoin us for great networking, dinner and drinks, and see a presentation by **Darren Meyer**, Lead Solution Architect at Endor Labs.\n\n**ABSTRACT**: With the rise of AI-fueled by Python-based libraries, it has become of paramount importance to scan Python-based projects and their dependencies for OSS vulnerabilities. Python relies on package managers like pip or conda to manage declared dependencies. Dependencies are declared in manifest files which the package manager uses to install the correct version of the required dependency. However, Python\u2019s dependency management system coupled with its dynamic type nature makes it an especially challenging language to deal with.\n\nOf particular focus is the phenomenon of phantom dependencies which are unreported dependencies in a project's manifest profile. These hidden dependencies, which are often provided dependencies (which is especially true for libraries such as tensorflow and pytorch which are essential for AI), challenge software composition analysis (SCA) of Python code, impacting the reliability of vulnerability results.\n\n**Thanks to our Sponsor**: *[Endor Labs](https://www.endorlabs.com/)*\n*Endor Labs\u2019 Dependency Lifecycle Management Platform is designed to address the weakest link in software supply chain security: the ungoverned sprawl of open source software in the enterprise. Endor Labs\u2019 mission is to help developers spend less time dealing with security issues and more time accelerating development through safe code reuse. With this solution, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale.*\n\n**Thanks to our Host**: *[HiveWatch](https://www.hivewatch.com/)*\n*Intelligent, efficient, and scalable security*\n*HiveWatch is a cloud-based SaaS platform built for physical security teams to enhance their current security technologies. It streamlines incident response, allows for the consolidation of disparate programs and systems, and reduces false alarms.*\n\n**SPONSORSHIP Opportunities Available**\n*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*\n\n**CODE OF CONDUCT**\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:\n[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)" - }, { "group": "Manchester", "repo": "www-chapter-manchester", @@ -179,16 +169,6 @@ "timezone": "Europe/London", "description": "**To register for this you MUST go to our Eventbrite:** https://www.eventbrite.co.uk/e/owasp-summer-scavenger-hunt-tickets-921543680957?utm-campaign=social&utm-content=attendeeshare&utm-medium=discovery&utm-term=listing\n\nDo you like running round Manchester doing pointless challenges that may or may not be Hacker related for the chance of winning a \u00a3100 Amazon voucher?\n\nYes?!?\n\nThen this is the event for you!\n\nThis July OWASP Manchester will be hosting the first inaugural Charity Summer Scavenger Hunt. What you need to know:\n\nWho\u2019s running it?\nManchester OWASP and Silverphish, you may have entered a similar one at one of the BSides or at Steelcon.\n\nWhere is it?\nOur base is the Piccadilly Central pub opposite Piccadilly Station, but the challenges will be all over the city centre.\n\nTeams\nYou can enter as a team of up to five people or as an individual. It costs \u00a35 per person to enter and the proceeds will go to the Mustard Tree.\n\nRunning Time\nRegistration is between 1pm - 2pm at Piccadilly Central, closing and prizes will be at the pub at 7pm. We\u2019re welcome to stay on at the pub after, and may take a turn round the Gay Village.\n\nPrizes\nThere will be \u00a3100 Amazon voucher PER TEAM for highest score and best submission, theres a \u00a350 Amazon voucher for runner ups (second highest score).\n\nWho will Judge?\nSilverphish, Ben from OWASP and two exciting celebrity judges.\n\nAre there sponsors?\nHell yes there are! We\u2019d like to thank PTP for supplying the prizes and FireDuck for sponsoring the infrastructure.\n\nWill we provide refreshments?\nNo. You\u2019re on your own with that. Please eat before hand, and make sure to grab a Greggs during the hunt. Obvs as the base is a pub you\u2019ll be able to buy a drink there too.\n\nIs the event suitable for Children?\nHell no. It\u2019s in a pub. It\u2019s also not totally safe for work either, so be prepared for some mild adult content.\n\nDo you need technical knowledge to enter?\nYou do not!!! There will be some mildly technical challenges but there will be plenty that are just silly or for fun.\n\nWhat should you bring with you? (These are suggestions, you\u2019re grown-ups so we take zero responsibility for you)\n\n* A water bottle\n* Snacks\n* Comfortable shoes (preferably on your feet)\n* Sun cream\n* A brolly (it\u2019s Manchester after all)\n* A sense of adventure\n* Probably some money\n\n**To register for this you MUST go to our Eventbrite:** https://www.eventbrite.co.uk/e/owasp-summer-scavenger-hunt-tickets-921543680957?utm-campaign=social&utm-content=attendeeshare&utm-medium=discovery&utm-term=listing" }, - { - "group": "Melbourne", - "repo": "www-chapter-melbourne", - "name": "OWASP Melbourne - June 2024 Meetup", - "date": "2024-06-26", - "time": "18:00+10:00", - "link": "https://www.meetup.com/application-security-owasp-melbourne/events/301574282", - "timezone": "Australia/Melbourne", - "description": "G'day all,\n\nOWASP Melbourne is (finally) meeting again. But, in a different format. Our sincere apologies for the silence these past few months; it's been a rough time, in many ways. The landscape and conditions for meetups have changed, especially in the last year, thus, we must adapt to carry-on.\n\nSo, what's happening?\nThe TLDR: We'd meet at 6pm on a Wednesday monthly (except Dec/Jan), at a (different) food place each meetup. Hangout, and together contribute and decide on the AppSec topics we'd want to discuss, while we all grab a bite to eat (at own cost). All these finishing up by 7pm.\n\nFor RSVPs, please do try to keep it updated so that whomever that arrives first at the food place, can try to grab a table/seats for us. We'd be trying to just walk-in and grabbing a table.\n\nPlease see this Google Form for the details, and a quick poll on which Wednesday y'all prefer: [https://forms.gle/U3ArrazUpt9R5EGH8](https://forms.gle/U3ArrazUpt9R5EGH8)\nWe'll close this poll by the 21st June 2024.\n\nWe've picked the first event's date and location, to get the ball rolling.\nSee you there.\nThank you." - }, { "group": "Mumbai", "repo": "www-chapter-mumbai", @@ -229,6 +209,16 @@ "timezone": "America/New_York", "description": "This is an In-Person Event\n\nFood to be provided (Typically pizza or sandwiches)\n\nIntroductions\n\nMore details to be provided soon!\n\nSpeaker 1: **Marc Frankel**\n\nTopic: AIBOM - Utilizing Bill of Materials to desvribe and manage AI risks in the supply chain\n\nSpeaker 2: **Tony Turner**\n\nTopic: Practical Supply Chain Security - What works in real-world supply chain security programs and why it's important to level-set on your risk management journey." }, + { + "group": "Ottawa", + "repo": "www-chapter-ottawa", + "name": "OWASPOttawa July 4th 2024: Car Hacking Workshop with RAMN Platform", + "date": "2024-07-04", + "time": "17:00-04:00", + "link": "https://www.meetup.com/owasp-ottawa/events/301801299", + "timezone": "America/Toronto", + "description": "**\\*\\*\\*\\*\\*This is a Ticketed event\\*\\*\\*\\***\nYou must have a ticket to participate in the workshop due to the limited number of test environments and so participants will have the best possible experience.\n\nWaitlist:\nIf all tickets are registered then please add yourself to the waitlist. We will add more tickets when we learn if we have access to more test environments and draw from the waitlist on an ordered basis.\n\nGet your **FREE** ticket at: [https://buytickets.at/owaspottawachapter/1299905](https://buytickets.at/owaspottawachapter/1299905)\n\n**\\*\\*\\*\\*\\*Mandatory Pre-Workshop Preparation\\*\\*\\*\\***\nPlease check the Mandatory preparation section below!\n\n1. Laptop with GIT installed.\n2. Clone the repo https://github.com/BenGardiner/automotive_scapy_playground\n3. Install python.\n4. Install all the dependencies before the class.\n\n(Ben *will* ask the unprepared to give up their seat to anyone waiting who *is* prepared)\n\n**In-Person Location**:\n150 Louis-Pasteur Private, Ottawa,\nUniversity of Ottawa\n**Room 117 (note the room change)**\n\n**5:00 PM EST** Arrival, setup, mingle, PIZZA!!!\n\n**5:30 PM EST**\n\n1. Introduction to OWASP Ottawa, Public Announcements.\n2. **Car Hacking Workshop**\n\n**Abstract:**\nThis will be a very introductory but still very practical course on car hacking focusing on CAN, UDS on CAN and using scapy. The RAMN will give you an automotive network sandbox to explore and test ([https://github.com/ToyotaInfoTech/RAMN](https://github.com/ToyotaInfoTech/RAMN)). The hands-on sessions will use the automotive scapy playground.\n\nWe currently have 5 RAMN test platforms and the best experience permits 3 attendees working together as a group on one RAMN platform. Therefore we are ticketing this event.\n\n**Mandatory Preparation before the workshop!**\n\n1. Laptop with GIT installed.\n2. Clone the repo https://github.com/BenGardiner/automotive_scapy_playground\n3. Install python.\n4. Install all the dependencies before the class.\n\n(Ben *will* ask the unprepared to give up their seat to anyone waiting who *is* prepared).\n\n**Speakers:**\nBen Gardiner:\nMr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure commercial transportation at the NMFTA and connected transportation with TMNA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior to YFS Inc., Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen\u2019s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer. He is GIAC GPEN and GICSP certified and a GIAC advisory board member, he is also chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (drafting J3061-2), contributor to several ATA TMC task forces, ISO WG11 committees, and a voting member of the SAE Vehicle Electronic Systems Security Committee. Mr. Gardiner has delivered workshops and presentations at several world cybersecurity events including the Cybertruck Challenge, GENIVI security sessions, Hack in Paris, HackFest and DEF CON main stage." + }, { "group": "Penang", "repo": "www-chapter-penang", @@ -319,6 +309,16 @@ "timezone": "Europe/Tallinn", "description": "** Welcome to the Summer Event of OWASP Estonia: Modern Cryptography - Vol. 2 **\n\n In this event we'll host two very special speakers:\n\n**Stefano Alberico**, tech lead mentor at **NATO DIANA** accelerator and founder at Skudo, is a technology visionary with 25 years of international experience.\n\nHe is very problem solving oriented and prefers to set up a demo with a Raspberry Pi rather than only explaining things on a PPT.\n\nHe is now focused on hardware encryption (HSM and PKI) for space and drone applications, based on Skudo's own FPGA implementation.\n\n Speech: **Practical use-cases of encrypted satellite communication**\n\nIn my 30-minute presentation, Stefano will discuss two key use-cases of encrypted digital satellite communication that his company has worked on.\n\nThe first use-case involves a project with the European Space Agency (ESA) last year. We remotely reprogrammed the OPS-SAT's onboard FPGA with our custom cores, adding a Hardware Security Module (HSM) and a RISC-V processor. We then developed an application that captured a satellite image, processed it on the RISC-V, encrypted it on the HSM, and sent it to our ground office. There, we decrypted the image using the appropriate key and displayed it, ensuring secure data transmission.\n\nThe second use-case is an ongoing project to create an encrypted satellite communication link. This involves integrating our HSM/FPGA with an Iridium modem using the Short Burst Data (SBD) service. This setup enables us to send end-to-end hardware-encrypted messages worldwide, ensuring secure and reliable communication.\n\nThese examples demonstrate our work in enhancing secure satellite communications through advanced encryption and processing technologies.\n\n\\-\\-\\-\n\n**Jelizaveta Vakarjuk** is a junior researcher in Cybernetica and industrial PhD student at Tallinn University of Technology. Her research focuses on post-quantum cryptography, privacy-preserving cryptography, and security of voting systems. Mainly she studies post-quantum digital signatures, but also focuses on the aspects of migration to post-quantum cryptography.\n\n Speech: **Obstacles of migration to post-quantum cryptography**\n\nWith the rising development of quantum technologies there is an urgent need to secure existing IT infrastructure against quantum threats. Introducing post-quantum cryptography to present systems could protect them against future quantum computer attacks. Still, post-quantum migration is a challenging process which requires systematic planning and years of execution. In this talk, I will share what are the main migration obstacles in example of Estonian e-services.\n\n **And That's Not All - More Surprises Await!** Whether you're a cybersecurity professional, a tech enthusiast, or just curious about cryptography, there's something for everyone!\n\n **Connect, Collaborate, and Create:** This event is more than just talks - it's a platform to connect with like-minded folks!\n\n **Mark Your Calendars:**\nThursday 04th July at 18:30 - 20:30\nWorkland Maakri 19\n\n **Limited seats, registration on Meetup required!** " }, + { + "group": "Toronto", + "repo": "www-chapter-toronto", + "name": "OWASP Toronto | Improving the SOC with SOC-CMM", + "date": "2024-07-17", + "time": "18:30-04:00", + "link": "https://www.meetup.com/owasp-toronto/events/301854096", + "timezone": "America/Toronto", + "description": "\\*\\* The talk is hosted on the 3rd floor of 171 John Street \\*\\*\n\n**TALK**\n**\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-**\n\n**SOC Capability Maturity Model (SOC-CMM)**\n\n**Summary:**\n\nIn today's ever-evolving threat landscape, a robust Security Operations Center (SOC) is no longer a luxury, but a necessity. However, building a SOC from the ground up can be a daunting task. This presentation introduces attendees to the SOC Capability Maturity Model (SOC-CMM), a powerful framework designed to guide organizations in establishing and maturing their SOC capabilities.\n\nThrough practical examples and real-world scenarios, attendees will learn how to leverage the SOC-CMM to:\n\n* Define clear business objectives for their SOC.\n* Develop a comprehensive staffing strategy with the right skill sets.\n* Establish efficient and repeatable security processes.\n* Select and implement the most suitable security technologies.\n* Integrate seamlessly with existing IT infrastructure and security services.\n\n**Presenters**\n\nIvan Salles ([https://www.linkedin.com/in/ivansalles/](https://www.linkedin.com/in/ivansalles/))\n\nA SecOps professional with extensive global consulting experience, specializing in strategic guidance for topics including SOC, MDR, EDR, XDR, SIEM, and Vulnerability Management. Ivan collaborates as an Advisory Board member at Mente Binaria and a staff at SOC Brazil; he currently serves as the Director of Strategic Initiatives - SOC at Trend Micro Canada. Additionally, he shares his expertise as a Professor for Networking & Security at Fanshawe College. Based in London, Ontario, he enjoys spending time with his family." + }, { "group": "Vancouver", "repo": "www-chapter-vancouver",