SlideShare a Scribd company logo

San Antonio Security Community

Denim Group
Denim Group

John Dickson's presentation to ISSA San Antonio about the San Antonio information security community - its past, present and future.

TechnologyBusiness
1 of 12
Download to read offline
The San Antonio Security Community – Past, Present and Future John B. Dickson, CISSP
Denim Group Background • Privately-held, professional services organization that builds secure software and mitigates risk of existing software • Takes a software-centric perspective on application security – All consultants regularly build software systems – Approach the problem of software security from a developers viewpoint – Secure development methodology used on all software builds • Solving the secure remediation challenge – The next “hard” problem in application security • Thought Leaders in Secure Development Practices – Developed Sprajax – First Open Source AJAX vulnerability scanner – Regular speakers at RSA, OWASP, CSI – OWASP National Leaders 1
My Background • Ex-Air Force Officer – ESC, AFIWC, AFCERT • Entrepreneur • Security Practitioner y – Commercial Experience at Trident Data Systems, KPMG, SecureLogix, Denim Group • Founder and Former Chairman of SATAI & Past Chair of the North Chamber 2
Cluster Theory and San Antonio’s Security Community • Michael Porter’s Cluster Theory of Economic Development – A Cluster: geographic concentration of competing and cooperating companies, suppliers, service providers and associated institutions • Sophisticated clusters produce an ecosystem of activity • Examples: – Silicon Valley semiconductor industry – Hollywood film industry • Cluster theory central to competitiveness 3
The Springs from which much flowed… Emerging Security Community in San Antonio 4
Cluster Theory and San Antonio’s Security Community • Economic analysis prepared by Silicon Valley think tank ICF Consulting led by Jim Gollub • Delivered in July 2000 for: – The City of San Antonio, Economic Development Department – San Antonio Technology Accelerator Initiative • Captured an “emerging cluster” of IT activity centered around information security • “In order for San Antonio to economically benefit from the wealth of competency in information security expertise, economic inputs must be aligned to make it advantageous for local entrepreneurs to stay in the region” 5
The Higher Education Component – A Crown Jewel • UTSA’s Center for Infrastructure Assurance and Security (CIAS) – Established 2001 – Certified by NSA as a Center of Academic Excellence in Information Assurance Education 2002 – Missions • Cyber Security Exercise Programs • Cyber Security Training • Cyber Defense Competitions – Governor’s Emerging Technology Fund • St. Mary’s St Mary s Center for Terrorism Law • OLLU InfoSec Program • ACCD and the Information Technology & Security Academy 6
Early Case Studies of Successes • WheelGroup Corporation – NetRanger: First commercial network intrusion detection technology – Acquired by Cisco Systems for $124m in February 1998 – First successful security firm liquidity event – Founders turned around and founded SecureLogix Corporation in San Antonio • Secure Network Consulting, Inc Consulting Inc., – Led by ex-Air Force and Trident Data Systems security consultants – Acquired by Axent Technologies, who subsequently were acquired by Symantec 7
Immediate Impact of Air Force Decision • Reaffirms what we know in San Antonio – Critical mass of talents, technologies, and higher ed framework – Elected officials and business leaders now acknowledge importance – Growing sense that this is an economic development opportunity for our community • 600+ new jobs – Air Force active duty and civilian positions – Indirect jobs via contracts • Immediate impact on DoD community perception • Increased interest in contractor community outside SA 8
The Possibilities Going Forward • Expand relocation of national contractors to San Antonio – SRC, SAIC, CSC, BAH, et. al. • Increase expansion of cyber security missions at: I i f b it i i t – NSA Texas – 24th AF – Other units • Expand of R&D contract dollars via the 24th AF – Replace the IW Battlelab? • Increase R&D and commercialization via UTSA and others – New commercial companies based on intellectual property spun out • Communicate to the world that we have are a cyber security leader • Pursue additional ETF opportunities P dditi l t iti 9
The ISSA Chapter – How it can Contribute • Current – Conducting educational meetings on security topics of interest – Networking via monthly meetings – Success stories… • Future (proposed) – Grow the next generation of security leadership in San Antonio – Help connect various security interests – cross pollination of security components in San Antonio – Increase profile of San Antonio via ISSA national – Attract higher profile speakers – Increase DoD presence! – Increase identification outside of the security community 10
Contact Information • John B. Dickson, CISSP – john@denimgroup.com – Twitter @johnbdickson www.denimgroup.com http://denimgroup.typepad.com/ p g p yp p 11

Recommended

ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyAgus Wicaksono
 
Minimizing cyber security risks – Digital Security School DSS380
Minimizing cyber security risks – Digital Security School DSS380Minimizing cyber security risks – Digital Security School DSS380
Minimizing cyber security risks – Digital Security School DSS380Internews Ukraine
 
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceVirtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceCollege Development Network
 
ICO Presentation - Data Protection
ICO Presentation - Data ProtectionICO Presentation - Data Protection
ICO Presentation - Data ProtectionNICVA
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 

Recommended

ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyAgus Wicaksono
 
Minimizing cyber security risks – Digital Security School DSS380
Minimizing cyber security risks – Digital Security School DSS380Minimizing cyber security risks – Digital Security School DSS380
Minimizing cyber security risks – Digital Security School DSS380Internews Ukraine
 
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceVirtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceCollege Development Network
 
ICO Presentation - Data Protection
ICO Presentation - Data ProtectionICO Presentation - Data Protection
ICO Presentation - Data ProtectionNICVA
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Mikie
MikieMikie
MikieMJBULLOCK01
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
Cyphra - Cyber Security
Cyphra - Cyber SecurityCyphra - Cyber Security
Cyphra - Cyber SecurityNICVA
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilienceAndrew Bycroft
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Cyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityCyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityIna Luft
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategyBenjamin Ang
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureDr David Probert
 
Personal cyber safety
Personal cyber safetyPersonal cyber safety
Personal cyber safetyOladeinde Oluwakayode
 
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peacePaul van Heel
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityCSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityPhil Agcaoili
 
Collateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisationsCollateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisationsPECB
 
IGPC Data Breach Planning braindump
IGPC Data Breach Planning braindumpIGPC Data Breach Planning braindump
IGPC Data Breach Planning braindumpJames '​-- Mckinlay
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionGareth Niblett
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Complianceijtsrd
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 

More Related Content

What's hot

Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
Cyphra - Cyber Security
Cyphra - Cyber SecurityCyphra - Cyber Security
Cyphra - Cyber SecurityNICVA
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilienceAndrew Bycroft
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Cyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityCyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityIna Luft
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategyBenjamin Ang
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureDr David Probert
 
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peacePaul van Heel
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityCSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityPhil Agcaoili
 
Collateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisationsCollateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisationsPECB
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionGareth Niblett
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Complianceijtsrd
 

What's hot (20)

Mikie
MikieMikie
Mikie
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
 
Cyphra - Cyber Security
Cyphra - Cyber SecurityCyphra - Cyber Security
Cyphra - Cyber Security
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Cyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityCyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on Security
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information Infrastructure
 
Personal cyber safety
Personal cyber safetyPersonal cyber safety
Personal cyber safety
 
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityCSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber Security
 
Collateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisationsCollateral Damage: Cyberwar and its affect on organisations
Collateral Damage: Cyberwar and its affect on organisations
 
IGPC Data Breach Planning braindump
IGPC Data Breach Planning braindumpIGPC Data Breach Planning braindump
IGPC Data Breach Planning braindump
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
BCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss PreventionBCS ITNow 201403 - Data Loss Prevention
BCS ITNow 201403 - Data Loss Prevention
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Compliance
 

Similar to San Antonio Security Community

Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7James Nesbitt
 
SMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaSMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaDale Butler
 
Fostering National Incident Response Capacity
Fostering National Incident Response CapacityFostering National Incident Response Capacity
Fostering National Incident Response CapacityAPNIC
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaMartin M
 
BCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_ProofBCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_ProofDominic Vogel
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornSecuring Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornEric Andresen
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 

Similar to San Antonio Security Community (20)

Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Brochure - Jan 14
Brochure - Jan 14Brochure - Jan 14
Brochure - Jan 14
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7Industrial Control Security USA Sacramento California Oct 6/7
Industrial Control Security USA Sacramento California Oct 6/7
 
SMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaSMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North America
 
The Cybersecurity Mess
The Cybersecurity MessThe Cybersecurity Mess
The Cybersecurity Mess
 
Fostering National Incident Response Capacity
Fostering National Incident Response CapacityFostering National Incident Response Capacity
Fostering National Incident Response Capacity
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
 
BCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_ProofBCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_Proof
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of CornSecuring Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 

More from Denim Group

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4JDenim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFixDenim Group
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20Denim Group
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramDenim Group
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportDenim Group
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Denim Group
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationDenim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsDenim Group
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Denim Group
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixDenim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceDenim Group
 

More from Denim Group (20)

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4J
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFix
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team Sport
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 

Recently uploaded

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

San Antonio Security Community

  • 1. The San Antonio Security Community – Past, Present and Future John B. Dickson, CISSP
  • 2. Denim Group Background • Privately-held, professional services organization that builds secure software and mitigates risk of existing software • Takes a software-centric perspective on application security – All consultants regularly build software systems – Approach the problem of software security from a developers viewpoint – Secure development methodology used on all software builds • Solving the secure remediation challenge – The next “hard” problem in application security • Thought Leaders in Secure Development Practices – Developed Sprajax – First Open Source AJAX vulnerability scanner – Regular speakers at RSA, OWASP, CSI – OWASP National Leaders 1
  • 3. My Background • Ex-Air Force Officer – ESC, AFIWC, AFCERT • Entrepreneur • Security Practitioner y – Commercial Experience at Trident Data Systems, KPMG, SecureLogix, Denim Group • Founder and Former Chairman of SATAI & Past Chair of the North Chamber 2
  • 4. Cluster Theory and San Antonio’s Security Community • Michael Porter’s Cluster Theory of Economic Development – A Cluster: geographic concentration of competing and cooperating companies, suppliers, service providers and associated institutions • Sophisticated clusters produce an ecosystem of activity • Examples: – Silicon Valley semiconductor industry – Hollywood film industry • Cluster theory central to competitiveness 3
  • 5. The Springs from which much flowed… Emerging Security Community in San Antonio 4
  • 6. Cluster Theory and San Antonio’s Security Community • Economic analysis prepared by Silicon Valley think tank ICF Consulting led by Jim Gollub • Delivered in July 2000 for: – The City of San Antonio, Economic Development Department – San Antonio Technology Accelerator Initiative • Captured an “emerging cluster” of IT activity centered around information security • “In order for San Antonio to economically benefit from the wealth of competency in information security expertise, economic inputs must be aligned to make it advantageous for local entrepreneurs to stay in the region” 5
  • 7. The Higher Education Component – A Crown Jewel • UTSA’s Center for Infrastructure Assurance and Security (CIAS) – Established 2001 – Certified by NSA as a Center of Academic Excellence in Information Assurance Education 2002 – Missions • Cyber Security Exercise Programs • Cyber Security Training • Cyber Defense Competitions – Governor’s Emerging Technology Fund • St. Mary’s St Mary s Center for Terrorism Law • OLLU InfoSec Program • ACCD and the Information Technology & Security Academy 6
  • 8. Early Case Studies of Successes • WheelGroup Corporation – NetRanger: First commercial network intrusion detection technology – Acquired by Cisco Systems for $124m in February 1998 – First successful security firm liquidity event – Founders turned around and founded SecureLogix Corporation in San Antonio • Secure Network Consulting, Inc Consulting Inc., – Led by ex-Air Force and Trident Data Systems security consultants – Acquired by Axent Technologies, who subsequently were acquired by Symantec 7
  • 9. Immediate Impact of Air Force Decision • Reaffirms what we know in San Antonio – Critical mass of talents, technologies, and higher ed framework – Elected officials and business leaders now acknowledge importance – Growing sense that this is an economic development opportunity for our community • 600+ new jobs – Air Force active duty and civilian positions – Indirect jobs via contracts • Immediate impact on DoD community perception • Increased interest in contractor community outside SA 8
  • 10. The Possibilities Going Forward • Expand relocation of national contractors to San Antonio – SRC, SAIC, CSC, BAH, et. al. • Increase expansion of cyber security missions at: I i f b it i i t – NSA Texas – 24th AF – Other units • Expand of R&D contract dollars via the 24th AF – Replace the IW Battlelab? • Increase R&D and commercialization via UTSA and others – New commercial companies based on intellectual property spun out • Communicate to the world that we have are a cyber security leader • Pursue additional ETF opportunities P dditi l t iti 9
  • 11. The ISSA Chapter – How it can Contribute • Current – Conducting educational meetings on security topics of interest – Networking via monthly meetings – Success stories… • Future (proposed) – Grow the next generation of security leadership in San Antonio – Help connect various security interests – cross pollination of security components in San Antonio – Increase profile of San Antonio via ISSA national – Attract higher profile speakers – Increase DoD presence! – Increase identification outside of the security community 10
  • 12. Contact Information • John B. Dickson, CISSP – john@denimgroup.com – Twitter @johnbdickson www.denimgroup.com http://denimgroup.typepad.com/ p g p yp p 11