I’m excited to be giving my first ever talk at a security conference at the 2016 BSides Las Vegas Security Conference. The title of the talk is Managing Security with the OWASP Assimilation Project. It’s on August 2nd 2016 at 11 AM.
Here’s what I promised to talk about…
2016 BSides Las Vegas Assimilation Abstract
IT shops have trouble reliably doing the basics well.
30% of all break-ins come through systems not in inventory, 30% of servers are doing nothing useful, getting systems hardened is difficult, 70% of people who get into compliance with PCI-DSS aren’t in compliance a year later, remediation of known serious patches happens slowly if at all, 90% of all sites have suffered from outages of services which aren’t monitored, and keeping a suite of helpful tools correctly configured over time is time-consuming and expensive. Then of course, there’s the problem of demonstrating to upper management that you’re actually making progress against a formidable task. These are the problems the OWASP Assimilation project addresses.
It compares security configuration against best practices, keeps network-facing checksums up to date, provides attack surface visualization, alerts on events, and improves availability through monitoring systems and services. It does all these things with near-zero configuration.
This talk will give an overview of the project and a live demo.
About Alan Robertson
For those of you who don’t know me, I’ve spent over 30 years writing software. Most of that software was tools to help system administrators and developers. I’ve had an active interest in security for most of these years. I’m best known for creating the Linux-HA (now called Pacemaker) project – which improves availability for hundreds of thousands of servers all over the world. I led that project for about 10 years. More recently I’ve cast my eye on a broader set of IT problems – and the Assimilation project is the result. I’m a big believer in automation – and hate manual configuration and having humans do things that computers do much better.
About the OWASP Assimilation Project
The open source Assimilation Project has recently affiliated itself with OWASP to reflect its growing emphasis on security. So the OWASP Assimilation project is the same exact project and code as it’s always been – with a new affiliation and an extra word in the name ;-).
If you’re going to be in Las Vegas and are interested in security from an operational perspective, I highly recommend that you come learn more about the OWASP Assimilation project. The issues we address are important and broad, the technology is unique and really cool, and people have fun at my talks