Monday, February 17, 2020

Upcoming Security Events in Florida

There are several upcoming information security events in Florida that some may not be aware of.

First up is the South Florida ISACA Chapter's annual WOW event.  This year its the thirteenth year of the event.  It will be held on Friday February 21st, 2020, again at FIU's Koven Center at their Biscayne Bay campus.  This is a single-track conference, with various speakers and a panel discussion.  Its usually a good event, and plan on being there.

Next up is Security BSides Tampa.  The seventh year for this event, it will be held Saturday, February 29th, 2020 at the Embassy Suites on the USF Campus in Tampa.  There will be training sessions on Friday.  This event is a multi-track conference, with tracks including CISO, Cloud, and job fair.  They also have other activities like a CTF, Lockpicking, and more.  This is a pretty good event.  Sadly, I don't plan on attending this year.

Then there is Security BSides Orlando.  This will be Saturday, April 11, 2020 at Full Sail University's Live Venue.  I believe they are planning on doing training sessions on Friday.  The schedule hasn't yet been announced.  They also have other activities like CTF, Lockpicking, and more.  This is also a pretty good event and it seems BSides Tampa and Orlando have some of the largest BSides outside of Vegas.  I'm not sure at this point if I'll be going.

Finally, there is HackMiamiCon.  This time it will be Saturday, May 30th, 2020 at Broward Library.  There will be training events on Friday.  This is a change of venue from hotels on Miami Beach, so will remain to be seen how this works out.  They should have other activities like a CTF.  This is also a good event.  Due to a conflict with another event, I may not attend this year.

These are all great events and I encourage folks to check them out and attend.


Wednesday, February 12, 2020

2020 SecureMiami Conference

This past weekend I attended the 2020 SecureMiami Conference.  This was the 4th time this conference was held, again at FIU's Graham Center and co-located with BrewMiami held later that day at the FIU stadium.  I've been to all of these events, promoting the South Florida ISSA Chapter and had a good time.

This event was organized by DigitalEra and again had a great number of speakers and panels, and a good set of sponsors and exhibitors. 

I enjoyed Jorge Orchilles talk.  He is a past president of our chapter.  Hacker Hector Monsegur was the final speaker, and I wasn't previously aware of him.  He gave a great talk from the point of being a former 'black hat' who has become a 'white hat.

I look forward to next years event.  This one sold a quickly with a large waiting list.  Will they move to a new location because of this?


Monday, February 10, 2020

2020 Update

Here we are in 2020, and there are many updates to go over.  I plan on further postings on several of these items, and need to get back into blogging here with more regularity.

Here are some of the new things that are out.

CCPA.  Privacy as an issue just seems to get bigger and bigger.  Even as a security professional I find myself being pulled into it.  I wonder if I need to join IAPP, maybe even study and get one of their certs.  We had the GDPR that came out last year.  I really though more companies would address it, but just didn't see that.  Now California came out with their CCPA law.  CCPA is not quite "California's GDPR".  Its not a broad privacy law, but aimed at consumer data.  I've seen some companies be concerned about it, but not as many as I thought.  But am sure I'll be getting more into it.

NIST Privacy Framework- NIST has been working on this for the last year and released v1 recently.  I have a copy and am reading over it.  I plan on giving a talk at an upcoming local meeting, and may do a conference talk about this as well.  Am hoping I'll be able to attend NIST's upcoming cybersecurity conference, as I'm sure it will be a topic of discussion.  We'll have to see how well this works in helping companies prepare for privacy regulations.

FISMA Updates- NIST is still working on the updates for the documents used for FISMA.  The next one they are working on is SP 800-53 Release 5.  We don't have a release date, but hope it will be soon as they've been working on it for so long.  Once its out, we should see other documents that are relying on it, such as 53A and 53B, an new version of 800-171 and others.  All we have so far on this is THIS page.

DoD CMMC- The DoD released this month the first version of their Cybersecurity Maturity Model Certification (CMMC).  This is an interesting items, its a certification for vendors of the DoD.  From a quick read, it combines the CMM/CMMI 5-level maturity model with the categories of the NIST SP 800-171, which is about protecting controlled unclassified data (CUI).  SP800-171 based on the control set of SP 800-53.  I plan on posting on this and may do a presentation as well.

PCI-DSS v4- yes, there is a new update of PCI-DSS.  I first heard about this a couple of years ago.  This should be a revamp of PCI-DSS.  I just have no idea how it will look like until its released.  Which I expect sometime this year.  I don't have an inside track, I just know from reading here and there that its getting closer to release.  Yes, I hope to posting on this as well.

There are several events coming up in my general area and will be posting in these soon.