Mapping Application Security Defects to OWASP and STRIDE
Saturday, Dec 8th

Damien Suggs
Conference Chair / Board Member | Metro Atlanta ISSA

Damien has been in the IT Security Field in various capacities for over twenty years working in environments such as telecommunications, the public sector, healthcare, and retail. Mr. Suggs has extensive experience in PCI compliance, NIST and HIPAA regulations, and EHNAC regulatory compliance. Mr. Suggs spearheaded the effort to ramp of HIPAA regulatory compliance for AT&T when the HITECH act was enacted as part of the American Recovery and Reinvestment Act of 2009 that brought AT&T, a backbone carrier of sensitive personally identifiable information, into scope for HIPAA requirements. Mr. Suggs also worked with AT&T and Aarons to obtain PCI accreditation annually by verifying security controls from both a network and web application perspective.

Damien is well versed in ethical hacking and penetration testing both from an application and network perspective. He is also well versed in Python scripting and the use of many open source and commercialized tools that work together to create a secure computing environment and assist in the implementation of a secure software development life cycle. Mr. Suggs has extensive experience in the use of LockPath Keylight GRC architecture.

Damien is a leader in the IT Security area and is the immediate past president of the Metro-Atlanta ISSA chapter. He served as president for five years; however, during his eight-year relationship with the Metro-Atlanta ISSA chapter he assisted the chapter grow in roles such as Director of Membership, Director of Training, Conference Chair and Chapter Secretary. Mr. Suggs holds twenty three IT security certifications including the CISSP, SANS GPEN, MSCE, CCNA, CCNA, and CCNE.

Course Outline:

This course will explain all of the components that go into an application security program and how to deliver effective metrics to upper-management to make educated decisions in steering the software development lifecycle to a higher security posture.

Overview of S-SDLC Components

Dynamic Application Security Testing (DAST)
Source code (or Static) Application Security Testing (SAST)
Threat Modeling
Risk Based Security Tests
Abuse Cases
Security Requirements
Security Operations

Overview of OWASP
Overview of STRIDE
Workshop
Reporting of Metrics

Location:
Georgia Hospital Association
1675 Terrell Mill Road
Marietta, GA 30067

Time:
8:00 am to 5:00 pm

Map

Earn CPE credits with attendance

Mapping Application Security Defects to OWASP and STRIDE Saturday, Dec 8th

Mapping Application Security Defects to OWASP and STRIDE
Saturday, Dec 8th

Metro Atlanta ISSA - Mapping Application Security Defects to OWASP and STRIDE