STLCMG Quarterly Meeting Agenda Time Track 1 Presenter(s) Track 2 Presenter(s) 8:30 9:00 Registration, Full Breakfast, and Networking 9:00 9:15 Welcome and Introductions 9:15 10:15 10:30 11:30 Identity and Access Management Security on the Mainframe Darius Terrell, IBM Julie Bergh, IBM Java Application Troubleshooting Peter Johnson, Unisys SQL Performance and Visualization Erik Ostermueller FIS A Word from our Sponsor Darius Terrell, Stan Clement - IBM 12:15 – 1:15 Lunch 1:15 – 2:15 Michael Smith, IBM 3:45 April 21, 2015 Location: 11:45 12:15 2:30 3:30 When: Application Security UniGroup 1 Premier Drive Fenton, MO 63026 Cost: $25 if paid by Friday, 4/17/15 $35 if paid by Monday, 4/20/15 $50 at the door 10 Best Practices for Security Mark de Lira, IBM Fee waived if you are out of work or a fulltime college student with ID. St Louis CMG must receive RSVP 10 days prior to meeting event Closing Remarks PARS at Ruby Tuesday's 10797 Watson Road, Sunset Hills Payment: Free Food - Free Drinks! All payments can be made through the website at: http://regions.cmg.org/regions/stl cmg/index.html MEETING SPONSORED BY: IBM For alternative payment arrangements contact: [email protected] Performance Analysis Relaxation Sessions (PARS) STLCMG will host PARS immediately after the meeting at Ruby Tuesday’s, only 2.75 miles away. Take a breather, network with other attendees, or just relax after a long day. Enjoy complimentary hors d'oeuvres and drinks. You will receive two complimentary drink tickets good for the beverage of your choice. Ruby Tuesday’s - Turn left out of Unigroup Take I-44 East. Stay in right lane and take Watson Road exit. Right at the second stoplight into Plaza. Free Food Free Drinks Email: [email protected] Future Meeting Dates: July 14, 2015 October 13, 2015 http://regions.cmg.org/regions/stlcmg/index.html ABSTRACTS AND BIO’S Darius Terrell, IBM Abstract Identity and Access Management Achieving today’s business imperatives demands technology that leverages the latest innovations to stay ahead of the competition. Lineof-business leaders are under increasing pressure to perform, and are subscribing to software solutions themselves in order to help reach their goals. Information Security staff are under increasing stress to ensure that their identity and access management solutions are able to securely provide auditable access to these solutions without degrading the end user experience. They also have to be concerned about internal and external attack vectors - particularly as the world moves toward cloud and mobile devices. Has your identity and access management solution evolved to handle today’s challenges? Bio Darius has worked as a Security Architect for 8 of his near 18 year career at IBM. Prior to his current role within Technical Sales he served as a Senior Security Architect within IBM Security Lab Services and brings extensive experience in the design & architecture of customer security solutions focusing on identity and access management. He has both established and utilized the best practices for deploying the IBM Security portfolio along with the lessons learned from customer deployments. Darius has also served within IBM as the World Wide Services Security Practice Manager responsible for building security software consulting competency for the IBM Security portfolio across the Americas, EMEA, and AP geographies. Peter Johnson, Unisys Abstract Java Application Troubleshooting Over the past 15 years the author has worked with numerous Java applications and has used a number of techniques to pinpoint issues with those applications. This paper describes a number of those techniques that the author has found to be most helpful. The paper includes such topics as solving memory issues, tuning garbage collection, and pinpointing problem areas. Bio Peter Johnson has 35 years of IT industry experience, mostly in application development. For many years he was the chief architect of a team that analyzed performance of Java applications on large-scale Intel-based machines and evaluated various open source software for enterprise readiness. He currently is a lead architect for Unisy Choreographer, a cloud-based solution. Peter is a frequent speaker at the annual CMG conference, speaking mainly on Java performance. He is also a co-author of JBoss in Action. Julie Bergh, MA CISSP ISSMP CBCP, IBM’s Lead North American z Systems Security Champion Abstract Security on the Mainframe Over the past 15 years the author has worked with numerous Java applications and has used a number of techniques to pinpoint issues with those applications. This paper describes a number of those techniques that the author has found to be most helpful. The paper includes such topics as solving memory issues, tuning garbage collection, and pinpointing problem areas. Bio Julie is IBM’s Lead North America z Systems Security Champion, has worked for IBM for the past 15 years and has many more years prior to that in the private sector. Julie is a certified IT specialist and has a Master’s Degree in Information Systems management from Webster University in St. Louis, MO. Prior to joining IBM, Julie worked at a variety of large companies (e. g., GMAC, MasterCard) where her roles ranged from programming and system programming to IT Internal Auditing and IT Management. In recent years, Julie’s efforts have been related to z System Security Migrations and Security Product Technical Sales, and as a result has broad experience engaging all levels of the customer organization from the C-Suite, to Security Management and to front line Security Analysts. Julie has experience in both customer and provider aspects of IBM’s z Systems Security, and possesses deep skills in z/OS, RACF, ACF2 and Top Secret administration. http://regions.cmg.org/regions/stlcmg/index.html Paul Ionescu, IBM Abstract Application Security Why the Application Layer is so exposed to Security Threats Famous Application Attacks of 2014 - Heartbleed and Shellshock Challenges associated with today's development environments: Cloud, DevOps, Continuous Integration Running an Application Security Program, managing your portfolio, assessing risk, what are the areas of Secure Engineering that you need to tackle Bio Paul Ionescu leads the Security Engineering and PSIRT program for the IBM Security business unit. He also manages a team of highly skilled security experts tasked with pen-testing IBM products: the Ethical Hacking Team. Since he joined IBM in 2007 he worked in several areas of the Application Security business including support, technical sales, technical enablement and development. Before taking on his current role Paul was a senior developer for the AppScan line of products and contributed to key projects and research. Paul also holds an IBM Master Inventor title for his contribution to the IBM patent base. Erik Ostermueller Abstract SQL Performance and Visualization SQL performance defects often evade detection until long after functional testing. Text based displays of SQL do a poor job of indicating which SQL anti-pattern is at fault, especially the chatty “SELECT N+1” anti-pattern. wuqiSpank is an open source graphical tracing tool that helps quickly identify repetitive SQL performance anti-patterns in any platform that uses SQL. To refactor the code, just apply a known solution to a known anti-pattern. Bio Erik Ostermueller was born and raised in St. Louis, MO, played grade school soccer at Fenton Park and went to high school at SLUH. Erik is the founder of wuqiSpank.org, a new way to visualize SQL Performance. He is the technical director at the Performance Center of Excellence at FIS, the largest Financial Services software provider in the world. He has done high-performance software tuning and other consulting for clients in Europe, Asia and North and South America. In 2012, CMG.org funded Erik's 8-city international speaking tour to present his paper, "HELP DEVELOPERS (FINALLY) FIND THEIR OWN PERFORMANCE DEFECTS". This paper won two awards at the 2011 International CMG performance conference: The J. William Mullen award and "Best Paper" award. Mark De Lira, IBM Abstract 10 Essential Practices for Security Every day, new streams of information flow into corporations. Employees, customers and contractors are all connected and now have access across a multitude of technologies. CIOs are challenged as never before with managing security and mitigating risk in this fastchanging, hyper-connected world. A different way of thinking is needed. Designed as a business approach to security, IBM has developed the 10 Essential Practices for IT Security. Covering all domains, they serve as a foundation for a mature, enterprise information security program. This presentation will provide a view into the 10 EPs as they are leveraged today at IBM for its own security program internally. Bio Mark De Lira currently serves as IBM's Security Services Leader in the Midwest. Drawing on a diverse background serving in various sales, technical and management capacities, Mark brings an experienced perspective with over 35 years in IT, and the last 20 in security. With a past in both consulting services as well as sales, Mark has in-depth knowledge of the security needs and business drivers organizations face today, and brings that unique insight when articulating solutions for his clients. http://regions.cmg.org/regions/stlcmg/index.html
© Copyright 2024