SANS: The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. See our Infosec Conferences, Infosec Blogs/Podcasts, and Training pages for specific offerings related to SANS.
OWASP: The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Their mission is to make application security “visible,” so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of their materials are available under an open source license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. See our Infosec Conferences, NoVA Meetups, Training , and NoVA Email Lists/Networking pages for specific offerings related to OWASP.
ISSA: The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members. See our NoVA Meetups page for specific offerings related to the ISSA.
IEEE: There are several security related groups including Security & Privacy.
2600: Emmanuel Goldstein found this organization, officially called 2600 Enterprises, Inc., as a non-profit company that covers many of its activities, including The Hacker Quarterly, H.O.P.E., and many local meetings. The Hacker Quarterly is a quarterly publication that specializes in publishing technical information on a variety of subjects including telephone switching systems, Internet protocols and services, as well as general news concerning the computer “underground” and libertarian issues. The magazine is published and edited by Emmanual. 2600 has also established the H.O.P.E. (Hackers On Planet Earth) conferences as well as monthly meetings in various countries around the world. See our Infosec Conferences and NoVA Meetups pages for specific offerings related to 2600.
CitySec: CitySec meetups are gatherings of information security professionals. Are you an information security professional? You are if you (ever) write firewall rules, read log files, apply patches, follow Bugtraq, help select products, rack and stack security appliances, find vulnerabilities, write secure code, test other people’s code, write policies, manage people who do any of these things, assist people who do any of these things, or just want to one day do any of these things. The rule of thumb is, no more structure than is absolutely necessary to get people into a room (where “room” usually means “bar”): if structure (like “name tags” or “surveys”) would even possibly prevent one person from attending the meeting, don’t use it. See our NoVA Meetups page for specific offerings related to CitySec.
The Shmoo Group: The Shmoo Group is a non-profit think-tank comprised of security professionals from around the world who donate their free time and energy to information security research and development. In addition to all of their internal projects, (ShmooCon, AirSnort, Rainbow Tables to name a few), their work extends into some of the most widely used infosec software (and books!) around. From Lord of the Rings, to Mixmaster, to Apache, to PGP, to Snort, to OpenSSL, to StackGuard/FormatGuard … the list goes on and on. Oh, and sometimes you can catch them teaching, preaching, and expounding various topics we find interesting at conferences around the planet. See our Infosec Conferences, NoVA Meetups, Training , and NoVA Email Lists/Networking pages for specific offerings related to The Shmoo Group.
HTCIA: The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge about methods, processes, and techniques relating to investigations and security in advanced technologies among its membership.
International Information Systems Security Certification Consortium, Inc., (ISC)²: The global, not-for-profit leader in educating and certifying information security professionals throughout their careers, the (ISC)² provides vendor-neutral education products, services, and Gold Standard credentials to professionals in more than 135 countries.
The Ethical Hacker Network: Free Online Magazine for the Security Professional (may not fit here; move to blogs and reference TDCC?)
Offensive Security: This organization is an online training spinoff of the BackTrack live CD. Their courses are tailored for System Administrators and Security Professionals who want to learn how to get the most out of BackTrack – directly from it’s creators! See our Training page for specific offerings related to Offensive Security.
Heorot: This organization provides commercial support for the Open Source Project â€œDe-ICE.net Penetration Test LiveCDs,â€ which has been covered in the press, both in article and book form. Designed for engineers and managers with a wide-range of experiences within Information Security Penetration Testing, Heorot.net provides training opportunities in the form of online and face-to-face classes. Whether you are new to Penetration Testing, or a seasoned engineer with years of experience, Heorot.net provides training to improve your skills. See our Training page for specific offerings related to Heorot.
Symantec: According to the Symantec website, “Symantec helps consumers and organizations secure and manage their information-driven world” through offering software and services that help protect people against risks—specifically in situations where information is being used or stored.
RSA: RSA is the premier provider of security solutions for business acceleration. As the chosen security partner of more than 90 percent of the Fortune 500, RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. In September 2006, after over 20 years providing leadership to the security industry, RSA Security joined forces with EMC Corporation and Network Intelligence to form the Security Division of EMC. Driving this merger is the recognition that customer needs have changed, and traditional approaches to information security are no longer sufficient. Increasingly, what should be your most important company assetâ€”informationâ€”is your greatest liability. In response, RSA is ushering in a new information-centric approach to security that will empower leading companies worldwide to address these challenges and move ahead with the confidence to compete and win in todayâ€™s marketplace. Fueling our mission is the passionate belief that security should be about lifting business limitations, not imposing them. See our Infosec Conferences and Training pages for specific offerings related to RSA.
Sun Tzu Data: Founded by Marcus J. Carey, Sun Tzu Data is a Mid-Atlantic based Information Technology firm which specializes in Network Engineering, Network Defense Strategies, and Incident Response. Sun Tzu Data is the sponsor for DojoSec meetups.
TheTrainingCo: An organization that specializes in the fields of Techno-Security and Cyber-Crime, TheTrainingCo has been around since 1999 and has worked with thousands of people. They are regarded highly for their conferences and speaking engagements, the most notable of which is the Techno Forensics & Digital Investigations Conference.
The Digital Construction Company (TDCC): Runs ChicagoCon, The Ethical Hacker Network, and The Certified Security Professional (an online magazine and resource). See our Infosec Conferences and Training pages for specific offerings related to TDCC.
F-Secure: F-Secure Corporation protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. We want to be the most reliable provider of security services in the market. One way to demonstrate this is the speed of our response. F-Secureâ€™s award-winning solutions are available as a service subscription through more than 160 Internet service providers and mobile operator partners around the world, making F-Secure the global leader in this market. The solutions are also available as licensed products through thousands of resellers globally. F-Secure aspires to be the most reliable security provider, helping make computer and smartphone users’ networked lives safe and easy. This is substantiated by the companyâ€™s independently proven ability to respond faster to new threats than its main competitors. Founded in 1988 and headquartered in Finland, F-Secure has been listed on the OMX Nordic Exchange Helsinki since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry. The latest news on real-time virus threat scenarios is available at the F-Secure Data Security Lab weblog. See our Infosec Blogs/Podcasts page for specific offerings related to F-Secure.
SecurityFocus: SecurityFocus is the most comprehensive and trusted source of security information on the Internet. SecurityFocus is a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs. See our Infosec Blogs/Podcasts and NoVA Email Lists/Networking pages for specific offerings related to SecurityFocus.
Foundstone: Foundstone was formed in 2001 by the industry leading security experts who first built the network security consulting practices at two Big 6 accounting firms. As an independent firm Foundstone built its reputation as enterprise network security experts through publication of numerous books and articles that enhanced the knowledge base of the network security community. Foundstone’s practice includes strategic functions such as overall network security policy development, secure software lifecycle development, patch management program development and other process related program development projects. From the tactical perspective Foundstone will perform in-depth technical testing of networks, applications, and various security related infrastructure components such as firewalls, VPNs, and wireless networks. Due to its significant growth and excellent reputation in the enterprise network security community Foundstone was acquired by McAfee, Inc. in September, 2004. Foundstone’s Enterprise Vulnerability Management product has been integrated into McAfee’s general suite of security products. Foundstone Professional Services continues to deliver the high-quality security services operating as a division of McAfee. See our Training page for specific offerings related to Foundstone.
Learn Security Online: LSO is primarily an online training organization helps develop the foundation necessary to move into the security field through a monthly membership program. They offer a fairly comprehensive training regemin that includes tutorials, games and challenges, courses, and labs and competitions assembled in a very thought out learning model. You can start off with written articles and tutorials and then progress to computer simulators and interactive tutorials. Next you can continue on with online games and finally move to challenge servers. To support your progression LSO offers self-paced or instructor led courses as well as research/practice labs and competitions. See our Training page for specific offerings related to LSO.
ISACA: The Information Systems Audit and Control Association (ISACA) got its start in 1967, when a small group of individuals with similar jobs—auditing controls in the computer systems that were becoming increasingly critical to the operations of their organizations—sat down to discuss the need for a centralized source of information and guidance in the field. In 1969, the group formalized, incorporating as the EDP Auditors Association. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field. Today, ISACA’s membership—more than 75,000 strong worldwide—is characterized by its diversity. Members live and work in more than 160 countries and cover a variety of professional IT-related positions—to name just a few, IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. Some are new to the field, others are at middle management levels and still others are in the most senior ranks. They work in nearly all industry categories, including financial and banking, public accounting, government and the public sector, utilities and manufacturing. This diversity enables members to learn from each other, and exchange widely divergent viewpoints on a variety of professional topics. It has long been considered one of ISACA’s strengths. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves. Another of ISACA’s strengths is its chapter network. ISACA has more than 175 chapters established in over 70 countries worldwide, and those chapters provide members education, resource sharing, advocacy, professional networking and a host of other benefits on a local level. Find out if there’s a chapter near you. Since its inception, ISACA has become a pace-setting global organization for information governance, control, security and audit professionals. Its IS auditing and IS control standards are followed by practitioners worldwide. Its research pinpoints professional issues challenging its constituents. Its Certified Information Systems Auditor (CISA) certification is recognized globally and has been earned by more than 60,000 professionals since inception. The Certified Information Security Manager (CISM) certification uniquely targets the information security management audience and has been earned by more than 9,000 professionals. The Certified in the Governance of Enterprise IT (CGEIT) designation promotes the advancement of professionals who wish to be recognized for their IT governance-related experience and knowledge and has been earned by more than 200 professionals. It publishes a leading technical journal in the information control field, the Information Systems Control Journal. It hosts a series of international conferences focusing on both technical and managerial topics pertinent to the IS assurance, control, security and IT governance professions. Together, ISACA and its affiliated IT Governance Institute lead the information technology control community and serve its practitioners by providing the elements needed by IT professionals in an ever-changing worldwide environment.
InfraGard: InfraGard is a Federal Bureau of Investigation (FBI) program that began in the Cleveland Field Office in 1996. It was a local effort to gain support from the information technology industry and academia for the FBI’s investigative efforts in the cyber arena. The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former National Infrastructure Protection Center (NIPC) and to the Cyber Division in 2003. InfraGard and the FBI have developed a relationship of trust and credibility in the exchange of information concerning various terrorism, intelligence, criminal, and security matters. InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories. Each InfraGard Chapter has an FBI Special Agent Coordinator assigned to it, and the FBI Coordinator works closely with Supervisory Special Agent Program Managers in the Cyber Division at FBI Headquarters in Washington, D.C. While under the direction of NIPC, the focus of InfraGard was cyber infrastructure protection. After September 11, 2001 NIPC expanded its efforts to include physical as well as cyber threats to critical infrastructures. InfraGard’s mission expanded accordingly. In March 2003, NIPC was transferred to the Department of Homeland Security (DHS), which now has responsibility for Critical Infrastructure Protection (CIP) matters. The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.
CSO Breakfast Club: When club founder Bill Sieglein was a CSO a few years ago he found it very powerful to speak with his peers to learn what they were doing, how well things were going for them and simply share ideas. While there were a number of associations he belonged to, none seemed to provide the opportunity for his security executive peers and he to talk about concepts in an environment where sharing was safe. From that desire, to have peer-to-peer contact with other security executives in a safe environment, grew the CSO Breakfast Club. The goal of the club is to SHARE, EDUCATE and ELEVATE. About every six weeks or so we meet at a location in one of the cities where we have a club. We will post events on this site under the News/Events page and send invites to those of you on our contact list. Feel free to spread the word to your colleagues. We will have a general topic for discussion and, when you show up we eat some breakfast, drink some coffee and discuss our topic. We will have expert speakers, panels and occaisionally invite vendors to share their solutions with us when you agree you want to hear from them. You pick the topics! We have found that in a casual atmosphere, such as this, folks are willing to be open and honest and share. In such a setting we can help each other out. Let’s say, for example, that you are about to embark on an identity and access management project and you have a few concerns. Let’s also assume that one of the other attendees happens to have just completed an identity management project. That’s a perfect opportunity to discuss lessons learned and benefit from one-another’s experiences. You know the hackers are working together, why shouldn’t we?
AFCEA International: Armed Forces Communications and Electronics Association (AFCEA) International is a non-profit membership association serving the military, government, industry, and academia as an ethical forum for advancing professional knowledge and relationships in the fields of communications, IT, intelligence, and global security. AFCEA’s members, sponsors and associates are among the world’s leading designers, planners, manufacturers, testers and users of systems, services and components for communications, intelligence, imaging and information systems.
ODNI: The Office of the Director of National Inteigence (ODNI), led by the Director of National Intelligence (DNI), serves as the head of the Intelligence Community (IC), overseeing and directing the implementation of the National Intelligence Program and acting as the principal advisor to the President, the National Security Council, and the Homeland Security Council for intelligence matters related to the national security. Working together with the Principal Deputy DNI (PDDNI) and with the assistance of Mission Managers and four Deputy Directors, the Office of the DNI’s goal is to effectively integrate foreign, military and domestic intelligence in defense of the homeland and of United States interests abroad.
NIST: From automated teller machines and atomic clocks to mammograms and semiconductors, innumerable products and services rely in some way on technology, measurement, and standards provided by the National Institute of Standards and Technology (NIST). Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. From an infosec perspective NIST develops standards and guidelines for all unclassified federal information systems. These are used widely on a voluntary basis by those in the private sector. The standards and guidelines encompass a wide range of technical, operational, and management controls and address such topics as contingency planning, risk management, cryptography, sensitivity categorization, minimum controls, incident handling, and telecommuting security issues. Key infosec areas include their Computer Security Resource Center, Cryptographic Model Validation Program, Virus Information, National Information Assurance Partnership, and Security Standards and Guidelines.
Federal Business Council, Inc.: FBC specializes in producing trade show events and conferences, with an emphasis on information technology, at Federal Government locations throughout the United States. Each month thousands of federal employees attend these events to evaluate the latest advances in information technology and update their sources for future requirements.
TheTrainingCo: This group is a training company in the areas of security and cyber-crime prevention.
Association for Computing Machinery (ACM): ACM, the world’s largest educational and scientific computing society, delivers resources that advance computing as a science and a profession. ACM provides the computing field’s premier Digital Library and serves its members and the computing profession with leading-edge publications, conferences, and career resources. The include many Special Interest Groups; the following are related to infosec.
- Special Interest Group on Security, Audit and Control (SIGSAC): The ACM Special Interest Group on Security, Audit and Control’s mission is to develop the information security profession by sponsoring high-quality research conferences and workshops. SIGSAC conferences address all aspects of information and system security, encompassing security technologies, secure systems, security applications, and security policies. Security technologies include access control, assurance, authentication, cryptography, intrusion detection, penetration techniques, risk analysis, and secure protocols. Security systems include security in operating systems, database systems, networks and distributed systems, and middleware. Representative security applications areas are information systems, workflow systems, electronic commerce, electronic cash, copyright and intellectual property protection, telecommunications systems, and healthcare. Security polices encompass confidentiality, integrity, availability, privacy, and survivability policies, including tradeoff and conflicts amongst these.
Computer Security Institute (CSI): CSI is the original and leading membership organization for information security professionals, offering conferences, regional events, webcasts, member publications, awareness tools and annual security survey. At the forefront of security trends and research, CSI provides a forum for security professionals to learn, share and debate the latest thinking on security strategies and technologies. CSI’s mission is to position its members and attendees for success and is leading the discussion on provoking change towards more effective security. CSI holds two conferences annually: CSI SX in the Spring, in conjunction with Interop, and the CSI Annual Conference and Exhibition in the Fall. CSI publishes the widely cited annual CSI Computer Crime & Security Survey, and holds a one-day event featuring the Survey in various cities each year.
1105 Government Information Group: The publisher of Federal Computer Week, Government Computer News, and Washington Technology, and the organizers of the Security IT Conference and Exhibition.
U.S. Department of Justice: The mission of the U.S. Department of Justice (DoJ) is to enforce the law and defend the interests of the United States according to the law; to ensure public safety against threats foreign and domestic; to provide federal leadership in preventing and controlling crime; to seek just punishment for those guilty of unlawful behavior; and to ensure fair and impartial administration of justice for all Americans. And they sponsor a few computer security conferences as well.
U.S. Department of Defense: The Department of Defense is America’s oldest and largest government agency. With military tracing its roots back to pre-Revolutionary times, the Department of Defense has grown and evolved with the nation. Today, the Department, headed by Secretary of Defense Robert Gates, is not only in charge of the military, but it also employs a civilian force of thousands. With over 1.3 million men and women on active duty, and 669,281 civilian personnel, the DoD is the nation’s largest employer.