Sunday, March 18, 2012

SATURN 2012 Conference

I will be speaking at the upcoming SATURN 2012 Conference on the security and risk management topic. My session titled Establishing Enterprise Security and Risk Management Program in an Agile Software Development Organization, is about a security-management program that can be used to build security and risk management aspects into agile software product-development life cycle.

I will discuss various process touchpoints at all levels of agile projects (feature, sprint, release, project, and product levels). I will also talk about security-architecture assessments that can assist the software architects, to perform risk assessment of new software products and services.

We will also look at some security-architecture framework components like security architecture, design, governance, standards, identity and access management (IAM), system and information integrity, and security-information event management (SIEM).

If you are interested in attending the conference, you can register at the following link:

I have spoken at SATURN conference in the past and looking forward to attending it this year. It's one of my favorite conferences that I look forward to attending every year.

Monday, October 10, 2011

My Session at Upcoming ProjectWorld 2011 Conference

I will be speaking at ProjectWorld 2011 Conference next month in Orlando in November. The title of my session is:

Establishing Enterprise Security and Risk Management Program in an Agile Software Development Organization

Session Summary Details:

In this session, I will discuss the details of a security program we established to build security risk aspects into all phases of Agile Development process. As part of this new program, we defined an agile, iterative, and repeatable security architecture process that includes touch-points with development process at all levels of the agile projects (Feature, Sprint, Release, Project and Product levels).

Key Takeaways:

  • How the Enterprise Security and Risk Management Program works and its touch-points with other processes in the organization such as Product Lifecycle, Software Development Lifecycle (SDLC).
  • Several Process Flow Diagrams to help learn and use the product risk management program elements and process activity details.
  • Templates for assessing Product Risk Profile, Security Risk Assessment, Security Review and Sign-off.
  • Agile Security Architecture Assessment Excel spreadsheet template that the attendees can use in their own projects right away.
The conference event also includes other sessions like Agile Summit, Advanced PMO Summit, and back by popular demand is the YOUR SPACE 2011.

Twitter Hashtag: #PWWCBA

If you are interested attending this excellent project leadership conference event, you can do so at the registration page.

Contact me for the speaker discount to save on the registration.

JavaOne 2011 Conference Last Week

I attended and spoke at JavaOne 2011 Conference last week. This is my second time attending JavaOne as a speaker. My session was on "Securing Enterprise Java Applications on GlassFish and OpenMQ Servers".

This year's JavaOne theme was to "Move Java Forward". There were lot of interesting announcements made in Java ME, SE, and EE Platforms with JEE future road map with more focus on the support for Cloud Computing and Multi-tenant Applications.

I wrote about the strategy keynote given at the conference on Tuesday.

I am looking forward to next year's conference.

Tuesday, August 30, 2011

AppSec USA 2011 Conference - My talk on Messaging Security

I will be speaking at AppSec USA 2011 Conference next month in Minneapolis. The title of my session is:

Messaging Security using GlassFish 3.1 and Open Message Queue

GlassFish application server version 3.1 and Open Message Queue container offer excellent messaging security features. My talk will include discussion on how to enable and configure security for various components in the messaging architecture. This includes Authentication and Authorization for controlling access to the message broker components as well as how to implement message level security using encryption techniques.

I will also discuss the monitoring aspect and how we can use JMX API to monitor and manage various messaging resources such as the Broker, Services, Connections, Destinations, Producers, Consumers and Messages. I will demonstrate all the security features using a sample Java EE application running on GlassFish 3.1 and Open MQ.

They also have a Charity 5K/10K Run being organized as part of the conference events which I will most probably participate.

If you are interested in attending, here is the link to register for the conference:

Sunday, August 28, 2011

NoSQL Now 2011 Conference in San Jose Last Week

I attended the NoSQL Now 2011 Conference in San Jose last week. It was a great experience to meet others who are currently working on or exploring the option of using a NoSQL database in their organizations.

Conference site (San Jose Convention Center) was a great location. The conference session snapshot on computer monitors to show what all sessions are scheduled at a specific time was very helpful. I could look at all the session summaries at the same time and decide which one to attend. The conference mobile app (Guidebook) was also very helpful in checking the conference session schedule, details and slide deck from anywhere at the conference. Attendees getting access to the presentations before hand is a great idea.

I gave a talk on NoSQL Security topic and it was a good discussion and well received by the attendees. NoSQL databases like MongoDB, Cassandra, and Neo4J (which are the NoSQL databases I covered in my session) have decent application security support (authentication, authorization, encryption) but there is still room for improvement in this area. For example, record/entry level data encryption, role based access control (RBAC) can be better than what's there right now.

Overall, NoSQL Now was a great learning event and an excellent forum to meet and network others who are working in the same space. Thanks to Tony, Nerrisa and his team from Wilshire Conferences group and Dan McCreary for organizing the conference. Can't wait for the next year's conference.

Tuesday, August 16, 2011

NoSQL Now 2011 Conference - My Session: Security Considerations in NoSQL Data Access

I will be speaking at NoSQL Now 2011 Conference next week. My title of my session is:

Security Considerations in NoSQL Data Access

The NoSQL DB's have been getting lot of attention lately and there hasn't been much discussion on the security of the applications accessing these non relational databases.

The main focus of my talk will be to give an overview of the current state of security support by the leading NoSQL DB vendors like MongoDB, Neo4J, Cassandra, and CouchDB. I will also discuss the emerging trends, tools and techniques, and best practices in the NoSQL Data Security space.

It's great to see an entire conference focusing on one of the emerging trends in software application development area such as the NoSQL Databases.

If you are interested in attending the conference, you can register for it at the following link:

Monday, February 28, 2011

Training Class on Enterprise Java Application Development using Spring and Hibernate

I am organizing a free training class in the Austin area on "Enterprise Java Development Using Spring and Hibernate Frameworks". If you live in the area and are interested in attending this class, here is the registration link:

Training Class Details:

Training: Enterprise Java Application Development using Spring and Hibernate

Session Format: Tutorial
Date: March 12, 2011 (Saturday)
Time: 9 AM to 1 PM
Duration: 4 hours
Target Audience: Java/Java EE Developers and Solution Architects
Session Type: Introductory (Note: If you are already familiar with Spring and Hibernate frameworks, feel free to skip this class and sign-up for the next session where I will cover the advanced topics in Spring.)

Location: IASA Global Headquarters

11044 Research Blvd.
Suite B-400
Austin, TX 78759

Since its first release back in 2004, Spring Framework has become a popular choice for developing enterprise applications. At the core, Spring supports Dependency Injection (DI), Aspect-oriented Programming (AOP), and enterprise service abstraction. After a brief overview of design concepts like DI and AOP, this tutorial focuses on the last part - enterprise service abstraction that helps the Java developers to integrate their applications with many widely used technologies.

In this tutorial, we will build a web application based on the widely used application architecture layers (Database, Data Access, Domain, Service, Controller, and Presentation), add persistence (using JPA and Hibernate 3) in the DA layer and transaction management (using Spring Transaction Management) in the Service layer. We will add the application security (authentication & role based authorization) to the application using Spring Security.

Tutorial Outline (with estimated coverage time in minutes):
- Introduction (15)
- Example Web Application Setup Details (15)
- Spring Lightweight Container Architecture, including Inversion of Control (IoC) (15)
- Pragmatic AOP (15)
- Agile, domain-driven design techniques with Spring (15)
- Unit testing in isolation (15)
- System integration testing support (15)
- Persistence (using JDBC and JPA/Hibernate options) (30)
- Declarative transaction management (30)
- Validation (15)
- Spring Security (Authentication & Authorization) (15)

Key Takeaways:
You will leave with the practical knowledge of using Spring and Hibernate in developing enterprise Java web applications.

- Working knowledge of Java/JavaEE technologies
- Familiarity with development tools like Eclipse IDE, Maven, and JUnit.
- Bring your laptops to this tutorial as it will be a hands-on workshop and come ready to code.