<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 2 6 3 5 4 5 2 3 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-size:12.0pt'>I attached the ebook here. It’s not an owasp type thing but more on the how to change the culture to embrace appsec into the org and dev teams.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='color:black'><o:p> </o:p></span></p><p class=MsoNormal><o:p> </o:p></p><table class=MsoNormalTable border=0 cellpadding=0 style='background:white'><tr><td style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'>Tom Casey,</span></b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'> </span><span style='font-size:12.0pt;font-family:Helvetica;color:dimgray'>Account Executive</span><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'><br><b>O</b> 804-767-2412<o:p></o:p></span></p><p class=MsoNormal><b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'>M</span></b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'> 703-989-0833<br><b>e</b> <a href="mailto:tom.casey@guidepointsecurity.com" target="_blank"><span style='color:#1155CC'>tom.casey@guidepointsecurity.com</span></a><o:p></o:p></span></p></td></tr></table><p class=MsoNormal><span style='display:none'><o:p> </o:p></span></p><table class=MsoNormalTable border=0 cellpadding=0 width="100%" style='width:100.0%;background:white'><tr><td style='padding:.75pt .75pt .75pt .75pt'></td></tr><tr><td style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:gray;background:white'>Confidentiality Notice: This communication constitutes an electronic communication within the meaning of the Electronic Communications Privacy Act, 18 U.S.C. Section 2510, and its disclosure is strictly limited to the recipient intended by the sender of this message. This transmission, and any attachments, may contain confidential information and work product(s). If you are not the intended recipient, any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. Please contact us immediately by return e-mail or call <a href="tel:(877)%2520889-0132" target="_blank"><span style='color:#1155CC'>(877) 889-0132</span></a> </span><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:#2E75B5;background:white'>option 5</span><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:gray;background:white'>, and destroy the original transmission and its attachments without reading or saving in any manner.</span><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'><o:p></o:p></span></p></td></tr></table></div><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'>"Weeks, Thomas" <t.weeks@vt.edu><br><b>Date: </b>Thursday, April 22, 2021 at 4:16 PM<br><b>To: </b>Tom Casey <tom.casey@guidepointsecurity.com>, "security-discuss@lists.rbtc.tech" <security-discuss@lists.rbtc.tech><br><b>Subject: </b>Re: [Security-Discuss] Ideas for RTC Cyber Security Forum Q2 meeting?<o:p></o:p></span></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal style='background:white'><span style='font-size:12.0pt;color:black'>This being a kind of OWASP best practices presentation?<o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='font-size:12.0pt;color:black'>Interesting.. Have a link to it?<o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'>Do any of you CISSOs or Cyber/Network Security folks have this area of security responsibility as a part of your oversight? Are you responsible for bringing in secure code review/test auditors?<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'>Group thoughts?<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div id=Signature><div><div name=divtagdefaultwrapper><p class=MsoNormal><span style='font-family:Consolas'>--</span><o:p></o:p></p></div><div name=divtagdefaultwrapper><p class=MsoNormal><b><span style='font-family:Consolas'>T.Weeks</span></b><o:p></o:p></p></div></div></div></div><div><div><p class=MsoNormal><span style='font-size:12.0pt;color:black'><o:p> </o:p></span></p></div><div class=MsoNormal align=center style='text-align:center'><hr size=0 width="100%" align=center></div><div id=divRplyFwdMsg><p class=MsoNormal><b><span style='color:black'>From:</span></b><span style='color:black'> Tom Casey <tom.casey@guidepointsecurity.com><br><b>Sent:</b> Thursday, April 22, 2021 2:04 PM<br><b>To:</b> Weeks, Thomas <t.weeks@vt.edu>; security-discuss@lists.rbtc.tech <security-discuss@lists.rbtc.tech><br><b>Subject:</b> Re: [Security-Discuss] Ideas for RTC Cyber Security Forum Q2 meeting?</span> <o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=xmsonormal><span style='font-size:12.0pt'>T.Weeks,</span><o:p></o:p></p><p class=xmsonormal><span style='font-size:12.0pt'> </span><o:p></o:p></p><p class=xmsonormal><span style='font-size:12.0pt'>Recently my appsec team published an ebook titled “Secure Coding Culture Playbook”. </span><o:p></o:p></p><p class=xmsonormal><span style='font-size:12.0pt'> </span><o:p></o:p></p><p class=xmsonormal><span style='font-size:12.0pt'>I don’t know how many member companies have an appsec program but I could get one of the leaders of that team and author of that ebook to come on and talk about what it takes to create that culture?</span><o:p></o:p></p><p class=xmsonormal><span style='font-size:12.0pt'> </span><o:p></o:p></p><p class=xmsonormal><span style='font-size:12.0pt'> </span><o:p></o:p></p><div><p class=xmsonormal><span style='color:black'> </span><o:p></o:p></p><p class=xmsonormal> <o:p></o:p></p><table class=MsoNormalTable border=0 cellpadding=0 style='background:white'><tr><td style='padding:.75pt .75pt .75pt .75pt'><p class=xmsonormal><b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'>Tom Casey,</span></b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'> </span><span style='font-size:12.0pt;font-family:Helvetica;color:dimgray'>Account Executive</span><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'><br><b>O</b> 804-767-2412</span><o:p></o:p></p><p class=xmsonormal><b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'>M</span></b><span style='font-size:12.0pt;font-family:Helvetica;color:#222222'> 703-989-0833<br><b>e</b> <a href="mailto:tom.casey@guidepointsecurity.com" target="_blank"><span style='color:#1155CC'>tom.casey@guidepointsecurity.com</span></a></span><o:p></o:p></p></td></tr></table><p class=xmsonormal><span style='color:black'> </span><o:p></o:p></p><table class=MsoNormalTable border=0 cellpadding=0 width="100%" style='width:100.0%;background:white'><tr><td style='padding:.75pt .75pt .75pt .75pt'></td></tr><tr><td style='padding:.75pt .75pt .75pt .75pt'><p class=xmsonormal><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:gray;background:white'>Confidentiality Notice: This communication constitutes an electronic communication within the meaning of the Electronic Communications Privacy Act, 18 U.S.C. Section 2510, and its disclosure is strictly limited to the recipient intended by the sender of this message. This transmission, and any attachments, may contain confidential information and work product(s). If you are not the intended recipient, any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. Please contact us immediately by return e-mail or call <a href="tel:(877)%2520889-0132" target="_blank"><span style='color:#1155CC'>(877) 889-0132</span></a> </span><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:#2E75B5;background:white'>option 5</span><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:gray;background:white'>, and destroy the original transmission and its attachments without reading or saving in any manner.</span><o:p></o:p></p></td></tr></table></div><p class=xmsonormal><span style='font-size:12.0pt;color:black'> </span><o:p></o:p></p><p class=xmsonormal><span style='font-size:12.0pt'> </span><o:p></o:p></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=xmsonormal><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'>Security-Discuss <security-discuss-bounces@lists.rbtc.tech> on behalf of "Weeks, Thomas" <t.weeks@vt.edu><br><b>Date: </b>Thursday, April 22, 2021 at 12:02 AM<br><b>To: </b>"security-discuss@lists.rbtc.tech" <security-discuss@lists.rbtc.tech><br><b>Subject: </b>[Security-Discuss] Ideas for RTC Cyber Security Forum Q2 meeting?</span><o:p></o:p></p></div><div><p class=xmsonormal> <o:p></o:p></p></div><div><p class=xmsonormal style='background:white'><span style='font-size:12.0pt;color:black'>Just nailing down a date (in June) for the RTC Cyber Security Forum Q2 meeting.. and wanted to open up this list thread to discuss a possible topic or speaker. Any bright ideas or timely requests?</span><o:p></o:p></p></div><div><p class=xmsonormal style='background:white'><span style='font-size:12.0pt;color:black'> </span><o:p></o:p></p></div><div><p class=xmsonormal style='background:white'><span style='font-size:12.0pt;color:black'>I think we're saving a hands on Capture the Flag for later this year. Maybe in conjunction with B-Sides.</span><o:p></o:p></p></div><div><p class=xmsonormal style='background:white'><span style='font-size:12.0pt;color:black'> </span><o:p></o:p></p></div><div><p class=xmsonormal style='background:white'><span style='font-size:12.0pt;color:black'>Talk wise.. the last couple have been panel talks, so we should probably either pivot to either a single presenter/topic.. or does anyone want to head up a hands on workshop?</span><o:p></o:p></p></div><div><p class=xmsonormal style='background:white'><span style='font-size:12.0pt;color:black'> </span><o:p></o:p></p></div><div><p class=xmsonormal style='background:white'><span style='font-size:12.0pt;color:black'>T.Weeks</span><o:p></o:p></p></div><div><p class=xmsonormal style='background:white'><span style='font-size:12.0pt;color:black'>RBTC Cyber Security Forum </hat></span><o:p></o:p></p></div><p class=xmsonormal>_______________________________________________ Security-Discuss mailing list Security-Discuss@lists.rbtc.tech https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.rbtc.tech_mailman_listinfo_security-2Ddiscuss&d=DwIGaQ&c=cehHn3YFTvbeqmBOizlVwndgdnPducYBouAyYX7fXYg&r=Kf5RBswNMWU0qgnhv-jum_IwioCzbHpyt-zOC4z_r4w&m=IEzxaZT0D3jEz3ulNwxaCrTY1tmbkdpjJJVf5iZ6c6I&s=dlNyxzfzYFBgxnU7kmDhbUlgRqNcPFeMZB8RK4_hL8E&e= <o:p></o:p></p></div></div></div></div></body></html>