The San Antonio Security Community – Past, Present and Future

John B. Dickson, CISSP

Denim Group Background

• Privately-held, professional services organization that builds secure software and mitigates risk of existing software

• Takes a software-centric perspective on application security– All consultants regularly build software systems– Approach the problem of software security from a developers viewpoint– Secure development methodology used on all software builds

• Solving the secure remediation challenge– The next “hard” problem in application security

• Thought Leaders in Secure Development Practices– Developed Sprajax – First Open Source AJAX vulnerability scanner– Regular speakers at RSA, OWASP, CSI– OWASP National Leaders

1

My Background

• Ex-Air Force Officer– ESC, AFIWC, AFCERT

• Entrepreneur• Security Practitionery

– Commercial Experience at Trident Data Systems, KPMG, SecureLogix, Denim Group

• Founder and Former Chairman of SATAI & Past Chair of the North Chamber

2

Cluster Theory and San Antonio’s Security Community

• Michael Porter’s Cluster Theory of Economic Development– A Cluster: geographic concentration of competing and cooperating companies,

suppliers, service providers and associated institutions

• Sophisticated clusters produce an ecosystem of activity• Examples:

– Silicon Valley semiconductor industry– Hollywood film industry

• Cluster theory central to competitiveness

3

The Springs from which much flowed…

Emerging SecurityCommunityCommunity in San Antonio

4

Cluster Theory and San Antonio’s Security Community

• Economic analysis prepared by Silicon Valley think tank ICF Consulting led by Jim Gollub

• Delivered in July 2000 for:– The City of San Antonio, Economic Development Department – San Antonio Technology Accelerator Initiative

• Captured an “emerging cluster” of IT activity centered around information security

• “In order for San Antonio to economically benefit from the wealth of competency in information security expertise, economic inputs must be aligned to make it advantageous for local entrepreneurs to stay in the region”

5

The Higher Education Component – A Crown Jewel

• UTSA’s Center for Infrastructure Assurance and Security (CIAS)– Established 2001

Certified by NSA as a Center of Academic Excellence in Information Assurance– Certified by NSA as a Center of Academic Excellence in Information Assurance Education 2002

– Missions• Cyber Security Exercise Programs• Cyber Security Training• Cyber Defense Competitions

– Governor’s Emerging Technology Fund

• St Mary’s Center for Terrorism Law• St. Mary s Center for Terrorism Law• OLLU InfoSec Program• ACCD and the Information Technology & Security Academy

6

Early Case Studies of Successes

• WheelGroup Corporation– NetRanger: First commercial network intrusion detection technology

Acquired by Cisco Systems for $124m in February 1998– Acquired by Cisco Systems for $124m in February 1998– First successful security firm liquidity event– Founders turned around and founded SecureLogix Corporation in San Antonio

• Secure Network Consulting IncSecure Network Consulting, Inc.,– Led by ex-Air Force and Trident Data Systems security consultants– Acquired by Axent Technologies, who subsequently were acquired by Symantec

7

Immediate Impact of Air Force Decision

• Reaffirms what we know in San Antonio– Critical mass of talents, technologies, and higher ed framework

Elected officials and business leaders now acknowledge importance– Elected officials and business leaders now acknowledge importance– Growing sense that this is an economic development opportunity for our community

• 600+ new jobs– Air Force active duty and civilian positions– Air Force active duty and civilian positions– Indirect jobs via contracts

• Immediate impact on DoD community perception• Increased interest in contractor community outside SA• Increased interest in contractor community outside SA

8

The Possibilities Going Forward

• Expand relocation of national contractors to San Antonio– SRC, SAIC, CSC, BAH, et. al.

I i f b it i i t• Increase expansion of cyber security missions at:– NSA Texas– 24th AF– Other units– Other units

• Expand of R&D contract dollars via the 24th AF– Replace the IW Battlelab?

• Increase R&D and commercialization via UTSA and others• Increase R&D and commercialization via UTSA and others– New commercial companies based on intellectual property spun out

• Communicate to the world that we have are a cyber security leaderP dditi l ETF t iti

9

• Pursue additional ETF opportunities

The ISSA Chapter – How it can Contribute

• Current– Conducting educational meetings on security topics of interest

Networking via monthly meetings– Networking via monthly meetings– Success stories…

• Future (proposed)– Grow the next generation of security leadership in San Antonio– Grow the next generation of security leadership in San Antonio– Help connect various security interests – cross pollination of security components in

San Antonio – Increase profile of San Antonio via ISSA national– Attract higher profile speakers– Increase DoD presence!– Increase identification outside of the security community

10

Contact Information

• John B. Dickson, CISSP– john@denimgroup.com

Twitter @johnbdickson– Twitter @johnbdickson

www.denimgroup.comhttp://denimgroup.typepad.com/p g p yp p

11