Our Committees

Chapter Leadership

• Kendra Ash - Chapter President
• Brian Myers - AppSecPNW Chair
• Benny Zhao - Treasurer
• Terry Tower - Mentorship Committee Chair
• Chelsea Willis - Chapter Meeting Committee Chair
• Derek Hill
• David Quisenberry
• Jason Leonhard

Chapter Meetings

Purpose

Our Chapter Meeting Committee is responsible for cultivating venues and speakers for our monthly chapter meeting.

Members

• Chelsea Willis - Chair

Opportunities

If you are interested in speaking at a chapter meeting, having your company host one of our meetings, or helping out with this committee please email [email protected].

AppSecPNW Conference

Purpose

Our AppSecPNW Conference committee is responsible for the planning of the AppSecPNW Conference.

Members

• Brian Myers - Chair

Opportunities

If you are interested in speaking at the conference, know a company who wants to sponsor, or helping out with this committee please email [email protected].

Mentorship

Purpose

The Mentorship committee helps match mentor and mentee pairs, recruit people to utilize our mentorship program, develop resources for learning, and check in with mentorship pairs.

Members

• Terry Tower - Chair

Opportunities

If you are interested in being a mentor or mentee, developing resources, or serving on this committee email [email protected].

Mentorship

What It Is

We’re in the business of helping people grow. Whether you are a beginner, and expert, or somewhere in between, we want to help you develop as a professional. We work to pair you with someone who has experience or is interest in the same area you are looking to mentor or be mentored. It’s about relationships, hands on keyboards, questions, advice. A lot of the program is what you make out of the relationship we seed you with.

How to Get Involved

If you are interested in finding a mentor or being a mentor, please contact one of our leaders in our chapter via email.

Resources to Help

Here is our resource guide for our mentorship program. It is very much a work in progress (and we would love your help if you want to throw some people hours at it).

Presentations

• OWASP Incubator Project Spotlight: Penetration Testing Toolkit (PTK)

• So You Want a Career in Security? - Derek Hill - September 2023

• 10 Things I Want to Show You about Wireshark, Kevan Vanhoff - April 2020

• So You Want to Teach Security? Bully for You!, John L. Whiteman - Dec 2019

• OAuth2-OIDC Single Page Apps, Jake Feasel - July 2019

• OWASP Top 10 for Javascript, Lewis Ardern - Apr 2019

• Breaching Cyber Security Industry, Ryan Krause - Mar 2019

• Building Security, Kendra Ash - Feb 2019

• Docker Exploits, Josh Farwell - Jan 2019

Podcasts

All of our podcasts can be found here:

Contact us if you know someone who would be a great podcast guests:

• Caroline Wong - What a Top Chief Strategy Officer Has to Say About Security These Days

• Jim Manico - “Kūlia I Ka Nu’u” to Be Your Best in Security

• Bruce Schneier - We Live in a Security and Privacy World That Science Fiction Didn’t Predict

• STÖK - What It Takes to Be a Good Hacker

• Terry Dunlap - IoT Security Starts with Getting Rid of Your IoT Devices

• Dr. Linus Karlsson - The Art of Managing Open So

• Terry Tower - Drones Be Hacked

• Andrew van der Stock - OWASP Executive Director - Our Software is the Firewall

• Simon Bennetts and Rick Mitchell - The Great Proxy Wars - ZAP vs. Burp Suite

• Eva Galperin - Director of Cybersecurity at the Electronic Frontier Foundation (EFF) - Go Look Where No One Else is Looking

• Glenn Bravy and Merritt Wilson - Secure Code Warrior - Are Some Languages More Dangerous Than Others?

• Jake King - Linux Cloud and Endpoint Security - Do It Wisely. Make it Easy

• Eric Higgins - Security From Zero: Practical Security for Busy People

• Mike Goodwin and Jon Gadsden - Threat Dragon is for Threat Modeling. Come Help Build It!

• Ashish Patel - Best Practices for Proactive Cloud Security

• Theresa Masse - Department of Homeland Security - Tips,Tricks and Free AppSec Services from the DHS - Stay Protected from the New Bad COVID-19 Actors

• John Andersen - The Easiest Way to Use Machine Learning for AppSec (DFFML)

• Tanya Janca - SheHacksPurple - Some of the Best AppSec Advice You’ll Ever Hear Here!

• Laura Chappell - Inspiring the Next Generation of Security People to Do Wireshark Packet Analysis on the Interplanetary Internet

• Kaliya Young - How We See Identity for Authentication Needs to Change

• U.S. Senator Ron Wyden (OR) - Election Security, Mind Your Own Business Act, Encryption Weakening, NSA Surveillance, FISA, SIM Swapping and STEM Initiatives

• Ian Melven - Playing the Long Game in Infosec

• Mark Curphey - Founder of OWASP - Security. Don’t Be Shy. Just Ask!

• Chad Holmes - CMD+CTRL Web Application Cyber Range

• Aaron and Ray - Application Security. It’s Really About the Code!

• Ryan Krause - Some Good Advice For Those Who Want to Become Pen Testers

• Patterson Cake - Overcoming Your Greatest InfoSec Adversary: You!

• Adam Shostack - Threat Modeling

• David Quisenberry & Ben Pirkl - OWASP Top 10 / Juice Shop Hack Session

• Alex Ivkin - Container Security

• Justin Angra - Intro to Chrome Exploitation

Videos

All of our videos can be found on our OWASP PDX YouTube channel here:

• Brian Myers - XXE for Dummies (or How to Make an XML Parser Send You Files) (OWASP Portland, Oregon)

• Wenjing Wu - Game to Dethrone: A Least Privilege CTF (OWASP Portland, Oregon)

• Dr. Wu-chang Feng / Nicholas Springer - Thunder CTF: Learning Cloud Security on a Dime (OWASP PDX)

• Roop Kaur - Automate OWASP ZAP (OWASP Portland, Oregon)

• Sam Lemly - Secure Code Warrior Tournament Overview (OWASP Portland, Oregon)

• Clint Gibler - Detect Complex Code Patterns Using Semantic Grep (OWASP Portland, Oregon)

• Brian Ventura - Crypto 101 (OWASP Portland, Oregon)

• Kevan Vanhoff - 10 Things I Want to Show You about Wireshark (OWASP Portland, Oregon)

Participating

Attendees

Our events are open to the public, and most events are free. Membership in OWASP is not required, though if you are interested in supporting OWASP’s mission we encourage you to join.

If you have ideas about events you’d like to see OWASP offer or topics you’d like to hear speakers address, contact any of the chapter leaders or post a suggestion in Meetup.com or our OWASP Slack channel. We’d love to hear from you.

Speakers

We are always looking for speakers to present at monthly events. We accept a wide range of topics related to application security. If you are interested, contact anyone on the leadership committee. (Be aware that we try to keep our schedule booked some months in advance.)

We do not pay speakers. OWASP is a largely volunteer-run non-profit organization.

What We Ask from Speakers

What follows are standard expectations for all our events. Most of it probably goes without saying, but I’m including it just to be clear.

We are looking for talks of about 30-50 minutes with time afterwards for Q&A. We typically schedule events after work, around 5:30 or 6pm. Exact time depends on the speaker and the venue.

We generally expect speakers to have visual aids (typically slides) and to have practiced their presentation in advance. Venues may or may not provide internet connectivity. We assume you are bringing a laptop with slides and don’t need anything from us except a hookup to a screen or projector. We would be happy to post your presentation on our website afterwards, but that is up to you.

OWASP has a code of conduct and we ask all participants in our chapter events to follow it. Among other things it includes commitments to treating others with respect, not plagiarizing, and not jeopardizing OWASP’s objectivity and independence. OWASP does not endorse products or services, and presentations at our chapter events must not be pitches for a product or service. It is fine to say who you are and what you offer when you introduce yourself, but the purpose of the talk should be to convey vendor-neutral insights, practices, and/or recommendations.

We ask speakers for a serious commitment to making the agreed date. If a conflict arises that prevents you from participating, however, please give us as much advance notice as possible so we can make other arrangements.

Hosts

We also need places to present. Typically we look for venues near central Portland with capacity for 40 or more people and a screen or monitor for projecting slides. Usually these are conference rooms or other gathering areas that local companies generously allow us to use.

We acknowledge hosts when we publicize events on Meetup.com and in the chapter’s Slack channel, and again at the start of the event.

If you have space to offer or know someone who might, please contact any of the chapter leaders.

Sponsors

Since we usually schedule presentations after work around 5:30 or 6pm, we appreciate it when someone is willing to provide food. Attendance varies from event to event, so if you are interested in sponsoring you’ll want to contact any of the chapter leaders to identify specific opportunities.

We acknowledge hosts when we publicize events on Meetup.com and in the chapter’s Slack channel, and again at the start of the event.

Volunteers

We are all volunteers! OWASP chapters are run entirely by volunteers. If you would like to help us put on events, contact any of the chapter leaders.