I figured it was time to update my Where’s Andrew page and thought I’d do a quick post letting people know where I”m going to be over the next few months. If you’re going to be at one of these events, please let me know and we’ll catch up (or meet) over a pint or two:

• Wednesday, December 9th and Thursday, December 10th, 2009 – Presenting a briefing on the OSSEC HIDS with Daniel Cid at the SANS WhatWorks in Incident Detection Summit 2009 with Richard Bejtlich in Washington, DC.
• Tuesday, October 6th and Wednesday, October 7th, 2009 – Attending SecTor 2009 IT Security Education Conference in Toronto, Ontario. (plans confirmed!)
• Wednesday, September 16th to Tuesday, September 22nd, 2009 – Attending SANS Network Security 2009 in San Diego, California.
• Monday, September 14th and Tuesday, September 15th, 2009 – Attending the SANS WhatWorks in Data Leakage Prevention and Encryption Summit 2009 in San Diego, California.

One of the things I wanted to do after arriving in Lethbridge, Alberta was to form a local OWASP chapter. As of today that “want” is now a reality. If you’re in Southern Alberta and are looking to learn more about application security, join the chapter. It’s free and you’ll probably learn a bunch of stuff.

Keep checking the official chapter webpage for details on when and where the next meeting is taking place: http://www.owasp.org/index.php/Lethbridge

I did a quick search through Amazon to see what books are talking about OSSEC since we published the OSSEC Host-Based Intrusion Detection Guide in February of 2008. To remind everyone, OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. Here is a quick rundown of what I have found based on my Amazon search:

• Malware Forensics: Investigating and Analyzing Malicious Code by Cameron H. Malin, Eoghan Casey, and James M. Aquilina – mentioned here on page 644.
• Security Framework for Attack Detection in Computer Networks by Cyril Onwubiko – mentioned here on page 212.
• Computer Security: Protecting Digital Resources by Robert Newman – mentioned here on pages 272, 331, and 424.
• Security Monitoring by Chris Fry and Martin Nystrom – mentioned here on page 102.
• CompTIA Network+ All-in-One Exam Guide, Fourth Edition by Michael Meyers – mentioned here on page 403.
• Computer and Information Security Handbook (The Morgan Kaufmann Series in Computer Security) by John R. Vacca – mentioned here on page 88.
• Advances in Information Security and Assurance: Third International Conference and Workshops, ISA 2009, Seoul, Korea, June 25-27, 2009. Proceedings (Lecture … Computer Science / Security and Cryptology) by Jong Hyuk Park, Hsiao-Hwa Chen, Mohammed Atiquzzaman, and Changhoon Lee – mentioned here on pages 255 and 256.

So if all of these other authors are talking about it…why haven’t you downloaded it and purchased a copy of the book? 🙂