Complete seminar details are also online at: http://tcipg.org/news/TCIPG-Seminar-2013-Oct-4-Caldwell
Live webcast URL option #1 (non-interactive; requires Quicktime) http://mediapointe.ncsa.illinois.edu:8080/live.sdp
Live webcast URL option #2 (interactive to support Q&A; no password required) https://ncsatraining.webex.com/ncsatraining/onstage/g.php?d=800590128&t=a
Abstract: No matter the brand of software development “religion” practiced in an organization, adding security practices to the lifecycle presents unique challenges and opportunities. In the words of John Kotter of Harvard, “…transformation is a process, not an event. And it takes years.” Rob is in the midst of a multi-year initiative to roll out a security development lifecycle in his organization, and will share what he has learned along the way. Beginning with security-focused design reviews to address flaws, continuing on to static analysis to address bugs, then strategies for security testing, the goal is to add security along the entire development lifecycle. Underpinning the process changes is a multi-role security training program, with training tailored to individuals’ job tasks. Finally, he will discuss some of the challenges with the energy utility software market, regulation, and emerging standards.
Biography: Rob Caldwell is the Chief Security Architect and Principal Engineer for GE Digital Energy Software Solutions (DE-SWS). In this role, Rob provides technical governance and guidance for software security in DE-SWS. DE-SWS develops software products for the energy market, and has development teams located in the United States, Europe, and India. His areas of expertise include threat modeling, secure coding practices, and security training. Rob coaches and mentors a number of individuals in DE-SWS who aspire to work in software security.
Prior to joining GE in Melbourne, FL, Rob worked for five years as a software developer and database administrator for the United Space Alliance at Kennedy Space Center, FL. He joined GE in 2005, and worked as a database administrator and Transmission Management System security lead before moving to his present role.
Rob graduated from the University of Florida (B.S.) and Berry University (M.S.) and holds a Certified Information Systems Security Professional (CISSP) credential from the International Information Systems Security Certification Consortium ((ISC)2). In addition, he is a member of IEEE and the IEEE Computer Society, and the Association for Computing Machinery (ACM).
About the TCIPG Seminar Series: The monthly TCIPG Seminar Series on Technologies for a Resilient Power Grid presents speakers who are experts on topics in the broad area of research, development, and design for secure and resilient systems related to the power grid. The scope includes all power grid systems, from traditional systems involved in generation, transmission, and distribution to emerging systems dealing with distributed generation, renewable integration, and demand-response.
The seminar series is presented by the Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Project, an $18 million multi-university research effort whose partner institutions include the University of Illinois at Urbana-Champaign, Dartmouth College, the University of California at Davis, and Washington State University. The TCIPG Project, a successor to the earlier NSF-funded TCIP Center, was founded in 2009 with support from the U.S. Department of Energy and the U.S. Department of Homeland Security. It is housed in the University of Illinois Information Trust Institute.
For more information or for a complete seminar schedule, visit www.tcipg.org/tcipg-seminars