Chapter Meeting (Dec 2017)

Our sixth and final chapter meeting of 2017 will be held December 19th, 1:00-4:00pm, at the St. Mary's University Center in Minneapolis. Come out and join us for our informative presentations and great networking with your coworkers, colleagues and friends!

Meeting Agenda

  • Social networking: 1pm – 1:30pm

  • President and Board opening statements: 1:30pm – 1:50pm

  • Presentation: 1:50 – 2:40pm

  • Break: 2:40pm-2:50pm

  • Presentation: 2:50pm – 3:40pm

  • Drawings and closing remarks: 3:40pm – 4pm

Please note the location change to St. Mary's University Center!!


The building address is 2540 Park Ave, Minneapolis. There is a parking lot on 25th and Oakland Ave. Please walk to the north side of the building, the door are under the carport.

Evolution of Application Security Programs

Application security has become one of the most important frontiers for protecting digital assets, and has effectively changed focus from protecting network perimeters to ensuring security around dozens, hundreds, or even thousands of applications.  Rapid growth of applications developed in each organization is fueled by availability of data and rapid development programming languages and platforms, which make it feasible to create robust applications in a fraction of the time compared to even a few years ago.  Combined with a wide range of development methodologies, challenges for Application Security Programs have never been higher.

This session will cover some of the latest trends in increasing the effectiveness of Application Security Programs, as presented and discussed at the latest OWASP Summit in London.  Presentation will include upcoming changes within several OWASP projects aimed at increasing ability to measure, manage, and improve their Information Security Programs, while forming stronger relationships with product owners and developers.

Yan Kravchenko

As Chief Information Security Officer (CISO), Mr. Kravchenko is responsible for managing the Security and Compliance resources. He confronts the evolving and ever present data security challenges facing Atomic Data and its clients.

Mr. Kravchenko brings more than 20 years of technology and information security experience to Atomic Data, the last six of which he served as compliance advisory practice lead at NetSPI. He primarily addressed unique security and compliance challenges in the healthcare space during that time. Additionally, Mr. Kravchenko has six years of experience in the payment card industry as a practicing QSA. Mr. Kravchenko received a B.S. degree in Information Systems Management from Regis University. He also holds a wide array of industry certifications including CISSP, CSSLP, CISA, and CISM.

This Time, It's Personal: Why Security and the IoT Is Different

Unfortunately, in recent years we’ve seen a host of incidences where IoT devices were compromised. Sometimes these have been minor with little coverage, while others like Mirai affected millions around the globe a produced serious economic impact. When attacks like this occur, they not only erode the trust of the users of these devices, but cause those who are looking to adopt this new technology to pause. With any new technology, security must be thought of as a first class citizen and when we are talking about IoT, the data is personal. As the IoT matures, I’ll share some mistakes that have happened in the past, where we are today and how I believe we are now finally seeing a maturity of devices that are remotely updated, fault tolerant and secure. When it comes to building an IoT device, security is personal.

Justin Grammens

Justin lives at the intersection of emerging technology and leading communities on the Internet of Things. He is a Co-Founder of Lab 651, where he helps companies use sensors and intelligence to build connected products and mobile applications that use data to drive business change. He is the owner of IoT Weekly, a free curated newsletter with industry expert perspectives on the Internet of Things, a co-founder of IoT Fuse, a 501(c)(3) non-profit with the mission to position Minnesota as a leader on the Internet of Things and an adjunct professor at the University of Saint Thomas teaching a graduate level course on the Internet of Things.

A proven leader and builder of technology, Grammens was named one of the 2016 (Real) Power 50 by Minnesota Business Magazine, speaks at countless technology conferences, co-launched Minnesota’s first Internet of Things Hack Day where inventors compete to build the best Internet enabled product in 12 hours and is a mentor to students of all ages through CoderDojo Twin Cities and Macalester College's MacStartups program. Most importantly, he enjoys family movie nights with his wife and two boys. You can keep up to date with him on LinkedIn and Twitter.

MN ISSA members in attendance at the meeting have the opportunity to win several book giveaways recommended by our speakers:

See other past recommendations.


Are non-members and guests welcome at meetings and events?

Yes, we welcome individuals at large from the security community to join us for any of our events. We simply ask that, after experiencing personally the value of our community at two events, individuals consider joining ISSA for the additional benefits that membership provides.

Why do we have to register to attend meetings and events?

Besides assisting the board with planning logistics for our events, registering for meetings and events, then checking in when you attend, provides you with self-service documentation you can print out to support your CPE credits if you are audited.

Do I have to bring my printed ticket to the event?

No, printed tickets are not necessary, you will still be able to check in.  However, having a printed or electronic copy of your ticket does speed up the check in process.

***Information/image release.  By registering for this event, I agree that:

  • I am allowing my contact information included in the registration to be shared with MN ISSA and I may be contacted by MN ISSA

  • I grant MN ISSA and/or ISSA International the right to use any candid photos or videos taken during the event in future marketing and communication efforts, to include, but not limited to, websites, brochures, advertisements, magazines, newspapers, newsletters, emails, videos and web conferences.