MEETING SPONSORED BY:

STLCMG Quarterly Meeting Agenda
Time
Track 1
Presenter(s)
Track 2
Presenter(s)
8:30 9:00
Registration, Full Breakfast, and Networking
9:00 9:15
Welcome and Introductions
9:15 10:15
10:30 11:30
Identity and
Access
Management
Security on
the
Mainframe
Darius
Terrell, IBM
Julie Bergh,
IBM
Java Application
Troubleshooting
Peter Johnson,
Unisys
SQL Performance
and Visualization
Erik
Ostermueller
FIS
A Word from our Sponsor
Darius Terrell, Stan Clement - IBM
12:15 –
1:15
Lunch
1:15 –
2:15
Michael Smith, IBM
3:45
April 21, 2015
Location:
11:45 12:15
2:30 3:30
When:
Application Security
UniGroup
1 Premier Drive
Fenton, MO 63026
Cost:
$25 if paid by Friday, 4/17/15
$35 if paid by Monday, 4/20/15
$50 at the door
10 Best Practices for Security
Mark de Lira, IBM
Fee waived if you are out of work or a fulltime college student with ID.
St Louis CMG must receive RSVP 10 days
prior to meeting event
Closing Remarks
PARS at Ruby Tuesday's
10797 Watson Road, Sunset Hills
Payment:
Free Food - Free Drinks!
All payments can be made through the
website at:
http://regions.cmg.org/regions/stl
cmg/index.html
MEETING SPONSORED BY:
IBM
For alternative payment arrangements
contact: [email protected]
Performance Analysis Relaxation Sessions (PARS)
STLCMG will host PARS immediately after the meeting at Ruby Tuesday’s, only 2.75 miles away.
Take a breather, network with other attendees, or just relax after a long day. Enjoy
complimentary hors d'oeuvres and drinks. You will receive two complimentary drink tickets
good for the beverage of your choice.
Ruby Tuesday’s - Turn left out of Unigroup Take I-44 East.
Stay in right lane and take Watson Road exit.
Right at the second stoplight into Plaza.
Free Food
Free Drinks
Email: [email protected]
Future Meeting Dates:
July 14, 2015
October 13, 2015
http://regions.cmg.org/regions/stlcmg/index.html
ABSTRACTS AND BIO’S
Darius Terrell, IBM
Abstract
Identity and Access Management
Achieving today’s business imperatives demands technology that leverages the latest innovations to stay ahead of the competition. Lineof-business leaders are under increasing pressure to perform, and are subscribing to software solutions themselves in order to help
reach their goals. Information Security staff are under increasing stress to ensure that their identity and access management solutions
are able to securely provide auditable access to these solutions without degrading the end user experience. They also have to be
concerned about internal and external attack vectors - particularly as the world moves toward cloud and mobile devices. Has your
identity and access management solution evolved to handle today’s challenges?
Bio
Darius has worked as a Security Architect for 8 of his near 18 year career at IBM. Prior to his current role within Technical Sales he
served as a Senior Security Architect within IBM Security Lab Services and brings extensive experience in the design & architecture of
customer security solutions focusing on identity and access management. He has both established and utilized the best practices for
deploying the IBM Security portfolio along with the lessons learned from customer deployments. Darius has also served within IBM as
the World Wide Services Security Practice Manager responsible for building security software consulting competency for the IBM
Security portfolio across the Americas, EMEA, and AP geographies.
Peter Johnson, Unisys
Abstract
Java Application Troubleshooting
Over the past 15 years the author has worked with numerous Java applications and has used a number of techniques to pinpoint issues
with those applications. This paper describes a number of those techniques that the author has found to be most helpful. The paper
includes such topics as solving memory issues, tuning garbage collection, and pinpointing problem areas.
Bio
Peter Johnson has 35 years of IT industry experience, mostly in application development. For many years he was the chief architect of a
team that analyzed performance of Java applications on large-scale Intel-based machines and evaluated various open source
software for enterprise readiness. He currently is a lead architect for Unisy Choreographer, a cloud-based solution. Peter is a frequent
speaker at the annual CMG conference, speaking mainly on Java performance. He is also a co-author of JBoss in Action.
Julie Bergh, MA CISSP ISSMP CBCP, IBM’s Lead North American z Systems Security Champion
Abstract
Security on the Mainframe
Over the past 15 years the author has worked with numerous Java applications and has used a number of techniques to pinpoint issues
with those applications. This paper describes a number of those techniques that the author has found to be most helpful. The paper
includes such topics as solving memory issues, tuning garbage collection, and pinpointing problem areas.
Bio
Julie is IBM’s Lead North America z Systems Security Champion, has worked for IBM for the past 15 years and has many more years
prior to that in the private sector. Julie is a certified IT specialist and has a Master’s Degree in Information Systems management from
Webster University in St. Louis, MO. Prior to joining IBM, Julie worked at a variety of large companies (e. g., GMAC, MasterCard)
where her roles ranged from programming and system programming to IT Internal Auditing and IT Management. In recent years, Julie’s
efforts have been related to z System Security Migrations and Security Product Technical Sales, and as a result has broad experience
engaging all levels of the customer organization from the C-Suite, to Security Management and to front line Security Analysts. Julie has
experience in both customer and provider aspects of IBM’s z Systems Security, and possesses deep skills in z/OS, RACF, ACF2 and Top
Secret administration.
http://regions.cmg.org/regions/stlcmg/index.html
Paul Ionescu, IBM
Abstract
Application Security




Why the Application Layer is so exposed to Security Threats
Famous Application Attacks of 2014 - Heartbleed and Shellshock
Challenges associated with today's development environments: Cloud, DevOps, Continuous Integration
Running an Application Security Program, managing your portfolio, assessing risk, what are the areas of Secure Engineering
that you need to tackle
Bio
Paul Ionescu leads the Security Engineering and PSIRT program for the IBM Security business unit. He also manages a team of highly
skilled security experts tasked with pen-testing IBM products: the Ethical Hacking Team. Since he joined IBM in 2007 he worked in
several areas of the Application Security business including support, technical sales, technical enablement and development. Before
taking on his current role Paul was a senior developer for the AppScan line of products and contributed to key projects and
research. Paul also holds an IBM Master Inventor title for his contribution to the IBM patent base.
Erik Ostermueller
Abstract
SQL Performance and Visualization
SQL performance defects often evade detection until long after functional testing. Text based displays of SQL do a poor job of
indicating which SQL anti-pattern is at fault, especially the chatty “SELECT N+1” anti-pattern. wuqiSpank is an open source graphical
tracing tool that helps quickly identify repetitive SQL performance anti-patterns in any platform that uses SQL. To refactor the code,
just apply a known solution to a known anti-pattern.
Bio
Erik Ostermueller was born and raised in St. Louis, MO, played grade school soccer at Fenton Park and went to high school at
SLUH. Erik is the founder of wuqiSpank.org, a new way to visualize SQL Performance. He is the technical director at the Performance
Center of Excellence at FIS, the largest Financial Services software provider in the world. He has done high-performance software
tuning and other consulting for clients in Europe, Asia and North and South America. In 2012, CMG.org funded Erik's 8-city
international speaking tour to present his paper, "HELP DEVELOPERS (FINALLY) FIND THEIR OWN PERFORMANCE DEFECTS". This
paper won two awards at the 2011 International CMG performance conference: The J. William Mullen award and "Best Paper"
award.
Mark De Lira, IBM
Abstract
10 Essential Practices for Security
Every day, new streams of information flow into corporations. Employees, customers and contractors are all connected and now have
access across a multitude of technologies. CIOs are challenged as never before with managing security and mitigating risk in this fastchanging, hyper-connected world. A different way of thinking is needed. Designed as a business approach to security, IBM has
developed the 10 Essential Practices for IT Security. Covering all domains, they serve as a foundation for a mature, enterprise
information security program. This presentation will provide a view into the 10 EPs as they are leveraged today at IBM for its own
security program internally.
Bio
Mark De Lira currently serves as IBM's Security Services Leader in the Midwest. Drawing on a diverse background serving in various
sales, technical and management capacities, Mark brings an experienced perspective with over 35 years in IT, and the last 20 in
security. With a past in both consulting services as well as sales, Mark has in-depth knowledge of the security needs and business
drivers organizations face today, and brings that unique insight when articulating solutions for his clients.
http://regions.cmg.org/regions/stlcmg/index.html