We are pleased to announce that vArmour are sponsoring our After Conference Reception on Friday, 3rd June. The Reception will be held in the Commonwealth Ballroom directly after the last talk on Friday afternoon. Thank you to vArmour, and we look forward to seeing you all there!
Retail Cyber Intelligence Sharing Center (R-CISC)
Wendy Nather is Research Director at the Retail Cyber Intelligence Sharing Center (R-CISC), where she is responsible for advancing the state of resources and knowledge to help organizations defend their infrastructure from attackers. She was previously Research Director of the Information Security Practice at independent analyst firm 451 Research, covering the security industry in areas such as application security, threat intelligence, security services, and other emerging technologies.
Wendy has served as a CISO in both the private and public sectors. She led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), as well as for the Texas Education Agency. She speaks regularly in locations around the world on topics ranging from threat intelligence to identity and access management, risk analysis, incident response, data security, and societal and privacy issues. Wendy is co-author of The Cloud Security Rules, and was listed as one of SC Magazine’s Women in IT Security “Power Players” in 2014. She is an advisory board member for the RSA Conference, and serves on the board of directors for Securing Change, an organization that helps provide free security services to nonprofit groups. She is based in Austin, Texas.
We Need to Talk…
How do you move threat intelligence sharing from Gossip to Grownup? It takes more than technology: it takes social engineering on a massive scale. Wendy Nather will talk about the process of standing up a new ISAC, the barriers to intel exchange, the Wacky Races of platform and feed providers, and the role government has to play (spoiler: it’s not what you think). The future of threat intelligence is going to be fewer steak dinners and pew-pew maps; it’s going to look more like the Neighborhood Watch on social media. Grab a cup of coffee and let’s meet at the firewall.
We are very pleased to welcome Fortinet as our Hospitality Sponsor for Friday, 3rd June. Their sponsorship pays for all food and drink on the day, so make sure you stop by their booth and say hi!
The RVAsec after party hosted by Anomali and GuidePoint Security will be at District 5 on Thursday, June 2nd, following the conference. It’s just a few blocks from VCU, so head over after the conference for some cocktails and food!
Note that wrist-bands will be required for access to the room & bar, which can be retrieved at the door or at RVA5ec through one of the Anomali or GuidePoint representatives. You must pre-register or register on site.
District 5
1911 W Main St.
Richmond, VA 23220
district5rva.com
We are very pleased to welcome Varonis as our Hospitality Sponsor for Thursday 2nd June. Their sponsorship pays for all food and drink on the day, so make sure you stop by their booth and say hi!
https://www.varonis.com @varonis
Dr. Andrea M. Matwyshyn is a legal academic studying technology innovation and its policy implications, particularly corporate information security regulation and consumer privacy. She is currently a (tenured full) professor of law/professor of computer science (by courtesy) at Northeastern University, a faculty affiliate of the Center for Internet and Society at Stanford Law School, and a visiting research collaborator at the Center for Information Technology Policy at Princeton University, where she was the Microsoft Visiting Professor during 2014-15. In 2014, Professor Matwyshyn served as the Senior Policy Advisor and Academic in Residence at the U.S. Federal Trade Commission. She has testified in Congress on issues of technology innovation and information security regulation and is a US-UK Fulbright Commission Cyber Security Scholar award recipient in 2016-2017.
CYBER!
This talk challenges the underlying assumptions of the “cyber” or “cybersecurity” legal and policy conversation. It argues that the two dominant paradigms – information sharing and deterrence – reflect last century’s policy approaches that channel our security energies in misguided directions: in their current form, they will neither thwart technology-mediated attacks on our national security nor meaningfully bolster consumer protection. Drawing insights from the work of seminal philosopher of science Michael Polanyi, this talk first identifies four analytical flaws that plague the legal and policy analysis of information security. It then offers a new policy paradigm – reciprocal security inducement. Reciprocal security inducement reframes the legal and policy security conversation around two key elements: information vigilance infrastructure and defense primacy. The talk concludes with a list of concrete legal and policy suggestions reflecting the reciprocal security inducement paradigm.* *This talk contains bacon.
Come see me at RVAsec 2016! Register now.
Through the use of interactive dashboards and data analytics, Risk Based Security provides unparalleled risk identification and security management tools that leverage our data breach and vulnerability intelligence. Our blend of dedicated research, technical expertise, data breach analytics, vulnerability intelligence, combined with real world management experience enables us to provide our clients with meaningful and cost effective security solutions.
Risk Based Security is honored to serve the vulnerability and cyber risk intelligence needs of organizations both large and small, across a broad array of industries. Our clients include insurance companies and brokers, manufacturers, banks and credit unions, drug companies, health care providers, life sciences and other technology service providers.
Come see us at RVAsec 2016! Register Now.
We are very pleased to announce Capital One is our sponsor for the CTF this year! Please stop by and say hi to their representatives in the Capture the Flag room.
Founded in 1996, SyCom designs, delivers and supports IT solutions that optimize business results. With offices in Richmond, Roanoke, Virginia Beach, Vienna and Huntington, WV our focus is primarily the mid-Atlantic with national delivery capability. With more than $70 million in revenue, we are one of the largest systems integrators on the East Coast. Named “Best Place to Work in Richmond,” SyCom is an employer of choice for the best IT talent in the region. More than 70% of our engineers have an average of 12 years of experience —underlining our commitment to provide sage advice that you can trust.
Joey Peloquin
Joey has more than 20 years of experience in the information technology industry, specializing in information security for over 15 years. Prior to joining the Citrix Security team, he served as the director of professional services for GuidePoint Security, heading up the security assessments, application and mobile, and cloud security consulting practices. Joey is an active member of the information security community, speaking frequently at conferences and events such as BSides, RVAsec, OWASP, and TakeDownCon. He has also written, or appeared in, articles by Hakin9, SC Magazine, SD Times, and Network World.
Deceptive Defense: Beyond Honeypots
Everyone knows malicious hackers utilize deception all the time. Maybe it’s a tactical DDoS attack, meticulously timed to misdirect defenders from an initial intrusion, or perhaps a data exfiltration event. Attackers reuse competitors’ code, and compile malware in languages other than their own to encourage false attribution. The examples are endless. Quarterbacks are masters of deception, too. This talk compares deceptive practices of top NFL quarterbacks with practical deception in the Enterprise, and offers suggestions on how security practitioners can utilize ruses, disinformation, misdirection, and other techniques to increase the cost of targeting an organization to the point that the risk no longer justifies the reward. The presentation covers effective recommendations deployed in production environments today that don’t require purchasing expensive deception systems.
