Author: <span class="vcard">karen</span>

Speaker Feature: Rick Lull and Shannon Yeaker

Rick Lullavatar for Rick Lull
rlull@verizon.net

Network bubba, health care IT survivor, now trying to play Horatio on the bridge via infosec for customers of my new company.

 

 

Shannon Yeakeravatar for Shannon Yeaker

Shannon Yeaker, PMP, CISA, CAHIMS is a Lead Consultant with Impact Makers in the Governance, Risk and Compliance (GRC) Practice. She is a dynamic IT professional with extensive experience in Information Security, control design, risk management, project and process management at a Fortune 200 company in the financial services industry. She is a certified Project Management Professional (PMP), a Certified Information Systems Auditor (CISA), Certified Associate in Healthcare and Information Management Systems (CAHIMS) and holds additional certifications in Business Process Management, Agile, Lean and Scrum. Shannon is a member of the Virginia Chapter of the Information Systems Audit and Control Association (ISACA).Currently serving as a Project Manager assisting a $3.5 billon healthcare system with multi-year and multi-million dollar information security transformation program. She manages the delivery of secure network segmentation to over 30,000 endpoints in 7 states.  Shannon was previously with Capital One, for more than 20 years. She has a Master’s Certificate in Project Management from George Washington University and a Bachelor of Science in Psychology from James Madison University.

Adventures in (Dynamic) Network Segmentation or And that’s how I got this scar

Network segmentation is a great way to build a foundation for a thorough approach to defense in depth as part of your security program. The benefits can be great, but the path is not without some risk of its own. This talk with review some of the challenges and successful strategies to create a solid and sustainable practice on getting your arms around what is out there and on your network. The presenters, fresh from a large scale project to do this at a health system, will cover tips, tricks, pitfalls and the like to let you approach this very useful tool with your eyes wide open.

Come see us at RVAsec!

 

 


Silver Sponsor Feature: Palo Alto Networks

www.paloaltonetworks.com

@PaloAltoNtwks

pan-logo-badge-green-dark-kick-up.jpg (1650×1050)

As the next-generation security company, we are leading a new era in cybersecurity by safely enabling all applications and preventing advanced threats from achieving their objectives for tens of thousands of organizations around the world. We are one of the fastest growing security companies in the market because of our deep expertise, commitment to innovation, and game-changing security platform focused on bringing an end to the era of breaches by uniquely integrating our Next-Generation Firewall, Advanced Endpoint Protection, and Threat Intelligence Cloud.

Come see us at RVAsec! Register Now.


Speaker Feature: Alon Arvatz

www.intsights.com

Alon Arvatz runs products at IntSights.  Prior to co-founding IntSights, Alon had was a cyber security professional in the military and private sector.  Alon started his career serving in an elite intelligence unit in the Israel Defense Forces.  Then, Alon joined Guy Nizan to establish Cyber School, a center providing teenagers with courses, seminars and summer camp workshops on cyber intelligence.  Hoping to help enterprises capitalize from his experience, he co-founded IntSights to make threat intelligence programs a reality for enterprises around the world. When not defending companies from hackers, Alon spends time with his very cute family.

OSINT: The Secret Weapon in Hunting Nation-State Campaigns

Discussing real use cases of state actors engaged in APT campaigns, explore what can be done with the available intelligence tools we have today, specifically from the Dark Web.

Come see me at RVAsec 2017. Register Now!


Silver Sponsor Feature: Checkpoint

www.checkpoint.com

@CheckpointSW

AAEAAQAAAAAAAAffAAAAJDc2ZDA1MmZmLWRkNzQtNDhiOC1iMDdhLWE1NDNjZDBjN2M0Ng.png (200×200)

Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

Come see us at RVAsec! Register now.


Hospitality Sponsor: FireEye

We are pleased to welcome FireEye as a Hospitality Sponsor! All the food and drink served on Friday 9th will be sponsored by them, so be sure to stop by their table to say hi and thank them for feeding everyone!

www.FireEye.com          @FireEye

FireEye

Register Now!


Silver Sponsor Feature: Qualys

www.qualys.com/

@qualys

Qualys

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

Come see us at RVAsec! Register now.

 


Speaker Feature: Robert Mitchell

rrmitch@sandia.gov

Robert Mitchell is currently a member of technical staff at Sandia National Laboratories. He received his Ph.D, M.S. and B.S. from Virginia Tech. Robert served as a military officer for six years and has over 10 years of industry experience, having worked previously at Boeing, BAE Systems, Raytheon and Nokia. His research interests include linkography, moving target defense, computer network operations, network security, intrusion detection and cyber physical systems. Robert has published 19 peer reviewed articles.

Recent Developments in Linkography Based Cyber Security

Cyber attacks on critical cyber systems are not decreasing in frequency or complexity. Aggressors choose the time and place of these engagements; protectors must identify, research and develop defensive techniques that provide an asymmetric advantage. A static, data-driven, preventative, automated defense is a losing strategy; an effective defense must be dynamic, behavioral, responsive and capitalize on a human in the loop. We propose human and machine performed linkography to detect, correlate, attribute and predict attacker behavior and present a moving, deceptive target. Recently, our team generated a technology transfer strategy for linkography based cyber security, proposed algorithms to extract and refine linkograph ontologies and subsessionize our input stream and completed our previous related machine learning work. Linkography has been in the literature for decades, and our investigation indicates it is an open, fertile topic for basic and applied cyber security research.

Come see me at RVAsec 2017. Register Now!


Speaker Feature: Robert Wood

bwood@nuna.comIMG_-jj4umt-3.jpg (2197×2197)

robertwood50

Robert Wood runs the security team at Nuna Health, whose core directive is to protect one of the nation’s largest collective healthcare data sets. Previously, Robert was a Principal Consultant at Cigital where he founded and led the red team assessment practice and worked with strategic clients across the United States in an advisory capacity.

Maintainability + Security = <3

The security and devops culture craze is all around us, even with all this talk though there are differences between security features and the maintainability of a system. This talk will focus on some real world examples of what can go wrong when a system isn’t built with maintainability in mind in a security minded culture. We will cover the political positioning battles that emerge, how security leaders can manage risk in these situations, and of course the technical challenges that creep into the picture over time.

Come see me at RVAsec 2017. Register Now!


Speaker Feature: Dan Holden

dan.holden@r-cisc.org

@desmondholden

Dan Holden is the CTO and Intelligence Director at R-CISC, the retail ISAC, where he focuses on new technology and service development as well as threat intelligence production and exchange. Previously he was the Chief Technology Strategist and Director of ASERT, Arbor’s Security Engineering and Response Team at Arbor Networks. There he was responsible for future product direction and security threat intelligence integration. He also led the team who oversees the ATLAS global security intelligence database, and are responsible for threat landscape monitoring and Internet security research including the reverse engineering of malicious code. He also managed the development and delivery of security content and countermeasures for Arbor’s industry leading DDoS technologies. Prior to Arbor, Dan was director of TippingPoint’s DVLabs and a founding member of IBM/ISS X-Force. While at TippingPoint, Dan grew the DVLab’s organization into a mature security research and development team delivering security content, intelligence portals, and reputation technology as well as overseeing the Zero Day Initiative (ZDI) program. Dan also helped build and define X-Force over the course of 12 years in various capacities ranging from development to product management. Dan has been in the security industry for over two decades specializing in vulnerability analysis, security research, and technology incubation. Dan is a frequent speaker at major industry conferences and has been quoted and featured in many top publications, radio and television.

Retailing Another Threat Landscape Story

Over the last several years, retail breaches have become some of the highest profile stories, but just like any other vertical target, the day-to-day offense and defense continues to evolve. The ebbs and flows of attackers and defenders don’t always make the news, which is a good thing, but what does the daily routine look like on the retail front? And, why should you care? You should care because at some level or another, we are the potential defenders, or consumers of these organizations, and retail has now become part of the modern attacker infrastructure.

Come see me at RVAsec 2017. Register Now!


Speaker Feature: Troy Marshall

troy.marshall@ellucian.comRTM.JPG (897×1173)

@rtroymarshall

How do you answer when someone asks what you do for a living? Troy Marshall’s answer—“I don’t make software, I make software better”—explains his career helping organizations build and scale programs to improve the quality, security, and performance of their software and systems. Troy is currently the Director, Application Security and Reliability in the Ellucian DevOps group where he focuses on helping development teams rapidly deliver highly secure and reliable SaaS solutions. Connect with Troy on LinkedIn and Twitter.

RoboCop- Bringing law and order to CICD

In the movie, RoboCop is given three primary directives: “Serve the public trust, Protect the innocent, and Uphold the law”. We built our own RoboCop in order to bring law and order to our CICD pipeline. DevOps practices are all about enabling fast and frequent delivery of new software. In order to keep pace in a DevOps culture, application security must be reliably integrated into the CICD pipeline.
In this talk, we will show how our small AppSec team combined automated tools along with human oversight in order to achieve our directives at scale, while winning the hearts and minds of our development teams.

Come see me at RVAsec 2017. Register Now!