Jason Ross is a Senior Consultant with NCC Group – a global information assurance specialist providing organizations with expert security consulting services. Working primarily from Rochester, NY, he has developed and delivered training tools and programs on topics such as advanced mobile penetration testing, android forensics techniques, and enterprise-level malware analysis.
Jason has spoken at many regional conferences across the United States, as well as major security conferences including Blackhat DC, BSides Las Vegas, DerbyCon, and DEF CON Skytalks.
DevOpSec – Killing the Buzz
The DevOps movement continues to grow, and it is beginning to move out of small startups into large enterprises. DevOps and Agile development bring a lot to the table, but are often viewed as coming at the expense of security. This presentation explores ways to integrate security into DevOps environments: identifying the benefits of doing so, outlining potential problems, and attempting to provide solutions to them. Ultimately, the talk hopes to provide practical guidance and tools that can be used as a base to improve security throughout the stack.
Come see me at RVAsec 2017. Register Now!
Mike Shema is VP of SecOps and Research at Cobalt.io, where he organizes crowdsourced pen tests. Mike’s experience with information security includes managing product security teams, building web application scanners, and consulting across a range of infosec topics. He’s put this experience into books like Anti-Hacker Tool Kit and Hacking Web Apps. He has taught hacking classes and presented research at conferences around the world.
Managing Crowdsourced Security Testing
The crowdsourced security model has been embraced by organizations running public bug bounty programs. These programs are intended to discover and resolve vulns in production applications, but they can unexpectedly deviate from being an effective part of the security development lifecycle into a source of noise. This presentation questions what role such programs have in improving security and what pitfalls they pose for security budgets. It covers strategies for keeping a bounty program focused on positive contributions to development and avoiding the traps that make it a distraction.
Come see me at RVAsec 2017. Register Now!
As a Staff Information Security Engineer, Seth Hanford applies his experience to incident response, PSIRT, and security operations functions for both enterprise and customer security. Hanford has been an individual contributor for PSIRTs, CSIRTs, and intelligence teams in small businesses, large enterprises, and several global teams. He has worked on-site in operations center watch floors, collaborated globally with FIRST Special Interest Groups, and has more than a decade of experience being an effective full-time remote worker. He has also had the pleasure to serve as a manager both globally and locally, and recruited for world-class threat research teams as well as to relaunch a Fortune 100 SOC into a threat-driven detection & response team.
Defend the Defenders: Managing and Participating in Excellent Teams
Response teams apply threat models to protect an organization’s goals and to determine which controls are important to defend organizational interests. But defensive teams themselves are under threat: working in emergency response takes its toll on individuals. Budgets, over-commitment, urgency, and crisis all put a great deal of pressure on incident responders. This presentation will examine “threats against the goals of the SIRT itself” for managers and “blue team” practitioners: how to build, manage, and participate a defensive / incident response team under fire. Attendees will learn a practical approach for identifying and defending against the key threats against their team goals. The speaker will share examples from his own past threat modeling, such as: how to find, hire, and retain good candidates; how to maintain morale when under crisis; how to improve a struggling team; how to (re)organize to meet imminent challenges to long-term success; and more.
Come see me at RVAsec 2017. Register now!
Greg Pepper has been an IT professional for 15+ years with expertise in Security, Networking & Cloud Computing. Initially working for Sony Online Entertainment, PriceWaterhouse Coopers & Organic, Greg has spent the last 15 years working for Cisco & Check Point helping customers to design, plan and implement secure networks throughout the Internet Edge, Campus Backbone, Data Center and Cloud Environments. Currently as Head of Cloud Security Architects for Check Point, Greg focuses on Software Defined Data Centers working with customers and partners to secure Software defined solutions with in Amazon Web Services, Microsoft Azure, VMware NSX, Cisco ACI and OpenStack.
Best Practices for Securing the Hybrid Cloud
Cloud has enabled applications and infrastructure to move at a pace not seen before. Organizations are faces with options to invest in and enhance their physical data centers to deploy SDN and build private clouds. Alternatively, many companies are choosing to migrate these applications in to the Cloud. Public Cloud options for Infrastructure as a Service and or Platform as service exist, but there exists a shared responsibility for security in either of those scenarios. Come learn strategies, design templates and best practices on how to secure applications through automation & orchestrations, making security as a integral part of the cloud and SDN deployments.
Come see me at RVAsec 2017. Register Now!
Synopsys technology is at the heart of innovations that are changing the way we live and work. Powering this new era of technology are advanced silicon chips, which are made even smarter by the remarkable software that drives them. Synopsys is at the forefront of Smart, Secure Everything with the world’s most advanced tools for silicon chip design, verification, IP integration, and application security testing. Our technology helps customers innovate from Silicon to Software, so they can deliver Smart, Secure Everything.
Come see us at RVASec. Register now!
We had many great submissions to the CFP this year! It was extremely hard but the CFP team has managed to select a great lineup for RVAsec 2017.
Thank you to everyone who submitted a proposal to the CFP –the review team had to make some tough decisions and we appreciate all the time and hard work that went into submitting.
Without further delay, here are the speakers for the RVAsec 2017!
For the full details and times for specific talks, please see the schedule page.
Reminder ticket prices are going up April 21st, so you better register quickly is you haven’t yet!
We are pleased to welcome f5 Networks as a Hospitality Sponsor! All the food and drink served on Thursday 8th will be sponsored by them, so be sure to stop by their table to say hi and thank them for feeding everyone!
We are pleased to announce that Sophos are sponsoring our After Conference Reception on Friday, 9th June. The Reception will be held in the Commonwealth Ballroom directly after the last talk on Friday afternoon. Thank you to Sophos, and we look forward to seeing you all there!
Sophos makes IT security simple. Focused on innovation in next-generation protection, Sophos solutions are simple to deploy, maintain and manage, enabling organizations to protect and defend their networks, their information and their people. Sophos – Security made Simple.
Come see us at RVAsec. Register now!
Founded in 1996, SyCom designs, delivers and supports IT solutions that optimize business results. With offices in Richmond, Roanoke, Virginia Beach, Vienna and Huntington, WV our focus is primarily the mid-Atlantic with national delivery capability. With more than $70 million in revenue, we are one of the largest systems integrators on the East Coast. Named “Best Place to Work in Richmond,” SyCom is an employer of choice for the best IT talent in the region. More than 70% of our engineers have an average of 12 years of experience —underlining our commitment to provide sage advice that you can trust.
Register for RVAsec now!
Proofpoint protects your people, data and brand against advanced threats and compliance risks. Built on the cloud and the world’s most advanced intelligence platform, our solutions help you effectively detect and block targeted attacks and respond quickly to suspected compromises.
Come see us at RVAsec! Register now.