RVAsec 15 Speaker Feature: Jon Waldman

May 8, 2026
Speaker

Everything Everywhere All At Once: Untangling Security & Privacy Risks Across Today’s AI Tools (<– add to your schedule)

AI adoption is exploding—but the security promises behind these tools often don’t match the fine print buried in their terms, models, or data flows. This talk cuts through the hype with a no‑B.S. look at the real privacy and security risks across today’s major AI platforms, and gives business leaders and security professionals a clear roadmap for deciding what’s safe, what’s risky, and what’s simply not ready for prime time.

Jon Waldman:
Jon Waldman is the Co-Founder and President of SBS CyberSecurity, where he oversees the SBS service teams and the SBS Institute. For more than 20 years, Jon has helped hundreds of organizations identify and understand cybersecurity risks to allow them to make better and more informed business decisions. Jon’s passion for cybersecurity training and education led him to be a driving force in the development of the SBS Institute. Designed for the banking industry, the Institute provides specialized cybersecurity education and now offers more than 10 certification courses, with State Association partnerships in 30+ states.

Jon maintains his CISA, CRISC, and CDPSE certifications. He received his Bachelor of Science in Computer Information Systems and his Master of Science in Information Assurance with an emphasis in Banking and Finance Security from Dakota State University, a Center of Academic Excellence in Information Assurance Education designated by the NSA.

Along with being an instructor for SBS Institute courses, Jon frequently speaks on cybersecurity topics at a variety of events and trainings across the country. Additionally, he is a blog author, has had multiple articles published, has participated in numerous podcasts, and regularly hosts educational webinars. Jon strongly believes the more knowledgeable and educated we all are — directors, executives, employees, and customers alike — when it comes to cybersecurity, the more risk we reduce as a whole.

Come see Jon Waldman at RVAsec 15!

RVAsec 15 After Party Is On. Let’s Make This One Count!

May 8, 2026
After PartyAnnouncement

Register now!

We are excited to officially announce the RVAsec 15 After PartyThis is a special year for RVAsec, and we wanted to do something special to match it.

Here is what we have lined up:

  • DJ
  • Backyard BBQ
  • Music Bingo
  • And plenty of time to hang out with fellow attendees, speakers, sponsors, and friends

For year 15, we are putting even more focus on what has always made RVAsec great: the people. The hallway conversations. The new connections. The reunions with old friends. The shared laughs, stories, and ideas that happen when the formal schedule ends and the real community time begins.

That is exactly what this year’s After Party is all about.

We wanted to create something that feels fun, relaxed, and built for interaction. A chance for attendees to keep the energy going, spend more time together, and enjoy the kind of atmosphere that makes RVAsec more than just another conference.

Music Bingo BBQ After Party

If you have never played before, think of it as bingo with a soundtrack. Instead of numbers being called, songs are played, and you mark them off as you recognize them. It is easy to jump into, surprisingly competitive, and a great way to get people laughing, talking, and fully into the party atmosphere.

Prizes!?

Music Bingo will be played electronically and broken into three rounds, with each round typically running about 30 to 35 minutes.

During each round, players will compete to be among the first three winners. Those three names will go into a drawing pot, and one winner will be selected from that group to receive the round prize. We will do this for Round 1, Round 2, and Round 3, giving us three round prize winners total.

At the end of the night, all nine qualifying players from the three rounds will be entered into one final drawing for the grand prize.

And yes, between rounds, the music will keep going. The party does not stop.

To make things even more fun, we will also be including attendance raffle prizes throughout the night. 

It also fits exactly what we wanted for this year’s After Party: something fun, interactive, and built to bring people together.

It’s Part of the RVAsec Experience!

If you have been to RVAsec before, you already know some of the best moments happen outside the talks. If this is your first year, this is one of the best ways to meet people and be part of the community.

Make sure you register now for the After Party:
https://www.eventbrite.com/e/rvasec-15-after-party-music-bingo-bbq-tickets-1989070845443 

RVAsec 15 is going to be a big one. Do not miss the chance to be part of it. See you there!

RVAsec 15 Speaker Feature: Daniela Lulli

May 8, 2026
Speaker

Robots vs Robots – Securing AI and the Data that Powers it (<– add to your schedule)

As AI systems, copilots, and autonomous workflows proliferate, defenders must secure not only the data that fuels them, but the AI behaviors, access paths, and automation they introduce. Robots vs. Robots explores how organizations can protect AI systems end‑to‑end by controlling data exposure, governing AI access, and using automation to stay ahead of adversaries.

Daniela Lulli:
Daniela Lulli leads Varonis Sales Engineering in the Mid Atlantic, partnering with enterprise and public sector organizations to secure their most sensitive data and build resilient, scalable security programs. She has also served as a trusted advisor for Department of Defense, UN, and NATO missions, helping global organizations reduce insider risk and defend against rapidly evolving cyber threats.

Daniela serves as the Chief Technology Officer for the Virginia (Belvoir) Chapter of the Armed Forces Communications and Electronics Association (AFCEA), a global nonprofit with a mission to enable collaboration between government, military, industry, and academia in the areas of cybersecurity, intelligence, and global security. Her leadership and impact in the community earned her recognition as a finalist for the 2025 CyberScoop50 Most Inspiring Up and Comer Award.

Come see Daniela Lulli at RVAsec 15!

RVAsec 15 Speaker Feature: Michael Darling

May 8, 2026
Speaker

Secure by Design, Trusted Through Compliance (<– add to your schedule)

This talk will challenge listeners to redifine the traditional technical vs compliance mindset and thing of security as risk management. Whether it’s technical or contractual risk we should all be focused on the same goal of reducing material impacts to our organizations. It will walk through a model in which compliance is built upon strong technical foundations and becomes a mechanism for communicating trust to your organization, customers, and regulators

Michael Darling:
Michael Darling is the founder and Principal Consultant at Solstice Security, where he provides fractional CISO services and helps high confidentiality industries like defense, legal, and financial services build strong security programs and navigate their compliance challenges.

He has spent 25+ years building security programs that actually work. He led the ground-up development of a cybersecurity program at one of the largest law firms in the country and helped shape national cyber policy at the White House budget office and CISA. A retired Marine Lieutenant Colonel and combat veteran, he served in infantry, physical security, IT, and cybersecurity roles.

Michael is passionate about closing the gap between what security frameworks promise on paper and actual security outcomes.

Come see Michael Darling at RVAsec 15!

RVAsec 15 Speaker Feature: Joanna Behan

May 8, 2026
Speaker

Unlocking Awareness: How an Escape Experience made Security Fun, Engaging, and Approachable (<– add to your schedule)

How do you turn security awareness from a check‑the‑box activity into a hands‑on, memorable experience for everyone? In this session, we’ll unpack a portable “escape room in a box” designed by our Information Security team to make learning approachable, collaborative, and fun.

Joanna Behan:
Joanna is an Information Security Analyst who brings a unique blend of creativity and expertise to the field. With a Bachelor of Fine Arts from James Madison University and industry-recognized certifications including CISSP and CGRC, Joanna’s career spans more than two decades of hands-on professional experience. Joanna thrives at the intersection of imaginative problem-solving, heightened awareness, and effective information security. She is dedicated to making information security accessible, and her creative approach enables her to address complex challenges while fostering a culture of safety and security in technology.

Come see Joanna Behan at RVAsec 15!

RVAsec 15 Speaker Feature: Ariyan Suroosh & Mike Bailey

May 8, 2026
Speaker

Initial Access in 2026 – The Power of the Spoken Word (<– add to your schedule)

A light/ medium technical talk discussing modern techniques and challenges to red team initial access.

Ariyan Suroosh:
Ariyan Bakhti-Suroosh is a Principal Security Consultant at Rotas Security, specializing in offensive security, social engineering, and physical facility penetration testing. With over seven years of experience, Ariyan has led enterprise-scale penetration tests, advanced adversary simulations, and purple team assessments.
He holds a Bachelor’s Degree in Information Security from the University of Richmond (Summa Cum Laude) and is a Certified Red Team Operator (CRTO). Ariyan has delivered talks at SANS Hackfest, RVASEC 2024, Optiv’s Source Zero Conference, and was the keynote speaker at COV IS 2024. Ariyan was also the recipient of Optiv’s President Club 2023 and the Green Jacket award for excellence in delivery. He has developed training resources on all facets of penetration testing with a focus on physical facility penetration tests and badge cloning.

Mike Bailey:

Come see Ariyan Suroosh at RVAsec 15!

RVAsec 15 Speaker Feature: Paul Brownridge

May 7, 2026
Speaker

Flirting with AI: Pwning web sites through their AI chatbot agents and politely breaking guard rails (<– add to your schedule)

Find out how to penetration test an AI chatbot.

Paul Brownridge:
Paul Brownridge is Head of Technical Delivery at Pen Test Partners, the ethical hacking firm. Originally from an engineering background, Paul swapped his hard hat for a white hat and has been working in cyber security for the last 10 years. His practical experience of industrial environments and cyber security make for a capable and highly competent OT cyber engineer. Paul is a regular speaker at national and international technology and security events such as Defcon and the (ISC)2 Security Conference, highlighting key risks with the internet of things, automotive and maritime.

Come see Paul Brownridge at RVAsec 15!

RVAsec 15 Speaker Feature: Bhaumik Shah

May 7, 2026
Speaker

Breaking Tokens: Modern Attacks on OAuth, OIDC, and JWT Auth Flows (<– add to your schedule)

Modern authentication systems like OAuth and OIDC are often misunderstood. This talk demonstrates real-world attacks such as token replay and session hijacking, shows how weak configurations lead to compromise, and shares practical defense strategies to secure your auth flows.

Bhaumik Shah:
Bhaumik Shah is a cybersecurity leader and founder of Securify, where he helps organizations secure their cloud, applications, and infrastructure through penetration testing, red team operations, and compliance programs like SOC 2 and ISO 27001. With over a decade of experience uncovering vulnerabilities in complex environments — from AWS misconfigurations to API flaws — he has worked with startups, enterprises, and government agencies to strengthen their security posture. Bhaumik is passionate about sharing real-world lessons from the field, mentoring the next generation of security professionals, and occasionally sneaking in a pop-culture reference or two to make security just a little more fun.

Come see Bhaumik Shah at RVAsec 15!

RVAsec 15 Speaker Feature: Evan Typanski

May 7, 2026
Speaker

Building Custom Detections with Zeek and Spicy (<– add to your schedule)

Discover how to use Zeek in order to create custom detections for network threats. We will go over how to create a real detection using Zeek via scripting, protocol analysis, and log analysis.

Evan Typanski:
Evan is currently a software engineer at Corelight, a network monitoring startup. He is on the open source team, where he works as a maintaner for the Zeek project. His focus is on compilers and low level networking.

Before joining Corelight, Evan worked on static code analysis (SAST) for languages like C/C++, Swift, and Rust. He graduated from the University of Virginia with a BS in Computer Science in 2020.

Come see Evan Typanski at RVAsec 15!

RVAsec 15 Speaker Feature: Brian Markham

May 6, 2026
Speaker

Swatting flies with sledgehammers: broken TPRM programs and how to fix them (<– add to your schedule)

Third-party and supply chain risk is more important now than ever—but TPRM is also more broken and ineffective than ever. This session will review today’s common approaches to TPRM, how we got here, and how we can achieve better outcomes and reasonable assurance with less work. We’ll also explore what that shift could mean for our security programs—and for the industry as a whole. We need a hard reboot, and it has to start with each of us.

Brian Markham:
Brian Markham is an executive, advisor, hacker, and mentor with over 25 years of experience in IT and cybersecurity. Brian currently serves as the Chief Information Security Officer for EAB Global, a leading provider of software, marketing, and research services to institutions of higher education. Prior to joining EAB, he was a consultant at KPMG and PwC, and was on the security teams at the University of Maryland and George Washington University.

Come see Brian Markham at RVAsec 15!