Month: April 2015

Speaker Feature: David Lodge

April 21, 2015
AnnouncementConference

David Lodge

@tautology0

http://www.pentestpartners.com/

 

Dave has been in the security industry for too long. Originally hacking games, then a developer, then sysadmin, then generic dogsbody and finally penetration tester.

For a job, Dave hacks companies. For fun, he drinks beer, develops stuff, plays interactive fiction, kills zombies, hacks flash games, drinks beer, brews beer, translates from American to English, drinks beer and likes being pedantic about language.

Internet of Toys?

Does adding network functionality to modern toys make sense? Can they be abuse to manipulate or spy of you or your child? Can we totally subvert them.

It’s a hacking talk: of course we can!

Register now for RV4sec!

Speaker Feature: Barry Kouns

April 20, 2015
AnnouncementConference

Barry Kouns

www.riskbasedsecurity.com

@riskbased

 

kouns_barry.jpg (134×167)Barry Kouns is principal consultant for ISO/IEC 27001:2013 pre-certification services at Risk Based Security, Inc., an information security, threat intelligence, and risk management consultancy. Barry’s experience includes information security consulting, risk assessment and quality management. Barry has provided training, procedure development and pre-certification consulting services resulting in the successful ISO/IEC 27001 certification of more than two dozen organizations. Barry has full knowledge of GLBA, FFIEC, HIPAA, Sarbanes-Oxley, and 201 CMR 17 and is well versed with PCI DSS, ISO 9001, COBIT, FISMA, NIST 800-53, BS 25999, ISO 31000 and ISO 20000. He has earned a B.S. in Statistics from Virginia Tech and a M.S. in Industrial Engineering Management from North Dakota State University. He has earned the CISSP designation, is a trained ISO /IEC 27001:2013 Auditor & ISMS Implementer, and is ITIL Foundation Certified. Barry was a Captain in the United States Air Force and served as a B-52H Navigator/Bombardier.

Incident Response Management – Not a Fire Drill

In spite of the billions of dollars spent annually to prevent a data breach, breaches are being reported at a rate of more than eight per day. Most security experts say it’s not a matter of if your organization’s data will be breached, but when. If your organization does not have a well designed, formally documented, and regularly tested Incident Response process in place, how well will you respond to the data breach that is most likely in your future?
Not all Incident Response programs are created equal. Speed of action, without first understanding the nature and severity of an event can often lead to elevating the costs to the organization. Join this session to learn how to build an effective Incident Response Management process to identify and properly respond to the various levels of information security events.

Speaker Feature: Jason Smith

April 20, 2015
AnnouncementConference

Jason Smith

appliednsm.com

@Automayt

200x200_smith_jason.png (200×200)Jason Smith is an intrusion detection analyst by day and junkyard engineer by night. Originally from Bowling Green, Kentucky, Jason started his career mining large data sets and performing finite element analysis as a budding physicist. By dumb luck, his love for data mining led him to information security and network security monitoring where he took up a fascination with data manipulation and automation. Jason is the co-author of Applied Network Security Monitoring, creator of FlowPlotter, and co-developer of FlowBAT.

Jason has a long history of assisting state and federal agencies with hardening their defensive perimeters and currently works as a Security Engineer with Mandiant. As part of his development work, he has created several open source projects, many of which have become “best-practice” tools for the DISA CNDSP program.

Applied Detection and Analysis Using Flow Data

While network flow data isn’t a new concept, it is easily one of the most powerful data types you can have in your arsenal as a network defender. It is incredibly low overhead, easy to setup and maintain, and provides tremendously flexible capabilities for network security monitoring (NSM) detection and analysis.
In this presentation, we will take a look at flow data from the perspective of the NSM analyst. To begin, we will harness the power of statistics to demonstrate how flow data can be used for detecting both structured and unstructured threats using techniques that go beyond simple signature matching. Next, I will discuss the concept of friendly intelligence and how flow data can be used to profile devices on your network so you can understand what normal communication looks like. Finally, I will describe how flow data can be used to augment the analysis of network security events that are detected by other mechanisms.

During this presentation, I will also demonstrate FlowPlotter, an open source tool I’ve developed to aide in visualizing flow data for detection and analysis. I’ll also introduce and demonstrate FlowBAT, a graphical flow-based analysis tool that Chris Sanders and I developed to break the significant barrier of entry into Flow Analysis. Every concept I discuss in this presentation will be demonstrated with practical, real-world scenarios complete with real data using the SiLK toolset. You will leave this talk with techniques you can apply to your network immediately with incredibly low overhead and high impact, and scripts to get everything running in minutes.

Speaker Feature: Schuyler Towne

April 20, 2015
AnnouncementConference

Schuyler Towne

http://schuylertowne.com/blog

@shoebox

200x200_towne.png (200×200)

Schuyler Towne is a security anthropologist and Research Scholar at the Ronin Institute. He has dedicated his life to understanding how security technologies have affected culture & the effect of culture on security technology.

 

 

Selling Security in a Post Lock Society

There are pockets of the United States that are living in such secure surroundings that residents could go without locks altogether, which some consumers are beginning to realize. In this talk we’ll explore what features the next generation of home security products need to have, and how they will need to market themselves to have an impact on the emerging class of secure consumers.

RV4sec Speaker Lineup!

April 17, 2015
AnnouncementConference

There was a lot of competition in the CFP, but we’ve managed to whittle it down to another great lineup for RV4sec. So here are the speakers for the 2015 RV4sec conference!

Jennifer Steffens G Mark Hardy
David J. Bianco Caleb “chill” Crable
Adam Crosby Chris Eng
Pete Herzog / Dave Lauer Allen Householder
Barry Kouns David Lodge
Kizz MyAnthia Mark Painter
Elissa Shevinsky Michelle Schaffer / Tim Wilson
Jason Scott Jason Smith
Schuyler Towne Robert Stratton
Boris Sverdlik Bill Weinberg
Governor Terry McAuliffe

 

For detailed information about the speakers and their talks please see rvasec.com/speakers/

Thank you to everyone who submitted a proposal to the CFP–the review team had to make some tough decisions and appreciate all the time and hard work that went into submitting.

Hacker Warehouse Will Be At RV4sec!

April 16, 2015
Announcement

We are pleased to announce that Hacker Warehouse will be at RV4sec!  This will be the first year attendees will be able to see HackerWarehouse_Banner-1500x750amazing security products that are available and be able to purchase them at the conference.

You can check out the Hacker Warehouse website and get a feel for some of their products. If you want something specific available at RV4sec be sure to let them know!

HackerWarehouse.com strives to be your one-stop shop for all your computer security needs from defense to offense. T understand the importance of tools and gear which is why we strive to carry only the highest quality gear from the best brands in the industry.

We’re dedicated to serving you—our customer—with the highest level of service. Don’t hesitate to contact them should you need anything.

 

CTF: New Hybrid Challenge Includes Live Bug Hunting!

April 15, 2015
AnnouncementCTF

ctfThe RV4sec CTF dev team has been hard at work for the last few months cooking up some great new challenges for this year’s Capture the Flag (CTF) event. We’re sticking with the tiered approach in an effort to bring a healthy mix of educational challenges, along with more difficult “hack the Gibson” challenges.

However, this year’s CTF has a new twist! We are combining the CTF you know and love with live bug hunting with the help of Bugcrowd!  Bugcrowd has run Bug Bashes at conferences before, but we are taking it to the next level at RV4sec: we’ll be incorporating aspects of the live Bugcrowd bug bounty system into the CTF scoring.  This means you can get involved in finding real live bugs on systems and they will count for points in the CTF. Isn’t that excellent?!

BugcrowdThe CTF has been a big success the last few years, and we are working hard to ensure that it continues to educate and provide a fun, safe environment to learn many aspects of IT, IT security, hacking and defending.

We are also working with Bugcrowd to allow CTF participants the ability to give back to the community. We are working on a process to allow local companies and not-for-profit organizations the ability to sign up to have their security tested as part of the CTF.  The live bug hunting aspect will provide real organizations security testing so they can better understand and improve the security posture of their online presence. In the end, isn’t that what IT security should be about?  We hope to provide more information on this very soon!

The CTF team is a mix of folks from many different facets of IT: we’ve got incident responders, hacker trackers, IT directors, pentesters, IT managers and everything in between. These folks have a passion for technology, enjoy exploratory dives into interesting problems, and want to share the joy, fun, frustration, learning, and general shenanigans that make the RV4sec CTF so much fun!

Our hope is that a healthy mix of folks will also come to participate in the free CTF hosted at RV4sec. We want everyone to come out and play, whether you’re new to tech, or you remember putting your first program on punch cards. Come out, plug in (well it’ll be wireless, but…) and get hacking, teaching, and learning.

Also, feel free to tweet us things you’d like to see in the CTF. It’s getting close but there may be time to get the ideas into a challenge. Use hashtag #rv4secctf and tweet to @pipefish_@mpbailey1911, or even @RVAsec with ideas and we’ll see what we can do.

Come out to the RV4sec conference and enjoy the training, the talks, and plan to stop by the CTF for some hackery!

Thanks again to UNOS for sponsoring the CTF, as well as the other organizations donating prizes.

We’ll see you there, and keep your eyes peeled for more information soon!

UNOS

Jennifer Steffens (@SecureSun) To Keynote RV4sec!

April 13, 2015
AnnouncementConference

We are pleased to announce that Jennifer Steffens will be keynoting RV4sec 2015!

As its CEO, Jennifer Steffens spearheads all aspects of IOActive’s global IOActiveCEO_JenniferSteffens_2013_02business operations and drives the company’s strategic vision. Jennifer brings a wealth of industry and business experience to the company, having been an early member of several successful startups.

Earlier in her career, Jennifer was a Director at Sourcefire, where she helped build and grow its run rate from $250K to over $35M in just four years. She helped commercialize the Snort open source intrusion detection and prevention technology and built several service offerings around research initiatives. Prior to joining IOActive, Jennifer came to Seattle to help startup GraniteEdge reinvent itself. While there, she led initiatives to restructure the company and developed a product strategy that ultimately secured two additional rounds of funding. With over ten years of industry experience, Jennifer has held senior management positions at Ubizen, NFR Security, and StillSecure.

Jennifer is a well-respected media source, appearing in InfoSecurity Magazine, SC Magazine, Good Morning America, BBC, Reuters, The Guardian, and CBS News. She has been invited to give keynote presentations at a variety of conferences such as HackInTheBox. Jennifer is a member of EWF, ISSA, and OWASP.

You can follow Jennifer on Twitter at @SecureSun.

Training: Vendor Risk Management and Trust Analysis

April 10, 2015
AnnouncementTraining

We are pleased to announce that Pete Herzog will be joining us this year to teach a class!

Vendor Risk Management and Trust Analysis

Get a grip on the risk caused by your vendors, cloud, software providers, partners, and other third parties you need to work with. Manage it in an orderly way that doesn’t overwhelm you or become the paperwork that sucks the life out of your job. Master it so you can make sure the people in charge of those relationships can also help you manage the security of those 3rd parties. This provides you with the means and the toolkit you need to do it in a practical, responsible, and secure method.

Training classes are held on Thursday, June 3rd, before the conference.

For more information on the class and the instructor, or to register, please see:

http://rvasec.com/training/

Training: Hands-On Lock Picking (Last Time At RVAsec!)

April 9, 2015
AnnouncementTraining

We are pleased to announce that, back by popular demand, we will have Hands-On Lock Picking with Schuyler Towne!

This is the last time that this training class is expected to be offered at RVAsec.  If you have always wanted to take this class, now is the year to make it happen.

Get comfortable with basic lockpicks, open some security pinned locks (and possibly high security), and have an understanding of Pin Tumbler, Wafer and Disc Detainer locks.  Learn the baseline knowledge to plan your own facility security, and get a number of excellent references to help continue your study.

Training classes are held on Thursday, June 3rd, before the conference.

For more information on the class and the instructor, or to register, please see:

http://rvasec.com/training/