Author: <span class="vcard">karen</span>

Silver Sponsor Feature: Infoblox

www.infoblox.com

@Infoblox

Infoblox delivers Secure Cloud-Managed Network Services, bringing next-level security, reliability and automation to cloud and hybrid systems, managed through a single pane of glass. We’re the market leader with 8,000 customers and 350 of the Fortune 500, running the world’s most sophisticated networks.

Come see us at RVAsec. Register now!


Silver Sponsor Feature: Tenable

www.tenable.com

@TenableSecurity

Today, 24,000 organizations around the world rely on us to help them understand and reduce cybersecurity risk. Our goal is to arm every organization, no matter how large or small, with the visibility and insight to answer three critical questions at all times: Where are we exposed? To what extent are we exposed? Where should we focus to reduce our exposure? We are the Cyber Exposure company.

Come see us at RVAsec. Register now!


Silver sponsor feature: Venafi

www.venafi.com

@Venafi

Venafi established the machine identity protection market, and our solutions protect the largest, most sensitive networks in the world. Leaders in the Global 5000 rely on Venafi to secure the cryptographic keys and digital certificates on which every business and government depends to deliver safe machine-to-machine connections and communications.

Come see us at RVAsec. Register now!


Silver Sponsor feature: Advanced Network Systems Inc

www.getadvanced.net

@GetAdvancedVA

Advanced Network Systems

At Advanced Network Systems, we love helping organizations reach their business goals, and solve operational challenges, with the right information technology. We live and breathe IT, and are experts at combining the right people, products and processes to achieve successful business outcomes.

Come see us at RVAsec! Register now.


Silver Sponsor feature: CyberArk

www.cyberark.com 

@CyberArk

CyberArk

Privileged access security was born from the collaborative effort of CyberArk’s founders and customers. Since then, the same team continues to introduce new products, define the market and lead with innovations, proven methodologies and thoughtful customer service. CybarArk is well known as the market share leader and #1 vendor in the privileged access security space.

Come see us at RVAsec. Register now!


After Conference Reception Sponsor: Cisco

We are pleased to announce that Cisco are sponsoring our After Conference Reception on Friday, 8th June. The Reception will be held in the Commonwealth Ballroom directly after the last talk on Friday afternoon. Thank you to Cisco, and we look forward to seeing you all there!

www.cisco.com  @Cisco

Come see us at RVAsec. Register now!


Speaker Feature: Nathaniel Hirsch and Brian Brurok

nathaniel hirsch

0xdeadbeef.us

@morgothan

Nat Hirsch is the Director of the Red Team at a large financial institution. He has been doing Red Teaming, Pentesting, and other offensive focused security assessments for the last decade.

Brian Brurok is senior director of Security Software Engineering at Capital One focusing on delivering software solutions and automations for Security Operations teams. He develops and deploys custom applications focusing on Data Analysis, Incident Management, Automation and Live Response. His software tools have been used across teams to improve hunt operations, analyst performance, and incident management. Prior to Capital One, Brian spent 16 years in security operations building, maturing and managing over 50 security operations centers across DoD, Intel, Defense Contractor and Federal spaces. He’s active in the cyber community speaking at various conferences, and also regularly hosts and builds realistic training scenarios for multiple Capture the Flag events.

Building a Better Catfish

Picture this, a Red Team and a Blue Team working together to make the organization more secure, and not just trying to prove that they are better then the other one. This is how we did it.

Come see Nat and Brian at RVAsec! Register Now.


Speaker Feature: Karen Cole

www.assuraconsulting.com

@assura_incKaren Cole

Karen Cole is the CEO of Assura, Inc. a cybersecurity consulting firm located in Ashland, Virginia. Her company just celebrated its 11th year in business and is considered in the top 1% of women-owned companies in the United States according to a recent study by the U.S. Women’s Chamber of Commerce. Throughout her 20+ year career, Karen has worked with various executives, boards of directors, and legislators to bring cybersecurity to the executive level and get programs the support and resources they need. Many times, she has helped them work through their own 5 Stages of Grief to get them to embrace their new corporate responsibilities.

From Grief to Enlightenment: Getting the Executive Support for Information Security

Most information security professionals got into the field to enjoy the technical challenges of keeping the hackers at bay. However, as information security has moved into the executive level of organizations, most professionals struggle to get connect with executives and get the support they need for their programs. Karen Cole has been successfully handling the most ardent opponents of information security (think politicians, board members, and C-suite executives) for 16 years getting her clients what they need. This session is focused on real-world actions you can take to get the support and resources for your program. Leave your governance theory at the door. This session is going to get real!

Come see Karen at RVAsec! Register Now.


Speaker Feature: Tyler Townes

Tyler Townes, CISSP@tyler_townes

Tyler works at BlackBerry Product Security as a Security Program Manager and is the lead incident manager during emergency response events. His focus areas include SDLC, sustained engineering, vulnerability management, and risk management across multiple operating systems. He is currently researching pre-acquisition and post-acquisition security processes. In the past, Tyler has been responsible for vetting malware being submitted to mobile app stores, and ensuring that users are properly informed of the privacy risks posed by mobile applications and mobile ad packages.

Let’s build an OSS vulnerability management program!

Does your company use Open Source Software (OSS) libraries in the products that it builds? Do you worry that your customers and company will be exploited because no one in your organization is maintaining those libraries with vulnerability fixes? Let’s do something about that.
During this presentation, we will start from nothing and build a process for identifying the OSS libraries that your company uses in order to build a bill of materials.  We will source threat intel on those libraries, and we will take action to remediate the vulnerabilities in our source code repository so that we can keep our customers and company safe.

Come see Tyler at RVAsec! Register Now.


Speaker Feature: Mike Hodges

Mike Hodges@rmikehodges

Mike Hodges is a senior consultant for the Optiv Attack and Penetration Practice. He has a background in application development and is currently OSCP, Assoc CISSP, and CEH certified. He is currently interested in evasive penetration tactics and techniques and is constantly looking to build new ways to automate attacker evasion.

Hiding in the Clouds – Leveraging Cloud Infrastructure to Evade Detection

Organizational spending on cybersecurity is at an all-time high. From an attacker’s perspective, this means that target networks are becoming increasingly hostile environments to operate in. This has pushed attackers to look for new ways to diminish a defenders ability to identify their activity. The introduction of cloud providers and their associated content delivery networks have provided ample ways to attack and communicate with attack infrastructure while piggy-backing on the cloud provider’s infrastructure and reputation.
Techniques and tactics such as domain fronting for multiple cloud providers, distributed scanning, and leveraging API gateways will be discussed. Also, more nuanced aspects these cloud services will be explored as they sometimes provide many benefits to an attacker’s infrastructure, including encryption. Most importantly, mitigations for these techniques will provided so that defenders can go about better protecting their network.

Come see Mike at RVAsec! Register Now.