Author: <span class="vcard">karen</span>

Speaker Feature: Brandon Martin


Brandon Martin leads the Security Measurement Team at NorthState Technology Solutions.  His team focuses on risk assessments and penetration tests that enable customers to benchmark and improve their security maturity and capability.  Through his experiences he earned certifications like the Offensive Security Certified Professional (OSCP), Certified Information System Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC) and 6-Sigma Blackbelt.  Brandon performed roles in software engineering, project management, business analysis, penetration testing, and compliance consulting.  Before his current role he worked in heavy industry and banking. In his spare time Brandon enjoys writing code, spending time with family, and mentoring young people with his church’s youth program.

Was I Supposed to Mix the Security in Before I baked it?

Security practitioners advocate ideals through clichés and analogies to help others understand complex problems.  One prominent analogy espouses baking security into a solution instead of bolting security on at the end.  This seems like an obvious analogy – a baker certainly can’t add flour to a cake after it’s in the oven.  In business reality, time-to-market beats security every day of the week.  How can an architect bake security into solutions when the extra time could result in a failed venture?  This talk explores the realities of blending security into the design and implementation of solutions with a goal of realizing better is not the enemy of perfect.  Some implementations bolt on security beautifully; other design patterns prove impossible to correct.  Look forward to a meme-filled tour of architectures, design patterns, and lessons learned that will help security practitioners and business people identify if they’re cooking soup or baking cakes (…if that sounds like a mixed metaphor, don’t be late for supper).

Come and see Robert at RVAsec! Register now.

Hospitality Sponsor: Sentinel One

We are pleased to welcome Sentinel One as a Hospitality Sponsor this year! All the food and drink served on Wednesday 22nd will be sponsored by them, so be sure to stop by their table to say hi and thank them for feeding everyone!


RVAsec 2019. Register now!


Speaker Feature: Brad Thornton


Currently a Senior Penetration Tester with ICSynergy. I’m a husband, father to an amazing baby boy, curious learner, and a hacker. I participate in multiple CTF events, belong to several security focused organizations, and attend numerous conferences on the subject. Historically, I’ve served in various defense style roles in relation to privilege identity and access management.

Droppin USB’s like it’s hot

You may think that USB drops are a thing of the past but that’s certainly not the case. Sometimes breaching a target with a massive defense budget is as simple as a $10 USB dropped at the right location. In this talk I’ll share how an organization could start their own USB drop assessment by detailing the history, common research, tools of the trade, tactics, and mindset of a potential attacker.

Come and see Brad at RVAsec! Register now.

Speaker Feature: Robert Simmons


Robert Simmons is an independent malware researcher. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others. Robert also is a maintainer of plyara, a YARA rule parser written in pure python.
Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.

Comparing Malicious Files

A critical step taken during the malware analysis process is to attempt to determine the malware family a sample may belong to. Even if one cannot link a file to a family, one must at least try to find files that are similar and extrapolate information about the sample from comparison with these similar files. This talk reviews a variety of methods for comparing files from simple to complex.

Come see Robert at RVAsec! Register now.

Speaker Feature: Jeff Cummings

Jeff Cummings, Senior Systems Engineer and Security Subject Matter Expert, Infoblox
Jeff has held this position at Infoblox for over five years supporting customers in the Virginia, Maryland, and Washington DC geography. He previously was a Security Engineer at CACI for almost 20 years. While at CACI, Jeff built and managed their Cyber Security Solutions lab in Chantilly, Virginia where he helped create and test security solutions, leveraging relationships with various security technologies. Prior, Jeff was on CACI’s Cyber team where his responsibilities included assessing security posture of numerous customers’ infrastructures and security stacks, as well as proposing/deploying remediation and improved security protections. Jeff graduated with a bachelor’s degree in electrical engineering from West Virginia Institute of Technology and is a current CISSP (#40254).

Preventing the Attack – DHCP and DNS for the Win!

When is the best time to prevent something? BEFORE it happens of course! This talk will describe the unique abilities of DNS and DHCP to protect your network by preventing potential malicious activity BEFORE it occurs. Both of these protocols can literally block malicious activity BEFORE it occurs! As the Internet of Things explodes on all of our networks, and complexity of networks increases, knowing what it on your network is critical. The increased number of devices, many of which are not in your control, can lead to an increased number of threats to your network. A simple, centrally controlled mechanism that can control access to ALL devices exists in your network already. Attend this session to find out how it works.

Come and see Jeff at RVAsec! Register now.

Speaker Feature: Kashish Mittal


Kashish Mittal is a Security Researcher and Engineer. He currently is the Head of Security at MileIQ, a Microsoft startup. He has worked for companies such as Elevate Security, Duo Security, Bank of America, Deutsche Bank etc. By choice, he is an ethical hacker and an addicted CTF player. He is a member of PPP (CMU’s elite CTF group). Prior to joining Duo, he did Security Research at Cylab, Pittsburgh. He has a BS and a MS from Carnegie Mellon University with a focus on Security. He is passionate about delivering Security awareness and training for employees, college students and high schoolers etc. He has been invited to presented his research and work at various national and International Security conferences.

One Man Army – Playbook on how to be the first Security Engineer at a company

How often have you heard that ‘Early stage startups don’t care much about Security because if there is no product, there is nothing to secure?’ Although there is merit in the argument that startups need to build product so as to sustain and grow, it often puts the person in charge of securing them in a tricky position. For most startups, this person is the first Security Engineer who can be somewhere between the 10th to 300th employee. By the time the first Security Engineer is on-boarded the attack surface has usually become quite large and he or she faces an uphill battle to go about securing the organization. In such cases, the Security Engineer needs to perform as a ‘one-man army’ keeping the attackers at bay. In this talk, i will present a playbook on how to perform as one.

Come see Kashish at RVAsec! Register now.

Speaker Feature: Danny McCaslin

Danny McCaslin is a systems administrator with the Frederick County Virginia Sanitation Authority. He recently finished work on a Masters degree in Information Technology with a concentration in Information Assurance and Security with American public University. Current projects and interests include Industrial Systems Security and Security Automation.

Automating Information Security

While the complexity of modern security breaches continues to increase security professionals have to find a way to handle the increasing number and complexity of attacks. Security automation is key to maintaining network security but has not been heavily adopted. This presentation will use NIST-defined security controls to provide insight into how automation can be leveraged for information security.

Come see Danny at RVAsec. Register now!

Speaker Feature: Derek Banks


Derek has over 20 years of experience in the Information Technology industry as a systems administrator for multiple operating system platforms and monitoring and defending those systems from potential intruders. He has worked in the aerospace, defense, banking, manufacturing, and software development industries. Derek has experience with forensics, incident response, penetration testing and red teaming.

Compliance, Techincal Controls, and You

Information Security compliance without enforcement through technical controls is just checking boxes. On the other hand, technical controls without the backing of compliance through effective policy and management support can equate to just playing with the latest bright and shiny security related hardware and software. We will walk through effective and popular techniques used by attackers. Then the compliance and technical controls that are designed to detect and mitigate these techniques will be discussed in depth .

Come and see Derek at RVAsec! Register now.


Speaker Feature: Harlan Carvey

Harlan has spent over 2 decades in the info/cyber security field, most of which has been spent in DFIR. He is a prolific author and public speaker.

From The Trenches: Observations of and Tracking Actor Activity

EDR and threat hunting capabilities provide an unprecedented level of visibility into an infrastructure, and by extension, into malicious actor’s behaviors and TTPs. This capability extends well beyond what is available from OSINT collection and processing, as well as traditional IR, and provides the foundation for a strategic tracking process to truly take full advantage of what’s available. Not only can you track behaviors over time, but mapping the observed TTPs to the MITRE ATT&CK framework can provide valuable insights, and inform defensive measures.

Come and see Harlan at RVAsec!

Speaker Feature: Christine Giglio


Christine is  the CAD Administrator for Bedford County, VA department of E-911 communications. Prior to this position, she was the Public Safety LAN Administrator for Bedford County, VA Sheriff’s Office, Fire & Rescue, and E-911 communications for 10 years. Bedford County is a rural joint E-911 center supporting both the Town of Bedford and the County of Bedford with a service area of approximately 762 square miles with a population of 84,000 people.

Secure 9-1-1 and Protecting Our First Responders

In the past 9-1-1 networks were mostly closed networks with no access to the outside world, there has been a lack of need to think about information security because why should you? With technology advancing software vendors are now utilizing cloud services and there are outside public safety applications that now need to communicate to 9-1-1. This has led to many centers in last decade to opening up their networks. The next several years will also be a large change for 9-1-1, as they will be switching from the analog Enhanced 911 (E911) to the digital NextGen 911 (NG 911) system. For large metropolitan PSAPs, this will be a blip on the radar as they have the resources and personnel to handle the changeover but smaller and rural PSAPs will have the same information security concerns but they will not have the resources or personnel available to them to address these concerns. There are a large list of security concerns for 9-1-1 centers to acknowledge and start addressing before the switchover to NG-911. I will go over telephony denial of service attacks on both the analog E911, the VoIP NG-911, and the non-emergency lines, prank/hoax calls to 9-1-1 (what I universally call “swatting”) and in what ways that can be accomplished using technology past and present, various attack vectors to the Computer Aided Dispatch, or CAD, network why that data needs to be protected both currently and in the future with NG-911, and physical/internal threats to the 9-1-1 center for both the data and the security of the dispatchers. This is just an informational talk about these concerns to help bring awareness to what we face in the public safety industry and how we handle it with the limited resources we have available to us.

Come and see Christine at RVAsec! Register now.