Author: karen

Speaker Feature: Jonathan Glass

www.jon.glass

@GlassSecavatar for Jonathan Glass

Jon is a Senior Cybersecurity Associate serving the Federal Reserve’s National Incident Response Team as Lead Malware Analyst. He also teaches Digital Forensics, Malware Analysis, and Cybersecurity Python courses for University of Richmond: School of Professional and Continuing Studies. A nine year veteran of the United States Air Force.

Cybersecurity Zero to Hero with CyberChef

The Cyber Swiss Army Knife “CyberChef” is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. CyberChef has significantly lowered the entry threshold for field of Malware Analysis. This talk demonstrates how CyberChef provides the means for those without a strong programming or reverse engineering backgrounds to accomplish complicated, technical Cybersecurity tasks. This talk will also highlight how CyberChef can streamline the workflows of more seasoned analysts with advanced combinations of tasks.

Come see Jon at RVAsec! Register Now.


Speaker Feature: Robert Thompson

www.us-cert.gov/resources/ncats

Bobby Thompson is a member of DHS’ National Cybersecurity Assessment and Technical Services (NCATS) team leading the effort to secure our nation’s critical infrastructure and government resources. NCATS is responsible for conducting comprehensive penetration tests, red team assessments, persistent vulnerability scanning, and architecture design reviews for federal, local, state, territorial, tribunal, private sector and critical infrastructure partners. Mr. Thompson has worked in the Information Technology and Security industry for over 20 years in both private and government sectors throughout his career. Mr. Thompson has been active in the cybersecurity community speaking and has served as a presenter at various conferences and engagements throughout the United States.

Breaking and Entering: Emulating the Digital Adversary in 2019

As one of the United States government’s premier assessment and penetration testing organizations, the Department of Homeland Security (DHS) National Cybersecurity Assessments and Technical Services (NCATS) team is responsible for proactively identifying risk against federal, state, local, territorial, and critical infrastructure networks. This session will provide detailed insight on how DHS emulates the digital adversary in order to identify and mitigate risk against our nation’s infrastructure through core capabilities in vulnerability scanning, penetration and red team testing, design review, and phishing assessments. The quantifiable and objective data gained by the NCATS team will allow attendees to gain a comprehensive understanding of the issues that affect government networks and how DHS is helping to overcome them.

Come see Bobby at RVAsec! Register now.


Speaker Feature: Dan Holden

www.pharossecurity.com

@desmondholden

Dan Holden is CEO of Pharos Security measures, aligns, and guides optimization of the ROI and level of protection of a security program and translates the security program into business level terminology. Mr. Holden has 25 years in information security having served as CTO of the Retail and Hospitality ISAC, and Chief Technology Strategist at Arbor Networks. His experience includes building multiple teams from scratch as well as having brought multiple products to market while at IBM, TippingPoint, and Arbor Networks. Throughout his career he has a broad range of experience across multiple business functions including engineering, product management, sales, and marketing.

CISO of 2025

So much of the news related to CISOs today is negative. The reasons are clear because the challenges are enormous. Many CISO’s believe they are not given a fair chance – essentially obstructed from doing their job. Often there can be poor trust with the board, primarily due to not having a pragmatic, cost effective plan, to solve board level problems. CISOs have failed largely in this regard as their security plans have been tactical and not delivering on strategic goals. The common argument is executives just don’t ‘get it’, but most do, and they realize that security doesn’t provide great value with historic or conventional approaches. They might say the business only wants check-box security, but executives understand that to a great degree that is the only material benefit offered by security – so may as well get it at best cost. This talk will explore where and why things have happened the way they have, and how to move towards a definition for the CISO of 2025.

Come see Dan at RVAsec! Register now.

 


Speaker Feature: Sam Lanning

www.samlanning.com

@samlanning

Sam started working at Semmle in October 2014, after deciding to drop out of his Masters at Oxford University after having completed his undergraduate Computer Science degree there. Sam was the first full-time developer for Semmle’s LGTM platform, and worked on it for over 3 years before becoming a developer advocate. Sam’s has been an active member of the security and privacy community for a while, with a particular interest in vulnerability research, cryptography and peer-to-peer networks, having previously contributed to Signal’s Android and Desktop clients, among other open source projects. Most recently, in his free time he’s been working on an open source project that ties together music and lighting.

No More Whack-a-Mole: How to Find and Prevent Entire Classes of Security Vulnerabilities

In software development, we frequently see the same logical coding mistakes being made repeatedly over the course of a project’s lifetime, and often across multiple projects. When these mistakes lead to security vulnerabilities, the consequences can be severe. No one knows this better than companies like Google and Microsoft, whose software is used by millions of people every day.
With each code vulnerability discovered, we’re presented with an opportunity to investigate how often this mistake is repeated, whether there are any other unknown vulnerabilities as a result, and implement an automated process to prevent it reappearing. In this talk, I’ll be introducing Variant Analysis, a new process being pioneered by security teams at a number of companies including Google and Microsoft, that does just this. I’ll discuss how it can be integrated into your development and security operations, and also share some stories from the trenches.

Come and see Sam at RVAsec! Register Now.


Silver Sponsor Feature: nc4

www.nc4.com

@NC4Cyber

NC4 delivers revolutionary security solutions that empower businesses, government organizations, and communities to defend against cyber threats, collect and disseminate intelligence to mitigate risks, and share information to manage incidents. NC4 solutions are used by private sector companies involved in financial services, high-tech, insurance, retail, manufacturing, aerospace and defense, oil and gas, pharmaceuticals and healthcare, and other industries. In the public sector, NC4 solutions are used by federal, state, and local agencies. Several critical infrastructure sharing communities also depend on NC4’s tools.

Come see us at RVAsec. Register now!


After Party 2019 proudly sponsored by Guidepoint and Risk Based Security

We are very pleased to announce that Guidepoint and Risk Based Security have partnered up again to host our After Party event this year. Planning is in the works so stay tuned for further information!

Risk Based Security

 

RVAsec 2019. Register Now!


Silver Sponsor Feature: Focal Point

www.focal-point.com

@FocalPointDR

Focal_Point_Logo.jpg (1862×1500)

 

Our mission is to help leading companies build better and smarter cyber risk management programs. We understand that an effective risk management program is the best defense against increasingly complex regulations, stiffer penalties, and a sharp rise in cyber threats.

Come see us at RVAsec! Register now.


Silver Sponsor Feature: Infranet

www.infranetgroup.com

@InfranetTG

Infranet Technologies Group, Inc. is a geographically boundless company who specializes in providing network solutions for business critical network infrastructures. Providing leading professional services for over a decade, Infranet employs engineers that have gained credibility through serving the technology industry with over fifty years of business experience. Our engineers have obtained top-notch certifications from industry leading manufacturers including Cisco certifications in voice, routing, switching and wireless networking.

Come see us at RVAsec! Register now.


Silver Sponsor Feature: ePlus

www.eplus.com

@ePlus

At ePlus, we empower organizations to imagine and accomplish more with technology. We help customers assess their technology and business needs and advise them on the most effective IT strategy for their organization. We then design, implement, and optimize cloud, security, and digital infrastructure solutions to enable that strategy. We back those efforts with local support, long-term service, and flexible financing and consumption models, all with the end result of helping customers.

Come see us at RVAsec. Register now!


Silver Sponsor Feature: IntSights

www.intsights.com

@IntSights

IntSights is revolutionizing cybersecurity with the first of its kind enterprise threat intelligence and mitigation platform that drives proactive defense by turning tailored threat intelligence into automated security action. Visit www.intsights.com to learn more.

Come see us at RVAsec. Register now!