RVAsec 2025 Video: David Young
Security Consultant – Secure Ideas

Title: It’s Not All Ninjas and Anonymous Masks
In this talk, I’ll give you an insider’s look at what the day-to-day reality of working in cybersecurity really entails. We’ll dive into the typical tasks you’ll face, from scoping and executing the test to long-term security strategy. I’ll also share how to bridge the gap between technical jargon and business language, making complex concepts understandable for non-technical stakeholders. Of course, we can’t forget about reporting—a crucial yet often challenging part of the job. I’ll discuss the complexities of crafting reports that not only communicate risks but also drive action. Along the way, we’ll touch on the unique challenges posed by timelines and the tools we rely on. What makes this talk unique is my perspective from both sides of the fence: working on an internal team and as a consultant. This experience allows me to highlight the key differences and offer insights into how each role shapes your approach to cybersecurity.

• Youtube: https://youtu.be/wJQAt6DMYhw
• Slides: https://rvasec.com/slides/2025/Young_So_Its_Not_all_Ninjas.pdf

RVAsec 2025 Video: Vennard Wright
CEO – PerVista AI

Title: Leveraging AI in Surveillance for Public Safety Amid Privacy Concerns
During this session, we’ll explore the dual-edged role of artificial intelligence (AI) in enhancing public safety through surveillance while navigating the complex landscape of privacy and legislation. As AI transforms law enforcement and emergency responses with its advanced monitoring and threat detection capabilities, it also prompts critical questions about privacy rights and ethical considerations. This talk will dissect the balance between leveraging cutting-edge AI technologies and adhering to evolving privacy laws. We’ll delve into the latest trends, discuss the implications of facial recognition and behavior prediction, and examine how legislation is adapting to these rapid technological advancements. Whether you’re a tech professional, policy maker, or privacy advocate, this session will equip you with the insights needed to responsibly implement AI in surveillance, ensuring public safety enhancements do not compromise individual privacy.

• Youtube: https://youtu.be/mazUwaoDJYw
• Slides: https://rvasec.com/slides/2025/Wright_Leveraging_AI_in_Surveillance_for_Public%20Safety.pdf

RVAsec 2025 Video: Jon Waldman
President and Partner – SBS CyberSecurity

Title: Vendor Management 2025 – How to Make Better Vendor Management Decisions
Although vendor management has evolved, the core process remains the same: gathering and reviewing documentation to decide whether to continue business with a vendor. The key question now is how to ensure that vendors are genuinely protecting your datal

• Youtube: https://youtu.be/onAENjWTZIw
• Slides: https://rvasec.com/slides/2025/Waldman_Vendor_Management.pdf

RVAsec 2025 Video: Justin Varner
Chief of Innovation – RadZen Inc

Title: Oh Hotel No!: How A Helpless Hooligan Helped A Homie From Homelessness To Homeownership In 9 Months
This is the story of a hooligan and his fascination with exploiting physical and digital vulnerabilities in hotels for the purposes of persistent access, living off the land, and surreptitiously housing homeless people.

• Youtube: https://youtu.be/J4y8GqnaRMM
• Slides: https://rvasec.com/slides/2025/Varner_OhHotelNo.pdf

RVAsec 2025 Video: Bobby N. Turnage, Jr.
Attorney & Cybersecurity and Technology Team Leader – Sands Anderson PC

Title: Data Breach Management and Legal Issues for Information Technology Professionals
Please join us for a practical discussion (without the legalese!) about data breach management and minimizing the risk to your organization. In this discussion, we’ll talk through what it’s like to be in a breach situation, and we’ll cover some practical and legal considerations and suggestions that will help your organization achieve a better outcome.
Learning Objectives:

1. Gain a better understanding of what it’s like to be in a data breach situation.
2. Increase awareness of risks to your organization.
3. Increase awareness of the various people and workstreams involved in working through a data breach
4. Increase knowledge of proactive measures to improve the outcome and minimize risk to the organization.

• Youtube: https://youtu.be/tEtHY8vimng
• Slides: https://rvasec.com/slides/2025/Turnage_Data_Breach_Management_and_Legal_Issues.pptx

RVAsec 2025 Video: Morgan Stuart
Data Scientist and Engineer – Canopy Nine, LLC

Title: Large Language Models for Hackers
Wield your own AI agents, for fun and profit, with open-weight Large Language Models. In this talk, the audience will learn the foundational data science that empowers LLMs to help…and hallucinate, before diving into a tutorial on “agentic” LLM techniques. Along the way, key concepts and methods are related to NIST’s AI Risk Management Framework (NIST AI 600-1) and their adversarial machine learning taxonomy (NIST AI 100-2e2023). Cut through the hype – see the limitations and attack surfaces for yourself, and explore ways you could incorporate these tools into your own practice.

• Youtube: https://youtu.be/0Iptpo-gnv4
• Slides: https://rvasec.com/slides/2025/Stuart_Large_Language_Models_for_Hackers.pdf

RVAsec 2025 Video: John Stoner
Security Strategist – Google Cloud

Title: Defending Entra ID and Office 365 Using the Prism of GraphRunner
For organizations using Microsoft Entra ID and O365, it’s important to understand the landscape of the Graph API, how data is accessed and the logs available to gain visibility into probes and attacks that are targeting users and their information stores.

To drive this awareness, I’ve chosen to use a red team toolkit called GraphRunner that empowers offensive cyber practitioners an easy to use method to get started probing Microsoft Entra ID and Office 365 tenants. On the flip side of this, we are going to take a look at the logs generated by GraphRunner in a simulated attack chain to better understand what a blue teamer might see and how they can build detections and hunt, not just for GraphRunner, but for suspicious activities occurring within their Entra ID and Office 365 tenant.

• Youtube: https://youtu.be/BIXaShyiNpM
• Slides: https://rvasec.com/slides/2025/Stoner_Defending_Entra_ID_O365_Using_GraphRunner.pdf

RVAsec 2025 Video: Michael Roytman
Co-Founder, CTO – Empirical Security

Title: Cybersecurity is Ready for Local Models
This talk explores how a custom, local AI/ML model can be built internally at an enteprise for cybersecurity decision support. We’ll walk through data, methods, and pitfalls of building your own models rather than using off the shelf or vendor solutions.

• Youtube: https://youtu.be/9AKCykrJGaw

RVAsec 2025 Video: Nicholas Popovich
Principal – Rotas Security

Title: Attacking & Defending ServiceNow: A Hands-on Lab for Red & Blue Teams
ServiceNow is a critical enterprise platform, often integrated with sensitive systems and privileged access. This talk explores how attackers can exploit misconfigurations and privilege escalation paths within ServiceNow to gain a foothold in an environment. We’ll walk through real-world attack techniques, from initial access to lateral movement, and demonstrate how defenders can detect and mitigate these threats.

In addition to offensive tradecraft, we’ll cover how to set up a dedicated lab to safely test these attack vectors, fine-tune detections, and improve defensive strategies. Whether you’re a red teamer looking to sharpen your tactics or a blue teamer aiming to strengthen your defenses, this talk will provide actionable insights and practical steps for securing ServiceNow.

• Youtube: https://youtu.be/LxwyQV8sIdA
• Slides: https://rvasec.com/slides/2025/Popovich_Bailey_Attacking_and_Defending_ServiceNow.pptx