Author: <span>rvasadmin</span>

Speaker Feature: Caleb Mattingly

Caleb Mattingly is the CEO and founder of Secure Cloud Innovations, a cybersecurity consulting firm. Prior to starting SCI, Caleb worked in defense contracting supporting the Army, Navy, Air Force, and DISA. Caleb’s highest level of education is a MS in Cybersecurity from Liberty University.

Bake Security Into Your Infrastructure-as-Code

Baking takes time, dedication, and effort throughout the entire process. If you leave an ingredient or step out, you risk ruining the entire cake. Infrastructure-as-Code (IaC) is surprisingly similar. When you leave security out of your IaC process, you risk ruining what you worked so hard to create. In this talk we’ll dive into some best practice options for securing your IaC and explain the risks when you don’t.

Come see Caleb at RVAsec! Register now.

Chris Tignor To Keynote RVAsec 2021!

We are pleased to announce that Chris Tignor will be keynoting RVAsec 2020!

Chris Tignor is Global Chief Information Security Officer for PRA Group, Inc in Glen Allen, Virginia. He has extensive experience in cybersecurity and information technology risk management with international financial services and consultancy organizations. His recent activities include strategies and program development projects to address cloud migration, data security, regulatory remediation (e.g. GDPR, CCPA, PIPEDA, HIPAA, OCC Heightened
Expectations), cyber fusion centers, threat intelligence, data governance and cyber analytics.

Prior to joining PRA Group, Chris was Principal and Chief Information Security officer for ImpactMakers in Richmond, Virginia. His past experiences include Senior Vice President of Information Security for the Federal Reserve Bank System, Chief Information Security Officer for Capital One Financial Corporation, Chief Operating Officer for W.C. Duke Associates and senior consultant for Accenture.

Chris is actively engaged in multiple volunteer and pro-bono activities. Chris is passionate about helping non-profit and higher education institutions. He currently volunteers with to provide pro-bono security consulting and security awareness training to multiple non-profits across Virginia. In addition, Chris has served on several executive boards for universities, cybersecurity firms and financial institutions.

Chris and his family live in Ashland, Virginia where he enjoys train watching and gardening.

Speaker Feature: Steve Holliday

As a Director with Cherry Bekaert Digital, Steve Holliday assists clients with improvement, helping organizations to use resources more effectively and efficiently, and to enable growth, by understanding the current state, identifying performance gaps and developing and executing improvement strategies.

Steve has 30 years of experience as an operations management, information technology, information security, and process improvement executive. His key skills include information technology, digital transformation, strategy and road mapping, systems thinking, operational analysis, risk management and leadership of change. Certified Lean Six Sigma Master Black Belt and Certified Information Security Manager (“CISM”).

Why Should I Care? Cybersecurity Maturity Model Certification (CMMC): DoD / Non-DoD

Whether part of the DoD Supply Chain, or not, the Cyber Maturity Model Certification, largely built upon NIST 800-171, provides a great framework for understanding your information security risk and intelligently putting solid NIST controls around them. CMMC compliance is a time based mandate for Tier 1 and Tier 2 suppliers in the DoD Supply Chain. There are plans to push it out farther, and even into all DoD procurement contracts. Could it have broader application? Possibly extending across government and into Industry to create one common language for security? If none of these, then it still makes a dog gone good framework for a company to build out the management of cyber risk with an eye on continuous improvement. Come learn more about CMMC.

Come see Steve at RVAsec! Register now.

Speaker Feature: Thor Draper Jr

As an Azure Networking Engineer, Thor Draper Jr works on the rapid response team that assists clients with immediate remediation of Infrastructure as a Service issues. Thor is also a cyber security instructor with Trilogy Education Services and has taught at cohorts held at universities across the country. His key skills are in information technology, information security, management, and sales. His passions lie in networking and relationship building.

Raising the Average – Finding and Managing Mentors

According to Jim Rohn: “You’re the average of the five people you spend the most time with.” Meaning, the people you spend the most time with are the same ones that shape you into you. You are their average. This same relationship applies when you’re referring to mentors.

As the world continues to go more virtual, the nature of relationships has changed. While mentorship is essential to professional development, the times dictate you need to adjust your communication style to maintain these relationships.

Come see Thor at RVAsec! Register now.

Speaker Feature: Josh Wallace

Josh is the practice lead of Strategic Application Security Services at GuidePoint Security. He has 18 years of real world experience in developing applications and helping organizations across all sectors integrate security into their SDLC. Josh has worked extensively with financial services organizations helping to scale their large AppSec programs as the development organizations increasingly adopt Agile and DevOps. He is passionate about all things AppSec. In his free time, Josh enjoys hiking, playing guitar, and spending time with his wife and three children.

Introduction To Inner-Loop Security. Shifting Left, But Better

We can barely make it through an AppSec talk or article without hearing about the wonders of “shift left” and how it is the key to solving all of our security problems. Every intro to AppSec talk starts with the cost savings and return on investment associated with discovering security defects earlier in the SDLC and most of us have designed our AppSec program around these concepts. What would you say if I told you there was a better way and that we have been shifting left wrong? In this talk, we will introduce the concept of the inner and outer loop as the next evolution of shift left. Join us to explore a new model for shifting left using inner-loop concepts and learn how to better enable our developers to build products that are secure by design.

Come see Josh at RVAsec! Register now.

Speaker Feature: Jeff Tehovnik

Jeff has been working in IT since 1998 and graduated from Virginia Commonwealth University (BS-IS 2012, MS-CISS 2014) and the SANS Technology Institute (PGC Ethical Hacking & Penetration Testing). Jeff also enjoys research and educating on Technical Information Security Topics including Network Security Monitoring and Advanced Persistent Threats. In addition to recently passing the CCSP exam, Jeff holds the CISSP, GCIH, GPEN, GWAPT, GXPN and VMware NSX: Micro-Segmentation certificates.

When he’s not delving into the cloud, Jeff enjoys Reading, Fishing, and Vacationing at the beach with his wife and kids.  He is also an avid Hockey Fan.

Infrastructure as Code: Theory and Concepts

Information Systems Engineering & Operations Personnel can realize Scalability and Consistency by leveraging Infrastructure as Code.  This presentation will dive into the Theory of Infrastructure as Code and the Concepts on effective use.  A pathway to CI/CD, and eventually DevOps, will be shown.

Come see Jeff at RVAsec! Register now.

Speaker Feature: Yonatan Striem-Amit

Yonatan Striem-Amit, CTO and Co-Founder of Cybereason, is a machine learning, big data analytics and visualization technology expert, with over a decade of experience applying analytics to security in the Israeli Defense Forces and Israeli Governmental Agencies. Prior to founding Cybereason, Mr. Striem-Amit headed the development for Watchdox, a leading DRM and SaaS security startup.

What’s Next In The Fight Against Ransomware

With ransomware attacks simultaneously becoming more effective and at the same time more prevalent – a ransomware defense strategy is top of mind for prepared security leaders.

In this session we’ll address:
– How to build an effective anti-ransomware security program
– Similarities and differences between ransomware attacks and other sophisticated operations
– The ranging impacts of a ransomware attack – both financial and other
– Implementations security teams can make today for better ransomware defense

Come see Yonatan at RVAsec! Register now.

Speaker Feature: Evan Johnson

An engineer at heart, Evan works at Cloudflare with all of the software engineering teams on the systems and products they are building. the first security engineer hired at Cloudflare, and also worked at LastPass as a software engineer, and was the first security hire at Segment.

Zero Trust: The Good Parts

After working on implementing zero trust at a multi-thousand person workforce, and working on building the product that provided it, there are a lot of learnings to share. Join me while I talk about the how we went about implementing zero trust at Cloudflare, and building a product now used by many other companies to do the same.

Come see Evan at RVAsec! Register now.

RVAsec 2021 Speakers and Schedule Announced

This year we are going to back to our roots and we will having a single track conference! This was the best decision as we continue to prioritize ensuring that we have both a safe and engaging event.

We had many great submissions to the CFP and given the limited number of speaking spots it was extremely hard, but the CFP team has managed to select a great lineup for RVAsec 2021.

Thank you to everyone who submitted a proposal to the CFP –the review team had to make some tough decisions and we appreciate all the time and hard work that went into submitting.

Without further delay, here are the speakers for the RVAsec 2021!

For the full details and times for specific talks, please see the schedule page.

Can you believe we are only 24 days away?  Please register as soon as possible so we can plan accordingly for a smooth event! Now is the time to register if you haven’t yet!

Don’t forget to get your hotel room booked!  The rate is good until 10/21.

Things are looking great for the conference and we expect more details will be provided soon!

Book Your Hotel Room for RVAsec 2021 Now!

We recently were onsite at the Omni in preparation for RVAsec 10 taking place November 4-5, 2021.  RVAsec has the entire hotel for the event and plenty of space to celebrate our 10th year!

We ask that you please book your hotel room as soon as possible to assist with our planning as we get back in person.  In order to have the entire hotel, we do need to have a significant amount of hotel rooms as part of the conference.  We ask that you please consider staying at the hotel this year.  The hotel block will expire on October 22, 2021 and be advised that we will not be able to assist after that date has passed.

For the conference rate, call 1-800-the-Omni or(804) 344-7000 and ask for the “RVAsec Conference 2021” rate.  You can also directly book on the Omni Richmond website.

While onsite, we spent time working on the new layout for the conference, but also spent considerable time discussing how we will implement precautions to make sure the event is as safe as possible and comfortable for our attendees.

We will continue to monitor the situation in Richmond, VA, however, as of now Virginia has not mandated masks for individuals that are vaccinated, but is strongly encouraging them.  We will continue to work with the hotel and put in place the necessary safety measures.  

We want to assure everyone that we are taking the utmost COVID safety precautions including extreme spacing out of vendor and session areas, single-serving food, sanitizing stations, among other things.  More information will be provided as it becomes available.

Registration is open and we ask that if you are planning to attend please register ASAP.  This will greatly help the conference! 

We understand that everyone has their own risk model, but we are excited to be with you in person in November!

-Jake and Chris