Author: rvasadmin

RVAsec 2023 Videos: Mark Arnold & Ian MacRae

Mark ArnoldMark Arnold

Throughout 2022, the Lares® Advisory Services team has tracked emerging trends while assisting organizations of various sizes and maturity with Virtual CISO, IT/OT Risk Assessments, Offensive Assessments, and Security Program Management engagements. TOP 5 CISO Findings (most frequently observed not necessarily the most severe) resulted from our tracking. This presentation unveils the findings, discussing them in the context of current and emerging threats. I also incorporate an MIT Sloan cybersecurity use case and the Verizon DBIR to expound on the findings.

We close out the talk by listing remedies for the Top 5 Findings. A sampling of remedies includes the selection of a framework, threat modeling, and tactical assessments to help organizations discover and avoid the risks associated with the Top 5 Findings.

About Mark – Mark Arnold has a 20+ cybersecurity career, serving 8 of those years in leadership roles. As a transformational leader, Mark has built security teams and programs, authored maturity model blueprints, and implemented security domain practices at large enterprises and service providers. Mark’s areas of interest include cloud security, threat intelligence, and vulnerability research, nation-state attack methods and related activities (e.g. information operations and disinformation campaigns), and their collective impact on nations and society. He holds industry certifications and degrees from Stanford, Princeton Seminary, and Harvard University. He is a former competitive gymnast and an ordained minister but, most importantly, a husband and dad.

Ian MacRaeIan MacRae

Get a 2023 update on NIST security framework and CMMC compliance. Business with the government is Virginia’s #1 industry. The government is sick of spending billions on projects only to find the data leaked onto the Internet. Due to this many government contracts require security compliance to the National Institute of Standards and Technology (NIST) 800-171 standard. For years businesspeople didn’t take the 110 security controls seriously. Now we are seeing deals being lost to the Supplier Performance Risk System score. Ian has helped dozens of organizations implement compliance programs since 2017 in his role of vCSO.

About Ian – Ever since founding E-N Computers in 1997, Ian has been dedicated to helping people get the most out of their technology. Since then, he’s grown the company from a small computer repair shop into a top-tier regional managed services provider (MSP) that helps SMB and enterprise clients transform their IT through strategic outsourcing.
In his more than 25+ years in the IT world, he’s managed hundreds of IT professionals and helped 60+ clients overcome business challenges through wise use of technology. Ian’s problem-solving approach combines a passion for business success with extensive technical knowledge, as shown in his experience.

RVAsec 2023 Videos: Paul Asadoorian (Keynote)

Paul Asadoorian


About Paul – Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. He is the founder of the Security Weekly podcast network, offering freely available shows on the topics of information security and hacking. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

RVAsec 2023 Videos: Adrian Amos & Rick Lull

Adrian AmosAdrian Amos

Protecting identity is foundational to zero trust, and everybody wants passwordless, but is it always appropriate? If it is, how do we overcome barriers to success, and if it isn’t, how do we protect & isolate workloads to ensure the right people have the right access to the right apps & data? Any security approach must consider the human beings it’s designed to protect, while balancing the risks of authentication strengths.

About Adrian – I’ve supported the Richmond IT community since 1997, in every capacity from retail break/fix to military & corporate Wintel infrastructure. I transitioned to cloud solutions in 2010 and was the first technical hire at Synergy way back in 2012. I have a strong focus on identity & access management and collect terribly inconvenient hobbies.

Rick LullRick Lull

Taking the Network 101 presentation in 2019 a bit further, this talk will dive into network security aka technical security controls that should be considered with respect to risk management in common environment, including private/public cloud and the recent industry buzz words around ZTNA – Zero Trust Network Access.
If you have ever wondered how you might use a VRF to segment authenticated user traffic, this is a talk for you. If you are trying to cut through buzzwords that a sales guy is throwing your way about how to protect your remote workers, this is a talk for you.

About Rick – Lifelong geek turned security consultant after stops as a desktop tech, server bubba, and network jockey. Rick is a healthcare IT survivor, and is now playing Horatio on the bridge for hire with a local technology consulting company, advising clients on security strategy and operations. He currently holds CISSP, CCNP-Security, NSE7 and NSE4 certifications and previously held CEH and CNA certifications. He has promised to not make fun of any manufacturers during his talk.

RVAsec 2023 Videos: Andy Ellis (Keynote)

Andy EllisAndy Ellis

Leadership development and training is usually applied after the fact: someone is in a leadership role, having demonstrated some skills, and now is sent for leadership training, where they are told THE ONE TRUE WAY to lead. If that WAY is close to their style, they gain benefit. If it isn’t, then at least they’ll be in a room with some colleagues to commiserate over bad coffee.

But zoom even takes away the bad coffee.

The reality is that there is no one way to lead, and there is no silver bullet. But everyone is a leader, even if only through influence and affect, so it is never too early to practice leadership. And never too late – or too early – to refine your practice.

About Andy – Andy is the author of 1% Leadership. He is the Advisory CISO at Orca Security and the Operating Partner at YL Ventures, and is an advisor to several cyber security startups, including Vulcan, Uptycs, Grip, Perygee, Vendict, Valence, Piiano, and Eureka. He is the founder and CEO of Duha, a leadership development consultancy that brings training to people earlier in their careers.

Andy Ellis is a seasoned technology and business executive with deep expertise in security, managing risk, and leading an inclusive culture. In his twenty-year tenure at Akamai, Andy led the information security organization from a single individual to a 90+ person team, over 40% of whom were women. Andy designed systems, governed risk management, implemented policy, and supported go-to-market functions. Widely respected across the cybersecurity industry for his pragmatic approach to aligning security and business needs,

Andy regularly speaks and writes on cybersecurity, leadership, diversity & inclusion, and decision-making. Andy has received a wide variety of accolades, including the CSO Compass Award, Air Force Commendation Medal, Spirit of Disneyland Award, Wine Spectator Award of Excellence (for The Arlington Inn), and was the winner of the Sherman Oaks Galleria Spelling Bee. He was inducted into the CSO Hall of Fame in 2021.

He currently serves on Harvard University’s Visiting Committee to IT. After receiving a degree in computer science from MIT, Andy served as an officer in the United States Air Force with the 609th Information Warfare Squadron and the Electronic Systems Center.

RVAsec 12 “Passport to Prizes” Contest

passport-2023We are again having the Passport for Prizes event at RVAsec 12! This event gives you the opportunity to win some awesome prizes from our participating sponsors. 

Visit 10 sponsor’s tables and get their initials or signature in the corresponding box. When completed, return your entry to registration for a chance to win.

Note: Your business information must be complete to be eligible*, and you must be present at the reception on Wednesday to win.

  • RVAsec “Mystery Bags” (2)
  • Arctic Wolf – Amazon gift card
  • Assura – Flipper Zero
  • Avertium – North Face backpack & h2go Camper Mug
  • Check Point – Bose Tempo sports audio sunglasses
  • Cloudflare – 27L Yeti backpack
  • Cohesity – TIMBUK2 backpack
  • Corelight – Amazon Gift Card
  • Cribl – JBL portable waterproof speaker
  • CrowdStrike – Ember mug
  • ExtraHop Networks – Apple AirPods
  • Exabeam – Star Wars Lego set
  • Gigamon – Amazon gift card
  • Guidepoint Security – Best Buy gift card
  • InterVision – Visa gift card & Koozie backpack cooler
  • Lacework – Bose SoundLink bluetooth speaker
  • Netscout – Igloo Maddox XL Cooler & YETI Rambler
  • Netskope – JBL Tune 600 headphones
  • Palo Alto Networks – Waterford Crystal shot glasses
  • Red Canary – Gift card
  • Rubrik – Yeti Hopper Cooler
  • Safebreach – Solo Stove Mini Mesa Tabletop Fire Pit
  • SEGRA – Leather duffle bag
  • SentinelOne – AirPod Pro headphones
  • Sumo Logic – Pilsner gift set
  • Tanium – Fanatics gift card
  • Tidal Cyber – Amazon gift card
  • WIZ – Away rolling luggage

* Note: Contact information will be shared with Passport sponsors.

RVAsec 12 Schedule – Mobile App & Online

Looking for the RVAsec 12 schedule? Download the RVAsec Mobile App or view it online!

You can easily download the Sched app for iOS or Android.  After downloading, you can log in to Sched (should be sync’d with your ticket purchase). You can then easily create and see your schedule.  If you have any issues you can also reset your password and search for RVAsec.

If you don’t want to install the mobile application, the RVAsec schedule is available also for mobile!


Personal Agendas
Plan out your own schedule in advance to get the most out of RVAsec.

Personalized Profile
Add a photo, bio, and connect your social media profiles.

Event Mobile App
Stay in-the-loop with iOS and Android apps.

Speaker Directory
Easily review speakers and their background.

Play Store

Tidal Cyber – RVAsec 12 Silver Sponsor

RVAsec is pleased to present Tidal Cyber as an RVAsec 12 Silver + sponsor!

Threat-Informed Defense with Tidal Cyber.

The Tidal Platform gives defenders and enterprises the tools they need to tailor their security programs to relevant adversary behaviors.
Twitter: @TidalCyber

Tanium – RVAsec 12 Gold Sponsor

RVAsec is pleased to present Tanium as an RVAsec 12 Gold sponsor!

We deliver superior value.

Leading organizations protect business-critical assets with Tanium’s Converged Endpoint Management platform.
Twitter: @Tanium

Infolock – RVAsec 12 Silver Sponsor

RVAsec is pleased to present Infolock as an RVAsec 12 Silver sponsor!

Data risk transformed. Infolock helps organizations effectively secure, manage, and optimize their data.
Twitter: @infolocktech

SentinelOne – RVAsec 12 Gold Sponsor

RVAsec is pleased to present SentinelOne as an RVAsec 12 Gold – no shirt sponsor!

Secure the Cloud. Avoid the Storm.

Introducing Singularity™ Cloud. AI-Powered Security to Prevent Threats, Reduce Risk and Protect Your Business.
Twitter: @SentinelOne