Speaker Feature: Rick Lull

April 21, 2023 rvasadmin

Speaker

Rick Lull:
Lifelong geek turned security consultant after stops as a desktop tech, server bubba, and network jockey. Rick is a healthcare IT survivor, and is now playing Horatio on the bridge for hire with a local technology consulting company, advising clients on security strategy and operations. He currently holds CISSP, CCNP-Security, NSE7 and NSE4 certifications and previously held CEH and CNA certifications. He has promised to not make fun of any manufacturers during his talk.

Network 201: A Tour Through Network Security

Taking the Network 101 presentation in 2019 a bit further, this talk will dive into network security aka technical security controls that should be considered with respect to risk management in common environment, including private/public cloud and the recent industry buzz words around ZTNA – Zero Trust Network Access.
If you have ever wondered how you might use a VRF to segment authenticated user traffic, this is a talk for you. If you are trying to cut through buzzwords that a sales guy is throwing your way about how to protect your remote workers, this is a talk for you.

Come see Rick at RVAsec 12!

Speaker Feature: Andrea Matwyshyn

April 20, 2023 rvasadmin

Speaker

speaker

Dr. Andrea Matwyshyn is a full professor in the law school and engineering school at Penn State, the Associate Dean of Innovation at Penn State Law, and the founding faculty director of both the Penn State PILOT Lab (Policy Innovation Lab of Tomorrow), an interdisciplinary technology policy lab, and the Manglona Lab for Gender and Economic Equity, a technology equity lab and clinic.

She has also worked in both the private and public sector, most recently in 2023 as a Senior Special Advisor on Information Security and Data Privacy to the U.S. Consumer Financial Protection Bureau’s Office of Enforcement and a Senior Special Advisor on Law, Technology, and the Digital Economy to the U.S. Federal Trade Commission’s Bureau of Consumer Protection. Her first hackercon talk was at BlackHat USA in 2003, and she has previously served as a specialty reviewer on the DEF CON CFP Review team.

Twitter: @amatwyshyn

Cybernation: The FUD, Facts, and Future of Software Liability and Security

When the 2023 National Cybersecurity Strategy called for “shifting liability to promote secure development practices,” the response from the security (and legal) community often overstated the novelty of the proposal. We have already been living with (various forms of) software liability for confidentiality, integrity, and availability failures for over two decades. This talk clarifies the legal landscape of both what already exists and the likely paths for the future. Cautioning against various security dystopias including Hannah Arendt’s “cybernation,” this talk offers suggestions on buildouts to existing threat modeling frameworks to explicitly consider factors used by courts and regulators to determine liability. These buildouts can better align the security team and in-house counsel in a joint defensive enterprise. But, two scaling issues will remain: the need for a technology regulator of last resort (a “TRoLR”) and a security community-driven model of professionalism.

Come see Andrea at RVAsec 12!

RVAsec 12 Speaker Announcements

April 19, 2023 rvasadmin

Announcement Conference

speakers

We are pleased to announce the first batch of speakers for RVAsec 12! Secure your ticket as prices increase on April 30.

While there are still more speakers to announce and the exact schedule is still coming, head over to https://rvasec2023.sched.com/directory/speakers to read more about each speaker and talk abstracts!

Andy Ellis – Keynote
Paul Asadoorian – Keynote
Adrian Amos – I <3 my password
Allen Jenkins – “Use your words” – to build an Information Security Program and fight Cyber Crime!
Amelia Szczuchniak – Why You Can’t Call the Police
Andrea Matwyshyn – Cybernation: The FUD, Facts, and Future of Software Liability and Security
Andrew Hendela – Software Bills of Behaviors: Why SBOMs aren’t enough
Andrew Skatoff – Maturing your Threat Hunting Operations
Brendan O’Leary – Shakespeare, Bacon, and the NSA
Colin Estep – Insiders packing their bags with your data
Dan Han – Beyond the pandemic: How the pandemic shaped organizations and their security architecture
David girvin – Hacking your Job? Trying to cheat at life with ChatGPT
Denis Mandich – Quantum Cybersecurity
Drew Schmitt – Ransomware Rebranding … So Hot Right Now!
Dwayne McDaniel – Who Goes There? Actively Detecting Intruders With Cyber Deception Tools
Fletcher Davis – Context Matters: Tailoring Tradecraft to the Operational Environment
Ian MacRae – The state of NIST/CMMC compliance today
Jason Wonn – Corporate Dungeon Master: How to Lead Cyber Games at Work
Josh Cigna – Everything you never knew you wanted to know about Passkeys
Kate Collins – This is the Way: A New Leadership Creed for Info-Sec professionals
Kenneth Broderick – Hunting for Evidence of Data Exfiltration: Dark Web, Digital Forensics, and Log Analysis
Mark Arnold – TOP 5 CISO FINDINGS OF 2022
Qasim Ijaz – Feature or a Vulnerability? Tale of an Active Directory Pentest
Rick Lull – Network 201: A Tour Through Network Security
Scott Small – Adversary TTP Evolution & the Value of TTP Intelligence
Luke McOmie – “A programmatic approach to enterprise security” OR “How to not waste your security budget on sh!7 that doesn’t matter!”
Kevin Massey – Heap Exploitation from First Principles

Stay tuned for some additional speaker announcements coming soon!

We have a new layout this year with multiple tracks. Given some space requirements the exact schedule and room assignment will be more in flux than prior years at RVAsec. More details to come very soon!

And if you haven’t got your ticket yet, the time to do so is now! Prices go up in 11 days!

You can get tickets here: https://www.eventbrite.com/e/rvasec-2023-security-conference-tickets-411449104347

Andy Ellis (@csoandy) Keynote and Book Signing at RVAsec 2023!

April 14, 2023 rvasadmin

Announcement Keynote

We are pleased to announce that Andy Ellis will be keynoting RVAsec 2023 and he will also be doing a book signing! We are not sure how many total copies of the book we will have available, the sooner you register the better chance you will be able to get a free copy!

Andy is the author of 1% Leadership. He is the Advisory CISO at Orca Security and the Operating Partner at YL Ventures, and is an advisor to several cyber security startups, including Vulcan, Uptycs, Grip, Perygee, Vendict, Valence, Piiano, and Eureka. He is the founder and CEO of Duha, a leadership development consultancy that brings training to people earlier in their careers.

Andy Ellis is a seasoned technology and business executive with deep expertise in security, managing risk, and leading an inclusive culture. In his twenty-year tenure at Akamai, Andy led the information security organization from a single individual to a 90+ person team, over 40% of whom were women. Andy designed systems, governed risk management, implemented policy, and supported go-to-market functions. Widely respected across the cybersecurity industry for his pragmatic approach to aligning security and business needs,

Andy regularly speaks and writes on cybersecurity, leadership, diversity & inclusion, and decision-making. Andy has received a wide variety of accolades, including the CSO Compass Award, Air Force Commendation Medal, Spirit of Disneyland Award, Wine Spectator Award of Excellence (for The Arlington Inn), and was the winner of the Sherman Oaks Galleria Spelling Bee. He was inducted into the CSO Hall of Fame in 2021.

He currently serves on Harvard University’s Visiting Committee to IT. After receiving a degree in computer science from MIT, Andy served as an officer in the United States Air Force with the 609th Information Warfare Squadron and the Electronic Systems Center.

RVAsec 2023 Logo: The Raven

March 27, 2023 rvasadmin

Announcement Logo

2023 logo

Believe nothing you hear, and only one half that you see.

– Edgar Allen Poe

With the haunting shadows of cyber threats, RVAsec 2023 embraces the enigmatic wisdom of Richmond’s Edgar Allan Poe. Inspired by him and with the raven+phoenix as our guide, we rise above the chaos of the cyber security landscape to share our own wisdom and ideas. Unravel the secrets of cybersecurity and join us in Richmond for RVAsec, where the raven whispers “Nevermore” to risk!

Help Choose The RVAsec 12 Logo!

February 24, 2023 rvasadmin

Announcement Logo

The conference is fast approaching and we are once again in high gear planning the 12th RVAsec.

This year we are again having a logo contest for the conference and shirts!

We need your help — please vote and comment on all of the logos!

Here is the link for the RVAsec logo voting: https://99designs.com/contests/poll/6e226e4149

Thanks for your help, and please spread the link so we get as many votes as possible!

The CFP is still open so submit your talks and encourage your favorite speakers and companies to submit as well.

A quick reminder that you have until February 28th until ticket prices increase.

If you have not yet purchased your ticket, go get it now!

Paul Asadoorian To Keynote RVAsec 2023!

February 16, 2023 rvasadmin

Announcement Conference Keynote

This may seem like Déjà vu but a silly pandemic won’t stop us!

We are pleased to announce once again that Paul Asadoorian will be keynoting RVAsec! Paul is the Founder & CTO of Security Weekly as well as a Principal Security Evangelist at Eclypsium.

Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. He is the founder of the Security Weekly podcast network, offering freely available shows on the topics of information security and hacking. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

RVAsec 2023 – Registration is Open!

February 9, 2023 rvasadmin

Announcement Conference

Tickets for RVAsec 2023 are now on sale!

RVAsec Badges Registration the RVAsec 2023 security conference, located in Richmond, Virginia, is only $250 for two full days of talks, meals, snacks, drinks, reception, after party, prizes, a capture the flag contest, t-shirt & swag!

Once we sell out there will be no more tickets available.

Conference ticket prices and deadlines:

$250 early price until 2/28
$350 regular price until 5/1
$450 late registration until 5/31
$550 super late registration until 6/9 or until tickets sell out

This year we are introducing a new RVAsec Hotel Package. The conference + Omni hotel package is $650 and includes:

Two night’s stay at the Omni Hotel (6/12 and 6/13), including taxes+fees
Reduced Parking Price
RVAsec conference admission
Electronic badge guaranteed **
T-Shirt
Bag
Meals & snacks
Events

** Please note: The RVAsec Hotel Package is the only ticket level which guarantees an electronic badge from Hack.RVA. All other tickets are first-come first-served based on availability. ** If you are unable to attend due to the price, please contact us to discuss as we have stipends available for students, and we have a volunteer opportunities that provide a great way to get in for free!

Once again there will be no tickets sold at the door, and don’t forget that RVAsec has sold out every year–so don’t wait! Please note we are unable to provide refunds due to processing fees. You can, however, easily transfer your ticket to another person.

Register now!

RVAsec 2022 Videos Published!

January 22, 2023 rvasadmin

Announcement Conference Videos

videos

We’re pleased to announce the availability of the RVAsec 2022 videos!

We have created the following playlists:

2022 RVAsec

2021 RVAsec

You can see all RVAsec presentations on YouTube.

RVAsec 12 CFP is now open!

December 28, 2022 rvasadmin

CFP Conference

The call for papers for RVAsec 2023 is now open!

Click here to submit a talk to the CFP now!

Conference: June 13-14th, 2023

Location: Richmond, VA

CFP Submission Deadline: March 19th, 2023 at 11:59 PM Eastern

RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. In its twelfth year, RVAsec is expected to attract over 750 security professionals from across the country. For 2023, the conference is a two day and potentially three track format, with a mixed focus on technical and management/business presentations.

Information:

Conference location: Richmond, VA
Dates: June 13-14, 2023
All talks must be 50 minutes in length
Presenters will need to select Technical, Business/Management, or 101 tracks.
While we welcome foreign speakers, we are unable provide sponsorship for entry to the U.S.

We try to treat our speakers well with a special VIP event, gifts, and travel assistance (if possible). Join us at RVAsec and enjoy the perks!

For more information and requirements, or to submit, please visit:

https://forms.gle/vvXSF49m99gTQzzu8

RVAsec

Author: rvasadmin