John Behen is the Vulnerability Management Lead for Newport News Shipbuilding, in Newport News, VA. He has been an IT professional for 25 years at a diverse range of companies including Newport News Shipbuilding, The Martin Agency and Procter & Gamble. Outside of Information Security, John enjoys spending time with his family and competitive offshore yacht racing.

5.4 Million Vulnerabilities and Counting…

More and more, Vulnerability Management is becoming a central function in an organization’s defensive posture. Along with that realization, companies are discovering that there is no central framework for implementing a Vulnerability Management program. Facing millions of vulnerabilities, we implemented a prototype vulnerability management framework that can be applied to any organization, regardless of size. This presentation will take attendees through the six core Vulnerability Management domains, with tips on how this framework can be applied to other organizations.

Come see John at RVAsec! Register now.

Karl is a business technologist through experience and a private pilot by fascination. While spending most work days in “the Cloud”, weekends are often spent flying below the cloud deck.

Network Assessments: Cybersecurity, Quackery and Fraud

Network assessments are valuable tools to provide insight into infrastructure. It is no surprise they are used to close 7 out of 10 new business opportunities for managed service providers. Their benefit to business is often an illusion.  This talk covers the basics of assessments, how they are misused, and what companies of all sizes should be doing instead.

Come see Karl at RVAsec! Register now.

Caleb Mattingly is the CEO and founder of Secure Cloud Innovations, a cybersecurity consulting firm. Prior to starting SCI, Caleb worked in defense contracting supporting the Army, Navy, Air Force, and DISA. Caleb’s highest level of education is a MS in Cybersecurity from Liberty University.

Bake Security Into Your Infrastructure-as-Code

Baking takes time, dedication, and effort throughout the entire process. If you leave an ingredient or step out, you risk ruining the entire cake. Infrastructure-as-Code (IaC) is surprisingly similar. When you leave security out of your IaC process, you risk ruining what you worked so hard to create. In this talk we’ll dive into some best practice options for securing your IaC and explain the risks when you don’t.

Come see Caleb at RVAsec! Register now.

As a Director with Cherry Bekaert Digital, Steve Holliday assists clients with improvement, helping organizations to use resources more effectively and efficiently, and to enable growth, by understanding the current state, identifying performance gaps and developing and executing improvement strategies.

Steve has 30 years of experience as an operations management, information technology, information security, and process improvement executive. His key skills include information technology, digital transformation, strategy and road mapping, systems thinking, operational analysis, risk management and leadership of change. Certified Lean Six Sigma Master Black Belt and Certified Information Security Manager (“CISM”).

Why Should I Care? Cybersecurity Maturity Model Certification (CMMC): DoD / Non-DoD

Whether part of the DoD Supply Chain, or not, the Cyber Maturity Model Certification, largely built upon NIST 800-171, provides a great framework for understanding your information security risk and intelligently putting solid NIST controls around them. CMMC compliance is a time based mandate for Tier 1 and Tier 2 suppliers in the DoD Supply Chain. There are plans to push it out farther, and even into all DoD procurement contracts. Could it have broader application? Possibly extending across government and into Industry to create one common language for security? If none of these, then it still makes a dog gone good framework for a company to build out the management of cyber risk with an eye on continuous improvement. Come learn more about CMMC.

Come see Steve at RVAsec! Register now.

As an Azure Networking Engineer, Thor Draper Jr works on the rapid response team that assists clients with immediate remediation of Infrastructure as a Service issues. Thor is also a cyber security instructor with Trilogy Education Services and has taught at cohorts held at universities across the country. His key skills are in information technology, information security, management, and sales. His passions lie in networking and relationship building.

Raising the Average – Finding and Managing Mentors

According to Jim Rohn: “You’re the average of the five people you spend the most time with.” Meaning, the people you spend the most time with are the same ones that shape you into you. You are their average. This same relationship applies when you’re referring to mentors.

As the world continues to go more virtual, the nature of relationships has changed. While mentorship is essential to professional development, the times dictate you need to adjust your communication style to maintain these relationships.

Come see Thor at RVAsec! Register now.

Josh is the practice lead of Strategic Application Security Services at GuidePoint Security. He has 18 years of real world experience in developing applications and helping organizations across all sectors integrate security into their SDLC. Josh has worked extensively with financial services organizations helping to scale their large AppSec programs as the development organizations increasingly adopt Agile and DevOps. He is passionate about all things AppSec. In his free time, Josh enjoys hiking, playing guitar, and spending time with his wife and three children.

Introduction To Inner-Loop Security. Shifting Left, But Better

We can barely make it through an AppSec talk or article without hearing about the wonders of “shift left” and how it is the key to solving all of our security problems. Every intro to AppSec talk starts with the cost savings and return on investment associated with discovering security defects earlier in the SDLC and most of us have designed our AppSec program around these concepts. What would you say if I told you there was a better way and that we have been shifting left wrong? In this talk, we will introduce the concept of the inner and outer loop as the next evolution of shift left. Join us to explore a new model for shifting left using inner-loop concepts and learn how to better enable our developers to build products that are secure by design.

Come see Josh at RVAsec! Register now.