Author: rvasadmin

Speaker Feature: Richard Thayer

October 20, 2021
AnnouncementConference

Richard Thayer has been in IT for over 35 years. From his early beginnings of working on IBM’s 8086XT system(s), to designing robust security architectures for Fortune 50 companies; Mr. Thayer has consulted for vertical markets within Finance, Energy, Manufacturing, Retail, Insurance, and DoD & Civilian Government.

Three Worlds of Application / Cloud Security

Application / Cloud security goes hand in hand in our ever-changing IT environments.  With the cloud actually “being” an application, we need to look at three areas of Application Security that encompass what goes into the cloud, the cloud itself, and how to secure its communications and workloads.

This discussion will start to the extreme “far left” in the security lifecycle, all the way to the developer’s keyboards. Then we will explore the DevSecOps security process, based on the “Defense in Depth” theory of security. Then finally we will address the workloads in the cloud, with some of the public cloud’s native functionality to protect itself, and how we can use additional toolsets to enhance them.

Companies need to identify not only the tools, but when to use them, and how to automate them.

Come see Richard at RVAsec! Register now.

Wi-Fi Sponsor: AIS Network

October 20, 2021
Sponsors

RVAsec is pleased to announce AIS Network (AISN) as the official Wi-Fi sponsor of RVAsec 10!

AISN operationalizes your IT strategy. Solving complex IT challenges and managing digital risk to help clients thrive in an unpredictable world has been our core business for nearly 29 years. As the trusted and reliable partner of Forbes- and Fortune-ranked global corporations, government agencies, the Commonwealth of Virginia and other large enterprises, we drive exceptional value through our deep knowledge of data protection, compliance, governance and internal auditing procedures and controls.

Our unmatched customer experience is rooted in decades of expertise engaging with clients to deliver these solutions in addition to multi-cloud managed services for the world’s leading platforms, data visualization and analytics, high security hosting and consultative reviews.

https://aisn.net/

Twitter @AIS_Network

Speaker Feature: John Behen

October 20, 2021
AnnouncementConference

John Behen is the Vulnerability Management Lead for Newport News Shipbuilding, in Newport News, VA. He has been an IT professional for 25 years at a diverse range of companies including Newport News Shipbuilding, The Martin Agency and Procter & Gamble. Outside of Information Security, John enjoys spending time with his family and competitive offshore yacht racing.

5.4 Million Vulnerabilities and Counting…

More and more, Vulnerability Management is becoming a central function in an organization’s defensive posture. Along with that realization, companies are discovering that there is no central framework for implementing a Vulnerability Management program. Facing millions of vulnerabilities, we implemented a prototype vulnerability management framework that can be applied to any organization, regardless of size. This presentation will take attendees through the six core Vulnerability Management domains, with tips on how this framework can be applied to other organizations.

Come see John at RVAsec! Register now.

Speaker Dinner Sponsor: Armis

October 20, 2021
Sponsors

RVAsec is pleased to announce Armis as the official Wi-Fi sponsor of RVAsec 10!

Armis

Know your devices better than ever before. Powered by the world’s largest device knowledgebase, you’ll get granular, industry-specific device details and behavioral insights in real-time to trigger faster, more effective detection and response.

https://www.armis.com/

Twitter @ArmisSecurity

RVAsec 10 After Party — Live Band: Monkey Fist — Register Now!

October 20, 2021
AnnouncementConferenceEvent

The RVAsec 10 after party, brought to you by Risk Based Security and GuidePoint Security, will be at in the main Omni Ballroom on Thursday, November 4th, right after the conference ends!

  • 5:30pm to 7pm: Food/Beverage
  • 7pm to 10pm: Monkey Fist  plays

Monkey Fist has been amazing audiences in the Central Virginia area since 2006 with a high-energy rock show that promises stellar musicianship and vocals, and a wide range of musical selections: from 80’s anthems to today’s new rock and everything in between.

This is an exclusive event, so you must be registered to attend or you will not be allowed entrance–no exceptions!

Important Notes:

  • You must use the same email you used to register to RVAsec.
  • Each attendee must have their own name listed (duplicates will be deleted).
  • If you are not registered for RVAsec,  your ticket will be deleted.

Even if you have a ticket for RVAsec and said that you wanted to attend during the signup process, you MUST now registered for the party!

Register For The After Party Now!

If you haven’t bought a ticket for the RVAsec conference yet, now is the time…. click this link, you know you want to!

Or if you know better, don’t click that link, copy and paste this (https://www.eventbrite.com/e/rvasec-2021-security-conference-tickets-86646133919) in and purchase that ticket!

Speaker Feature: Karl Jankowski

October 19, 2021
AnnouncementConference

Karl is a business technologist through experience and a private pilot by fascination. While spending most work days in “the Cloud”, weekends are often spent flying below the cloud deck.

Network Assessments: Cybersecurity, Quackery and Fraud

Network assessments are valuable tools to provide insight into infrastructure. It is no surprise they are used to close 7 out of 10 new business opportunities for managed service providers. Their benefit to business is often an illusion.  This talk covers the basics of assessments, how they are misused, and what companies of all sizes should be doing instead.

Come see Karl at RVAsec! Register now.

Silver Sponsor: A10 Networks

October 19, 2021
Sponsors

RVAsec is pleased to announce A10 Networks as a Silver sponsor for RVAsec 10!

A10 Networks

Deliver business-critical applications that are secure, available, and efficient for multi-cloud transformation and 5G readiness. A10 Networks’ portfolio of secure application services solutions are engineered to accelerate and secure the most important enterprise and service providers networks in the world.

https://www.a10networks.com/

Twitter @A10Networks

 

Speaker Feature: Caleb Mattingly

October 19, 2021
AnnouncementConference

Caleb Mattingly is the CEO and founder of Secure Cloud Innovations, a cybersecurity consulting firm. Prior to starting SCI, Caleb worked in defense contracting supporting the Army, Navy, Air Force, and DISA. Caleb’s highest level of education is a MS in Cybersecurity from Liberty University.

Bake Security Into Your Infrastructure-as-Code

Baking takes time, dedication, and effort throughout the entire process. If you leave an ingredient or step out, you risk ruining the entire cake. Infrastructure-as-Code (IaC) is surprisingly similar. When you leave security out of your IaC process, you risk ruining what you worked so hard to create. In this talk we’ll dive into some best practice options for securing your IaC and explain the risks when you don’t.

Come see Caleb at RVAsec! Register now.

Chris Tignor To Keynote RVAsec 2021!

October 19, 2021
AnnouncementConferenceKeynote

We are pleased to announce that Chris Tignor will be keynoting RVAsec 2020!

Chris Tignor is Global Chief Information Security Officer for PRA Group, Inc in Glen Allen, Virginia. He has extensive experience in cybersecurity and information technology risk management with international financial services and consultancy organizations. His recent activities include strategies and program development projects to address cloud migration, data security, regulatory remediation (e.g. GDPR, CCPA, PIPEDA, HIPAA, OCC Heightened
Expectations), cyber fusion centers, threat intelligence, data governance and cyber analytics.

Prior to joining PRA Group, Chris was Principal and Chief Information Security officer for ImpactMakers in Richmond, Virginia. His past experiences include Senior Vice President of Information Security for the Federal Reserve Bank System, Chief Information Security Officer for Capital One Financial Corporation, Chief Operating Officer for W.C. Duke Associates and senior consultant for Accenture.

Chris is actively engaged in multiple volunteer and pro-bono activities. Chris is passionate about helping non-profit and higher education institutions. He currently volunteers with IT4Causes.org to provide pro-bono security consulting and security awareness training to multiple non-profits across Virginia. In addition, Chris has served on several executive boards for universities, cybersecurity firms and financial institutions.

Chris and his family live in Ashland, Virginia where he enjoys train watching and gardening.

Speaker Feature: Steve Holliday

October 18, 2021
AnnouncementConference

As a Director with Cherry Bekaert Digital, Steve Holliday assists clients with improvement, helping organizations to use resources more effectively and efficiently, and to enable growth, by understanding the current state, identifying performance gaps and developing and executing improvement strategies.

Steve has 30 years of experience as an operations management, information technology, information security, and process improvement executive. His key skills include information technology, digital transformation, strategy and road mapping, systems thinking, operational analysis, risk management and leadership of change. Certified Lean Six Sigma Master Black Belt and Certified Information Security Manager (“CISM”).

Why Should I Care? Cybersecurity Maturity Model Certification (CMMC): DoD / Non-DoD

Whether part of the DoD Supply Chain, or not, the Cyber Maturity Model Certification, largely built upon NIST 800-171, provides a great framework for understanding your information security risk and intelligently putting solid NIST controls around them. CMMC compliance is a time based mandate for Tier 1 and Tier 2 suppliers in the DoD Supply Chain. There are plans to push it out farther, and even into all DoD procurement contracts. Could it have broader application? Possibly extending across government and into Industry to create one common language for security? If none of these, then it still makes a dog gone good framework for a company to build out the management of cyber risk with an eye on continuous improvement. Come learn more about CMMC.

Come see Steve at RVAsec! Register now.