Josh is the practice lead of Strategic Application Security Services at GuidePoint Security. He has 18 years of real world experience in developing applications and helping organizations across all sectors integrate security into their SDLC. Josh has worked extensively with financial services organizations helping to scale their large AppSec programs as the development organizations increasingly adopt Agile and DevOps. He is passionate about all things AppSec. In his free time, Josh enjoys hiking, playing guitar, and spending time with his wife and three children.

Introduction To Inner-Loop Security. Shifting Left, But Better

We can barely make it through an AppSec talk or article without hearing about the wonders of “shift left” and how it is the key to solving all of our security problems. Every intro to AppSec talk starts with the cost savings and return on investment associated with discovering security defects earlier in the SDLC and most of us have designed our AppSec program around these concepts. What would you say if I told you there was a better way and that we have been shifting left wrong? In this talk, we will introduce the concept of the inner and outer loop as the next evolution of shift left. Join us to explore a new model for shifting left using inner-loop concepts and learn how to better enable our developers to build products that are secure by design.

Come see Josh at RVAsec! Register now.

Jeff has been working in IT since 1998 and graduated from Virginia Commonwealth University (BS-IS 2012, MS-CISS 2014) and the SANS Technology Institute (PGC Ethical Hacking & Penetration Testing). Jeff also enjoys research and educating on Technical Information Security Topics including Network Security Monitoring and Advanced Persistent Threats. In addition to recently passing the CCSP exam, Jeff holds the CISSP, GCIH, GPEN, GWAPT, GXPN and VMware NSX: Micro-Segmentation certificates.

When he’s not delving into the cloud, Jeff enjoys Reading, Fishing, and Vacationing at the beach with his wife and kids.  He is also an avid Hockey Fan.

Infrastructure as Code: Theory and Concepts

Information Systems Engineering & Operations Personnel can realize Scalability and Consistency by leveraging Infrastructure as Code.  This presentation will dive into the Theory of Infrastructure as Code and the Concepts on effective use.  A pathway to CI/CD, and eventually DevOps, will be shown.

Come see Jeff at RVAsec! Register now.

Yonatan Striem-Amit, CTO and Co-Founder of Cybereason, is a machine learning, big data analytics and visualization technology expert, with over a decade of experience applying analytics to security in the Israeli Defense Forces and Israeli Governmental Agencies. Prior to founding Cybereason, Mr. Striem-Amit headed the development for Watchdox, a leading DRM and SaaS security startup.

What’s Next In The Fight Against Ransomware

With ransomware attacks simultaneously becoming more effective and at the same time more prevalent – a ransomware defense strategy is top of mind for prepared security leaders.

In this session we’ll address:
– How to build an effective anti-ransomware security program
– Similarities and differences between ransomware attacks and other sophisticated operations
– The ranging impacts of a ransomware attack – both financial and other
– Implementations security teams can make today for better ransomware defense

Come see Yonatan at RVAsec! Register now.

An engineer at heart, Evan works at Cloudflare with all of the software engineering teams on the systems and products they are building. the first security engineer hired at Cloudflare, and also worked at LastPass as a software engineer, and was the first security hire at Segment.

Zero Trust: The Good Parts

After working on implementing zero trust at a multi-thousand person workforce, and working on building the product that provided it, there are a lot of learnings to share. Join me while I talk about the how we went about implementing zero trust at Cloudflare, and building a product now used by many other companies to do the same.

Come see Evan at RVAsec! Register now.

Tickets for RVAsec 2021 are now on sale!

We are back and looking forward to seeing everyone in November!

Tickets that were purchased for 2020 have been automatically rolled over into this year’s event.  You should be able to login to your Eventbrite account and access your tickets.  If you have any issues accessing them please contact us and we will do our best to assist.

There will be a lot of change this year as we move to The Omni and we are still navigating a post-COVID lockdown world.  Regardless, we are planning for a full event including two full days of talks, great speakers, meals, snacks, drinks, reception, after party, prizes, a capture the flag contest, t-shirt & swag!

We have already sold 50% of our available tickets.  Once we sell out there will be no more tickets available.  Please remember that you are not guaranteed shirts, bags and badges if you register late, they will be provided to attendees in the order of registration until supplies run out.  Further, if there are capacity limits priority will be provided in the order that tickets were purchased.

Conference ticket prices:

• $225 regular price until 8/31
• $300 late registration until 10/15
• $425 super late registration until 10/31

If you are unable to attend due to the price, please contact us to discuss as we do have stipends available for students and also have volunteer opportunities that provide a great way to get in for free!

Once again there will be no tickets sold at the door, and don’t forget that RVAsec has sold out every year–so don’t wait!  Please note we are unable to provide refunds due to processing fees.  You can, however, easily transfer your ticket to another person.

Register now!

First, we want to apologize for the lack of communication.  At the same time we want to assure everyone including our attendees, speakers and sponsors that we have been working hard to figure out how to bring RVAsec back even better than before the world imploded in early 2020.

COVID has lingered far longer than we expected.   While now is not the time to lower our guard, the downward trend in Virginia is very promising.  Further the distribution of the vaccine is progressing and Virginia now has launched a website allowing residents to pre-register.  With this positive news we are planning to move forward with an in-person event this year.

This year marks the 10th year of RVAsec.  We had previously made some major decisions prior to COVID to mark the occasion.  We are now finally able to announce our plans moving forward.

RVAsec is moving to the Omni for the next three years.  While we are extremely sad to be leaving our original home at VCU, this move gives us the entire hotel to take the conference to the next level.  

Again, the conference will be held in person November 4-5, 2021 at the Omni Richmond Hotel.

Previously purchased tickets for 2020 will be automatically transferred to the 2021 conference. More communication to follow on this.

We have been working closely with the hotel and will continue to be in touch with them to ensure the event is run in a safe manner, while still providing the best security conference experience.  For those that are unable to attend in person, we are hoping that we will be able to stream the conference.

Over the next couple weeks we will be in touch with sponsors soon to discuss details on the event, and we will begin to publish additional information and timelines.

We thank you for your flexibility and we look forward to seeing you all in person later this year!

-Chris and Jake

On July 1, Virginia officially entered into Phase 3 and began to further reopen the state. Governor Northam’s face covering requirement for indoor public spaces remains in place, and guidelines for indoor events changed to allow up to 250 people to attend RVAsec. 

Even though Virginia has been in Phase 3 for some time, we have still been proceeding cautiously. While Virginia has done well so far handling COVID-19 compared to many states, in the last few weeks it has become clear that it’s in everyone’s best interest to revise our plans for October. We are still working through the details, but we will not conduct RVAsec 9 in person as we desired, but rather we are working on plans to hold it as a virtual summit with streaming talks before the end of the year.

The RVAsec 9 Virtual Summit will be completely free for attendees, which will allow us to reach a broader audience and bring new members to the community.

We are in the process of setting up a chat server (using Discord) for our community so we can have active discussions during the streaming presentations, and we’ll also be leveraging this going forward to keep the RVAsec community in touch and socializing. Lastly, we are also looking at ways we can resume our monthly meetings in some virtual fashion.

Previously purchased tickets for 2020 will be automatically transferred to the 2021 conference, which will be held in person on June 3-4, 2021, regardless of any price increases.

While going virtual is a huge disappointment for all of us, the safety of the community that’s grown over the last nine years is paramount. We thank you for your flexibility this year as we work through brand new challenges, and look forward to being in-person again in 2021 at our brand new venue. 

We will be following up with more details about the Summit, and a huge announcement about plans for 2021.

See you in the virtual!

-Chris and Jake