If you need proof of attendance for your CISSP or other certification CPEs, please use this PDF.
Instructions:
Proof of attendance:
branded tobacco and wine products such as Philip Morris USA and Ste. Michelle Wine Estates.Charles will explain the beginner concepts of identifying, quantifying, qualifying, and decisioning risks with a focus on how this differs from the practice of cybersecurity.
Come see Charles at RVAsec! Register now.
Barry Kouns is CEO at Risk Based Security, a vulnerability intelligence, organizational ratings,
and on-demand security solutions firm. Barry’s experience includes information security consulting, risk assessment and quality management. Barry has full knowledge of GLBA, FFIEC, HIPAA, Sarbanes-Oxley, and ISO 27001 and is well versed with PCI DSS, ISO 9001, COBIT, FISMA, NIST 800-53, BS 25999, ISO 31000 and ISO 20000. He has earned a B.S. in Statistics from Virginia Tech and a M.S. in Industrial Engineering Management from North Dakota State University. He has earned the CISSP designation, is a trained ISO/IEC 27001:2013 Auditor & ISMS Implementer, and is ITIL Foundation Certified. Barry was a Captain in the United States Air Force and served as a B-52H Bombardier.
Everywhere you look today you see “risk-based security” being touted as the next big thing. Knowing your assets, understanding the threats and vulnerabilities that may impact those assets, and calculating a risk score in order to prioritize mitigation actions, should be every organization’s goal. Risk-based security is not accomplished by performing a risk assessment exercise once a year. It requires a continuous assessment of your organization’s risk posture. Too many businesses think that completing a risk assessment is a difficult and complicated process that requires expensive software and can only be done by third party consultants. As a result, risk assessments are not conducted or conducted once and stored away to show the auditors. Risk assessments are essential in order to assure that the expenditures involved in mitigating vulnerabilities and the implementation of security controls are commensurate with the risks facing the organization. Attend this interactive session to explore the definitions, methodologies, structure and the expected results of a proper risk assessment that can be produced by your organization
Come see Barry at RVAsec! Register now.
Chandos Carrow is a Co-Information Security Officer for the Virginia Department of Health. He has worked for the Commonwealth of Virginia for more than 10 years and has been with the VDH for almost 2 years. Chandos has worked in several state agencies in his career including healthcare and higher education. He obtained his Master of Science in Information Systems from VCU and his CISSP from (ISC) 2. He is a member of several information security user groups including the (ISC) 2 Richmond Metro Chapter, Virginia Cyber Security Partnership, and Commonwealth of Virginia Information Security Council’s Conference and Knowledge Sharing Committees. Chandos enjoys giving back the knowledge he has obtained over his career and is currently an adjunct IT professor at Bryant & Stratton College in Richmond.
Information security is always changing and to keep up with these changes we need to somehow upgrade the professionals to keep up. In order to do this we need to expand the brain of the information security professionals. In this presentation we will cover several modern day philosophy concepts and how to incorporate these concepts into your everyday practice. These concepts include: ontological design, looking-glass self, feedback loops, flow state, cognitive play. Applying these concepts will hopefully expand your mind and improve how information security is conducted.
Come see Chandos at RVAsec! Register now.
We are pleased to welcome Lacework as a Hospitality Sponsor this year! All the food and drink served on Thursday 23rd will be sponsored by them, so be sure to stop by their table to say hi and thank them for feeding everyone!
RVAsec 2019. Register now!
Deana Shick has been a Member of the Technical Staff at the Software Engineering Institute’s CERT 
Coordination Center (CERT/CC) for 5 years. Deana works on the Threat Ecosystem Analysis team where she researches and analyzes current and emerging threats and vulnerabilities. Prior to working at CERT/CC, Deana was an International Trade Specialist focusing on EAR and ITAR regulatory processes. In 2014, she completed her M.S. in Information Security Policy and Management from Carnegie Mellon University. Along with her position at CERT/CC, Deana teaches at the Heinz College at Carnegie Mellon University, and pioneered the Information Security program at Duquesne University in Pittsburgh, PA.
Information Security is constantly in the news and making headlines. Which companies are breached? What are the impacts? How will the government respond to adversarial nations? The Internet still behaves much like the wild west – policy decisions are consistently being made and changed based on the structure and sustainability of the web. Organizations large and small are feeling the impacts of having a poor cyber security posture. This talk is perfect for those who are beginners, career changers, or anyone who needs a refresh on the building blocks of information security. It will discuss how data can be compromised, what those impacts are, and some suggestions of first steps. We will then dive into what vulnerabilities are and what to do about it. Finally, we will go over the things the rest of the 101 track will cover.
Come see Deana at RVAsec! Register now.
Eddie Glenn is the senior threat intelligence manager at Venafi and is responsible for researching the risks 
and threats of code signing and endpoint infrastructure. Eddie has more than 30 years of experience in enterprise software at companies such as IBM, Rational, and Wind River where he held a variety of senior level positions in product management and product marketing. Eddie is co-author of the Definitive Guide to Next Generation Fraud and has written for various industry publications. He has a Bachelor of Science degree in computer and electrical engineering from the University of Virginia, and an MBA from the University of Oregon.
Enterprises know code-signing is an important security control, for both self-defense and external reputation protection, but most overlook securing the infrastructure that supports the signing process, leaving them vulnerable to security and brand risks.
This session will discuss the four main poor practices often applied to code-signing infrastructure. This will be followed by a look at how these poor practices result in operational inefficiencies and security risks. The session will highlight the abuse and exploitation enabled by these poor practices and their ramifications, including the use of code-signing certificates to sign malicious code.
The session will conclude with a look at creating a secure enterprise code-signing infrastructure, including signing operations and models, inter-organizational communications, process and policies, and certificates issuance and management. Overall, the session will consider what is needed to create an infrastructure foundation for code-signing that will scale and adapt as networks continue to evolve and grow.
Come and see Eddie at RVAsec! Register now.
David Sullivan is a Penetration Tester and part of the Offensive Security Services team at CampusGuard. He has a background in working for various agencies with the State of Virginia in many InfoSec roles. He is a high-school dropout who transitioned into the technology field after a career in construction and believes that people from all backgrounds bring unique perspectives into this expansive field.
A quick look at the marketing FUD of ‘Automated Pentests’ and a high level look at the various technical pieces that delineate the difference between scanning and real-world attacks.
Come see David at RVAsec! Register now.
We are pleased to announce that Vectra AI are sponsoring our After Conference Reception on Thursday, 23rd May. The Reception will be held in the Commonwealth Ballroom directly after the last talk on Thursday afternoon. Thank you to Vectra AI, and we look forward to seeing you all there!
Come see us at RVAsec. Register now!
Rick has had a hand on a wide variety of tech over the years and also seen it used for both good and ill. He 
spent a significant chunk of time at a health system, which gave him an appreciation for the reasons behind the technology. He was also very fortunate to be mentored by some great people during his IT career so he has a passion for passing on the knowledge to other. Currently working as the Lead Security Consultant at SyCom Technologies, he is focused on helping companies defend their assets – their people, systems and data.
Think the network is a black box that magically gets your cat videos to you? This talk explains how it works at the fundamental levels.
Come see Rick at RVAsec! Register now.
