We’re pleased to announce dates for RVAsec 2023! 

know ➜ The conference will be Tuesday, June 13th and Wednesday, June 14, 2023.

add to calendar ➜ rvasec-2023.ics

sign up ➜ Join the RVAsec Announce mail list to stay updated on RVAsec 2023.

sign up ➜ Join the RVAsec Monthly mail list to stay informed about local events.

follow ➜ @RVAsec on Twitter

get ready ➜ Interested in speaking? Keep an eye out for a CFP announcement!

Please make sure you download the RVAsec Mobile App!

You can easily download the Sched app for iOS or Android.  After downloading, you can log into Sched (should be sync’d with your ticket purchase). You can then easily create and see your schedule.  If you have any issues you can also reset your password and search for RVAsec.

If you don’t want to install the mobile application, the RVAsec schedule is available also for mobile!

Features

Personal Agendas
Plan out your own schedule in advance to get the most out of RVAsec.

Personalized Profile
Add a photo, bio, and connect your social media profiles.

Event Mobile App
Stay in-the-loop with iOS and Android apps.

Speaker Directory
Easily review speakers and their background.

We are once again having the Passport for Prizes event at RVAsec 11! This event gives you the opportunity to win some awesome prizes from our participating sponsors. 

Visit sponsor’s tables and get their initials or signature in the corresponding box. When completed, return your entry to registration for a chance to win.

Note: Your information must be complete to be eligible*, and you must be present at the reception on Friday to win.

• Two “Mystery Bags” provided by RVAsec
• $100 Gas Card provided by Abnormal Security
• $100 Amazon Gift Card provided by Arctic Wolf
• Drone provided by Assura
• Whiskey Decanter & 2 Whiskey Glasses provided by Cisco
• Bose Speaker provided by Corelight
• $100 Gas Card provided by Exabeam
• $100 Gift Card provided by Red Canary
• Razer Naga Trinity Gaming Mouse provided by Risk Based Security
• $100 Amazon Gift Card provided by SafeBreach
• Bose SoundLink Flex Bluetooth Speaker provided by SentinelOne
• $100 Visa Gift Card provided by Syscom
• Herschel Duffle Bag provided by Tanium
• Ranger Solo Stove Fire Pit & Beyond provided by Tenable
• $100 Amazon Gift Card provided by Tidal Cyber
• $100 Nike Gift Card provided by Varonis
• Yeti Cooler – Hopper provided by Winslow Technology Group
• $100 Longoven Gift Card in SA provided by Crowdstrike
• $100 Gift Card provided by Check Point

* Contact information will be shared with Passport sponsors.

Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning. He holds a Ph.D. in Electrical Engineering from Drexel University. Most recently, Ray was the CTO of cloud security startup Sift Security.

Malware: Where Does It Come From?

We analyzed more than 100 thousand HTTP/HTTPS malware downloads from the past two years to answer one seemingly straightforward question: Where does malware come from? More specifically, we want to understand exactly what kicked off the chain of events that led to the malware download. Did the malware download originate from social media, phishing emails, compromised websites, unsavory websites, or somewhere else? Was the URL of the malware download somewhere unsavory or seemingly innocuous? Do different malware families tend to come from different places on the web? We will answer these and other related questions and wrap up the presentation by discussing what we can do with all of this information to reduce our own risk as we browse the web.

Come see Ray at RVAsec! Register now!

Ian Y. Garrett is the CEO and co-founder of Phalanx, which provides human-centric data security through seamless, secure file transfers & storage.

Ian knows that the best security strategy starts with helping the users it will affect. Ian has gained this insight through his experience as a US Army Cyber officer, specializing in offensive operations and capabilities, and his work in the defense sector as a program manager and data scientist. He has spoken at numerous events and conferences on cybersecurity, artificial intelligence, and the effects of the future of work on cybersecurity.

Ian holds a B.S in Computer Science from West Point (United States Military Academy), an M.S in Computer Science from Johns Hopkins University, and conducts research in support of his Ph.D. in Computer Engineering from Virginia Tech with research focused on cybersecurity and artificial intelligence.

To Err is Human: Combating Human Error in the Future of Healthcare Cybersecurity

Healthcare data breaches are on average the most expensive breaches to date and are often caused by human error. The future of cybersecurity must focus on addressing the leading cause of data breaches while not burdening the everyday user. This talk benefits security professionals from all industries while it deep-dives healthcare to highlight the effect of human error on data breaches, how they’re getting worse, why they’re so expensive, what’s being done today, and where we need to go to fix it in the future.

Come see Ian at RVAsec! Register now!

Peter Partyka leads Flashpoint’s engineering teams. Peter previously worked in the quantitative hedge fund space in New York City, implementing security and technical solutions around proprietary trading platforms, high-availability cloud deployments, and hardening of applications and infrastructure. Peter leverages more than 16 years of experience in technology specializing in application security, red-teaming, penetration testing, exploit development, as well as blue-teaming. Peter has a long track record of managing tech teams and implementing engineering security best practices. Peter led Flashpoint toward GDPR and CCPA compliance and has been a key architect of Flashpoint’s robust compliance programs. Recently Peter has scaled Flashpoint’s Engineering Team to over 80 engineers and has led the company through acquisition with a Private Equity Group as well as 2 MNA’s. Peter has taught advanced cybersecurity courses at New York University and consulted at various tech startups during his career.

Threat Intelligence 2022 Actionable?

In the early days of threat intelligence feeds we were swamped with domains, IP Addresses, and Hashes that we directly fed into our appliances and hoped that the feed we subscribed to updated IP addresses, etc. appropriately. Today we still have Domains, IP Addresses, Hashes, as well as a plethora of other data. Join me in an interactive session that showcases all the datatypes that fall under Threat Intelligence in 2022 and lets make a determination whether this data is actionable or not. The results may surprise you.

Come see Peter at RVAsec! Register now!

Andre collaborated with and delivered projects for some of the world’s most technically advanced technology organizations, including many of the largest investment banks.

Focused on bringing the benefits of public cloud to highly regulated and secure environment, Andre has over ten years of practical experience automating security and compliance.

He is currently working with customers in ushering their most critical, and legacy, applications and environments to into a Cloud Native, service-driven paradigm.

Basslines and Baselines: The role of Anomaly Detection in Cloud Security

Cloud adoption continues to accelerate and to changes our industry, enabling new business models, new ways to accelerate innovation, but also bringing new challenges to security practitioners. Scale, complexity, limited visibility, communication silos, all impede our ability to maintain velocity while ensure our businesses and customers remain safe.

This session will present and explore Anomaly Detection, an approach that many believe will be essential in our efforts towards better, more automated Cloud Security.

You will leave this vendor-neutral, accessible session with a better understanding of the promise and challenges of Anomaly Detection, focusing on public cloud, multi-cloud environments, and carry back to your work valuable insights and information.

Come see Andre at RVAsec! Register now!

Kris serves as the Chief Technology Officer and penetration testing lead for Critical Fault. After 10 years as a network administrator, Kris freelanced as a web developer for 2 years. Obsessing over the vulnerabilities within Kris’ own codebase, Kris began giving talks detailing the security issues and methods for stopping malicious attacks at the code level.

Since then, Kris has served as a penetration testing manager and as the co-founder for a penetration testing firm, regularly speaking at events on application security and digital forensics.

Digital Forensics: Reconstructing an Attack in Modern Web Apps

Application security struggles to keep up with modern development. Attacks against applications will only continue to grow. Web3? DevOps? Pipeline? Supply chain? With so many buzz words amidst a myriad of undiscovered vulnerabilities, where does your incident response team start after an incident?

Come see Kris at RVAsec! Register now!

Nick Popovich’s passion is learning and exploring technology ecosystems, and trying to find ways to utilize systems in unexpected ways. He works as a Red Team operator, trying to raise the overall security posture of organizations through adversarial simulation. Nick’s mission is the help individuals and organizations involved with defensive security operations to have an opportunity to observe the mechanics and methods of the attackers they’re defending against, and to assist in realistically testing those defenses. He’s a lifelong learner and loves finding new ways to get under the hood of systems and networks. He is a father of three and a husband to one.

Warning: This Message Originated from Outside of Your Organization

This talk is meant to highlight how end users have become desensitized to the ominous warning banners atop external emails, and can fall victim to phishing emails that abuse the trust in large, well-known organizations. The talk will run through examples of how threat actors can anonymously utilize built-in functionality to send phishing emails that originate from trusted, big-name, companies. These malicious emails genuinely originate from the large service provider’s email servers, and pass SPF, DMARC and DKIM security checks. The end-goal of this discussion that the risk is given more attention, and user awareness campaigns, technical email monitoring controls, and corporate communication strategies can take these risks into account.

Come see Nick at RVAsec! Register now!