Category: <span>Announcement</span>

RVAsec 11 CFP is now open!

The call for papers for RVAsec 2022 is now open!

Click here to submit a talk to the CFP now!

Conference: June 8-9th, 2022

Location: Richmond, VA

CFP Submission Deadline:  March 13th, 2022 at 11:59 PM Eastern

RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. In its eleventh year, RVAsec 2022 is expected to attract over 750 security professionals from across the country. For 2022, the conference is a two day and three track format, with a mixed focus on technical and management/business presentations.


  • Conference location: Richmond, VA
  • Dates: June 8-9, 2022
  • All talks must be 50 minutes in length
  • Presenters will need to select Technical, Business/Management, or 101 tracks.
  • While we welcome foreign speakers, we are unable provide sponsorship for entry to the U.S.

We try to treat our speakers well with a special VIP event, gifts, and travel assistance (if possible). Join us at RVAsec and enjoy the perks! 

For more information and requirements, or to submit, please visit:


RVAsec 2021 Recap

We have finally recovered from RVAsec and wanted to bring you a quick recap!  We had over 450 attendees for this year and it was great to see everyone back in person!

What we were thrilled to bring you:

Thank you to everyone that took the time to provide us feedback.  We worked long and hard for several months to ensure that we are able to provide the safest conference possible and follow CDC and Virginia COVID recommendations.  We are pleased to report that while we were able to deliver that, in order to make that happen we modified the event from previous years.  We are very hopeful that we can get back to a “normal” RVAsec in 2022.

What to expect in the coming weeks:

Thanks again to all our our speakers, sponsors and volunteers!

Next year, RVAsec will be June 8-9, 2022 at the Omni Hotel Richmond.

See you next year.

Jake and Chris

RVAsec Passport for Prizes

We are once again having the Passport for Prizes event at RVAsec 10! This event gives you the opportunity to win some awesome prizes from our participating sponsors. 

Just visit at least 20 sponsor’s tables and get their initials or signature in the corresponding box. When completed, return your entry to registration for a chance to win.

Note: Your information must be complete to be eligible*, and you must be present at the reception on Friday to win.

  • A10 Networks: Amazon Echo Show 8 
  • Arctic Wolf: $100 Amazon gift card 
  • Armis: $100 Visa gift card 
  • Assura: $100 Visa gift card 
  • Check Point: $100 Amazon gift card 
  • Cohesity: Bose SoundLink Color ll Bluetooth Speaker 
  • Corelight: SoundLink Micro Bluetooth Speaker 
  • Cyber Ark: mBot Ranger Robot Kit 
  • ExtraHop: 3 month subscription to Whiskey 
  • Fortinet: $100 Gift Card 
  • Gigamon: $100 Amazon gift card 
  • iBoss: Apple Airpods provided
  • Infoblox: Sonos Speaker 
  • Malwarebytes: $200 Amazon gift card 
  • Netskope: Sony Noise Cancelling Headphones 
  • Optiv: Titleist Pro V1 Golf Balls & Visa gift card 
  • Palo Alto: $100 Visa gift card 
  • Rapid7: Remote Control Drone w/ GPS 
  • Red Canary: Apple Airpods 
  • Red Seal: $100 Amazon gift card 
  • Risk Based Security: JBL Flip 4 Waterproof Portable Bluetooth Speaker 
  • SecurID (RSA): $100 Amazon gift card 
  • Rubrik: ECO BEE Smart Thermostat w/ Voice Control 
  • SafeBreach: Apple Air Tags 
  • Sands Anderson: $100 Visa gift card 
  • SEGRA: $100 gift card 
  • Sycom Tech: $100 Best Buy gift card 
  • TECHEAD: $100 Best Buy gift card 
  • Tenable: LYNQ Wireless Speaker & Tangelo TrueView Webcam
  • Trend Micro: JBL Portable Bluetooth Speaker 
  • University of Richmond School of Continuing and Professional Studies: Spider Gift Pack 
  • Varonis: $100 Visa gift card 
  • World Wide Technology: Golf Bag 
  • RVAsec: Two “Mystery Bags” 

* Contact information will be shared with Passport sponsors.

RVAsec 2021 Proof of Attendance

If you need proof of attendance for your CISSP or other certification CPEs, please use this PDF. Instructions: Proof of attendance:

Speaker Feature: Anthony Switzer

Anthony is just someone that has a passion for helping people and shares that passion through cybersecurity.

Why I Love Purple Teams, Even Though They Don’t Exist

The industry of Cybersecurity has grown over the years. As a group driven by innovation, we look to solve our own problems. We have mimicked the military by choosing to have blue and red teams but have also developed a new team, the Purple Team. If you asked a cybersecurity professional what a Purple Team is, they might respond with a simple “it’s red and blue combined.” This talk is questioning what a Purple Team is by breaking the problem down to a first principle. Once we have the first principle, we’ll open it up to see if this is really a unique situation to our industry or was it solved already.

Come see Anthony at RVAsec! Register now.

Capture The Flag Is Happening!

The conference is right around the corner, and the MetaCTF ( team is hard at work preparing for this year’s Capture the Flag competition!

In keeping with the format of the past several years, we’ll be providing a practice environment on Day 1 of the conference to help participants prepare for the competition, find teams, and get familiar with the platform. If you’ve never participated in a CTF before, this is a perfect opportunity to get started!

The actual competition will take place on Day 2. There will be plenty of challenges for participants at all skill levels, so whether you’re a seasoned CTF player or a beginner, there will be something for you! Among others, challenge categories will include web exploitation, reverse engineering, OSINT, cryptography, forensics, and binary exploitation.

You’ll need a laptop to participate. Teams can have up to 4 people, or you may compete as an individual.

For those who like to come prepared, we suggest that you have a VM or two ready. You can download Kali Linux here ( or get a free Windows VM here ( or here ( Some tools that might be helpful include CyberChef (, BurpSuite, Ghidra, Pwntools, and Wireshark.

The MetaCTF team has been involved with the RVAsec CTF since 2016. If you’re interested in helping out with the CTF or have any questions, please reach out to roman[at]

We are still looking for a sponsor for the CTF.  Please consider supporting the conference and help us provide a great experience and amazing prizes!

Speaker Feature: Richard Thayer

Richard Thayer has been in IT for over 35 years. From his early beginnings of working on IBM’s 8086XT system(s), to designing robust security architectures for Fortune 50 companies; Mr. Thayer has consulted for vertical markets within Finance, Energy, Manufacturing, Retail, Insurance, and DoD & Civilian Government.

Three Worlds of Application / Cloud Security

Application / Cloud security goes hand in hand in our ever-changing IT environments.  With the cloud actually “being” an application, we need to look at three areas of Application Security that encompass what goes into the cloud, the cloud itself, and how to secure its communications and workloads.

This discussion will start to the extreme “far left” in the security lifecycle, all the way to the developer’s keyboards. Then we will explore the DevSecOps security process, based on the “Defense in Depth” theory of security. Then finally we will address the workloads in the cloud, with some of the public cloud’s native functionality to protect itself, and how we can use additional toolsets to enhance them.

Companies need to identify not only the tools, but when to use them, and how to automate them.

Come see Richard at RVAsec! Register now.

Speaker Feature: John Behen

John Behen is the Vulnerability Management Lead for Newport News Shipbuilding, in Newport News, VA. He has been an IT professional for 25 years at a diverse range of companies including Newport News Shipbuilding, The Martin Agency and Procter & Gamble. Outside of Information Security, John enjoys spending time with his family and competitive offshore yacht racing.

5.4 Million Vulnerabilities and Counting…

More and more, Vulnerability Management is becoming a central function in an organization’s defensive posture. Along with that realization, companies are discovering that there is no central framework for implementing a Vulnerability Management program. Facing millions of vulnerabilities, we implemented a prototype vulnerability management framework that can be applied to any organization, regardless of size. This presentation will take attendees through the six core Vulnerability Management domains, with tips on how this framework can be applied to other organizations.

Come see John at RVAsec! Register now.

RVAsec 10 After Party — Live Band: Monkey Fist — Register Now!

The RVAsec 10 after party, brought to you by Risk Based Security and GuidePoint Security, will be at in the main Omni Ballroom on Thursday, November 4th, right after the conference ends!

  • 5:30pm to 7pm: Food/Beverage
  • 7pm to 10pm: Monkey Fist  plays

Monkey Fist has been amazing audiences in the Central Virginia area since 2006 with a high-energy rock show that promises stellar musicianship and vocals, and a wide range of musical selections: from 80’s anthems to today’s new rock and everything in between.

This is an exclusive event, so you must be registered to attend or you will not be allowed entrance–no exceptions!

Important Notes:

  • You must use the same email you used to register to RVAsec.
  • Each attendee must have their own name listed (duplicates will be deleted).
  • If you are not registered for RVAsec,  your ticket will be deleted.

Even if you have a ticket for RVAsec and said that you wanted to attend during the signup process, you MUST now registered for the party!

Register For The After Party Now!

If you haven’t bought a ticket for the RVAsec conference yet, now is the time…. click this link, you know you want to!

Or if you know better, don’t click that link, copy and paste this ( in and purchase that ticket!

Speaker Feature: Karl Jankowski

Karl is a business technologist through experience and a private pilot by fascination. While spending most work days in “the Cloud”, weekends are often spent flying below the cloud deck.

Network Assessments: Cybersecurity, Quackery and Fraud

Network assessments are valuable tools to provide insight into infrastructure. It is no surprise they are used to close 7 out of 10 new business opportunities for managed service providers. Their benefit to business is often an illusion.  This talk covers the basics of assessments, how they are misused, and what companies of all sizes should be doing instead.

Come see Karl at RVAsec! Register now.