We are pleased to welcome Lacework as a Hospitality Sponsor this year! All the food and drink served on Thursday 23rd will be sponsored by them, so be sure to stop by their table to say hi and thank them for feeding everyone!
RVAsec 2019. Register now!
Deana Shick has been a Member of the Technical Staff at the Software Engineering Institute’s CERT 
Coordination Center (CERT/CC) for 5 years. Deana works on the Threat Ecosystem Analysis team where she researches and analyzes current and emerging threats and vulnerabilities. Prior to working at CERT/CC, Deana was an International Trade Specialist focusing on EAR and ITAR regulatory processes. In 2014, she completed her M.S. in Information Security Policy and Management from Carnegie Mellon University. Along with her position at CERT/CC, Deana teaches at the Heinz College at Carnegie Mellon University, and pioneered the Information Security program at Duquesne University in Pittsburgh, PA.
Information Security is constantly in the news and making headlines. Which companies are breached? What are the impacts? How will the government respond to adversarial nations? The Internet still behaves much like the wild west – policy decisions are consistently being made and changed based on the structure and sustainability of the web. Organizations large and small are feeling the impacts of having a poor cyber security posture. This talk is perfect for those who are beginners, career changers, or anyone who needs a refresh on the building blocks of information security. It will discuss how data can be compromised, what those impacts are, and some suggestions of first steps. We will then dive into what vulnerabilities are and what to do about it. Finally, we will go over the things the rest of the 101 track will cover.
Come see Deana at RVAsec! Register now.
Eddie Glenn is the senior threat intelligence manager at Venafi and is responsible for researching the risks 
and threats of code signing and endpoint infrastructure. Eddie has more than 30 years of experience in enterprise software at companies such as IBM, Rational, and Wind River where he held a variety of senior level positions in product management and product marketing. Eddie is co-author of the Definitive Guide to Next Generation Fraud and has written for various industry publications. He has a Bachelor of Science degree in computer and electrical engineering from the University of Virginia, and an MBA from the University of Oregon.
Enterprises know code-signing is an important security control, for both self-defense and external reputation protection, but most overlook securing the infrastructure that supports the signing process, leaving them vulnerable to security and brand risks.
This session will discuss the four main poor practices often applied to code-signing infrastructure. This will be followed by a look at how these poor practices result in operational inefficiencies and security risks. The session will highlight the abuse and exploitation enabled by these poor practices and their ramifications, including the use of code-signing certificates to sign malicious code.
The session will conclude with a look at creating a secure enterprise code-signing infrastructure, including signing operations and models, inter-organizational communications, process and policies, and certificates issuance and management. Overall, the session will consider what is needed to create an infrastructure foundation for code-signing that will scale and adapt as networks continue to evolve and grow.
Come and see Eddie at RVAsec! Register now.
David Sullivan is a Penetration Tester and part of the Offensive Security Services team at CampusGuard. He has a background in working for various agencies with the State of Virginia in many InfoSec roles. He is a high-school dropout who transitioned into the technology field after a career in construction and believes that people from all backgrounds bring unique perspectives into this expansive field.
A quick look at the marketing FUD of ‘Automated Pentests’ and a high level look at the various technical pieces that delineate the difference between scanning and real-world attacks.
Come see David at RVAsec! Register now.
We are pleased to announce that Vectra AI are sponsoring our After Conference Reception on Thursday, 23rd May. The Reception will be held in the Commonwealth Ballroom directly after the last talk on Thursday afternoon. Thank you to Vectra AI, and we look forward to seeing you all there!
Come see us at RVAsec. Register now!
Rick has had a hand on a wide variety of tech over the years and also seen it used for both good and ill. He 
spent a significant chunk of time at a health system, which gave him an appreciation for the reasons behind the technology. He was also very fortunate to be mentored by some great people during his IT career so he has a passion for passing on the knowledge to other. Currently working as the Lead Security Consultant at SyCom Technologies, he is focused on helping companies defend their assets – their people, systems and data.
Think the network is a black box that magically gets your cat videos to you? This talk explains how it works at the fundamental levels.
Come see Rick at RVAsec! Register now.
Lou Botticelli serves as Executive Underwriter, Professional Liability for Markel Assurance Risk 
Management. Prior to his employment at Markel in 2015 he worked for insurance broker Marsh & McLennan on the Private Equity & Mergers and Acquisitions team performing both advisory and placement responsibilities for various clients. Before working at Marsh he worked for Arch Insurance’s Executive Assurance Division and Hartford’s Financial Products Division holding various roles in their respective private equity groups. He began his career in the National Accounts Management Liability Division at AIG and now has over 15 years of insurance experience. He graduated with a BBA degree in Business Management from Pace University in 2000.
Kara Owens is Managing Director, Global Cyber Underwriting Executive at Markel Corporation. In this role, Kara is responsible for establishing and leading Markel’s cyber market strategy and working with cyber underwriters across the Company to achieve growth and profit initiatives. She is in charge of best practices for cyber underwriting and reinsurance strategies worldwide in all Markel divisions. Prior to this role, Kara was the Global Head of Cyber at TransRe and prior to that was a reinsurance broker at Guy Carpenter. Kara graduated Magna Cum Laude with Bachelors of Business Administration with a dual focus in Risk Management and Insurance as well as Marketing from Temple University. She holds her RPLU, CPCU, ARe and ARM designations. Kara is a frequent speaker at universities and cyber insurance conferences. She is on the Board of the APIW (Association for Professional Insurance Women).
Attendees of this session will gain a clear perspective of what benefits Cyber Insurance can provide to their existing Cyber Security Program. Today, Cyber Insurance is no longer a “nice to have” but is a “must have” for every company doing business in a digital world. But how much coverage do you need and what’s really involved in getting cyber insurance? People who attend this session will gain a clear perspective on what Cyber Insurance can and can’t provide and where traditional insurance policies fall short.
Come see us at RVAsec! Register now.
Brandon Martin leads the Security Measurement Team at NorthState Technology Solutions. His team focuses on risk assessments and penetration tests that enable customers to benchmark and improve their security maturity and capability. Through his experiences he earned certifications like the Offensive Security Certified Professional (OSCP), Certified Information System Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC) and 6-Sigma Blackbelt. Brandon performed roles in software engineering, project management, business analysis, penetration testing, and compliance consulting. Before his current role he worked in heavy industry and banking. In his spare time Brandon enjoys writing code, spending time with family, and mentoring young people with his church’s youth program.
Security practitioners advocate ideals through clichés and analogies to help others understand complex problems. One prominent analogy espouses baking security into a solution instead of bolting security on at the end. This seems like an obvious analogy – a baker certainly can’t add flour to a cake after it’s in the oven. In business reality, time-to-market beats security every day of the week. How can an architect bake security into solutions when the extra time could result in a failed venture? This talk explores the realities of blending security into the design and implementation of solutions with a goal of realizing better is not the enemy of perfect. Some implementations bolt on security beautifully; other design patterns prove impossible to correct. Look forward to a meme-filled tour of architectures, design patterns, and lessons learned that will help security practitioners and business people identify if they’re cooking soup or baking cakes (…if that sounds like a mixed metaphor, don’t be late for supper).
Come and see Robert at RVAsec! Register now.
Ch-ch-ch-changes! Every year we grow & tweak RVAsec to provide the best experience possible, and this year is no exception. The biggest change is that we’ve added a third room for talks, the “101” track, where the foundations of cyber security topics will be presented. While you can learn in any of our tracks, if you’re new to security, or want to learn the basics of something new, this is the place for you!
While the track is called “101”, this isn’t meant to come across negative. These talks are given by some of the best speakers, and will provide amazing insight. The big difference is that in this track, concepts are explained, and the intended target is anyone that wants to learn about a specific topic.
Here is the current 101 line up:
Wednesday, May 22
11:00am - Intro to Infosec and Overview of the 101 Track - Deana Shick 1:00pm - What is Cyber Insurance? Are you covered? - Lou Botticelli • Kara Owens 2:00pm - Vulnerability Assessments and Penetration Tests - David Sullivan 3:00pm - Social Engineering, Physical Security & USB Attacks - Brad Thornto
10:10am - Risk Assessment - The Heart of Risk-based Security - Barry Kouns 11:10am - Network Security 101 - Rick Lull 1:00pm - Being Secure Doesn’t Mean You Are Managing Risk - Charles Tango 2:00pm - RVAsec 101 Panel - Deana Shick
Room Planning & Schedule Request:
Finding the space to handle a third track at VCU proved to be challenging. Therefore, we need some assistance from our attendees to help us determine which rooms are appropriate for the speaking tracks. We are asking everyone to take a moment and update your Schedule in Sched.
When you registered for the conference you should have been automatically signed up for Sched. It would be best that you check your email for the invitation and follow the instruction.
Once logged into Sched, you can visit the Conference Schedule and then select the talks that you plan to attend. This will be particular helpful for us if are planning to attend talks in the 101 track. Then you can click the Radio Dial next to each talk Title that you plan to attend:
This helps with using Sched to its fullest, but also for capacity planning. We would like to request that you do this as soon as possible.
We are very excited and also thrilled to have Deana Shick from CERT/CC with us this year helping to run this 101 track!
We are pleased to welcome Sentinel One as a Hospitality Sponsor this year! All the food and drink served on Wednesday 22nd will be sponsored by them, so be sure to stop by their table to say hi and thank them for feeding everyone!
RVAsec 2019. Register now!
