0xdeadbeef.us

@morgothan

Nat Hirsch is the Director of the Red Team at a large financial institution. He has been doing Red Teaming, Pentesting, and other offensive focused security assessments for the last decade.

Brian Brurok is senior director of Security Software Engineering at Capital One focusing on delivering software solutions and automations for Security Operations teams. He develops and deploys custom applications focusing on Data Analysis, Incident Management, Automation and Live Response. His software tools have been used across teams to improve hunt operations, analyst performance, and incident management. Prior to Capital One, Brian spent 16 years in security operations building, maturing and managing over 50 security operations centers across DoD, Intel, Defense Contractor and Federal spaces. He’s active in the cyber community speaking at various conferences, and also regularly hosts and builds realistic training scenarios for multiple Capture the Flag events.

Building a Better Catfish

Picture this, a Red Team and a Blue Team working together to make the organization more secure, and not just trying to prove that they are better then the other one. This is how we did it.

Come see Nat and Brian at RVAsec! Register Now.

www.assuraconsulting.com

@assura_inc

Karen Cole is the CEO of Assura, Inc. a cybersecurity consulting firm located in Ashland, Virginia. Her company just celebrated its 11th year in business and is considered in the top 1% of women-owned companies in the United States according to a recent study by the U.S. Women’s Chamber of Commerce. Throughout her 20+ year career, Karen has worked with various executives, boards of directors, and legislators to bring cybersecurity to the executive level and get programs the support and resources they need. Many times, she has helped them work through their own 5 Stages of Grief to get them to embrace their new corporate responsibilities.

From Grief to Enlightenment: Getting the Executive Support for Information Security

Most information security professionals got into the field to enjoy the technical challenges of keeping the hackers at bay. However, as information security has moved into the executive level of organizations, most professionals struggle to get connect with executives and get the support they need for their programs. Karen Cole has been successfully handling the most ardent opponents of information security (think politicians, board members, and C-suite executives) for 16 years getting her clients what they need. This session is focused on real-world actions you can take to get the support and resources for your program. Leave your governance theory at the door. This session is going to get real!

Come see Karen at RVAsec! Register Now.

@tyler_townes

Tyler works at BlackBerry Product Security as a Security Program Manager and is the lead incident manager during emergency response events. His focus areas include SDLC, sustained engineering, vulnerability management, and risk management across multiple operating systems. He is currently researching pre-acquisition and post-acquisition security processes. In the past, Tyler has been responsible for vetting malware being submitted to mobile app stores, and ensuring that users are properly informed of the privacy risks posed by mobile applications and mobile ad packages.

Let’s build an OSS vulnerability management program!

Does your company use Open Source Software (OSS) libraries in the products that it builds? Do you worry that your customers and company will be exploited because no one in your organization is maintaining those libraries with vulnerability fixes? Let’s do something about that.
During this presentation, we will start from nothing and build a process for identifying the OSS libraries that your company uses in order to build a bill of materials.  We will source threat intel on those libraries, and we will take action to remediate the vulnerabilities in our source code repository so that we can keep our customers and company safe.

Come see Tyler at RVAsec! Register Now.

@rmikehodges

Mike Hodges is a senior consultant for the Optiv Attack and Penetration Practice. He has a background in application development and is currently OSCP, Assoc CISSP, and CEH certified. He is currently interested in evasive penetration tactics and techniques and is constantly looking to build new ways to automate attacker evasion.

Hiding in the Clouds – Leveraging Cloud Infrastructure to Evade Detection

Organizational spending on cybersecurity is at an all-time high. From an attacker’s perspective, this means that target networks are becoming increasingly hostile environments to operate in. This has pushed attackers to look for new ways to diminish a defenders ability to identify their activity. The introduction of cloud providers and their associated content delivery networks have provided ample ways to attack and communicate with attack infrastructure while piggy-backing on the cloud provider’s infrastructure and reputation.
Techniques and tactics such as domain fronting for multiple cloud providers, distributed scanning, and leveraging API gateways will be discussed. Also, more nuanced aspects these cloud services will be explored as they sometimes provide many benefits to an attacker’s infrastructure, including encryption. Most importantly, mitigations for these techniques will provided so that defenders can go about better protecting their network.

Come see Mike at RVAsec! Register Now.