Category: Announcement

Speaker Feature: Ben Smith

April 25, 2016
AnnouncementConference

Ben Smith

@Ben_Smith

Ben Smith

blogs.rsa.com/hunting-sharks-teeth-iocs/

RSA
Ben Smith is Field Chief Technology Officer (Field CTO – US East) with RSA, The Security Division of EMC. He is a trusted advisor and consultant to RSA’s global financial services customers, as well as customers in other vertical markets. With over 25 years’ experience in the networking, information security and telecommunications industries, he is responsible for consulting on RSA’s strategic vision around architecture and technical roadmaps for the company’s security and risk management solutions. Prior to joining RSA, he held senior technical positions at UUNET, Intuit, CSC, and the US Government, along with a string of technology-oriented startups. He holds a number of professional technical certifications, including the Certified Information Systems Security Professional (CISSP) certificate, and has presented on RSA’s behalf, both domestically and internationally, at cybersecurity events sponsored by Gartner, FS-ISAC, ISSA, ICI, (ISC)2, ISACA, InfraGard, HTCIA and other organizations.

Measuring Security: How Do I Know What a Valid Metric Looks Like?
There is no universally accepted method to measure security. So how do we translate operational measurements into meaningful security metrics for the business? Doing so effectively is essential, because you can’t manage what you don’t measure. This session will touch on the following general questions: Why are security metrics important, from both a compliance and an operational perspective? What are some best practices to keep in mind when selecting security metrics? Does your audience(s) dictate which metrics to select? What behaviors are you trying to influence with these metrics? What are some unexpected sources of security metrics? How should you communicate those metrics internally within your organization for maximum impact? Are there any examples of poor metrics which should be avoided in most cases?

Register Now!

Speaker Feature: Andrew Hay

April 22, 2016
AnnouncementConference

Andrew Hay

Andrew Hay

Andrew Hay

@andrewsmhay

www.andrewhay.ca

DataGravity
Andrew Hay is the CISO at DataGravity where he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy. Prior to that, Andrew was the Director of Research at OpenDNS (acquired by Cisco) and was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc.

Maneuvering Management Madness
Why do practitioners have such a hard time convincing their management team about the value of investing in security training, tools, and other initiatives? Is it because they’re too stubborn or busy to take the time to assess the concerns or is it more likely that you haven’t found the best way to communicate the threat to the business in a language that they understand?

Business leaders have implemented their own language, much of which was learned in business school, to better communicate with shareholders, board members, partners, and peers. Unfortunately, this language is often as foreign to most security practitioners as yours is to them. So what can practitioners do to better communicate with management?

This session will discuss several tactics to help convince your management team that your concerns are valid with examples on how to justify requests for headcount, procedures, policies, and human, tool, and training investment.

Register Now!

Ticket Prices Go Up On 4/21!

April 19, 2016
AnnouncementConference

Tickets for RV45ec are now on sale!

RV4sec’s base ticket price for 2015 is $150 and will be in place on 3/1–so don’t wait! And if that’s not enough incentive to purchase your tickets early, late registrations (after 4/21) will be $225!

Don’t forget all the things you get with registration, including 2 full days of talks, meals, snacks, drinks, reception, after party, prizes, a capture the flag contest, t-shirt & swag!

Once we sell out there will be no more tickets available.

So, to recap the conference prices:

  • $150 regular price until 4/20
  • $225 late registration until 5/26
  • $350 super late registration until 6/1

 

If you are unable to attend due to the price, please contact us to discuss as we do have stipends available and volunteer opportunities are a great way to get in for free! Once again there will be no tickets sold at the door, and don’t forget that RV4sec has sold out every year–so don’t wait!

Register now!

Hotel Information – Book now!

April 19, 2016
AnnouncementConference

RVAsec has reserved a block of rooms at the Crowne Plaza for out of town guests. The rate is $121/night (which does NOT include parking).

You can either book online or call the hotel.

When you call (855-472-7802) the hotel please tell mention the block “RV3” to get the special rate.

  • Secure your reservation by 5/2/16 to ensure receiving the group rate
  • Discounted parking rate of $10.00 per car, per night.
  • Please note that the Booking Link will not work on a smartphone

 

Crowne Plaza Richmond Downtown
555 East Canal Street, Richmond VA 23219
800-2CROWNE



View Larger Map
If for any reason you are unable to get the RVAsec rate or the block of rooms has been filled, please let us know so we can contact the hotel!

Once the block is full or expires we are not able to have it extended.

Make sure you check out information on getting to the conference.

RVA5ec 2016 Speakers Announced

April 15, 2016
AnnouncementConference

We had a lot of great submissions to the CFP this year!  It was extremely hard but we’ve managed to whittle it down to another great lineup for RVA5ec.

Without further delay, here are the speakers for the 2016 RVA5ec conference!

Wendy Nather (Keynote)
Andrew Hay Steve Christey
Ben Smith Andrew McNicol
Evan Johnson Juan Carlos
Brenton Kohler Troy Wojewoda
Chris Romeo Mark Weatherford
Rockie Brockway David Sirrine
Joey Peloquin Dawn-Marie Hutchinson
Michelle Schafer & Tim Wilson
Inga Goddijn & Becky Swanson
Caleb “chill” Crable & Evan “detro” Keiser

 

For detailed information about the speakers and their talks please see rvasec.com/speakers/

Thank you to everyone who submitted a proposal to the CFP–the review team had to make some tough decisions and we appreciate all the time and hard work that went into submitting.

We look forward to seeing you soon!

Gold Sponsor Feature: Cigital

April 2, 2016
AnnouncementConference

https://www.cigital.com

@cigital

Cigital

Cigital is one of the world’s largest application security firms. We go beyond traditional testing services to help our clients find, fix and prevent vulnerabilities in the applications that power their business. Our holistic approach to application security offers a balance of managed and professional services and products tailored to fit your specific needs. We don’t stop when the test is over. Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure applications.

Come see us at RVAsec! Register now.

 

Help Choose The RVAsec Logo!

March 28, 2016
Announcement

voteJune is fast approaching and we are in high gear planning RVAsec.  The CFP just closed and the committee is in the process of reviewing and choosing talks for this year.  We hope to publish the speaker selection very soon!

A quick reminder that you have until April 20th until ticket prices increase.  If you have not yet purchased your ticket, you might as well go ahead and get it done now:
http://rvasec.com/register/

This year we are having a contest to determine the logo design for the conference and shirts!   We did an initial first round of voting, and used that feedback to help improve the designs.

Now we need everyone to help us and vote on the logos!

Here is the link for the final round of RVAsec logo voting:
https://99designs.com/logo-design/vote-pewk3j

The poll will be open until the end of the week, and then we will choose the winning design.  Thanks everyone for your help, and please spread the link so we get as many votes as possible!

Wendy Nather (@RCISCwendy) To Keynote RVA5ec!

March 21, 2016
AnnouncementConference

Wendy Bio PicWe are pleased to announce that Wendy Nather will be keynoting RVA5ec 2016!

Wendy Nather is Research Director at the Retail Cyber Intelligence Sharing Center (R-CISC), where she is responsible for advancing the state of resources and knowledge to help organizations defend their infrastructure from attackers. She was previously Research Director of the Information Security Practice at independent analyst firm 451 Research, covering the security industry in areas such as application security, threat intelligence, security services, and other emerging technologies.

Wendy has served as a CISO in both the private and public sectors. She led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), as well as for the Texas Education Agency. She speaks regularly in locations around the world on topics ranging from threat intelligence to identity and access management, risk analysis, incident response, data security, and societal and privacy issues. Wendy is co-author of The Cloud Security Rules, and was listed as one of SC Magazine’s Women in IT Security “Power Players” in 2014. She is an advisory board member for the RSA Conference, and serves on the board of directors for Securing Change, an organization that helps provide free security services to nonprofit groups. She is based in Austin, Texas, and you can follow her on Twitter as @RCISCwendy.

Come one, Come all – It’s CTF 2016 time!

February 1, 2016
AnnouncementCTF

The RVAsec CTF team is beginning the setup and planning phase of the 2016 conference.  As many of you know, we pride ourselves with this CTF being an all-inclusive learning CTF and not just a ‘stump the chump / who’s the best engineer in the room’ kind of CTF. That said, we need volunteers to come up with fresh ideas, challenges, and setups that are both fun and informative. Additionally, we do want to provide a challenge for those who show up looking for one, so if you are a more advanced user or admin and have some killer challenges that can stump someone, we’ll need those too for the higher tiers.

Speaking of Tiers, we plan to have 3 or 4 tiers this year and they will be as follows:

Tier 1 -Beginner

This tier will comprise the majority of the challenges and points ideally. Challenges in this category should be purely beginner level challenges. Some examples of year past are:

 Connecting to SSH and copying part of the SSH key as the flag

 Looking in web page source code for the flag

 Trivia questions related to IT / Hacking History / Etc.

 Wireshark dumps of plain text authentications

 Port and/or device identification (that’s port 25, used for SMTP, running on a Raspberry pi, identified by its MAC OUI)

Tier 2 – Moderate

This is a moderate tier geared more towards people who digging deeper into Security and the different facets it includes as well as experienced Pentesters. Some examples from the past:

 XOR code samples with python

 Heartbleed exploit to retrieve login information

 Local privilege escalation to find the Flag

 SQL injection

 MS08-67 Exploits

 Brute force SSH or SFTP sites

 DFIR recovery and artifact location

Tier 3 – Hard

The hard tier, built mainly with ‘stump the chump’ challenges that are for the seasoned CTF player and people solely after winning prizes and spending the whole con in the CTF:

 Reverse engineering samples

 Malware C2 traffic Analysis

 Chained exploits

 Ghost services that have to fuzzed

 Firmware disassembly

Tier 4 – Hardware

Hopefully, we will be able to include various hardware challenges this year with the help of HackRVA as we have in the past, this tier will be specific to the Badges but we are always open to including other Hardware or IoT related challenges in at this level, so any idea, let us know!

So all that said – Come help out! If you are interested in assisting, please send an email to Mike Bailey and we’ll add you to the mailing list going forward as we begin to work it all out.

We are looking for a sponsor for the CTF, if you are interested please contact us to discuss!

Thanks and we will provide more updates as they happen!