Category: Speaker

Speaker Feature: Denis Mandich

Denis Mandich:

  • CTO and Co-founder of Qrypt
  • Founding member of the Quantum Economic Development Consortium (QED-C)
  • Founding member of the Mid-Atlantic Quantum Alliance (MQA)
  • ANSI Accredited Standards Committee X9
  • ITU Telecommunications Standardization Sector (ITU-T)
  • Forbes Technology Council
  • Quside board member
  • 20-year USIC veteran
  • Physicist

Twitter: @qrypt_inc

Quantum Cybersecurity

The advent of quantum computers promises to have profound economic impact because they solve lucrative industry problems that are otherwise impossible. The dark side is the consequences to global cybersecurity and the encryption systems fundamental to almost every aspect of our digital lives, including the cyber tools needed to protect them. Although 1970s-era PKI infrastructure has served us well for decades, it provides no assurance against the threat of “harvest now, decrypt later”. The transition to post quantum cryptography standards must be accompanied by more advanced techniques to ensure durable privacy, which is now a national economic security imperative. Fortunately, new redundant hardware and software solutions eliminate the single point of attack and failure in our business critical systems.

Come see Denis at RVAsec 12!

RVAsec 2023

Speaker Feature: Adrian Amos

Adrian Amos:
I’ve supported the Richmond IT community since 1997, in every capacity from retail break/fix to military & corporate Wintel infrastructure. I transitioned to cloud solutions in 2010 and was the first technical hire at Synergy way back in 2012. I have a strong focus on identity & access management and collect terribly inconvenient hobbies.

Twitter: @ahamos

I <3 my password

Protecting identity is foundational to zero trust, and everybody wants passwordless, but is it always appropriate? If it is, how do we overcome barriers to success, and if it isn’t, how do we protect & isolate workloads to ensure the right people have the right access to the right apps & data? Any security approach must consider the human beings it’s designed to protect, while balancing the risks of authentication strengths.

Come see Adrian at RVAsec 12!

RVAsec 2023

Qasim “Q” Ijaz is a Director of Offensive Security at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the “dry” business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.

Twitter: @hashtaginfosec

Feature or a Vulnerability? Tale of an Active Directory Pentest

This talk is a summation of stories from my recent penetration tests inside Active Directory networks. I will use this time to discuss common methods I have used to obtain initial access inside Active Directory environments, the features that paved the way to lateral movement, and vulnerabilities that escalated me to Domain Admin. This talk is laid out in a way that benefits both entry-level and experienced penetration testers. The content is for both blue and red teamers looking to better understand common Active Directory configurations that can lead to compromise. It has everything from memes to kerberoasting, with a pinch of humor (no dad jokes, I promise).

Come see Qasim at RVAsec 12!

RVAsec 2023

Speaker Feature: Ian MacRae

Ian MacRae:
Ever since founding E-N Computers in 1997, Ian has been dedicated to helping people get the most out of their technology. Since then, he’s grown the company from a small computer repair shop into a top-tier regional managed services provider (MSP) that helps SMB and enterprise clients transform their IT through strategic outsourcing.
In his more than 25+ years in the IT world, he’s managed hundreds of IT professionals and helped 60+ clients overcome business challenges through wise use of technology. Ian’s problem-solving approach combines a passion for business success with extensive technical knowledge, as shown in experience that includes:
• Serving as Fractional Chief Security Officer for dozens of organizations include a Berkshire Hathaway owned subsidiary
• Overseeing cybersecurity multiple breach/ransom remediation, including for embassy in Washington, D.C.
• Implementing CMMC/NIST 800-171 compliance since 2017 for dozens of area organizations
• Made the list of Top Managed Service Providers (MSP501) multiple times

The state of NIST/CMMC compliance today

Get a 2023 update on NIST security framework and CMMC compliance. Business with the government is Virginia’s #1 industry. The government is sick of spending billions on projects only to find the data leaked onto the Internet. Due to this many government contracts require security compliance to the National Institute of Standards and Technology (NIST) 800-171 standard. For years businesspeople didn’t take the 110 security controls seriously. Now we are seeing deals being lost to the Supplier Performance Risk System score. Ian has helped dozens of organizations implement compliance programs since 2017 in his role of vCSO.

Come see Ian at RVAsec 12!

RVAsec 2023

Speaker Feature: Andrew Hendela

Andrew HendelaAndrew has over a decade of cybersecurity experience leading teams tackling hard challenges. His technical expertise involves automating a wide range of problems, including cyber attribution, malware analysis, and vulnerability research.

Twitter: @zelkathak

Software Bills of Behaviors: Why SBOMs aren’t enough

Most software supply chain-related tools fall into a few categories: SBOM generation, vulnerability analysis, build policies, and source-code analysis. These do not address the problem exemplified by the SolarWinds supply-chain malware insertion attack. Software Bills of Behaviors provide an understanding of what the software is doing and how it has changed providing a defense against Solarwinds-style attacks.

Come see Andrew at RVAsec 12!

Speaker Feature: Scott Small

Scott Small is a security & intelligence practitioner and expert in cyber threat intelligence & threat modeling, open source research & investigations, and data analysis & automation. He currently serves as Director of Cyber Threat Intelligence at Tidal Cyber. Scott has advised enterprise and public sector security teams across maturity levels on technical and strategic applications of intelligence and on using technology to help identify and mitigate organizational risk. Throughout his career, he has briefed and trained large and small audiences and has presented original content at major security conferences, including DEFCON, FIRSTCON, MITRE ATT&CKcon, & BSides, and ISAC & other industry events.

Scott is an active member of the professional security & intelligence communities and a proponent of open-source information for upskilling and strengthening our collective security. In addition to contributing to community projects, he has published independent projects that aggregate and streamline publicly accessible security resources, as well as his own original tools & resources.

Twitter: @IntelScott

Adversary TTP Evolution & the Value of TTP Intelligence

Awareness of the benefits of behavior-focused defense is growing, and more intelligence around adversary tactics, techniques, and procedures (“”TTPs””) is available now than ever. However, as major adversaries increasingly modify their TTPs, teams struggle to track and manage the rising volume of TTP intel. We’ll review recent examples of adversary TTP evolution, including ransomware and commodity loader case studies, a summary of the TTP intelligence landscape, and guidance on effective intelligence collection, processing, and application for defenders.

Come see Scott at RVAsec 12!

RVAsec 2023

Speaker Feature: Kate Collins

Kate Collins has over 28 years of leadership experience from front-line supervisor to CHRO, is a PCC executive coach, HR consultant, and leadership development expert. For the last 10 years, Kate has served as a leadership coach to Cyber, IT, Healthcare, Government, Academic, Insurance, Retail, and Finance professionals and has created custom leadership development programs for clients including a cyber-specific program Guidepoint Security. Other coaching client organizations include: Snowflake Inc., Guidepoint Security, DoD, Navy Federal Credit Union, Inova Health, Children’s National Hospital, StubHub, UFCW, and eOffices, Inc.
Additionally, Kate partners with a neuroscientist to support Healthcare and Cyber organizations in recovering from and preventing burnout. Kate travels nationally, and lives in Richmond, Virginia with her husband (a Cyber-professional), daughter, and 4 (yes, 4) dogs.

This is the Way: A New Leadership Creed for Info-Sec professionals

With fun and powerful examples from Disney’s The Mandalorian, InfoSec professionals will explore the new and different leadership skills required after the immense changes in the past few years. Global events including the pandemic, inflation, supply chain problems, digital transformation, and political turmoil, have caused new pressures, new threats, and changes moving faster than an N1-starfighter in hyperspace!

Explore the latest research and trends in leadership, discuss the impacts on the InfoSec industry, and refresh your leadership creed. People leaders, technical experts and InfoSec professionals at all levels will be challenged to assess their current leadership strengths and discover new ways to stretch and develop skills to meet the intense demands in Cyber leadership today and beyond. This is the Way!

Come see Kate at RVAsec 12!

RVAsec 2023

Speaker Feature: Kevin Massey

Kevin Massey:
I am a security analyst who does independent security research. I focus on vulnerabilities, binary exploitation, and network protocols.

Twitter: @Scratchadams118

Heap Exploitation from First Principles

In this talk I will discuss the process of building a userland heap allocator, identify the inherent vulnerabilities that exist in heap allocation, and demonstrate methods to exploit these vulnerabilities.

Come see Kevin at RVAsec 12!

RVAsec 2023

Speaker Feature: Dan Han

Dan is the Chief Information Security Officer for VCU. He has over 20 years of experience working in IT and information security.

Twitter: @sensubeans

Beyond the pandemic: How the pandemic shaped organizations and their security architecture

How did the pandemic affect your organization and how it operates? Does you current security model still work with your organization? This talk explores how an organization transformed its security architecture throughout and after the pandemic.

Come see Dan at RVAsec 12!

RVAsec 2023

Speaker Feature: Jason Wonn

Jason Wonn is a results-focused information security leader with 30+ years of combined national intelligence, information assurance, and cyber threat intelligence expertise throughout the civilian and military sectors. Jason is a “Richmonder” but works for Navy Federal Credit Union in Vienna, VA. He currently serves as a Cyber Action Officer, delivering table-top exercises and serving as a trusted incident response advisor to leadership during cyber crises. Prior to this position, Jason led the development of a cyber threat intelligence capability at both Navy Federal and The Walt Disney Company. He also served in various threat intelligence roles as a government contractor with MITRE, Lockheed Martin, and CGI Federal in support of the FBI and 1st IO Command, US Army. He holds a B.S. in Computer Science from Tarleton State University in Texas, and the CISSP and PMP industry certifications.

Twitter: @Wonnmeister

Corporate Dungeon Master: How to Lead Cyber Games at Work

Military organizations have long known the value of “training as you fight”, but commercial entities only realized its importance in the last few years. Consequently, the Cyber Action Officer role recently became a priority for the average company. Are you a security-geek like Jason Wonn who loves role-playing games (RPGs) and want the opportunity to lead a party through incident response to the most prevalent cyber threats? In this original talk, discover how to lead games (table-top exercises) at work as a “Corporate Dungeon Master” (Cyber Action Officer), narrating the story (facilitation), controlling the monsters (cyber threats), and creating an adventure that will have your players leveling-up (process improvement).

Come see Jason at RVAsec 12!

RVAsec 2023