Category: Speaker

RVAsec 13 Speaker Feature: Ben Haynes

Ben Haynes is a data scientist at Flashpoint, leveraging analytics and his cybersecurity expertise to solve practical problems in the industry. Previously, he worked at Risk Based Security, where he dedicated his time to enhancing and implementing the organization’s cybersecurity intelligence products. He is responsible for multiple innovative risk models for vulnerability and breach intelligence, as well as pioneering ways to make that intelligence actionable for clients.

Ben earned his Bachelor of Science degree in Astronomy & Planetary Sciences from Stony Brook University, and subsequently a Master of Mathematical Sciences, specializing in Statistics, from Virginia Commonwealth University. He is an amateur archivist, data hoarder, and prolific collector of hobbies.
X (Twitter): @atbenhaynes

Prioritization Myths Busted with Better Vulnerability Data (<– add to your schedule)

A good prioritization plan should let you know where to start when tackling risk. And yet, people don’t know where to start when developing a good prioritization plan! Even worse, we make a number of bad assumptions when trying to navigate this labyrinth.

Which method is the best? Are many methods better than one? How many is too many? What does “best” even mean?

Ask 10 different practitioners these questions and you might get 10 different answers. There’s no better example of this situation than with the plethora of vulnerability prioritization methods available today. Luckily, we’ve been able to collect an unprecedented amount of data on vulnerabilities, and it’s taught us a lot about what makes sense, and what doesn’t.

Join us as we use this vulnerability data to dispel myths, avoid pitfalls, and conjure some solid recommendations that will put you on a better path.

Come see Ben Haynes at RVAsec 13!


RVAsec 13 Speaker Feature: Darryl MacLeod

Darryl MacLeod works for the Lares Advisory Services team and has over 20 years of experience in the IT security sector, having been responsible for developing, managing, and assessing information security programs for all levels of enterprise and government-level organizations. He has spoken at multiple conferences such as Security BSides St.John’s, GoSec, and the Texas Cyber Summit. He also sits on the Board of Directors for AtlSecCon and is the former lead organizer for Security BSides Cape Breton.

Strategic Alliances: How GRC Teams Can Empower Offensive Security Efforts (<– add to your schedule)

Collaboration between Governance, Risk, and Compliance (GRC) teams and offensive security teams is vital for a strong security stance. This presentation highlights the role of GRC teams in augmenting offensive security efforts. Traditionally, GRC teams are seen as policy makers, compliance assessors, and risk managers. Their role, however, significantly contributes to offensive security strategies, going beyond these conventional duties. The presentation emphasizes how GRC teams can enhance offensive security through risk-informed strategies, ensuring that offensive measures align with policies and compliance, optimizing resources, and bridging communication between technical and executive teams. The session aims to provide cybersecurity professionals and organizational leaders with a thorough understanding of the importance of GRC teams in offensive security and practical approaches for integrating these functions within their organizations.

Come see Darryl MacLeod at RVAsec 13!


RVAsec 13 Speaker Feature: Steve Pressman

Steve is an experienced computer systems and security architect with a passion for standards-based security and compliance; cloud computing; and DevSecOps. He brings over a decade of experience in the defense industry, working for multiple federal defense contractors, and has directly supported customers in organizations across the health care, retail, financial, pharmaceutical, and other verticals.

As president and CTO of Alpine Cyber Solutions, Steve and his team have built a full-featured IT and cybersecurity service company from the ground up. Today, Alpine Cyber is a leader in security managed services, vCISO services, risk assessment, and DevSecOps consultation.

The ABCs of DevSecOps (<– add to your schedule)

Application Security is the most oft-ignored, yet critically vulnerable attack vector in many businesses today. Development teams are encouraged to create new features first and foremost, at the expense of fixing vulnerabilities. It’s not until a breach or an audit finding when they pay attention to patching security holes.

So how does a thoughtful CISO get in front of this?

Application security has to exist across the application lifecycle. DevSecOps is the philosophy of imbuing proper security controls at every stage of the Software Development Lifecycle (SDLC). This session will introduce you to core DevSecOps concepts so you can bring them back to your company and make some proactive changes to “drive defects left” and reduce the risk of a catastrophic security breach in your applications

Come see Steve Pressman at RVAsec 13!


RVAsec 13 Speaker Feature: Ayush Priya / Saksham Tushar

Ayush Priya is a Cyber Security Engineer specialising in Cloud and Data Security, and DevSecOps practices. He loves to develop automation for security controls and processes. He has delivered talks at various conferences and security communities like GrayHat’20, and Cyber Security Global Summit to name a few. He also contributes to the OWASP Ranchi chapter as the Chapter Lead. He currently works at CRED as a cloud & data security engineer.

Saksham Tushar specializes in various aspects of Threats, including intelligence, detection, analytics, and hunting. He has experience leading teams and collaborating with organizations such as Informatica, Microsoft, and IBM to establish multiple global Security Operations Centers. Currently, he holds the position of Head of Security Operations at CRED India. He possesses extensive expertise in developing, refining, and transitioning Threat Management programs, including Advanced MDR Operations across ASEAN & EMEA regions. Additionally, he creates threat detections and hunts and shares them with the community through analytical Notebooks.
X (Twitter): @ayushpriya10

Building Illusions in the Cloud: Deception Engineering (<– add to your schedule)

Deception engineering is a defence-in-depth strategy which many organisations overlook. Post achieving certain level of maturity over their infrastructure security processes, deception engineering is a great security project to enhance monitoring via high fidelity alerts and targeted knowledge of an attack in terms of where the attack’s epicentre exists, what actions are the attackers taking, etc.

This session aims to share the overview of what entails when building a deception engineering charter, how to plan for deploying honeypots and honeytokens, and finally how to handle a potential incident that was detected via a honeypot.

Come see Ayush Priya / Saksham Tushar at RVAsec 13!


RVAsec 13 Speaker Feature: Ali Ahmad

With over 5 years of experience in the information security industry, Ali has performed a wide variety of security assessments including network penetration testing, application security assessments, full-scope red team engagements, adversarial simulation, and physical penetration testing. Prior to joining Atredis Partners, Ali performed network penetration tests as a Security Consultant on Optiv’s Attack and Penetration team.

Outside of work, Ali enjoys researching software vulnerabilities and malware techniques on Windows Systems. Ali has created open source tooling and authored blog posts focused on evasive Command and Control (C2) techniques and implant development to give back to the information security community. Ali also holds the Offensive Security Certified Professional (OSCP) certification. X (Twitter): @aahmad097

Hacking Exchange from the Outside In (<– add to your schedule)

Microsoft Exchange 2019 uses the Oracle Outside-In libraries to parse specific file types when attached to emails. This talk covers the process of discovering memory corruption vulnerabilities within the technology using AFL and Jackalope and the results of the fuzzing process. Outside-In was deprecated as a result of this research.

Come see Ali Ahmad at RVAsec 13!


RVAsec 13 Speaker Feature: Ell Marquez

Ell Marquez is a proud Hacking Is Not and Crime and Operation Safe escape advocate. She has traveled the world for five years, educating security practitioners on subjects from on-prem infrastructure to the cloud and everything in between. As part of her journey in 2023, Ell transitioned to Neuvik, focusing on researching and training organizations to strengthen their defenses against the latest cyber threats.

I’ve traveled the world educating security practitioners on subjects from on-prem infrastructure to the cloud and everything in between. X (Twitter): @ell_o_punk

Once Upon a Cyber Threat: The Brothers Grimms Teachings on APT Awareness (<– add to your schedule)

Two hundred years ago, the first volume of fairy tales was published by the Brothers Grimm, introducing to the world a realm of magic, dark forests, and powerful villains to haunt everyone’s dreams.

We never imagined this realm would exist in the digital age. “”Once Upon A Cyber Threat”” delves into the realm of advanced persistent Threat Groups (APTs), drawing parallels between the world of poisoned apples, breadcrumb trails, and magic mirrors and today’s modern cyber threats. Serving not a tale of caution but a call to action and a lesson in storytelling, creating an outline that can help every security professional impart the caution, wisdom, and resilience we need to become the narrators that transformed Brother Grimm’s tales into the happy ever after stories we know today.

Come see Ell Marquez at RVAsec 13!


RVAsec Speaker Feature: Corey Overstreet

Corey has been engaged with Fortune 500 organizations across a variety of industries, including financial services, government services, and healthcare and is widely recognized for his in-depth OSINT talks and workshops. Additionally, he is a Black Hat trainer and has spoken at conferences such as Wild West Hackin’ Fest, Texas Cyber Summit, and CarolinaCon. He has over five years of systems administration and extensive VMWare administration experience. Corey was a member of the SECCDC Red Team and is one of the top Red Team Operators at Red Siege. X (Twitter): @retronaut7

That Shouldn’t Have Worked – Payload Development 101 (<– add to your schedule)

The game of bypassing defenses and detection continues to be a cat and mouse game. Attackers often find clever ways to use common tools and techniques to execute their code and the defenders continue to create detections and mitigations for these methods. As a red teamer, it is becoming increasingly difficult to get around these defenses and emulate those attackers. In this talk, I will cover some of the methods we use during engagements to thread the needle and bypass those defenses.

Come see Corey Overstreet at RVAsec 13!


RVAsec 13 Speaker Announcements

We are pleased to announce the first batch of speakers for RVAsec 13!  Secure your ticket as prices increase on May 1.

While there are still more speakers to announce and the exact schedule is still coming, head over to https://rvasec13.sched.com/directory/speakers to read more about each speaker and talk abstracts!

  • Kymberlee Price – Keynote
  • Caleb Sima – Keynote
  • Darryl MacLeod – Strategic Alliances: How GRC Teams Can Empower Offensive Security Efforts
  • Ariyan Suroosh – Its Coming From Inside the House: A Guide to Physical Facility Penetration Testing
  • Chris Tillett – The Human Experience of Security Operations
  • Jennifer Shannon – API-ocalypse
  • Kevin Johnson – Orion’s Quest: Navigating the Cyber Wilderness – Tales of Modern Penetration Testing
  • Aqeel Yaseen – Mindfulness, Meditation, and Cybersecurity
  • Corey Brennan – Embracing my inner cyber wizard to defeat Impostor Syndrome
  • Corey Overstreet – That Shouldn’t Have Worked – Payload Development
  • Ross Merritt – Improv Comedy for Social Engineering
  • David J. Bianco – My Way is Not Very Sportsman-Like: Shaping Adversary Behavior to Strengthen Defenses
  • Nick Copi – Some Assembly Required: Weaponizing Chrome CVE-2023-2033 for RCE in Electron
  • Oren Koren – Verified for Business Continuity: How to Remediate Risk Safely Across the Enterprise
  • Luke McOmie (Pyr0) – Apples to Apples
  • Sam Panicker – Quickstart to building your own Private AI Chat
  • Jimi Sebree / Evan Grant – Consumer Routers Still Suck
  • Micah Parks – Reverse Engineering for Dummies: The “what if?” user
  • Tucker Mahan – Defending Against the Deep: Is your workforce ready for Generative AI Adversaries?
  • Ben Haynes – Prioritization Myths Busted with Better Vulnerability Data
  • Ali Ahmad – Hacking Exchange from the Outside In

Stay tuned for additional speaker announcements coming soon! We will have a new layout this year with multiple tracks.

And if you haven’t purchased your ticket yet, the time to do so is now as prices go up on May 1st!

Get your tickets here: https://www.eventbrite.com/e/rvasec-13-security-conference-tickets-776407274057


Speaker Feature: David Girvin

David Girvin:
Hacker, BJJ enthusiast, world traveler and surfer. I am a giant weirdo who somehow found my niche in offensive security. I have been blessed getting to build AppSec programs for companies like 1Password and Red Canary. I have an extremely diverse background and hope I can relate and or add value to everyones experience,

Hacking your Job? Trying to cheat at life with ChatGPT

AI, it’s all the buzz. We have seen marketing fraudsters at Black Hat called out. Heard sales people use every buzzword they can to try and close. So is it all smoke and mirrors? Or maybe there is pragmatic use for this upcoming technology. I have taken ChatGPT and treated it like an offensive security lab. I trialed many different approaches to using it. In this talk I will show where it can add value in a technical, business and sales role. I will also show how it can fail miserably, it’s security concerns and how its influenced. Will this take your job or add to it? Find out in my talk.

Come see David at RVAsec 12!

RVAsec 2023


Speaker Feature: Luke McOmie

Mr. McOmie started in offensive security in 1994 and is a trusted advisor, security leader and mentor. With a career focus in offensive security and a strong technical background, he is recognized for his excellence in developing and executing enterprise security strategies and leading technical and tactical programs. He has founded and contributed to several industry leading organizations over his career including start ups, fortune 100 enterprises, and federal agencies. As an extrovert, he passionately supports the information security community, is a featured speaker at various conferences, a published author, and an industry liaison for many businesses and organizations.

Specialties: Security Leadership & Program Development, Security Service Practice & Team Direction, Red Teaming, Ethical Hacking, Penetration Testing, Social Engineering, Physical Security, Assessments, Incident Response, Compliance. By leveraging these talents and his experience, Mr. McOmie guides companies and executive leaders to understand the importance of, communicating the need for, and addressing the challenges that it takes to create and maintain a strong security posture.

Twitter: @lmcomie

“A programmatic approach to enterprise security” OR “How to not waste your security budget on sh!7 that doesn’t matter!”

This fast paced, poking fun at ourselves presentation, tells a story through examples of how a majority of companies are fixated on old industry “”worst practices””. As we wander though the twisted road of things that we do THAT WE SHOULDN’T, the audenice will likely find themselves thinking differently about how the approach enterprise security programs, have a chance to laugh at how human we all are, and walk away with a new perspective.

Come see Luke at RVAsec 12!

 

RVAsec 2023