Ell Marquez is a proud Hacking Is Not and Crime and Operation Safe escape advocate. She has traveled the world for five years, educating security practitioners on subjects from on-prem infrastructure to the cloud and everything in between. As part of her journey in 2023, Ell transitioned to Neuvik, focusing on researching and training organizations to strengthen their defenses against the latest cyber threats.

I’ve traveled the world educating security practitioners on subjects from on-prem infrastructure to the cloud and everything in between. X (Twitter): @ell_o_punk

Once Upon a Cyber Threat: The Brothers Grimms Teachings on APT Awareness (<– add to your schedule)

Two hundred years ago, the first volume of fairy tales was published by the Brothers Grimm, introducing to the world a realm of magic, dark forests, and powerful villains to haunt everyone’s dreams.

We never imagined this realm would exist in the digital age. “”Once Upon A Cyber Threat”” delves into the realm of advanced persistent Threat Groups (APTs), drawing parallels between the world of poisoned apples, breadcrumb trails, and magic mirrors and today’s modern cyber threats. Serving not a tale of caution but a call to action and a lesson in storytelling, creating an outline that can help every security professional impart the caution, wisdom, and resilience we need to become the narrators that transformed Brother Grimm’s tales into the happy ever after stories we know today.

Come see Ell Marquez at RVAsec 13!

Corey has been engaged with Fortune 500 organizations across a variety of industries, including financial services, government services, and healthcare and is widely recognized for his in-depth OSINT talks and workshops. Additionally, he is a Black Hat trainer and has spoken at conferences such as Wild West Hackin’ Fest, Texas Cyber Summit, and CarolinaCon. He has over five years of systems administration and extensive VMWare administration experience. Corey was a member of the SECCDC Red Team and is one of the top Red Team Operators at Red Siege. X (Twitter): @retronaut7

That Shouldn’t Have Worked – Payload Development 101 (<– add to your schedule)

The game of bypassing defenses and detection continues to be a cat and mouse game. Attackers often find clever ways to use common tools and techniques to execute their code and the defenders continue to create detections and mitigations for these methods. As a red teamer, it is becoming increasingly difficult to get around these defenses and emulate those attackers. In this talk, I will cover some of the methods we use during engagements to thread the needle and bypass those defenses.

Come see Corey Overstreet at RVAsec 13!

Mr. McOmie started in offensive security in 1994 and is a trusted advisor, security leader and mentor. With a career focus in offensive security and a strong technical background, he is recognized for his excellence in developing and executing enterprise security strategies and leading technical and tactical programs. He has founded and contributed to several industry leading organizations over his career including start ups, fortune 100 enterprises, and federal agencies. As an extrovert, he passionately supports the information security community, is a featured speaker at various conferences, a published author, and an industry liaison for many businesses and organizations.

Specialties: Security Leadership & Program Development, Security Service Practice & Team Direction, Red Teaming, Ethical Hacking, Penetration Testing, Social Engineering, Physical Security, Assessments, Incident Response, Compliance. By leveraging these talents and his experience, Mr. McOmie guides companies and executive leaders to understand the importance of, communicating the need for, and addressing the challenges that it takes to create and maintain a strong security posture.

Twitter: @lmcomie

“A programmatic approach to enterprise security” OR “How to not waste your security budget on sh!7 that doesn’t matter!”

This fast paced, poking fun at ourselves presentation, tells a story through examples of how a majority of companies are fixated on old industry “”worst practices””. As we wander though the twisted road of things that we do THAT WE SHOULDN’T, the audenice will likely find themselves thinking differently about how the approach enterprise security programs, have a chance to laugh at how human we all are, and walk away with a new perspective.

Come see Luke at RVAsec 12!

Andrew has been securing and protecting critical infrastructure networks since 2002.

Raised by a Topgun Marine fighter pilot and a middle school special education teacher, Andrew was always driven to find meaningful work, solve interesting problems and help others do the same in an effort to make the world a better and safer place.

His love for computers started in college and after spending several years providing tech support in the energy and financial sectors, he achieved his MCSE certification. This led to his first information security job supporting a migration to active directory. Andrew then went on to champion, design and implement an automated compliance and vulnerability management program.

Andrew has been developing and leading incident response, malware analysis, threat hunting and digital forensics services for the past 18 years in critical infrastructure financial organizations.

He currently holds GREM, GCFA, GDAT, GNFA and CISSP certifications and serves as an Cybersecurity Senior Manager at a large financial organization.

Twitter: @dfir_tnt

Maturing your Threat Hunting Operations

This talk will present a roadmap for designing a mature threat hunting service. A maturity model will be shared, along with prerequisites and incremental steps along the way.

Having built the Threat Hunting service at the Federal Reserve, I will share our journey, recommend approaches and resources, and provide a path for listeners to follow to do the same.

Come see Andrew at RVAsec 12!

Amelia is a security analyst working for ISECOM. From the beginning of her path in the cybersecurity industry, she’s been working with and learning from acknowledged professionals. This gave her a strong foundation and a set of skills that she intends to greatly expand. On a daily basis, she works with electronic evidence, collecting and analyzing it while maintaining the chain of custody. She conducts cyber investigations. She is also a cybersecurity trainer for the military and the Hacker Highschool project.

Why You Can’t Call the Police

Let me tell you a story about what it’s like as a lawfirm’s investigator to try to get justice for someone after they’ve been robbed online. The problem starts with finding the perpetrator. We will walk through the process of investigating crypto hot wallets and NFTs while we collect electronic evidence with proper chain of custody to prove a theft occurred. Then I’ll show you how we need to dox and hack our way through the web of forums and social networks to uncover an anonymous suspect. Again, keeping proper, court-admissable evidence. I’ll introduce you to the AI tools and automation we built to capture and search huge volumes of discussions and videos the moment they appear in many of the popular social networks and forums. Finally, I’ll end the tale with who we found and how we sent the police to their home to get justice. But it’s not a happy ending.

Come see Amelia at RVAsec 12!

Drew Schmitt is the GuidePoint Research and Intelligence Team Lead Analyst and is responsible for coordinating threat research, malware analysis, and operationalized intelligence teams. Drew is especially fond of malware research and reverse engineering. When not neck deep in malware, he loves to create new and open-source tools and improve his techniques and capabilities. Drew is also an avid teacher and mentor, and really enjoys helping other people realize their love of malware, threat intelligence, and–above all–making threat actors’ lives harder. In past lives, Drew spent time as an incident responder, threat hunter, and IT administrator.

Twitter: @5ynax

Ransomware Rebranding … So Hot Right Now!

Ransomware rebranding is becoming a common technique that ransomware groups are leveraging to obfuscate their operations and remain under the radar. From high-profile groups like Evil Corp to groups like AlphV and Blackbyte, the rebranding process has provided viable solution for extending operational capabilities after high profile attacks. This talk will examine rebranding trends since 2020 and provide a thorough review of the impacts ransomware rebranding has had on the operational capacity of multiple ransomware groups. Lastly, this talk will analyze methods that threat intelligence analysts can utilize to compare traits and behaviors between ransomware groups to determine if the group is a likely rebrand or a new group altogether.

Come see Drew at RVAsec 12!

Josh Cigna is a solutions architect at Yubico focused on supporting enterprises on the impacts of regulations, requirements, and the latest authentication technologies. He is passionate about evangelizing user focused security solutions—advising organizations that user experience should be a key consideration alongside risk mitigation and meeting compliance mandates. Joshua’s experience includes the definition, design and implementation of IAM processes and programs. Prior to Yubico, he held technical positions at Thomson Reuters and Capital One and holds a CISSP certification.

Twitter: @Sporksan

Everything you never knew you wanted to know about Passkeys

Passwords have long been the bane of user, IT support staff & security professional. Compromised passwords are the leading source of account takeover and system breach, attackers are simply logging in and no longer breaking in! Solutions in the past have always come with caveats, but with the inclusion of Passkeys into most major operating systems and platforms a true light may be at the end of the tunnel. Join this panel to learn about the sorted history of passwords, current and developing trends with passwordless authentication, and what the best practice for Passkeys looks like!

Come see Josh at RVAsec 12!

Dwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.

Twitter: @mcdwayne

Who Goes There? Actively Detecting Intruders With Cyber Deception Tools

Ever wish you could set traps for intruders in your environment? While you can’t rig explosions or rolling boulders when someone attacks your servers, you can set up false credentials that trigger alarms you can act against. That is the whole idea behind honeytokens!

Come to this session to learn how honeytokens work

Come see Dwayne at RVAsec 12!