RVAsec is pleased to present SailPoint as an RVAsec ’25 Bronze sponsor!
The core of enterprise security is identity. Take a tour to see how our identity security platform delivers a foundation that securely fuels your business.
SailPoint
X (Twitter): @SailPoint
The hotel block is officially closed—but don’t panic if you dropped the ball. If you’ve been slacking and didn’t grab a room (or even a ticket), the RVAsec Hotel Package is here to save the day.
This is hands down the most affordable and stress-free way to attend RVAsec 14, and it gets you way more than just a bed and a badge.
Here’s what’s included in the $650 RVAsec Marriott Hotel Package:
💥 That’s over $1,000 worth of value for just $650.
There’s a very limited number of these packages left, and once they’re gone, they’re gone. Buying one now isn’t just smart—it’s a big way to support RVAsec and help keep this community-run conference going strong.
Remember:
So don’t wait. Don’t overpay. Don’t end up across town in a sketchy motel.
🎟️ Grab the Hotel Package now and lock in your best RVAsec experience:
👉 Register Now
The RVAsec Capture the Flag (CTF) competition is once again run by MetaCTF and sponsored by Corelight!
CTFs are a hands-on cybersecurity competition where participants solve a variety of challenges designed to simulate real-world security scenarios. They are a fun and immersive way to learn new skills. This year’s event will be jeopardy-style, and it’s perfect for participants of all skill levels. If you’ve never participated in a CTF before, this is a perfect one to try! Our team will be there to help you get started and offer hints.
You can compete solo or in a team of up to 4. You will need a laptop. Categories include web exploitation, binary exploitation, OSINT, reverse engineering, cryptography, forensics, and more. You might also get points for doing other things at the conference like lockpicking and hacking the badge.
This year the CTF once again is being held in the middle of the Expo hall. The action and energy last year was amazing and we expect the same again this year!
Tuesday: 1 PM to 4 PM – CTF prep, stop by the CTF area anytime
Wednesday: 10 AM to 3 PM – CTF
You’ll need a laptop to participate. We have over $2,000 in prizes, plus free training and 2026 RVAsec conference tickets.
Check out https://metactf.com/prep for additional preparation instructions.
If you like to come prepared, check out practice challenges and solutions at https://mctf.io/practice
MetaCTF is a cyber skills platform that helps companies assess, recruit, retain, and upskill cyber talent. We specialize in competition-based exercises, such as on-demand labs, traditional jeopardy-style CTFs, and attack & defense CTFs that can be used for tool/skill training, secure coding, security awareness, and more. If you’re interested in hands-on exercises or labs for your team, reach out to us at contact@metactf.com or learn more at https://metactf.com/
Jon Waldman is a co-founder and President of SBS CyberSecurity and the SBS Institute. Over the past 20 years, Jon has helped organizations across the US identify and understand cybersecurity risks to allow them to make informed cybersecurity decisions. Jon is incredibly passionate about cybersecurity training and education and serves as a speaker at conferences across the country, along with writing blog posts, hosting webinars, and speaking on podcasts.
For 20 years, Jon Waldman, co-founder and President of SBS CyberSecurity and the SBS Institute, has passionately equipped organizations nationwide to conquer cyber risks. He’s dedicated to transforming complex threats into actionable intelligence. Catch his energy and insights as he actively shares his expertise through compelling talks, engaging writing, webinars, and podcasts.
Vendor Management 2025 – How to Make Better Vendor Management Decisions (<– add to your schedule)
Although vendor management has evolved, the core process remains the same: gathering and reviewing documentation to decide whether to continue business with a vendor. The key question now is how to ensure that vendors are genuinely protecting your datal
Jeremy Dorrough has built his career around protecting assets in the most critical IT sectors. He started his career working in a Network Operations Security Center for the US Army. He then went on to work as a Network Security Engineer defending Dominion’s North Anna Nuclear Power Station. He also spent a few years as a Senior Network Security Engineer/Architect at Genworth Financial. Currently Jeremy works as a Client Director for Consortium Networks. He has presented at DefCon, RVASEC, UNC, JMU, ECPI, FBI Infragard and holds or has held Carnegie Mellon CISO certificate, MBA, CISSP, CISM, CEH, GIAC GPPA, CCSK, CCNA. Jeremy has spent over 20 years researching and implementing new ways to defend against the latest attacks. In his free time he loves spending time with his wife and two soon to be hacker children.
How to Win Budgets and Influence Stakeholders: Articulate Cyber Value to Non Technical Audiences (<– add to your schedule)
Limited budgets are a reality we all must live with. Security tools are getting pricier, and management is demanding stronger justifications for every dollar spent. Often, we in cyber struggle to explain the return on investment for all this security technology. Risk management frameworks and heat maps are not the saving grace they are made out to be. We as cyber professionals need to be fluent in financial discussions to guide the business toward informed decisions. I’ll walk you through some proven methods to bridge the communication gap between security and the business.
Bobby Turnage is a business-minded attorney with more than 25 years of experience advising organizations dealing with technology and data-related matters, including cybersecurity, data security, data privacy, technology contracts, and conducting business on the web. Bobby advises clients of all sizes, both public and private, from start-up to well-established, and across multiple industries. Whether guiding clients through a data breach or ransomware attack with potential impacts in the U.S. and internationally, advising clients concerning data privacy and security obligations, or negotiating technology-related contracts that drive growth, Bobby brings a practical, “here’s how we can get it done” approach to delivering legal services. Bobby is the Cybersecurity and Technology Team Leader and is a Certified Information Privacy Professional/US (CIPP/US) by the International Association of Privacy Professionals. He previously served as SVP and General Counsel for Network Solutions and as AGC for Verisign.
Data Breach Management and Legal Issues for Information Technology Professionals (<– add to your schedule)
Please join us for a practical discussion (without the legalese!) about data breach management and minimizing the risk to your organization. In this discussion, we’ll talk through what it’s like to be in a breach situation, and we’ll cover some practical and legal considerations and suggestions that will help your organization achieve a better outcome.
Learning Objectives:
1. Gain a better understanding of what it’s like to be in a data breach situation.
2. Increase awareness of risks to your organization.
3. Increase awareness of the various people and workstreams involved in working through a data breach.
4. Increase knowledge of proactive measures to improve the outcome and minimize risk to the organization.
Alain Petit is a seasoned Enterprise Security Architect at Capital One, bringing over 22 years of experience to his roles in restricted perimeter, governance, risk, compliance, and data protection. His career reflects a deep expertise in designing and implementing robust security architectures, leveraging frameworks like NIST, CSF, and MITRE. His tenure at Capital One has been marked by significant achievements, including earning top 1% recognition for delivering a project under budget and on time.
Prior to Capital One, Alain contributed to NASA’s EOS project at Hughes Aircraft and provided mission-critical support for the UARS satellite at Allied Signal, earning a Certificate of Appreciation from NASA. His early career also includes a 5-year stint as a Senior Object-Oriented Consultant. Born in Iowa, raised in France, and with a background in Physics, Alain thrives in complex environments. He holds a CISSP certification and a Leadership Certificate from the University of Virginia Darden School of Business. He enjoys strategy board games, history, and is currently reading “Hawkins Magic Beers: Bronze rank Brewer.”
Key Management and Basic Key Usage for Encryption 101 (<– add to your schedule)
raise your awareness of cybersecurity encryption with a simple analogy: house keys. This presentation breaks down key management and encryption basics, from creation to destruction, using relatable examples.
RVAsec is pleased to present Fortinet as an RVAsec ’25 Gold sponsor!
Fortinet delivers cybersecurity everywhere you need it. We secure the entire digital attack surface from devices, data, and apps and from data center to home office.
Fortinet
X (Twitter): @fortinet
Kyle King has designed, implemented, managed, and secured information systems and networks for various industries throughout his 28+ year career, including construction, financial, and healthcare. A native of Hickory, NC, he has been employed by Check Point Software Technologies for the last 8 years where he manages a team of engineers to help assess and architect security solutions to protect organizations from the ever expanding threat landscape.
AI: Who’s watching whom? (<– add to your schedule)
Artificial Intelligence (AI) has intersected with cybercrime and cybersecurity that forces organizations to leverage the technology in order to benefit the industry while at the same time understanding how to protect against AI based threats. How will your organization use AI safely and securely?
Kevin Massey is an IT Engineering Manager and Independent Security Researcher. I am focused primarily on vulnerabilities, binary exploitation, and network protocols.
Linux Kernel Exploitation for Beginners (<– add to your schedule)
My talk is focused on teaching people how to get into Linux kernel exploitation using Kernel based CTFs as an entry point.
