RVAsec 7 After Party at The Circuit — Register Now!

May 11, 2018
AnnouncementConference

The RVAsec 7 after party sponsored by Risk Based Security and GuidePoint Security, will be at The Circuit on Thursday, June 7th, after the conference!

Thu, June 7, 2018
5:30 PM – 7:30 PM

The Circuit is located at:

3121 W. Leigh St
Richmond, Virginia 23230

The Circuit is an arcade bar in the Scott’s Addition Beverage District of Richmond, VA. We have a growing family of 70 arcade games, pinball machines, and skeeball lanes, as well as a forever rotating 50-tap beer wall boasting both local and national favorites.

This is an exclusive event with limited availability, so you must be registered to attend and bring your RVAsec badge or you will not be allowed entrance–no exceptions!

Even if you have a ticket for RVAsec and said that you wanted to attend during the signup process, you MUST now registered for the party!

Register Now!

https://www.eventbrite.com/e/rvasec-7-after-party-tickets-45987727531

Speaker Feature: Derek Banks and Beau Bullock

May 11, 2018
AnnouncementConference

www.blackhillsinfosec.com

@0xderuke

Related image

@dafthack

Derek Banks: Derek is a Senior Security Analyst at Black Hills Information Security and has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the aerospace, defense, banking, manufacturing, and software development industries. Derek has experience with creating custom host and network based monitoring solutions.

 

Image result for Beau bullock blackhills

Beau Bullock: Beau is a Senior Security Analyst at Black Hills Information Security where he performs penetration tests and red team assessments. He is the author of various red team/pentest tools such as MailSniper, PowerMeta, HostRecon, and DomainPasswordSpray. Beau is a host of the web shows Tradecraft Security Weekly & Hack Naked TV, and is a frequent speaker at industry events including Black Hat, DerbyCon, Wild West Hackin’ Fest, SANS, and various BSides events.

 

Red Team Apocalypse

TABLETOP SCENARIO: Your organization regularly patches, uses application whitelisting, has NextGen-NG™ firewalls/IDS’s, and has the latest Cyber-APT-Trapping-Blinky-Box™. You were just made aware that your entire customer database was found being sold on the dark web. Go.

Come see Derek and Beau at RVAsec! Register Now.

Speaker Feature: Bob Siegel

May 10, 2018
AnnouncementConference

www.privacyref.com

@PrivacyRef

Image result for bob siegel privacyrefBob Siegel is the president and founder of Privacy Ref. Starting Privacy Ref in 2012, Bob took his experience as the Senior Manager of Worldwide Privacy and Compliance at Staples, Inc. and applied that to assisting companies implement and maintain strong privacy programs. Bob has worked with many different organizations, dealing with programs of all sizes and regulatory needs. Seeking to always improve his own understanding of all things privacy, Bob has earned certifications from the International Association of Privacy Professionals. These include certifications in US private sector, European, and Canadian privacy laws. Bob has also earned certifications in Information Technology privacy and privacy program management. Bob Siegel has also been recognized as a Fellow of Information Privacy by the IAPP for his outstanding dedication to the privacy community. He has also served on the IAPP’s Certification Advisory Board for the CIPM program and the IAPP’s Publication Advisory Board. Bob Siegel currently maintains his blog at Privacy Ref, but is also a writer at CISO.com. You can find his blog, Operational Privacy on CISO.com

GDPR and you

The General Data Protection Regulation is the new law of the land for protecting personal information from the EU. The law has placed many US-based businesses in scope requiring compliance. In this talk we will review some of the challenges for compliance that you may encounter.

Come see Bob at RVAsec! Register Now.

Speaker Feature: Crane Hassold

May 9, 2018
AnnouncementConference

@CraneHassold / PhishLabs

Crane Hassold is the Threat IImage result for crane hassold phishlabsntelligence Manager at PhishLabs based out of Charleston, SC, where he has overseen Threat Research team since 2015. Prior to joining PhishLabs, Crane served as an Analyst at the FBI for more than 11 years, providing strategic and tactical analytical support to cyber, financial crime, and violent crime cases.  For most of his career with the FBI, Crane worked in the Behavioral Analysis Units in Quantico, Virginia, where he provided analytical and behavioral support to intelligence community and law enforcement partners against national security adversaries and serial criminals.  In 2012, Crane helped create the FBI’s Cyber Behavioral Analysis Center, which takes an asymmetric approach to examining cyber threats by combining the traditional behavioral concepts used for decades in the violent crime world with technical expertise to gain a holistic understanding of adversary TTPs.

Doxing Phishers: Analyzing Phishing Attacks from Lure to Attribution

This presentation will cover the various pieces of intelligence that can be collected from each stage of a phishing attack (lure, phishing site, phish kit) and discuss how each piece allows us to progress an investigation. We will look at various analytical techniques that can be performed to track phishing campaigns and enhance detection. The second half of the presentation will cover an in-depth, real-world case study of the practical application of these techniques, starting with a single phishing lure and ending with the identification of a primary phishing threat actor.

Come see Crane at RVAsec! Register Now.

Speaker Feature: Leigh-Anne Galloway and Timur Yunusov

May 8, 2018
AnnouncementConference

www.ptsecurity.com

@L_AGallowayImage result for leigh anne galloway positive technologies

@a66at

Leigh-Anne Galloway is the Cyber Security Resilience Lead at Positive Technologies where she advises organizations on how best to secure their applications and infrastructure against modern threats. She is an expert in the Application Security Unit, specializing in ATM and POS Security and is the author of security research in account recovery processes on social media websites. She has spoken at many conferences including DevSecCon, BSides, InfoSec Europe, Hacktivity, 8dot8, Blackhat EU and Troopers.

 

 

Timur Yunusov – Senior Expert of Banking systems security and author of multiple researches in field of application security including “Apple Pay replay attacks” showed at the BlackHat USA 2017, “Bruteforce of PHPSESSID”, rated in Top Ten Web Hacking Techniques by WhiteHat Security and “XML Out-Of-Band” showed at the BlackHat EU. Professional application security researcher.
Timur has previously spoken at CanSecWest, BlackHat USA, BlackHat EU, HackInTheBox, Nullcon, NoSuchCon, Hack In Paris, ZeroNights and Positive Hack Days.

Demystifying Payments: Payment Technologies and Security Risks

Have you ever wanted to learn how payment technologies work? What happens when you pay for something on a website or using a cell phone? Payment technologies are a transparent part of our lives. They enable us pay for everything from a coffee to a car. In this talk we take a look at payment technologies past, present and future, and look at the security risks associated with them. Learn how payments have evolved and what transactions look like today.

Come see Leigh-Anne and Timur at RVAsec! Register Now.

Speaker Feature: Elissa Shevinsky

May 7, 2018
AnnouncementConference

@ElissaBeth

iyiDU4eK_400x400.jpg (276×276)

Elissa Shevinsky is a serial entrepreneur. She helped launch Geekcorps (acquired), Everyday Health (IPO) and Brave ($35M ICO.) Shevinsky is currently consulting for crypto startups, and doing research on container security

 

Container Security: Vulnerabilities, Exploits and Defense

Whether it’s an unsecured Kubernetes configuration or the Meltdown/Spectre exploits, there is always a way into your company’s seemingly secure container infrastructure. We’ll take a tour of the most surprising container exploits – and how to use tools like SSL and VPNs to create a strong defense for your own environment.

Come see Elissa at RVAsec! Register Now.

Josh Corman (@joshcorman) To Keynote RVAsec 2018!

May 2, 2018
AnnouncementConferenceKeynote

 

Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh’s unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon’s Heinz College and on the Congressional Task Force for Healthcare Industry Cybersecurity.

RVAsec 2018 Speakers and Schedule Announced

May 1, 2018
AnnouncementConference

We had many great submissions to the CFP this year! It was extremely hard but the CFP team has managed to select a great lineup for RVAsec 2018.

Thank you to everyone who submitted a proposal to the CFP –the review team had to make some tough decisions and we appreciate all the time and hard work that went into submitting.

Without further delay, here are the speakers for the RVAsec 2018!

For the full details and times for specific talks, please see the schedule page.

Ticket are selling quickly so if you haven’t now is the time to register if you haven’t yet!

Katie Moussouris (@k8em0) To Keynote RVAsec 2018!

April 30, 2018
AnnouncementConferenceKeynote

We are pleased to announce that Katie Moussouris, CEO of, Luta Security will be keynoting RVAsec 2018!

Luta Security is a company offering unparalleled expertise to create robust vulnerability coordination programs. Luta Security specializes in governments and multi-party supply chain vulnerability coordination.

Ms. Moussouris recently testified as an expert on bug bounties & the labor market for security research for the US Senate, and has also been called upon for European Parliament hearings on dual-use technology. She was later invited by the US State Department to help renegotiate the Wassenaar Arrangement, which she successfully helped change the export control language to include technical exemptions for vulnerability disclosure and incident response.

She is a coauthor of an economic research paper on the labor market for bugs, published as a book chapter by MIT Press in 2017, and presented on the first system dynamics model of the vulnerability economy & exploit market in 2015, as part of her academic work as a visiting scholar at MIT Sloan School.

She has over 20 years of pioneering leadership in information security, as a former penetration tester at @stake , to creating Microsoft Vulnerability Research, the first MS Bug bounties, and advising the US Department of Defense for years resulting in the launch of the Hack-the-Pentagon program. She is also an author and co-editor of standards ISO 29147 Vulnerability disclosure and ISO 30111 Vulnerability handling processes.