RVAsec

Bobby Turnage is a business-minded attorney with more than 25 years of experience advising organizations dealing with technology and data-related matters, including cybersecurity, data security, data privacy, technology contracts, and conducting business on the web. Bobby advises clients of all sizes, both public and private, from start-up to well-established, and across multiple industries. Whether guiding clients through a data breach or ransomware attack with potential impacts in the U.S. and internationally, advising clients concerning data privacy and security obligations, or negotiating technology-related contracts that drive growth, Bobby brings a practical, “here’s how we can get it done” approach to delivering legal services. Bobby is the Cybersecurity and Technology Team Leader and is a Certified Information Privacy Professional/US (CIPP/US) by the International Association of Privacy Professionals. He previously served as SVP and General Counsel for Network Solutions and as AGC for Verisign.

Data Breach Management and Legal Issues for Information Technology Professionals (<– add to your schedule)

Please join us for a practical discussion (without the legalese!) about data breach management and minimizing the risk to your organization. In this discussion, we’ll talk through what it’s like to be in a breach situation, and we’ll cover some practical and legal considerations and suggestions that will help your organization achieve a better outcome.
Learning Objectives:
1. Gain a better understanding of what it’s like to be in a data breach situation.
2. Increase awareness of risks to your organization.
3. Increase awareness of the various people and workstreams involved in working through a data breach.
4. Increase knowledge of proactive measures to improve the outcome and minimize risk to the organization.

Come see Bobby N. Turnage, Jr. at RVAsec 13!

Alain Petit is a seasoned Enterprise Security Architect at Capital One, bringing over 22 years of experience to his roles in restricted perimeter, governance, risk, compliance, and data protection. His career reflects a deep expertise in designing and implementing robust security architectures, leveraging frameworks like NIST, CSF, and MITRE. His tenure at Capital One has been marked by significant achievements, including earning top 1% recognition for delivering a project under budget and on time.

Prior to Capital One, Alain contributed to NASA’s EOS project at Hughes Aircraft and provided mission-critical support for the UARS satellite at Allied Signal, earning a Certificate of Appreciation from NASA. His early career also includes a 5-year stint as a Senior Object-Oriented Consultant. Born in Iowa, raised in France, and with a background in Physics, Alain thrives in complex environments. He holds a CISSP certification and a Leadership Certificate from the University of Virginia Darden School of Business. He enjoys strategy board games, history, and is currently reading “Hawkins Magic Beers: Bronze rank Brewer.”

Key Management and Basic Key Usage for Encryption 101 (<– add to your schedule)

raise your awareness of cybersecurity encryption with a simple analogy: house keys. This presentation breaks down key management and encryption basics, from creation to destruction, using relatable examples.

Come see Alain Petit at RVAsec 13!

Kyle King has designed, implemented, managed, and secured information systems and networks for various industries throughout his 28+ year career, including construction, financial, and healthcare. A native of Hickory, NC, he has been employed by Check Point Software Technologies for the last 8 years where he manages a team of engineers to help assess and architect security solutions to protect organizations from the ever expanding threat landscape.

AI: Who’s watching whom? (<– add to your schedule)

Artificial Intelligence (AI) has intersected with cybercrime and cybersecurity that forces organizations to leverage the technology in order to benefit the industry while at the same time understanding how to protect against AI based threats. How will your organization use AI safely and securely?

Come see Kyle King at RVAsec 13!

Kevin Massey is an IT Engineering Manager and Independent Security Researcher. I am focused primarily on vulnerabilities, binary exploitation, and network protocols.

Linux Kernel Exploitation for Beginners (<– add to your schedule)

My talk is focused on teaching people how to get into Linux kernel exploitation using Kernel based CTFs as an entry point.

Come see Kevin Massey at RVAsec 13!

David Young has worked in the I.T. industry for over 27 year with specializing in Cybersecurity for the last 16 years. David has worked in several different areas from healthcare, government, financial, utility and consulting. David really enjoys helping organizations find and resolve their security issues.

David is a former U.S. Army veteran, who served in Desert Shield and Storm.

X (Twitter): @deyo2794

It’s Not All Ninjas and Anonymous Masks (<– add to your schedule)

In this talk, I’ll give you an insider’s look at what the day-to-day reality of working in cybersecurity really entails. We’ll dive into the typical tasks you’ll face, from scoping and executing the test to long-term security strategy. I’ll also share how to bridge the gap between technical jargon and business language, making complex concepts understandable for non-technical stakeholders. Of course, we can’t forget about reporting—a crucial yet often challenging part of the job. I’ll discuss the complexities of crafting reports that not only communicate risks but also drive action. Along the way, we’ll touch on the unique challenges posed by timelines and the tools we rely on. What makes this talk unique is my perspective from both sides of the fence: working on an internal team and as a consultant. This experience allows me to highlight the key differences and offer insights into how each role shapes your approach to cybersecurity.

Come see David Young at RVAsec 13!

Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the most widely used open-source memory forensics framework, and a co-author of the highly popular and technical forensics analysis book “”The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory.”” Case has spoken at many industry conferences, including Black Hat, DEF CON, RSA, SecTor, BSides*, and OMFW. X (Twitter): @attrc

Using Volatility 3 to Combat Modern Malware (<– add to your schedule)

Volatility 3 is the latest version of the Volatility Memory Analysis framework, which has been the most widely used open-source framework for memory forensics since its creation in 2007. This new version of the framework is a complete rewrite starting from the first line of code. In this presentation, attendees will learn about Volatility 3’s new features while also seeing how many brand-new plugins can be used to detect a wide range of sophisticated, modern malware. This will include detection of the techniques currently deployed by ransomware and APT groups to evade EDR detection, inject code in a stealthy manner, and perform lateral movement. Examples of the covered techniques will include process hollowing, module unhooking, and privilege escalation. Attendees will leave understanding how to detect modern malware and attacker toolkits along with how to integrate Volatility 3 and its new features into detection workflows suitable for production use.

Come see Andrew Case at RVAsec 13!

Travis Altman has been a leader in the cybersecurity field for decades. He’s worked in various cybersecurity roles such as info sec engineer, application security, incident response, red teaming, and many more. Travis now focuses his energy on leading organizations to implement cybersecurity strategies that will effectively reduce risk and enable business.

Running a proper Purple Team (<– add to your schedule)

Some folks within cybersecurity have probably heard the concept of purple teaming but what is it like to actually execute or leverage this type of service? What value does it provide? Where should it exist within the organization? What other challenges might you face when performing purple teaming?

This talk will dive into details on how to go from the concept or infancy of purple teaming to executing at a higher level of maturity and everything in between. I’ll walk thru specific examples of purple team exercises then debrief outcomes and values of those engagements. I’ll also walk thru variations of purple teaming (e.g., simulation vs emulation) and describe when a certain variation might be appropriate and when. Last but not least I’ll explain how to perform purple teaming in various environments (e.g., endpoint, cloud, network) and considerations for operating in those conditions.

Come see Travis Altman at RVAsec 13!