RVAsec 15 Speaker Feature: Heather Antoinetti

May 6, 2026
Speaker

Breaking Your Silence: How to Build Influence Without Becoming a “Suit” (<– add to your schedule)

In security, we’re taught to let our work speak for itself. But in the real world, “silent” expertise usually gets ignored, underfunded, or misunderstood. Whether it’s imposter syndrome whispering that your latest exploit wasn’t “elite” enough or the hesitation to share a tool you built, these internal blockers limit your impact. This session is about moving past the “quiet professional” trap and building a reputation that matches your technical depth without losing your soul to corporate

Heather Antoinetti:
Heather Antoinetti is the CEO and founder of Ah-Ha Marketing, a boutique agency specializing in helping technical experts and thought leaders in the cybersecurity and technology sectors amplify their voices and establish authority. With nearly two decades of global marketing experience, Heather has built a reputation for transforming complex technical concepts into clear, compelling stories that build trust and inspire action.

Heather has worked alongside brilliant technical minds throughout her career, partnering with organizations like Elastic, AWS, IBM, and Accenture to help their experts translate deep expertise into impactful messaging. She is passionate about empowering engineers, security leaders, and innovators to overcome communication challenges, build authentic personal brands, and position themselves as trusted authorities.

One of Heather’s proudest achievements is creating a personal branding course tailored for cybersecurity professionals, enabling them to craft their narratives, share their expertise, and redefine their professional presence. Her approach combines storytelling, authenticity, and practical strategies to help leaders and technical contributors achieve bold career aspirations.

Heather’s own journey mirrors the challenges many technical experts face. She stepped into the cybersecurity industry with no prior experience, battled imposter syndrome, and earned the trust of industry leaders by connecting their technical skills to business growth. This experience has become the foundation of her work: helping others overcome similar hurdles and build confidence in sharing their unique value.

Heather believes that every professional’s story is their most powerful tool and that trust is cybersecurity’s most valuable currency. Her mission is to help others navigate their own quests to build authority, amplify their impact, and achieve lasting success.

Come see Heather Antoinetti at RVAsec 15!

RVAsec 15 Speaker Feature: Ryan O’Donnell

May 6, 2026
Speaker

Catching Collection in M365: Outlook and SharePoint Canary Tokens (<– add to your schedule)

After a stolen token grants access to M365, the next move is predictable: search for value before exfiltration. This talk shows how to detect that collection phase using canary tokens built on native telemetry across Outlook and SharePoint/OneDrive. We cover end-to-end implementation and results from live production deployments, including what produced high-fidelity signal and what created noise.

Ryan O’Donnell:
Ryan O’Donnell is a Senior Security Engineer at Microsoft. Over the last 13+ years, he’s been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has presented at the followinhttg conferences: Wild West Hackin’ Fest, Saintcon, Hack Space Con, Hack Red Con, BSides Las Vegas, BSides NoVa, and BSides Roanoke. Ryan has a Masters in Cybersecurity from GMU and the following certifications: OSCP, OSEP, GCFA, and GREM.

Come see Ryan O’Donnell at RVAsec 15!

RVAsec 15 Speaker Feature: Jeff Man

May 5, 2026
Speaker

The State of Information Security Today (<– add to your schedule)

The speaker has been in the Information (cyber) security since the late 1900s and will take a look back at the challenges we faced in the beginning and how these challenges have changed and evolved over the past several decades. You think we’re doing okay? Let me change your mind.

Jeff Man:
Jeff is a respected Information Security advocate, advisor, hacker, evangelist, mentor, teacher, international keynoter, speaker, former host of Security & Compliance Weekly, co-host on Paul’s Security Weekly, Tribe of Hackers (TOH) contributor, including Red Team, Security Leaders, and Blue Team editions, and a member of the Cabal of the Curmudgeons. Jeff currently serves as a PCI QSA and Trusted Advisor for Online Business Systems, also a Grant Advisory Board Member for the Gula Tech Foundation, Advisory Board Member for the Technology Advancement Center (TAC), and is the Director of Diversity, Equity, and Inclusion for Hak4Kidz NFP. Over 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified National Security Agency Cryptanalyst. Designed and fielded the first software-based cryptosystem ever produced by NSA. Inventor of the “whiz” wheel, a cryptologic cipher wheel used by US Special Forces for over a decade currently on display at the National Cryptologic Museum. Honorary lifetime member of the Special Forces Association. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises. Pioneering member of the first penetration testing “red team” at NSA. For the past twenty-eight years has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation’s best known companies.
https://darknetdiaries.com/episode/83/
https://www.cybereason.com/blog/malicious-life-podcast-how-the-internet-changed-the-nsa

Come see Jeff Man at RVAsec 15!

RVAsec 15 Speaker Feature: Michael Roytman & Max Voldman

May 5, 2026
Speaker

No Breach Required: $52 Million in Cybersecurity Fraud Settlements Built on Paperwork, Not Incidents (<– add to your schedule)

We present original research quantifying the gap between what federal contractors certify about their security posture and what vulnerability telemetry actually shows, combining data science with False Claims Act enforcement analysis to estimate the real FCA exposure across the defence industrial base. We then ask whether the industry’s own risk-scoring tools, built to make triage rational, are inadvertently building the evidentiary record that makes fraud prosecution easier.

Michael Roytman:
Michael Roytman is the CTO of Empirical Security. Previously, he was the Chief Data Scientist of Kenna Security, and a Distinguished Engineer at Cisco. He served on boards for the Society of Information Risk Analysts, Cryptomove, and Social Capital. He was the co-founder and executive chair of Dharma Platform (acquired, BAO Systems), for which he landed on the 2017 Forbes 30 Under 30 list. He currently serves on Forbes Technology Council.

Max Voldman:
Max Voldman is a partner at Whistleblower Partners LLP, in Washington DC. Max’s practice is focused on representing whistleblowers under the federal False Claims Act and numerous state law equivalents, and the whistleblower programs of the Securities and Exchange Commission. Max has represented whistleblowers in various industries, including government contracting, healthcare, and education.

Come see Michael Roytman at RVAsec 15!

RVAsec 15 Speaker Feature: Brian Cardinale

May 5, 2026
Speaker

I Called Your AI Agent and It Told Me Everything: Live Voice AI Red Teaming (<– add to your schedule)

You’ll leave this talk understanding:
– How voice AI agents are architecturally different from text chatbots
– The specific attack vectors unique to voice: transcription manipulation, DTMF injection, audio-layer prompt injection, and social engineering through vocal tone
– A repeatable methodology for testing voice AI systems in your own organization
– Concrete remediation strategies for the most common findings

Brian Cardinale:
Brian Cardinale is the Principal Security Researcher at SecureCoders and creator of the TEAPOT methodology for voice AI red teaming. He holds a CISSP and has spent his career breaking things that aren’t supposed to break. Brian built VoiceGoat, the first open-source vulnerable voice AI agent, and leads RedCaller’s research into adversarial testing of phone-based AI systems. He previously discovered CVE-2015-4670 and has conducted security assessments across financial services, healthcare, and critical infrastructure. When he’s not social engineering robots over the phone, he’s probably social engineering robots over the phone.

Come see Brian Cardinale at RVAsec 15!

RVAsec 15 Speaker Feature: Aqeel Yaseen

May 4, 2026
Speaker

Troubleshooting: Where information meets WTF. (<– add to your schedule)

Four ways technical troubleshooting can help keep your head from exploding in life.

Aqeel Yaseen:
Aqeel Yaseen transitioned into Offensive Security from over a decade of teaching yoga and mentoring mindfulness based retreats professionally, and is currently working with RedHelm. That might seem like a curious combination, but Pentesting and teaching yoga both help people cultivate awareness of blind spots, and find ways to learn and grow from that awareness. Aqeel has been teaching himself the art and skill of hacking by creating home labs, owning machines on HTB and Offsec’s Proving Grounds, and participating in CTFs. He has already earned the Security+, OSCP, OSWA, and CRTO certifications. He also has a website with two years of recorded yoga and meditation classes that are available for free. He is eager to learn and to share!

Come see Aqeel Yaseen at RVAsec 15!

RVAsec 15 Speaker Feature: Victoria Mosby

May 4, 2026
Speaker

Use It Monday: A 5-Step Method for Turning Security Findings Into Stories Executives Act On (<– add to your schedule)

Security teams produce thorough, accurate reports that executives nod at and never act on. This talk teaches a practical 5-step method for translating findings into narratives that produce decisions — one you’ll practice live and use Monday morning.

Victoria Mosby:
Victoria Mosby is a cybersecurity strategist, advisor, and storyteller with 16 years of experience spanning federal consulting, governance and risk, and cybersecurity SaaS. She is the founder of Basilisk Security Consulting, a boutique advisory practice focused on security communication and executive alignment, and the creator of the Cyber Lorekeeper, a platform dedicated to making security concepts not just understandable but memorable.

Her work sits at the intersection of technical depth and business translation. As a Senior Sales Engineer at PlexTrac, Victoria partners with security teams to design workflows, align tooling to operational needs, and help practitioners communicate findings in ways that actually move decision-makers. She has briefed executives across healthcare, financial services, government, and critical infrastructure, and has spent years studying why some security reports generate action while most generate acknowledgment and nothing else.

That question became the Saga Framework, a comprehensive storytelling methodology for cybersecurity communication grounded in cognitive science research and built around seven narrative archetypes. The framework gives practitioners a repeatable system for translating technical findings into executive narratives that are visceral, specific, and designed to produce decisions. It includes a calibration system for matching narrative intensity to audience type, a practitioner toolkit, and a full written methodology. “Use It Monday” distills the framework’s most actionable core into a 5-step method practitioners can learn in a conference talk and apply the same week.

Victoria holds a Master’s in Cyber Forensics and has spent her career building bridges between the security team, the boardroom, and the broader community. Outside of work, she writes dark fantasy fiction, runs D&D campaigns, and crochets, usually while thinking about how narrative structure works in both storytelling and security briefings.

Come see Victoria Mosby at RVAsec 15!

RVAsec 15 Speaker Feature: Vas Khomyk

May 4, 2026
Speaker

The Interview Engine: A Career Readiness Framework (<– add to your schedule)

Cybersecurity is about mitigating risk at acceptable cost, and hiring works the same way. This talk pulls back the curtain on how recruiting actually works, then gives security professionals an engineering-minded framework for staying career-ready without waiting for the layoff to start thinking about it.

Vas Khomyk:
Vas Khomyk is a technical recruiter with Hampton North, a cybersecurity-focused recruiting firm. He runs retained and contingent searches across cybersecurity, defense, and enterprise IT, helping companies fill challenging roles from senior security engineering to VP-level leadership. He is an active member of the Greater Richmond cybersecurity community, where he has presented workshops on career readiness and interview preparation for local meetup groups. He brings an engineering mindset to recruiting and a recruiter’s insider view to career advice.

Come see Vas Khomyk at RVAsec 15!

RVAsec 15 Speaker Feature: Kyle Flaherty

May 1, 2026
Speaker

Empathy, Not Telepathy: How Embedded Engineering Teams Scale Cyber Response (<– add to your schedule)

The real issue of AI isn’t just the speed of the adversary, but the unprecedented noise they’ve created which makes finding the signal through traditional means nearly impossible. This talk explores how embedding engineers into the cyber lifecycle helps drown out the noise and empowers analysts to focus on high-leverage response at scale.

Kyle Flaherty:
Kyle is based out of Richmond and leads the Cyber Intelligence Engineering function at Capital One, where his teams work directly with Cyber Intelligence Analysts to empower them to respond at scale.

Kyle has spent 7 years at Capital One and has prior security work with the U.S. Navy and NSA. His interest in Cyber is rooted in service: a love for technology combined with a desire to serve, inspired by growing up in a military family. Kyle holds a degree in Computer Science from Wake Forest University.

Come see Kyle Flaherty at RVAsec 15!

RVAsec 15 Speaker Feature: Ryan Bird

May 1, 2026
Speaker

AI SOC and Securing your Environment (<– add to your schedule)

This discussion is designed to help teams figure out where AI fits in their environment from an analysis perspective, it is vendor agnostic and includes agentic deployments, as well as AI SOC services, novel attack vectors from independent research, and the overarching philosophy of how the threat landscape has just massively changed and how to adapt to it.

Ryan Bird:
Ryan Bird moved to the MVA area in 2017 with his wife. He helped train the United States Army in their ASOT level one program as well as MCTOG in 29 Palms through 2019 with Obsidian Solutions Group before working at Annapolis Defense in a Maritime Security role. After Covid hit he went on to start school at University of Maryland Global Campus and began work in his first cyber security role at RSM Defense when it was being stood up with Unit 26, He then went on to support the Department of States’ Personal Security Device program, and on to FEMA at Mount Weather supporting their internal SOC with One Zero Solutions. He has since been hired at GuidePoint as a Security and Delivery Engineer supporting Elastic and CrowdStrike.

In 2019 he was also part of the Storm the Hill event at IAVA – assisting the IAVA team by talking to congressman and women about veteran suicide in order to get the Commander Scott Hannon bill passed, which changed the VA healthcare system to auto enroll service members upon discharge. He additionally did Disaster relief work during Hurricane Florence, and supported his Uncle running for Commonwealth’s Attorney in 2025 in the City of Fredericksburg.

He has brought common security knowledge from the physical security philosophy to the cyber side of things and holds a unique mindset and experience working his way from an Analyst position to a key member at GuidePoint’s Mid Atlantic SECOPS team.

Come see Ryan Bird at RVAsec 15!