RVAsec 14 Speaker Feature: David Young

David Young has worked in the I.T. industry for over 27 year with specializing in Cybersecurity for the last 16 years. David has worked in several different areas from healthcare, government, financial, utility and consulting. David really enjoys helping organizations find and resolve their security issues.

David is a former U.S. Army veteran, who served in Desert Shield and Storm.

X (Twitter): @deyo2794


It’s Not All Ninjas and Anonymous Masks (<– add to your schedule)

In this talk, I’ll give you an insider’s look at what the day-to-day reality of working in cybersecurity really entails. We’ll dive into the typical tasks you’ll face, from scoping and executing the test to long-term security strategy. I’ll also share how to bridge the gap between technical jargon and business language, making complex concepts understandable for non-technical stakeholders. Of course, we can’t forget about reporting—a crucial yet often challenging part of the job. I’ll discuss the complexities of crafting reports that not only communicate risks but also drive action. Along the way, we’ll touch on the unique challenges posed by timelines and the tools we rely on. What makes this talk unique is my perspective from both sides of the fence: working on an internal team and as a consultant. This experience allows me to highlight the key differences and offer insights into how each role shapes your approach to cybersecurity.

Come see David Young at RVAsec 13!


RVAsec 14 Speaker Feature: Andrew Case

Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the most widely used open-source memory forensics framework, and a co-author of the highly popular and technical forensics analysis book “”The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory.”” Case has spoken at many industry conferences, including Black Hat, DEF CON, RSA, SecTor, BSides*, and OMFW. X (Twitter): @attrc


Using Volatility 3 to Combat Modern Malware (<– add to your schedule)

Volatility 3 is the latest version of the Volatility Memory Analysis framework, which has been the most widely used open-source framework for memory forensics since its creation in 2007. This new version of the framework is a complete rewrite starting from the first line of code. In this presentation, attendees will learn about Volatility 3’s new features while also seeing how many brand-new plugins can be used to detect a wide range of sophisticated, modern malware. This will include detection of the techniques currently deployed by ransomware and APT groups to evade EDR detection, inject code in a stealthy manner, and perform lateral movement. Examples of the covered techniques will include process hollowing, module unhooking, and privilege escalation. Attendees will leave understanding how to detect modern malware and attacker toolkits along with how to integrate Volatility 3 and its new features into detection workflows suitable for production use.

Come see Andrew Case at RVAsec 13!


RVAsec 14 Speaker Feature: Mike Bailey

Mike Bailey has almost 2 decades of varied experience working in private industry, academic institutions, US government and every aspect of the financial industry. Mike’s focus is all things security. He brings a robust subject matter expertise within the areas of adversarial threat simulation, offensive and defensive security, and advanced technical security assessments. He is an active thought-leader within the security community and has been a featured speaker at several security conferences on the subjects of threat research and network security.

Mike is passionate about learning and the pursuit of knowledge. He holds numerous industry certifications and when he is not working on computer security, Mike enjoys spending time outdoors with his family, hiking, fishing and camping. He is an avid gardener who can be found in the greenhouse when he’s not working.

X (Twitter): @mpbailey1911


Attacking & Defending ServiceNow: A Hands-on Lab for Red & Blue Teams (<– add to your schedule)

ServiceNow is a critical enterprise platform, often integrated with sensitive systems and privileged access. This talk explores how attackers can exploit misconfigurations and privilege escalation paths within ServiceNow to gain a foothold in an environment. We’ll walk through real-world attack techniques, from initial access to lateral movement, and demonstrate how defenders can detect and mitigate these threats.

In addition to offensive tradecraft, we’ll cover how to set up a dedicated lab to safely test these attack vectors, fine-tune detections, and improve defensive strategies. Whether you’re a red teamer looking to sharpen your tactics or a blue teamer aiming to strengthen your defenses, this talk will provide actionable insights and practical steps for securing ServiceNow.

Come see Mike Bailey at RVAsec 13!


Netwrix – RVAsec 14 Silver Sponsor

RVAsec is pleased to present Netwrix as an RVAsec ’25 Silver sponsor!

Easily identify sensitive, regulated and mission-critical information in your data stores and focus on the information that truly requires protection.

Netwrix
X (Twitter): @netwrix

RVAsec 14 tickets are available now!


RVAsec 14 Speaker Feature: Travis Altman

Travis Altman has been a leader in the cybersecurity field for decades. He’s worked in various cybersecurity roles such as info sec engineer, application security, incident response, red teaming, and many more. Travis now focuses his energy on leading organizations to implement cybersecurity strategies that will effectively reduce risk and enable business.


Running a proper Purple Team (<– add to your schedule)

Some folks within cybersecurity have probably heard the concept of purple teaming but what is it like to actually execute or leverage this type of service? What value does it provide? Where should it exist within the organization? What other challenges might you face when performing purple teaming?

This talk will dive into details on how to go from the concept or infancy of purple teaming to executing at a higher level of maturity and everything in between. I’ll walk thru specific examples of purple team exercises then debrief outcomes and values of those engagements. I’ll also walk thru variations of purple teaming (e.g., simulation vs emulation) and describe when a certain variation might be appropriate and when. Last but not least I’ll explain how to perform purple teaming in various environments (e.g., endpoint, cloud, network) and considerations for operating in those conditions.

Come see Travis Altman at RVAsec 13!


ISACA VA Chapter – RVAsec 14 Silver Sponsor

RVAsec is pleased to present ISACA VA Chapter as an RVAsec ’25 Silver sponsor!

SACA® VA Chapter is a non-profit organization dedicated to the continued development and enhancement of the information systems audit and control profession by providing benefits to its members and to the professional community-at-large. Additionally, “to help VA Chapter members realize the positive potential of technology throughout the Commonwealth of Virginia.””

ISACA VA Chapter
X (Twitter): @ISACANews

RVAsec 14 tickets are available now!


RVAsec 14 Speaker Feature: Morgan Stuart

Morgan Stuart is an independent consultant who helps teams identify and implement data science solutions. However, unsatisfied with the ivy walls of the tech oligarchy, he also researches and experiments with today’s latest AI trends for issues related to offline use, trust, and data privacy. A long time tinkerer and hacker, Morgan’s prior education includes working on the RVAsec badge for several years (I can’t be bothered to count). He also earned a PhD in computer science from VCU and has worked in both the enterprise and mission-driven non-profits.


Large Language Models for Hackers (<– add to your schedule)

Wield your own AI agents, for fun and profit, with open-weight Large Language Models. In this talk, the audience will learn the foundational data science that empowers LLMs to help…and hallucinate, before diving into a tutorial on “agentic” LLM techniques. Along the way, key concepts and methods are related to NIST’s AI Risk Management Framework (NIST AI 600-1) and their adversarial machine learning taxonomy (NIST AI 100-2e2023). Cut through the hype – see the limitations and attack surfaces for yourself, and explore ways you could incorporate these tools into your own practice.

Come see Morgan Stuart at RVAsec 13!


Red Canary – RVAsec 14 Silver Sponsor

RVAsec is pleased to present Red Canary as an RVAsec ’25 Silver sponsor!

Get actionable threat intelligence across cloud, identity, and endpoint. Anywhere you run your business, we got you.

Red Canary
X (Twitter): @redcanary

RVAsec 14 tickets are available now!


RVAsec 14 Speaker Feature: Vennard Wright

Vennard Wright is the President & CEO of PerVista, an award-winning AI-weapons detection firm headquartered in National Harbor, MD.

Prior to founding PerVista, his professional experience was comprised of multiple executive leadership roles including serving as the Chief Information Officer (CIO) and Vice President of Operations for Iron Bow Technologies, CIO for WSSC Water, CIO for Prince George’s County Government (MD), and Director of Technology for Hillary Clinton during her successful United States Senate re-election campaign and subsequent 2008 Presidential Campaign. In addition, he held the distinction of being the Chief Technology Officer and Technical Organization Delivery Manager for Electronic Data Systems (EDS), which was subsequently acquired by Hewlett Packard (HP).

Because of his leadership in the technology industry, he has received numerous awards, authored dozens of articles, and spoken publicly on many topics, ranging from the importance of experiential learning in educational systems to the changing role that artificial intelligence and automation plays in future career prospects.


Leveraging AI in Surveillance for Public Safety Amid Privacy Concerns (<– add to your schedule)

During this session, we’ll explore the dual-edged role of artificial intelligence (AI) in enhancing public safety through surveillance while navigating the complex landscape of privacy and legislation. As AI transforms law enforcement and emergency responses with its advanced monitoring and threat detection capabilities, it also prompts critical questions about privacy rights and ethical considerations. This talk will dissect the balance between leveraging cutting-edge AI technologies and adhering to evolving privacy laws. We’ll delve into the latest trends, discuss the implications of facial recognition and behavior prediction, and examine how legislation is adapting to these rapid technological advancements. Whether you’re a tech professional, policy maker, or privacy advocate, this session will equip you with the insights needed to responsibly implement AI in surveillance, ensuring public safety enhancements do not compromise individual privacy.

Come see Vennard Wright at RVAsec 13!


🎤 Announcing Our Hacker Trivia Showdown Master of Ceremonies: G Mark Hardy Returns to RVAsec!

We’re thrilled to announce that G Mark Hardy—a legend in the infosec world—is our Host and Master of Ceremonies for the Hacker Trivia Showdown at this year’s RVAsec After Party!

If you’ve ever been to DEF CON, you already know the name. G Mark not only competed in Hacker Jeopardy, but later took the reins as organizer and master of ceremonies, bringing wit, knowledge, and unforgettable stage presence to one of the con’s most iconic events. And now, he’s bringing to life our version at RVAsec.

G Mark is no stranger to our stage—he’s a former RVAsec keynote speaker and a trusted voice in the cybersecurity community. With his help, we’re bringing RVAsec’s own flavor to a time-honored hacker tradition: fast-paced trivia, fierce team competition, and a healthy dose of snark—all with an RVAsec twist.

Whether you’re packed with security knowledge, loaded with random facts, or just want to cheer from the sidelines, not only can you enjoy the show with a drink in hand—you’ll also be able to participate, help the teams, and even win prizes yourself. We’ll be looking for teams of 3 to compete, so start thinking now about who you want on your squad—and who’s got the brains, the reflexes, or just the best hacker-themed team name.

👉 Make sure you register now for the After Party:
https://www.eventbrite.com/e/rvasec-14-after-party-hacker-trivia-showdown-tickets-1338099966019

Don’t miss this. G Mark’s bringing the questions. The mic. The buzzers. The snark. All we need is you and your team ready to throw down.


About G. Mark Hardy

G. Mark Hardy closes the gap between security issues and Return on Investment (ROI) because he is fluent in business and security issues. He was hand-picked to address the top executives of Fortune 1000 firms across the country in small group settings addressing an enterprise-wide accountability approach to security.

Comfortable in front of large audiences of technologists and at home with C-level executives, G. Mark Hardy can reach your audience effectively every time.

G. Mark Hardy has been providing information security expertise to government, military, and commercial clients for over 25 years. A long-standing industry veteran, he is a perennial speaker at major industry trade shows. As president of National Security Corporation, he directs the efforts of the information security consulting firm he founded in 1988.

Mr. Hardy’s professional background includes information security planning and policy development, managing security assessment and penetration teams, data encryption and authentication (including “breaking” commercial cryptographic algorithms), software development and strategic planning for e-commerce, and writing commercial risk assessment software. He has developed information security plans for four U.S. Military commands, and wrote the communications security encryption requirements for an experimental military satellite program.

G. Mark is a founding member and on the Advisory Board of the National CyberWatch Center (www.nationalcyberwatch.org).