Search Results for "2013"

Keynote Feature: Jennifer Steffens

April 28, 2015
AnnouncementConference

Jennifer Steffens

@SecureSun

http://www.ioactive.com/

 

IOActive

IOActiveCEO_JenniferSteffens_2013_02.jpg (1074×1267)

As its CEO, Jennifer Steffens spearheads all aspects of IOActive’s global CEO business operations and drives the company’s strategic vision. Jennifer brings a wealth of industry and business experience to the company, having been an early member of several successful startups.

Earlier in her career, Jennifer was a Director at Sourcefire, where she helped build and grow its run rate from $250K to over $35M in just four years. She helped commercialize the Snort open source intrusion detection and prevention technology and built several service offerings around research initiatives. Prior to joining IOActive, Jennifer came to Seattle to help startup GraniteEdge reinvent itself. While there, she led initiatives to restructure the company and developed a product strategy that ultimately secured two additional rounds of funding. With over ten years of industry experience, Jennifer has held senior management positions at Ubizen, NFR Security, and StillSecure.

Jennifer is a well-respected media source, appearing in InfoSecurity Magazine, SC Magazine, Good Morning America, BBC, Reuters, The Guardian, and CBS News. She has been invited to give keynote presentations at a variety of conferences such as HackInTheBox. Jennifer is a member of EWF, ISSA, and OWASP.

RVAsec Keynote

Register now

 

Speaker Feature: Barry Kouns

April 20, 2015
AnnouncementConference

Barry Kouns

www.riskbasedsecurity.com

@riskbased

 

kouns_barry.jpg (134×167)Barry Kouns is principal consultant for ISO/IEC 27001:2013 pre-certification services at Risk Based Security, Inc., an information security, threat intelligence, and risk management consultancy. Barry’s experience includes information security consulting, risk assessment and quality management. Barry has provided training, procedure development and pre-certification consulting services resulting in the successful ISO/IEC 27001 certification of more than two dozen organizations. Barry has full knowledge of GLBA, FFIEC, HIPAA, Sarbanes-Oxley, and 201 CMR 17 and is well versed with PCI DSS, ISO 9001, COBIT, FISMA, NIST 800-53, BS 25999, ISO 31000 and ISO 20000. He has earned a B.S. in Statistics from Virginia Tech and a M.S. in Industrial Engineering Management from North Dakota State University. He has earned the CISSP designation, is a trained ISO /IEC 27001:2013 Auditor & ISMS Implementer, and is ITIL Foundation Certified. Barry was a Captain in the United States Air Force and served as a B-52H Navigator/Bombardier.

Incident Response Management – Not a Fire Drill

In spite of the billions of dollars spent annually to prevent a data breach, breaches are being reported at a rate of more than eight per day. Most security experts say it’s not a matter of if your organization’s data will be breached, but when. If your organization does not have a well designed, formally documented, and regularly tested Incident Response process in place, how well will you respond to the data breach that is most likely in your future?
Not all Incident Response programs are created equal. Speed of action, without first understanding the nature and severity of an event can often lead to elevating the costs to the organization. Join this session to learn how to build an effective Incident Response Management process to identify and properly respond to the various levels of information security events.

Jennifer Steffens (@SecureSun) To Keynote RV4sec!

April 13, 2015
AnnouncementConference

We are pleased to announce that Jennifer Steffens will be keynoting RV4sec 2015!

As its CEO, Jennifer Steffens spearheads all aspects of IOActive’s global IOActiveCEO_JenniferSteffens_2013_02business operations and drives the company’s strategic vision. Jennifer brings a wealth of industry and business experience to the company, having been an early member of several successful startups.

Earlier in her career, Jennifer was a Director at Sourcefire, where she helped build and grow its run rate from $250K to over $35M in just four years. She helped commercialize the Snort open source intrusion detection and prevention technology and built several service offerings around research initiatives. Prior to joining IOActive, Jennifer came to Seattle to help startup GraniteEdge reinvent itself. While there, she led initiatives to restructure the company and developed a product strategy that ultimately secured two additional rounds of funding. With over ten years of industry experience, Jennifer has held senior management positions at Ubizen, NFR Security, and StillSecure.

Jennifer is a well-respected media source, appearing in InfoSecurity Magazine, SC Magazine, Good Morning America, BBC, Reuters, The Guardian, and CBS News. She has been invited to give keynote presentations at a variety of conferences such as HackInTheBox. Jennifer is a member of EWF, ISSA, and OWASP.

You can follow Jennifer on Twitter at @SecureSun.

Training: Hands-On Lock Picking

Instructor: Schuyler Towne

Get comfortable with basic lockpicks, open some security pinned locks (and possibly high security), and have an understanding of Pin Tumbler, Wafer and Disc Detainer locks.  Learn the baseline knowledge to plan your own facility security, and get a number of excellent references to help continue your study.

The focus will be on Pin Tumbler locks, as they are what a North American audience will encounter most often. You will begin picking these locks early and get plenty of practice with access to the instructor’s lock library, including various specially prepared mid- and high-security locks. From there you will branch out to other locking concepts, and gain an understanding of a wide range of lock types, from safes to magnetics, with particular attention to Wafer and Disc Detainer locks as they are also quite common in the US. The basics of facility security, including what to look for in modern digital locks, will also be covered.

About The Instructor

Schuyler Towne is obsessed with locks. While he got his start picking locks competitively, his interest has since exploded into every aspect of their history, design and manipulation. He’s taught hackers, authors, cops and even toy designers. There is nothing Schuyler loves more than to talk locks with anyone who will listen. His interests in the history of physical security and design of locks provides a passionate background to his lectures and workshops on lockpicking. Currently he is writing an Almanac of Locksport for O’Reilly and studying media portrayals of lockpicking.

Title: Hands-On Lock Picking

Instructor: Schuyler Towne
Date: 6/3/2015, 9AM-5PM
Cost: $250.00
Class Size: 20 seats are available total

Register for this Class

 

Praise for Schuyler Towne’s Class

“I attended Schuyler Towne’s lock picking class at RVAsec a few years ago, and it was bloody amazing. Literally…. it drew blood. This was hands-down and in cuffs one of the best classes I’ve ever attended. Schuyler is very passionate about what he does and incredibly skilled at not only picking locks (though he still has to successfully pick the Ruko locks I gave him), but also passing on his knowledge in an exciting and entertaining manner. Whether you’ve never picked a lock in your life (just like I hadn’t) or quite skilled at it, you will definitely learn something from this class. Challenges are tailored to each attendee’s skillset, and there are both simple locks, advanced locks, digital locks, handcuffs, and combination locks to play with. I definitely recommend this class.”

– Carsten E

“I think the classes [lock picking] are fascinating and valuable whether you’re a hobbyist, or if physical security testing is in (or you want it to be) your job description. Schuyler’s passion for research, and his presentation style really make the whole experience a joy.”

– Nick P

Sponsor Welcome!

February 10, 2015
AnnouncementConference

We would like to welcome Sunera and Fishnet Security – the latest sponsors to partner with RV4sec. We look forward to working with you to ensure the success of this year’s conference!

sunera3

 

fishnet security

fishnet security

Vendor spaces are filling fast! Contact sponsors@rvasec.com if you would like more information.

After Party Sponsored By Rapid7, LogRhythm and FishNet Security!

May 21, 2014
AnnouncementConference

We are pleased to announce that Rapid7, LogRhythm and FishNet Security have all come together to sponsor the RVAsec after party!

The after party will be held at Postbellum on Thursday, June 5th at 6:30pm!

The event takes place shortly after day one of the conference ends–and it is a quick walk over so you can head right from VCU for some cocktails and food!

If you plan to attend, please register to ensure we have enough staff & space reserved!

https://www.surveymonkey.com/s/7QF3PT9

Event Details:

Thursday June 5th 6:30pm-8:30PM (maybe longer!)
1323 West Main Street Richmond, VA 23220
(804) 353-7678

Google Maps Link

Thanks again to our sponsors for making sure RVAsec attendees will be well taken care of this year!

 rapid7_logo_orange-840px

LogRhythm_LogoLockup_SecurityIntelligencePlatform_2Color_PMS

fishnet security

Speaker feature: David Sharpe and Katherine Trame

April 30, 2014
AnnouncementConference

David Sharpe and Katherine Trame

GE – GE-CIRT

David Sharpe and Katherine Trame are currently incident responders in GE-CIRT’s Advanced Threats team. The GE-CIRT Advanced Threats team provides world class incident response services for APT-related matters for the entire GE organization. David has a wide range of IT experience spanning 19 years. He has served in a variety of roles in Fortune 10 and Fortune 500 companies, ranging from systems programmer writing device drivers and operating system components, to large scale systems administration, to IT security. David joined GE-CIRT in 2011. Katherine served as an intelligence analyst with the Hampton, VA Police Division for five years during which she gained experience in tactical/operational intelligence and computer forensics. Katherine joined GE-CIRT in 2013.

Real World Intrusion Response – Lessons from the Trenches

Two battle-scarred, sleep-deprived GE-CIRT incident responders share lessons learned from the trenches, from their daily duties repelling real world, high-end network intrusions globally. This talk will include fresh thinking and innovative ideas in: intrusion response, intrusion detection, effective use of intel, and defensive operations. We will cover roughly a dozen (time permitting) cutting edge ideas and techniques that you can take back to your own organizations and put into practice right away.

Speaker feature: Kizz MyAnthia

April 24, 2014
AnnouncementConference

Kizz MyAnthia

@KizzMyAnthia / www.KizzMyAnthia.com
HP ShadowLabs

Infosec specialist whose qualifications include an indepth understanding of security principals and practices; C|EH, MCSE+Security designations; and detailed knowledge of security tools, technologies and development. Seven years of security experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations, with over 10 years overall in the industry.

Into The Worm Hole: Metasploit For Web PenTesting

Ever wondered how to use MSF to make web exploitation EPIC?!
If you said, H3LL YEAH!! Than this talk is for you.
Into the Worm Hole is an adventure into web exploitation and how to use Metasploit Framework to get farther and pwn all the things.

David Kennedy to Keynote RVAsec!

March 10, 2014
AnnouncementConference

We are pleased to announce that David Kennedy will be keynoting RVAs3c 2014!

dave-kennedyDavid is the Founder and Principal Security Consultant for TrustedSec, who provides information security consulting services for a large portion of the Fortune 1000 space as well as medium-sized companies. Prior to TrustedSec, David was a Chief Security Officer (CSO) for Diebold Incorporated, a Fortune 1000 company located in over 80 countries with over 16,000 employees. David developed a global security program that tackled all aspects of information security. David is considered a thought leader in the security field and has presented at over three hundred conferences worldwide.

David has had numerous guest appearances on Fox News, CNN, CNBC, Huffington Post, Bloomberg, BBC, The Katie Show, and other high-profile media outlets. David is the founder of DerbyCon, a large-scale information security conference. David has testified in front of Congress on multiple occasions on the threats we face in security and in the government space.

David also co-authored Metasploit: The Penetration Testers Guide, which was number one on Amazon in security for over a year. David was also one of the founding members of the “Penetration Testing Execution Standard” (PTES). PTES is the industry leading standard and guideline around how penetration tests should be performed. David has had the privilege to speak and keynote at some of the nations largest conferences.

David is the creator of several widely popular open-source tools including “The Social-Engineer Toolkit” (SET), Artillery, and Fast-Track. David has also released several zero-day exploits and focuses on security research. David has over 14 years of security experience, with over 9 specifically in security consulting. Prior to the private sector, David worked in the United States Marines for cyber warfare and forensics analysis activities.

David also recently testified before the US Congress about the security of the healthcare.gov web site.

RVAs3c Badge Preview

February 6, 2014
Badges

For the first two years of RVAsec, our friends at hack.rva have come up with two awesomely interactive badges for attendees. Planning for the 2014 badge started right after the 2013 conference, and since June is coming quickly we caught up with Morgan Stuart to get some info on what they are planning.

The 2013 badges were a huge hit–can you tell us a little about them?

2013 RVAsec Badges

2013 RVAsec Badges

Morgan: Last year’s design focused on a large feature set. The badge included 8 LEDs, infrared transmitter and receiver, piezo buzzer, 3D printed button, and it even had USB support. This meant that these badges could talk back and forth to each other wirelessly, you could tap, turn, and shake for input, and you could plug it up to your laptop and compose some tunes with your keyboard. The “game” on the badge consisted of seven stages, where we progressively introduced a new feature of the badge in some puzzle. By the second day, we had many people’s badges partaking in the “game of death.” Your badged counted down your health with the LEDs (in base 2 of course), forcing you to scavenge for food. HackRVA’s table had a beacon on it that would occasionally emit some “food” over IR, but most importantly you could attack other players. When a player died, they’re respawn downtime included about a minute of transmitting food to nearby players. Eventually we introduced a patient zero for “zombie mutation” (thanks Ron) and things got pretty crazy.

The badges did get a little annoying making noise the whole time. What were some thing that you learned from last year?

Morgan: There was a lot we took away from last year’s experience. Most important is getting the manufacturing of these devices down tight. We ran into a lot of unforeseen problems that we are trying to avoid by starting early with refined processes. Still, there are plenty of areas that could use improvement. For instance, the past few weeks we’ve been working out a photo etching method. It still needs work, but it will remove a lot of difficult-to-control variables that last year’s toner-transfer method had. There was also quite a bit of difficulty getting the accelerometer soldered on the board correctly, this lead to about half the badges not having an accelerometer, which was a big let down for everyone. We’re avoiding these kinds of small and sensitive components this year.

The design’s other biggest limitation was the restricted user I/O; we don’t think a button and accelerometer were enough input and the 8 LEDs with piezo could only say so much. We want interfacing with the badge to be enjoyable and intuitive, not frustrating or complex.

Due to the issues manufacturing last year, much of our focus was put on getting our hardware numbers up late in the build. The badges we ended up with had a great hardware feature set, but we just didn’t quite have the time we needed to fully exploit them with the software. HackRVA’s space has grown a lot in the last year, and we have some new and very responsible members who can help lift some of the weight off our shoulders when it comes to managing the fabrication of all this year’s boards. This means more time for software.

The good news about last year’s badge was that a lot things worked very well. Our design of the software and hardware was really founded on getting the attendees to interact with one another and we felt it did that in a big way. The badge became a great avenue to spark up a conversation or just geek-out with someone. Oh, and we’ll be sure to have a way to turn the sound off this year.

What are the plans for the badges this year?

Morgan: I first want to say that this year’s badge has again been redesigned from the “copper up,” but it’s undoubtedly the successor to last year’s badge. The badge games will again focus on getting the attendees to interact and think. Using them will be a whole lot of fun.

If someone wanted to hack or modify them, what will they need to do?

Morgan: Last year you needed a PicKit to modify the firmware–this is a piece of hardware that can cost as much as $30 or $40 for older versions. This year, we are aggressively pursuing a boot loader option which means you’ll simply need a USB cable and some free (as in beer) software to hack away.

Can you give attendees any other hints or teasers about the badges?

Morgan: One of the earliest changes we had in mind has really forced us to rethink the design and placement of every component. I won’t say much else other than we think lanyards are pretty lame…

Anything else?

Morgan: We would like to thank everyone at RVAsec, including Jake and Chris, for letting us do this these past few years. It’s challenging, but a whole lot of fun.

Thanks Morgan, we look forward to seeing this year’s badges!

If you are interested in helping out hack.rva with the badges, software or hardware, they have Thursday night open houses. More information can be found at http://hackrva.org/.