RVAsec

Michael Roytman is the CTO of Empirical Security. Previously, he was the Chief Data Scientist of Kenna Security, and a Distinguished Engineer at Cisco. He served on boards for the Society of Information Risk Analysts, Cryptomove, and Social Capital. He was the co-founder and executive chair of Dharma Platform (acquired, BAO Systems), for which he landed on the 2017 Forbes 30 Under 30 list. He currently serves on Forbes Technology Council.

X (Twitter): @mroytman

Cybersecurity is Ready for Local Models (<– add to your schedule)

This talk explores how a custom, local AI/ML model can be built internally at an enteprise for cybersecurity decision support. We’ll walk through data, methods, and pitfalls of building your own models rather than using off the shelf or vendor solutions.

Come see Michael Roytman at RVAsec 13!

Caleb Crable currently works as a Senior Staff Security Engineer on the Bill.com Red Team, performing attacks against critical financial infrastructure and physical security controls to make sure that red team gets the foothold before the attacker does. Previous to performing official red team work, penetration testing and red team consulting were the name of the game. Caleb spent over 3 years consulting with Cylance Professional Services on a variety of different security engagements at companies in every sector of modern business. Before his consulting journey started, Caleb was a Senior Malware Analyst at Cylance conducting deep-level file inspection, analysis, incident reconstruction, and taking part in special projects such as research associate for the whitepaper “Influence Sketching: Finding Influential Samples In Large-Scale Regressions”

SPF Shadowing: Give old services a chance to shine (<– add to your schedule)

In a world where Sender Policy Framework is meant to provide a first or second line of defense against impersonation and phishing, we instead find ourselves barely paying attention to it. Even after the MailChannels vulnerability was disclosed and thousands of companies found they could be impersonated via email through a service they paid thousands of dollars for, word really didn’t spread like it should have. Many domains are set and forget, from personal domains to fortune 500s, and I am going to take you on a journey where we use the forgotten for fun and profit.

Come see Caleb Crable at RVAsec 13!

John Stoner is a Global Principal Security Strategist at Google Cloud and leverages his experience to improve users’ capabilities in Security Operations, Threat Hunting, Incident Response, Detection Engineering and Threat Intelligence. He blogs on threat hunting and security operations and has built multiple APT threat emulations for blue team capture the flag events. John has presented and led workshops at various industry symposia including FIRST, BSides, SANS Summits, WiCyS, Way West Hacking Fest, AISA, Insomni’hack and DefCon Packet Hacking Village. He also enjoys listening to what his former teammates referred to as “80s sad-timey music.”

X (Twitter): @stonerpsu

Defending Entra ID and Office 365 Using the Prism of GraphRunner (<– add to your schedule)

For organizations using Microsoft Entra ID and O365, it’s important to understand the landscape of the Graph API, how data is accessed and the logs available to gain visibility into probes and attacks that are targeting users and their information stores.

To drive this awareness, I’ve chosen to use a red team toolkit called GraphRunner that empowers offensive cyber practitioners an easy to use method to get started probing Microsoft Entra ID and Office 365 tenants. On the flip side of this, we are going to take a look at the logs generated by GraphRunner in a simulated attack chain to better understand what a blue teamer might see and how they can build detections and hunt, not just for GraphRunner, but for suspicious activities occurring within their Entra ID and Office 365 tenant.

Come see John Stoner at RVAsec 13!

Christopher Cruz is the Cyber Program Manager for the Virginia Fusion Center, which provides a vital conduit for intelligence collection and information exchange throughout the Commonwealth. He is responsible for the development, management, and integration of cybersecurity capabilities within the fusion center. Previously, Christopher was the Cybersecurity Program Manager for the Virginia Department of Emergency Management, where he was assigned to work in the Office of the Secretary of Public Safety and Homeland Security. He also spent several years in private sector working for multiple Fortune 500 companies leading global security efforts around insider threat, data protection, and IT risk management.

Hacker, Hipster, Hustler, Humanist: Establishing the Government’s Role in Public Interest Cybersecurity (<– add to your schedule)

Public interest cybersecurity is the application cybersecurity measures and strategies to protect critical infrastructure, non-profits, state & local governments, schools, healthcare facilities, and other institutes that primarily seek to serve the public good.

Come see Christopher Cruz at RVAsec 13!

Stacy Aitken: I didn’t intend to be in the Cyber Security space but so glad I am. I initially wanted to be a pediatrician, but while attending a conference for the government I was recruited for the Recombinant DNA cloning project with NIH that went on to clone the first sheep “Dolly”. Seeing the vast data and sensitive information on such government projects I knew I had to be a part of protecting data, securing sensitive information for the greater good and provide the same for companies data, assets and PEOPLE.

For the last 10 years I have focused on the importance of security, compliance and how to help organizations big and small have the same military grade cyber defense available and affordable. Working with all industries from Education to Pharm, DOD to local small government I dealve deep into their businesses to avoid risks they may have never known about, while keeping them compliant with their insurance, laws and policies.

The Importance of an Incident Response Plan (<– add to your schedule)

An incident response plan (IRP) is a necessity. It can reduce damage, improve recovery time, reduce costs, comply with regulation, preserve evidence, and improve preparedness.

Come see Stacy Aitken at RVAsec 13!

Luke McOmie started in offensive security in 1994 and is a trusted advisor, security leader and mentor. With a career focus in offensive security and a strong technical background, he is recognized for his excellence in developing and executing enterprise security strategies and leading technical and tactical programs. He has founded and contributed to several industry leading organizations over his career including start ups, fortune 100 enterprises, and federal agencies. As an extrovert, he passionately supports the information security community, is a featured speaker at various conferences, a published author, and an industry liaison for many businesses and organizations.

X (Twitter): @lmcomie

What the Scope? Sh** my Consultant | Client Says (<– add to your schedule)

Scoping a penetration test shouldn’t feel like negotiating a hostage situation—but here we are. In this engaging, no-holds-barred session, two seasoned cybersecurity professionals take the stage in a hilarious and painfully relatable discussion, showcasing the absurd, frustrating, and all-too-common conversations between consultants and clients.

Expect real stories, plenty of laughs, and insights that will make you rethink how you approach penetration testing and security assessments. Whether you’re a consultant, security leader, or someone who’s just tired of hearing “We don’t need a pentest”, this talk is for you.

Come see Luke McOmie at RVAsec 13!