We are pleased to announce that Trey Ford will be keynoting RVA5ec!
Trey Ford is a security executive, industry strategist and research advocate. Over the last 15 years, Trey ran Black Hat events worldwide as General Manager, and provided services ranging from global security strategy, incident response, product management, PCI QSA and security engineering for a variety for industry leaders including Rapid7, Zynga, McAfee, FishNet Security and WhiteHat Security.
Merritt Group
Michelle Schafer is Senior Vice President and runs the cybersecurity team at Merritt Group, an integrated marketing and public relations firm based in the DC area. Over the past decade, Michelle has represented more than 50 security companies including BlackHat, CrowdStrike, Mandiant, Netwitness, Venafi, MACH37, PhishMe, (ISC)2, PGP and Fortify Software, among others. She is a MACH37 mentor and frequently presents at conferences like RVASec and Security B-Sides about the role of media in cybersecurity.
Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech’s online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.
The Changing Mind of the Security Pro — How Hype and Media Shape Infosec Priorities
One of the most difficult jobs of today’s security professional is setting priorities in a storm of news reports, vulnerability disclosures, and product announcements. With so much hype and misinformation on the Web and in the media, how can infosec pros determine which problems to tackle first? In this informative session, top experts in the fields of security PR and media will discuss the various ways that threats and technology are overhyped — and how you can sort through the noise to determine what really matters to your organization
We are pleased to announce that Karen Jackson will be keynoting RVA5ec!
Karen Jackson serves as the Secretary of Technology for the Commonwealth. Prior to her appointment, she served as the Commonwealth’s Deputy Secretary of Technology and Vice President of Broadband Programs for the Center for Innovative Technology.
Ms. Jackson serves as a senior advisor to the Governor on technology matters including innovation, data analytics, telecommunications, cybersecurity, and unmanned systems. She is also responsible for overseeing the Commonwealth’s IT infrastructure.
As Secretary, she is responsible for policy and legislative initiatives as well as developing programs to facilitate innovation, entrepreneurship, technology development and adoption. Ms. Jackson also serves as the Virginia lead for the Mid-Atlantic Aviation Partnership (MAAP) and co-chair of the Virginia Cybersecurity Commission.
Ms. Jackson has been actively engaged in the federal policy initiatives including the development of the National Broadband Plan. She received a 2009 IP3 award from Public Knowledge for her work in information policy, and was named to Government Technology’s 2010 list of the top 25 Doers, Dreamers, and Drivers. She was recently named to The Governing Institute Women in Government Leadership Program Class of 2015.
Ms. Jackson serves on a number of Boards including the Virginia Economic Development Partnership, the Center for Innovative Technology, and serves as Governor McAuliffe’s representative to the FCC’s Intergovernmental Advisory Committee.
She holds a bachelor’s of science in business management from Christopher Newport University and a master’s of business administration from The College of William and Mary.
CDW is a leading provider of integrated information technology solutions. We help our 250,000 small, medium and large business, government, education and healthcare customers by delivering critical solutions to their increasingly complex IT needs.
Come see us at RVAsec! Register now.
Steve Christey
MITRE
Steve Christey Coley is a Principal Information Security Engineer in the Cyber Security Division at The MITRE Corporation, supporting FDA CDRH on medical device cyber security. Steve was co-creator and Editor of the CVE list and chair of the CVE Editorial Board from 1999 to 2015. He is the technical lead for CWE, the Common Weakness Scoring System (CWSS), and the CWE/SANS Top 25 Software Most Dangerous Software Errors. He was a co-author of the influential “Responsible Vulnerability Disclosure Process” IETF draft with Chris Wysopal in 2002. He was an active contributor to other community-oriented efforts such as CVSS, CVRF, and NIST’s Static Analysis Tool Exposition (SATE). His interests include adapting traditional IT security
methodologies to new areas, software assurance, improving vulnerability information exchange, and making the cybersecurity profession more inclusive for anybody who seeks a place in it. He holds a B.S. in Computer Science from Hobart College.
Toward Consistent, Usable Security Risk Assessment of Medical Devices
“CVSS? For *my* medical device?” It’s more likely than you think.
With so many different stakeholders in the medical device ecosystem – including manufacturers, hospitals, researchers, third-party coordinators, and patients – it’s no wonder that risk assessment is looking kind of discombobulated right now. When a new medical device vulnerability comes out, rarely is there any agreement about how bad it is. It can be very difficult for health care providers to use existing information to make appropriate, defensible risk decisions
If only there were a common vulnerability scoring system to stop the madness! Enter CVSS. But how can this IT-oriented system be used for evaluating medical device vulnerabilities, and should it? Fortunately, FDA’s CDRH has tasked MITRE to work with the medical device community to find out, so I’ll tell you all about it.
We are Hermetic Networks. A passionate team of IT professionals, hackers, and customer service providers. We take the complication out of technology for our customers and help them do great things.
Come see us at RVAsec! Register now.
Dawn-Marie Hutchinson
Optiv
Dawn-Marie Hutchinson brings 15 years of enterprise information technology experience to her role as a senior consultant in the Office of the CISO at Optiv. She is an innovative business partner with extensive
experience serving on Enterprise Risk Management teams. She is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls.
Beyond the Security Team: The Economics of Breach Response
Breaches are expensive. So expensive that cyber insurance coverage is often lacking. This presentation explores the economics of breaches, the differences between breach and incident response and how you can align your security team’s goals with company values.
The School of Professional & Continuing Studies (SPCS) at the University of Richmond offers degree and certificate programs, enrichment opportunities, professional training and summer programs to part-time and non-traditional students of all ages.
Come see us at RVAsec! Register now.
Red Hat, Inc.
Dave is a career Open Source security advocate, evangelist, and problem solver. Working closely with the product and platform security teams at Red Hat, developing skills and knowledge of not just ensuring the Linux host is secured, but ensuring this level of security is maintained over time.
Open Source Identity Management: From Password to Policy
Learn how Open Source technologies such as FreeIPA
(IdM) and SSSD can provide intelligent policy management and access
control for your Linux environment, tighter Active Directory
integration through cross forest trusts, and a variety of methods by
which one can authenticate using Smart Cards, SAML, and OTP among
others to systems and services. This session will also cover how to
use the additional features and functionality of FreeIPA to provide a
robust PKI infrastructure and DNS management to your environment.
Assura is a consulting and services firm focused on Information Technology Governance, Risk and Compliance (IT GRC) with concentrations in cybersecurity, business continuity planning, IT audit and audit defense.
Come see us at RVAsec! Register now.
