Assura is a consulting and services firm focused on Information Technology Governance, Risk and Compliance (IT GRC) with concentrations in cybersecurity, business continuity planning, IT audit and audit defense.
IOActive
As its CEO, Jennifer Steffens spearheads all aspects of IOActive’s global CEO business operations and drives the company’s strategic vision. Jennifer brings a wealth of industry and business experience to the company, having been an early member of several successful startups.
Earlier in her career, Jennifer was a Director at Sourcefire, where she helped build and grow its run rate from $250K to over $35M in just four years. She helped commercialize the Snort open source intrusion detection and prevention technology and built several service offerings around research initiatives. Prior to joining IOActive, Jennifer came to Seattle to help startup GraniteEdge reinvent itself. While there, she led initiatives to restructure the company and developed a product strategy that ultimately secured two additional rounds of funding. With over ten years of industry experience, Jennifer has held senior management positions at Ubizen, NFR Security, and StillSecure.
Jennifer is a well-respected media source, appearing in InfoSecurity Magazine, SC Magazine, Good Morning America, BBC, Reuters, The Guardian, and CBS News. She has been invited to give keynote presentations at a variety of conferences such as HackInTheBox. Jennifer is a member of EWF, ISSA, and OWASP.
RVAsec Keynote
Barry Kouns is principal consultant for ISO/IEC 27001:2013 pre-certification services at Risk Based Security, Inc., an information security, threat intelligence, and risk management consultancy. Barry’s experience includes information security consulting, risk assessment and quality management. Barry has provided training, procedure development and pre-certification consulting services resulting in the successful ISO/IEC 27001 certification of more than two dozen organizations. Barry has full knowledge of GLBA, FFIEC, HIPAA, Sarbanes-Oxley, and 201 CMR 17 and is well versed with PCI DSS, ISO 9001, COBIT, FISMA, NIST 800-53, BS 25999, ISO 31000 and ISO 20000. He has earned a B.S. in Statistics from Virginia Tech and a M.S. in Industrial Engineering Management from North Dakota State University. He has earned the CISSP designation, is a trained ISO /IEC 27001:2013 Auditor & ISMS Implementer, and is ITIL Foundation Certified. Barry was a Captain in the United States Air Force and served as a B-52H Navigator/Bombardier.
Incident Response Management – Not a Fire Drill
In spite of the billions of dollars spent annually to prevent a data breach, breaches are being reported at a rate of more than eight per day. Most security experts say it’s not a matter of if your organization’s data will be breached, but when. If your organization does not have a well designed, formally documented, and regularly tested Incident Response process in place, how well will you respond to the data breach that is most likely in your future?
Not all Incident Response programs are created equal. Speed of action, without first understanding the nature and severity of an event can often lead to elevating the costs to the organization. Join this session to learn how to build an effective Incident Response Management process to identify and properly respond to the various levels of information security events.
We are pleased to announce that Jennifer Steffens will be keynoting RV4sec 2015!
As its CEO, Jennifer Steffens spearheads all aspects of IOActive’s global 
business operations and drives the company’s strategic vision. Jennifer brings a wealth of industry and business experience to the company, having been an early member of several successful startups.
Earlier in her career, Jennifer was a Director at Sourcefire, where she helped build and grow its run rate from $250K to over $35M in just four years. She helped commercialize the Snort open source intrusion detection and prevention technology and built several service offerings around research initiatives. Prior to joining IOActive, Jennifer came to Seattle to help startup GraniteEdge reinvent itself. While there, she led initiatives to restructure the company and developed a product strategy that ultimately secured two additional rounds of funding. With over ten years of industry experience, Jennifer has held senior management positions at Ubizen, NFR Security, and StillSecure.
Jennifer is a well-respected media source, appearing in InfoSecurity Magazine, SC Magazine, Good Morning America, BBC, Reuters, The Guardian, and CBS News. She has been invited to give keynote presentations at a variety of conferences such as HackInTheBox. Jennifer is a member of EWF, ISSA, and OWASP.
You can follow Jennifer on Twitter at @SecureSun.
Instructor: Schuyler Towne
Get comfortable with basic lockpicks, open some security pinned locks (and possibly high security), and have an understanding of Pin Tumbler, Wafer and Disc Detainer locks. Learn the baseline knowledge to plan your own facility security, and get a number of excellent references to help continue your study.
The focus will be on Pin Tumbler locks, as they are what a North American audience will encounter most often. You will begin picking these locks early and get plenty of practice with access to the instructor’s lock library, including various specially prepared mid- and high-security locks. From there you will branch out to other locking concepts, and gain an understanding of a wide range of lock types, from safes to magnetics, with particular attention to Wafer and Disc Detainer locks as they are also quite common in the US. The basics of facility security, including what to look for in modern digital locks, will also be covered.
About The Instructor
Schuyler Towne is obsessed with locks. While he got his start picking locks competitively, his interest has since exploded into every aspect of their history, design and manipulation. He’s taught hackers, authors, cops and even toy designers. There is nothing Schuyler loves more than to talk locks with anyone who will listen. His interests in the history of physical security and design of locks provides a passionate background to his lectures and workshops on lockpicking. Currently he is writing an Almanac of Locksport for O’Reilly and studying media portrayals of lockpicking.
Title: Hands-On Lock Picking
Instructor: Schuyler Towne
Date: 6/3/2015, 9AM-5PM
Cost: $250.00
Class Size: 20 seats are available total
Praise for Schuyler Towne’s Class
“I attended Schuyler Towne’s lock picking class at RVAsec a few years ago, and it was bloody amazing. Literally…. it drew blood. This was hands-down and in cuffs one of the best classes I’ve ever attended. Schuyler is very passionate about what he does and incredibly skilled at not only picking locks (though he still has to successfully pick the Ruko locks I gave him), but also passing on his knowledge in an exciting and entertaining manner. Whether you’ve never picked a lock in your life (just like I hadn’t) or quite skilled at it, you will definitely learn something from this class. Challenges are tailored to each attendee’s skillset, and there are both simple locks, advanced locks, digital locks, handcuffs, and combination locks to play with. I definitely recommend this class.”
– Carsten E
“I think the classes [lock picking] are fascinating and valuable whether you’re a hobbyist, or if physical security testing is in (or you want it to be) your job description. Schuyler’s passion for research, and his presentation style really make the whole experience a joy.”
– Nick P
We would like to welcome Sunera and Fishnet Security – the latest sponsors to partner with RV4sec. We look forward to working with you to ensure the success of this year’s conference!
fishnet security
Vendor spaces are filling fast! Contact sponsors@rvasec.com if you would like more information.
We are pleased to announce that Rapid7, LogRhythm and FishNet Security have all come together to sponsor the RVAsec after party!
The after party will be held at Postbellum on Thursday, June 5th at 6:30pm!
The event takes place shortly after day one of the conference ends–and it is a quick walk over so you can head right from VCU for some cocktails and food!
If you plan to attend, please register to ensure we have enough staff & space reserved!
https://www.surveymonkey.com/s/7QF3PT9
Thursday June 5th 6:30pm-8:30PM (maybe longer!)
1323 West Main Street Richmond, VA 23220
(804) 353-7678
Thanks again to our sponsors for making sure RVAsec attendees will be well taken care of this year!
GE – GE-CIRT
David Sharpe and Katherine Trame are currently incident responders in GE-CIRT’s Advanced Threats team. The GE-CIRT Advanced Threats team provides world class incident response services for APT-related matters for the entire GE organization. David has a wide range of IT experience spanning 19 years. He has served in a variety of roles in Fortune 10 and Fortune 500 companies, ranging from systems programmer writing device drivers and operating system components, to large scale systems administration, to IT security. David joined GE-CIRT in 2011. Katherine served as an intelligence analyst with the Hampton, VA Police Division for five years during which she gained experience in tactical/operational intelligence and computer forensics. Katherine joined GE-CIRT in 2013.
Real World Intrusion Response – Lessons from the Trenches
Two battle-scarred, sleep-deprived GE-CIRT incident responders share lessons learned from the trenches, from their daily duties repelling real world, high-end network intrusions globally. This talk will include fresh thinking and innovative ideas in: intrusion response, intrusion detection, effective use of intel, and defensive operations. We will cover roughly a dozen (time permitting) cutting edge ideas and techniques that you can take back to your own organizations and put into practice right away.
@KizzMyAnthia / www.KizzMyAnthia.com
HP ShadowLabs
Infosec specialist whose qualifications include an indepth understanding of security principals and practices; C|EH, MCSE+Security designations; and detailed knowledge of security tools, technologies and development. Seven years of security experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations, with over 10 years overall in the industry.
Into The Worm Hole: Metasploit For Web PenTesting
Ever wondered how to use MSF to make web exploitation EPIC?!
If you said, H3LL YEAH!! Than this talk is for you.
Into the Worm Hole is an adventure into web exploitation and how to use Metasploit Framework to get farther and pwn all the things.
We are pleased to announce that David Kennedy will be keynoting RVAs3c 2014!
David is the Founder and Principal Security Consultant for TrustedSec, who provides information security consulting services for a large portion of the Fortune 1000 space as well as medium-sized companies. Prior to TrustedSec, David was a Chief Security Officer (CSO) for Diebold Incorporated, a Fortune 1000 company located in over 80 countries with over 16,000 employees. David developed a global security program that tackled all aspects of information security. David is considered a thought leader in the security field and has presented at over three hundred conferences worldwide.
David has had numerous guest appearances on Fox News, CNN, CNBC, Huffington Post, Bloomberg, BBC, The Katie Show, and other high-profile media outlets. David is the founder of DerbyCon, a large-scale information security conference. David has testified in front of Congress on multiple occasions on the threats we face in security and in the government space.
David also co-authored Metasploit: The Penetration Testers Guide, which was number one on Amazon in security for over a year. David was also one of the founding members of the “Penetration Testing Execution Standard” (PTES). PTES is the industry leading standard and guideline around how penetration tests should be performed. David has had the privilege to speak and keynote at some of the nations largest conferences.
David is the creator of several widely popular open-source tools including “The Social-Engineer Toolkit” (SET), Artillery, and Fast-Track. David has also released several zero-day exploits and focuses on security research. David has over 14 years of security experience, with over 9 specifically in security consulting. Prior to the private sector, David worked in the United States Marines for cyber warfare and forensics analysis activities.
David also recently testified before the US Congress about the security of the healthcare.gov web site.
