Just a reminder that RVAsec 2013 is completely sold out!
This means that you will not be allowed entrance to the conference if you are not registered–absolutely no tickets will be available at the door!
We’re sorry if you missed out on a ticket, however, we are recording the speakers and will have talks posted after the conference. Please follow @rvasec on Twitter (or the good ol’ RSS feed) for video announcements and registration dates for next year!
Just a reminder that Rapid7 is hosting the RVAsec after party on Friday, May 31 at the Tobacco Company! The event takes place right after the conference–so head from VCU down to Shockoe Slip for some cocktails and appetizers!
Please sign up for this event using this link:
http://information.rapid7.com/
Event Details:
Friday May 31st 6:30pm-9:30PM
Tobacco Company Restaurant
1201 E Cary St. Richmond, VA 23219
Rapid7 is hosting the RVAsec after party on Friday, May 31 at the Tobacco Company! The event takes place right after the conference ends–so just head from VCU down to Shockoe Slip for some cocktails and appetizers!
Please be sure to sign up for this event using this link:
http://information.rapid7.com/
Event Details:
Friday May 31st 6:30pm-9:30PM
Tobacco Company Restaurant
1201 E Cary St. Richmond, VA 23219
The after party sponsored by Rapid7 on Friday, May 31 will be held at The Tobacco Company! After the last talk of the day head over to Tobacco Company for food and drink provided by Rapid7 from 6:30 to 9:30.
Party time!
RVAsec will be held on Friday and Saturday, May 31st and June 1st at the Commonwealth Ballroom at VCU’s University Commons. Training classes will be held on Thursday, May 30th.
The conference is only $75 and includes two days of talks, electronic badges from hack.rva, breakfast/lunch/snacks, more coffee this year, swag bag, parking at VCU, two receptions and an after party sponsored by Rapid7!
The 5/15 deadline is rapidly approaching (and we ordered more badges so they are still available)–so register now! Due to catering demands we cannot take any registrations onsite or after the deadline.
On Thursday 5/30 we have four training classes available at the lowest prices we can swing: Lock Picking with Schuyler Towne, Forensics Readiness with Glenn Dardick, SANS Information Security for Business Executives with Chip Greene, and Introduction to Malware Analysis with Tyler Hudak. Classes are almost full, if you are considering a class please register now!
RVAsec 2013 Speaker Lineup (Schedule)
Chris Wysopal – Keynote
Donald Allison
Rockie Brockway
Colby Clark
Gus Fritschie & Andrew Du
Adam Ely
Dan Han
Dan Holden
Schuyler Towne
Paul Watson
Alex Hutton – Keynote
Itzik Kotler
Barry Kouns
Brian Lockrey
Sean Mason
Daniel Ramsbrock
Mike Shema
Boris Sverdlik
Ben Tomhave
The RVAsec Capture The Flag (CTF) is getting close. The details below are meant to ensure participants are prepared for it! We’re excited to invite anyone and everyone who is interested in learning and exploring different IT/infosec tools and techniques in hands-on, practical exercises, to join us.
WHEN: 06/01/2013 – 10am-2pm. The exact time is subject to change but it will be on Saturday.
WHERE: We will have a table at the conference. You must be a registered conference attendee to participate.
WHO: Living humanoid-ish… seriously, this is for everyone from hobbyists, sys/net admins, infosec pros, tinkerers, makers, fixers and breakers… come out and play. We’ll all teach, learn and grow together!
WHAT TO DO:
DO bring a network-enabled laptop.
DO have the ability to run Backtrack 5r3 (http://www.backtrack-linux.org/downloads/), Pentoo (http://www.pentoo.ch/) or Kali Linux (http://www.kali.org/) either as a virtual machine, from bootable media (CD/DVD flash drive), or installed as your OS. Most of the scenarios in the CTF can be completed with the tools within these security-centric Linux distributions. Not a requirement, per se, but a BIG recommendation.
DO understand that the CTF network is a closed private network, and will not have Internet access. CTF Participants will have the ability to connect to a separate guest wireless network with Internet access for research, tool downloads, etc., during the event, but will have to disconnect from the CTF network to do so.
DO listen to and respect any instructions and guidance provided at the event. We want to provide an environment that is conducive to learning, tinkering, exploring and having a good time.
WHAT NOT TO DO:
DON’T use words or phrases like “irregardless”, “all of the sudden”, “cybergeddon” or “cyber Pearl Harbor”.
DON’T feed or pet any of the conference organizers or volunteers.
DON’T attack any other CTF participants or any VCU devices (logically, physically or emotionally).
Pre-Register: If you plan to participate in the CTF we ask that you pre-register here: http://securabit.com/ctf/ for administrative purposes. The first 20 people will receive a free 8GB USB 3.0 Flash Drive! (You have to show up and participate!)
Sponsor: We are still seeking sponsors to help with the CTF costs. If you are interested or know someone that would be willing to support the CTF please contact sponsors@rvasec.com
Hope to see you there! If you have any questions please let us know!
Instructor: Tyler Hudak
Due to the prevalence and business impact of malware, security professionals increasingly need the skills necessary to analyze worms, bots and trojan horses. This one day course will walk attendees through the concepts, techniques and processes for analyzing malware. Students will take a “from-the-wild” malware sample in a hands-on environment and learn how to analyze its characteristics and behavior to determine what it does and the risk it presents.
About The Instructor
Tyler Hudak has extensive real-world experience in malware analysis and incident handling for Fortune 500 firms. He is a member of the Forum of Incident Response and Security Teams (FIRST) and leads the FIRST Malware Analysis Special Interest Group. Tyler brings his front line experience and proven techniques to bear in the training.
Title: Introduction to Malware Analysis
Instructor: Tyler Hudak
Date: 5/30/2013
Cost: $250
Class Size: 15 seats are available total (register early!)
Prerequisites: No previous experience in malware analysis is necessary as this course is designed for those who have never performed it before. However, an understanding of malware is recommended, and students must be experienced with Windows and a virtual machine (e.g. Taking snapshots, etc.)
Class Requirements: Students will be required to bring their own laptops for the class. Laptops will need a VMWare Workstation (NOT VMWARE PLAYER) or VirtualBox installation with an install of Windows (XP or higher) as the guest OS prior to the class. If the base OS is Windows, an installation of Cygwin may be helpful as well. All other tools will be provided.
Instructor: Charles (Chip) Greene
This is a one day version of Management 512: SANS Security Leadership Essentials Class. Designed for InfoSec Managers, Directors, and Senior Leaders (VPs, COO, CEO) looking to learn the fundamentals of information security at a 30,000 foot view.
Just a few of the main topics are as follows:
Read more about the class at:
http://www.sans.org/course/
About The Instructor
After serving the country in the United States Navy for 8 years, Charles (Chip) Greene began his career in Information Technology. Over the next 18 years, Chip has held positions in Support, Design, Research and Development, Education, Disaster Recovery, and most recently in Information Security. As a Senior Information Security Analyst, Chip leads the Identity and Access Management Team at Virginia Commonwealth University Health Systems. Chip has received a Bachelor’s Degree in Information Systems from Virginia Commonwealth University, and a Master’s Degree in Disaster Sciences from the University of Richmond. He currently holds a GIAC Security Leadership Certification and previously held the Cisco Certified Security Professional certification. Mr. Greene was also honored with an Outstanding Educational Performance Award from the University of Richmond upon graduation from his Masters program. Education and training are extremely important to ones career and Chip believes that it is important for everyone to take advantage of the opportunities presented to them. Leading classes for SANS is an outstanding way for Information Technology Professionals to gather, learn and develop from other’s experiences and knowledge.
Title: SANS MGT432: Information Security for Business Executives
Instructor: Charles (Chip) Greene
Date: 5/30/2013
Cost: $600
Class Size: 15 seats are available total (cut off date is 5/13!)
Prerequisites: None.
Class Requirements: Nothing required. Material will be provided.
We are pleased to announce that Alex Hutton and Chris Wysopal will be keynoting RVAsec 2013!
Alex Hutton
Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is the Director of Technology and Operations Risk Management for a top 25 bank. A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon Data Breach Investigation, the Verizon’s PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups. Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum. Alex is a founding member of the Society of Information Risk Analysts (http://societyinforisk.org/), and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog (http://www.newschoolsecurity.com). Some of his earlier thoughts on risk can be found at the Riskanalys.is blog (http://www.riskanalys.is).
Chris Wysopal, CTO, Veracode
Veracode’s CTO and Co-Founder, Chris Wysopal, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld’s Top 25 CTO’s and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he was one of the authors of L0phtCrack, the Windows password auditing program and the author of Netcat for Windows. Chris has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is the author of “The Art of Software Security Testing” published by Addison-Wesley and has published several major security vulnerabilities in Lotus Notes, Microsoft Windows and Cold Fusion.
Instructor: Glenn S. Dardick
The workshop is a hands-on introduction to cyber forensics for IT Security personnel and Incident Response Teams. The workshop will cover where artifacts lie and how to forensically retrieve them. More importantly the workshop will cover forensics readiness – knowing what can be available leads to being prepared prior to a breach or other incident – instead of after the breach or other incident wishing you were prepared.
Topics will include the following:
About The Instructor
Glenn S. Dardick is the Director of the Longwood Center for Cyber Security and serves on the faculty of Longwood University where he is responsible for its courses in Cyber Security, Forensics and Policy. He also serves on the adjunct faculty of Edith Cowan University in Perth, Australia. Glenn S. Dardick is the Director of the Association of Digital Forensics, Security and Law (ADFSL), the publisher of the Journal of Digital Forensics, Security and Law and the organizer of the annual academic Conference on Digital Forensics, Security and Law. Glenn S. Dardick also serves as a consultant on technology matters for the legal community and has been admitted and appeared as an expert witness in Federal, State and Sectarian Courts. He has consulted on copyright issues as well as conducted forensic investigations involving security breaches, media, Internet access, and financial records.
Title: Forensics Readiness
Instructor: Glenn S. Dardick
Date: 5/30/2013
Cost: $395
Class Size: 12 seats are available total (register early!)
Prerequisites: Attendees should be (or previously been) employed as IT personnel – 1 year experience – or degree in computer science or Information systems.
Class Requirements: Nothing required. A computer will be provided for each student.
