Tag: Compliance

RVAsec 15 Speaker Feature: Michael Darling

May 8, 2026
Speaker

Secure by Design, Trusted Through Compliance (<– add to your schedule)

This talk will challenge listeners to redifine the traditional technical vs compliance mindset and thing of security as risk management. Whether it’s technical or contractual risk we should all be focused on the same goal of reducing material impacts to our organizations. It will walk through a model in which compliance is built upon strong technical foundations and becomes a mechanism for communicating trust to your organization, customers, and regulators

Michael Darling:
Michael Darling is the founder and Principal Consultant at Solstice Security, where he provides fractional CISO services and helps high confidentiality industries like defense, legal, and financial services build strong security programs and navigate their compliance challenges.

He has spent 25+ years building security programs that actually work. He led the ground-up development of a cybersecurity program at one of the largest law firms in the country and helped shape national cyber policy at the White House budget office and CISA. A retired Marine Lieutenant Colonel and combat veteran, he served in infantry, physical security, IT, and cybersecurity roles.

Michael is passionate about closing the gap between what security frameworks promise on paper and actual security outcomes.

Come see Michael Darling at RVAsec 15!

RVAsec 15 Speaker Feature: Brian Markham

May 6, 2026
Speaker

Swatting flies with sledgehammers: broken TPRM programs and how to fix them (<– add to your schedule)

Third-party and supply chain risk is more important now than ever—but TPRM is also more broken and ineffective than ever. This session will review today’s common approaches to TPRM, how we got here, and how we can achieve better outcomes and reasonable assurance with less work. We’ll also explore what that shift could mean for our security programs—and for the industry as a whole. We need a hard reboot, and it has to start with each of us.

Brian Markham:
Brian Markham is an executive, advisor, hacker, and mentor with over 25 years of experience in IT and cybersecurity. Brian currently serves as the Chief Information Security Officer for EAB Global, a leading provider of software, marketing, and research services to institutions of higher education. Prior to joining EAB, he was a consultant at KPMG and PwC, and was on the security teams at the University of Maryland and George Washington University.

Come see Brian Markham at RVAsec 15!

RVAsec 15 Speaker Feature: Jeff Man

May 5, 2026
Speaker

The State of Information Security Today (<– add to your schedule)

The speaker has been in the Information (cyber) security since the late 1900s and will take a look back at the challenges we faced in the beginning and how these challenges have changed and evolved over the past several decades. You think we’re doing okay? Let me change your mind.

Jeff Man:
Jeff is a respected Information Security advocate, advisor, hacker, evangelist, mentor, teacher, international keynoter, speaker, former host of Security & Compliance Weekly, co-host on Paul’s Security Weekly, Tribe of Hackers (TOH) contributor, including Red Team, Security Leaders, and Blue Team editions, and a member of the Cabal of the Curmudgeons. Jeff currently serves as a PCI QSA and Trusted Advisor for Online Business Systems, also a Grant Advisory Board Member for the Gula Tech Foundation, Advisory Board Member for the Technology Advancement Center (TAC), and is the Director of Diversity, Equity, and Inclusion for Hak4Kidz NFP. Over 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified National Security Agency Cryptanalyst. Designed and fielded the first software-based cryptosystem ever produced by NSA. Inventor of the “whiz” wheel, a cryptologic cipher wheel used by US Special Forces for over a decade currently on display at the National Cryptologic Museum. Honorary lifetime member of the Special Forces Association. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises. Pioneering member of the first penetration testing “red team” at NSA. For the past twenty-eight years has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation’s best known companies.
https://darknetdiaries.com/episode/83/
https://www.cybereason.com/blog/malicious-life-podcast-how-the-internet-changed-the-nsa

Come see Jeff Man at RVAsec 15!

RVAsec 15 Speaker Feature: Michael Roytman & Max Voldman

May 5, 2026
Speaker

No Breach Required: $52 Million in Cybersecurity Fraud Settlements Built on Paperwork, Not Incidents (<– add to your schedule)

We present original research quantifying the gap between what federal contractors certify about their security posture and what vulnerability telemetry actually shows, combining data science with False Claims Act enforcement analysis to estimate the real FCA exposure across the defence industrial base. We then ask whether the industry’s own risk-scoring tools, built to make triage rational, are inadvertently building the evidentiary record that makes fraud prosecution easier.

Michael Roytman:
Michael Roytman is the CTO of Empirical Security. Previously, he was the Chief Data Scientist of Kenna Security, and a Distinguished Engineer at Cisco. He served on boards for the Society of Information Risk Analysts, Cryptomove, and Social Capital. He was the co-founder and executive chair of Dharma Platform (acquired, BAO Systems), for which he landed on the 2017 Forbes 30 Under 30 list. He currently serves on Forbes Technology Council.

Max Voldman:
Max Voldman is a partner at Whistleblower Partners LLP, in Washington DC. Max’s practice is focused on representing whistleblowers under the federal False Claims Act and numerous state law equivalents, and the whistleblower programs of the Securities and Exchange Commission. Max has represented whistleblowers in various industries, including government contracting, healthcare, and education.

Come see Michael Roytman at RVAsec 15!