Tag: presentation

RVAsec 15 Speaker Feature: Daniela Lulli

May 8, 2026
Speaker

Robots vs Robots – Securing AI and the Data that Powers it (<– add to your schedule)

As AI systems, copilots, and autonomous workflows proliferate, defenders must secure not only the data that fuels them, but the AI behaviors, access paths, and automation they introduce. Robots vs. Robots explores how organizations can protect AI systems end‑to‑end by controlling data exposure, governing AI access, and using automation to stay ahead of adversaries.

Daniela Lulli:
Daniela Lulli leads Varonis Sales Engineering in the Mid Atlantic, partnering with enterprise and public sector organizations to secure their most sensitive data and build resilient, scalable security programs. She has also served as a trusted advisor for Department of Defense, UN, and NATO missions, helping global organizations reduce insider risk and defend against rapidly evolving cyber threats.

Daniela serves as the Chief Technology Officer for the Virginia (Belvoir) Chapter of the Armed Forces Communications and Electronics Association (AFCEA), a global nonprofit with a mission to enable collaboration between government, military, industry, and academia in the areas of cybersecurity, intelligence, and global security. Her leadership and impact in the community earned her recognition as a finalist for the 2025 CyberScoop50 Most Inspiring Up and Comer Award.

Come see Daniela Lulli at RVAsec 15!

RVAsec 15 Speaker Feature: Michael Darling

May 8, 2026
Speaker

Secure by Design, Trusted Through Compliance (<– add to your schedule)

This talk will challenge listeners to redifine the traditional technical vs compliance mindset and thing of security as risk management. Whether it’s technical or contractual risk we should all be focused on the same goal of reducing material impacts to our organizations. It will walk through a model in which compliance is built upon strong technical foundations and becomes a mechanism for communicating trust to your organization, customers, and regulators

Michael Darling:
Michael Darling is the founder and Principal Consultant at Solstice Security, where he provides fractional CISO services and helps high confidentiality industries like defense, legal, and financial services build strong security programs and navigate their compliance challenges.

He has spent 25+ years building security programs that actually work. He led the ground-up development of a cybersecurity program at one of the largest law firms in the country and helped shape national cyber policy at the White House budget office and CISA. A retired Marine Lieutenant Colonel and combat veteran, he served in infantry, physical security, IT, and cybersecurity roles.

Michael is passionate about closing the gap between what security frameworks promise on paper and actual security outcomes.

Come see Michael Darling at RVAsec 15!

RVAsec 15 Speaker Feature: Joanna Behan

May 8, 2026
Speaker

Unlocking Awareness: How an Escape Experience made Security Fun, Engaging, and Approachable (<– add to your schedule)

How do you turn security awareness from a check‑the‑box activity into a hands‑on, memorable experience for everyone? In this session, we’ll unpack a portable “escape room in a box” designed by our Information Security team to make learning approachable, collaborative, and fun.

Joanna Behan:
Joanna is an Information Security Analyst who brings a unique blend of creativity and expertise to the field. With a Bachelor of Fine Arts from James Madison University and industry-recognized certifications including CISSP and CGRC, Joanna’s career spans more than two decades of hands-on professional experience. Joanna thrives at the intersection of imaginative problem-solving, heightened awareness, and effective information security. She is dedicated to making information security accessible, and her creative approach enables her to address complex challenges while fostering a culture of safety and security in technology.

Come see Joanna Behan at RVAsec 15!

RVAsec 15 Speaker Feature: Paul Brownridge

May 7, 2026
Speaker

Flirting with AI: Pwning web sites through their AI chatbot agents and politely breaking guard rails (<– add to your schedule)

Find out how to penetration test an AI chatbot.

Paul Brownridge:
Paul Brownridge is Head of Technical Delivery at Pen Test Partners, the ethical hacking firm. Originally from an engineering background, Paul swapped his hard hat for a white hat and has been working in cyber security for the last 10 years. His practical experience of industrial environments and cyber security make for a capable and highly competent OT cyber engineer. Paul is a regular speaker at national and international technology and security events such as Defcon and the (ISC)2 Security Conference, highlighting key risks with the internet of things, automotive and maritime.

Come see Paul Brownridge at RVAsec 15!

RVAsec 15 Speaker Feature: Bhaumik Shah

May 7, 2026
Speaker

Breaking Tokens: Modern Attacks on OAuth, OIDC, and JWT Auth Flows (<– add to your schedule)

Modern authentication systems like OAuth and OIDC are often misunderstood. This talk demonstrates real-world attacks such as token replay and session hijacking, shows how weak configurations lead to compromise, and shares practical defense strategies to secure your auth flows.

Bhaumik Shah:
Bhaumik Shah is a cybersecurity leader and founder of Securify, where he helps organizations secure their cloud, applications, and infrastructure through penetration testing, red team operations, and compliance programs like SOC 2 and ISO 27001. With over a decade of experience uncovering vulnerabilities in complex environments — from AWS misconfigurations to API flaws — he has worked with startups, enterprises, and government agencies to strengthen their security posture. Bhaumik is passionate about sharing real-world lessons from the field, mentoring the next generation of security professionals, and occasionally sneaking in a pop-culture reference or two to make security just a little more fun.

Come see Bhaumik Shah at RVAsec 15!

RVAsec 15 Speaker Feature: Evan Typanski

May 7, 2026
Speaker

Building Custom Detections with Zeek and Spicy (<– add to your schedule)

Discover how to use Zeek in order to create custom detections for network threats. We will go over how to create a real detection using Zeek via scripting, protocol analysis, and log analysis.

Evan Typanski:
Evan is currently a software engineer at Corelight, a network monitoring startup. He is on the open source team, where he works as a maintaner for the Zeek project. His focus is on compilers and low level networking.

Before joining Corelight, Evan worked on static code analysis (SAST) for languages like C/C++, Swift, and Rust. He graduated from the University of Virginia with a BS in Computer Science in 2020.

Come see Evan Typanski at RVAsec 15!

RVAsec 15 Speaker Feature: Michael Roytman & Max Voldman

May 5, 2026
Speaker

No Breach Required: $52 Million in Cybersecurity Fraud Settlements Built on Paperwork, Not Incidents (<– add to your schedule)

We present original research quantifying the gap between what federal contractors certify about their security posture and what vulnerability telemetry actually shows, combining data science with False Claims Act enforcement analysis to estimate the real FCA exposure across the defence industrial base. We then ask whether the industry’s own risk-scoring tools, built to make triage rational, are inadvertently building the evidentiary record that makes fraud prosecution easier.

Michael Roytman:
Michael Roytman is the CTO of Empirical Security. Previously, he was the Chief Data Scientist of Kenna Security, and a Distinguished Engineer at Cisco. He served on boards for the Society of Information Risk Analysts, Cryptomove, and Social Capital. He was the co-founder and executive chair of Dharma Platform (acquired, BAO Systems), for which he landed on the 2017 Forbes 30 Under 30 list. He currently serves on Forbes Technology Council.

Max Voldman:
Max Voldman is a partner at Whistleblower Partners LLP, in Washington DC. Max’s practice is focused on representing whistleblowers under the federal False Claims Act and numerous state law equivalents, and the whistleblower programs of the Securities and Exchange Commission. Max has represented whistleblowers in various industries, including government contracting, healthcare, and education.

Come see Michael Roytman at RVAsec 15!

RVAsec 15 Speaker Feature: Aqeel Yaseen

May 4, 2026
Speaker

Troubleshooting: Where information meets WTF. (<– add to your schedule)

Four ways technical troubleshooting can help keep your head from exploding in life.

Aqeel Yaseen:
Aqeel Yaseen transitioned into Offensive Security from over a decade of teaching yoga and mentoring mindfulness based retreats professionally, and is currently working with RedHelm. That might seem like a curious combination, but Pentesting and teaching yoga both help people cultivate awareness of blind spots, and find ways to learn and grow from that awareness. Aqeel has been teaching himself the art and skill of hacking by creating home labs, owning machines on HTB and Offsec’s Proving Grounds, and participating in CTFs. He has already earned the Security+, OSCP, OSWA, and CRTO certifications. He also has a website with two years of recorded yoga and meditation classes that are available for free. He is eager to learn and to share!

Come see Aqeel Yaseen at RVAsec 15!

RVAsec 15 Speaker Feature: Victoria Mosby

May 4, 2026
Speaker

Use It Monday: A 5-Step Method for Turning Security Findings Into Stories Executives Act On (<– add to your schedule)

Security teams produce thorough, accurate reports that executives nod at and never act on. This talk teaches a practical 5-step method for translating findings into narratives that produce decisions — one you’ll practice live and use Monday morning.

Victoria Mosby:
Victoria Mosby is a cybersecurity strategist, advisor, and storyteller with 16 years of experience spanning federal consulting, governance and risk, and cybersecurity SaaS. She is the founder of Basilisk Security Consulting, a boutique advisory practice focused on security communication and executive alignment, and the creator of the Cyber Lorekeeper, a platform dedicated to making security concepts not just understandable but memorable.

Her work sits at the intersection of technical depth and business translation. As a Senior Sales Engineer at PlexTrac, Victoria partners with security teams to design workflows, align tooling to operational needs, and help practitioners communicate findings in ways that actually move decision-makers. She has briefed executives across healthcare, financial services, government, and critical infrastructure, and has spent years studying why some security reports generate action while most generate acknowledgment and nothing else.

That question became the Saga Framework, a comprehensive storytelling methodology for cybersecurity communication grounded in cognitive science research and built around seven narrative archetypes. The framework gives practitioners a repeatable system for translating technical findings into executive narratives that are visceral, specific, and designed to produce decisions. It includes a calibration system for matching narrative intensity to audience type, a practitioner toolkit, and a full written methodology. “Use It Monday” distills the framework’s most actionable core into a 5-step method practitioners can learn in a conference talk and apply the same week.

Victoria holds a Master’s in Cyber Forensics and has spent her career building bridges between the security team, the boardroom, and the broader community. Outside of work, she writes dark fantasy fiction, runs D&D campaigns, and crochets, usually while thinking about how narrative structure works in both storytelling and security briefings.

Come see Victoria Mosby at RVAsec 15!

RVAsec 15 Speaker Feature: Vas Khomyk

May 4, 2026
Speaker

The Interview Engine: A Career Readiness Framework (<– add to your schedule)

Cybersecurity is about mitigating risk at acceptable cost, and hiring works the same way. This talk pulls back the curtain on how recruiting actually works, then gives security professionals an engineering-minded framework for staying career-ready without waiting for the layoff to start thinking about it.

Vas Khomyk:
Vas Khomyk is a technical recruiter with Hampton North, a cybersecurity-focused recruiting firm. He runs retained and contingent searches across cybersecurity, defense, and enterprise IT, helping companies fill challenging roles from senior security engineering to VP-level leadership. He is an active member of the Greater Richmond cybersecurity community, where he has presented workshops on career readiness and interview preparation for local meetup groups. He brings an engineering mindset to recruiting and a recruiter’s insider view to career advice.

Come see Vas Khomyk at RVAsec 15!