Tag: Risk Management

RVAsec 15 Speaker Feature: Michael Darling

May 8, 2026
Speaker

Secure by Design, Trusted Through Compliance (<– add to your schedule)

This talk will challenge listeners to redifine the traditional technical vs compliance mindset and thing of security as risk management. Whether it’s technical or contractual risk we should all be focused on the same goal of reducing material impacts to our organizations. It will walk through a model in which compliance is built upon strong technical foundations and becomes a mechanism for communicating trust to your organization, customers, and regulators

Michael Darling:
Michael Darling is the founder and Principal Consultant at Solstice Security, where he provides fractional CISO services and helps high confidentiality industries like defense, legal, and financial services build strong security programs and navigate their compliance challenges.

He has spent 25+ years building security programs that actually work. He led the ground-up development of a cybersecurity program at one of the largest law firms in the country and helped shape national cyber policy at the White House budget office and CISA. A retired Marine Lieutenant Colonel and combat veteran, he served in infantry, physical security, IT, and cybersecurity roles.

Michael is passionate about closing the gap between what security frameworks promise on paper and actual security outcomes.

Come see Michael Darling at RVAsec 15!

RVAsec 15 Speaker Feature: Brian Markham

May 6, 2026
Speaker

Swatting flies with sledgehammers: broken TPRM programs and how to fix them (<– add to your schedule)

Third-party and supply chain risk is more important now than ever—but TPRM is also more broken and ineffective than ever. This session will review today’s common approaches to TPRM, how we got here, and how we can achieve better outcomes and reasonable assurance with less work. We’ll also explore what that shift could mean for our security programs—and for the industry as a whole. We need a hard reboot, and it has to start with each of us.

Brian Markham:
Brian Markham is an executive, advisor, hacker, and mentor with over 25 years of experience in IT and cybersecurity. Brian currently serves as the Chief Information Security Officer for EAB Global, a leading provider of software, marketing, and research services to institutions of higher education. Prior to joining EAB, he was a consultant at KPMG and PwC, and was on the security teams at the University of Maryland and George Washington University.

Come see Brian Markham at RVAsec 15!

RVAsec 15 Speaker Feature: Jeff Man

May 5, 2026
Speaker

The State of Information Security Today (<– add to your schedule)

The speaker has been in the Information (cyber) security since the late 1900s and will take a look back at the challenges we faced in the beginning and how these challenges have changed and evolved over the past several decades. You think we’re doing okay? Let me change your mind.

Jeff Man:
Jeff is a respected Information Security advocate, advisor, hacker, evangelist, mentor, teacher, international keynoter, speaker, former host of Security & Compliance Weekly, co-host on Paul’s Security Weekly, Tribe of Hackers (TOH) contributor, including Red Team, Security Leaders, and Blue Team editions, and a member of the Cabal of the Curmudgeons. Jeff currently serves as a PCI QSA and Trusted Advisor for Online Business Systems, also a Grant Advisory Board Member for the Gula Tech Foundation, Advisory Board Member for the Technology Advancement Center (TAC), and is the Director of Diversity, Equity, and Inclusion for Hak4Kidz NFP. Over 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified National Security Agency Cryptanalyst. Designed and fielded the first software-based cryptosystem ever produced by NSA. Inventor of the “whiz” wheel, a cryptologic cipher wheel used by US Special Forces for over a decade currently on display at the National Cryptologic Museum. Honorary lifetime member of the Special Forces Association. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises. Pioneering member of the first penetration testing “red team” at NSA. For the past twenty-eight years has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation’s best known companies.
https://darknetdiaries.com/episode/83/
https://www.cybereason.com/blog/malicious-life-podcast-how-the-internet-changed-the-nsa

Come see Jeff Man at RVAsec 15!

RVAsec 15 Speaker Feature: Vas Khomyk

May 4, 2026
Speaker

The Interview Engine: A Career Readiness Framework (<– add to your schedule)

Cybersecurity is about mitigating risk at acceptable cost, and hiring works the same way. This talk pulls back the curtain on how recruiting actually works, then gives security professionals an engineering-minded framework for staying career-ready without waiting for the layoff to start thinking about it.

Vas Khomyk:
Vas Khomyk is a technical recruiter with Hampton North, a cybersecurity-focused recruiting firm. He runs retained and contingent searches across cybersecurity, defense, and enterprise IT, helping companies fill challenging roles from senior security engineering to VP-level leadership. He is an active member of the Greater Richmond cybersecurity community, where he has presented workshops on career readiness and interview preparation for local meetup groups. He brings an engineering mindset to recruiting and a recruiter’s insider view to career advice.

Come see Vas Khomyk at RVAsec 15!