Tag: Social Engineering

RVAsec 15 Speaker Feature: Joanna Behan

May 8, 2026
Speaker

Unlocking Awareness: How an Escape Experience made Security Fun, Engaging, and Approachable (<– add to your schedule)

How do you turn security awareness from a check‑the‑box activity into a hands‑on, memorable experience for everyone? In this session, we’ll unpack a portable “escape room in a box” designed by our Information Security team to make learning approachable, collaborative, and fun.

Joanna Behan:
Joanna is an Information Security Analyst who brings a unique blend of creativity and expertise to the field. With a Bachelor of Fine Arts from James Madison University and industry-recognized certifications including CISSP and CGRC, Joanna’s career spans more than two decades of hands-on professional experience. Joanna thrives at the intersection of imaginative problem-solving, heightened awareness, and effective information security. She is dedicated to making information security accessible, and her creative approach enables her to address complex challenges while fostering a culture of safety and security in technology.

Come see Joanna Behan at RVAsec 15!

RVAsec 15 Speaker Feature: Ariyan Suroosh & Mike Bailey

May 8, 2026
Speaker

Initial Access in 2026 – The Power of the Spoken Word (<– add to your schedule)

A light/ medium technical talk discussing modern techniques and challenges to red team initial access.

Ariyan Suroosh:
Ariyan Bakhti-Suroosh is a Principal Security Consultant at Rotas Security, specializing in offensive security, social engineering, and physical facility penetration testing. With over seven years of experience, Ariyan has led enterprise-scale penetration tests, advanced adversary simulations, and purple team assessments.
He holds a Bachelor’s Degree in Information Security from the University of Richmond (Summa Cum Laude) and is a Certified Red Team Operator (CRTO). Ariyan has delivered talks at SANS Hackfest, RVASEC 2024, Optiv’s Source Zero Conference, and was the keynote speaker at COV IS 2024. Ariyan was also the recipient of Optiv’s President Club 2023 and the Green Jacket award for excellence in delivery. He has developed training resources on all facets of penetration testing with a focus on physical facility penetration tests and badge cloning.

Mike Bailey:

Mike brings nearly three decades of diverse experience spanning private industry, academia, U.S. government, and the financial sector. His focus is cybersecurity, with deep expertise in adversarial threat simulation, offensive and defensive security, and advanced technical assessments. Mike is an active contributor to the security community and has been a featured speaker at multiple conferences, presenting on threat research and network security.

Come see Ariyan Suroosh at RVAsec 15!

RVAsec 15 Speaker Feature: Jason Ross

May 6, 2026
Speaker

Social Engineering The Machine: When Your Target Runs On Attention Instead Of Anxiety (<– add to your schedule)

Every AI talk this year will tell you prompt injection is a problem. This one gives you the methodology to actually exploit it. Borrowing from decades of adversarial human testing, we’ll move past “vibes” and “jailbreak screenshots” to build a working, repeatable framework for social engineering the machine.

Jason Ross:
With 20+ years in cyber security, Jason Ross now performs adversarial testing and defense of deployed generative AI applications, agentic systems, and the LLMs powering them at Salesforce. Jason’s work focuses on prompt injection attacks and defense, model governance and security, and agent exploitation on high-stakes, high-visibility production deployments. He is also a core contributor to the adversarial AI tooling and datasets used by engineering, AI research, and ethics teams across the company.

Outside Salesforce, Jason co-leads the OWASP GenAI Security Project Red Team Initiative and helped author the OWASP GenAI Red Teaming Guide. He speaks regularly at industry conferences, including NDC Security, the SANS AI Security Summit, the OWASP GenAI Summit at RSA, Skytalks, RVASec, and more.

When he’s not breaking AI, Jason gives back to the security community as a staff member at BSidesLV and a volunteer at DEF CON.

Come see Jason Ross at RVAsec 15!

RVAsec 15 Speaker Feature: Brian Cardinale

May 5, 2026
Speaker

I Called Your AI Agent and It Told Me Everything: Live Voice AI Red Teaming (<– add to your schedule)

You’ll leave this talk understanding:
– How voice AI agents are architecturally different from text chatbots
– The specific attack vectors unique to voice: transcription manipulation, DTMF injection, audio-layer prompt injection, and social engineering through vocal tone
– A repeatable methodology for testing voice AI systems in your own organization
– Concrete remediation strategies for the most common findings

Brian Cardinale:
Brian Cardinale is the Principal Security Researcher at SecureCoders and creator of the TEAPOT methodology for voice AI red teaming. He holds a CISSP and has spent his career breaking things that aren’t supposed to break. Brian built VoiceGoat, the first open-source vulnerable voice AI agent, and leads RedCaller’s research into adversarial testing of phone-based AI systems. He previously discovered CVE-2015-4670 and has conducted security assessments across financial services, healthcare, and critical infrastructure. When he’s not social engineering robots over the phone, he’s probably social engineering robots over the phone.

Come see Brian Cardinale at RVAsec 15!