Tag: speaker

Speaker Feature: Amelia Szczuchniak

Amelia is a security analyst working for ISECOM. From the beginning of her path in the cybersecurity industry, she’s been working with and learning from acknowledged professionals. This gave her a strong foundation and a set of skills that she intends to greatly expand. On a daily basis, she works with electronic evidence, collecting and analyzing it while maintaining the chain of custody. She conducts cyber investigations. She is also a cybersecurity trainer for the military and the Hacker Highschool project.

Why You Can’t Call the Police

Let me tell you a story about what it’s like as a lawfirm’s investigator to try to get justice for someone after they’ve been robbed online. The problem starts with finding the perpetrator. We will walk through the process of investigating crypto hot wallets and NFTs while we collect electronic evidence with proper chain of custody to prove a theft occurred. Then I’ll show you how we need to dox and hack our way through the web of forums and social networks to uncover an anonymous suspect. Again, keeping proper, court-admissable evidence. I’ll introduce you to the AI tools and automation we built to capture and search huge volumes of discussions and videos the moment they appear in many of the popular social networks and forums. Finally, I’ll end the tale with who we found and how we sent the police to their home to get justice. But it’s not a happy ending.

Come see Amelia at RVAsec 12!


Speaker Feature: Drew Schmitt

Drew Schmitt is the GuidePoint Research and Intelligence Team Lead Analyst and is responsible for coordinating threat research, malware analysis, and operationalized intelligence teams. Drew is especially fond of malware research and reverse engineering. When not neck deep in malware, he loves to create new and open-source tools and improve his techniques and capabilities. Drew is also an avid teacher and mentor, and really enjoys helping other people realize their love of malware, threat intelligence, and–above all–making threat actors’ lives harder. In past lives, Drew spent time as an incident responder, threat hunter, and IT administrator.

Twitter: @5ynax

Ransomware Rebranding … So Hot Right Now!

Ransomware rebranding is becoming a common technique that ransomware groups are leveraging to obfuscate their operations and remain under the radar. From high-profile groups like Evil Corp to groups like AlphV and Blackbyte, the rebranding process has provided viable solution for extending operational capabilities after high profile attacks. This talk will examine rebranding trends since 2020 and provide a thorough review of the impacts ransomware rebranding has had on the operational capacity of multiple ransomware groups. Lastly, this talk will analyze methods that threat intelligence analysts can utilize to compare traits and behaviors between ransomware groups to determine if the group is a likely rebrand or a new group altogether.

Come see Drew at RVAsec 12!

RVAsec 2023


Speaker Feature: Josh Cigna

Josh Cigna is a solutions architect at Yubico focused on supporting enterprises on the impacts of regulations, requirements, and the latest authentication technologies. He is passionate about evangelizing user focused security solutions—advising organizations that user experience should be a key consideration alongside risk mitigation and meeting compliance mandates. Joshua’s experience includes the definition, design and implementation of IAM processes and programs. Prior to Yubico, he held technical positions at Thomson Reuters and Capital One and holds a CISSP certification.

Twitter: @Sporksan

Everything you never knew you wanted to know about Passkeys

Passwords have long been the bane of user, IT support staff & security professional. Compromised passwords are the leading source of account takeover and system breach, attackers are simply logging in and no longer breaking in! Solutions in the past have always come with caveats, but with the inclusion of Passkeys into most major operating systems and platforms a true light may be at the end of the tunnel. Join this panel to learn about the sorted history of passwords, current and developing trends with passwordless authentication, and what the best practice for Passkeys looks like!

Come see Josh at RVAsec 12!

RVAsec 2023


Speaker Feature: Dwayne McDaniel

Dwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.

Twitter: @mcdwayne

Who Goes There? Actively Detecting Intruders With Cyber Deception Tools

Ever wish you could set traps for intruders in your environment? While you can’t rig explosions or rolling boulders when someone attacks your servers, you can set up false credentials that trigger alarms you can act against. That is the whole idea behind honeytokens!

Come to this session to learn how honeytokens work

Come see Dwayne at RVAsec 12!

RVAsec 2023


Speaker Feature: Aliscia Andrews

“Aliscia Andrews:
Aliscia Andrews started her Homeland Security career more than 15 years ago while serving as an Intelligence Analyst and Weapons and Tactics Instructor for the United States Marine Corps. After the Marine Corps, Mrs. Andrews completed her MBA and Cybersecurity Management Certificate from Georgetown University.

After her time in the Marine Corps, Mrs. Andrews, continued honing in her analytical tradecraft in both the public and private sector. Her work portfolio has focused primarily on finding complex solutions to challenging Government problems as a strategic management, analytic, and cyber policy advisor in support of multiple government agencies both in and out of the Intelligence Community.

Today Mrs. Andrews is proud to be the Deputy Secretary of Homeland Security for the Commonwealth of Virginia. She continues to serve her community as a member and volunteer on multiple PTOs, disadvantaged children’s groups, church ministry groups, youth sports leagues, and mentors transitioning Veterans. Deputy Secretary Andrews resides in Aldie, Virginia with her Husband and three children.

Twitter: @alisciaandrews

Cyber, the Commonwealth and You

Discussion on the importance of a whole of government approach to cyber.

Come see Aliscia at RVAsec 12!

RVAsec 2023


Speaker Feature: Brendan O’Leary

Brendan O’Leary is Head of Community at ProjectDiscovery. He spends his time connecting with developers, security engineers, contributing to open source projects, and sharing his thoughts on cutting-edge technologies on conference panels, meetups, in contributed articles and on blogs.

Twitter: @olearycrew

Shakespeare, Bacon, and the NSA

The peculiar story of the history of cryptography – featuring a code-breaking Quaker poet.

Come see Brendan at RVAsec 12

RVAsec 2023


Speaker Feature: Denis Mandich

Denis Mandich:

  • CTO and Co-founder of Qrypt
  • Founding member of the Quantum Economic Development Consortium (QED-C)
  • Founding member of the Mid-Atlantic Quantum Alliance (MQA)
  • ANSI Accredited Standards Committee X9
  • ITU Telecommunications Standardization Sector (ITU-T)
  • Forbes Technology Council
  • Quside board member
  • 20-year USIC veteran
  • Physicist

Twitter: @qrypt_inc

Quantum Cybersecurity

The advent of quantum computers promises to have profound economic impact because they solve lucrative industry problems that are otherwise impossible. The dark side is the consequences to global cybersecurity and the encryption systems fundamental to almost every aspect of our digital lives, including the cyber tools needed to protect them. Although 1970s-era PKI infrastructure has served us well for decades, it provides no assurance against the threat of “harvest now, decrypt later”. The transition to post quantum cryptography standards must be accompanied by more advanced techniques to ensure durable privacy, which is now a national economic security imperative. Fortunately, new redundant hardware and software solutions eliminate the single point of attack and failure in our business critical systems.

Come see Denis at RVAsec 12!

RVAsec 2023


Speaker Feature: Adrian Amos

Adrian Amos:
I’ve supported the Richmond IT community since 1997, in every capacity from retail break/fix to military & corporate Wintel infrastructure. I transitioned to cloud solutions in 2010 and was the first technical hire at Synergy way back in 2012. I have a strong focus on identity & access management and collect terribly inconvenient hobbies.

Twitter: @ahamos

I <3 my password

Protecting identity is foundational to zero trust, and everybody wants passwordless, but is it always appropriate? If it is, how do we overcome barriers to success, and if it isn’t, how do we protect & isolate workloads to ensure the right people have the right access to the right apps & data? Any security approach must consider the human beings it’s designed to protect, while balancing the risks of authentication strengths.

Come see Adrian at RVAsec 12!

RVAsec 2023


Qasim “Q” Ijaz is a Director of Offensive Security at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the “dry” business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.

Twitter: @hashtaginfosec

Feature or a Vulnerability? Tale of an Active Directory Pentest

This talk is a summation of stories from my recent penetration tests inside Active Directory networks. I will use this time to discuss common methods I have used to obtain initial access inside Active Directory environments, the features that paved the way to lateral movement, and vulnerabilities that escalated me to Domain Admin. This talk is laid out in a way that benefits both entry-level and experienced penetration testers. The content is for both blue and red teamers looking to better understand common Active Directory configurations that can lead to compromise. It has everything from memes to kerberoasting, with a pinch of humor (no dad jokes, I promise).

Come see Qasim at RVAsec 12!

RVAsec 2023


Speaker Feature: Ian MacRae

Ian MacRae:
Ever since founding E-N Computers in 1997, Ian has been dedicated to helping people get the most out of their technology. Since then, he’s grown the company from a small computer repair shop into a top-tier regional managed services provider (MSP) that helps SMB and enterprise clients transform their IT through strategic outsourcing.
In his more than 25+ years in the IT world, he’s managed hundreds of IT professionals and helped 60+ clients overcome business challenges through wise use of technology. Ian’s problem-solving approach combines a passion for business success with extensive technical knowledge, as shown in experience that includes:
• Serving as Fractional Chief Security Officer for dozens of organizations include a Berkshire Hathaway owned subsidiary
• Overseeing cybersecurity multiple breach/ransom remediation, including for embassy in Washington, D.C.
• Implementing CMMC/NIST 800-171 compliance since 2017 for dozens of area organizations
• Made the list of Top Managed Service Providers (MSP501) multiple times

The state of NIST/CMMC compliance today

Get a 2023 update on NIST security framework and CMMC compliance. Business with the government is Virginia’s #1 industry. The government is sick of spending billions on projects only to find the data leaked onto the Internet. Due to this many government contracts require security compliance to the National Institute of Standards and Technology (NIST) 800-171 standard. For years businesspeople didn’t take the 110 security controls seriously. Now we are seeing deals being lost to the Supplier Performance Risk System score. Ian has helped dozens of organizations implement compliance programs since 2017 in his role of vCSO.

Come see Ian at RVAsec 12!

RVAsec 2023