There was a lot of competition in the CFP, but we’ve managed to whittle it down to another great lineup for RV4sec. So here are the speakers for the 2015 RV4sec conference!
For detailed information about the speakers and their talks please see rvasec.com/speakers/
Thank you to everyone who submitted a proposal to the CFP–the review team had to make some tough decisions and appreciate all the time and hard work that went into submitting.
Miss a talk or even the entire conference? No problem! All of the speaker videos and presentations are linked below, or you can view the full Youtube playlist here!
David Kennedy – Keynote
Gene Fishel – Keynote
Ben Tomhave – How to Achieve Success with Cyber Risk Assessment and Analysis
Brian Baskin – Introducing Intelligence into Malware Analysis
David J. Bianco – The Pyramid of Pain: Intel-Driven Detection & Response to Increase Your Adversary’s Cost of Operations
Dan Holden & Elizabeth Martin – Pissing Down The Leg Of Much Of Our Careers; Why Are You People Still Buying Firewalls & IPS?
David Sharpe & Katherine Trame – Real World Intrusion Response – Lessons from the Trenches
Evan Booth – Terminal Cornucopia: Demystifying the Mullet
Inga Goddijn – Cyber Insurance – Worth the Effort or Total Ripoff?
Jayson E. Street – The hacker in the fun house mirror (A talk on skewed perspectives)
Jack Mannino & Abdullah Munawar – How To Find Mobile Internet Love
Joey Peloquin – Offensive Mobile Forensics
Jonathan Dambrot – Third Party Risk Management and Cybersecurity
Kimberley Parsons & Carmen Sullo – Leading Security When the Rest of The Business Doesn’t Care About Security
mubix – Attacker Ghost Stories: Mostly Free Defenses That Gives Attackers Nightmares
Nick Popovich – I Found a Thing and You Can Too: ISP’s Unauthenticated SOAP Service = Find (almost) All the Things!
Pete Herzog – Five Secrets to Building an Amazing Security Culture in Your Organization
Ray Kelly – Man In The Front – Modifying the Android OS for Mobile Application Testing
Schuyler Towne – How to Make a Lock
Seth Hanford – CVSS v3 – This One Goes to 11
Steve Werby – Bad Advice, Unintended Consequences, and Broken Paradigms – Think & Act Different!
Gene Fishel currently serves as Senior Assistant Attorney General and Chief of the Computer Crime Section in Virginia Attorney General Mark Herring’s Office. In this capacity he directs prosecutions of computer fraud, identity theft, and child exploitation cases in state courts across Virginia, and serves as a Special Assistant United States Attorney in both the Eastern and Western Districts of Virginia where he prosecutes computer crime cases in federal court. He additionally oversees the office’s recently established Computer Forensics Unit which conducts investigations and computer forensic analyses for criminal cases across the Commonwealth. He also monitors organizations’ compliance with Virginia’s database breach notification laws, drafts legislation for the Virginia General A
ssembly, trains law enforcement and prosecutors statewide, and educates the public on issues involving computer crimes.
During his eleven-year tenure at the Attorney General’s Office, Gene has helped to draft and enact sweeping reforms to computer crime and child exploitation laws in Virginia, and has been involved in numerous novel and complex federal and state prosecutions, including the nation’s first, felony prosecution for illicit spamming in 2004. He has served on numerous boards and committees including the Board of Governors for the Criminal Law Section of the Virginia State Bar, the National White Collar Crime Center’s Cybercrime Advisory Board, the Virginia General Assembly’s Joint Committee on Technology and Science Advisory Committee, and the Governor’s Office of Substance Abuse Advisory Committee. He has also lectured and presented on data breach issues and computer crimes to various agencies, organizations, and conferences across the country including the Federal Trade Commission, the Central Intelligence Agency, the United States Capitol Staff, and United States Attorney conferences. In 2007, Gene was appointed as Senior Assistant Attorney General. Prior to his time at the Attorney General’s Office, Gene served as law clerk for the Second Judicial Circuit in Virginia Beach, VA. He received his JD from Wake Forest University and his BA, magna cum laude, from James Madison University.
@stevewerby / justifiableparanoia.com
Befriend / [OBFUSCATED]
Steve Werby is an independent security consultant and researcher at Befriend and a security architect at a Fortune 2^8 company. He’s held consultant, architect, and CISO roles in the information security field over the last 15 years.
Bad Advice, Unintended Consequences, and Broken Paradigms – Think & Act Different!
20 years ago information security was a low corporate priority that was the realm of technical geeks. Factors such as the rapidly-evolving threat environment and increased corporate impact have elevated it to a multidisciplinary risk management discipline…which sometimes has a seat at the table. This talk explores what we’re doing wrong, why it’s ineffective (or worse), and better ways of thinking and doing. You will learn to question the status quo, rethink existing paradigms, and leverage better approaches from information security and other disciplines. Think different! Act different!
Schuyler Towne is obsessed with locks. While he got his start picking locks competitively, his interest has since exploded into every aspect of their history, design and manipulation. He’s taught hackers, authors, cops and even toy designers. There is nothing Schuyler loves more than to talk locks with anyone who will listen. His interests in the history of physical security and design of locks provides a passionate background to his lectures and workshops on lockpicking. Currently he is attempting to recover lock patents lost in the 1836 patent office fire.
How to Make a Lock
Locks were one of the earliest complex mechanical devices. They are ubiquitous, yet remain very regional in concept. In this talk we’ll explore the process of inventing a lock. We’ll cover examples from around the world, some that persist to this day, some that failed before coming to market, and some that were , until recently, lost to history.
@falconsview / blogs.gartner.com/ben-tomhave/
Gartner
Ben Tomhave is a Research Director with Gartner for Technical Professionals. He holds a Master of Science in Engineering Management (Information Security Management concentration) from The George Washington University. He is a Certified Information Systems Security Professional (CISSP), co-chair of the American Bar Association Information Security Committee within the Section of Science & Technology, former board member at large for SIRA (www.societyinforisk.org), and a member of ISSA (NoVA chapter). He is a published author and an experienced public speaker, including recent speaking engagements with RSA USA, the ISSA International Conference, Secure360, RVAsec and RMISC.
How to Achieve Success with Cyber Risk Assessment and Analysis
Technical professionals are frequently asked to lead or participate in risk assessments or risk analysis, as well as to provide recommendations for the best approach an enterprise should adopt. Unfortunately, there has been little guidance (outside of expensive consultants) on how exactly to achieve success in this area. Until now. On the basis of recent Gartner research, this session provides guidance for achieving success with cyber risk assessment and analysis.
@jaysonstreet / f0rb1dd3n.com
Krypton Security
Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of http://dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006. 😉
The hacker in the fun house mirror (A talk on skewed perspectives)
This is a talk on perspectives. Hackers, and hacking, are perceived
differently around the world and, in turn, some view our community and
what we do with different eyes than ours. I believe most
reports/papers about that topic are skewed and never give a quite
accurate global image. It’s all about perspectives, and these are what
I will explore in this talk. Being a foreign hacker attending a con,
or delivering an engagement, in an alien land often led to unexpected
situations that I will also recount. I am not only looking to
enlighten and entertain attendees with this talk, but also to have
them take a step back and look at the big picture, at what they are
part of; a global community that spreads beyond borders and
continents. My hope is that the contents of this talk will circulate
wider than just Con attendees so family, friends and co-workers get a
better understanding of who we are, what we stand for, and what that
thing is that brings us all together globally under one banner.
GE – GE-CIRT
David Sharpe and Katherine Trame are currently incident responders in GE-CIRT’s Advanced Threats team. The GE-CIRT Advanced Threats team provides world class incident response services for APT-related matters for the entire GE organization. David has a wide range of IT experience spanning 19 years. He has served in a variety of roles in Fortune 10 and Fortune 500 companies, ranging from systems programmer writing device drivers and operating system components, to large scale systems administration, to IT security. David joined GE-CIRT in 2011. Katherine served as an intelligence analyst with the Hampton, VA Police Division for five years during which she gained experience in tactical/operational intelligence and computer forensics. Katherine joined GE-CIRT in 2013.
Real World Intrusion Response – Lessons from the Trenches
Two battle-scarred, sleep-deprived GE-CIRT incident responders share lessons learned from the trenches, from their daily duties repelling real world, high-end network intrusions globally. This talk will include fresh thinking and innovative ideas in: intrusion response, intrusion detection, effective use of intel, and defensive operations. We will cover roughly a dozen (time permitting) cutting edge ideas and techniques that you can take back to your own organizations and put into practice right away.
@pipefish_ / pipefish.me
Sunera LLC
Nick Popovich’s passion is learning and exploring the offensive side of IT security. He works as a penetration tester, trying to raise the overall security posture of organizations through infrastructure security testing. Nick’s mission is to help individuals and organizations involved with the defensive side of InfoSec understand the mechanics and methods of the attackers they defend against, and to assist in realistically testing those defenses. He’s a lifelong learner and loves finding new ways to get under the hood of systems and networks. He is a father of two and a husband to one.
I Found a Thing and You Can Too: ISP’s Unauthenticated SOAP Service = Find (almost) All the Things!
This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope. This is will be a discussion of a recent independent research project that eventually lead to an information disclosure vulnerability by a major U.S. ISP. This is also an example of when a coordinated disclosure goes right.
What began with simple curiosity into the inner workings of an application lead to the ability to list wireless network names and wireless encryption keys (among other things) armed only with a WAN IP address.
@jdpeloquin / www.guidepointsecurity.com
GuidePoint Security
Joey has over 15 years of experience in the information technology industry specializing in information security. Prior to joining the GuidePoint Security team, he served as World Wide Security Architect for F5 Networks focusing on mobile and application security, and authentication and access security. His previous experience includes managing application and mobile security consulting teams at national security consulting firms, and leading JCPenney’s internal penetration-testing team. Joey is an active member of the information security community, speaking frequently at conferences and security events such as OWASP, TakeDownCon, ISSA, and has written, or appeared in, articles by Hakin9, SC Magazine, SD Times, and Information Week. He is also an accomplished technical scuba diver and PADI Divemaster.
Offensive Mobile Forensics
It’s official; enterprise mobility has been redefined, and Bring Your Own Device is a permanent reality, not a trend or fad. The problem everyone has failed to solve, however is not protection of the device itself. MDM, and now MAM are failed attempts to enable the secure use of personally-owned mobile devices. They’ve failed because they stop short of providing a holistic solution for data protection. Enter Offensive Mobile Forensics, a process in which an analyst employs use of the same techniques and tools potential attackers or criminals use on lost or stolen devices, to determine the actual risk of that loss or theft to the enterprise. What data is accessible?
