RVAsec 2025 Video: Bruce Potter
CEO and Founder – Turngate

Title: Keynote
Bio: Bruce Potter has been doing cybersecurity for 30 years, which makes him kind of old. Bruce is currently the CEO and founder of Turngate, a SaaS audit log analysis company. Prior to that Bruce served as CISO at several companies including Clear Street, Expel, and the KeyW Corporation.

Bruce is the founder of The Shmoo Group and assisted with running ShmooCon, a cybersecurity conference that ran for the last 20 years in Washington DC. Bruce has done DARPA research, led red teams, broken large networks (in good and bad ways), and even helped bring Internet service to remote parts of Alaska in the mid-90’s.

• Youtube: https://youtu.be/KYGCTwJ-tCM

RVAsec 2025 Video: Mike Bailey
– Rotas Security

Title: Attacking & Defending ServiceNow: A Hands-on Lab for Red & Blue Teams
ServiceNow is a critical enterprise platform, often integrated with sensitive systems and privileged access. This talk explores how attackers can exploit misconfigurations and privilege escalation paths within ServiceNow to gain a foothold in an environment. We’ll walk through real-world attack techniques, from initial access to lateral movement, and demonstrate how defenders can detect and mitigate these threats.

In addition to offensive tradecraft, we’ll cover how to set up a dedicated lab to safely test these attack vectors, fine-tune detections, and improve defensive strategies. Whether you’re a red teamer looking to sharpen your tactics or a blue teamer aiming to strengthen your defenses, this talk will provide actionable insights and practical steps for securing ServiceNow.

• Youtube: https://youtu.be/LxwyQV8sIdA
• Slides: https://rvasec.com/slides/2025/Popovich_Bailey_Attacking_and_Defending_ServiceNow.pptx