Tag: Vulnerability Management

RVAsec 15 Speaker Feature: Michael Darling

May 8, 2026
Speaker

Secure by Design, Trusted Through Compliance (<– add to your schedule)

This talk will challenge listeners to redifine the traditional technical vs compliance mindset and thing of security as risk management. Whether it’s technical or contractual risk we should all be focused on the same goal of reducing material impacts to our organizations. It will walk through a model in which compliance is built upon strong technical foundations and becomes a mechanism for communicating trust to your organization, customers, and regulators

Michael Darling:
Michael Darling is the founder and Principal Consultant at Solstice Security, where he provides fractional CISO services and helps high confidentiality industries like defense, legal, and financial services build strong security programs and navigate their compliance challenges.

He has spent 25+ years building security programs that actually work. He led the ground-up development of a cybersecurity program at one of the largest law firms in the country and helped shape national cyber policy at the White House budget office and CISA. A retired Marine Lieutenant Colonel and combat veteran, he served in infantry, physical security, IT, and cybersecurity roles.

Michael is passionate about closing the gap between what security frameworks promise on paper and actual security outcomes.

Come see Michael Darling at RVAsec 15!

RVAsec 15 Speaker Feature: Michael Roytman & Max Voldman

May 5, 2026
Speaker

No Breach Required: $52 Million in Cybersecurity Fraud Settlements Built on Paperwork, Not Incidents (<– add to your schedule)

We present original research quantifying the gap between what federal contractors certify about their security posture and what vulnerability telemetry actually shows, combining data science with False Claims Act enforcement analysis to estimate the real FCA exposure across the defence industrial base. We then ask whether the industry’s own risk-scoring tools, built to make triage rational, are inadvertently building the evidentiary record that makes fraud prosecution easier.

Michael Roytman:
Michael Roytman is the CTO of Empirical Security. Previously, he was the Chief Data Scientist of Kenna Security, and a Distinguished Engineer at Cisco. He served on boards for the Society of Information Risk Analysts, Cryptomove, and Social Capital. He was the co-founder and executive chair of Dharma Platform (acquired, BAO Systems), for which he landed on the 2017 Forbes 30 Under 30 list. He currently serves on Forbes Technology Council.

Max Voldman:
Max Voldman is a partner at Whistleblower Partners LLP, in Washington DC. Max’s practice is focused on representing whistleblowers under the federal False Claims Act and numerous state law equivalents, and the whistleblower programs of the Securities and Exchange Commission. Max has represented whistleblowers in various industries, including government contracting, healthcare, and education.

Come see Michael Roytman at RVAsec 15!

RVAsec 15 Speaker Feature: Victoria Mosby

May 4, 2026
Speaker

Use It Monday: A 5-Step Method for Turning Security Findings Into Stories Executives Act On (<– add to your schedule)

Security teams produce thorough, accurate reports that executives nod at and never act on. This talk teaches a practical 5-step method for translating findings into narratives that produce decisions — one you’ll practice live and use Monday morning.

Victoria Mosby:
Victoria Mosby is a cybersecurity strategist, advisor, and storyteller with 16 years of experience spanning federal consulting, governance and risk, and cybersecurity SaaS. She is the founder of Basilisk Security Consulting, a boutique advisory practice focused on security communication and executive alignment, and the creator of the Cyber Lorekeeper, a platform dedicated to making security concepts not just understandable but memorable.

Her work sits at the intersection of technical depth and business translation. As a Senior Sales Engineer at PlexTrac, Victoria partners with security teams to design workflows, align tooling to operational needs, and help practitioners communicate findings in ways that actually move decision-makers. She has briefed executives across healthcare, financial services, government, and critical infrastructure, and has spent years studying why some security reports generate action while most generate acknowledgment and nothing else.

That question became the Saga Framework, a comprehensive storytelling methodology for cybersecurity communication grounded in cognitive science research and built around seven narrative archetypes. The framework gives practitioners a repeatable system for translating technical findings into executive narratives that are visceral, specific, and designed to produce decisions. It includes a calibration system for matching narrative intensity to audience type, a practitioner toolkit, and a full written methodology. “Use It Monday” distills the framework’s most actionable core into a 5-step method practitioners can learn in a conference talk and apply the same week.

Victoria holds a Master’s in Cyber Forensics and has spent her career building bridges between the security team, the boardroom, and the broader community. Outside of work, she writes dark fantasy fiction, runs D&D campaigns, and crochets, usually while thinking about how narrative structure works in both storytelling and security briefings.

Come see Victoria Mosby at RVAsec 15!