RVAsec 2023: Full Schedule

Streaming: https://mssvideo.vcu.edu/RVAsec

7:59am EDT

Registration - Day 1 Morning

Tuesday June 13, 2023 7:59am - 12:00pm EDT
1st Floor, Magnolia Room

8:00am EDT

Breakfast - Day 1

After you get registered, come upstairs and enjoy breakfast!
Make sure you are in the ballroom by 9am for the welcome session.

Go see our vendors in the Expo!

Menu:

VA Baked/Fried Ham Biscuits (Honey and Apple butter on the side)
Mini Veggie Frittatas GF/Vegetarian/Dairy Free
Thick Cheese Grits w/ butter GF/Vegetarian
Muffins (Cranberry Orange Walnut, Blueberry, Chocolate)
Seasonal Fruit GF/Vegetarian/Vegan/Dairy Free

Tuesday June 13, 2023 8:00am - 9:00am EDT
Top of The Grand

Food

9:00am EDT

Welcome Day 1

Welcome to RVAsec 12!

Remarks will be provided about what to expect at the conference and many thanks to our volunteers and sponsors for making it possible.

We will also have short presentations on CTF, Badge, and Lock Picking.

Speakers

Jake Kouns

Founder, RVAsec

Jake is the founder of RVAsec and was previously the CEO for Risk Based Security that provides vulnerabilities and data breach intelligence. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Kouns has presented at many well-known... Read More →

Tuesday June 13, 2023 9:00am - 9:30am EDT
Ballroom

Informational

9:30am EDT

Keynote

Speakers

Paul Asadoorian

Conference Speaker (Keynote), rihackers

Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. He is the founder of the Security Weekly podcast network, offering freely available shows... Read More →

Tuesday June 13, 2023 9:30am - 10:30am EDT
Ballroom

Keynote

10:00am EDT

HackRVA Badge Training & Repair

Come learn about your badge, get it fixed if there are any issues and talk to HackRVA!

HackRVA is a member-run and organized non-profit makerspace in Richmond, Virginia. HackRVA is a space filled with tools, computers, and people who like to build, invent, tinker, expand their minds, and learn and share new skills. You’ll find a diverse group of individuals who are into electronics, woodworking, embedded software, metalworking, programming, music, art, video, photography, 3D printing, sewing, textiles, and virtual reality—and that’s for starters. HackRVA members have access to the makerspace, tools, community and learning opportunities through member-lead workshops, events and projects.

Tuesday June 13, 2023 10:00am - 4:30pm EDT
Rappahannock

Village

10:00am EDT

Lock Picking Village and Contest

A variety of example locks, from simple to extremely hard, along with a picks of all shapes and sizes will be available in our lock pick village.

Stop by and have some fun testing your skills! Provided hand sanitizer will be required to help reduce the modern risks while we explore the oldest security mechanism on earth!

If you fancy yourself a strong picker or have a competitive streak, we are planning to have a time contest of a series of locks, with the fastest through them all taking home something epic.

Tuesday June 13, 2023 10:00am - 5:00pm EDT
Rappahannock

Village

10:30am EDT

Vendor Break & Room Change

Break and room change.

We need all attendees to leave both ballrooms quickly as possible so we can split the room for sessions.

Go see our vendors in the Expo!

Menu:

Warm Mini Cinnamon Buns w/ Icing
Cold Individual Vanilla Yogurt Parfaits with berries & Granola topping Vegetarian

Tuesday June 13, 2023 10:30am - 11:00am EDT
Potomac

Vendor Break

10:30am EDT

Registration

After the initial rush of registration in the moving, it will be relocated to the "Top of the Grand".
If you have any questions or issues please stop by for help.

This is also where you can turn in your Passport for Prizes.

WiFi sponsored by RVAsec: Omni Meeting Password: PASSWORD SOON

Tuesday June 13, 2023 10:30am - 5:00pm EDT
Top of The Grand

Informational

11:00am EDT

Cybernation: The FUD, Facts, and Future of Software Liability and Security

When the 2023 National Cybersecurity Strategy called for “shifting liability to promote secure development practices,” the response from the security (and legal) community often overstated the novelty of the proposal. We have already been living with (various forms of) software liability for confidentiality, integrity, and availability failures for over two decades. This talk clarifies the legal landscape of both what already exists and the likely paths for the future. Cautioning against various security dystopias including Hannah Arendt’s “cybernation,” this talk offers suggestions on buildouts to existing threat modeling frameworks to explicitly consider factors used by courts and regulators to determine liability. These buildouts can better align the security team and in-house counsel in a joint defensive enterprise. But, two scaling issues will remain: the need for a technology regulator of last resort (a “TRoLR”) and a security community-driven model of professionalism.

Speakers

Andrea Matwyshyn

Professor, Law & Engineering, Penn State

Dr. Andrea Matwyshyn is a full professor in the law school and engineering school at Penn State, the Associate Dean of Innovation at Penn State Law, and the founding faculty director of both the Penn State PILOT Lab (Policy Innovation Lab of Tomorrow), an interdisciplinary technology... Read More →

Tuesday June 13, 2023 11:00am - 11:50am EDT
Ballroom A/B

Business

11:00am EDT

I Heart My Password

Protecting identity is foundational to zero trust, and everybody wants passwordless, but is it always appropriate? If it is, how do we overcome barriers to success, and if it isn't, how do we protect & isolate workloads to ensure the right people have the right access to the right apps & data? Any security approach must consider the human beings it's designed to protect, while balancing the risks of authentication strengths.

Speakers

Adrian Amos

Conference Speaker, Syntech VA

I've supported the Richmond IT community since 1997, in every capacity from retail break/fix to military & corporate Wintel infrastructure. I transitioned to cloud solutions in 2010 and was the first technical hire at Synergy way back in 2012. I have a strong focus on identity & access... Read More →

Tuesday June 13, 2023 11:00am - 11:50am EDT
Ballroom C/D

Technical

11:50am EDT

Lunch

BOX LUNCHES ARE ALL THE SAME - inside you will find: Individually Wrapped Roll, Coleslaw, Route 11 Chip, Brownies, hot sauce, Utensil Packets w/ Napkins
(NOTE: There will be a select few boxes with GF buns - they will be labeled)
CHOOSE ONE:

Shredded/minced BBQ Chicken Breast
Diced Portobello Mushrooms (Vegetarian) in GF BBQ Sauce

Tuesday June 13, 2023 11:50am - 1:00pm EDT
James River Foyer

Food

1:00pm EDT

Everything You Never Knew You Wanted To Know About Passkeys

Passwords have long been the bane of user, IT support staff & security professional. Compromised passwords are the leading source of account takeover and system breach, attackers are simply logging in and no longer breaking in! Solutions in the past have always come with caveats, but with the inclusion of Passkeys into most major operating systems and platforms a true light may be at the end of the tunnel. Join this panel to learn about the sorted history of passwords, current and developing trends with passwordless authentication, and what the best practice for Passkeys looks like!

Speakers

Josh Cigna

Yubico

Josh Cigna is a solutions architect at Yubico focused on supporting enterprises on the impacts of regulations, requirements, and the latest authentication technologies. He is passionate about evangelizing user focused security solutions—advising organizations that user experience... Read More →

Tuesday June 13, 2023 1:00pm - 1:50pm EDT
1st Floor, Magnolia Room

101

1:00pm EDT

Corporate Dungeon Master: How to Lead Cyber Games at Work

Military organizations have long known the value of “training as you fight”, but commercial entities only realized its importance in the last few years. Consequently, the Cyber Action Officer role recently became a priority for the average company. Are you a security-geek like Jason Wonn who loves role-playing games (RPGs) and want the opportunity to lead a party through incident response to the most prevalent cyber threats? In this original talk, discover how to lead games (table-top exercises) at work as a “Corporate Dungeon Master” (Cyber Action Officer), narrating the story (facilitation), controlling the monsters (cyber threats), and creating an adventure that will have your players leveling-up (process improvement).

Speakers

Jason Wonn

Cyber Action Officer, Navy Federal Credit Union

Jason Wonn is a results-focused information security leader with 30+ years of combined national intelligence, information assurance, and cyber threat intelligence expertise throughout the civilian and military sectors. Jason is a “Richmonder” but works for Navy Federal Credit... Read More →

Corporate Dungeon Master How to Lead Cyber Games at Work pdf

Tuesday June 13, 2023 1:00pm - 1:50pm EDT
Ballroom C/D

Business

1:00pm EDT

Context Matters: Tailoring Tradecraft to the Operational Environment

With the advancements in defensive capabilities, from endpoint protection to user behavior analytics, operating within mature environments has become more difficult than ever. However, with each of these capabilities comes constraints that Red Teamers can abuse to shift the operational asymmetries and increase their strategic advantage. This talk will discuss how Red Teamers can shift their current operational mental models to abuse these constraints to blend-in more naturally within environments as they seek to complete target objectives.

Speakers

Fletcher Davis

Senior Red Team Consultant, CrowdStrike

Fletcher is currently a Senior Red Team Consultant at CrowdStrike, specializing in Adversary Simulation operations and Offensive Security research.

Tuesday June 13, 2023 1:00pm - 1:50pm EDT
Ballroom A/B

Technical

1:00pm EDT

CTF Prep

Come prep and learn more about the CTF contest!

Tuesday June 13, 2023 1:00pm - 4:00pm EDT
Shenandoah Room

CTF

1:50pm EDT

Vendor Break

Go see our vendors in the Expo!

Milk & Cookies: Warm Mini Cookies Vegetarian
- Cold Milk
- Chocolate Milk

Tuesday June 13, 2023 1:50pm - 2:00pm EDT
Potomac

Vendor Break

2:00pm EDT

Adversary TTP Evolution & the Value of TTP Intelligence

Awareness of the benefits of behavior-focused defense is growing, and more intelligence around adversary tactics, techniques, and procedures ("TTPs") is available now than ever. However, as major adversaries increasingly modify their TTPs, teams struggle to track and manage the rising volume of TTP intel. We’ll review recent examples of adversary TTP evolution, including ransomware and commodity loader case studies, a summary of the TTP intelligence landscape, and guidance on effective intelligence collection, processing, and application for defenders.

Speakers

Scott Small

Director of Cyber Threat Intelligence, Tidal Cyber

Scott Small is a security & intelligence practitioner and expert in cyber threat intelligence & threat modeling, open source research & investigations, and data analysis & automation. He currently serves as Director of Cyber Threat Intelligence at Tidal Cyber. Scott has advised enterprise... Read More →

Tuesday June 13, 2023 2:00pm - 2:50pm EDT
Ballroom A/B

101

2:00pm EDT

"A programmatic approach to enterprise security" OR "How to not waste your security budget on sh!7 that doesn't matter!"

This fast paced, poking fun at ourselves presentation, tells a story through examples of how a majority of companies are fixated on old industry "worst practices". As we wander though the twisted road of things that we do THAT WE SHOULDN'T, the audenice will likely find themselves thinking differently about how the approach enterprise security programs, have a chance to laugh at how human we all are, and walk away with a new perspective.

Tuesday June 13, 2023 2:00pm - 2:50pm EDT
Ballroom C/D

Business

2:00pm EDT

Software Bills of Behaviors: Why SBOMs Aren't Enough

Most software supply chain-related tools fall into a few categories: SBOM generation, vulnerability analysis, build policies, and source-code analysis. These do not address the problem exemplified by the SolarWinds supply-chain malware insertion attack. Software Bills of Behaviors provide an understanding of what the software is doing and how it has changed providing a defense against Solarwinds-style attacks.

Speakers

Andrew Hendela

Co-founder, Karambit.AI

Andrew has over a decade of cybersecurity experience leading teams tackling hard challenges. His technical expertise involves automating a wide range of problems, including cyber attribution, malware analysis, and vulnerability research.

Tuesday June 13, 2023 2:00pm - 2:50pm EDT
1st Floor, Magnolia Room

Technical

2:50pm EDT

Vendor Break

Go see our vendors in the Expo!

Menu:

Potato Chips & French Onion Dip - GF/Vegetarian

Tuesday June 13, 2023 2:50pm - 3:00pm EDT
Potomac

Vendor Break

3:00pm EDT

Feature or a Vulnerability? Tale of an Active Directory Pentest

This talk is a summation of stories from my recent penetration tests inside Active Directory networks. I will use this time to discuss common methods I have used to obtain initial access inside Active Directory environments, the features that paved the way to lateral movement, and vulnerabilities that escalated me to Domain Admin. This talk is laid out in a way that benefits both entry-level and experienced penetration testers. The content is for both blue and red teamers looking to better understand common Active Directory configurations that can lead to compromise. It has everything from memes to kerberoasting, with a pinch of humor (no dad jokes, I promise).

Speakers

Qasim Ijaz

Director of Offensive Security, Blue Bastion Security

Qasim "Q" Ijaz is a Director of Offensive Security at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas... Read More →

Tuesday June 13, 2023 3:00pm - 3:50pm EDT
Ballroom C/D

101

3:00pm EDT

Beyond The Pandemic: How The Pandemic Shaped Organizations and Their Security Architecture

How did the pandemic affect your organization and how it operates? Does you current security model still work with your organization? This talk explores how an organization transformed its security architecture throughout and after the pandemic.

Speakers

Dan Han

CISO, Virginia Commonwealth University

Dan is the Chief Information Security Officer for VCU. He has over 20 years of experience working in IT and information security. Before getting into information security, he worked in application development, network and system administration, and database administration. He holds... Read More →

Tuesday June 13, 2023 3:00pm - 3:50pm EDT
1st Floor, Magnolia Room

Business

3:00pm EDT

Maturing Your Threat Hunting Operations

This talk will present a roadmap for designing a mature threat hunting service. A maturity model will be shared, along with prerequisites and incremental steps along the way.

Having built the Threat Hunting service at the Federal Reserve, I will share our journey, recommend approaches and resources, and provide a path for listeners to follow to do the same.

Speakers

Andrew Skatoff

Conference Speaker, Conference Speaker

Andrew has been securing and protecting critical infrastructure networks since 2002.Raised by a Topgun Marine fighter pilot and a middle school special education teacher, Andrew was always driven to find meaningful work, solve interesting problems and help others do the same in an... Read More →

Tuesday June 13, 2023 3:00pm - 3:50pm EDT
Ballroom A/B

Technical

3:50pm EDT

Vendor Break

Go see our vendors in the Expo!

Menu:

Potato Chips & French Onion Dip - GF/Vegetarian

Tuesday June 13, 2023 3:50pm - 4:00pm EDT
Potomac

Vendor Break

4:00pm EDT

Network 201: A Tour Through Network Security

Taking the Network 101 presentation at RVAsec 2019 a bit further, this talk will dive into network security aka technical security controls that should be considered with respect to risk management in common environment, including private/public cloud and the recent industry buzz words around ZTNA - Zero Trust Network Access.
If you have ever wondered how you might use a VRF to segment authenticated user traffic, this is a talk for you. If you are trying to cut through buzzwords that a sales guy is throwing your way about how to protect your remote workers, this is a talk for you.

Speakers

Rick Lull

Sr Security Solution Architect, InterVision Systems

Lifelong geek turned security consultant after stops as a desktop tech, server bubba, and network jockey. Rick is a healthcare IT survivor, and is now playing Horatio on the bridge for hire with a national technology consulting company, advising clients on security strategy and operations... Read More →

Tuesday June 13, 2023 4:00pm - 4:50pm EDT
1st Floor, Magnolia Room

101

4:00pm EDT

Why You Can't Call the Police

Let me tell you a story about what it's like as a lawfirm's investigator to try to get justice for someone after they've been robbed online. The problem starts with finding the perpetrator. We will walk through the process of investigating crypto hot wallets and NFTs while we collect electronic evidence with proper chain of custody to prove a theft occurred. Then I'll show you how we need to dox and hack our way through the web of forums and social networks to uncover an anonymous suspect. Again, keeping proper, court-admissable evidence. I'll introduce you to the AI tools and automation we built to capture and search huge volumes of discussions and videos the moment they appear in many of the popular social networks and forums. Finally, I'll end the tale with who we found and how we sent the police to their home to get justice. But it's not a happy ending.

Speakers

Amelia Szczuchniak

Security Analyst, ISECOM

Amelia is a security analyst working for ISECOM. From the beginning of her path in the cybersecurity industry, she’s been working with and learning from acknowledged professionals. This gave her a strong foundation and a set of skills that she intends to greatly expand. On a daily... Read More →

Tuesday June 13, 2023 4:00pm - 4:50pm EDT
Ballroom A/B

Technical

4:50pm EDT

Day 1 - Closing

Remarks will be provided on Day 1, and what to expect for the rest of the evening and Day 2.

Speakers

Jake Kouns

Founder, RVAsec

Chris Sullo

Founder, RVAsec

Chris is the founder of RVAsec and Head of Innovation at Project Discovery, Inc. Chris has been in the security industry for 27 years, working in various research and security roles with Focal Point, HP (SPI Dynamics) and Capital One. He is the author of the “Nikto” web server... Read More →

Tuesday June 13, 2023 4:50pm - 5:00pm EDT

Informational

5:00pm EDT

Vendor Break & Room Change

Menu:

Fresh Vegetable Crudite with Housemade Ranch Dip Vegetarian (veggies GF/Vegan)
Warm Spinach Artichoke Dip with Pita Chips and Assorted Crackers Vegetarian

Tuesday June 13, 2023 5:00pm - 5:30pm EDT
James River Foyer

Vendor Break

5:30pm EDT

RVAsec After Party

We are shaking things up at the end of the first day of RVAsec with our exhilarating Casino Night! This spectacular event begins immediately after the last talk on Tuesday, running from 5:30pm to 9:00pm. Step into a lively atmosphere, reminiscent of Las Vegas, right here in Richmond.

The RVAsec 12 after party, brought to you by RVAsec (still looking for a sponsor to make it even more epic!), will be at in the main Omni Ballroom on Tuesday, June 13th, right after the conference ends!

5:00pm to 9pm: Food/Beverage/Music
5:30ish: Let the games begin!
8:30ish: Games close and we will announce winners!

We’ve curated an array of classic casino games for your enjoyment. Roll the dice at the Craps table, or give our Roulette wheel a spin. If cards are more your speed, try a hand at our Black Jack table, or go all-in with Texas Hold ‘Em Poker. We also offer the exciting Texas Hold ‘Em Bonus Poker Table for a thrilling twist.

But it’s not all dice and cards – test your accuracy with our Golf Shot game, or back a winner with River City Horse Racing. And the best part? There will be food, beverages, music and fabulous prizes for the top players!
So whether you’re a gaming veteran or a novice, this is your chance to relax, have fun, network, and possibly win big! As the day’s talks wrap up, prepare to immerse yourself in an unforgettable evening at the RVAsec after party!

Let the best players win!

This is an exclusive event, so you must be registered to attend or you will not be allowed entrance–no exceptions!
Important Notes:

Menu:

Fried Chicken Breast Sliders with Chipotle Mayo & Country Slaw
Chipotle Steak Skewer w/ dipping sauce
Crab cakes w/ remoulade sauce
Crispy Roasted Potatoes w/ ketchup on the side GF/Vegetarian/Vegan
Housemade Mac & Cheese Vegetarian
Mini River City S’mores (SERVED WARM)
Mini tarts: key lime, lemon, chocolate
Beer, Wine - including RVAsec beer (Garden Grove - Nevermore Brown Ale) and a Cider Option (Stella Artois Cidere, Bold Rock or Angry Orchard) - a non-alcoholic punch made up of OJ, Pineapple and Cranberry juices w/ lime (sorta like a madras) served in pitchers and sodas (self-serve).

Tuesday June 13, 2023 5:30pm - 9:00pm EDT
Ballroom

Social

7:59am EDT

Registration

If you were not able to attend Day 1, please proceed upstairs to register.
If you have any questions or issues please stop by for help.

This is also where you can turn in your Passport for Prizes.

WiFi sponsored by RVAsec: Omni Meeting Password: PASSWORD SOON

Wednesday June 14, 2023 7:59am - 5:00pm EDT
Top of The Grand

Informational

8:00am EDT

Breakfast

Come upstairs and enjoy breakfast before the Day 2 welcome session!

Menu:

Toasted Bagel Sandwich w/ Crispy Bacon & Fried Egg (mayo on the side)
GF Breakfast Wraps with Egg Whites, Spinach, Peppers & Onion Vegetarian/GF
Hashbrowns (ketchup on the side) Vegetarian/GF
Doughnut Holes & Danishes Vegetarian
Seasonal Fruit Vegetarian/Vegan/GF

Wednesday June 14, 2023 8:00am - 8:50am EDT
Top of The Grand

Food

8:50am EDT

Welcome - Day 2

Welcome to Day 2 RVAsec 12!

Remarks will be provided about what to expect at the conference and many thanks to our volunteers and sponsors for making it possible.

Speakers

Jake Kouns

Founder, RVAsec

Wednesday June 14, 2023 8:50am - 9:00am EDT
Ballroom

Informational

9:00am EDT

Keynote: Building Leadership, 1% at a time

Leadership development and training is usually applied after the fact: someone is in a leadership role, having demonstrated some skills, and now is sent for leadership training, where they are told THE ONE TRUE WAY to lead. If that WAY is close to their style, they gain benefit. If it isn’t, then at least they’ll be in a room with some colleagues to commiserate over bad coffee.

But zoom even takes away the bad coffee.

The reality is that there is no one way to lead, and there is no silver bullet. But everyone is a leader, even if only through influence and affect, so it is never too early to practice leadership. And never too late – or too early – to refine your practice.

Speakers

Andy Ellis

Advisory CISO, Orca Security

Andy is the author of 1% Leadership. He is the Advisory CISO at Orca Security and the Operating Partner at YL Ventures, and is an advisor to several cyber security startups, including Vulcan, Uptycs, Grip, Perygee, Vendict, Valence, Piiano, and Eureka. He is the founder and CEO... Read More →

Wednesday June 14, 2023 9:00am - 10:00am EDT
Ballroom

Keynote

10:00am EDT

Vendor Break

Go see our vendors in the Expo!

Menu:

Warm Coffee Cake Vegetarian
Warm Peach and Apple Cobbler Vegetarian

Wednesday June 14, 2023 10:00am - 10:30am EDT
Potomac

Vendor Break

10:00am EDT

CTF Competition

Wednesday June 14, 2023 10:00am - 3:00pm EDT
Shenandoah Room

CTF

10:00am EDT

HackRVA Badge Training & Repair

Wednesday June 14, 2023 10:00am - 4:00pm EDT
Rappahannock

Village

10:00am EDT

Lock Picking Village and Contest

Wednesday June 14, 2023 10:00am - 4:00pm EDT
Rappahannock

Village

10:30am EDT

Shakespeare, Bacon, and the NSA

The peculiar story of the history of cryptography - featuring a code-breaking Quaker poet

Speakers

Brendan O'Leary

Head of Community, ProjectDiscovery

Brendan O'Leary is Head of Community at ProjectDiscovery. He spends his time connecting with developers, security engineers, contributing to open source projects, and sharing his thoughts on cutting-edge technologies on conference panels, meetups, in contributed articles and on b... Read More →

Wednesday June 14, 2023 10:30am - 11:20am EDT
Ballroom C

101

10:30am EDT

Top 5 CISO Findings of 2022

Throughout 2022, my team has tracked emerging trends while assisting organizations of various sizes and maturity with Virtual CISO, IT/OT Risk Assessments, Offensive Assessments, and Security Program Management engagements. TOP 5 CISO Findings (most frequently observed not necessarily the most severe) resulted from our tracking. This presentation unveils the findings, discussing them in the context of current and emerging threats. I also incorporate an MIT Sloan cybersecurity use case and the Verizon DBIR to expound on the findings.

We close out the talk by listing remedies for the Top 5 Findings. A sampling of remedies includes the selection of a framework, threat modeling, and tactical assessments to help organizations discover and avoid the risks associated with the Top 5 Findings.

Speakers

Mark Arnold

VP, Advisory Services, Lares Consulting LLC

Mark Arnold has a 20+ cybersecurity career, serving 8 of those years in leadership roles. As a transformational leader, Mark has built security teams and programs, authored maturity model blueprints, and implemented security domain practices at large enterprises and service providers... Read More →

Wednesday June 14, 2023 10:30am - 11:20am EDT
Ballroom A/B

Business

10:30am EDT

Heap Exploitation from First Principles

In this talk I will discuss the process of building a userland heap allocator, identify the inherent vulnerabilities that exist in heap allocation, and demonstrate methods to exploit these vulnerabilities.

Speakers

Kevin Massey

Security Analyst, Winebow

I am a security analyst who does independent security research. I focus on vulnerabilities, binary exploitation, and network protocols.

Wednesday June 14, 2023 10:30am - 11:20am EDT
Ballroom D

Technical

11:20am EDT

Vendor Break

Go see our vendors in the Expo!

Menu:

Warm Coffee Cake Vegetarian
Warm Peach and Apple Cobbler Vegetarian

Wednesday June 14, 2023 11:20am - 11:30am EDT
Potomac

Vendor Break

11:30am EDT

The State of NIST/CMMC Compliance Today

Get a 2023 update on NIST security framework and CMMC compliance. Business with the government is Virginia's #1 industry. The government is sick of spending billions on projects only to find the data leaked onto the Internet. Due to this many government contracts require security compliance to the National Institute of Standards and Technology (NIST) 800-171 standard. For years businesspeople didn't take the 110 security controls seriously. Now we are seeing deals being lost to the Supplier Performance Risk System score. Ian has helped dozens of organizations implement compliance programs since 2017 in his role of vCSO.

Speakers

Ian MacRae

CEO, E-N Computers

Ever since founding E-N Computers in 1997, Ian has been dedicated to helping people get the most out of their technology. Since then, he’s grown the company from a small computer repair shop into a top-tier regional managed services provider (MSP) that helps SMB and enterprise clients... Read More →

Wednesday June 14, 2023 11:30am - 12:20pm EDT
Ballroom D

101

11:30am EDT

This Is The Way: A New Leadership Creed for Info-Sec Professionals

With fun and powerful examples from Disney’s The Mandalorian, InfoSec professionals will explore the new and different leadership skills required after the immense changes in the past few years. Global events including the pandemic, inflation, supply chain problems, digital transformation, and political turmoil, have caused new pressures, new threats, and changes moving faster than an N1-starfighter in hyperspace!

Explore the latest research and trends in leadership, discuss the impacts on the InfoSec industry, and refresh your leadership creed. People leaders, technical experts and InfoSec professionals at all levels will be challenged to assess their current leadership strengths and discover new ways to stretch and develop skills to meet the intense demands in Cyber leadership today and beyond. This is the Way!

Speakers

Kate Collins

Founder, BrightPoint Coaching & Consulting, LLC

Kate Collins has over 28 years of leadership experience from front-line supervisor to CHRO, is a PCC executive coach, HR consultant, and leadership development expert. For the last 10 years, Kate has served as a leadership coach to Cyber, IT, Healthcare, Government, Academic, Insurance... Read More →

Wednesday June 14, 2023 11:30am - 12:20pm EDT
Ballroom C

Business

11:30am EDT

Who Goes There? Actively Detecting Intruders With Cyber Deception Tools

Ever wish you could set traps for intruders in your environment? While you can't rig explosions or rolling boulders when someone attacks your servers, you can set up false credentials that trigger alarms you can act against. That is the whole idea behind honeytokens!

Come to this session to learn how honeytokens work

Speakers

Dwayne McDaniel

Security Developer Advocate, GitGuardian

Dwayne has been working as a Developer Advocate since 2016 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. He has been fortunate enough to speak at institutions like MIT and... Read More →

Wednesday June 14, 2023 11:30am - 12:20pm EDT
Ballroom A/B

Technical

12:20pm EDT

Lunch

All Box Lunches Include: Potato Salad (no onions), Fruit Cup, Lemon Bar, Mayo in all boxes, Condiments & Utensil Packet
CHOICE OF SANDWICH:

Market Chicken Salad with finely minced celery & green leaf lettuce on a butter croissant
Club Sandwich: Layered Edwards Country Baked Ham, Herbed Roasted Turkey Breast, Crispy Bacon, Cheddar, Green Leaf Lettuce, Roma Tomato on a Potato Roll w/ honey mustard

Vegetarian & Gluten Free Garden Wrap: Grilled Asparagus, Roasted Bell Pepper, Baby Spinach, Tomato, Red Onion and Garlic Hummus on a Gluten Free Tortilla Wrap with sauce on the side

Wednesday June 14, 2023 12:20pm - 1:00pm EDT
James River Foyer

Food

1:00pm EDT

Quantum Cybersecurity

The advent of quantum computers promises to have profound economic impact because they solve lucrative industry problems that are otherwise impossible. The dark side is the consequences to global cybersecurity and the encryption systems fundamental to almost every aspect of our digital lives, including the cyber tools needed to protect them. Although 1970s-era PKI infrastructure has served us well for decades, it provides no assurance against the threat of “harvest now, decrypt later”. The transition to post quantum cryptography standards must be accompanied by more advanced techniques to ensure durable privacy, which is now a national economic security imperative. Fortunately, new redundant hardware and software solutions eliminate the single point of attack and failure in our business critical systems.

Speakers

Denis Mandich

CTO, QRYPT

CTO and Co-founder of QryptFounding member of the Quantum Economic Development Consortium (QED-C)Founding member of the Mid-Atlantic Quantum Alliance (MQA)Industry Advisor to the NSF-funded Center for Quantum TechnologyAdvisor to the Quantum Startup FoundryANSI Accredited Standards... Read More →

Wednesday June 14, 2023 1:00pm - 1:50pm EDT
Ballroom A/B

101

1:00pm EDT

Cyber, the Commonwealth and You

Discussion on the importance of a whole of government approach to cyber.

Speakers

Aliscia Andrews

Deputy Secretary of Homeland Security, Office of Governor Youngkin

Aliscia Andrews started her Homeland Security career more than 15 years ago while serving as an Intelligence Analyst and Weapons and Tactics Instructor for the United States Marine Corps. After the Marine Corps, Mrs. Andrews completed her MBA and Cybersecurity Management Certificate... Read More →

Wednesday June 14, 2023 1:00pm - 1:50pm EDT
Ballroom C/D

Business

1:50pm EDT

Vendor Break

Go see our vendors in the Expo!

Menu:

Pretzels (regular) served w/ cheese dip & mustard (served warm) Vegetarian
Cinnamon Sugar Pretzels (served warm) Vegetarian

Wednesday June 14, 2023 1:50pm - 2:00pm EDT
Potomac

Vendor Break

2:00pm EDT

Hacking Your Job? Trying To Cheat At Life With ChatGPT

AI, it's all the buzz. We have seen marketing fraudsters at Black Hat called out. Heard sales people use every buzzword they can to try and close. So is it all smoke and mirrors? Or maybe there is pragmatic use for this upcoming technology. I have taken ChatGPT and treated it like an offensive security lab. I trialed many different approaches to using it. In this talk I will show where it can add value in a technical, business and sales role. I will also show how it can fail miserably, it's security concerns and how its influenced. Will this take your job or add to it? Find out in my talk.

Speakers

David Girvin

Senior solutions engineer, sumo logic

Hacker, BJJ enthusiast, world traveler and surfer. I am a giant weirdo who somehow found my niche in offensive security. I have been blessed getting to build AppSec programs for companies like 1Password and Red Canary. I have an extremely diverse background and hope I can relate and... Read More →

Wednesday June 14, 2023 2:00pm - 2:50pm EDT
Ballroom C/D

101

2:00pm EDT

Ransomware Rebranding ... So Hot Right Now!

Ransomware rebranding is becoming a common technique that ransomware groups are leveraging to obfuscate their operations and remain under the radar. From high-profile groups like Evil Corp to groups like AlphV and Blackbyte, the rebranding process has provided viable solution for extending operational capabilities after high profile attacks. This talk will examine rebranding trends since 2020 and provide a thorough review of the impacts ransomware rebranding has had on the operational capacity of multiple ransomware groups. Lastly, this talk will analyze methods that threat intelligence analysts can utilize to compare traits and behaviors between ransomware groups to determine if the group is a likely rebrand or a new group altogether.

Speakers

Drew Schmitt

GRIT Lead Analyst, GuidePoint Security

Drew Schmitt is the GuidePoint Research and Intelligence Team Lead Analyst and is responsible for coordinating threat research, malware analysis, and operationalized intelligence teams. Drew is especially fond of malware research and reverse engineering. When not neck deep in malware... Read More →

Wednesday June 14, 2023 2:00pm - 2:50pm EDT
Ballroom A/B

Technical

2:50pm EDT

Vendor Break & Room Change

Room change!

Go see our vendors in the Expo!

Menu:

Pretzels (regular) served w/ cheese dip & mustard (served warm) Vegetarian
Cinnamon Sugar Pretzels (served warm) Vegetarian

Wednesday June 14, 2023 2:50pm - 3:10pm EDT
Potomac

Vendor Break

3:10pm EDT

Insiders Packing Their Bags With Your Data

What if your organization could discover which of your employees are exfiltrating data prior to leaving? We analyzed the behavior of more than 3 million users, and will present the insights found for employees preparing to leave, the nature and quantity of the data they target, and the services they use.

Speakers

Colin Estep

Principal Researcher, Netskope

Colin Estep is currently a threat researcher at Netskope focused on developing user and entity behavior analytics for cloud environments. Colin was previously the CSO at Sift Security (acquired by Netskope), where he helped create a product to do breach detection for IaaS environments... Read More →

Wednesday June 14, 2023 3:10pm - 4:00pm EDT
Ballroom

Technical

4:00pm EDT

Closing Reception & Awards

The closing will take place right after the final talk. We will have a short break for attendees to get their beverages & Hors d'oeuvres, and then we will do Prizes and CTF awards.

Menu:

Nacho & Soft Taco Bar with Tortilla Chips & Flour Tortillas Vegetarian
Ground Beef
Spiced Chicken
Black Beans Vegetarian/Vegan/GF
Vegetarian Refried Beans Vegetarian/Vegan/GF
Guacamole Vegetarian/Vegan/GF
Salsa Vegetarian/Vegan/GF
Lettuce, Tomato, Cheese & Sour Cream Vegetarian/Vegan/GF
Fried Mexican Cheesecake Vegetarian
Beer, Wine and Nonalcoholic Beverages - including RVAsec Beer & Cider Option - a non-alcoholic tropical punch (self-service) and sodas

Speakers

Chris Sullo

Founder, RVAsec

Wednesday June 14, 2023 4:00pm - 5:30pm EDT
Ballroom

Social