Loading…
RVAsec 2017 has ended
Simple
Expanded
Grid
By Room
Thursday, June 8
 

8:00am EDT

Breakfast
Breakfast will be provided in the vendor room.
Thursday June 8, 2017 8:00am - 9:00am EDT
Virginia A-D
  Food/Drink

8:00am EDT

Registration
Regisitration is outside the ballroom.  If you arrive early, please be advised it will open on day 1 right at 8am.
Thursday June 8, 2017 8:00am - 6:00pm EDT
Outside Ballroom
  Registration

9:00am EDT

Welcome to RVAsec!
Welcome to RVAsec!
Speakers
avatar for Jake Kouns

Jake Kouns

Founder, RVAsec
Jake is the founder of RVAsec and was previously the CEO for Risk Based Security that provides vulnerabilities and data breach intelligence. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Kouns has presented at many well-known... Read More →

Thursday June 8, 2017 9:00am - 9:10am EDT
Ballroom
  Information

9:10am EDT

Keynote - Mikko Hyponnen
Speakers
avatar for Mikko Hypponen

Mikko Hypponen

Researcher, F-Secure

Thursday June 8, 2017 9:10am - 10:10am EDT
Ballroom
  Keynote

10:10am EDT

Vendor Break
Thursday June 8, 2017 10:10am - 10:30am EDT
Virginia A-D
  Food/Drink

10:30am EDT

CTF Intro
Speakers
avatar for Mike Bailey
avatar for Nicholas Popovich

Nicholas Popovich

Wrangler, BeepBoop
Nick Popovich's passion is learning and exploring technology ecosystems, and trying to find ways to utilize systems in unexpected ways. He works as a Red Team operator, trying to raise the overall security posture of organizations through adversarial simulation. Nick's mission is... Read More →

Thursday June 8, 2017 10:30am - 10:40am EDT
Ballroom
  CTF

10:40am EDT

Badge Intro
Speakers
avatar for Paul Bruggeman

Paul Bruggeman

Systems Engineer, Self
EMbeded software developer- C, assembler (mips)AWS AdminRH/Centos AdminSQL developer, dbadmin (MySQL)PHP, bash/tcsh
avatar for Morgan Stuart

Thursday June 8, 2017 10:40am - 11:50am EDT
Ballroom
  Badges

10:50am EDT

Vendor Break
Thursday June 8, 2017 10:50am - 11:00am EDT
Virginia A-D
  Food/Drink

11:00am EDT

Can Game Theory Save Us from Cyber Armageddon?
What can the movies "War Games" and Doctor Strangelove" teach us about avoiding a cyber Armageddon? The Mutual Assured Destruction (MAD) doctrine, first introduced in the 1960s, is largely attributed with preventing any full-scale conflicts between the United States and the Soviet Union. MAD was part of U.S. strategic doctrine which believed that nuclear war could best be prevented if neither side could defend itself against the other's missiles. Although not talked about very much today, the ghost of MAD and the lessons it teaches remain even if people would rather not think about it. Join this interactive session as we explore the parallels and learn the lessons of the MAD doctrine as it applies to cyber warfare today. It’s the same thing that the computer Joshua learned, the only way to win in cyber warfare is not to play.
Speakers
avatar for Barry Kouns

Barry Kouns

Principal, SQM Advisors
Barry Kouns is Managing Director and principal consultant for Information Security Program services at SQM Advisors LLC, an information security, quality and management consultancy. Barry's experience includes information security consulting, risk assessment and quality management... Read More →

Thursday June 8, 2017 11:00am - 11:50am EDT
Ballroom
  Business

11:00am EDT

Maintainability + Security =
The security and devops culture craze is all around us, even with all this talk though there are differences between security features and the maintainability of a system. This talk will focus on some real world examples of what can go wrong when a system isn't built with maintainability in mind in a security minded culture. We will cover the political positioning battles that emerge, how security leaders can manage risk in these situations, and of course the technical challenges that creep into the picture over time.
Speakers
avatar for Robert Wood

Robert Wood

Chief Security Officer, Simon Data
Robert Wood is a security technologist, strategic advisor, and speaker. He currently leads the security efforts at Simon Data where he is responsible for security, privacy, compliance, and overall risk management. After working as a consultant for many years, Robert made the switch... Read More →

Thursday June 8, 2017 11:00am - 11:50am EDT
Richmond Salons
  Technical

11:50am EDT

Lunch
Thursday June 8, 2017 11:50am - 1:00pm EDT
Virginia A-D
  Food/Drink

1:00pm EDT

Defend the Defenders: Managing and Participating in Excellent Teams
Response teams apply threat models to protect an organization's goals and to determine which controls are important to defend organizational interests. But defensive teams themselves are under threat: working in emergency response takes its toll on individuals. Budgets, over-commitment, urgency, and crisis all put a great deal of pressure on incident responders. This presentation will examine "threats against the goals of the SIRT itself" for managers and "blue team" practitioners: how to build, manage, and participate a defensive / incident response team under fire. Attendees will learn a practical approach for identifying and defending against the key threats against their team goals. The speaker will share examples from his own past threat modeling, such as: how to find, hire, and retain good candidates; how to maintain morale when under crisis; how to improve a struggling team; how to (re)organize to meet imminent challenges to long-term success; and more.
Speakers
avatar for Seth Hanford

Seth Hanford

Proofpoint
As a Staff Information Security Engineer, Seth Hanford applies his experience to incident response, PSIRT, and security operations functions for both enterprise and customer security. Hanford has been an individual contributor for PSIRTs, CSIRTs, and intelligence teams in small businesses... Read More →

Thursday June 8, 2017 1:00pm - 1:50pm EDT
Ballroom
  Business

1:00pm EDT

Best Practices for Securing the Hybrid Cloud
Cloud has enabled applications and infrastructure to move at a pace not seen before. Organizations are faces with options to invest in and enhance their physical data centers to deploy SDN and build private clouds. Alternatively, many companies are choosing to migrate these applications in to the Cloud. Public Cloud options for Infrastructure as a Service and or Platform as service exist, but there exists a shared responsibility for security in either of those scenarios. Come learn strategies, design templates and best practices on how to secure applications through automation & orchestrations, making security as a integral part of the cloud and SDN deployments.
Speakers
avatar for Greg Pepper

Greg Pepper

Head of Data Center & Cloud Architects, Check Point Software Technology
Greg Pepper has been an IT professional for 15+ years with expertise in Security, Networking & Cloud Computing. Initially working for Sony Online Entertainment, PriceWaterhouse Coopers & Organic, Greg has spent the last 15 years working for Cisco & Check Point helping customers to... Read More →

Thursday June 8, 2017 1:00pm - 1:50pm EDT
Richmond Salons
  Technical

1:00pm EDT

CTF Prep
Speakers
avatar for Mike Bailey
avatar for Nicholas Popovich

Nicholas Popovich

Wrangler, BeepBoop
Nick Popovich's passion is learning and exploring technology ecosystems, and trying to find ways to utilize systems in unexpected ways. He works as a Red Team operator, trying to raise the overall security posture of organizations through adversarial simulation. Nick's mission is... Read More →

Thursday June 8, 2017 1:00pm - 4:00pm EDT
James River Terrance
  CTF

1:50pm EDT

Vendor Break
Thursday June 8, 2017 1:50pm - 2:00pm EDT
Virginia A-D
  Food/Drink

2:00pm EDT

Adventures in (Dynamic) Network Segmentation or And That's How I Got This Scar
Network segmentation is a great way to build a foundation for a thorough approach to defense in depth as part of your security program. The benefits can be great, but the path is not without some risk of its own. This talk with review some of the challenges and successful strategies to create a solid and sustainable practice on getting your arms around what is out there and on your network. The presenters, fresh from a large scale project to do this at a health system, will cover tips, tricks, pitfalls and the like to let you approach this very useful tool with your eyes wide open.
Speakers
avatar for Rick Lull

Rick Lull

Sr Security Solution Architect, InterVision Systems
Lifelong geek turned security consultant after stops as a desktop tech, server bubba, and network jockey. Rick is a healthcare IT survivor, and is now playing Horatio on the bridge for hire with a national technology consulting company, advising clients on security strategy and operations... Read More →
avatar for Shannon Yeaker

Shannon Yeaker

Lead Consultant, ISRM, Impact Makers
Shannon Yeaker, PMP, CISA, CAHIMS is a Lead Consultant with Impact Makers in the Governance, Risk and Compliance (GRC) Practice. She is a dynamic IT professional with extensive experience in Information Security, control design, risk management, project and process management at a... Read More →

Thursday June 8, 2017 2:00pm - 2:50pm EDT
Ballroom
  Business

2:00pm EDT

Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niques') -Join '')
PowerShell is increasingly being used by advanced attackers and script kiddies alike in targeted attacks, commodity malware, and even ransomware. The most common usage involves PowerShell remotely downloading and running payloads entirely in memory, rendering many traditional detection mechanisms useless.

Detection has increasingly shifted to monitoring for this malicious activity via process command line arguments and parent-child process relationships. While this is a significant improvement there are numerous evasion techniques of which the Red Team and Blue Team should be aware.

For the past 1.5 years I have researched PowerShell obfuscation, evasion and advanced detection techniques. Picking up from where I left off in my recent presentations on Invoke-Obfuscation, in this presentation I will highlight my new tool Invoke-CradleCrafter. Additionally, I will introduce a new family of PowerShell obfuscation techniques and show how they can be applied to several new and obscure families of remote download cradles.
Speakers
avatar for Daniel Bohannon

Daniel Bohannon

Senior Incident Response Consultant, MANDIANT, A FireEye Company
Daniel Bohannon is a Senior Incident Response Consultant at MANDIANT with over six years of operations and information security experience. His particular areas of expertise include enterprise-wide incident response investigations, host-based security monitoring, data aggregation... Read More →

Thursday June 8, 2017 2:00pm - 2:50pm EDT
Richmond Salons
  Technical

2:50pm EDT

Vendor Break
Thursday June 8, 2017 2:50pm - 3:00pm EDT
Virginia A-D
  Food/Drink

3:00pm EDT

Managing Crowdsourced Security Testing
The crowdsourced security model has been embraced by organizations running public bug bounty programs. These programs are intended to discover and resolve vulns in production applications, but they can unexpectedly deviate from being an effective part of the security development lifecycle into a source of noise. This presentation questions what role such programs have in improving security and what pitfalls they pose for security budgets. It covers strategies for keeping a bounty program focused on positive contributions to development and avoiding the traps that make it a distraction.
Speakers
avatar for Mike Shema

Managing Crowdsourced Security Preview pdf
Thursday June 8, 2017 3:00pm - 3:50pm EDT
Ballroom
  Business

3:00pm EDT

AWS Survival Guide 2.0
In this talk, we discuss harnessing existing AWS functionality to strengthen your organization's AWS infrastructure against practical attacks. Ken will show you what attackers are looking for, how they are finding you, and how to secure your environment. Additionally, attendees will be given code that assists those using AWS in better understanding how their environment's IAM policies are configured and automate tasks like S3 bucket policy review, volume encryption statuses, and security group configurations.
Speakers
avatar for Ken Johnson

Ken Johnson

CTO, nVisium
Ken Johnson, CTO of nVisium, has been hacking web applications professionally for 8 years. Ken is both a breaker and builder and currently leads the nVisium product team. Previously, Ken has spoken at DerbyCon, AppSec USA, RSA, AppSec DC, AppSec California, DevOpsDays DC, LASCON... Read More →

Thursday June 8, 2017 3:00pm - 3:50pm EDT
Richmond Salons
  Technical

3:50pm EDT

Vendor Break
Thursday June 8, 2017 3:50pm - 4:00pm EDT
Virginia A-D
  Food/Drink

4:00pm EDT

Think of the Children: Preparing the Next Generation of Security Specialists
Undoubtedly, cybersecurity is one of the hottest topics in today’s industry. For example, a Cisco report from a few years ago estimates there to be over 1 million unfilled cybersecurity positions worldwide. But how are we preparing people to fill this critical job gap? What kinds of skills should be taught and do current programs do a good job of preparing students? How do you teach “the security mindset”?

This talk will discuss a few issues (and solutions!) as seen by high school students who are interested in the cybersecurity field. How can industry professionals and organizations help train the people capable of securing their businesses? Join this session to learn some of the ways you or your company could get involved.
Speakers
avatar for Roman Bohuk

Roman Bohuk

Co-founder, MetaCTF
Roman Bohuk is a second year CS student and a Rodman Scholar at the University of Virginia. He is a co-founder of MetaCTF, an organization that has been hosting competitions and trainings for universities, companies, and security conferences for over 5 years. Roman was the Linux captain... Read More →
avatar for Jake Smith

Jake Smith

Student, University of Virginia
Jake Smith graduated from Deep Run High School in 2017 as part of the Center for Information Technology (CIT) program and is now a first-year at the University of Virginia, School of Engineering and Applied Science. Over the last five years through competing in competitions such as... Read More →

Thursday June 8, 2017 4:00pm - 4:50pm EDT
Ballroom
  Business

4:00pm EDT

TIP of the Spear: A Threat Intelligence Platform Acquisition
Military organizations have long known of the value of intelligence, but commercial entities only realized its importance in the last five years. Cyber Threat Intelligence (CTI) recently became a priority for the average commercial company who now requires a threat intelligence analysis capability. Are you a security-geek like Jason Wonn who was recently hired to provide that world-class CTI program for your company with very little time and an even smaller budget? …Good luck with that! Jason can’t present that solution in an hour, but he will guide you through the process to evaluate a Threat Intelligence Platform (TIP) and discuss how he made the metrics meaningful to the executives. In this talk, discover the benefits of employing a TIP and the technical evaluation of a TIP through requirements development to ensure it is measurable and meaningful to your leadership.
Speakers
avatar for Jason Wonn

Jason Wonn

Cyber Action Officer, Navy Federal Credit Union
Jason Wonn is a results-focused information security leader with 30+ years of combined national intelligence, information assurance, and cyber threat intelligence expertise throughout the civilian and military sectors.  Jason is a “Richmonder” but works for Navy Federal Credit... Read More →

Thursday June 8, 2017 4:00pm - 4:50pm EDT
Richmond Salons
  Technical

4:50pm EDT

Vendor Break
Thursday June 8, 2017 4:50pm - 5:00pm EDT
Virginia A-D
  Food/Drink

5:00pm EDT

Zero Trust “Lite” Architecture to Securely Future-Proof Your Network
The traditional 3-tier data center architecture model continues to challenge security professionals who are tasked with embracing a highly mobile workforce. I and many others were taught years ago that we must design an onion like perimeter that has a trusted user base and critical data living inside a well-protected perimeter. Forrester turned this model on its head when they coined the term “Zero Trust” in a report published in 2010. I prefer not to speak in absolutes, so I’ll proposed an alternate, more flexible approach to implementing the Zero Trust methodology. Instead of eating the elephant, I’ll show how implementing bite sized portions of the Zero Trust model will help future proof your organization against challenges such as BYOD, SaaS offerings, Cloud hosted resources, mobile workers, and the ever increasing compliance requirements on segmentation.
Speakers
avatar for Jeremy Dorrough

Jeremy Dorrough

Solutions Advisor, Optiv
Jeremy has built his career around protecting assets in the most critical IT sectors. He started his career working in a Network Operations Security Center for the US Army. He then went on to work as a Network Security Engineer defending Dominion’s North Anna Nuclear Power Station... Read More →

Thursday June 8, 2017 5:00pm - 5:50pm EDT
Ballroom
  Business

5:50pm EDT

Day 1 Closing
Speakers
avatar for Chris Sullo

Chris Sullo

Founder, RVAsec
Chris is the founder of RVAsec and Head of Innovation at Project Discovery, Inc. Chris has been in the security industry for 27 years, working in various research and security roles with Focal Point, HP (SPI Dynamics) and Capital One. He is the author of the “Nikto” web server... Read More →

Thursday June 8, 2017 5:50pm - 6:00pm EDT
Ballroom
  Information

6:30pm EDT

RVAsec After Party at Kabana

The RVAsec 6 after party sponsored by RVAsec, Anomali and GuidePoint Security, will be at the amazing Kabana Rooftop Bar on Thursday, June 8th, after the conference! Kabana Rooftop is located on the 20th floor at 700 East Main Street.

This is an exclusive event with limited availability, so you must be registered to attend and bring your RVAsec badge or you will not be allowed entrance–no exceptions!

Kabana Rooftop Bar 700 E Main St 20th Floor Richmond, VA 23219

Registration (if open): https://www.eventbrite.com/e/rvasec-6-after-party-tickets-34875794440 


 

 

Thursday June 8, 2017 6:30pm - 8:30pm EDT
Kabana Rooftop Bar 700 East Main Street 20th Floor Richmond, Virginia
  After Party
 
Friday, June 9
 

8:00am EDT

Breakfast
Friday June 9, 2017 8:00am - 8:50am EDT
Virginia A-D
  Food/Drink

8:00am EDT

Registration
Friday June 9, 2017 8:00am - 8:50am EDT
Outside Ballroom
  Registration

8:50am EDT

Welcome to Day 2 of RVAsec!
Speakers
avatar for Jake Kouns

Jake Kouns

Founder, RVAsec
Jake is the founder of RVAsec and was previously the CEO for Risk Based Security that provides vulnerabilities and data breach intelligence. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Kouns has presented at many well-known... Read More →

Friday June 9, 2017 8:50am - 9:00am EDT
Ballroom
  Information

9:00am EDT

Keynote - Ron Gula
Speakers
avatar for Ron Gula

Ron Gula

CEO, Gula Tech
Ron is President at Gula Tech Adventures which focuses on next generation cyber technology, strategy and policy. Ron started his cybersecurity career as a network penetration tester for the NSA. At BBN, he developed network honeypots to lure hackers and he ran US Internetworking's... Read More →

Friday June 9, 2017 9:00am - 10:00am EDT
Ballroom
  Keynote

10:00am EDT

Vendor Break
Friday June 9, 2017 10:00am - 10:10am EDT
Virginia A-D
  Food/Drink

10:10am EDT

OSINT: The Secret Weapon in Hunting Nation-State Campaigns
Discussing real use cases of state actors engaged in APT campaigns, explore what can be done with the available intelligence tools we have today, specifically from the Dark Web.
Speakers
avatar for Alon Arvatz

Alon Arvatz

Co-founder & CPO, IntSights
Alon Arvatz VP of Intelligence & Product served in an elite intelligence unit in the Israel Defense Forces. While serving for 3 years in the most innovative and operational setting, Alon led and coordinated large operations in the cyber intelligence world. Alon established Cyber School... Read More →

Friday June 9, 2017 10:10am - 11:00am EDT
Ballroom
  Business

10:10am EDT

Recent Developments in Linkography Based Cyber Security
Cyber attacks on critical cyber systems are not decreasing in frequency or complexity. Aggressors choose the time and place of these engagements; protectors must identify, research and develop defensive techniques that provide an asymmetric advantage. A static, data-driven, preventative, automated defense is a losing strategy; an effective defense must be dynamic, behavioral, responsive and capitalize on a human in the loop. We propose human and machine performed linkography to detect, correlate, attribute and predict attacker behavior and present a moving, deceptive target. Recently, our team generated a technology transfer strategy for linkography based cyber security, proposed algorithms to extract and refine linkograph ontologies and subsessionize our input stream and completed our previous related machine learning work. Linkography has been in the literature for decades, and our investigation indicates it is an open, fertile topic for basic and applied cyber security research.
Speakers
avatar for Robert Mitchell

Robert Mitchell

Member of Technical Staff, Sandia National Laboratories
Robert Mitchell is currently a member of technical staff at Sandia National Laboratories. He received his Ph.D, M.S. and B.S. from Virginia Tech. Robert served as a military officer for six years and has over 10 years of industry experience, having worked previously at Boeing, BAE... Read More →

Friday June 9, 2017 10:10am - 11:00am EDT
Richmond Salons
  Technical

10:10am EDT

CTF
Speakers
avatar for Mike Bailey
avatar for Nicholas Popovich

Nicholas Popovich

Wrangler, BeepBoop
Nick Popovich's passion is learning and exploring technology ecosystems, and trying to find ways to utilize systems in unexpected ways. He works as a Red Team operator, trying to raise the overall security posture of organizations through adversarial simulation. Nick's mission is... Read More →

Friday June 9, 2017 10:10am - 3:00pm EDT
James River Terrance
  CTF

11:00am EDT

Vendor Break
Friday June 9, 2017 11:00am - 11:10am EDT
Virginia A-D
  Food/Drink

11:10am EDT

DevOpSec - Killing the Buzz
The DevOps movement continues to grow, and it is beginning to move out of small startups into large enterprises. DevOps and Agile development bring a lot to the table, but are often viewed as coming at the expense of security. This presentation explores ways to integrate security into DevOps environments: identifying the benefits of doing so, outlining potential problems, and attempting to provide solutions to them. Ultimately, the talk hopes to provide practical guidance and tools that can be used as a base to improve security throughout the stack.
Speakers
avatar for Jason Ross

Jason Ross

Security Engineer, Salesforce
Jason Ross is a passionate cybersecurity expert with a diverse skill set, currently focused on building tools and processes to test the security of generative AI models & applications that use them. Jason's past work experiences include penetration testing, cloud security, and OSINT.Jason... Read More →

Friday June 9, 2017 11:10am - 12:00pm EDT
Ballroom
  Business

11:10am EDT

Retailing Another Threat Landscape Story
Over the last several years, retail breaches have become some of the highest profile stories, but just like any other vertical target, the day-to-day offense and defense continues to evolve. The ebbs and flows of attackers and defenders don't always make the news, which is a good thing, but what does the daily routine look like on the retail front? And, why should you care? You should care because at some level or another, we are the potential defenders, or consumers of these organizations, and retail has now become part of the modern attacker infrastructure. 
Speakers
avatar for Dan Holden

Dan Holden

CTO & Intelligence Director, R-CISC
Dan Holden is the CTO and Intelligence Director at R-CISC, the retail ISAC, where he focuses on new technology and service development as well as threat intelligence production and exchange. Previously he was the Chief Technology Strategist and Director of ASERT, Arbor's Security... Read More →

Friday June 9, 2017 11:10am - 12:00pm EDT
Richmond Salons
  Technical

12:00pm EDT

Lunch
Friday June 9, 2017 12:00pm - 1:00pm EDT
Virginia A-D
  Food/Drink

1:00pm EDT

Terry McAuliffe, Governor of Virginia - Remarks
Speakers
avatar for Governor McAuliffe

Governor McAuliffe

Terry McAuliffe is the 72nd Governor of Virginia. Since being sworn-into office, Governor McAuliffe has aggressively focused on building a new Virginia Governor Elect Terry McAuliffeeconomy.Whether traveling to Bedford or Beijing, Governor McAuliffe has made it clear that his number... Read More →

Friday June 9, 2017 1:00pm - 1:50pm EDT
Ballroom
  Information

1:50pm EDT

Vendor Break
Friday June 9, 2017 1:50pm - 2:00pm EDT
Virginia A-D
  Food/Drink

2:00pm EDT

Building A Pentest Program On A Shoestring Budget
You don’t have $85,000 laying around to bring in an external pentest vendor. Even if you did, you’re afraid your program is so full of holes you will be overwhelmed by the findings. Even worse, if they do a bad job and fail to get in, it will reinforce the organization’s false sense of security. What are your options; do nothing, continue worrying about the specter looming in the darkness? No, you pull together a rag tag group of spunky upstarts and get the job done yourself. No budget, no problem. In this talk, we’ll cover options that can fit into your standard operations, without having to beg for budget. Even if you are privileged with a strong budget, scheduled external pentests, and ongoing security operations, you can pick up some tips on how to integrate self-tests to validate the controls you implemented in your remediation process. 
Speakers
avatar for Grayson Walters

Grayson Walters

Information Security Officer, Virginia Department of Taxation
Grayson Walters has over 20 years of Information Technology and Information Security experience. Currently, he serves as the Information Security Officer for the Virginia Department of Taxation. Previously, Grayson served as the Information Security Officer for the Virginia State... Read More →

Friday June 9, 2017 2:00pm - 2:50pm EDT
Ballroom
  Business

2:00pm EDT

RoboCop- Bringing law and order to CICD
In the movie, RoboCop is given three primary directives: "Serve the public trust, Protect the innocent, and Uphold the law". We built our own RoboCop in order to bring law and order to our CICD pipeline. DevOps practices are all about enabling fast and frequent delivery of new software. In order to keep pace in a DevOps culture, application security must be reliably integrated into the CICD pipeline.

In this talk, I will show how our small AppSec team combined automated tools along with human oversight in order to achieve our directives at scale, while winning the hearts and minds of our development teams.
Speakers
avatar for Troy Marshall

Troy Marshall

Director, Application Security and Reliability, Ellucian
How do you answer when someone asks what you do for a living? Troy Marshall’s answer—“I don't make software, I make software better”—explains his career helping organizations build and scale programs to improve the quality, security, and performance of their software and... Read More →

Friday June 9, 2017 2:00pm - 2:50pm EDT
Richmond Salons
  Technical

2:50pm EDT

Vendor Break
Friday June 9, 2017 2:50pm - 3:00pm EDT
Virginia A-D
  Food/Drink

3:00pm EDT

Poor Man’s Spy vs. Spy - Analysis of Red Team Attack Techniques by Blue Team Forensicators
How advanced are the cyber attack techniques that are all over the news these days? Could you detect a determined attacker that gains a foothold in your network with open source host and network based monitoring tools? This talk will walk through an attack modeled after real world attacker techniques and show how you can detect and respond using custom and open source resources.
Speakers
avatar for Derek Banks

Derek Banks

Security Analyst, Black Hills Information Security
Derek is a Senior Security Analyst at Black Hills Information Security and has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the... Read More →
avatar for Troy Wojewoda

Troy Wojewoda

Troy Wojewoda has been in the information security industry for over 10 years working in a wide array of roles such as application and system administration, network intrusion detection, wireless security, host and network digital forensics and incident response. Today, he leads... Read More →

Friday June 9, 2017 3:00pm - 4:00pm EDT
Ballroom
  Technical

4:00pm EDT

Closing Reception - Prizes, CTF awards, beverages & Hors d'oeuvres
Speakers
avatar for Chris Sullo

Chris Sullo

Founder, RVAsec
Chris is the founder of RVAsec and Head of Innovation at Project Discovery, Inc. Chris has been in the security industry for 27 years, working in various research and security roles with Focal Point, HP (SPI Dynamics) and Capital One. He is the author of the “Nikto” web server... Read More →

Friday June 9, 2017 4:00pm - 5:00pm EDT
Ballroom
  Reception
 
Filter sessions
Apply filters to sessions.
Thursday, June 8
Friday, June 9
Ballroom
James River Terrance
Kabana Rooftop Bar
Outside Ballroom
Richmond Salons
Virginia A-D
  • After Party
  • Badges
  • Business
  • CTF
  • Food/Drink
  • Information
  • Keynote
  • Reception
  • Registration
  • Technical
  • Popular