RVAsec 2021: Full Schedule

8:00am EDT

Breakfast

Thursday November 4, 2021 8:00am - 9:00am EDT
James River Foyer

8:00am EDT

Registration

Registration starts on Thursday morning at 8 AM and will be on the 1st Floor, in a room called Magnolia.

We ask that you form a line with space between people. We will then call you into the room to register using our electronic contactless registration. Please have your EventBrite email and QR code available to speed up the process.

Once you register you will then proceed to receive a bag, T-shirt, and badge from the nearby tables. You will exit the room and then come back into the hotel lobby.

Please have patience with this process.

Thursday November 4, 2021 8:00am - 10:00am EDT
1st Floor, Magnolia Room

Informational

9:00am EDT

Welcome to RVAsec 2021

Speakers

Jake Kouns

CEO, Risk Based Security

Jake Kouns is the founder of RVAsec and the CEO and CISO for Risk Based Security, providing vulnerability intelligence and breach data. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSDVB.org) and DataLossDB. Kouns has presented at many well-known... Read More →

Thursday November 4, 2021 9:00am - 9:10am EDT
Ballroom

Informational

9:10am EDT

Keynote

Speakers

Chris Tignor

Global Chief Information Security Officer, PRA Group, Inc.

Chris Tignor is Global Chief Information Security Officer for PRA Group, Inc in Glen Allen, Virginia. He has extensive experience in cybersecurity and information technology risk management with international financial services and consultancy organizations. His recent activities... Read More →

Thursday November 4, 2021 9:10am - 10:10am EDT
Ballroom

Keynote

10:00am EDT

Registration

Thursday November 4, 2021 10:00am - 5:00pm EDT
Top of The Grand

Informational

10:10am EDT

Vendor Break

Thursday November 4, 2021 10:10am - 10:30am EDT
James River Foyer

Vendor Break

10:30am EDT

CTF Intro

Thursday November 4, 2021 10:30am - 10:40am EDT
Ballroom

Informational

10:40am EDT

Badge Intro

Thursday November 4, 2021 10:40am - 10:50am EDT
Ballroom

Informational

10:50am EDT

Vendor Break

Thursday November 4, 2021 10:50am - 11:00am EDT
James River Foyer

Vendor Break

11:00am EDT

Why I Love Purple Teams, Even Though They Don't Exist

The industry of Cybersecurity has grown over the years. As a group driven by innovation, we look to solve our own problems. We have mimicked the military by choosing to have blue and red teams but have also developed a new team, the Purple Team. If you asked a cybersecurity professional what a Purple Team is, they might respond with a simple "it's red and blue combined." This talk is questioning what a Purple Team is by breaking the problem down to a first principle. Once we have the first principle, we'll open it up to see if this is really a unique situation to our industry or was it solved already.

Speakers

Anthony Switzer

Ernst & Young

Anthony is just someone that has a passion for helping people and shares that passion through cybersecurity.

Thursday November 4, 2021 11:00am - 11:50am EDT
Ballroom

Business

11:50am EDT

Lunch

Thursday November 4, 2021 11:50am - 1:00pm EDT
James River Foyer

Food

1:00pm EDT

Zero Trust: The Good Parts

After working on implementing zero trust at a multi-thousand person workforce, and working on building the product that provided it, there are a lot of learnings to share. Join me while I talk about the how we went about implementing zero trust at Cloudflare, and building a product now used by many other companies to do the same.

Speakers

Evan Johnson

Security, Cloudflare

An engineer at heart, Evan works at Cloudflare with all of the software engineering teams on the systems and products they are building. the first security engineer hired at Cloudflare, and also worked at LastPass as a software engineer, and was the first security hire at Segment... Read More →

Thursday November 4, 2021 1:00pm - 1:50pm EDT
Ballroom

Technical

1:00pm EDT

CTF Prep

Thursday November 4, 2021 1:00pm - 4:00pm EDT

CFF

1:50pm EDT

Vendor Break

Thursday November 4, 2021 1:50pm - 2:00pm EDT
James River Foyer

Vendor Break

2:00pm EDT

What’s Next In The Fight Against Ransomware

With ransomware attacks simultaneously becoming more effective and at the same time more prevalent - a ransomware defense strategy is top of mind for prepared security leaders.

In this session we'll address:
- How to build an effective anti-ransomware security program
- Similarities and differences between ransomware attacks and other sophisticated operations
- The ranging impacts of a ransomware attack - both financial and other
- Implementations security teams can make today for better ransomware defense

Speakers

Maggie MacAlpine

Cybersecurity Strategist, Cybereason

Maggie MacAlpine is a cybersecurity strategist and one of the co-founders of the DEF CON Voting Village. Over the course of ten years spent in the field, MacAlpine has been a contributing researcher on the “Security Analysis of the Estonian Internet Voting System” in partnership... Read More →

Thursday November 4, 2021 2:00pm - 2:50pm EDT
Ballroom

Business

2:50pm EDT

Vendor Break

Thursday November 4, 2021 2:50pm - 3:00pm EDT
James River Foyer

Vendor Break

3:00pm EDT

Infrastructure as Code: Theory and Concepts

Information Systems Engineering & Operations Personnel can realize Scalability and Consistency by leveraging Infrastructure as Code. This presentation will dive into the Theory of Infrastructure as Code and the Concepts on effective use. A pathway to CI/CD, and eventually DevOps, will be shown.

Speakers

Jeff Tehovnik

Rackspace Government Solutions

Jeff has been working in IT since 1998 and graduated from Virginia Commonwealth University (BS-IS 2012, MS-CISS 2014) and the SANS Technology Institute (PGC Ethical Hacking & Penetration Testing). Jeff also enjoys research and educating on Technical Information Security Topics including... Read More →

Thursday November 4, 2021 3:00pm - 3:50pm EDT
Ballroom

Technical

3:50pm EDT

Vendor Break

Thursday November 4, 2021 3:50pm - 4:00pm EDT
James River Foyer

Vendor Break

4:00pm EDT

Introduction To Inner-Loop Security. Shifting Left, But Better

We can barely make it through an AppSec talk or article without hearing about the wonders of “shift left” and how it is the key to solving all of our security problems. Every intro to AppSec talk starts with the cost savings and return on investment associated with discovering security defects earlier in the SDLC and most of us have designed our AppSec program around these concepts. What would you say if I told you there was a better way and that we have been shifting left wrong? In this talk, we will introduce the concept of the inner and outer loop as the next evolution of shift left. Join us to explore a new model for shifting left using inner-loop concepts and learn how to better enable our developers to build products that are secure by design.

Speakers

Josh Wallace

Practice Lead of Strategic Application Security Services, GuidePoint Security

Josh is the practice lead of Strategic Application Security Services at GuidePoint Security. He has 18 years of real world experience in developing applications and helping organizations across all sectors integrate security into their SDLC. Josh has worked extensively with financial... Read More →

Thursday November 4, 2021 4:00pm - 4:50pm EDT
Ballroom

Technical

4:50pm EDT

Day 1 - Closing

Speakers

Jake Kouns

CEO, Risk Based Security

Thursday November 4, 2021 4:50pm - 5:00pm EDT
Ballroom

Informational

5:30pm EDT

After Party

Thursday November 4, 2021 5:30pm - 9:00pm EDT
TBA

Social

8:00am EDT

Breakfast

Friday November 5, 2021 8:00am - 8:50am EDT
James River Foyer

Food

8:00am EDT

Registration

Friday November 5, 2021 8:00am - 5:00pm EDT
Top of The Grand

Informational

8:50am EDT

Welcome Day 2

Speakers

Jake Kouns

CEO, Risk Based Security

Friday November 5, 2021 8:50am - 9:00am EDT
Ballroom

Informational

9:00am EDT

Raising the Average - Finding and Managing Mentors

According to Jim Rohn: “You’re the average of the five people you spend the most time with.” Meaning, the people you spend the most time with are the same ones that shape you into you. You are their average. This same relationship applies when you’re referring to mentors.

As the world continues to go more virtual, the nature of relationships has changed. While mentorship is essential to professional development, the times dictate you need to adjust your communication style to maintain these relationships.

Speakers

Thor Draper Jr

Azure Networking Engineer, Microsoft

As an Azure Networking Engineer, Thor Draper Jr works on the rapid response team that assists clients with immediate remediation of Infrastructure as a Service issues. Thor is also a cyber security instructor with Trilogy Education Services and has taught at cohorts held at universities... Read More →

Friday November 5, 2021 9:00am - 9:50am EDT
Ballroom

Business

9:50am EDT

Vendor Break

Friday November 5, 2021 9:50am - 10:00am EDT
James River Foyer

Vendor Break

10:00am EDT

Why Should I Care? Cybersecurity Maturity Model Certification (CMMC): DoD / Non-DoD

Whether part of the DoD Supply Chain, or not, the Cyber Maturity Model Certification, largely built upon NIST 800-171, provides a great framework for understanding your information security risk and intelligently putting solid NIST controls around them. CMMC compliance is a time based mandate for Tier 1 and Tier 2 suppliers in the DoD Supply Chain. There are plans to push it out farther, and even into all DoD procurement contracts. Could it have broader application? Possibly extending across government and into Industry to create one common language for security? If none of these, then it still makes a dog gone good framework for a company to build out the management of cyber risk with an eye on continuous improvement. Come learn more about CMMC.

Speakers

Steve Holliday

Director, CIO Advisory Services, Cherry Bekaert Digital

As a Director with Cherry Bekaert Digital, Steve Holliday assists clients with improvement, helping organizations to use resources more effectively and efficiently, and to enable growth, by understanding the current state, identifying performance gaps and developing and executing... Read More →

Friday November 5, 2021 10:00am - 10:50am EDT
Ballroom

Business

10:00am EDT

CTF Competition

Friday November 5, 2021 10:00am - 3:00pm EDT

CFF

10:50am EDT

Vendor Break

Friday November 5, 2021 10:50am - 11:00am EDT
James River Foyer

Vendor Break

11:00am EDT

Network Assessments: Cybersecurity, Quackery and Fraud

Network assessments are valuable tools to provide insight into infrastructure. It is no surprise they are used to close 7 out of 10 new business opportunities for managed service providers. Their benefit to business is often an illusion. This talk covers the basics of assessments, how they are misused, and what companies of all sizes should be doing instead.

Speakers

Karl Jankowski

Bento Holdings, Inc.

Karl is a business technologist through experience and a private pilot by fascination. While spending most work days in "the Cloud", weekends are often spent flying below the cloud deck.

Friday November 5, 2021 11:00am - 11:50am EDT
Ballroom

Business

11:50am EDT

Lunch

Friday November 5, 2021 11:50am - 1:00pm EDT
James River Foyer

Food

1:00pm EDT

Bake Security Into Your Infrastructure-as-Code

Baking takes time, dedication, and effort throughout the entire process. If you leave an ingredient or step out, you risk ruining the entire cake. Infrastructure-as-Code (IaC) is surprisingly similar. When you leave security out of your IaC process, you risk ruining what you worked so hard to create. In this talk we'll dive into some best practice options for securing your IaC and explain the risks when you don't.

Speakers

Caleb Mattingly

CEO, Secure Cloud Innovations

Caleb Mattingly is the CEO and founder of Secure Cloud Innovations, a cybersecurity consulting firm. Prior to starting SCI, Caleb worked in defense contracting supporting the Army, Navy, Air Force, and DISA. Caleb's highest level of education is a MS in Cybersecurity from Liberty... Read More →

Friday November 5, 2021 1:00pm - 1:50pm EDT
Ballroom

Technical

1:50pm EDT

Vendor Break

Friday November 5, 2021 1:50pm - 2:00pm EDT
James River Foyer

Vendor Break

2:00pm EDT

5.4 Million Vulnerabilities and Counting...

More and more, Vulnerability Management is becoming a central function in an organization’s defensive posture. Along with that realization, companies are discovering that there is no central framework for implementing a Vulnerability Management program.

Facing millions of vulnerabilities, we implemented a prototype vulnerability management framework that can be applied to any organization, regardless of size. This presentation will take attendees through the six core Vulnerability Management domains, with tips on how this framework can be applied to other organizations.

Speakers

John Behen

Vulnerability Management Lead, Newport News Shipbuilding

John Behen is the Vulnerability Management Lead for Newport News Shipbuilding, in Newport News, VA. He has been an IT professional for 25 years at a diverse range of companies including Newport News Shipbuilding, The Martin Agency and Procter & Gamble.Outside of Information Security... Read More →

RVASec Presentation pptx

Friday November 5, 2021 2:00pm - 2:50pm EDT
Ballroom

Business

2:50pm EDT

Vendor Break

Friday November 5, 2021 2:50pm - 3:00pm EDT
James River Foyer

Vendor Break

3:00pm EDT

Three Worlds of Application / Cloud Security

Application / Cloud security goes hand in hand in our ever-changing IT environments. With the cloud actually “being” an application, we need to look at three areas of Application Security that encompass what goes into the cloud, the cloud itself, and how to secure its communications and workloads.

This discussion will start to the extreme “far left” in the security lifecycle, all the way to the developer’s keyboards. Then we will explore the DevSecOps security process, based on the “Defense in Depth” theory of security. Then finally we will address the workloads in the cloud, with some of the public cloud’s native functionality to protect itself, and how we can use additional toolsets to enhance them.

Companies need to identify not only the tools, but when to use them, and how to automate them.

Speakers

Richard Thayer

ePlus Technologies, Inc.

Richard Thayer has been in IT for over 35 years. From his early beginnings of working on IBM's 8086XT system(s), to designing robust security architectures for Fortune 50 companies; Mr. Thayer has consulted for vertical markets within Finance, Energy, Manufacturing, Retail, Insurance... Read More →

Friday November 5, 2021 3:00pm - 3:50pm EDT
Ballroom

Technical

3:50pm EDT

Closing Reception

Prizes, CTF awards, beverages & Hors d'oeuvres

Speakers

Chris Sullo

Founder, RVAsec

Chris is the founder of RVAsec and Head of Innovation at Project Discovery, Inc. Chris has been in the security industry for 27 years, working in various research and security roles with Focal Point, HP (SPI Dynamics) and Capital One. He is the author of the “Nikto” web server... Read More →

Friday November 5, 2021 3:50pm - 5:30pm EDT
Ballroom

Social