RVAsec 13

The Secure Legends GameDay experience provides an interactive learning exercise for security professionals to develop practical skills for protecting cloud environments. We will explore real-world security scenarios that might include compromised credentials, data leaks, instance breaches, infrastructure attacks, and vulnerable CI/CD pipelines.

During this session, we’ll solve one of the challenges together in realtime and I’ll explain the mitigation tactics as you work in your own environments. No cloud environments needed, no cloud bill to pay at the end, and no sign up necessary! You’ll get temporary access to a real environment where you can actually build.

As an added bonus, you’ll also get to walk away with limited-time access to that cloud account and to additional challenges you can solve after the session!  

Physical security is crucial to any organization; however, physical security sometimes takes a back seat. Many companies still maintain a physical office presence, and protecting employees working from the office, along with other critical assets is vitally important as protecting networks. An attacker gaining access into a building through social engineering or other means of physical entry could jeopardize those critical assets and employee’s safety. Attackers may access unattended workstations, open file cabinets, server rooms, or other information inside the organization. Skilled attackers may only need a few moments to slip into a building and plant a remote access device on the network without anyone noticing they were in the building.

Application Security is the most oft-ignored, yet critically vulnerable attack vector in many businesses today.  Development teams are encouraged to create new features first and foremost, at the expense of fixing vulnerabilities.  It’s not until a breach or an audit finding when they pay attention to patching security holes.  

So how does a thoughtful CISO get in front of this?

Application security has to exist across the application lifecycle. DevSecOps is the philosophy of imbuing proper security controls at every stage of the Software Development Lifecycle (SDLC).  This session will introduce you to core DevSecOps concepts so you can bring them back to your company and make some proactive changes to “drive defects left” and reduce the risk of a catastrophic security breach in your applications

Impostor syndrome is a psychological phenomenon that makes you feel like a fraud, despite your achievements and qualifications. It can affect your confidence, performance, and well-being. In this talk, We will discuss Impostor Syndrome and I will share my Infosec journey and how I’ve worked on minimizing the effects of Impostor Syndrome over the course of my career. I will go into detail about the concept of the Hacker Grimoire and how it and a focus on documentation in general helped me to challenge my Impostor Syndrome. Additionally, We’ll take a peek into my Hacker Grimoire and also give you tips on how to get started with your own.

This workshop that introduces the techniques used in Improv Comedy and applies them to skills used in the OFFSEC field to enable the participants to better communicate, think on their feet, and gain confidence when operating in the unknown.

Join our quick start guide to building your very own Private AI! In this presentation, we'll explore the key differences between Public and Private AI and the components needed for success. You'll get hands-on experience setting up your development environment, preparing data for training, and using popular libraries to train a simple AI model. We'll also discuss best practices in AI development and provide guidance on evaluating and fine-tuning performance. Don't miss this opportunity to take control of your very own AI and build a system tailored to your unique needs and goals. Join us for an engaging and informative session that will empower you to start building your Private AI today!

We are meant to enjoy our lives; both personal, and professional. As human beings, and as professionals, we all have to learn how to cultivate even-mindedness, balance, and fortitude to meet life/work challenges. Cybersecurity is fascinating because it requires us to constantly learn, and find ways to optimize our process. Burnout is a huge problem many fields, but especially in Cybersecurity. Cultivating a mindfulness or meditation practice is one of the most efficient ways we can support our process, and manage the stress and anxiety that comes with our professional and personal lives.

The focus of this talk is not specifically on work, because it addresses thoughtful ways to approach every aspect of our lives from our mental and physical health, to our relationships both personally and professionally. Whether new to the industry or a seasoned veteran, this talk with give you some insights, guidance, and the opportunity to practice.

There is a huge gap in security and that gap is understanding the process for acquiring security tools. After buying security tools as an architect and selling as a sales engineer I know the process, pitfalls and gaps in the process. We will dive into the process for both sides. You will learn how you should be architecting your program and winning budget for those tools. We will also explore what happens on the sales side of deal. I will explain what to look out for and what you can take advantage of and the common mistakes we make.

Sales people are top tier social engineers we will explore how to hack them.

Get ready for a wild ride as Jennifer Shannon, a Senior Security Consultant at Secure Ideas, takes the stage to present "API-ocalypse" In this thrilling and entertaining session, Jennifer will showcase the vulnerabilities lurking within APIs and the havoc they can wreak if left unaddressed. Through live pentesting demos, she will demonstrate jaw-dropping exploits, mind-bending injection attacks, and authentication bypass techniques that will leave you on the edge of your seat. Join Jennifer as she navigates the dark side of API’s to help you understand and fortify your attack surface in order to prevent the impending API-ocalypse.