RVAsec 2018 has ended
View analytic

Log in to bookmark your favorites and sync them to your phone or calendar.

Business [clear filter]
Thursday, June 7


Demystifying Payments: Payment Technologies and Security Risks
Have you ever wanted to learn how payment technologies work? What happens when you pay for something on a website or using a cell phone? Payment technologies are a transparent part of our lives. They enable us pay for everything from a coffee to a car. In this talk we take a look at payment technologies past, present and future, and look at the security risks associated with them. Learn how payments have evolved and what transactions look like today.

avatar for Leigh-Anne Galloway

Leigh-Anne Galloway

Cyber Security Resilience Lead, Positive Technologies
Leigh-Anne Galloway is the Cyber Security Resilience Lead at Positive Technologies where she advises organizations on how best to secure their applications and infrastructure against modern threats. She is an expert in the Application Security Unit, specializing in ATM and POS Security... Read More →
avatar for Tim Yunusov

Tim Yunusov

Head of department, Positive Technologies
Timur Yunusov - Senior Expert of Banking systems security and author of multiple researches in field of application security including "Apple Pay replay attacks" showed at the BlackHat USA 2017, "Bruteforce of PHPSESSID", rated in Top Ten Web Hacking Techniques by WhiteHat Security... Read More →

Thursday June 7, 2018 11:00am - 11:50am


GDPR and You
The General Data Protection Regulation is the new law of the land for protecting personal information from the EU. The law has placed many US-based businesses in scope requiring compliance. In this talk we will review some of the challenges for compliance that you may encounter.

avatar for Bob Siegel

Bob Siegel

President, Privacy Ref, Inc.
Bob Siegel is the president and founder of Privacy Ref. Starting Privacy Ref in 2012, Bob took his experience as the Senior Manager of Worldwide Privacy and Compliance at Staples, Inc. and applied that to assisting companies implement and maintain strong privacy programs. Bob has... Read More →

Thursday June 7, 2018 1:00pm - 1:50pm


Hacking Intelligence - The Use, Abuse, and Misappropriation of Intel for for Fun and Mostly Profit
The appropriation of intelligence (and/or its art) within the security industry has raised the ire of many trained intelligence practitioners in the field. Some bemoan the fact that intelligence has been hijacked for profit with disregard of the discipline's basic tenets. These tenets include but are not limited to tradecraft, life cycle, theory, analysis, application, and generation of actionable intelligence. On the other side of the aisle, security leaders have been tasked to implement threat intelligence within their respective security programs (maybe *because it has become fashionable to do so). More than not, however, such goals have proven elusive. Further, security leaders who procure intelligence products marketed to them are often left feeling they've been sold a bill of goods when those products fail to deliver.

This talk shares the results from conversations between a security expert/professional trained in the field of intelligence and a practitioner/researcher/leader not classically trained in the discipline. We discuss the uses, abuses, and misappropriations of intel with the hopes of forging a better path forward in this subject area. We do this by asking questions like "What is cyber intelligence," "What does it look like and where is it going," and lastly, "How should it be used?"

To be covered:
•Tenets of intelligence
•The discipline of intelligence
•Why has CTI been in the “hype cycle”? Why do people care?
•What does cyber threat intelligence get us? Hacking the discipline

avatar for Mark Arnold

Mark Arnold

Sr. Dir/CISO, Navisite
Mark Arnold, PhD, GXPN, CISSP, CISM has more than 20 years of technical and senior leadership in the information security space. He’s an advisory board member for OWASP Boston, SOURCE Conference, Boston Application Security Conference (BASC), and InfoSecWorld 2018. He is CISO/Sr... Read More →

Thursday June 7, 2018 2:00pm - 2:50pm


How Do You Measure Expertise? A New Model for Cybersecurity Education
The industry relies upon a strong and knowledgeable talent base to protect both commercial and national interests, but without a more universal and standardized education model we still have an overall cybersecurity workforce shortage.

This session, designed both for leaders and learners, will explore the current training landscape, describe a model for the new/emerging cybersecurity profession and introduce a career model based on skills/knowledge that are mapped to the field. Participants will leave this session understanding all the tools available for cybersecurity managers to effectively grow the profession from the bottom up, top down, and through the middle via upskilling, reskilling, continuing education and mentoring. They will understand the foundations upon which a framework can be built to address the needs of the individual and the profession as a whole. Finally, participants will recognize the optimal way to balance qualitative measures in the cybersecurity profession (i.e. degree, certifications, etc) and qualitative ones (i.e. continuing education, practice, experience).

avatar for Simone Petrella

Simone Petrella

Chief Cyberstrategy Officer, CyberVista
Simone is Chief Cyberstrategy Officer at CyberVista where she leads product development and delivery of cybersecurity training and education curriculums as well as workforce initiatives for executives, cyber practitioners, and continuing education.Previously, Simone was a Senior Associate... Read More →

Thursday June 7, 2018 3:00pm - 3:50pm
Friday, June 8


Doxing Phishers: Analyzing Phishing Attacks from Lure to Attribution
This presentation will cover the various pieces of intelligence that can be collected from each stage of a phishing attack (lure, phishing site, phish kit) and discuss how each piece allows us to progress an investigation.  We will look at various analytical techniques that can be performed to track phishing campaigns and enhance detection.  The second half of the presentation will cover an in-depth, real-world case study of the practical application of these techniques, starting with a single phishing lure and ending with the identification of a primary phishing threat actor.

avatar for Crane Hasshold

Crane Hasshold

Director of Threat Intelligence, Phishlabs
Crane Hassold is the Director of Threat Intelligence at PhishLabs based out of Charleston, SC, where he oversees the Research, Analysis, and Intelligence Division (RAID). Prior to joining PhishLabs, Crane served as an Analyst at the FBI for more than 11 years, providing strategic... Read More →

Friday June 8, 2018 10:10am - 11:00am


Let’s build an OSS vulnerability management program!
Does your company use Open Source Software (OSS) libraries in the products that it builds? Do you worry that your customers and company will be exploited by these vulnerabilities because no one in your product development team is maintaining those libraries with vulnerability fixes? Well let’s do something about that.  

During this presentation, we will start from nothing and take steps to identify the OSS libraries that your company uses in order to build a bill of materials (BOM), we will then give examples of how to source threat intel on those libraries, and finally we will discuss strategies to remediate the vulnerabilities in our code repository so that we can keep our customers and company safe from malice.  

This presentation will be delivered from the perspective of a Product Security Response team protecting customers who deploy their company’s products. However, this presentation is also useful to those building and defending internally deployed applications.

avatar for Tyler Townes

Tyler Townes

Security Program Manager, BlackBerry
Tyler works at BlackBerry Product Security as a Security Program Manager and is the lead incident manager during emergency response events. His focus areas include SDLC, sustained engineering, vulnerability management, and risk management across multiple operating systems. He is currently... Read More →

Friday June 8, 2018 11:10am - 12:00pm


From Grief to Enlightenment: Getting the Executive Support for Information Security
Most information security professionals got into the field to enjoy the technical challenges of keeping the hackers at bay.  However, as information security has moved into the executive level of organizations, most professionals struggle to get connect with executives and get the support they need for their programs.  Karen Cole has been successfully handling the most ardent opponents of information security (think politicians, board members, and C-suite executives) for 16 years getting her clients what they need.  This session is focused on real-world actions you can take to get the support and resources for your program.  Leave your governance theory at the door.  This session is going to get real!

avatar for Karen Cole

Karen Cole

Co-Founder and Chief Executive Officer, Assura, Inc.
Although Karen grew up on a farm in Virginia, her family nicknamed her, “the black thumb of death” when it comes to plant life. So obviously that lead to a career in IT, not horticulture. She was a cybersecurity practitioner long before it was cool. Many call her a unicorn because... Read More →

Friday June 8, 2018 1:00pm - 1:50pm


Building a Better Catfish
Picture this, a Red Team and a Blue Team working together to make the organization more secure, and not just trying to prove that they are better then the other one. This is how we did it.

avatar for Nathaniel Hirsch

Nathaniel Hirsch

Director Red Team, Capital One
Nat Hirsch is the Director of the Red Team at a large financial institution. He has been doing Red Teaming, Pentesting, and other offensive focused security assessments for the last decade.

Friday June 8, 2018 2:00pm - 2:50pm