daniel.bohannon@mandiant.com

@danielhbohannon

Daniel Bohannon is a Senior Incident Response Consultant at MANDIANT with over six years of operations and information security experience. His particular areas of expertise include enterprise-wide incident response investigations, host-based security monitoring, data aggregation and anomaly detection, and PowerShell-based attack research and detection techniques.
As an incident response consultant, Mr. Bohannon provides emergency services to clients when security breaches occur. He also develops new methods for detecting malicious PowerShell usage at both the host- and network-level while researching obfuscation techniques for PowerShell-based attacks that are being used by numerous threat groups.
Prior to joining MANDIANT, Mr. Bohannon spent five years working in IT operations and then leading the incident response team for an organization in the private retail industry.
Mr. Bohannon received a Master of Science in Information Security from the Georgia Institute of Technology and a Bachelor of Science in Computer Science from The University of Georgia.

Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@(‘Tech’,’niques’) -Join ”)

PowerShell is increasingly being used by advanced attackers and script kiddies alike in targeted attacks, commodity malware, and even ransomware. The most common usage involves PowerShell remotely downloading and running payloads entirely in memory, rendering many traditional detection mechanisms useless.
Detection has increasingly shifted to monitoring for this malicious activity via process command line arguments and parent-child process relationships. While this is a significant improvement there are numerous evasion techniques of which the Red Team and Blue Team should be aware.
For the past 1.5 years I have researched PowerShell obfuscation, evasion and advanced detection techniques. Picking up from where I left off in my recent presentations on Invoke-Obfuscation, in this presentation I will highlight my new tool Invoke-CradleCrafter. Additionally, I will introduce a new family of PowerShell obfuscation techniques and show how they can be applied to several new and obscure families of remote download cradles.

Come see me at RVAsec 2017. Register Now!

ken@nvisium.com

@cktricky

Ken Johnson, CTO of nVisium, has been hacking web applications professionally for 8 years. Ken is both a breaker and builder and currently leads the nVisium product team. Previously, Ken has spoken at DerbyCon, AppSec USA, RSA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events. Ken is currently investing his time between OWASP’s Railsgoat, Elxir and Go, as well as all aspects of AWS offerings. Twitter: @cktricky

AWS Survival Guide 2.0

In this talk, we discuss harnessing existing AWS functionality to strengthen your organization’s AWS infrastructure against practical attacks. Ken will show you what attackers are looking for, how they are finding you, and how to secure your environment. Additionally, attendees will be given code that assists those using AWS in better understanding how their environment’s IAM policies are configured and automate tasks like S3 bucket policy review, volume encryption statuses, and security group configurations.

Come see me at RVAsec 2017. Register Now!

jasonwonn@gmail.com

@wonnmeister

Jason Wonn is a tactical and results-focused information security leader with 25+ years of combined national intelligence, information assurance, and cyber threat intelligence expertise throughout the civilian and military sectors. Jason was a “Richmonder” prior to his cross-country move to Los Angeles where he is now a “cast-member” at The Walt Disney Company. He currently leads Disney’s Cyber Threat Intelligence effort, delivering thought leadership and serving as a trusted advisor to senior executives in the identification of cyber trends and threat intelligence analysis. Prior to Disney, Jason served in various threat intelligence roles as a government contractor with MITRE, Lockheed Martin, and CGI Federal in support of the FBI and 1st IO Command, US Army. He holds a B.S. in Computer Science from Tarleton State University in Texas and the CISSP industry certification.

TIP of the Spear: A Threat Intelligence Platform Acquisition

Military organizations have long known of the value of intelligence, but commercial entities only realized its importance in the last five years. Cyber Threat Intelligence (CTI) recently became a priority for the average commercial company who now requires a threat intelligence analysis capability. Are you a security-geek like Jason Wonn who was recently hired to provide that world-class CTI program for your company with very little time and an even smaller budget? …Good luck with that! Jason can’t present that solution in an hour, but he will guide you through the process to evaluate a Threat Intelligence Platform (TIP) and discuss how he made the metrics meaningful to the executives. In this talk, discover the benefits of employing a TIP and the technical evaluation of a TIP through requirements development to ensure it is measurable and meaningful to your leadership.

Come see me at RVAsec 2017. Register Now!

Derek Banks

@0xderuke

Derek Banks is a Security Analyst for Black Hills Information Security and has over 20 years of experience in the IT industry starting as a systems administrator for multiple operating system platforms, moving on to monitoring and defending enterprise systems from potential intruders and performing vulnerability analysis and now as a penetration tester. He has worked in the aerospace, defense, banking, manufacturing, and software development industries.

Troy Wojewoda

@wojeblaze

www.linkedin.com/in/troy-wojewoda-92387183
Troy has been in the IT and Infosec industry for over 10 years working in a wide array of roles such as application and system administration, network intrusion detection, wireless security, host and network digital forensics and incident response. Today, he leads the incident response team at his current employment and is also focused on cyber intel processing, IOC hunting, advanced adversary tracking, malware analysis and custom tool development. When Troy is not cybering the things, he enjoys being in the outdoors, taking things apart, home brewing and spending time with his wife and children. Troy currently holds a B.S. in Computer Engineering and Computer Science from Christopher Newport University and has multiple certifications, including: GSEC, GCIA, GCIH, GAWN, GREM, GCFA, GNFA, CISSP

Poor Man’s Spy vs. Spy – Analysis of Red Team Attack Techniques by Blue Team Forensicators

How advanced are the cyber attack techniques that are all over the news these days? Could you detect a determined attacker that gains a foothold in your network with open source host and network based monitoring tools? This talk will walk through an attack modeled after real world attacker techniques and show how you can detect and respond using custom and open source resources.

Come see us at RVAsec. Register Now!

barry@riskbasedsecurity.com

@riskbased

Barry Kouns is CEO and principal consultant for Information Security Program services at Risk Based Security, Inc., an information security, threat intelligence, and risk management consultancy. Barry’s experience includes information security consulting, risk assessment and quality management. Barry has provided training, procedure development and pre-certification consulting services resulting in the successful ISO/IEC 27001 certification of more than three dozen organizations.
He has earned a B.S. in Statistics from Virginia Tech and a M.S. in Industrial Engineering Management from North Dakota State University. He has earned the CISSP designation, is a trained ISO /IEC 27001:2013 Auditor & ISMS Implementer, and is ITIL Foundation Certified.
Barry was a Captain in the United States Air Force and served as a B-52H Navigator/Bombardier.

Can Game Theory Save Us from Cyber Armageddon?

What can the movies “War Games” and Doctor Strangelove” teach us about avoiding a cyber Armageddon? The Mutual Assured Destruction (MAD) doctrine, first introduced in the 1960s, is largely attributed with preventing any full-scale conflicts between the United States and the Soviet Union. MAD was part of U.S. strategic doctrine which believed that nuclear war could best be prevented if neither side could defend itself against the other’s missiles. Although not talked about very much today, the ghost of MAD and the lessons it teaches remain even if people would rather not think about it. Join this interactive session as we explore the parallels and learn the lessons of the MAD doctrine as it applies to cyber warfare today. It’s the same thing that the computer Joshua learned, the only way to win in cyber warfare is not to play.

Come see me at RVAsec 2017. Register Now!

Roman Bohuk

netspark@metactf.com   

@RomanBohuk

Roman Bohuk is an about-to-graduate senior at Deep Run High School. He has been a part of the Center for Information Technology at his school where he was introduced to both theoretical and applied computer science, some cybersecurity topics, and project management. In the past, Roman was fortunate to meet a few industry professionals, which enabled him to participate in several security and programming conferences and contests. Roman’s experiences and observations prompted him to look for ways to help other students with fewer opportunities to explore the computer science field. Together with Jake, Roman is a co-creator of MetaCTF, a small organization that has hosted CTF contests at schools, universities, and security contests for over 3 years.

Jake Smith 

ion28@metactf.com    

@jtsmith282

Jake Smith has just finished up his senior year at Deep Run High School as part of the Center for Information Technology (CIT) program. Over the last four years through competing in competitions such as CyberPatriot and various CTFs, Jake discovered his passion – cybersecurity – which he plans to pursue in college. He is also the co-creator of MetaCTF, a cybersecurity capture-the-flag competition designed to help middle and high school students learn and practice their “hacking” skills all while in a safe, open environment.

Think of the Children: Preparing the Next Generation of Security Specialists

Undoubtedly, cybersecurity is one of the hottest topics in today’s industry. For example, a Cisco report from a few years ago estimates there to be over 1 million unfilled cybersecurity positions worldwide. But how are we preparing people to fill this critical job gap? What kinds of skills should be taught and do current programs do a good job of preparing students? How do you teach “the security mindset”?
This talk will discuss a few issues (and solutions!) as seen by high school students who are interested in the cybersecurity field. How can industry professionals and organizations help train the people capable of securing their businesses? Join this session to learn some of the ways you or your company could get involved.

Come see us at RVAsec 2017. Register Now!

grayson.walters@tax.virginia.gov

@grandomthoughts

Grayson Walters has over 20 years of Information Technology and Information Security experience. Currently, he serves as the Information Security Officer for the Virginia Department of Taxation. Previously, Grayson served as the Information Security Officer for the Virginia State Corporation Commission. His prior positions include leading the security engineering branch of a Richmond based IT consulting firm where he oversaw penetration testing, security policy development and security product implementation activities for dozens of clients. Grayson also served as the Lead Network Architect for Standing Joint Force Headquarters – Homeland Security after his enlistment in the US Navy.
Grayson currently serves on the Commonwealth Information Security Council, and recently served on committees sponsored by the Office of the Director of National Intelligence, and Homeland Security.
Grayson holds an M.S. in Computer and Information Systems Security from Virginia Commonwealth University and a B.S. in Computer Information Systems Security from Strayer University.

Building a pentest program on a shoestring budget

You don’t have $85,000 laying around to bring in an external pentest vendor. Even if you did, you’re afraid your program is so full of holes you will be overwhelmed by the findings. Even worse, if they do a bad job and fail to get in, it will reinforce the organization’s false sense of security. What are your options; do nothing, continue worrying about the specter looming in the darkness? No, you pull together a rag tag group of spunky upstarts and get the job done yourself. No budget, no problem. In this talk, we’ll cover options that can fit into your standard operations, without having to beg for budget. Even if you are privileged with a strong budget, scheduled external pentests, and ongoing security operations, you can pick up some tips on how to integrate self-tests to validate the controls you implemented in your remediation process.

Come see me at RVAsec 2017. Register Now!

jdorrough1@gmail.com

@jdorrough1

Jeremy has built his career around protecting assets in the most critical IT sectors. He started his career working in a Network Operations Security Center for the US Army. He then went on to work as a Network Security Engineer defending Dominion’s North Anna Nuclear Power Station. He also spent a couple years as a Senior Network Security Engineer/Architect at Genworth Financial. Currently Jeremy works as an Advanced Solutions Architect for Comm Solutions Company focusing on named accounts in the Central VA area. He has presented at DefCon, UNC, JMU, ECPI, FBI Infragard and holds or has held CISSP, CISM, CEH, GIAC GPPA, CCSK, CCNA. Jeremy has spent over 10 years researching and implementing new ways to defend against the latest attacks. He is happily married and a father to two soon to be hackers.

Zero Trust “Lite” Architecture to Securely Future-Proof Your Network

The traditional 3-tier data center architecture model continues to challenge security professionals who are tasked with embracing a highly mobile workforce. I and many others were taught years ago that we must design an onion like perimeter that has a trusted user base and critical data living inside a well-protected perimeter. Forrester turned this model on its head when they coined the term “Zero Trust” in a report published in 2010. I prefer not to speak in absolutes, so I’ll proposed an alternate, more flexible approach to implementing the Zero Trust methodology. Instead of eating the elephant, I’ll show how implementing bite sized portions of the Zero Trust model will help future proof your organization against challenges such as BYOD, SaaS offerings, Cloud hosted resources, mobile workers, and the ever increasing compliance requirements on segmentation.

Come see me at RVAsec 2017. Register Now!