Category: Announcement

Speaker Feature: Robert Mitchell

rrmitch@sandia.gov

Robert Mitchell is currently a member of technical staff at Sandia National Laboratories. He received his Ph.D, M.S. and B.S. from Virginia Tech. Robert served as a military officer for six years and has over 10 years of industry experience, having worked previously at Boeing, BAE Systems, Raytheon and Nokia. His research interests include linkography, moving target defense, computer network operations, network security, intrusion detection and cyber physical systems. Robert has published 19 peer reviewed articles.

Recent Developments in Linkography Based Cyber Security

Cyber attacks on critical cyber systems are not decreasing in frequency or complexity. Aggressors choose the time and place of these engagements; protectors must identify, research and develop defensive techniques that provide an asymmetric advantage. A static, data-driven, preventative, automated defense is a losing strategy; an effective defense must be dynamic, behavioral, responsive and capitalize on a human in the loop. We propose human and machine performed linkography to detect, correlate, attribute and predict attacker behavior and present a moving, deceptive target. Recently, our team generated a technology transfer strategy for linkography based cyber security, proposed algorithms to extract and refine linkograph ontologies and subsessionize our input stream and completed our previous related machine learning work. Linkography has been in the literature for decades, and our investigation indicates it is an open, fertile topic for basic and applied cyber security research.

Come see me at RVAsec 2017. Register Now!


Speaker Feature: Robert Wood

bwood@nuna.comIMG_-jj4umt-3.jpg (2197×2197)

robertwood50

Robert Wood runs the security team at Nuna Health, whose core directive is to protect one of the nation’s largest collective healthcare data sets. Previously, Robert was a Principal Consultant at Cigital where he founded and led the red team assessment practice and worked with strategic clients across the United States in an advisory capacity.

Maintainability + Security = <3

The security and devops culture craze is all around us, even with all this talk though there are differences between security features and the maintainability of a system. This talk will focus on some real world examples of what can go wrong when a system isn’t built with maintainability in mind in a security minded culture. We will cover the political positioning battles that emerge, how security leaders can manage risk in these situations, and of course the technical challenges that creep into the picture over time.

Come see me at RVAsec 2017. Register Now!


Speaker Feature: Dan Holden

dan.holden@r-cisc.org

@desmondholden

Dan Holden is the CTO and Intelligence Director at R-CISC, the retail ISAC, where he focuses on new technology and service development as well as threat intelligence production and exchange. Previously he was the Chief Technology Strategist and Director of ASERT, Arbor’s Security Engineering and Response Team at Arbor Networks. There he was responsible for future product direction and security threat intelligence integration. He also led the team who oversees the ATLAS global security intelligence database, and are responsible for threat landscape monitoring and Internet security research including the reverse engineering of malicious code. He also managed the development and delivery of security content and countermeasures for Arbor’s industry leading DDoS technologies. Prior to Arbor, Dan was director of TippingPoint’s DVLabs and a founding member of IBM/ISS X-Force. While at TippingPoint, Dan grew the DVLab’s organization into a mature security research and development team delivering security content, intelligence portals, and reputation technology as well as overseeing the Zero Day Initiative (ZDI) program. Dan also helped build and define X-Force over the course of 12 years in various capacities ranging from development to product management. Dan has been in the security industry for over two decades specializing in vulnerability analysis, security research, and technology incubation. Dan is a frequent speaker at major industry conferences and has been quoted and featured in many top publications, radio and television.

Retailing Another Threat Landscape Story

Over the last several years, retail breaches have become some of the highest profile stories, but just like any other vertical target, the day-to-day offense and defense continues to evolve. The ebbs and flows of attackers and defenders don’t always make the news, which is a good thing, but what does the daily routine look like on the retail front? And, why should you care? You should care because at some level or another, we are the potential defenders, or consumers of these organizations, and retail has now become part of the modern attacker infrastructure.

Come see me at RVAsec 2017. Register Now!


Speaker Feature: Troy Marshall

troy.marshall@ellucian.comRTM.JPG (897×1173)

@rtroymarshall

How do you answer when someone asks what you do for a living? Troy Marshall’s answer—“I don’t make software, I make software better”—explains his career helping organizations build and scale programs to improve the quality, security, and performance of their software and systems. Troy is currently the Director, Application Security and Reliability in the Ellucian DevOps group where he focuses on helping development teams rapidly deliver highly secure and reliable SaaS solutions. Connect with Troy on LinkedIn and Twitter.

RoboCop- Bringing law and order to CICD

In the movie, RoboCop is given three primary directives: “Serve the public trust, Protect the innocent, and Uphold the law”. We built our own RoboCop in order to bring law and order to our CICD pipeline. DevOps practices are all about enabling fast and frequent delivery of new software. In order to keep pace in a DevOps culture, application security must be reliably integrated into the CICD pipeline.
In this talk, we will show how our small AppSec team combined automated tools along with human oversight in order to achieve our directives at scale, while winning the hearts and minds of our development teams.

Come see me at RVAsec 2017. Register Now!


Speaker Feature: Daniel Bohannon

daniel.bohannon@mandiant.com

@danielhbohannon

Daniel Bohannon is a Senior Incident Response Consultant at MANDIANT with over six years of operations and information security experience. His particular areas of expertise include enterprise-wide incident response investigations, host-based security monitoring, data aggregation and anomaly detection, and PowerShell-based attack research and detection techniques.
As an incident response consultant, Mr. Bohannon provides emergency services to clients when security breaches occur. He also develops new methods for detecting malicious PowerShell usage at both the host- and network-level while researching obfuscation techniques for PowerShell-based attacks that are being used by numerous threat groups.
Prior to joining MANDIANT, Mr. Bohannon spent five years working in IT operations and then leading the incident response team for an organization in the private retail industry.
Mr. Bohannon received a Master of Science in Information Security from the Georgia Institute of Technology and a Bachelor of Science in Computer Science from The University of Georgia.

Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@(‘Tech’,’niques’) -Join ”)

PowerShell is increasingly being used by advanced attackers and script kiddies alike in targeted attacks, commodity malware, and even ransomware. The most common usage involves PowerShell remotely downloading and running payloads entirely in memory, rendering many traditional detection mechanisms useless.
Detection has increasingly shifted to monitoring for this malicious activity via process command line arguments and parent-child process relationships. While this is a significant improvement there are numerous evasion techniques of which the Red Team and Blue Team should be aware.
For the past 1.5 years I have researched PowerShell obfuscation, evasion and advanced detection techniques. Picking up from where I left off in my recent presentations on Invoke-Obfuscation, in this presentation I will highlight my new tool Invoke-CradleCrafter. Additionally, I will introduce a new family of PowerShell obfuscation techniques and show how they can be applied to several new and obscure families of remote download cradles.

Come see me at RVAsec 2017. Register Now!


Speaker Feature: Ken Johnson

ken@nvisium.cominformal_Ken_Johnson.jpg (800×533)

@cktricky

Ken Johnson, CTO of nVisium, has been hacking web applications professionally for 8 years. Ken is both a breaker and builder and currently leads the nVisium product team. Previously, Ken has spoken at DerbyCon, AppSec USA, RSA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events. Ken is currently investing his time between OWASP’s Railsgoat, Elxir and Go, as well as all aspects of AWS offerings. Twitter: @cktricky

AWS Survival Guide 2.0

In this talk, we discuss harnessing existing AWS functionality to strengthen your organization’s AWS infrastructure against practical attacks. Ken will show you what attackers are looking for, how they are finding you, and how to secure your environment. Additionally, attendees will be given code that assists those using AWS in better understanding how their environment’s IAM policies are configured and automate tasks like S3 bucket policy review, volume encryption statuses, and security group configurations.

Come see me at RVAsec 2017. Register Now!


Speaker Feature: Jason Wonn

jasonwonn@gmail.com0fa24ce.jpg (368×368)

@wonnmeister

Jason Wonn is a tactical and results-focused information security leader with 25+ years of combined national intelligence, information assurance, and cyber threat intelligence expertise throughout the civilian and military sectors. Jason was a “Richmonder” prior to his cross-country move to Los Angeles where he is now a “cast-member” at The Walt Disney Company. He currently leads Disney’s Cyber Threat Intelligence effort, delivering thought leadership and serving as a trusted advisor to senior executives in the identification of cyber trends and threat intelligence analysis. Prior to Disney, Jason served in various threat intelligence roles as a government contractor with MITRE, Lockheed Martin, and CGI Federal in support of the FBI and 1st IO Command, US Army. He holds a B.S. in Computer Science from Tarleton State University in Texas and the CISSP industry certification.

TIP of the Spear: A Threat Intelligence Platform Acquisition

Military organizations have long known of the value of intelligence, but commercial entities only realized its importance in the last five years. Cyber Threat Intelligence (CTI) recently became a priority for the average commercial company who now requires a threat intelligence analysis capability. Are you a security-geek like Jason Wonn who was recently hired to provide that world-class CTI program for your company with very little time and an even smaller budget? …Good luck with that! Jason can’t present that solution in an hour, but he will guide you through the process to evaluate a Threat Intelligence Platform (TIP) and discuss how he made the metrics meaningful to the executives. In this talk, discover the benefits of employing a TIP and the technical evaluation of a TIP through requirements development to ensure it is measurable and meaningful to your leadership.

Come see me at RVAsec 2017. Register Now!


Badge Sponsor: Capital One

www.capitalone.com

@CapitalOne

Capital One

We are very pleased to announce that Capital One is the 2017 sponsor for our very cool badges! Please stop by and say hi to their representatives in the Capture the Flag room.

RVAsec 2017 Register now!


Speaker Feature: Derek Banks & Troy Wojewoda

Derek Banks

employee-db.jpg (1000×1000)

@0xderuke

Derek Banks is a Security Analyst for Black Hills Information Security and has over 20 years of experience in the IT industry starting as a systems administrator for multiple operating system platforms, moving on to monitoring and defending enterprise systems from potential intruders and performing vulnerability analysis and now as a penetration tester. He has worked in the aerospace, defense, banking, manufacturing, and software development industries.

Troy Wojewoda

@wojeblazereceived_10207991712082913

www.linkedin.com/in/troy-wojewoda-92387183
Troy has been in the IT and Infosec industry for over 10 years working in a wide array of roles such as application and system administration, network intrusion detection, wireless security, host and network digital forensics and incident response. Today, he leads the incident response team at his current employment and is also focused on cyber intel processing, IOC hunting, advanced adversary tracking, malware analysis and custom tool development. When Troy is not cybering the things, he enjoys being in the outdoors, taking things apart, home brewing and spending time with his wife and children. Troy currently holds a B.S. in Computer Engineering and Computer Science from Christopher Newport University and has multiple certifications, including: GSEC, GCIA, GCIH, GAWN, GREM, GCFA, GNFA, CISSP

Poor Man’s Spy vs. Spy – Analysis of Red Team Attack Techniques by Blue Team Forensicators

How advanced are the cyber attack techniques that are all over the news these days? Could you detect a determined attacker that gains a foothold in your network with open source host and network based monitoring tools? This talk will walk through an attack modeled after real world attacker techniques and show how you can detect and respond using custom and open source resources.

Come see us at RVAsec. Register Now!


Speaker Feature: Barry Kouns

barry@riskbasedsecurity.comkouns_barry.jpg (134×167)

@riskbased

Barry Kouns is CEO and principal consultant for Information Security Program services at Risk Based Security, Inc., an information security, threat intelligence, and risk management consultancy. Barry’s experience includes information security consulting, risk assessment and quality management. Barry has provided training, procedure development and pre-certification consulting services resulting in the successful ISO/IEC 27001 certification of more than three dozen organizations.
He has earned a B.S. in Statistics from Virginia Tech and a M.S. in Industrial Engineering Management from North Dakota State University. He has earned the CISSP designation, is a trained ISO /IEC 27001:2013 Auditor & ISMS Implementer, and is ITIL Foundation Certified.
Barry was a Captain in the United States Air Force and served as a B-52H Navigator/Bombardier.

Can Game Theory Save Us from Cyber Armageddon?

What can the movies “War Games” and Doctor Strangelove” teach us about avoiding a cyber Armageddon? The Mutual Assured Destruction (MAD) doctrine, first introduced in the 1960s, is largely attributed with preventing any full-scale conflicts between the United States and the Soviet Union. MAD was part of U.S. strategic doctrine which believed that nuclear war could best be prevented if neither side could defend itself against the other’s missiles. Although not talked about very much today, the ghost of MAD and the lessons it teaches remain even if people would rather not think about it. Join this interactive session as we explore the parallels and learn the lessons of the MAD doctrine as it applies to cyber warfare today. It’s the same thing that the computer Joshua learned, the only way to win in cyber warfare is not to play.

Come see me at RVAsec 2017. Register Now!