RVAsec 15

Welcome to RVAsec 15!

Remarks will be provided about what to expect at the conference and many thanks to our volunteers and sponsors for making it possible.

We will also have short presentations on CTF, Badge, and Lock Picking.

Speakers

Jake Kouns

Founder, RVAsec

Jake is the founder of RVAsec and was previously the CEO for Risk Based Security that provides vulnerabilities and data breach intelligence. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Kouns has presented at many well-known... Read More →

Peter Warasila

Badge Man, HackRVA

Roman Bohuk

CEO, SkillBit (formerly MetaCTF)

Roman Bohuk is co-founder and CEO of MetaCTF, a cyber skills platform that helps companies assess, recruit, retain, and upskill cyber talent. We specialize in competition-based exercises, such as on-demand labs, traditional jeopardy-style CTFs, and attack & defense CTFs that can be... Read More →

Nicholas Popovich

Future CEO, Rotassec

Tuesday June 9, 2026 9:00am - 9:30am EDT
Upstairs, Grand Ballroom D/E/F/G

Informational

9:30am EDT

Sherrod DeGrippo - Keynote

Tuesday June 9, 2026 9:30am - 10:30am EDT

Sherrod DeGrippo serves as the Deputy CISO for Microsoft’s Customer Security Management Office (CSMO), where she guides threat intelligence strategy and strengthens customer-focused security initiatives. She was recognized as Cybersecurity Woman of the Year (2022) and Cybersecurity PR Spokesperson of the Year (2021), and she hosts the Microsoft Threat Intelligence Podcast, providing timely...
See More →

Speakers

Sherrod DeGrippo

GM Global Threat Intelligence, MICROSOFT

Tuesday June 9, 2026 9:30am - 10:30am EDT
Upstairs, Grand Ballroom D/E/F/G

Keynote

10:30am EDT

Vendor Break & Room Change

Tuesday June 9, 2026 10:30am - 11:00am EDT

Break and room change.We need all attendees to leave the ballroom quickly as possible so we can split the room for sessions.Go see our vendors in the Expo!Menu:Assorted Mini Cheesecake Bites GF/Vegan House Made “Free Raw Bars” - Only Available Upon Request For any GF you must have contacted us prior to the conference!Beverages: Starbucks Regular and Decaf Coffee, Assorted Pepsi Sodas,...
See More →

Tuesday June 9, 2026 10:30am - 11:00am EDT
Downstairs, Capital Ballroom

Vendor Break

10:30am EDT

HackRVA Badge Training & Repair

Tuesday June 9, 2026 10:30am - 4:30pm EDT

Downstairs, Foyer

Come learn about your badge, get it fixed if there are any issues and talk to HackRVA!HackRVA is a member-run and organized non-profit makerspace in Richmond, Virginia. HackRVA is a space filled with tools, computers, and people who like to build, invent, tinker, expand their minds, and learn and share new skills. You’ll find a diverse group of individuals who are into electronics, woodworking,...
See More →

Tuesday June 9, 2026 10:30am - 4:30pm EDT
Downstairs, Foyer

Village

10:30am EDT

Lock Picking Village and Contest

Tuesday June 9, 2026 10:30am - 5:00pm EDT

Downstairs, Shenandoah

A variety of example locks, from simple to extremely hard, along with a picks of all shapes and sizes will be available in our lock pick village.Stop by and have some fun testing your skills! Provided hand sanitizer will be required to help reduce the modern risks while we explore the oldest security mechanism on earth!If you fancy yourself a strong picker or have a competitive streak, we are...
See More →

Tuesday June 9, 2026 10:30am - 5:00pm EDT
Downstairs, Shenandoah

Village

11:00am EDT

A Peek Behind the Curtain: How A.I. Works

Tuesday June 9, 2026 11:00am - 11:50am EDT

“A Peek Behind the Curtain: How A.I. Works” offers a clear, non-technical tour of how modern AI systems learn from data and generate predictions or content. The talk demystifies key concepts like training, inference, and model limitations so attendees can better understand what AI can—and can’t—do.

Speakers

David Reign

Security Engineer, Oracle

David Reign is a Security Analyst at Oracle with seven years of experience in information security, including three years supporting enterprise environments at scale. His work focuses on cloud security, virtualization, and strengthening security posture through practical risk management... Read More →

Tuesday June 9, 2026 11:00am - 11:50am EDT
Downstairs, Madison / Jefferson / Monroe

101

11:00am EDT

Empathy, Not Telepathy: How Embedded Engineering Context Scale Cyber Response

Tuesday June 9, 2026 11:00am - 11:50am EDT

The real issue of AI isn't just the speed of the adversary, but the unprecedented noise they’ve created which makes finding the signal through traditional means nearly impossible. This talk explores how embedding engineers into the cyber lifecycle helps drown out the noise and empowers analysts to focus on high-leverage response at scale.

Speakers

Kyle Flaherty

Head of Cyber Intelligence Engineering, Capital One

Kyle is based out of Richmond and leads the Cyber Intelligence Engineering function at Capital One, where his teams work directly with Cyber Intelligence Analysts to empower them to respond at scale.

Kyle has spent 7 years at Capital One and has prior security work with the U.S. Navy and NSA. His interest in Cyber is rooted in service: a love for technology combined with a desire to serve, inspired by growing up in a military family. Kyle holds a degree in Computer Science from... Read More →

Tuesday June 9, 2026 11:00am - 11:50am EDT
Upstairs, Grand Ballroom D/E

Business

11:00am EDT

Hacking Customized IDE Distributions: Methodology Behind Six Figures in Bug Bounties

Tuesday June 9, 2026 11:00am - 11:50am EDT

Customized IDE distributions pose a lucrative attack surface due to the interconnected systems they interact with, usually highly privileged. This talk covers high level technical ecosystem architectures, IDE threat modeling, common attack vectors, and takes a stab at defining an IDE exploitation kill chain. While specific bug bounty targets and findings remain undisclosed, the methodology...
See More →

Speakers

Nick Copi

Full Time Bug Bounty Hunter

Nick Copi is a full time bug bounty hunter targeting web applications, cloud infrastructure, desktop apps, and pretty much anything with an attack surface. His background spans application security engineering, full stack development, and a long track record of CTF competition wins... Read More →

Tuesday June 9, 2026 11:00am - 11:50am EDT
Upstairs, Grand Ballroom F/G

Technical

11:50am EDT

Lunch

Tuesday June 9, 2026 11:50am - 1:00pm EDT

Downstairs, Foyer

“Salad Bag Lunch”Entree Sized Garden Salad with Blackened Chicken (Ranch Dressing on the side; Balsamic Dressing upon request) Bread & Butter, Orange, Lemon Bar Included Entree Sized Garden Salad w/ Grilled Portabella (GF/Vegetarian - Limited Qtys, Balsamic Dressing upon request) GF Bread & Butter, Orange, GF Dessert IncludedBeverages: Starbucks Regular and Decaf Coffee, Assorted Pepsi...
See More →

Tuesday June 9, 2026 11:50am - 1:00pm EDT
Downstairs, Foyer

Food

1:00pm EDT

Building Custom Detections with Zeek and Spicy

Tuesday June 9, 2026 1:00pm - 1:50pm EDT

Discover how to use Zeek in order to create custom detections for network threats. We will go over how to create a real detection using Zeek via scripting, protocol analysis, and log analysis.Zeek is a network monitoring tool that analyzes network traffic with custom analyzers and produces logs. This talk will go over a real threat from beginning to end. This talk will walk through a Redis RCE...
See More →

Speakers

Evan Typanski

Senior Software Engineer, Corelight

Evan is currently a software engineer at Corelight, a network monitoring startup. He is on the open source team, where he works as a maintaner for the Zeek project. His focus is on compilers and low level networking.

Before joining Corelight, Evan worked on static code analysis (SAST) for languages like C/C++, Swift, and Rust. He graduated from the University of Virginia with a BS in Computer Science in 2020... Read More →

Tuesday June 9, 2026 1:00pm - 1:50pm EDT
Downstairs, Madison / Jefferson / Monroe

101

1:00pm EDT

Secure by Design, Trusted Through Compliance

Tuesday June 9, 2026 1:00pm - 1:50pm EDT

This talk will challenge listeners to redefine the traditional technical vs compliance mindset and thing of security as risk management. Whether it's technical or contractual risk we should all be focused on the same goal of reducing material impacts to our organizations. It will walk through a model in which compliance is built upon strong technical foundations and becomes a mechanism...
See More →

Speakers

Michael Darling

Principal Consultant, Solstice Security

As CEO of Solstice Security, Michael Darling delivers exceptional results with 25+ years of leadership across federal government, military, and private sectors As CISO at Venable LLP, one of the biggest law firms in the world, he built and executed a $15M+ comprehensive security... Read More →

Tuesday June 9, 2026 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom D/E

Business

1:00pm EDT

I Called Your AI Agent and It Told Me Everything: Live Voice AI Red Teaming

Tuesday June 9, 2026 1:00pm - 1:50pm EDT

You'll leave this talk understanding:How voice AI agents are architecturally different from text chatbotsThe specific attack vectors unique to voice: transcription manipulation, DTMF injection, audio-layer prompt injection, and social engineering through vocal toneA repeatable methodology for testing voice AI systems in your own organizationConcrete remediation strategies for the most common...
See More →

Speakers

Brian Cardinale

Principal Security Researcher, SecureCoders

Brian Cardinale is the Principal Security Researcher at SecureCoders and creator of the TEAPOT methodology for voice AI red teaming. He holds a CISSP and has spent his career breaking things that aren't supposed to break. Brian built VoiceGoat, the first open-source vulnerable voice... Read More →

Tuesday June 9, 2026 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

1:00pm EDT

CTF Prep

Tuesday June 9, 2026 1:00pm - 4:00pm EDT

Downstairs, Capital Ballroom / Middle

Come prep and learn more about the CTF contest!

Tuesday June 9, 2026 1:00pm - 4:00pm EDT
Downstairs, Capital Ballroom / Middle

CTF

1:00pm EDT

Birds of a Feather (BoF)

Tuesday June 9, 2026 1:00pm - 4:45pm EDT

Downstairs, Dominion

BoF talks are quick, informal 15-minute talks or discussions led by attendees and sponsors.We do our best to provide a great conference schedule, but we also know many of you have topics you want to discuss, ideas you want to share, and things you want to hear more about from our sponsors and the community.This room is designed for that.Have something to say? Want to lead a quick...
See More →

Tuesday June 9, 2026 1:00pm - 4:45pm EDT
Downstairs, Dominion

Birds of a Feather (BoF)

1:50pm EDT

Vendor Break

Tuesday June 9, 2026 1:50pm - 2:00pm EDT

Go see our vendors in the Expo!

Beverages: Starbucks Regular and Decaf Coffee, Assorted Pepsi Sodas, Hot Water with Assorted TAZO Herbal Teas, available throughout the day. Water stations will be located in all rooms upstairs and downstairs.

Tuesday June 9, 2026 1:50pm - 2:00pm EDT
Downstairs, Capital Ballroom

Vendor Break

2:00pm EDT

Troubleshooting: Where Information Meets WTF

Tuesday June 9, 2026 2:00pm - 2:50pm EDT

As an Offensive Security Consultant, I often joke that my job is 90% troubleshooting and 10% breaking things. Truthfully, developing the skill and methodology for finding the right information, tools, or techniques and implementing them when things get borked is at the heart of hacking. Similarly, that same skill if applied to our attitude, health, relationships, and career can make the difference...
See More →

Speakers

Aqeel Yaseen

Offensive Security Consultant, RedHelm

Aqeel Yaseen transitioned into Offensive Security from over a decade of teaching yoga and mentoring mindfulness based retreats professionally, and is currently working with RedHelm. That might seem like a curious combination, but Pentesting and teaching yoga both help people cultivate... Read More →

Tuesday June 9, 2026 2:00pm - 2:50pm EDT
Downstairs, Madison / Jefferson / Monroe

101

2:00pm EDT

No Breach Required: $52 Million in Cybersecurity Fraud Settlements Built on Paperwork, Not Incidents

Tuesday June 9, 2026 2:00pm - 2:50pm EDT

We present original research quantifying the gap between what federal contractors certify about their security posture and what vulnerability telemetry actually shows, combining data science with False Claims Act enforcement analysis to estimate the real FCA exposure across the defense industrial base. We then ask whether the industry's own risk-scoring tools, built to make triage rational, are...
See More →

Speakers

Max Voldman

Partner, Whistleblower Partners LLP

Max Voldman is a partner at Whistleblower Partners LLP, in Washington DC. Max’s practice is focused on representing whistleblowers under the federal False Claims Act and numerous state law equivalents, and the whistleblower programs of the Securities and Exchange Commission. Max... Read More →

Michael Roytman

CTO, Empirical Security

Michael Roytman is the CTO of Empirical Security. Previously, he was the Chief Data Scientist of Kenna Security, and a Distinguished Engineer at Cisco. He served on boards for the Society of Information Risk Analysts, Cryptomove, and Social Capital. He was the co-founder and executive... Read More →

Tuesday June 9, 2026 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom D/E

Business

2:00pm EDT

Social Engineering The Machine: When Your Target Runs On Attention Instead Of Anxiety

Tuesday June 9, 2026 2:00pm - 2:50pm EDT

Every AI talk this year will tell you prompt injection is a problem. This one gives you the methodology to actually exploit it. Borrowing from decades of adversarial human testing, we’ll move past "vibes" and "jailbreak screenshots" to build a working, repeatable framework for social engineering the machine.

Speakers

Jason Ross

Security, Salesforce

With 20+ years in cyber security, Jason Ross now performs adversarial testing and defense of deployed generative AI applications, agentic systems, and the LLMs powering them at Salesforce. Jason's work focuses on prompt injection attacks and defense, model governance and security... Read More →

Tuesday June 9, 2026 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

2:50pm EDT

Vendor Break

Tuesday June 9, 2026 2:50pm - 3:00pm EDT

Go see our vendors in the Expo!

Menu:

Warm Chocolate Chip Cookies
GF Cookies Only Available Upon Request (Limited Quantities Available)
Cold Chocolate Milk and 2% Milk

Beverages: Starbucks Regular and Decaf Coffee, Assorted Pepsi Sodas, Hot Water with Assorted TAZO Herbal Teas, available throughout the day. Water stations will be located in all rooms upstairs and downstairs.

Tuesday June 9, 2026 2:50pm - 3:00pm EDT
Downstairs, Capital Ballroom

Vendor Break

3:00pm EDT

Beyond the Tip of the Iceberg: Undercover HUMINT Operations Inside the Ransomware Ecosystem

Tuesday June 9, 2026 3:00pm - 3:50pm EDT

Ransomware attacks are the visible event. The access economy enabling them is not. This session maps that economy — how access is acquired, automated, and converted into ransomware deployment — using intelligence from years of undercover operations inside the criminal underground. Attendees will leave with a working model of how initial access brokers operate, and a concrete illustration of...
See More →

Speakers

Thomas N.

Director of Intelligence, Darkweb IQ

Thomas Nance is the Director of Intelligence Services at Darkweb IQ and a former CIA Operations Officer, where he conducted espionage and counterterrorism missions built on human source development and clandestine collection. He specializes in applying HUMINT tradecraft to cybercrime... Read More →

Tuesday June 9, 2026 3:00pm - 3:50pm EDT
Downstairs, Madison / Jefferson / Monroe

101

3:00pm EDT

Gigawatts and Governance: The Data Security Crisis No One Is Talking About

Tuesday June 9, 2026 3:00pm - 3:50pm EDT

Gigawatts of power. Trillions in investment. A data security crisis hiding in plain sight. The explosive growth of AI data centers has created an infrastructure layer most security frameworks were never designed to govern. When ownership of that infrastructure determines who truly controls the data inside it, conventional perimeter thinking is not enough. This session makes the case that...
See More →

Speakers

Nancy Coblenz

President, Stellenium

Nancy Coblenz is President of Stellenium Corporation and Co-Founder of Family Office Group. Her work sits at the intersection of AI infrastructure, national digital policy, and full-stack systems deployment across emerging markets.

With over 15 years in technology strategy and large-scale systems implementation, Nancy previously served as CEO of MyBrand AI, an enterprise AI strategy and implementation firm. Prior to that, she held executive leadership roles in private equity and a multibillion-dollar global... Read More →

Tuesday June 9, 2026 3:00pm - 3:50pm EDT
Upstairs, Grand Ballroom D/E

Business

3:00pm EDT

Robots vs Robots – Securing AI and the Data that Powers It

Tuesday June 9, 2026 3:00pm - 3:50pm EDT

As AI systems, copilots, and autonomous workflows proliferate, defenders must secure not only the data that fuels them, but the AI behaviors, access paths, and automation they introduce. Robots vs. Robots explores how organizations can protect AI systems end‑to‑end by controlling data exposure, governing AI access, and using automation to stay ahead of adversaries.

Speakers

Daniela Lulli

Manager of Sales Engineering, Varonis

Daniela Lulli leads Varonis Sales Engineering in the Mid Atlantic, partnering with enterprise and public sector organizations to secure their most sensitive data and build resilient, scalable security programs. She has also served as a trusted advisor for Department of Defense, UN... Read More →

Tuesday June 9, 2026 3:00pm - 3:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

3:50pm EDT

Vendor Break

Tuesday June 9, 2026 3:50pm - 4:00pm EDT

Tuesday June 9, 2026 3:50pm - 4:00pm EDT
Downstairs, Capital Ballroom

Vendor Break

4:00pm EDT

Community is a Control: Strengthening Cybersecurity Through Connection

Tuesday June 9, 2026 4:00pm - 4:50pm EDT

In cybersecurity, we spend a lot of time talking about new CVEs, what tools could fill this gap, how can we automate this, and how we can use AI here. We debate coverage, stack optimization, and detection engineering. At the same time, many teams are operating under negative budgets, understaffing, and constant pressure to do more with less.What we don’t talk about enough is the role people play...
See More →

Speakers

Chelsea Bryan

Security Operations Specialist, VCU

Chelsea Bryan is a Security Operations Analyst at Virginia Commonwealth University with four years of hands on experience supporting enterprise security operations in a complex higher education environment. She works daily with SIEM platforms, endpoint detection and response tools... Read More →

Tuesday June 9, 2026 4:00pm - 4:50pm EDT
Downstairs, Madison / Jefferson / Monroe

101

4:00pm EDT

Breaking Tokens: Modern Attacks on OAuth, OIDC, and JWT Auth Flows

Tuesday June 9, 2026 4:00pm - 4:50pm EDT

As applications embrace OAuth, OIDC, and JWTs for federated authentication, attackers are shifting focus to token abuse and logic flaws rather than password theft.This talk explores how modern auth systems can be compromised through token replay, session fixation, and insecure implementation of identity protocols.We’ll walk through real-world examples — including intercepted tokens, replayed...
See More →

Speakers

Bhaumik Shah

CEO, SecurifyAI

Bhaumik Shah is a cybersecurity leader and founder of Securify, where he helps organizations secure their cloud, applications, and infrastructure through penetration testing, red team operations, and compliance programs like SOC 2 and ISO 27001. With over a decade of experience uncovering... Read More →

Tuesday June 9, 2026 4:00pm - 4:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

4:50pm EDT

Day 1 - Closing

Tuesday June 9, 2026 4:50pm - 5:00pm EDT

Remarks will be provided on Day 1, and what to expect for the rest of the evening and Day 2.

Speakers

Chris Sullo

Founder, RVAsec

Jake Kouns

Founder, RVAsec

Tuesday June 9, 2026 4:50pm - 5:00pm EDT

Informational

5:00pm EDT

Vendor Break & Room Change

Tuesday June 9, 2026 5:00pm - 5:30pm EDT

Grab a drink and go see the vendors one more time in the Expo downstairs before the after party starts!

Bars open in Foyer while you wait for the After Party to be ready!
Food service will begin at 5:30pm inside the Ballroom; bars move inside as well.

Tuesday June 9, 2026 5:00pm - 5:30pm EDT
Downstairs, Capital Ballroom

Vendor Break

5:30pm EDT

RVAsec After Party

Tuesday June 9, 2026 5:30pm - 9:00pm EDT

Please register if you haven't to ensure we have proper amounts of food!https://www.eventbrite.com/e/rvasec-15-after-party-music-bingo-bbq-tickets-1989070845443Here is what we have lined up:DJBackyard BBQMusic BingoAnd plenty of time to hang out with fellow attendees, speakers, sponsors, and friendsIf you have never played before, think of it as bingo with a soundtrack. Instead of numbers being...
See More →

Tuesday June 9, 2026 5:30pm - 9:00pm EDT
Upstairs, Grand Ballroom D/E/F/G

Social

7:59am EDT

Registration

Wednesday June 10, 2026 7:59am - 5:00pm EDT

Upstairs, Desk

If you were not able to attend Day 1, please proceed upstairs to register.
If you were able to register no need to go back to registration.

If you have any questions or issues please stop by for help.

This is also where you can turn in your Passport for Prizes.

WiFi sponsored by RVAsec:
Network is "RVAsec"
Password is "Nevermore!"

Wednesday June 10, 2026 7:59am - 5:00pm EDT
Upstairs, Desk

Informational

8:00am EDT

Breakfast - Day 2

Wednesday June 10, 2026 8:00am - 8:50am EDT

Downstairs, Foyer

Come downstairs and enjoy breakfast before the Day 2 welcome session!Reminder the session starts earlier on day 2, be in your seats by 8:50am!Menu:Sliced Seasonal Fresh Fruit (GF, Vegetarian) Scrambled Eggs (GF, Vegetarian) Thick and Creamy Homestyle Cheese Grits (GF, Vegetarian) Breakfast Sandwiches: Pork Sausage on Biscuit or Vegetarian Plant Based Patty on GF Bun Cranberry and Orange...
See More →

Wednesday June 10, 2026 8:00am - 8:50am EDT
Downstairs, Foyer

Food

8:50am EDT

Welcome - Day 2

Wednesday June 10, 2026 8:50am - 9:00am EDT

Welcome to Day 2 RVAsec 15!

Remarks will be provided about what to expect at the conference and many thanks to our volunteers and sponsors for making it possible.

Speakers

Jake Kouns

Founder, RVAsec

Wednesday June 10, 2026 8:50am - 9:00am EDT
Upstairs, Grand Ballroom D/E/F/G

Informational

9:00am EDT

Dave Lewis - Keynote

Wednesday June 10, 2026 9:00am - 10:00am EDT

Dave has 30+ years of industry experience. He has extensive experience in IT security operations and management. Dave is the Global Advisory CISO for 1Password. He is the founder of the security site Liquidmatrix Security Digest & podcast. Dave also hosts the Chasing Entropy Podcast. He was a member of the board of directors for BSides Las Vegas for 8 years. He currently serves on the advisory...
See More →

Speakers

Dave Lewis

Global Advisory CISO, 1Password

Wednesday June 10, 2026 9:00am - 10:00am EDT
Upstairs, Grand Ballroom D/E/F/G

Keynote

10:00am EDT

Vendor Break and Room Change

Wednesday June 10, 2026 10:00am - 10:30am EDT

Break and room change. We need all attendees to leave the ballroom quickly as possible so we can split the room for sessions.Go see our vendors in the Expo!Menu:Vanilla Cupcakes ( w/ Vanilla Icing - Heath, Oreo and Sprinkle Toppings) Gluten Free Option Upon Request (Limited Quantities)Beverages: Starbucks Regular and Decaf Coffee, Assorted Pepsi Sodas, Hot Water with Assorted TAZO Herbal Teas,...
See More →

Wednesday June 10, 2026 10:00am - 10:30am EDT
Downstairs, Capital Ballroom

Vendor Break

10:00am EDT

CTF Competition

Wednesday June 10, 2026 10:00am - 3:00pm EDT

Downstairs, Capital Ballroom / Middle

As many of you know, we pride ourselves with this CTF being an all-inclusive learning CTF and not just a ‘stump the chump / who’s the best engineer in the room’ kind of CTF. That said, we need volunteers to come up with fresh ideas, challenges, and setups that are both fun and informative. Additionally, we do want to provide a challenge for those who show up looking for one, so if you are a...
See More →

Wednesday June 10, 2026 10:00am - 3:00pm EDT
Downstairs, Capital Ballroom / Middle

CTF

10:00am EDT

HackRVA Badge Training & Repair

Wednesday June 10, 2026 10:00am - 4:00pm EDT

Downstairs, Foyer

Wednesday June 10, 2026 10:00am - 4:00pm EDT
Downstairs, Foyer

Village

10:00am EDT

Lock Picking Village and Contest

Wednesday June 10, 2026 10:00am - 4:00pm EDT

Downstairs, Shenandoah

Wednesday June 10, 2026 10:00am - 4:00pm EDT
Downstairs, Shenandoah

Village

10:30am EDT

The Interview Engine: A Career Readiness Framework

Wednesday June 10, 2026 10:30am - 11:20am EDT

Cybersecurity is about mitigating risk at acceptable cost, and hiring works the same way. This talk pulls back the curtain on how recruiting actually works, then gives security professionals an engineering-minded framework for staying career-ready without waiting for the layoff to start thinking about it.

Speakers

Vas Khomyk

Recruiting Consultant, Hampton North

Vas Khomyk is a technical recruiter with Hampton North, a cybersecurity-focused recruiting firm. He runs retained and contingent searches across cybersecurity, defense, and enterprise IT, helping companies fill challenging roles from senior security engineering to VP-level leadership... Read More →

Wednesday June 10, 2026 10:30am - 11:20am EDT
Downstairs, Madison / Jefferson / Monroe

101

10:30am EDT

Breaking Your Silence: How to Build Influence Without Becoming a "Suit"

Wednesday June 10, 2026 10:30am - 11:20am EDT

In security, we’re taught to let our work speak for itself. But in the real world, "silent" expertise usually gets ignored, underfunded, or misunderstood. Whether it’s imposter syndrome whispering that your latest exploit wasn't "elite" enough or the hesitation to share a tool you built, these internal blockers limit your impact. This session is about moving past the "quiet professional" trap...
See More →

Speakers

Heather Antoinetti

Founder, Ah-Ha Marketing

Heather Antoinetti is the CEO and founder of Ah-Ha Marketing, a boutique agency specializing in helping technical experts and thought leaders in the cybersecurity and technology sectors amplify their voices and establish authority. With nearly two decades of global marketing experience... Read More →

Wednesday June 10, 2026 10:30am - 11:20am EDT
Upstairs, Grand Ballroom D/E

Business

10:30am EDT

From OSINT to Detection: Building an Agentic CTI Pipeline

Wednesday June 10, 2026 10:30am - 11:20am EDT

Modern threat intelligence moves fast, but detection engineering lags. This talk presents an agentic workflow that transforms OSINT into actionable detections using structured extraction, LLM reasoning, and automated validation. Transparent, auditable pipelines accelerate the CTI lifecycle, from ingestion to Sigma rules, while preserving analyst control, reducing time-to-detection from days to...
See More →

Speakers

Andrew Skatoff

Information Security Manager Sr, Federal Reserve

Andrew is a senior cybersecurity leader with 22+ years protecting the national financial infrastructure. He leads large-scale programs spanning incident response, threat hunting, and detection engineering, and has led investigations into high-stakes incidents with national impact... Read More →

Wednesday June 10, 2026 10:30am - 11:20am EDT
Upstairs, Grand Ballroom F/G

Technical

10:30am EDT

Birds of a Feather (BoF)

Wednesday June 10, 2026 10:30am - 12:00pm EDT

Downstairs, Dominion

Wednesday June 10, 2026 10:30am - 12:00pm EDT
Downstairs, Dominion

Birds of a Feather (BoF)

11:20am EDT

Vendor Break

Wednesday June 10, 2026 11:20am - 11:30am EDT

Wednesday June 10, 2026 11:20am - 11:30am EDT
Downstairs, Capital Ballroom

Vendor Break

11:30am EDT

The State of Information Security Today

Wednesday June 10, 2026 11:30am - 12:20pm EDT

The speaker has been in the Information (cyber) security since the late 1900s and will take a look back at the challenges we faced in the beginning and how these challenges have changed and evolved over the past several decades. You think we're doing okay? Let me change your mind.

Speakers

Jeff Man

Co-Host, Paul's Security Weekly

Jeff is a respected Information Security advocate, advisor, hacker, evangelist, mentor, teacher, international keynoter, speaker, former host of Security & Compliance Weekly, co-host on Paul's Security Weekly, Tribe of Hackers (TOH) contributor, including Red Team, Security Leaders... Read More →

Wednesday June 10, 2026 11:30am - 12:20pm EDT
Downstairs, Madison / Jefferson / Monroe

101

11:30am EDT

Alert Fatigue Is a Misdiagnosis

Wednesday June 10, 2026 11:30am - 12:20pm EDT

"Alert fatigue" is a misdiagnosis of a deeper problem: the cognitive decay of the human defender. This talk brings the receipts on how a high-consumption information diet hijacks the prefrontal cortex — and why the answer isn't more automation, but rebuilding the creative muscle that makes humans worth keeping in the loop.

Speakers

Kim Mahan

Founding Apprentice, MAXX Potential

Kim Mahan is the Founding Apprentice at MAXX Potential, a technology consulting firm whose "earn-while-you-learn" model has produced hundreds of engineers‚ including cybersecurity professionals now at Capital One, AWS, Google and beyond. A CISSP and Six Sigma Black Belt with 20... Read More →

Wednesday June 10, 2026 11:30am - 12:20pm EDT
Upstairs, Grand Ballroom D/E

Business

11:30am EDT

Flirting With AI: Pwning Web Sites Through Their AI Chatbot Agents

Wednesday June 10, 2026 11:30am - 12:20pm EDT

Everyone is implementing AI chatbots to improve their customer experience and journey, without increasing call centre costs. But this comes with risk: get the configuration wrong and that chatbot can be convinced to part with data that it shouldn't. We think of conventional cyber security controls as being binary, yet AI can sometimes hallucinate, lie and mislead. It's a brave organization that...
See More →

Speakers

Paul Brownridge

Head of Technical Delivery, Pen Test Partners

Paul Brownridge is Head of Technical Delivery at Pen Test Partners, the ethical hacking firm. Originally from an engineering background, Paul swapped his hard hat for a white hat and has been working in cyber security for the last 10 years. His practical experience of industrial environments... Read More →

Wednesday June 10, 2026 11:30am - 12:20pm EDT
Upstairs, Grand Ballroom F/G

Technical

12:20pm EDT

Lunch

Wednesday June 10, 2026 12:20pm - 1:00pm EDT

Downstairs, Foyer

“Boxed Lunches”All Box Lunches Include: Pasta Salad, Carrots w/Green Goddess Dip, Brownie and CHOICE OF:Roasted Turkey Sandwich on Kaiser Roll Swiss Cheese, Lettuce, Tomato, DijoinaiseRoasted Turkey & Ham on Kaiser Roll Swiss Cheese, Lettuce, Tomato, DijoinaiseMediterranean Wrap w/ Hummus: GF wrap, GF Brownie (Limited quantities, GF/Vegetarian) ** Reminder this...
See More →

Wednesday June 10, 2026 12:20pm - 1:00pm EDT
Downstairs, Foyer

Food

1:00pm EDT

Unlocking Awareness: How an Escape Experience made Security Fun, Engaging, and Approachable

Wednesday June 10, 2026 1:00pm - 1:50pm EDT

How do you turn security awareness from a check‑the‑box activity into a hands‑on, memorable experience for everyone? In this session, we’ll unpack a portable “escape room in a box” designed by our Information Security team to make learning approachable, collaborative, and fun.

Speakers

Joanna Behan

Information Security Analyst, FRB of Richmond

Joanna is an Information Security Analyst who brings a unique blend of creativity and expertise to the field. With a Bachelor of Fine Arts from James Madison University and industry-recognized certifications including CISSP and CGRC, Joanna‚Äôs career spans more than two decades... Read More →

Wednesday June 10, 2026 1:00pm - 1:50pm EDT
Downstairs, Madison / Jefferson / Monroe

101

1:00pm EDT

Everything Everywhere All At Once: Untangling Security & Privacy Risks Across Today’s AI Tools

Wednesday June 10, 2026 1:00pm - 1:50pm EDT

AI adoption is exploding—but the security promises behind these tools often don’t match the fine print buried in their terms, models, or data flows. This talk cuts through the hype with a no‑B.S. look at the real privacy and security risks across today’s major AI platforms, and gives business leaders and security professionals a clear roadmap for deciding what’s safe, what’s risky, and...
See More →

Speakers

Jon Waldman

President, SBS CyberSecurity

Jon Waldman is the Co-Founder and President of SBS CyberSecurity, where he oversees the SBS service teams and the SBS Institute. For more than 20 years, Jon has helped hundreds of organizations identify and understand cybersecurity risks to allow them to make better and more informed... Read More →

Wednesday June 10, 2026 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom D/E

Business

1:00pm EDT

Initial Access in 2026 – The Power of the Spoken Word

Wednesday June 10, 2026 1:00pm - 1:50pm EDT

Defensive detections and protocols have come a long way. The adoption of MFA was once the sign of a security minded client with a mature security posture but has reached the level of commonplace. Gaining initial access via email or web application has become so difficult that its often skipped entirely as companies opt to place the attacker on the inside of the network as the starting point. Yet,...
See More →

Speakers

Mike Bailey

Director of IT, Rotas Security

Ariyan Suroosh

Principal Security Consultant, Rotas Security

Ariyan Bakhti-Suroosh is a Principal Security Consultant at Rotas Security, specializing in offensive security, social engineering, and physical facility penetration testing. With over seven years of experience, Ariyan has led enterprise-scale penetration tests, advanced adversary... Read More →

Wednesday June 10, 2026 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

1:00pm EDT

Birds of a Feather (BoF)

Wednesday June 10, 2026 1:00pm - 2:45pm EDT

Downstairs, Dominion

Wednesday June 10, 2026 1:00pm - 2:45pm EDT
Downstairs, Dominion

Birds of a Feather (BoF)

1:50pm EDT

Vendor Break

Wednesday June 10, 2026 1:50pm - 2:00pm EDT

Go see our vendors in the Expo!Menu:Spicy Crunchy Buffalo Chicken Bites w/ Ranch Blue Cheese Dip Carrot & Celery Sticks on the side Spicy Grilled Buffalo Cauliflower w/ Ranch Blue Cheese Dip on the side (GF/Vegetarian)Beverages: Starbucks Regular and Decaf Coffee, Assorted Pepsi Sodas, Hot Water with Assorted TAZO Herbal Teas, available throughout the day. Water stations will be...
See More →

Wednesday June 10, 2026 1:50pm - 2:00pm EDT
Downstairs, Capital Ballroom

Vendor Break

2:00pm EDT

AI SOC and Securing your Environment

Wednesday June 10, 2026 2:00pm - 2:50pm EDT

This discussion is designed to help teams figure out where AI fits in their environment from an analysis perspective, it is vendor agnostic and includes agentic deployments, as well as AI SOC services, novel attack vectors from independent research, and the overarching philosophy of how the threat landscape has just massively changed and how to adapt to it.

Speakers

Ryan Bird

Security Engineer, GuidePoint Security

Ryan Bird moved to the MVA area in 2017 with his wife. He helped train the United States Army in their ASOT level one program as well as MCTOG in 29 Palms through 2019 with Obsidian Solutions Group before working at Annapolis Defense in a Maritime Security role. After Covid hit he... Read More →

Wednesday June 10, 2026 2:00pm - 2:50pm EDT
Downstairs, Madison / Jefferson / Monroe

101

2:00pm EDT

Swatting Flies With Sledgehammers: Broken TPRM Programs and How To Fix Them

Wednesday June 10, 2026 2:00pm - 2:50pm EDT

Third-party and supply chain risk is more important now than ever—but TPRM is also more broken and ineffective than ever. This session will review today’s common approaches to TPRM, how we got here, and how we can achieve better outcomes and reasonable assurance with less work. We’ll also explore what that shift could mean for our security programs—and for the industry as a whole. We need...
See More →

Speakers

Brian Markham

CISO, EAB Global, Inc.

Brian Markham is an executive, advisor, hacker, and mentor with over 25 years of experience in IT and cybersecurity. Brian currently serves as the Chief Information Security Officer for EAB Global, a leading provider of software, marketing, and research services to institutions of... Read More →

Wednesday June 10, 2026 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom D/E

Business

2:00pm EDT

Catching Collection in M365: Outlook and SharePoint Canary Tokens

Wednesday June 10, 2026 2:00pm - 2:50pm EDT

After a stolen token grants access to M365, the next move is predictable: search for value before exfiltration. This talk shows how to detect that collection phase using canary tokens built on native telemetry across Outlook and SharePoint/OneDrive. We cover end-to-end implementation and results from live production deployments, including what produced high-fidelity signal and what created noise.

Speakers

Ryan O'Donnell

Senior Security Engineer, Microsoft

Ryan O'Donnell is a Senior Security Engineer at Microsoft. Over the last 13+ years, he's been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has presented at the followinhttg conferences: Wild West Hackin' Fest, Saintcon, Hack Space... Read More →

Wednesday June 10, 2026 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

2:50pm EDT

Vendor Break & Room Change

Wednesday June 10, 2026 2:50pm - 3:10pm EDT

Room change!

We need all attendees to leave both sides of the ballroom quickly as possible so we can open the room for the final session and reception..

Go see our vendors in the Expo!

Beverages: Starbucks Regular and Decaf Coffee, Assorted Pepsi Sodas, Hot Water with Assorted TAZO Herbal Teas, available throughout the day. Water stations will be located in all rooms upstairs and downstairs.

Wednesday June 10, 2026 2:50pm - 3:10pm EDT
Downstairs, Capital Ballroom

Vendor Break

3:10pm EDT

Use It Monday: A 5-Step Method for Turning Security Findings Into Stories Executives Act On

Wednesday June 10, 2026 3:10pm - 4:00pm EDT

Security teams produce thorough, accurate reports that executives nod at and never act on. This talk teaches a practical 5-step method for translating findings into narratives that produce decisions — one you'll practice live and use Monday morning.

Speakers

Victoria Mosby

Founder, Basilisk Security Advisory

Victoria Mosby is a cybersecurity strategist, advisor, and storyteller with 16 years of experience spanning federal consulting, governance and risk, and cybersecurity SaaS. She is the founder of Basilisk Security Consulting, a boutique advisory practice focused on security communication... Read More →

Wednesday June 10, 2026 3:10pm - 4:00pm EDT
Upstairs, Grand Ballroom D/E/F/G

Business

4:00pm EDT

Closing Reception & Awards

Wednesday June 10, 2026 4:00pm - 5:30pm EDT