As the year winds down, let’s take a moment to celebrate before the holidays officially take over! Join your fellow cybersecurity pros for our December social, it’s the perfect chance to decompress, share what you’ve learned this year, and enjoy a cold beverage.
Join us this Thursday, December 11th at 6:00 PM at Twisted Track Brewpub.
This is an informal gathering, meaning no agenda, just a great opportunity to connect with peers and swap tales from the front lines of information security.
🗣️ Call for Presentations (CFP) is OPEN for BSides Roanoke 2026!
Ready to share your knowledge? The Call for Presentations for BSides Roanoke 2026 is officially OPEN!
We’re looking for great technical sessions, deep dives, and unique perspectives for the conference on Friday, June 5th, 2026. If you have an idea, we want to hear it!
CFP Closes: February 2026! Start getting your talk ideas in now.
Conference Date: June 5th, 2026
Don’t miss the chance to be a part of the local infosec community’s premier event. Be sure to stay tuned to our shiny new website, https://bsidesroa.org, for all conference updates!
As the days grow shorter and we start pulling out our warmest sweaters, it’s the perfect time to turn our focus inward and sharpen our technical skills. Before the frantic holiday season truly kicks in, let’s gather for a session that brings practical, powerful light to the often-dark and complex world of Large Language Models (LLMs) and security.
The lack of sunshine shouldn’t mean a lack of new knowledge! This Thursday, November 13th, Aaron McPhall will be illuminating how we can move past simple chatbot interfaces and start implementing powerful, secure AI agents directly into our workflows.
Feature Talk: Agent-Augmented SecOps: Building Your Private LLM Coding Workbench
The rise of large language models (LLMs) is fundamentally changing the software development and security operations (SecOps) lifecycle.
This session moves beyond basic chatbot coding to explore agentic coding: integrating powerful AI models directly into the IDE to automate complex workflows while maintaining data security.
Why Go Private? Secure AI, Lower Cost
We will focus specifically on utilizing local, open-weight LLMs (like Qwen3 Coder) as cost-effective and private alternatives to expensive cloud services, ensuring sensitive data remains on-premise. Attendees will learn how to build a practical development stack.
Key components that will be covered include:
Inference Providers: Selecting an appropriate inference provider (ollama, llama.cpp).
Model Mechanics: Understanding the trade-offs in model quantization and context length.
Hardware Planning: Calculating the necessary hardware and VRAM to run agents efficiently.
Live Orchestration: Through live demonstrations using IDE extensions like RooCode, the presenter will show how to orchestrate complex security tasks such as certificate lifecycle review and structured analysis of helpdesk tickets to unlock the true potential of AI agents in a developer or analyst’s workflow.
If you’ve been looking for a way to leverage AI agents without sacrificing data privacy or blowing your budget, this is a must-attend session. Don’t let the technical complexity of local LLMs keep you in the dark, come learn how to build your own secured workbench.
Meeting Details:
We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building. Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.
We’ve got a busy and exciting October planned for you! Please note the details for two separate events coming up this month.
Event 1: RBTC IT-Security, Defense Against the Dark Arts! Panel Demos
Join our colleagues at the RBTC (Roanoke Blacksburg Technology Council) for a fantastic evening of technical demonstrations! This year has something for everyone, and dinner and drinks are included.
Web Dev Security: A professional pentester demonstrates how web-XSS/JWTs are weaponized, and how to keep your stuff safe.
Red Teaming: The head of the VT ITSO Red Team (pentester) shares one of his custom scanning/reporting tools that he’s created himself and how he uses it to scan and assess VT network/host risks.
Malware Analysis: Drill into the methodology for tracking down a Linux endpoint infection with a bitminer, including detection, classification, and remediation.
Event 2: RISE Social – Your Pre-Holiday Decompression
Fall is officially here, and before the holiday season chaos begins, let’s gather for our last RISE social of the year! It’s the perfect time to grab a cold beverage (or pretend it’s pumpkin spice season) and decompress before the end-of-year sprint.
Join your fellow cybersecurity pros for a social gathering next Thursday, October 9th at 6:00 PM at Twisted Track.
This is your chance to log off, relax, and swap tales from your infosec adventures. There’s no formal agenda, just an opportunity to connect and maybe phish for some new insights from your peers. It’s a great time to patch into conversations about the latest trends.
As the days get shorter and the promise of cooler weather is in the air, we’re also entering a new season in the world of technology. The rapid evolution of AI is reshaping how we work and, more critically, how we manage data security. Just as we transition from summer to fall, our approach to cybersecurity must adapt to a changing landscape.
We invite you to our next RISE meeting this week for a timely talk: “Securing the Future — Data Security in the Age of AI.”
Our guest speaker, Trip Humphrey, Director of Data Science & AI at Carilion Clinic, will provide invaluable insights into this critical topic. Leveraging his extensive experience, Trip will cover:
How AI is transforming data usage and risk landscapes
Emerging threats and vulnerabilities introduced by AI technologies
Best practices for securing sensitive data in AI-powered environments
Ethical considerations and governance frameworks for responsible AI
Whether you’re a security leader, a technologist, or a business stakeholder, this conversation is essential for safeguarding your organization while harnessing the power of AI.
We look forward to seeing you there!
Event Details:
Date: Thursday, September 11, 2025
Time: 6pm
Location: Virginia Western Business/Science Building Room M302
Speaker: Trip Humphrey
Talk Title: Securing the Future — Data Security in the Age of AI
Meeting Details:
We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building. Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.
Hacker Summer Camp is now wrapping up, and with the back-to-school season just around the corner, why not take a moment to decompress before we get back to the daily grind?
Join your fellow cybersecurity pros for a social gathering next Thursday, August 14th at 6:00 PM at Twisted Track.
This is your chance to log off, relax, and swap tales from your infosec adventures. There’s no formal agenda, just an opportunity to connect and maybe phish for some new insights from your peers. It’s a great time to patch into the conversation about the latest trends, including how AI is hacking into our daily workflows.
Hope you’re all staying cool in this scorching July heat! While the temperatures outside are blazing, we’ve got a meeting coming up that’s going to be even hotter – in a good, cybersecurity-savvy way, of course!
Prepare to have your minds melted (with knowledge, not the sun!) at our next RISE Cyber Security meeting. We’re thrilled to announce a speaker who’s ready to fire up your understanding of web vulnerabilities.
This month, we’re welcoming the brilliant Ben Eldritch to the stage. He’s bringing a talk with the following details:
DOMination: Weaponizing XSS
Even the smallest input can create a big problem. Oftentimes XSS vulnerabilities are demonstrated by popping an alert box on your screen or sending out document cookies to an external endpoint. But did you know as soon as you get access to the DOM the webpage becomes a blank canvas? The possibilities are endless from background JavaScript execution, mapping internal networks and even assisting in MFA mimicry. Join us as we discuss various techniques that turn simple XSS vulnerabilities into powerful phishing landscapes and advanced threat playgrounds.
Come join us for an evening that’s sure to be illuminating and help you beat the heat of potential cyber threats! We promise it’ll be more refreshing than an ice-cold lemonade on a hot day.
Event Details:
Date: Thursday, July 10, 2025
Time: 6pm
Location: Virginia Western Business/Science Building Room M302
Speaker: Ben Eldritch
Talk Title: DOMination: Weaponizing XSS
Meeting Details:
We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building. Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.
Summer’s heating up, and so is the next Roanoke Infosec Exchange (RISE) meeting! Get ready to dive deep and PAN out some serious knowledge, because we’ve got a fantastic session lined up that’s going to make your security senses tingle.
We’re absolutely thrilled to announce that Regen Peterson will be joining us on Thursday, June 12th to deliver a talk that’s as cool as a summer breeze and as insightful as a perfectly executed exploit:
“Forging the Attack Path: A Deep Dive into PAN-OS Exploitation and Post-Exploitation”
In this talk, Regen will pull back the curtain on a recent attack path he discovered and successfully utilized in multiple real-world engagements. You’ll gain a unique perspective on how a chain of Palo Alto PAN-OS vulnerabilities can be leveraged, and critically, how post-exploitation steps were identified and simplified using a custom-developed tool. Think of it as mapping out the perfect summer road trip, but for attackers!
This presentation offers a compelling blend of the “Hacker Mindset” – exploring methodology and thought processes – with a more technical discussion of the specific vulnerabilities abused. Regen will also briefly touch on crucial prevention and detection strategies, so you can help keep your networks as chill as a pool party.
And for those who love live action, if the demo gods are with us and time permits, Regen plans to walk through the entire attack chain on his own vulnerable VM! Prepare for some real-time fireworks!
This is a fantastic opportunity to learn from real-world experience and enhance your understanding of modern attack techniques and red team operations. Whether you’re a seasoned security professional or just starting out, you’ll walk away with valuable insights to Alto-er your security game.
Event Details:
Date: Thursday, June 12th, 2025
Time: 6pm
Location: Virginia Western Business/Science Building Room M302
Speaker: Regen Peterson
Talk Title: Forging the Attack Path: A Deep Dive into PAN-OS Exploitation and Post-Exploitation
Talk Description:
Through the talk we’ll be discussing a chain of PAN-OS vulnerabilities used in an attack path I recently found and used successfully in multiple real world engagements, as well as looking at how these post-exploitation steps were identified, and the tool I developed for simplifying these attacks. This allows the talk to serve as a combination of the typical “Hacker Mindset” talks (methodology, etc) and a slightly more technical discussion of each of the specific vulnerabilities abused in both the exploitation and post-exploitation. We’ll also very briefly touch on prevention and detection of these attacks. Lastly, I do have my own vulnerable VM, so if the demo gods and the clock allow it then we will be able to walk through it all in real time.
Meeting Details:
We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building. Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.
Please mark your calendars and spread the word! We look forward to seeing you there for another engaging RISE meeting. Don’t miss out on this hot topic!
Ready to swap your keyboard for a corner office? Or maybe just curious how to navigate the wild world of IT leadership? Then join us for the next RISE meeting!
Mark your calendars for April 10th at Virginia Western Community College!
We’re thrilled to welcome Rob Garbee, Director of Information Security at the Carilion Clinic, who’ll be sharing his epic quest “From IT Specialist to IT Strategist: My Move to Management.” Think of it as a cheat code for your career!
Here’s the lowdown:
Ever wondered what it’s really like to go from fixing firewalls to leading a team? Rob’s got the inside scoop! He’ll be dishing out the dirt (the good kind!) on his journey from network security engineer to the big boss. Expect tales of triumph, epic fails, and everything in between.
In his own words (or close to it):
“Are you contemplating a leap into management or intrigued by what such a transition entails? Join us for an enlightening presentation where I will recount my journey from a network security engineer to the Director of Information Security. I will candidly discuss the highs, the lows, and everything in between. I’m looking forward to giving you a real, unfiltered look at my move from the trenches to management, and hopefully, you’ll find it useful.”
Basically, Rob’s going to drop some knowledge bombs that could seriously level up your career. Don’t miss out on this chance to learn from someone who’s been there, done that, and probably has the t-shirt.
We’re looking forward to seeing you there! Get ready for some serious insights, a few laughs, and maybe even a networking opportunity or two.
See you on April 10th!
Meeting Details:
We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building. Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.
Sorry for the last minute invite; we decided to interrupt our regularly scheduled programming to enjoy this warm spell we are having. We’d like for you to join us for a casual social gathering at Twisted Track Brewery on Thursday, March 13th!
The weather forecast is looking fantastic, and we thought it would be a perfect opportunity to enjoy the unseasonably warm spring and connect with fellow cybersecurity professionals in a relaxed setting.
This will be a great chance to network, share insights, and simply enjoy a pleasant evening with your colleagues.
We apologize for any inconvenience for the last minute scheduling, and we hope you can join us for this fun social event. We look forward to seeing you there!
And a little teaser for next month: Get ready for Rob’s insightful talk, where he’ll share valuable lessons learned from his transition from a technical contributor to a leadership position. Think “From Bud to Boss” in the cybersecurity world! Rob’s journey over the past year has been filled with challenges and triumphs, and he’s eager to share his experiences with you. More details on this to come soon.
Happy New Year! We hope you had a fantastic holiday season and are ready to dive into a year of exciting infosec learning. Our first Roanoke Infosec Exchange (RISE) meeting of 2025 is scheduled for February 13th, and we’re kicking things off with a very serious presentation.
Schrodinger will be giving a talk titled “Tor: Spooky Internet for Everyday Criminals”. He’s provided the following (completely non-satirical) abstract:
“Tor is the darkweb. The darkweb is full of hackers, traffickers, thieves – bad people. The darkweb is a bad place. You are not a bad person. So you don’t go to the darkweb. Bad people hide from the government on the darkweb. You have nothing to hide, since the government takes care of good people like you.
In this talk, we will look into this bad place and learn why it is so bad. We will talk about the evil networking, cryptography, and software used by real criminals every single day. Last of all, I will instruct you on why you should never ever visit this terrible corner of the internet.
There will be no satire. This is all very serious.“
So, prepare yourselves for a very serious and informative evening as we delve into the dark (and apparently very serious) world of Tor. We look forward to seeing you there to start the year off right with some new infosec knowledge!
Meeting Details:
We will be meeting at Virginia Western Community College in the Hall Family Business/Science Building. Take the stairs to the left and go to the third floor and go to the CyberSecurity lab in room M302.
RISE - Roanoke InfoSec Exchange 