RVAsec adds lockpicking village to 2026 cybersecurity conference

RVAsec opened its 15th conference with lockpicking placed squarely in the middle of the program, not off to the side. The Richmond cybersecurity community built the hands-on village into a two-day event at the Richmond Marriott Downtown, alongside Capture the Flag, keynotes from Sherrod DeGrippo and Dave Lewis, and the usual mix of talks, vendors and hallway traffic that drives the conference.

That positioning says a lot about where locksport sits inside modern infosec culture. RVAsec describes itself as a cybersecurity community based in Richmond, Virginia, with members well beyond the Mid-Atlantic region, and says its annual conference typically draws more than 850 security professionals from across the country. The vendor expo alone includes 40-plus security vendors, so the lockpicking area is arriving in a room already crowded with people who spend their days thinking about risk, access, and how systems fail.

RVAsec’s own lockpicking and lock forensics workshop made the point even more directly. Schuyler Towne taught the session, which covered pin tumbler, wafer and disc detainer locks, along with single-pin picking, raking, percussive attacks such as bumping or pick guns, and impressioning. Attendees also examined tool marks under a high-definition microscope, a reminder that the same hobby that teaches entry can also teach evidence. Towne’s bio says he has taught hackers, authors, cops and toy designers, and that he is writing an Almanac of Locksport for O’Reilly.

The village did not show up as a novelty booth. RVAsec’s 2024 Lockpick Village and Contest included beginner-friendly options, a variety of locks, instructors, and a timed contest for fastest completion, and the 2026 conference page listed the lockpick village again, this time sponsored by Rotas Security. Rotas describes itself as an offensive cybersecurity firm focused on adversarial simulation, penetration testing and red teaming, which is exactly the sort of sponsor that makes sense for a village built around understanding how physical security fails in the real world.

RVAsec has also turned itself into a year-round community instead of a once-a-year badge pickup. Its meetup page points to monthly socials without talks or slides, topic-focused deep dives, beginner-friendly security fundamentals meetups on Saturdays, the RVAsec Discord, and its YouTube channel. Chris Sullo and Jake Kouns lead the organization, Hope Adams handles annual conference logistics, Alfred Gamulo moderates the Discord server, and Will Roe runs the fundamentals meetups.

RVAsec says 2026 is its 15th year, and the group has also said the current contract with the Downtown Richmond Marriott is the final one. That makes the lockpicking village feel like more than a side attraction at a conference opening day. It is part of the same hands-on, community-driven security culture that has kept RVAsec growing, and it lands exactly where it belongs, next to the rest of the threat model.