ISSA Chapter Meeting 10 September 2024:

Opening remarks: Hybrid meeting: Meeting held in-person at ECPI and virtually on Zoom. For questions, please raise your virtual hand or use the chat feature. Charles is attending virtually today. Please give us feedback after the meeting what did you like? What could we improve?

Agenda: Welcome/Membership/Education/Presentation/Business Meeting/Q&A/ Feedback/Adjourn


Organization Chart: This will be changing as elections are coming up!

ISSA-HR Professional Association Benefits: Build professional relationships, stay current on developments in areas of information security/risk/privacy, professional development, education opportunities, (looking forward to our presentation today!) Earn CPE/CEU continuing education credits, (Membership chair can handle CPE/CEU inquiries) learn practical and best practice solutions, career information and employment opportunities

Grow Professionally!:

Whether you’re a pre-professional, entry-level, mid-career, senior practitioner or security leader, ISSA offers strategic resources and guidance to successive career levels.
Membership Annual Cost: Professional (Not a student) $95, Student 30, (Chapter Dues $30) Professional = $125 total, Student = $60– Your company May even reimburse these dues! Does not hurt to ask.

*Select Hampton roads as your chapter

New Members: Welcome: Manuel A, Billy F, Orantes B!

Glad to have you, thank you for joining!

Education:
Resources on website, we do now have a separate mentorship program; we are passionate about what resources are out there!
Goals: Provide educational resources, mentorship opportunities, team-building/collaboration, hands-on industry tool familiarization, certification tracking/pipeline

If you want to learn more, reach out to us and we will hook you up

Google Cybersecurity Professional Certificate: Google AI Essentials, offered by Coursera
What you’ll learn: Understand the importance of cybersecurity practices and their impact for organizations; Protect networks, devices, people, and data from unauthorized access and cyberattacks using Security Information and Event Management (SIEM) tools.

Enrollment period: September 9th- November 30th

Enroll for Free! (Financial Aid available)
https://grow.google/certificates/cybersecurity/

NICCS (National Initiative for Cybersecurity Careers and Studies) FedVTE
(Federal Virtual Training environment)

Available for:
Federal government employees and contractors
State, local, Tribal and Territorial (SLTT) government employees
U.S military personnel and Veterans
Publicly Available (select courses):

No cost online cybersecurity training on topics such as cloud security, ethical hacking and surveillance, risk management, malware analysis and more.

FedVTE offers:
Quarterly course catalog for existing and future courses

Courses for all proficiency levels from beginner to advanced
850 hours of training mapped to the NICE framework
Certification prep courses on topics such as ethical hacking, Certified Information Security Manager (CISM), and Certified Information Systems Security Professional (CISSP)
The ability to work at your own pace from any computer or mobile device


https://niccs.cisa.gov/education-training/federal-virtual-training-environment-fedvte


Reading List: Blog of the Month:

MOVEit Transfer Vulnerability: Major Data Breach

A significant vulnerability was discovered in Progress Software’s MOVEit File transfer tool. This vulnerability was exploited by cybercriminals leading to one of the largest data breaches this year. This breach impacted various sectors including financial services, healthcare and government institutions with sensitive data from millions of users.

Cause:
The vulnerability was a SQL injection flaw in the MOVEit transfer software, allowing attackers to gain unauthorized access to databases and exfiltrate data.
Impact:
The breach affected hundreds of organizations, including government agencies and major corporations, compromising sensitive personal and financial data.
Remediation: Progress Software quickly released patches to address the vulnerability, and affected organizations were advised to apply them ASAP. Incident response teams worked to contain the damage and assess the extent of data exposure.
Lessons Learned:
The MOVEit breach underscored the importance of patch management, early detection and routine vulnerability assessments to prevent exploitation by threat actors.

This incident highlights the dangers of unpatched vulnerabilities in widely used software solutions. It serves as a reminder to organizations to prioritize regular security audits, implement string incident response protocols, and maintain vigilance in the evolving cybersecurity landscape.

Source: https://www.cisa.gov/news-events/alerts/2024/06/28/progress-software-releases-security-bulletin-moveit-transfer

Social Media Resources:
Zeffy
is used for event registrations


Feel free to pitch in and share ideas on our discord!
Discord (QR below), can use QR code, link or search “ISSA-HR” (https://discord.com/invite/Jt3m7TWQzQ)


LinkedIn: great resource to get in touch with us:
Click the QR code (Above), link or search for “Information Systems Security Association – Hampton Roads Chapter” https://www.linkedin.com/company/information-systems-security-association-issa-hampton-roads-chapter/

Website: Be sure to also check out the Meeting recap on the ISSA-HR webpage!

Been blogging on the LinkedIn! Thanks Faith! We love feedback!
https://issa-hr.org/issa-chapter-meeting-6-august-2024/

Meetings and Social Events:

1 October: Austin McKean: Guarding your NFCU: Local Social Engineering Scams

12 Nov: Tal Reznikov: Topic TBD

3 December: Holiday Party and Election results

2025: Xavier-Lewis Palmer, (Evan met at Bsides PhD Engineering (Topic TBD)


Looking for speakers as we look ahead to 2025! As well as in-house backup speakers, Evan talked to a lot of folks at Bsides NOVA last week.

We may be looking for a new meeting program director as our current meeting director Evan is on the ballot for the President position. It’s a great way to have a reason to connect with people, network and invite them to talk for ISSA!


After-Meeting Networking Happy Hour: After ISSA meeting at plaza Degollado. (Around at the corner from ECPI).

Cyber Social at Casual Pint: Wednesday September 25st 5:30-8:30, it’s a great casual (non formal) event, always a good turnout. A great place to network. No current scheduling conflicts for this location. Definitely a good time. Come out for a beer, you can sign up for emails to stay in the know about these events!

Jobs:
Need a job:
Type of Job, Elevator Pitch (Value you bring, qualifications, additional info)
Have a Job:
Title of Job, basic requirements, contact information
ISSA has a job search page http://iz1.me/XJU31zUSeBVhttps://issa-jobs.careerwebsite.com/jobseeker/search/results/
Government Jobs: USAJOBS.gov:
Government job resource: Great resource for fed resumes: Federal Resume Guidebook by Kathryn Troutman (https://www.amazon.com/Federal-Resume-Guidebook-Writing-Featuring-dp-173340760X/dp/173340760X/ref=dp_ob_title_bk)

Best way to get a job is through networking, as always.

Need a Job: If you’re looking for work, now’s your chance to let us know! Let us hear your elevator pitch: an Introduction, summary of what you do: current role and why you are doing well there, relevant experience, explain your value/what problem you can solve, and a Call to action for what you’d want to do next. Whether you are currently employed or just want to practice, now is a great opportunity.

Optionally, for an extra 30 seconds you can add other details such as clearance status, remote, on-site or relocation preference, additional education/certs not already mentioned, and other short details. We can post your email in the chat if you want, we will ensure it gets to the right people.

Michael works for the DoD, as a network engineer, wants to transition to network security, is passively looking.

Have a Job:
Job title/Company/Type (Contractor, Government, Private sector, Internship, Full time, Part time)/Requirements (Years’ work experience, Education, Certs, Clearance)/Desired experience, qualifications and any other information desired (keep it short)

CJ works for DHS, they are looking for new roles where you would learns LOT. Keep in mind if you hold a security clearance the DHS clearance is completely different, they are looking primarily for folks that are already vetted.

SAIC is always hiring!

Monthly Presentation: Introduction to Trace Labs and it’s CTFs

Ken J has over 30 years of experience in the IT domain, with a background in programming database and web development, call center tech, consulting, emergency services management solutions, automation, as well as enterprise security web filtering and enterprise network discovery and monitoring. By day, Ken works as a senior infrastructure engineer. By night he performs “OSINT for good” as a Trace Labs Coach.

Evan L retired from the navy after 20 years, during which time he was a Fire Control Technician, P-3 Naval Flight Officer and he supported the Navy Red Team (NRT) in various leadership roles. Since his retirement, he has acted as an operator on a Security Operations Center as well as his current role in a contract program manager role supporting a DoD Red Team. Evan has participated in a recent TL events and will share his experiences and lessons learned.

Join us as Ken shares the purpose and history of TraceLabs. He will also discuss what it’s like to be a Coach and what TL is looking for in its Coaches. Evan will then share his experiences participating in TL events, all while answering questions along the way.

AS A COACH:

WhoAmI: Kenneth (Ken) Jensen, has 43 years It experience (30+ professional), been doing Open Source Intelligence (OSINT) for 10+ years, is a Senior Judge/Coach for TraceLabs.
By day: Senior Infrastructure Engineer
By night: OSINT for good.
\Tracelabs: has been a Judge/Coach for 25+ CTFs since 2019.


Contents: What is Tracelabs/History/Offerings/CTF/Resources/Participant (Evan)

What is Tracelabs: “How many of you have heard about TraceLabs:” (Other than from Ken)
TraceLabs was established in 2018, Ken joined as a Judge (Later to be rephrased as Coach) in 2019.

TL Helps law enforcement find missing people, NOT criminals. Law enforcement might not have: Skills or knowledge/resources/leads that can further their investigation.

Law enforcement is looking for help to find missing piece(s) to the puzzle.

What TraceLabs is NOT: TL does not theorize or speculate, only perform OSINT gathering. TL are not vigilantes, and TL are not the police.
Instead they simply perform passive reconnaissance to collect intelligence on a missing person case and provide this to the respective law enforcement agency to allow therm to pursue the appropriate course of action.

The Founding of Tracelabs: Robert Sell founded TraceLabs in 2018, his day job was IT security, worked as a Synthetic Aperture radar (SAR) team member in Canada, Merged SAR process with crowd sourcing OSINT (https://www.youtube.com/watch?v=x0kElfBNGpA/)

Offerings:
Global and local Capture the Flag (CTF) events (https://www.tracelabs.org/initiatives/search-party)
Month Long Ongoing Operations events (https://www.tracelabs.org/initiatives/request)
Post-CTF/Ongoing Report Writing
TraceLabs blog (https://www.tracelabs.org/blog)
Breadcrumbs podcast (https://podtail.com/en/podcast/breadcrumbs-by-trace-labs/)
TraceLabs Discord server (https://tracelabs.org/discord)
OSINT Virtual Machine (VM) (https://www.tracelabs.org/initiatives/osint-vm)
OSINT Field Manual (https://github.com/tracelabs/tofm)
Badges:

Badges:
“1st, second, third, coach, TraceLabs contestant participation, community member, there are others for reporting, blogs, etc.

But I can’t OSINT: How many of us would like to help but don’t think you have the skills?

Yes you can!: You can make a difference! It’s about finding a missing piece of the puzzle to law enforcement can go back to friends ands family and say what happened. If you can Google, you can make a meaningful contribution.

“It’s like a puzzle”

If you can Google: You can combine Google dorks: “intext:john filetype:log”
site:linkedin.com— Only searches LinkedIn
filetype:pdf— Only searches inside PDF files
inurl:/view/index.shtml – Webcams not password protected
intitle:directory – Only searches in web page title
intext:name – Only searches the text

CTF:
Not your regular CTF; Global CTF is four hours, flags are not preconfigured, they are category-based
Global CTF is roughly a quarterly event, Local and Special engagements can also be scheduled.

“Regular CTFs have itemized flags, for challenges. The flags in TL are not pre-determined, they’re more like “classes” or categories. The global ones are pretty intense with 60-80 judges and ~800 participants with 1-4 people on a team, next one is coming up in November.”

CTF Rules and Suggestions:
PASSIVE RECON ONLY!
Use a VPN or a KASM
Use sock puppet accounts on social media
Use only TRUE ope source information – nothing behind a paywall

Missing Person posters are not valid flags– from law enforcement, organizations or media; friends and family “help my missing…”, HOWEVER information within these posts can be pivot points.
If it’s not in the Missing Person post, don’t assume law enforcement knows about it.

“It’s ALL passive, the person might not know people are looking for the, they might not want to be found. We’re not talking about criminals, we are talking about families trying to find their loved ones. KASM is a cloud computer, can be used in conjunction with the TL VM, (KASM normal price $25) gave a free trial for this purpose. Sock Puppets. If you have LinkedIn set up that people can view your profile. If you’re going to make a sock puppet, make it as a recruiter! Less traceable. If your LinkedIn says “tracelabs” well guess what… “Gray source” information only, can’t use anything that’s behind a paywall.

Q: Johnnie: “What about datadumps?”
A: “You’d have to really show that that information can’t be found anywhere else, you can use it to pivot. May give you a place to start looking.”

“MISSING PERSON POSTERS ARE NOT VALID FLAGS. It’s assumed law enforcement already knows that information. You can use the poster to pivot if the poster contains supplemental information.”


CTF Categories:
Friends
– 10 points
Employment
– 15 points

Family – 20 points
Basic Subject Info – 50 points
Advanced Subject Info – 100 points
Day Last Seen – 300 points

“Anything basic for the person.
Now lets get to the big ones”:

Advancing the Time Line – 700 points
Dark Web – 1,000 points
LOCATION – 5,000 points

Q: CJ “If someone else found that information do you still get the points?”
A: “YES, everyone finds the basic stuff.”

How To get ready for a CTF:
For coaches and participants:
VPN and VM or KASM,
Sock puppets for social media that require logins,
List of websites you are going to hit first to the low hanging fruit,
Scratch for note taking,
Screen capture software,
Ability to merge different screen captures into one picture,
Make contact with coach on Discord,
Are you friends with the coach or participant(s)/team?

“I say VPN if you’re going through and looking for something you may come across stuff that is NSFW. You don’t want that on your IP address.

Q: CJ: “Can you obfuscate your data with other data?”
“steganography?”
Evan: “When you did a search for a name, NSFW stuff would come up first. You can filter.”
Q: CJ: “As soon as you find stuff like that, does it pull out automatically?”

A: “It’s all manual, if you find it get a hold of your judge, don’t necessarily have to pull a flag but let a coach know, the coach will consult with other coaches, they will make a decision”

“If you can google, you can do this, sock puppets may be necessary for login locked social media. You wont have to most times. You want to have a list of search engines that get the low hanging fruit, like social media. Screen capture software, as a judge this helps law enforcement. The flags MAY disappear, if you take a screencap and get the URL in the screenshot, that will help you. You can merge screen captures to make one picture. You may end up obscuring information when you highlight, be careful of this”

Places to Look:
Most flags will be found in social media: Facebook, Instagram, X, Reddit
But here are some other places to look:
Licensing and certification organizations
Obituaries and Grave sites
Newspapers – can help infer a history of disappearing
Hobby and interest websites
Photo backgrounds – helps to find supplemental details
OSINT search pages

Found a Flag?:
Remember the flag’s audience! (LAW ENFORCEMENT)
Category – basic subject info, family, employment etc. (see above)
Source – URL so Coach can verify
Relevance – I.e missing person’s Instagram account
Supporting Evidence – (Prove it! From known missing persons sites, matching names/photos etc)
If you see the words; maybe, probably, might, could, should or similar, it is SPECULATIVE. TraceLabs is only concerned with facts.

“LAW ENFORCEMENT is your audience. Explain it like they are FIVE. The URL is required so the judge can verify your findings. Sometimes internet handles may be duplicated, support your findings with images, matching names, etc.”

Coach reviews the flag:
1. Remember, if you are a coach, and the flag is not good, explain why.
2. Check the category, make sure it matches the flag.
3. Visit the URL, make sure the flag is present.
4. Do the relevance and supporting evidence make sense? Did they prove it? Speculation?
5. Ask other coaches for their input.
6. Approve/ Reject: You can give encouragement.
“You don’t want to be giving law enforcement bad information, it could end up being used in court. The coach can either approve or reject the flag. Give the team encouragement, ‘cause it’s tough work going through all of this.

Rejecting?:
Probably the most important part of a coach’s job
Give a reason
Help the team know what they can do better
Participants can create an incident


“You hit reject, you must put something in there. The standard answers shouldn’t be there, because they get rid of the option to give a reason. DON’T Get in a fight with the judge, don’t get in a fight with the participant.”

At the End:
Free for All queue
Results tally takes about 45 minutes
As a coach you can see the scoreboard but it’s not official
The CTF can be very draining and emotional
Find a way to get back to normal
Leave the CTF at the CTF
Do not research or OSINT missing persons outside of the CTF

“Any judges can see any participants in the Free For All queue. Scoreboard is not official until final tally. Do whatever you have to do to leave the CTF at the CTF. Practice six degrees of separation. Do not OSINT MP’s outside the CTF.”

TraceLabs CTFs from A Participant’s View:


Evan’s portion of the presentation:
I have participated in two events and had significantly different experiences. I will talk about both times and give some observations and recommendations. Having only done this twice, I’m far from an expert, so feel free to contribute to the conversation if you have experience to draw upon.

“My first event was four years ago and second was half a year ago,”

1st time:

Preparation: Team established with coworkers
Very little sock puppet account prep

Operationally: used familiar light but continual team communication
Worked in pairs or solo
One person was keeping track of score submitting

Results: exact point score unknown, but within the top 3

“Well prepared team of colleagues. I knew how to work with them. We had the advantage of knowing one another. We shared information as a job. That was nice. Didn’t have fake accounts (Sock puppets), I was very careful on my own accounts. One was keeping tabs, don’t remember the results but I know we were really good”

2nd time:
Preparation: No set team, sock puppet accounts well established.

Operationally: Used Discord server and Google shared drive/docs, chatted rarely but did check in at times. Worked mostly solo on each search, chatted more near the end. Mostly submitted on our own results.

Results: Probably were in the bottom 25%, I only submitted one thing and it was not counted. Felt more unsure of submissions than I did the first time, causing apprehension.

“I was teamed up with someone who was studying for a pentest certification, they went quiet for about a week and a half, he helped me put together my sock puppets. My last presentation was about my Facebook hack, that hack was taking place while I did this, it all tied in. other teammates didn’t seem to have english as their first language but they were very smart, it was their fifth or sixth event. At the end we basically worked solo. Bottom line is solo didn’t work very well, we may have ended up at the bottom that time. If you have a team, get people to focus on certain things, maybe have a Shodan guy. One of the teams two cycles ago found a location, the missing person was streaming on Twitch.”

Lessons Learned:
Establish your team early.
Determine information flow and sharing early.
Ideally establish Sock Puppets, but not having them isn’t a showstopper.
Having one person verifying submitted tickets seemed to be more efficient for the team: downside is that person didn’t do much active searching
Neither time did we have a “solid” coordinator/leader, I do believe having someone fill that role would help.
Both times I had fun and learned a lot. I’d 100% recommend this for anyone interested in working on their OSR skillset and wanting to help a good cause.

“You can be a team of one, but it may be easier to have one person doing one thing and others doing more things, searching dedicated sites, etc. Using Discord as a communication platform. We used Google Drive too, it’s best to do this with folks you know and trust.”

Q: William H.: “I’m a P.I, can I use my resources to help in the actual search? Obviously it’s not fair for the CTF competition”
A: “We well talk more offline”

“If you’re going to set up a team, get to know how they work, it will make all the difference in the world”

Resources:
TraceLabs: https://www.tracelabs.org/ .
TraceLabs Founding: https://www.youtube.com/watch?v=x0kElfBNGpA .
TraceLabs Github (VM ans OSINT Field Guide): https://github.com/tracelabs/ .
TraceLabs Participant and Coach Manuals: https://www.tracelabs.org/initiatives/search-party/ .

SA Offender registry: https://www.familywatchdog.us/Search.asp
Newspapers: https://m.onlinenewspapers.com/index-usa.shtml

OSINT Directories:
Google Dork: site:start.me osint
https://www.osinttechniques.com/osint-tools.html
https://www.osintframework.com/


Federal Prisons: https://www.bop.gov/inmateloc/
Face Comparison: https://facecomparison.toolpie.com/
https://www.faceshape.com/face-compare/

Other Search Engines: https://www.github.com/jivoi/awesome-osint/
Google Dork Cheat Sheet: https://www.tutorialsfreak.com/ethical-hacking-tutorial/google-dorking-cheat-sheet/

What’s Next?:
Practice by OSINT’ing yourself
OSINT sites change
Maintain a list of go-to sites categorized by:
Free
Free but requires membership
Paid

“OSINT yourself, see what people can find, plus it’s totally guilt free. OSINT sites come and go, keep a list of go-to sites.”

Next Event Info:
Exact Date TBD, will likely be in early/mid November
Things to do in preparation for next event:
Join Trace labs Discord server: https://tracelabs.org/discord
Set up Sock Puppet accounts
Review the FAQ and TL Search Party CTF Guide:
https://www.tracelabs.org/initiatives/search-party
https://download2.tracelabs.org/Trace-Labs-OSINT-Search-Party-CTF-Contestant-Guide_v1.pdf


Thank you Ken and Evan!

Business Meeting:

Old business/New business/Membership Updates/Secretary: Meeting Minutes/Treasury Report/Social Media Updates

Old Business: CyberSocial w/ Speed Mentoring,:
Business (Board) Meeting.

Cyber Social with Speed Mentoring, August 25th:
Survey will be coming out this coming week, the first time had growing pains, next time will be more professional. At the Speed Mentoring event, participants engaged with CyberSecurity professionals (Mentors) in multiple 5-minute rounds similar to Speed dating. During these rounds participants asked questions and received guidance. A bell signaled the start and end of each round promoting participants to move to the next Mentor.

Participants strongly encouraged to bring a printed resume and brief statement of their career goals and/or life aspirations. Prior to starting, Mentors introduced themselves and shared name, current job title and/or work history, major/degree (if applicable), and areas of expertise.
During these introductions, mentees decided what questions to ask each mentor based on their expertise. To facilitate things, participants can provide their resume to Mentors and wear a name tag with their name, current job title and/or work history (if applicable), and major/degree (if applicable)

Mentees asked specific questions prepared ahead of time and directly to make best use of the five minutes they had with each mentor. Notes can be taken on a notepad brought by the mentee to review later.

Example questions:
What’s the best advice you can give to help plan a career in CyberSecurity?
What was instrumental for you in landing your first CySec position?
What characteristics does your employer look for when hiring?
If you could give one piece of job hunting advice what would it be?
If you could do it all over again, what would you do differently?


ISSA Business Meeting: August 15
th

Agenda: Bylaws Overview/ Financial Audit (timeline, requirements, due dates)/ Election (timeline, committee requirements, due dates)/ Budget (sponsorships, workshops, 501c3)/DefCon757 Collaboration/ Holiday Event
Actionable Items: More of these meetings, Bylaws updates, Financial Audit document procurement, Election biography deadline, Speed mentoring, Sec+ workshop refresh, HR Bsides involvement
Voted Items: 50/50 raffle / Sunshine fund at social events (Yes: all | no: none | abstain: none)
Speed mentoring distinguished as an ISSA event (yes: all | no: none | abstain: none)
Meeting adjourned

As of this Chapter meeting it is known:
DC757 has not been in contact with the Bsides organization as of yet.
Casual Pint has agreed to a 50/50 raffle to take place at their facility
Sunshine fund inaugural “crow” — thank you to those who contributed and congratulations!

New Business:
Election Committee
Audit Committee
Christmas Party


Election Committee:
As per Article IV of the ISSA Hampton Roads Bylaws: Election Committee: Johnnie Shubert, Richard Rychlicki

Nominations:
President: Evan Larsen
Vice President: Brian Fannin
Secretary/COO: Faith Walauskas
Treasurer/CFO: Peter Cook

Article V: Elections
Bylaws applicable to elections:

SECTION 1: The Officers shall be elected by popular vote, each general member in good standing to be entitled to one vote.

SECTION 2: The Nominating Committee shall consist of two members in good standing as selected by the Officers at the October meeting of each year (we are kicking this off early). Members in good standing may volunteer for this function.

SECTION 3: Elections shall be held during the December meeting of each year. Or as determined by term or moved as needed to accommodate extenuating circumstances such as hurricanes or Covid. When the election must be scheduled outside of December, every effort should be made to schedule as soon as possible. (I.e every other year for 2-year terms.) (See Section 6 below).

SECTION 4: The Nominating Committee Chairman shall prepare and distribute election ballots at least one month prior to the December meeting.

SECTION 5: Election results shall be announced at the end of the December meeting. Or at the beginning of the next meeting.

SECTION 6: The term of office shall consist of two years commencing at the conclusion of the December meeting.


(Hoping to update Section 3 during August 15 business meeting to amend December-held elections)


Election Committee Best Practices:
PREPARE FOR ELECTION:

1. Identify election workforce

2. Find and read the latest bylaws, especially sections on audits, elections and turnover processes

3. Follow the bylaws, have them present in case of questions.

4. Define and record the process particulars then distribute/brief it to membership.

5. Early and frequent request for nominations

6. Request nominations AT EVERY MEETING to attain momentum, enlarge the field and get people involved/talking about it.

7. Determine type of election: Designated or Rolling nominations. Each has advantages and drawbacks. Smaller numbers of nominees normally indicate a rolling nomination.

As usual, if you see something you can contribute to the board, appointed positions can be created!

Audit Committee:
Evan Larsen and Charles Heiden
A report will be provided at the October meeting by the audit committee

“it’s underway”

Bylaws applicable to audit:
Section 7: The Treasurer will also work with the auditors, either prior to or right after the board elections every two years to complete a full audit, even if the same person remains as the Treasurer.

Section 5: An Auditing Committee consisting of two members in good standing and/or a qualified accountant shall be appointed by the President at the September meeting of each year (we are kicking this off early in the August meeting). These individuals shall not be Officers. The responsibility of the Auditing Committee shall be to examine all financial records of the Chapter and provide a report of its findings and recommendations to the membership at the December meeting prior to elections (this is to me amended). This report shall be in writing and shall be maintained as part of the permanent rercords of the Chapter.

Conferences:

Bsides NOVA: Arlington, VA, September 6-7, starts at $45https://www.bsidesnova.org/
This event has passed but is Included for debrief as some chapter members attended
Evan volunteered and attended a dinner, did a lot of networking and even found a potential 2025 speaker!
Ken worked security, he is very versed on these events.

INFOSEC World: Lake Buena Vista, FL, September 21-22, $1595-$3595 https://www.infosecworldusa.com/

MSSN CTRL 2024, Arlington, VA, October 2-4, $200https://www.mssnctrl.org/


Hack the Railroad: Columbia Maryland, October 23-24 $0-$300 https://thetac.tech/hack-the-railroad-2024-conferenceFree if you are student, government, military, virtually attending

We love to volunteer at local conferences! Great way to network, garner interest in our chapter. Some of the best networking opportunities compared to merely being a guest. We are always looking for people!

Membership Update:
Number of members: 49
Last meeting: 10 members, 2 visitors in attendance
If you are expired/expiring, be sure to renew your membership to remain in good standing!

August 6th Meeting Minutes: Meeting recap on website:
https://issa-hr.org/issa-chapter-meeting-6-august-2024/


Presentation Speaker: Orantes Blanks: My Crypto Theft: protecting your crypto assets in a digital world
Old Business: Cyber Social @ Casual Pint July 24, possible Bsides involvement with DC757
New Business: Board meeting, Election Committee
Treasurer Report Balance: $4,381.31 recorded.

Treasurer Report:
Balance: $4,463.60
TRYING to get to $5,000
We downsized, that’s helping us marginally

Holiday Party: VFW that night that hall is in use, alternative plan, we would be in the VFW canteen area, $50/hour.
Casual Pint is available for that evening, $200 for the room reservation as well and food and drink, for guests to pay after that

John Bos has offered up his space. Would need chairs. The parking lot isn’t perfect but there is plenty parking on the street. Brian also said he may look into his options via his HOA.

Motion to host the xmas party at John Bos’s spot: 6 Voted I

Motion to hold holiday party at Casual pint: 2 voted I

WE WILL (MUST) COORDINATE THIS

2024 Events Calendar:

Social Media:

Email Addresses: This will be updated post elections!



Adjourn:

After Meeting: Networking Happy Hour @ Plaza Dellogado

Please give us feedback!: What did you like? Recommendations for future meetings? What could make your experience better?
Send your feedback to President @ ISSA-HR. Org