ISSA Chapter Meeting 6 August 2024:
Opening remarks: Hybrid meeting: Meeting held in-person at ECPI and virtually on Zoom. For questions, please raise your virtual hand or use the chat feature. Charles is attending virtually today. Please give us feedback after the meeting what did you like? What could we improve?
Agenda: Welcome/Membership/Education/Presentation/Business Meeting/Q&A/ Feedback/Adjourn
Organization Chart: This will be changing as elections are coming up!
ISSA-HR Professional Association Benefits: Build professional relationships, stay current on developments in areas of information security/risk/privacy, professional development, education opportunities, (looking forward to our presentation today!) Earn CPE/CEU continuing education credits, (Membership chair can handle CPE/CEU inquiries) learn practical and best practice solutions, career information and employment opportunities
Grow Professionally!:
Whether you’re a pre-professional, entry-level, mid-career, senior practitioner or security leader, ISSA offers strategic resources and guidance to successive career levels.
Membership Annual Cost: Professional (Not a student) $95, Student 30, (Chapter Dues $30) Professional = $125 total, Student = $60– Your company May even reimburse these dues! Does not hurt to ask.
*Select Hampton roads as your chapter
New Members: Welcome: Orantes B, Robert B, Angela M!
Glad to have you, thank you for joining!
Education: Resources on website, we do now have a separate mentorship program; we are passionate about what resources are out there!
Goals: Provide educational resources, mentorship opportunities, team-building/collaboration, hands-on industry tool familiarization, certification tracking/pipeline
COVA CCI Cybersecurity internship:
https://covacci.org/cyber-clinic/The objective of this clinic is to provide cybersecurity awareness and services (education, risk management posture) to client organizations within Hampton Roads while providing an experiential learning opportunity for the students participating in the program as cybersecurity interns/consultants. Specifically, this clinic targets those client organizations that do not have a strong cyber presence and who can find value in gaining knowledge of cybersecurity awareness and services.
This 15-week program will be offered during the fall and spring academic semesters. During the program, students will receive training on different cybersecurity modules which will allow them to interview client organizations during the middle portion of the program. The students will work in teams under the supervision of ODU faculty. The team will provide service to the client in one of more areas of cybersecurity network defense, cybersecurity policies and procedures, cybersecurity training for employees, cyber risk assessments, and/or cybersecurity best practices.
We are a partner organization with COVA CCI,
Great opportunity to introduce yourself to a cyber role!
Commonwealth Cyber Initiative (COVA CCI), the southeastern node of Virginia’s Commonwealth Cyber Initiative, in partnership with Valor Cybersecurity, is looking for small businesses, non-profits, or other organizations who need help understanding their cybersecurity risks.
These collaborating organizations (COVA CCI, Valor) will use teams of selected students to provide pro-bono Cybersecurity-as-a-Service to small and medium sized businesses to assess these organizations’ cybersecurity preparedness and risk posture.
Why Apply?
Free cybersecurity risk assessment to your business
Gives hands-on real-world experience to students pursuing a career in cybersecurity
Creates connections with cybersecurity professionals
COVA CCI is looking for students who are interested in assisting small businesses in protecting themselves from cybersecurity risks.
These teams of selected students to provide the aforementioned services to small/medium sized businesses.
Why Apply?
Get paid for your work($2250 for semester)
Create connections with cybersecurity professionals
Provide free cybersecurity risk assessment to business clients
Get real-world, hands-on experience as a cybersecurity consultant
Learn teamwork, communication skills, sales and other soft skills
Enroll in special session of CYSE 368, T/TR, 1:30-2:45
Anyone interested definitely check it out! It is starting soon, they may still have seats available:
Level up your Cyber Career:
VA Cyber Skills Academies is offering FREE skills training and cybersecurity certifications
If you have previous IT/cyber experience, this 8-week program will provide advanced SANS training and the associated GIAC certification you need to get ahead. Choose from a variety of courses including intrusion detection, penetration testing, DevSecOps, and security leadership. Whether you need to go deeper in your current role, want to pivot to new areas, or grow as a leader, there are offerings aligned with the federal/Department of Defense (DoD 8140) requirements that employers want to see on your resume.
Free 8 week program provides training (tuition funded by the state of Virginia), get to choose from relative courses to grow your current skillset! (MUST BE VA RESIDENT)
*AT TIME OF WRITING, THIS PROGRAM RAN FROM MARCH 2021 TO JUNE 2023 AND IS NOW CLOSED DUE TO FUNDING.
We have reached out to VA Cyber Skills academies in curiosity of other programs they offer
(info@womenscyberjutsu.org). It has been conveyed that some programs will be opening up soon on https://womenscyberjutsu.org/ ,
Stay tuned!
Reading List: Blog of the Month:
The CrowdStrike Crisis: Lessons from a Global IT Outage:
In July 2024, a faulty update from CrowdStrike caused one of the largest IT outages in recent history, impacting approximately 8.5 million Microsoft Windows devices worldwide. This incident, although not a result of a cyberattack, highlighted significant vulnerabilities in the software supply chain and underscored the need for robust cybersecurity measures.
Incident Overview: The outage was caused by a logic error in a CrowdStrike Falcon sensor update, leading to system crashes and widespread disruptions. Critical services and sectors, including airlines, healthcare, and financial institutions, were heavily affected.
Impact and Response: Global disruptions included flight cancellations, healthcare service interruptions, and financial losses estimated up to $5.4 billion. Recovery involved complex, time-consuming processes like multiple system reboots and manual interventions.
Lessons Learned:
Software Update Management: Emphasized the importance of rigorous internal verification and testing protocols for software updates.
Supply Chain Security: Reinforced the need for comprehensive supply chain security practices to prevent cascading failures.
Proactive Cybersecurity: Highlighted the necessity of advanced threat detection systems and robust incident response plans.
Future Directions: Governments and organizations are urged to adopt stricter cybersecurity standards, invest in threat intelligence, and enhance global cooperation to mitigate similar risks in the future.
Source: https://www.cisa.gov/news-events/alerts/2024/07/19/widespread-it-outage-due-crowdstrike-update/
Social Media Resources:
Zeffy is used for event registrations, we sent an email out if you are signed up for those
with Eventbrite, we were limited a certain number of sign-ups as well as they have begun to charge for the service. Eventbrite is still being used, though it has a 25-attendee limit.
Feel free to pitch in and share ideas on our discord!
Discord (QR below), can use QR code, link or search “ISSA-HR” (https://discord.com/invite/Jt3m7TWQzQ)
LinkedIn: great resource to get in touch with us:
Click the QR code (Above), link or search for “Information Systems Security Association – Hampton Roads Chapter” https://www.linkedin.com/company/information-systems-security-association-issa-hampton-roads-chapter/
Website: Be sure to also check out the Meeting recap on the ISSA-HR webpage!
Been blogging on the LinkedIn! Thanks Faith! We love feedback!
https://issa-hr.org/issa-chapter-meeting-9-july-2024
Meetings and Social Events:
6 August: Orantes “Ran” Blanks, Google Tech support: Crypto currency wallets stories and how to avoid pick-pockets
10 September: Evan L and Kenn J, Tracelabs, An introduction and history of a CTF event from a Judge and participants’ view
1 October: Austin McKean: Guarding your NFCU: Local Social Engineering Scams
12 Nov: Tal Reznikov: Topic TBD
Looking for speakers as we look ahead to 2025! During the holidays it’s difficult to get speakers, the sooner we can schedule you the better!
If you’ve been to, or go to conferences, and find anyone, or if you want to speak yourself! Practice something you’ve been working on or dig into something, such as a class presentation, an experience you’ve encountered or anything else related to cyber! Evan L is the point of contact for presentation inquiries.
After-Meeting Networking Happy Hour: After ISSA meeting at plaza Degollado. (Around at the corner from ECPI).
Cyber Social at Casual Pint: Wednesday August 21st 5:30-8:30, it’s a great casual (non formal) event, always a good turnout. No expectations, great place to network. Definitely a good time. Be advised we will not get the side room this time, we will be there, come out for a beer, we might (weather permitting) be able to be outside You can sign up for emails to stay in the know about these events!
Jobs:
Need a job: Type of Job, Elevator Pitch (Value you bring, qualifications, additional info)
Have a Job: Title of Job, basic requirements, contact information
ISSA has a job search page http://iz1.me/XJU31zUSeBVhttps://issa-jobs.careerwebsite.com/jobseeker/search/results/
Government Jobs: USAJOBS.gov:
Government job resource: Great resource for fed resumes: Federal Resume Guidebook by Kathryn Troutman (https://www.amazon.com/Federal-Resume-Guidebook-Writing-Featuring-dp-173340760X/dp/173340760X/ref=dp_ob_title_bk)
Best way to get a job is through networking, as always.
Need a Job: If you’re looking for work, now’s your chance to let us know! Let us hear your elevator pitch: an Introduction, summary of what you do: current role and why you are doing well there, relevant experience, explain your value/what problem you can solve, and a Call to action for what you’d want to do next. Whether you are currently employed or just want to practice, now is a great opportunity.
Optionally, for an extra 30 seconds you can add other details such as clearance status, remote, on-site or relocation preference, additional education/certs not already mentioned, and other short details. We can post your email in the chat if you want, we will ensure it gets to the right people.
Evan is casually looking for a Program manager gig,
Has a TS, would need to re-poly, (has done poly before but it expired)
Roop is also casually looking, for something new at a different organization, possibly Joint Staff or something similar:
No certs, but has management level experience, big on team building, loves to help bridge gaps and make an impact across enterprises, big on culture transformation
Have a Job:
Job title/Company/Type (Contractor, Government, Private sector, Internship, Full time, Part time)/Requirements (Years’ work experience, Education, Certs, Clearance)/Desired experience, qualifications and any other information desired (keep it short)
Johnnie’s company (SAIC) is (ALWAYS) hiring, a few from the group have been given offers, will sponsor security clearance, to start requesting you have A+ or Sec + or can achieve within 6 months, the process to be on boarded is minimum 2-3 months. Health benefits are great and you will learn a lot, Navy Marine Corps Intranet (NMCI)
Monthly Presentation: My Crypto Theft: Protecting your crypto assets in a digital world
Orantes Blanks is from Virginia Beach, VA. He’s a US Army Veteran that served for 8 years, until November 2003. Since his time in the service, he had the opportunity to try a few careers, to include Insurance Salesman, USPS Postal Carrier, and most recently an Auto Service Center Manager. One of the biggest factors that motivated him to join the cyber security field was because he was the victim of a fairly large cryptocurrency theft. Since this incident he has tried to learn everything possible to secure his digital assets.
Join us as Orantes discusses his entry into the crypto market in October of 2020. This was while the market was embarking on the beginnings of a massive bull run and he obtained several cryptocurrency coins. How did he become a victim of cryptocurrency theft? Join us and find out and learn some of the lessons he learned the hard way!
—
“By a show of hands, who dabbles in crypto?”
The market was going back in 2020, I’ve been in crypto a long time, a lot of Ethereum trading
EBM and Metamask were the wallets I used, it would alert me when it was good to make a trade
October 9th 2020, I wake up to an alert to cash in on a trade, when I checked, a bunch of ESBCwas missing, as well as a few other coins in my wallet. I was being robbed, it was a substantial amount of money but I won’t disclose how much. It was gone
I started wondering what I did wrong, what was happening?
A few things came to mind once I came back to earth, 1: I had a “dirty system” I was not using official software, whether the threat actor came in that way, I’m not sure, but I do believe to this day that it was.
One fact I know, I had an unencrypted file at rest with my “seed phrase” on my hard drive, THIS IS CRYPTO 101, you DO NOT share this seed phrase with anyone.
The same kind of hacks that occurred to me happen in commonplace across more platforms than just crypto
“Any body heard of airdropping crypto?”
I see a tweet announcing the drop, it’s “Legit”! I clicked on the link in the tweet, it directed me to a FAKE claim site, if I were to interact and authorize an asset, it would be drained.
Cryptographic functions are there to protect us and they work, it is almost always the human in the equation that makes an error. Back to that 3AM notification, I believe the attacker got in because I had an unauthorized operating system version, probably had some kind of malware, as well as the unencrypted seedphrase file.
Needless to say, I learned my lesson, I employ hardware wallets, I encrypt EVERYTHING.
I brought a USB wallet, (NOTHING IN IT), one of the OG hardware wallets, that I unfortunately possessed but did not use during this hack.
I tell everyone when I talk about crypto about recovery and redundancy, in the event of a disaster it can be recovered,
If you believe you were hacked, EMPTY THAT “DIRTY” WALLET IMMEDIATELY.
Back to the hack, I had about 15+ currencies, plus Ethereum, you needed Eth in your wallet to move the funds, the attacker was using the Eth to move the funds, I was combating with simultaneous transactions out of the wallet. It was a race. He got about 70% of the assets, I was able to salvage about 30%. I have been able to work it back up in time since, in hindsight I am appreciative, I have been able to help a lot of people prevent this scenario. I recognized a weak infrastructure and I have helped them secure their assets by pointing out that they needed to change.
PLEASE do the 101: learn about hardware wallets, encrypt EVERYTHING.
“How did your friend lose his phrase?”
about 9 months ago I got my friend into crypto, I told him to buy a ledger and a password manager and was willing to teach him. He did not come see me. He had a car accident, broke is iPhone, all his keys were there.
Nothing in his iCloud. No backups whatsoever.
If you don’t have that seedphrase/private key It’s wrap city
It’s not like a credit card. To my knowledge he does not have access to the phone anymore, and that it was destroyed. The first thing I try to do is help set them up so this does not happen, I explained to him the mistakes I made over the years.
Today, I advocate security stature different than what I have used previously, password manager, secured by a hardware token (YubiKey (https://www.yubico.com/) I have not had an incident since I changed my stance.I anticipate future phishing attempts
I have played around on multiple marketplaces both centralized and decentralized,
Ledger (a company that makes hardware wallets,(https://www.ledger.com/) got hacked. Everyone that bought one in the last year– the attacker has their PII.
I have been getting emails that appear as if they are coming from Ledger.
I hover over the links and clearly see they are a phishing attempt.
Ledger USB drives house my keys and phrases, it is not connected to the internet. The computer sends a signal to the device which is human authorized to make transactions,
The private key is safe
how is it different from an IronKey?”
Without knowing specific details.
“Are you liable to the IRS?”
technically I’m supposed to be liable, in theft I am not. Regulation for the liability is currently being drawn up, most times it doesn’t get reported. When the theft occurred there was little to no regulation
The IRS is currently forming a task force for these matters. It depends on the situation.
In 2011 the FBI/DEA etc got involved with crypto because of dark-net transactions, started tracking, gave birth to agencies like ChainAlysis, (https://www.chainalysis.com/ ) they do blockchain analytics, they track everything. The blockchain is a public ledger, they have scripts to find things out.
The government is pretty hip to tracking this, they will have regulatory frameworks, in the next 5 years it will be difficult to claim you don’t have crypto when you do.
“Did you find out where the stolen assets went?”
I found the attacker was going to CoinMixers. He sent it through some exchanges before this. One of which the government has since took down (Tornado.cash), was an EVM one, some assets went through Tornado; I wasn’t quick enough. I go to Etherscan (https://etherscan.io/) and manually write the address to see where it does, I do not have a script for this. Cryptocurrency is irreversible, people are so used to calling their bank and getting refunded for losses, crypto doesn’t not go under FDIC. I am still feeling the woes of October 2020 but it has turned me into a better digital version of myself, getting smacked up a little bit you have no choice to get better, especially when you get hurt in the wallet. I can’t stress the importance of password manager and hardware tokens like YubiKeys.
I felt in 2019/2020 that they were burdens, too much to do. Now look—had I taken the time to learn them things would have been much different. As your family gets more into it, as crypto becomes more commonplace, it’s important to understand these risks. PLEASE educate them. Proper 101.
It’s essentially just blockchain technology.“what password manager do you like?”
I like open-source, I like KeyPassXC (https://keepassxc.org/)
I shy away form paid for services. (like LastPass.. https://blog.lastpass.com/posts/2023/03/security-incident-update-recommended-actions)
…If I’m going to pay you to keep my stuff locked…I expect you to do that.
Roseman: or Bitwarden.
My incident in 2020 I was nothing but a Windows user, I now absolutely DESPISE Windows.
Roop: “what is the difference between crypto and FIAT?”
crypto is on a blockchain,
“I understand the tech–”
99% of are here probably for speculatory purposes, I have not ran into a huge use case of a turn of the tide in terms of practicality.
With the emergence of AI we may see it, as it stands right now there isn’t anything in play that is significantly different form FIAT
“It’s similar conceptually for the VPN, it’s decentralized,”
CBC’s Central bank currency, the US Treasury is trying to digitalize their currency.
“What are your TOP 3” in 101
password manager, hardware wallet, redundancy !!!!! even before you starts to dabble in trading.
Kenn: DON’T buy hardware keys off Ebay, Amazon, there will be someone in the middle, buy it from (Ledger) directly.
There’s Trezor (https://trezor.io/) that’s another hardware token, SafePal (https://safepal.com/en/) is budget friendly, I use that too. I haven’t used Trezor, but I haven’t heard of anyone losing their funds, I have stick with Ledger since day one
Kenn: do you have a paper wallet?
YES! I do have one printed off a long time ago, it’s safeguarded in a secure place, it’s a LOT safer (also known as a “Cold wallet”)
an air gapped wallet would be considered one not connected to the internet, safe from prying eyes
cold wallets usually have a QR code, to avoid manually typing wallet keys.
Kenn: with paper wallets, thats like deep cold storage, you get your profits and send them there, and only take them out when you’re getting ready to retire
Some sites are also out there, you disconnect from the internet, print the QR key THEN REBOOT THE MACHINE, otherwise would could be at rick of being monitored.
Evan: do you have a resource for those willing to learn the 101?
I like iBit (https://www.youtube.com/channel/UCVfwBDc1okBH43RSfmwQeaQ) is on YouTube, he is a coder, great channel to keep up with cryptosRus (https://www.youtube.com/channel/UCI7M65p3A-D3P4v5qW8POxQ) YouTube channel, great to follow. Websites, cant go wrong with Coingecko (https://www.coingecko.com/) and Cointelegraph (https://cointelegraph.com/)
They will write articles within an hour of any thing that happens, I follow them to stay up on hacks, vulnerabilities, these things happen, particularly if you’re working with DFI. It’s a daily thing. It’s nice to know if your wallet is vulnerable.
Kenn: anything on when or when not to use exchanges?
In my opinion, centralized exchanges should for the most part be avoided unless you are intending on cashing out. They are the biggest targets in the crypto space. It’s just a matter of time before any exchange could experience a hack.
There is an exchange right now wrapping up their decade long investigation on a hack that occurred that long ago
One of the first exchanges (Japan), hacked for 850,000 BTC.
Huge hack, al users of the website ended up being creditors in a civil lawsuit they won to have a portion of their holdings returned to them. They just started issuing early payments system, early payment is if you take what we give you, final payment is what is left over. Early payment went out last month– THIS TOOK TEN YEARS!
If you want to trade, and stack crypto, go to decentralized exchanges.
Kraken (https://www.kraken.com/) is probably the most protected centralized exchange, however I don’t leave anything there. I still have PTSD from the 2020 incident.
Evan: we can definitely consider creating a Discord channel regarding crypto. (we are short on time)
Thank you Orantes!
Business Meeting:
Old business/New business/Membership Updates/Secretary: Meeting Minutes/Treasury Report/Social Media Updates
Old Business: Social Event, Casual Pint June 26th, always a great time! Last Month we met Tal R, involved in DC757, THEY ARE LOOKING TO PUT TOGETHER A HR BDIDES next year, they just for commonwealth state corporate commission certification yesterday! Keep an eye open going into next year, definitely something you’ll want to attend, Bsides has potential to be a very large event. Some of us may be interested. They may try to do it during the CyberForge event, they have been in contact with COVA CCI
New Business:
Business (Board) Meeting
Election Committee
Audit Committee
Christmas Party
ISSA Business Meeting:
WHEN: Thursday, August 15th, 6:00PM EST
WHERE: Cybrex LLC HQ, 1100 Granby Street, Norfolk VA (Thank you John B for hosting us!)
Tentative agenda topics:
Bylaws Review
Budget concerns (sponsorship, educational avenues, tax status)
Conference/volunteer participation
Other topics proposed:
Election, Speed Mentoring (Mentorship), Extending invite to DC757 to discuss possible partnership, Appointed positions, Christmas Party options
Election Committee:
As per Article IV of the ISSA Hampton Roads Bylaws: we will be needing two volunteers (Johnnie S); need a second volunteer to fulfill these positions.
Call for nominations for following board positions:
President
Vice President
Secretary/COO
Treasurer/CFO
Article V: Elections
Bylaws applicable to elections:
SECTION 1: The Officers shall be elected by popular vote, each general member in good standing to be entitled to one vote.
SECTION 2: The Nominating Committee shall consist of two members in good standing as selected by the Officers at the October meeting of each year (we are kicking this off early). Members in good standing may volunteer for this function.
SECTION 3: Elections shall be held during the December meeting of each year. Or as determined by term or moved as needed to accommodate extenuating circumstances such as hurricanes or Covid. When the election must be scheduled outside of December, every effort should be made to schedule as soon as possible. (I.e every other year for 2-year terms.) (See Section 6 below).
SECTION 4: The Nominating Committee Chairman shall prepare and distribute election ballots at least one month prior to the December meeting.
SECTION 5: Election results shall be announced at the end of the December meeting. Or at the beginning of the next meeting.
SECTION 6: The term of office shall consist of two years commencing at the conclusion of the December meeting.
(Hoping to update Section 3 during August 15 business meeting to amend December-held elections)
Election Committee Best Practices:
PREPARE FOR ELECTION:
1. Identify election workforce
2. Find and read the latest bylaws, especially sections on audits, elections and turnover processes
3. Follow the bylaws, have them present in case of questions.
4. Define and record the process particulars then distribute/brief it to membership.
5. Early and frequent request for nominations
6. Request nominations AT EVERY MEETING to attain momentum, enlarge the field and get people involved/talking about it.
7. Determine type of election: Designated or Rolling nominations. Each has advantages and drawbacks. Smaller numbers of nominees normally indicate a rolling nomination.
Jon B: a rolling nomination is for smaller number selections, one at a time
President is great visibility!
As well as a great learning opportunity
Mike has nominated Evan for President
Johnnie has nominated Peter C for Treasurer
Jon B has Nominated Faith W for Secretary
nomination for Brian F for Vice president
John: Can people nominate themselves?
YES!
Board members who are currently in positions that are open for nomination cannot be part of the election committee.
As usual, if you see something you can contribute to the board, appointed positions can be created!
Audit Committee:
To be performed every two years.
You cannot be an officer! (it is a fiduciary liability, as (officers) are the ones being audited)
committee appointees: Evan L, Charles H
Bylaws applicable to audit:
Section 7: The Treasurer will also work with the auditors, either prior to or right after the board elections every two years to complete a full audit, even if the same person remains as the Treasurer.
Section 5: An Auditing Committee consisting of two members in good standing and/or a qualified accountant shall be appointed by the President at the September meeting of each year (we are kicking this off early in the August meeting). These individuals shall not be Officers. The responsibility of the Auditing Committee shall be to examine all financial records of the Chapter and provide a report of its findings and recommendations to the membership at the December meeting prior to elections (this is to me amended). This report shall be in writing and shall be maintained as part of the permanent records of the Chapter.
John B: I recommend this be called “Financial Audit committee”, –I’ve seen organizations like ours, we have a good organization, get into a lot of trouble because the audit was whitewashed, it has to be REAL, does not have to be huge or complex, but it has to be REAL.
Christmas Party: potluck proposed
Other proposals:
VFW hosted/catered
Pay your own way
It’s been discussed that last year’s event may have been rationally over budget. Hoping to discuss this more in depth at board meeting.
ISSA Mentorship Program – Need Volunteers!
Desmond Graham – Mentorship Chair
Call for volunteers on the Mentorship Program committee
Call for Mentors: Desmond is reaching out to schools and companies in the area
Mentorship Mixers: Learn about how to get into cybersecurity with no previous background, Meet and learn from cybersecurity SMEs, Network with hiring managers and the cybersecurity ecosystem
Mentorship program is on somewhat of a pause, Desmond has asked to step away from it for the time being.
John: is he going to pick it back up?
Johnnie: I would like to propose an informal speed mentoring during the next Cyber Social, 5 minute rotations, nothing longer than half an hour.
It will be implemented and refined as we go along
(6:30-7:15) tentatively planned at this time.
Conferences:
Black Hat USA 2024: August 3rd-8th in Las Vegas, NV: $2,799
https://www.blackhat.com/us-24/(happening as we speak)
DEF CON 32: August 8th-11th in Las Vegas, NV: $480
https://www.defdonf.org/
Jon B: it’s a “huge melee of humanity”
FutureCon: August 22-24 in Washington DC: $50-$200https://futureconevents.com/events/washington-dc-2024/
INFOSEC World: September 21-22 in Lake Buena Vista, FL: $1595-$3595,
Bsides NOVA: Arlington, VA, September 6-7, ($? not released yet)https://www.bsidesnova.org/
Kenn: usually takes place on one day, it depends. They will have training sessions, usually half day or full da before the actual conference, it costs extra (UNLESS YOU VOLUNTEER) The conference itself is a whole bunch of talks, depends on the size.
Johnnie: proposed two days this year
Kenn: I think one of those days is the tracks.
Johnnie: how hard is it to get tickets?
Kenn: not Shmoocon difficult.
If you can’t get tickets I HIGHLY RECOMMEND volunteer
(Baltimore tends to sell out in minutes)
as a volunteer you get to meet the speakers, see how things are run.
Bsides Charlotte was on this list but it has been put out that they will be doing their event in the spring instead of the fall
Kenn: it doesn’t cost anything to be a Bsides CTF Judge. You get some cool swag too! And meet al kinds of people. REALLY great for networking
John B: Bsides DC has not ran in a few years, I believe NOVA has likely assimilated it.
MSSN CTRL 2024, Arlington, VA, October 2-4, $200https://www.mssnctrl.org/
Seemed very “Pentesty”
It is surprising to see how few events are finishing out the year.
Roseman: SANS has a few summits coming up, which can be attended in person for a dee or virtually at no cost. This is a great opportunity for those wanting to catch up on CPUs (see texts to add)SANS Digital Forensics & Incident Response Summit & Training 2024: Aug 22-29, Salt Lake City UT: $425 in person, $0 virtual attendance (talks only),https://www.sans.org/cyber-security-training-events/digital-forensics-summit-2024/?ref=229870
SANS CloudSecNext Summit & Training 2024: Sep 30th – Oct 7th , Denver, CO: $425 in person, $0 virtual attendance (talks only),
https://www.sans.org/cyber-security-training-events/cloudsecnext-summit-2024/
SANS Hackfest Hollywood 2024: Oct 28th -Nov 4th
, Los Angeles CA: $425 in person, $0 Live online (talks only),
https://www.sans.org/cyber-security-training-events/hackfest-summit-2024/
We love to volunteer at local conferences! Great way to network, garner interest in our chapter. Some of the best networking opportunities compared to merely being a guest. We are always looking for people!
Membership Update:
Number of members: 48
Last meeting: 6 members, 10 visitors in attendance
June 4th Meeting Minutes: Meeting recap on website:
https://issa-hr.org/issa-chapter-meeting-9-july-2024/
Presentation Speaker: Daniel Weiss: Adventures in ZFS: Keeping Data Through Hardware Failures
Business Meeting:
Old Business: Cyber Social @ Casual Pint
New Business: Conferences, Volunteer Outreach
$4,494.71 recorded.
Treasurer Report:
Balance: $4,381.31
2024 Events Calendar:
Social Media:
Email Addresses: This will be updated post elections!
Adjourn:
After Meeting: Networking Happy Hour @ Plaza Dellogado
Please give us feedback!: What did you like? Recommendations for future meetings? What could make your experience better?
Send your feedback to President @ ISSA-HR. Org
You must be logged in to post a comment.