2nd meeting 30 Mar 2020
(Andrew, Angie, Claire, Louise, Susan, Tristan)
Discussion as follows:
Are we ready to bring the group to the attention of the public now? At least a week lead time for the first event was suggested in order to give time to get the word out and hype it up. If you can help hype the events, please do!
Intro to VMs event:
There was a discussion about how in-depth this should be and what level it should begin at. The group consensus was that it should begin at the basic ‘What is a CTF/VM/Kali?’ and ‘Why would you want to use it?’ level. This would then proceed on to how to set it up and how to try and secure it. While there was a debate about using VulnHub in the end it was decided that JuiceBox is better set up to hand-hold people, and would therefore be better for newbs. We will aim for 20-25 minutes, and end with a complete VM setup, hopefully also including a complementary ‘attacker VM’. Tristan will discuss the preliminary draft at the next steering meeting.
Questions were raised about how to handle numbers, and so we have decided to try and have a sign-up process here on Discourse, in order to prevent message dilution across other media. If a handful of people turn up we can handle everyone on one call, but otherwise the suggestion is to ask for mentors and split into collaborative groups so that people have a cluster they can turn to for help, questions and shared encouragement. If you can help with mentoring please let us know!
The event date and time have been set for 15th April at 6.00pm-7.30pm, with a 20-25 min presentation + Questions & Answers.
Questions arose about how the steering group could communicate during the event, and transparency was highlighted as important. The Farset Slack was vetoed in deference to our aim of having no single place over-riding everything, and the Discourse is already hosted there. Other platforms were suggested. Everyone thought it might be a fun idea to make it a mini-CTF challenge to find our meeting room, with some social hints beforehand, thus getting in a bit of OSINT practice. For this reason the meeting location is deliberately vague here, though anyone is welcome to participate in the conversation if they find it.
We talked about three main streams of objectives for the group:
onboarding new people into the security industry itself.
- Continuing Professional Development (CPD) and technical deep-dives for the more experienced.
Public outreach about ways to improve their personal security.
Cyberskillz for younger members was not discussed at this time. Comments and suggestions from you about the objectives would be welcomed!
Susan and Andrews suggested several key people to be in touch with both for spreading awareness of the group, and for collaboration and help with events.
Susan also gave a run down on the PSNI Protect & Prevent programme(s); educating people on ways to protect themselves and their business, and ensuring that hackers understand what exactly constitutes an offence and funnelling them into using their skills for good, respectively.
Andrew suggested something the group could look at in future was setting up some attackable infrastructure in order to offer practice within a legal setting. Bug Bounties were also highlighted as a key outlet. Cute millionaire BB hackers may or may not have been mentioned, I couldn’t possibly comment.
Finally, Claire and Angie’s suggestion of an online movie night event was discussed. Points were raised about it being an accessible film for as many people as possible, platform-wise, and this needs further investigation for any suggested titles. We are, of course, not advocating torrenting any films. The suggestion was made that follow-along could happen simultaneously on multiple-platforms (Twitter/Slack/a group call), as there would hopefully be enough people to support that. Although weekdays were posited, some felt a weekend would suit them better as mid-week is tiring with work, so the decision was made to throw that out to the forum as well. Ideally the movie night would happen ASAP in order to try and maintain roughly 2 weeks between events, but there is no set rule. Tristan suggested a lighthearted conversational tear-down of the film afterwards to highlight what was/wasn’t realistic about the hacking. Please tell us what film you’d like to see, and when!
Andrew will put the VM event on Discourse and link to it on the website.
Claire will put the movie poll on Discourse.
Angie will write up the discussion notes onto Discourse.
Tristan will continue working on the VM event.
Everyone will spread the word as much as possible about the next event, and encourage forum participation where possible.
The movie night is TBD
The next steering meeting is Monday 13th April at 6pm in order to discuss event preparations and feedback any public comments to the group.
The VM event is 15th April.