2012-12-20 19:13:58 by chort
If you are in the San Francisco Bay Area and do Incident Response, please read this post and give feedback on preferred location, time, and frequency of proposed local meetups.
I think we can all agree that more information sharing between responders would make our jobs easier. At Baythreat I met Suzanne Widup, who is doing some great work trying to get IR teams talking and trying to get new folks introduced to the discipline. Our conversation inspired me to start a recurring meetup for people in the area who are doing IR.
Due to the natural reluctance to share out of concern for legal issues, embarrassment to organization, revealing methods to the public, etc there will be some rules in place. Hopefully these rules will create a more comfortable and open environment that still limits potential exposure.
1.) Must RSVP from business email address.
2.) Must bring business card to attend.
3.) Chatham House Rule is in effect, unless explicitly stated otherwise.
4.) No photos, tweeting, geo-tagging, or other similar information leaks.
The meetups will be held at a corporate office to allow presentations and to prevent eavesdropping. I'm planning for a short presentation from the host organization, then one or two more short presentations by participants or invited speakers. There will be time before and after to mingle and converse. I'm working with a security company to host the first meeting in San Mateo. It's a nice central location between San Francisco, San Jose, and the East Bay. They're offering drinks and food, so you'll have something to occupy your attention instead of standing around awkwardly. That was a joke to see if you're paying attention (there will be refreshments though).
OK, here are the important questions. I would immensely appreciate feedback on these items, as they will determine the attendance and ultimately the success of the event(s). You can leave a comment here (requires CAPTCHA and moderation), or reply on twitter to @chort0 with hashtag #dfir_sf.
1.) What time works best? I suggest doors open at 7PM, presentations start at 7:30PM.
2.) Is San Mateo a terrible location? What would work beter (keep in mind we need a host company)?
3.) Are folks more interested in short presentations from their peers, or round-table discussion on different topics?
4.) How often would you like to meet? Monthly, quarterly?
5.) Would you be willing to contribute talks, snacks, office location, organizational skills, etc?
Please be open with feedback. I'm really interested in sharing about what works and what doesn't in Incident Response, what threats people are seeing, what tools people are using, etc.