Attendees: Nathan Case, Sara Mazer, and Julie Davila
Working Group Infrastructure and Logistics
Meetings
- Leadership calls will be held at 8 AM EST on Thursdays
- Working group calls will be held at noon on Mondays
- The cadence for both meetings will be bi-monthly.
Website
- Mid/long-term Nathan is going to work with WAVV to get a website established
- Affiliation with WAVV could prove beneficial to the objectives of the group given their deep connections within US Gov and NATO
- The cost will likely be low at around $2000 or so to get things stood up.
- Future discussions on how we secure funding for this is TBD
- Short term, Julie will be setting up a Notion website and using that as a place to share meeting notes, action items, and anything else that group members will likely want to reference.
Real-time Communication
- Sara will be creating a Discord group for real-time communication.
- Slack was considered but cost considerations made the idea unfeasible
Experience Collection and Sharing
Establish Experience Nomenclature
We discussed how we can best collect everyone’s experiences effectively to then leverage as content for subsequent output (eg whitepapers, etc).
- We want to work on establishing the nomenclature (categories) of focus first. An example would be “Working with 3PAOs”.
- Once we have a strong list, then we can proceed with filling out each category with the output of future group/individual conversations.
Legal and Privacy Considerations
We also discussed how we might be able to have a way to hold and document conversations that are sensitive in nature. For instance, if we want to name a specific 3PAO in the context of sharing a bad experience, then we don’t want to put anyone at risk legally or otherwise.
- We agreed that gating information specifically for the purpose of hiding it from folks for the purpose of avoiding legal problems creates problems at least in terms of optics.
- We also considered that if things like this are documented in a way that seems more like conversational notes (eg opinions) then we might be better protected as it’s an expression versus a public judgment of a company or individual’s competence
- Nathan will reach out to a lawyer friend for advice
- Julie will ask Sophos legal if they’re willing to give an opinion
- A path of potential mitigation would be to host conversations with 3PAO reps where they are willing and open to receiving unfiltered feedback in a group setting.
Raw Notes
Sarah
- Created a Slack webspace, but tech ops pushed back
- Discord to be created
- Meeting times
- Thursday mornings usually work for people at 8:30 am
- Every other week
- Noon Eastern for a larger group on Mondays
- A lot of exp with frustration
- Private and public info on Discord
Chris - absent
Julie
- To do a notion site as a placeholder for future WAVV site
- Do we collect info?
- Is there a future to gated content?
- Nathan, give bad optics b/c looks like we are doing something wrong
- Prev company exp
- TODO: Ping sophos legal
- Ask GSA about IL4/5 getting axed
Nathan
- Reached out to Wavv which is a large small group of people that specialize in connecting people to gov opportunities. High-tech companies use them to get FedRAMP, IL, and NATO certs.
- They are meeting in Calgary this week, bringing in all the big players
- Have folks that can build a site
- They have been around for a while
- Competence seeming
- Only about 10-20 people
- CEO is a NATO procurement chair
- ~$2000
- Perhaps eval nomenclature first?
- Contract options? Eg if looking at EY, the people, etc
- AWS sued Coalfire for not doing what they said in prev
- Maybe not make it public but have a leaderboard of sorts?
- Get 3PAOs to come to the group for feedback
- Writing it down publicly would be risky for a suit
- Leave sensitive conversations to calls