Doug,

The security vulnerability review was a budgeted item in the 2015 plan, as requested by A&F at its November 2014 meeting. This is at Minute 9, pp. 7-10; the amount A&F suggested for the budget was $10-30K, and $20K was used as an estimate in the 2015 budget. This was also reported to the Board in the January 2015 A&F Report (Document #14) near the bottom of the first page.

The contract was signed after being reviewed and approved by counsel. The amount for the vulnerability assessment is $12K, with an option for a second phase, a review of our operations and best practices with recommendations, of about the same magnitude. Meetings have already begun, and the vulnerability assessment will begin Friday and continue into next week.

Earlier, I forwarded a document from Mike Keane that detailed some of the reasoning used to select GreyCastle, so I will not say more about this.
73,

Greg, K0GW

On Tue, Apr 21, 2015 at 4:37 PM, Doug Rehman <doug@k4ac.com> wrote:

Have we already signed a contract with GreyCastle?

I ran their company name and the CEO’s name past a good friend who is a Senior Instructor for the SANS Institute and he has never heard of either one. (SANS is the foremost commercial training organization internationally in the cybersecurity space.) My friend has been in cybersecurity for decades and constantly teaches all over the world.

Given the number of years he has been in the industry and the number of students he has taught, I’m rather concerned that he has never heard of either the company or the CEO.

Doug
K4AC