Red Sky Alliance Weekly - 7/14/12 - FR12-015 published

Been a heck of a busy week. This is exactly the way we like it. The portal is active, the membership requests are coming in, and the crowd-sourced analysis model in the portal is purring along nicely.

On a side note, in every call or meeting, a CISO tells me how much data they receive. Most when asked list a slew of open source lists, RSS feeds, and almost all have at least one (usually several) of the premium subscription services available. In almost every case, I ask the CISO “How much of that information do you act on?” The answer? Less than 10%! So to be clear, every piece of information must be read, evaluated, and if needed, acted upon. This means lost labor in evaluating the other 90%. How inefficient! And then, what makes something actionable? Is there a standard tripwire that is used in your company to signal a piece of information that’s more important the others you’ve read that day?  I’m scratching my head on this one. If an aggregated feed costs you $100,000 per year and you only act on 10%, shouldn’t you be paying $10,000 for it? Would you pay $100,000 for a car that’s only worth $10,000 to you?

So here is what I hear: CISOs have data. What they really need is knowledge.  They need it delivered in a way that makes it highly relevant/actionable, and preferably prequalified.

Enter Red Sky Alliance. Red Sky focuses on conversations. You know what’s important because other members tell you. Right now, there are sixty-two pairs of eyes reading the wire in their own large enterprises. Those conversations are distilled into data. We add open source information, and expert analytics, and then feed that knowledge back to the entire membership in the form of a Fusion Report. The fusion reports transfer knowledge in a smart, meaningful and actionable way. We want our members to know how we did our analysis -maybe teach them -maybe be taught --we show all of our work. Every source is clearly referenced. And, every report offers signatures and indicators in an easily digestible list that may be copied directly into the appropriate location in your defense in depth.  Our goal? 100% of our information should be actionable, and received in a timely manner. 

Did I mention it was a busy week? Here are some of this week’s highlights:

·      Fusion Report 15 (FR12-015) was released earlier this week. The report details a previously unknown Trojan discovered by one of the members. Red Sky has named this Trojan “Eclipse”. Eclipse operates completely encrypted and we do not believe it will be detected using traditional network/signature based defenses. This report is 12 pages long. It’s ten pages of analysis and lists 79 ways to identify the Trojan in your enterprise.

·      Two new companies have begun Red Sky Alliance membership processes.

o   A large Oil and Gas company received first credentials today, making this our first –and this company is probably one of the best that could have lead the way for that industry.

o   The second is a company who specializes in large airport and municipal projects. Again, a first for us. Our membership now spans almost all of the global “Critical Infrastructures” and includes some of the largest companies in them.

·      We’ve begun testing CIF (Collective Intelligence Framework) as one model for sharing information between members. There are several models for sharing data in the membership. I’ve been invited to DHS to talk about TAXII on Monday, but in Red Sky, we’re pulling the membership together for a virtual meeting looking for the happy mean; to figure out what’s going to work for us. To date, we’ve been using Kill Chain.

·      We had a bit of a stumbling block this week with our new authentication system, but it seems we’ve worked that out. Even with the stumbling block, at last look (this morning) Red Sky members are tracking over 480 different threads. Malware and submissions to our Security Intelligence area are easily topping the list of most participated areas. Our membership is active.

Red Sky Alliance continues to grow. Won’t you join us?

Until next week.
Have a great weekend.
Jeff

Red Sky Alliance Weekly 7/6/12 - Fusion report 14 published

It was a short week, but none the less, busy.

·       This week, actors dubbed “Pearl Net” by Red Sky analysts, registered several new domains that we believe may be leveraged by attackers in the near future. FR12-014 details nearly 200 new indicators of potential compromise, published to the membership in a simple Kill Chain format. Members were urged to implement these indicators immediately as preventative measures.

·      Red Sky Alliance is growing! Two new members committed to joining Red Sky Alliance this week and other requested a membership package. We seem to be bringing in at least one new member per week. When these two committed companies wrap up, we’ll be closing Founding Memberships* in that industry sector.

* Founding Members form our Advisory Board. We limit the number of Advisor to four per industry sector. The benefit of being a Founding Member is half price membership, extra seats, expanded participation in the Annual meeting in March, and an 18” x 24” framed Plankowners Certificate in exchange for early enrollment and participating in our Advisory board.

One of the most exciting things about Red Sky is our Intern program. This week Dave Chauvette joined us as the Director of Academic Services after a long career in STEM Charter Schools (32 years!). Dave’s role is two-fold – being the focal point for bringing schools into the Alliance, and heading up our Internship program. This year we interviewed scores of candidates. Out of those, four were offered spots, and two ended up coming in.  One was hired away immediately (a PhD candidate), and the second (a MS candidate in Criminology/Cyber) authored his first piece of analysis just before his finals - 51 pages and one of our most read papers. The idea is this… there’s a skill gap between new college graduates and required analysis in the emerging threats space. Red Sky brings interns into the program for two semesters. Our first (Bruno) is receiving three credits for his internship. Other colleges are offering up to six, and we’re working hard to complete a syllabus for something more formal to begin working toward training wounded warriors.  The interns are mentored by Red Sky and its members, are asked questions and peer reviewed like any other crowd-sourced analyst. In addition, interns can certify through Red Sky simply by peer reviewing in the top 10% like any other analyst! When they’re ready to graduate and are looking for their first job, we’ll introduce them to the companies who have been peer reviewing them through the course of their internship. How cool is that?!

So it’s been another great week for the Red Sky Alliance.

Have a great weekend!
Jeff

Red Sky weekly wrap-up – 6/29/12

We held our offsite, starting with happy hour at the Union League of Philadelphia and a day of talks in the boardroom of one of our members in Delaware. The portal, as a result was slow. No fusion reports this week.

Regardless, our Threat Day was a fantastic success.

·      Early polling of the members suggest all left happy with the way the day went. I know this group was larger than last time, and this one, unlike the last was members only.

·      We issued our first “Plankowner Certificate” to our first Founding Member. The senior member of each team receives an 18” x 24” professionally framed, matted certificate.

·      We recognized our top 10% peer reviewed analysts. We do this each quarter, and at the end of the year they’ll receive a certificate and a certification good for one year. It goes like this: If a member peer reviews in the top 10% over the previous 12 months of their participation, they’ll be recognized as “Red Sky Certified” (RSc), and can use the designation as a certification behind their name. I like the idea of certification through peer review over the course of a year. 

·       We’ve got a couple of new research items – standardizing means of communicating, tests of linguist capabilities beyond the main threat areas, and the addition of new capabilities to the Red Sky portal.

So, positive trends, building face-to-face trusts, and growing collaborative capabilities.

Have a great weekend!

Jeff

Red Sky Alliance weekly wrap-up. FR12-013 released.

Another busy week for the Red Sky Alliance! FR12-013 released.

I’m almost glad it’s Friday night. I’m exhausted… although I’m having a heck of a lot of fun in my new job!

It's been a fun week. The work never stops. This is a major pace change from my previous life in the government. Work stopped at the end of the day. I slept, and went back at it. Now the lines seem to blur. It's 9:30 and I'm writing a blog and a paper. I was at it at 6:30 this morning, and nearly every waking minute is devoted to ensuring the success of the Red Sky Alliance.

What's been keeping me so busy?

·      Earlier this week we released our latest fusion report (FR12-013), which offered supplemental information on Team Taidor activities, including new malware and a slight shift in TTPs.

·      Following up from the Gartner conference last week, one new member has decided to join the Alliance. The prospective member (they still need thumbs up from our Advisory board) is another large Managed Security Service Provider. This will be two for us, and if you’ve heard me speak about scaling the protective capabilities of Red Sky, you’ve heard me talk about bringing MSSPs into the alliance.

·      We wrapped an important evolution in Red Sky. We’ve completed (with the exception of a few outliers) the integration of our new authentication mechanisms. As we head into the second generation portal, adding new services, this is going to be more and more important. We’re moving forward on a mission, and with a plan!

·      Last, we’re holding our quarterly face-to-faces next week with Happy Hour at the Union League of Philadelphia followed a one-day “Threat Day” in Delaware. We look forward to these sessions with our members, and this will be our first members-only event. So far we’re expecting about 20 people –a really nice size for great conversation!

So, it’s been a great week, and next week looks to be even more fun. I’m looking forward to seeing everyone in Philadelphia (drinks on me!) and the following day in Delaware.

Have a great weekend!
Jeff

Red Sky Weekly Wrap-up

I’m just back from nearly four full days at the Gartner Risk and Security Summit held at the National Harbor in MD. This is one of my favorite conferences. There’s SO much activity. If you don’t like the presentation you’re in, go next door. Chances are you’ll like that one! Besides coming home with the ‘conference crud’, this was a great week.

Gartner was terrific for me, and for Red Sky. For me personally it meant reconnecting many of the connections lost during my last couple of years working for the government. It’s easy to do, and I (inadvertently) let them go.  For Red Sky however, it was a very different story.  On my second day I sat in on an earlier session by Dan Blum. Dan was talking about information sharing. Much of his talk was really on ‘security intelligence’, or in my lexicon, aggregation of loads of data, but maybe not actionable knowledge.  I was just about ready to bail when he brought up the next slide and said he’d heard about a new group called the ‘Red Sky Alliance’ and it sounded promising.

I raised my hand and told him that I was the COO. There were several questions, and after the meeting I presented and demo’d to him and three others at a huddle table in the hotel.  I ran the presentation over my blackberry, but the slowness of my connection didn’t seem to bother them at all. They got it; and best of all, I think they loved it. Long story short? Seven new companies will be mailed our membership package this week. I fully expect all seven will come into the portal (I’ve already received confirmation from one!).

Why? The model produces actionable results.

·       This week we issued our newest Fusion Report. It is number 12. FR12-012 talks about another domain in the dynamic DNS category, but calls out more unique indicators of how to track, and mitigate the activity. This fusion report seems to have created a bit of a following inside the portal, as several companies’ contributing analysts have commented on how well done the reporting is, and have offered other pieces of information that might be added (we’re all about crowd-sourcing!).

·      We’re tracking a new piece of code suspected of utilizing an 0-day. If true, it’ll be third we’ve identified.

·      We’ve got a couple of new threads going. One is a new group (at least for me); I don’t recall ever seeing this on in my past lives. Regardless, a member who has been tracking it for a few months, sent it in, and it is now a popular topic.

·      Our Associate Members from Kyrus, LookingGlass, and Norman are cranking up the analytic volume. This week we opened vendors to previously restricted analytic areas of the portal. For the last several weeks, members have been asking them for analysis, and they’ve come through nicely. I’ve talked with the vendors and they agree—no selling in the portal, but I can’t think of a better way to demonstrate capabilities to a high quality companies than actually doing real work for them! On top of that, they’re peer reviewing nicely and getting feedback on their work! Nice!

·      Last? Our blog is about to click past 10,000 hits since March! Wow!

So it’s been another GREAT week in the Red Sky Alliance! I know you’re probably tired of reading that, but the boards are on fire. Analysts are talking. New members (GREAT new members) want to come in. And, we’re being asked to speak to companies and their boards about how great companies operate with the threat of targeted attacks and APT.  We have people in St. Louis, Baltimore/Washington, and New England. We’re happy to schedule time to help.  

Until next time, have a great weekend.

Jeff

Red Sky Alliance weekly wrap-up - Fusion Report 11 published

It’s been a busy week.  Fusion report 10 was published late last week and Fusion Report 11 on Monday night this week. Fusion Report 11 was identified as a high confidence tightly targeted attack against a tech company who only joined just two weeks ago. What timing!

We’ve got a lot of things going on.

·      We’re preparing to host our second quarterly face-to-face ‘Threat Day’. This one will be hosted at the end of the month at a member site outside of Philadelphia. Cocktails the night before will be at the Union League. It’s a great place for happy hour, and we’re looking forward to getting together with our members!

·      We’re working through integration of our Norman MAG2 Analyzer, and beginning the planning for our first big data node.

·      I attended AT&T’s security conference this week. Great group of folks. Absolutely enjoyed the conference! Good to catch up with several folks that I hadn’t seen in a while.

Anyone who knows me knows how much I love metrics! Earlier this week I was asked by a board member in another information sharing environment what our participation looked like. At the time I answered off the cuff, but after looking at our numbers this morning, here’s what I found out:

We kicked off (live) in mid-February of this year. At the time, the portal was an empty shell…. No data. Since then we’ve worked hard to sign up new trusted members, get communications moving, author fusion reports, etc. In May we noted a nice uptick in member adoption. Today we host approximately a dozen companies, and if I trust my math, 88% of our participants authored three or more entries in May. It may not sound like a lot, but let me tell you what that equates to since mid February:

·      Over 250 active threads with over 9000 page views and comments

·      11 Fusion reports have been read or commented on 757 times by 43 people

·      Since going live, our malware lab has received 42 submissions, received 1047 crowd-sourced comments from by 44 users, and resulted in nine Fusion Reports.

·      1280 qualified indicators of targeted attacks pushed to the membership with another several hundred spanning three years, submitted this week by a non-member.* We published the indicators, all of which are believed to be involved in targeted attacks against this company, but they're currently undergoing correlation and qualification.

* Interestingly enough, we’ve started receiving requests for assistance from non-members ---connections to others during incident response, non-members interested in pushing targeted attack information through our members, and requests for speakers. We’re happy to help.

Crowd sourcing analytics works. Collaboration works.

Until next time,

Jeff

Fusion Report 10 (FR12-010) published!

I’m happy to announce that we’ve just published our next Red Sky Alliance Fusion Report. I’ve been waiting for this one. I can’t believe we’re at ten pieces of finished technical analysis already.  FR12-010 discusses a remote access Trojan (RAT) used in some of the newer targeted attacks.

While not prompted by a member submission, we felt it necessary to analyze and report. This specific tool has been leveraged by one of the more sophisticated cyber adversaries today. Red Sky analysts provided signature and artifacts associated with this malware and also included a snapshot of the actor's methodology. The paper details our analysis, and provides our members with two new Snort signatures, and a couple of dozen new indicators of compromise that may be copy/pasted directly into their defense in depth infrastructure.

A couple of key stats (now that we're at report 10!)

• To date we've published over 1200 indicators of targeted attacks to the membership,  analyzed through crowd sourcing in the portal and via Red Sky analysis. 
• 59 member/analysts are now tracking over 220 active discussion threads all relating to targeted attacks and emerging threats.
• Inside the portal, members have logged over 5000 page views with the Fusion Reports topping the list. In fact, our last report (detailing the activities of one ISP) was one of our most popular. Visits to two areas in the portal - "Incident Response Corner" followed closely by "Security Intelligence" were next runners up.

Bottom line. This is exciting stuff and it's great fun to be an information security pro!  --a story... anyone who knows me will tell you I love to tell them...  I met Vint Cerf a few months back. I told him "Thank you!". Because of him, I've paid off my home, bought the car (a really nice car!), and made my career. Because of him (and the new threats), I'm cruising in on 50, balding, slightly overweight (ok, maybe more than slightly.. ), and finally cool! and you know what? So are all of the other 58 members that I talk to on a daily basis!! 

It's a fun time to be an Infosec pro!

Until next time,

Have a great week!

Jeff

 

Red Sky weekly update - pre-Memorial Day weekend

It's Thursday afternoon, and I'm expecting a very hectic day tomorrow so I thought I'd author my weekly blog today before heading into the Memorial Day weekend.

It's been a heck of a week!

Fusion Report 9 set off bells and whistles with a number of folks inside the membership. We've probably got a half dozen new ISPs just like the one we reported on Monday that are now going into the analysis queue.

The portal has been on fire this week... very busy! One of the best things is our newest addition. Yesterday one of the members asked for assistance in contacting an international company. Within an hour of the request we had JPCERT in the portal with an offer to assist. This morning we had one of their incident response analysts involved. You see, this is not just a US problem. It is a global problem. Red Sky wants international participation. It's critical.

Our team is growing!

• Chris Hall has accepted a position leading Technical Analytics. Many of you know Chris. He and I were together at the DoD Cyber Crime Center... I know what you're thinking. It's bad form to cherry pick your last employer. Well, for the record, I didn't. He'd moved on a year ago. He starts terminal leave in two weeks and will be coming into Red Sky after a short vacation. We're very excited! Chris will lead a team of analysts and will be both technical analysis lead and act as our community manager.
• We've brought in a new Business Development manager. This guys' a retired Navy Captain from the acquisitions/logistics community, but he's been doing big data integration projects for several years. We've had a number of approaches by vendor/partners who bring incredible capability to the table. We need someone who can drive these relationships to win-win solutions. I'm confident we've found the right guy!
• We've also brought in a new CIO. He's been handling IT Program Management for a medium sized defense contractor. Our portal is growing and so are the services, feeds, storage requirements, etc. We're happy (I'M happy!) to have someone managing our infrastructure -even if he is still part time with us.. for now!

Changing gears -

Every year I put on my Navy short sleeved whites (admittedly, I had to buy a bigger uniform a few years ago)  and take my kids to the Memorial Day Parade. I live in a small town in New Hampshire of about 3500 people, of which roughly 10% are Veterans and full members of the American Legion. We love the military up here, and the idea of putting on my old uniform, ribbons, clean hat, shined shoes, and then using Memorial Day as a teaching moment for my young girls is something I look forward to, and do, every year.

Please, in your own way, take a moment and remember our Veterans, active duty military, and their families this weekend. Freedom isn't free.

Until next time,
Have a great Memorial Day weekend!
Jeff

Weekly update; Fusion Report 12-009 was just posted

It’s been another great week in the Red Sky Alliance!  

This week was the week of the FS-ISAC meeting.  As a result, participation was a little light, but nonetheless, we had some pretty cool stuff happen.

Fusion Report 12-009 was just posted to the portal. It tells the story of an Internet service provider in the US whose only customers are apparently international (ahem) entrepreneurs, including details of one man’s empire of fraud, domains, and a laundry list of malicious activity. The report gives our membership over 400 new domains, malicious emails and subnets that they may now simply ‘block’. This report was interesting because it wasn’t based on an incident responded to by a member, rather translations of open source information by one of our analysis teams which suggested that an international "security professional" was using a rural US-based ISP for their service. The question ‘why?’ lead us to some interesting findings from the membership, and in the end, a great read!

On Wednesday, another Founding Member joined the Alliance and our Advisory Board; this one from the Defense Industrial Base. This is a smaller company ($1.5 billion in annual revenue and 300 federal contracts in intelligence, defense, homeland security and the aviation industry) but the company has a GREAT Infosec team that will make an incredible contribution. The cross sector nature of the Alliance is rounding out nicely! Welcome!

Also on Wednesday we analyzed a suspected targeted 0-day. Many of the Alliance members assisted, and the output will be a formal Fusion Report showing how it plays into the bigger scheme of the group using it. I’m very much looking forward to Fusion Report 10!

Until next time,
Have a great week!

Jeff

Red Sky Weekly Update - 5/12/12

Morning all,

It's been another great week.

• On Monday we released our eighth Red Sky Fusion Report detailing a long known attacker group using of a new process! 17 pages of analytics and three pages of snort signatures and kill chain formatted indicators.
• We identified (on a hunch) a new ISP that after further analysis in the group, turns out to be a bad -really bad ISP. After posting requests for information to the portal, we had members submit several HUNDRED pages of data supporting our initial hunch.
• We were interviewed by Gartner this week after showing up in CSOOnline last week. I've known Anton through the Honeynet Project for years (and even before that!), so it was a really good talk. 

As of this week, we've closed Founding Memberships in the financial sector. Founding Memberships are still available outside of the Banking/Finance industry, but they're closing fast too. Want one of those framed Plankowner Certificates? Membership rate guarantee? Advisory Board member? Unfiltered access to the portal? Founding members receive all of this with a half price membership for a two year commitment.

It's a warm sunny morning in New Hampshire. Time to fire up the diesel Kubota and spend the morning mowing the lawn and cleaning up the orchard. So, until next time.

Have a great weekend!
Jeff

Published: FR12-008 – “Team Taidoor” with updated TTP

FR12-008 details targeted spear-phishing aimed at a Red Sky member. Red Sky is tracking this group of attackers under the name Team Taidoor.  Interestingly enough, Taidoor has been reported in open source for at least a year. FR12-008 includes a compiled list of more than 150 “Team Taidoor” indicators, with referencing in Kill Chain format, and details of what is believed to be a new downloader and possible updated team TTP. Red Sky analysts also crafted SNORT signatures to detect on the new downloader as well as the Taidoor variant.

Another interesting characteristic of Team Taidoor is their continued and persistent targeting of specific individuals. If at first you don’t succeed, try, try, again! Symantec reported the targeting of one individual, referred to as “Mr. X” who received over 20 emails originating from Taidoor actors during 2011. Another source reports a Taidoor target as being the recipient of over 175 malicious emails over the course of 2010 and 2011.

Another great week. Fusion Report 7 published, new participants, and great analytics!

This week was a banner week. While the week ended poorly for me –my car broke down landing me at a dealer in Greenwich, CT where I’m now typing my weekly update from a hotel room a mile away from the garage that now houses ‘Daisy’. It’ll be noon at least before I hit the road tomorrow. Luckily, my car is still under warrantee. I guess if something bad needed to happen to offset all of the good this week, I’ll take it!

Here’s what we had happen this week:

·      Fusion Report 12-007 was published

·      Analytics are being prepared discussing what started as a hunch, now developing into a full analytic on a service provider hosting malware

·      Three new (GREAT) companies are now involved with Red Sky and our activity is grown amazingly well!

Fusion Report was published earlier in the week. This one dealt with yet another group of sour apples. FR12-007 detailed the technical characteristics of the attacks, published three pages of qualified APT indicators in the kill chain format, and offered a bit of analysis on what we believe these sour apples were looking for. One thing I hear over and over is ‘whack a mole is hard’, so we’re now trying to help our Infosec members prioritize their efforts by pointing them (when possible) to targeted areas in their environments. I know when I was a CISO dealing with thousands of different technology areas, I would have greatly appreciated someone pointing me to the area that was being targeted… so we’re doing our best to do that now.

Presentations were made to two great tech companies in North Carolina –both of whom are now participating in Red Sky, and today on my way up 95 I stopped off to see some folks in northern NJ who are also now participating. These companies are going to make incredible additions to the Red Sky community, and one has already made significant contributions to a discussion around my next topic…

Earlier in the week we posted a blog entry on a ‘hunch’ about a service provider whom we believe might have been hosting some malicious content. The hunch was based on blog entries showing an overseas users utilizing a small, remote ISP on the other side of the world. I couldn't help but wonder why! After a few rounds of ‘RFIs’ and answers coming back, log snippets from multiple companies and analysis from the membership and Red Sky team, I think we can positively call it out. It was a pretty nice success so early on, but heck, we’ve got a great team of folks participating.

To date, we’ve created over 170 new threats for 1100+ comments/analytics/discussions, with 8000 page views in the environment. We boast nearly 50 (very smart) individuals representing analysts, incident responders, and engineers from nearly a dozen companies.

We’re doing well. Hopefully I’ll be so lucky when I retrieve Daisy tomorrow!

Until next week,
Jeff

You should check us out now!

I didn't post over the weekend as I normally would. Our next fusion report is going to hit sometime this week --a little off our pace of one per week. No problem. We're not pacing our reporting on the calendar, it's based on when we see something that we really think needs to be looked at deeper and would hold value to the members. So look for an announcement for our next report sometime this week.

In the mean time, there are several of you that I'd reached out to earlier in the year when we were kicking off. I explained the benefits of a collaborative analytic operation; talked of massive upside for your companies; the ability to obtain protections before the attacks occur in your industry; low false positive rates on indicators... the list goes on. And do you know what's happened since going live on February 11th of this year? I believe we've proven our point:

• Our very first fusion report detailed analysis detailed APT activity --from a simple request for malware analysis. 
• Our second and third discussed details of two different groups believed responsible for APT activities targeting two different industry segments. Report three, had it been received by the victim two years earlier when the other sector was being attacked, would have been protected.  Unfortunately they hadn't. They will next time.
• Our last fusion report assisted an external non-member group and added a non-technical "Threat Activity Report" to the mix showing not only how the attacks occurred, but potentially what the group was looking for.  Need to show your management what the threat is without all of the technical jargon? This is the report for you. It's two pages long, high level, non-technical, and clearly shows areas this APT group is targeting.

All in all, we've come a LONG way since February 11th. The portal is up and operating nicely. We still have features we'd like to add (and we will), but a bunch of companies are talking, and we're now tracking on about 165 threads, have published seven new reports and farmed, collaborated on, and published over 200 indicators of APT compromise (or early warning indicators if you haven't seen them yet!). We've built out our 'three pillars' of analysis - discreet (malware, pcap, etc.), all-source technical fusion, and non-technical all source intelligence analysis... and the results are amazing.

So my invitation to you. If I talked with you earlier, but you were afraid of jumping into a new company, well, I'd invite you to have a look now while we're still filling Founding level memberships.

If you'd like to re-look Red Sky, contact me at jstutzman@redskyalliance.org today.

Jeff