Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,

[Trey Darley <trey@soltra.com>]

<snip>

However, I suggest the following, especially for us 'Americans' to consider.    We need to have another individual as a co-chair.    Simply put, to not be something that OASIS is adopting only for the US Department of Homeland Security (DHS). 

</snip>

This, so much this! Hadn't considered this angle vis-a-vis the question of co-chair. Despite my joke yesterday about making Rich BDFL, Pete makes an _excellent_ point.

/me removes Soltra hat...voices personal opinion...

In the interest of promoting international adoption of STIX, TAXII, et al, we should _definitely_ see about a non-US co-chair.

I don't see a clear-cut argument for a private-sector person in this role, could go either way, but (again, my personal opinion) preferably _not_ a vendor. Maybe an academic-cum-actual security researcher with dirt under their fingernails? (Such creatures, while rare, can be found.)

Cheers,

Trey

--

Trey Darley

Senior Security Engineer

Soltra | An FS-ISAC & DTCC Company

www.soltra.com

---

From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Peter Allor <pallor@us.ibm.com>
Sent: Wednesday, June 10, 2015 17:44
To: Peter F Brown
Cc: Chet Ensign; Aharon Chernin; Terry MacDonald; Jordan, Bret; cti@lists.oasis-open.org; Richard Struse; Scott McGrath; Robin Cover; Carol Geyer
Subject: RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,

 

Peter,
Some good thoughts there.

I also endorse Rich as the chair for the first meeting, post election.

However, I suggest the following, especially for us 'Americans' to consider.    We need to have another individual as a co-chair.    Simply put, to not be something that OASIS is adopting only for the US Department of Homeland Security (DHS).

I say this as an US Person who holds a DHS Clearance and works with them but also as a Board member for FIRST, where I see this play out internationally.    We truly need a private sector person and preferably, one who is involved and not from the US.    This is both about adoption and perception, so please hear this reasoned thought out.    Many want to use / adopt STIX/TAXII and bringing it to OASIS to make a real standard is what they are asking for but also to have input beyond that of just DHS.   So while Rich has brought it this far, lets ensure we get everyone's support and push this forward.

Thus I will, for now, refrain from suggesting anyone, but want this point to be fairly considered.

Respectfully,
Pete

Peter Allor  
Senior Security Strategist, Project Manager Disclosures
Product Management and Strategy
IBM Security
6303 Barfield Rd NE
Atlanta, GA 30328-4233
Mobile: +1-404-643-9638    
Fax:       +1-845-491-4204  
pallor@us.ibm.com