OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,

Great discussion folks.  Thanks Peter et al  for bringing our focus away from tactical to strategic issues/opportunities.  This response started earlier today does not counter the suggestions by Peter below, but does argue that we can consider filling the TC Chair to move forward on tactical objectives, and then focus on a broader strategic objectives in filling the key Co-Chair positions (unless such candidates are already available).

(Note that I make the following assertions as a neophyte in well established ISO processes and understand many of you are well aware of what's required for success.  I welcome any guidance on ISO/OASIS processes and critical thinking on the suggestions submitted below for consideration)

Strategic Objectives

The OASIS CTI TC needs many diverse sets of skills, at many levels, to move our collaborative technical, organizational, and stakeholder engagement agendas forward.  Identifying and removing impediments to adoption is as important as the technical aspects of this initiative. 

Our success and agility will rely on engaging as many talented people as we can in each of these key domains and skill sets.  The process of recruitment and selection of Chairs, Co-Chairs of the TC, SCs, and Team leads for any Working Groups should include a specific long term strategy for defining the scope, internal/external focus, and primary objectives for each of these key roles.  It should also identify any gaps in key Stakeholder Communities required for success and target outreach and engagement (in terms of OASIS CTI TC leadership roles, participating members, external partnerships, or as liaison to other standards based initiatives).

Tactical Objectives

If we agree with the proposition that our first tactical  priority is establishing the teams to engage and complete the technical efforts required to transform the existing body of work into formal OASIS Standards, then suggest that we focus on this objective now.

As currently defined in the CTI TC Charter, a majority of these technical tasks will fall under each of the three OASIS CTI TC SCs  (with overall coordination though the CTI TC).  Therefore, would suggest that recruitment, nomination, and selection of these SC Chairs should be started ASAP so we can get these Teams organized and started on execution of tasks required to meet known near-term objectives.  I don't know if anything prevents us from engaging in these deliberations now given the Charter was ratified(?).

By definition these teams will be initially composed of the SMEs from MITRE and the community members who have been actively engaged to bring CTI where it is today.  Integrating people knowledgable in the OASIS processes required to provide normative specifications and the requirements for any related deliverables is equally important to success as is the overall leadership required to coordinate activities and empower these teams.  We have key people already in leadership roles for each of the areas and their nomination to continue in these existing roles at least through the initial transition period would seem to be an effective strategy to help ensure continuity and momentum.

In parallel to these "internal" efforts to bring the CTI specifications to an OASIS baseline, we can then focus on the strategic objectives (internally and externally facing) as outlined above and look to ensuring diversity and representation as we enter the next phase of moving the  OASIS CTI v1 baseline Standards forward.

In summary:

If not a violation of OASIS process, propose that we:

1) Engage now in discourse on nominations for each of the OASIS CTI TC Sub-Committee Chair/Co-Chairs as currently defined in the OASIS CTI TC Charter.

2) Add OASIS CTI TC Sub-Committess Chair/Co-Chair deliberation and Election(s) to the agenda of the initial  OASIS CTI TC establishment meeting and CTI TC Chair/Co-Chair deliberations and Election(s).

Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Peter Allor <pallor@us.ibm.com>
Sent: Thursday, June 11, 2015 12:01:28 PM
To: Peter F Brown
Cc: Aharon Chernin; Jordan, Bret; Carol Geyer; Chet Ensign; cti@lists.oasis-open.org; Richard Struse; Robin Cover; Scott McGrath; Terry MacDonald; tony@yaanatech.com; Trey Darley
Subject: RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,

As a data point, in discussing adoption of STIX/TAXII with National Government CSIRTs and other large corporate international organizations, a US/DHS only way forward, has / is an inhibitor to formally using STIX/TAXII in the recent past.

I am aware of some USG elements liking that we demonstrate a broad representation.

So, I endorse and support Rich, both for his leadership and technical passion as well as vision for this effort.     And will bow to what the group decides.

But would heavily suggest that we have someone else assist Rich in his chair duties as his co-chair.   This is more about perception and adoption than about substance/content.   And no, I am not soliciting an academic.    We really need and want 'industry' (across the board) to use this.  


Inactive hide details for Peter F Brown ---06/11/2015 11:25:01 AM---+1 The significance only means something if we *make* it mePeter F Brown ---06/11/2015 11:25:01 AM---+1 The significance only means something if we *make* it mean something.

From: Peter F Brown <peter@peterfbrown.com>
To: "tony@yaanatech.com" <tony@yaanatech.com>, Trey Darley <trey@soltra.com>, Peter Allor/Atlanta/IBM@IBMUS
Cc: Chet Ensign <chet.ensign@oasis-open.org>, Aharon Chernin <achernin@soltra.com>, Terry MacDonald <terry.macdonald@threatloop.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Richard Struse <Richard.Struse@hq.dhs.gov>, "Scott McGrath" <scott.mcgrath@oasis-open.org>, Robin Cover <robin@oasis-open.org>, Carol Geyer <carol.geyer@oasis-open.org>
Date: 06/11/2015 11:25 AM
Subject: RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,

The significance only means something if we *make* it mean something.
I understand that there might be concern about an OASIS TC being seen just to do DHS’s bidding. However, expanding on what Tony rightly says, there are many TCs where there are initial worries that one party (public, private, research, not-for-profit) is set to run the show – but the nature of the open process, transparency, and engagement from all sides will do more to “disappear” that myth than any “fix”.
This is not an argument against co-chair(s) per se: just that, if we need such a role, it will become apparent quickly enough.
All the best,
From: Tony Rutkowski [mailto:tony@yaanatech.com]
 11 June, 2015 08:11
 Trey Darley; Peter Allor; Peter F Brown
 Chet Ensign; Aharon Chernin; Terry MacDonald; Jordan, Bret; cti@lists.oasis-open.org; Richard Struse; Scott McGrath; Robin Cover; Carol Geyer
 Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
The world of international technical committees in
this sector contains numerous examples of chairs
from government agencies.  Furthermore, Rich
is rather more than an agency representative in
this context.  From both a substantive perspective
as well as effective leadership and "messaging,"
his chair position is important.

As someone who leads the ETSI equivalent activity,
(and formerly led the equivalent in ITU-T) Rich's
chair position probably enhances the global
assimilation of the CTI suite.


On 2015-06-11 10:45 AM, Trey Darley wrote:

    However, I suggest the following, especially for us 'Americans' to consider.    We need to have another individual as a co-chair.    Simply put, to not be something that OASIS is adopting only for the US Department of Homeland Security (DHS).





Anthony Michael Rutkowski 

EVP, Industry Standards & Regulatory Affairs


+1 703 999 8270


Yaana Technologies LLC

542 Gibraltar Drive

Milpitas CA 95035 USA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]