[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
Great discussion folks. Thanks Peter et al for bringing our focus away from tactical to strategic issues/opportunities. This response started earlier today does not counter the suggestions by Peter below, but does argue that we can consider filling the TC
Chair to move forward on tactical objectives, and then focus on a broader strategic objectives in filling the key Co-Chair positions (unless such candidates are already available). (Note that I make the following assertions as a neophyte in well established ISO processes and understand many of you are well aware of what's required for success. I welcome any guidance on ISO/OASIS processes and critical thinking on the suggestions submitted below for consideration) Strategic Objectives The OASIS CTI TC needs many diverse sets of skills, at many levels, to move our collaborative technical, organizational, and stakeholder engagement agendas forward. Identifying and removing impediments to adoption is as important as the technical aspects of this initiative. Our success and agility will rely on engaging as many talented people as we can in each of these key domains and skill sets. The process of recruitment and selection of Chairs, Co-Chairs of the TC, SCs, and Team leads for any Working Groups should include a specific long term strategy for defining the scope, internal/external focus, and primary objectives for each of these key roles. It should also identify any gaps in key Stakeholder Communities required for success and target outreach and engagement (in terms of OASIS CTI TC leadership roles, participating members, external partnerships, or as liaison to other standards based initiatives). Tactical Objectives If we agree with the proposition that our first tactical priority is establishing the teams to engage and complete the technical efforts required to transform the existing body of work into formal OASIS Standards, then suggest that we focus on this objective now. As currently defined in the CTI TC Charter, a majority of these technical tasks will fall under each of the three OASIS CTI TC SCs (with overall coordination though the CTI TC). Therefore, would suggest that recruitment, nomination, and selection of these SC Chairs should be started ASAP so we can get these Teams organized and started on execution of tasks required to meet known near-term objectives. I don't know if anything prevents us from engaging in these deliberations now given the Charter was ratified(?). By definition these teams will be initially composed of the SMEs from MITRE and the community members who have been actively engaged to bring CTI where it is today. Integrating people knowledgable in the OASIS processes required to provide normative specifications and the requirements for any related deliverables is equally important to success as is the overall leadership required to coordinate activities and empower these teams. We have key people already in leadership roles for each of the areas and their nomination to continue in these existing roles at least through the initial transition period would seem to be an effective strategy to help ensure continuity and momentum. In parallel to these "internal" efforts to bring the CTI specifications to an OASIS baseline, we can then focus on the strategic objectives (internally and externally facing) as outlined above and look to ensuring diversity and representation as we enter the next phase of moving the OASIS CTI v1 baseline Standards forward. In summary: If not a violation of OASIS process, propose that we: 1) Engage now in discourse on nominations for each of the OASIS CTI TC Sub-Committee Chair/Co-Chairs as currently defined in the OASIS CTI TC Charter. 2) Add OASIS CTI TC Sub-Committess Chair/Co-Chair deliberation and Election(s) to the agenda of the initial OASIS CTI TC establishment meeting and CTI TC Chair/Co-Chair deliberations and Election(s). Patrick Maroney Office: (856)983-0001 Cell: (609)841-5104 pmaroney@specere.org From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Peter Allor <pallor@us.ibm.com>
Sent: Thursday, June 11, 2015 12:01:28 PM To: Peter F Brown Cc: Aharon Chernin; Jordan, Bret; Carol Geyer; Chet Ensign; cti@lists.oasis-open.org; Richard Struse; Robin Cover; Scott McGrath; Terry MacDonald; tony@yaanatech.com; Trey Darley Subject: RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC, As a data point, in discussing adoption of STIX/TAXII with National Government CSIRTs and other large corporate international organizations, a US/DHS only way forward, has / is an inhibitor to formally using STIX/TAXII in
the recent past. +1 The significance only means something if we *make* it mean something. I understand that there might be concern about an OASIS TC being seen just to do DHS’s bidding. However, expanding on what Tony rightly says, there are many TCs where there are initial worries that one party (public, private, research, not-for-profit) is set to run the show – but the nature of the open process, transparency, and engagement from all sides will do more to “disappear” that myth than any “fix”. This is not an argument against co-chair(s) per se: just that, if we need such a role, it will become apparent quickly enough. All the best, Peter From: Tony Rutkowski [mailto:tony@yaanatech.com] Sent: 11 June, 2015 08:11 To: Trey Darley; Peter Allor; Peter F Brown Cc: Chet Ensign; Aharon Chernin; Terry MacDonald; Jordan, Bret; cti@lists.oasis-open.org; Richard Struse; Scott McGrath; Robin Cover; Carol Geyer Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC, The world of international technical committees in this sector contains numerous examples of chairs from government agencies. Furthermore, Rich is rather more than an agency representative in this context. From both a substantive perspective as well as effective leadership and "messaging," his chair position is important. As someone who leads the ETSI equivalent activity, (and formerly led the equivalent in ITU-T) Rich's chair position probably enhances the global assimilation of the CTI suite. --tony On 2015-06-11 10:45 AM, Trey Darley wrote:
However, I suggest the following, especially for us 'Americans' to consider. We need to have another individual as a co-chair. Simply put, to not be something that OASIS is adopting only for the US Department of Homeland Security (DHS). </snip>
-- ________________________________ Anthony Michael Rutkowski EVP, Industry Standards & Regulatory Affairs ________________________________ Yaana Technologies LLC 542 Gibraltar Drive Milpitas CA 95035 USA |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]