|I support Rich as well. But to your points, this is why I offered to run as a co-chair. Most importantly, I have the time to put in to this effort and I can do so with out a vendor agenda. I have been around the US and across the pond talking about STIX and TAXII and NOT what my company is doing with it. Those of you that were at the ENISA conference in Belgium can attest to that. In fact at that conference I was the only vendor that did not talk about my company. I talked about STIX and TAXII, what it means and why it is important. Further, I have past experience in standards work (IEEE and IETF), managing large projects, and driving them to completion and adoption. |
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
As a data point, in discussing adoption of STIX/TAXII with National Government CSIRTs and other large corporate international organizations, a US/DHS only way forward, has / is an inhibitor to formally using STIX/TAXII in the recent past.
I am aware of some USG elements liking that we demonstrate a broad representation.
So, I endorse and support Rich, both for his leadership and technical passion as well as vision for this effort. And will bow to what the group decides.
But would heavily suggest that we have someone else assist Rich in his chair duties as his co-chair. This is more about perception and adoption than about substance/content. And no, I am not soliciting an academic. We really need and want 'industry' (across the board) to use this.
<graycol.gif>Peter F Brown ---06/11/2015 11:25:01 AM---+1 The significance only means something if we *make* it mean something.
From: Peter F Brown <firstname.lastname@example.org>
To: "email@example.com" <firstname.lastname@example.org>, Trey Darley <email@example.com>, Peter Allor/Atlanta/IBM@IBMUS
Cc: Chet Ensign <firstname.lastname@example.org>, Aharon Chernin <email@example.com>, Terry MacDonald <firstname.lastname@example.org>, "Jordan, Bret" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, Richard Struse <Richard.Struse@hq.dhs.gov>, "Scott McGrath" <firstname.lastname@example.org>, Robin Cover <email@example.com>, Carol Geyer <firstname.lastname@example.org>
Date: 06/11/2015 11:25 AM
Subject: RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
The significance only means something if we *make* it mean something.
I understand that there might be concern about an OASIS TC being seen just to do DHS’s bidding. However, expanding on what Tony rightly says, there are many TCs where there are initial worries that one party (public, private, research, not-for-profit) is set to run the show – but the nature of the open process, transparency, and engagement from all sides will do more to “disappear” that myth than any “fix”.
This is not an argument against co-chair(s) per se: just that, if we need such a role, it will become apparent quickly enough.
All the best,
From: Tony Rutkowski [mailto:email@example.com]
Sent: 11 June, 2015 08:11
To: Trey Darley; Peter Allor; Peter F Brown
Cc: Chet Ensign; Aharon Chernin; Terry MacDonald; Jordan, Bret; firstname.lastname@example.org; Richard Struse; Scott McGrath; Robin Cover; Carol Geyer
Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
The world of international technical committees in
this sector contains numerous examples of chairs
from government agencies. Furthermore, Rich
is rather more than an agency representative in
this context. From both a substantive perspective
as well as effective leadership and "messaging,"
his chair position is important.
As someone who leads the ETSI equivalent activity,
(and formerly led the equivalent in ITU-T) Rich's
chair position probably enhances the global
assimilation of the CTI suite.
On 2015-06-11 10:45 AM, Trey Darley wrote:
However, I suggest the following, especially for us 'Americans' to consider. We need to have another individual as a co-chair. Simply put, to not be something that OASIS is adopting only for the US Department of Homeland Security (DHS).
Anthony Michael Rutkowski
EVP, Industry Standards & Regulatory Affairs
+1 703 999 8270
Yaana Technologies LLC
542 Gibraltar Drive
Milpitas CA 95035 USA