OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,

I like the hut idea, and I would love to sit down with our European and other geo partners in this effort and understand their struggles, use-cases, and things they would like to see.  I believe it is vitally important to understand - completely - what everyone would like to do, what they are doing, and the roadblocks that are preventing them from being successful.

We are still very much in the early adopter and initial hype phase for this technology.  We have a lot of work ahead of us to get across the chasm, and the team really needs leaders at the TC level and the working groups level that can allocate enormous amounts of time and that represent a broad collection of the community. 

If we want this effort to truly be successful, then individual organizations and entities that are trying to use it, need to be successful. Sometimes this means helping them to see and compute the ROI and long term benefits from using it and sometimes it means making the standard easier to use or do more things. We as a TC need to take the time to understand their pain points and then take that feedback and drive solutions within the standard.  

In addition to my community and customer outreach and consulting in regard to STIX and TAXII, I have been investigating what other vendors are trying to do with it, and have started writing my own open source implementation (I am doing this to get a feel for what integrators are dealing with).  These three efforts have give me a very interesting perspective on the issues people are facing and things we need to do to help make them successful. 

Things I would love to see come out of our standards work within 18-24 months:
* at least 30 major vendors using STIX and TAXII in their main product lines
* at least 10 new startups become highly successful because of STIX and TAXII
* hundreds of apps on the various App Stores that can interact with STIX and TAXII data
* sharing outside of niche eco-systems that works with data-marking and handling restrictions
* at least 10 of the major OSI repos delivering their feeds via STIX and TAXII 
* desperate products in the network communicating with each other over STIX and TAXII
* solutions to prevent repo poisoning and source verification of intel
* API support in more programming languages
* database examples and prototypes to aid rapid development and solutions by startups and open source developers



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Jun 12, 2015, at 07:58, Joep Gommers <joep@intelworks.com> wrote:

I’ll sponsor a hut with wifi for Bret, maybe others can pitch in some bread, water, magazines and a plane ticket to Europe?

From: Terry MacDonald <terry.macdonald@threatloop.com>
Date: Friday, June 12, 2015 at 2:11 PM
To: Peter Allor <pallor@us.ibm.com>
Cc: Trey Darley <trey@soltra.com>, Aharon Chernin <achernin@soltra.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>, Carol Geyer <carol.geyer@oasis-open.org>, Chet Ensign <chet.ensign@oasis-open.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Peter F Brown <peter@peterfbrown.com>, Richard Struse <Richard.Struse@hq.dhs.gov>, Robin Cover <robin@oasis-open.org>, Scott McGrath <scott.mcgrath@oasis-open.org>, Terry MacDonald <terry.macdonald@threatloop.com>, "tony@yaanatech.com" <tony@yaanatech.com>
Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,

Sounds like a description of Bret.....except 2 :).


Terry MacDonald | STIX, TAXII, CybOX Consultant

Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

On 12 June 2015 at 18:43, Peter Allor <pallor@us.ibm.com> wrote:
I think you and I are really close.

0)  YES
1)  Yes
2)  Preferred, not mandatory

(best for me to be 'Pete' and Peter Brown to be "Peter")

<graycol.gif>Trey Darley ---06/12/2015 04:35:30 AM---Hey, Pete - Note that I specified "an academic-cum-actual security researcher with dirt under their

From: Trey Darley <trey@soltra.com>
To: Peter Allor/Atlanta/IBM@IBMUS, Peter F Brown <peter@peterfbrown.com>
Cc: Aharon Chernin <achernin@soltra.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>, Carol Geyer <carol.geyer@oasis-open.org>, "Chet Ensign" <chet.ensign@oasis-open.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Richard Struse <Richard.Struse@hq.dhs.gov>, "Robin Cover" <robin@oasis-open.org>, Scott McGrath <scott.mcgrath@oasis-open.org>, Terry MacDonald <terry.macdonald@threatloop.com>, "tony@yaanatech.com" <tony@yaanatech.com>
Date: 06/12/2015 04:35 AM
Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,

Hey, Pete -

Note that I specified "an academic-cum-actual security researcher with dirt under their fingernails", not merely an academic. Nor am I against a private-sector co-chair, but "preferably _not_ a vendor".

The point is, if we agree on the need for a co-chair, here are the essential qualifications:

0) someone practical
1) someone neutral
2) someone non-US
3) someone that isn't going to drive Rich crazy (ie, compatible personalities == enhanced collaboration)

Trey Darley
Senior Security Engineer
Soltra | An FS-ISAC & DTCC Company

From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Peter Allor <pallor@us.ibm.com>
 Thursday, June 11, 2015 18:01
 Peter F Brown
 Aharon Chernin; Jordan, Bret; Carol Geyer; Chet Ensign; cti@lists.oasis-open.org; Richard Struse; Robin Cover; Scott McGrath; Terry MacDonald; tony@yaanatech.com; Trey Darley
 RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC, 
As a data point, in discussing adoption of STIX/TAXII with National Government CSIRTs and other large corporate international organizations, a US/DHS only way forward, has / is an inhibitor to formally using STIX/TAXII in the recent past.

I am aware of some USG elements liking that we demonstrate a broad representation.

So, I endorse and support Rich, both for his leadership and technical passion as well as vision for this effort.     And will bow to what the group decides.

But would heavily suggest that we have someone else assist Rich in his chair duties as his co-chair.   This is more about perception and adoption than about substance/content.   And no, I am not soliciting an academic.    We really need and want 'industry' (across the board) to use this.  


Peter F Brown ---06/11/2015 11:25:01 AM---+1 The significance only means something if we *make* it mean something.

Peter F Brown <peter@peterfbrown.com>
"tony@yaanatech.com" <tony@yaanatech.com>, Trey Darley <trey@soltra.com>, Peter Allor/Atlanta/IBM@IBMUS
Chet Ensign <chet.ensign@oasis-open.org>, Aharon Chernin <achernin@soltra.com>, Terry MacDonald <terry.macdonald@threatloop.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Richard Struse <Richard.Struse@hq.dhs.gov>, "Scott McGrath" <scott.mcgrath@oasis-open.org>, Robin Cover <robin@oasis-open.org>, Carol Geyer <carol.geyer@oasis-open.org>
06/11/2015 11:25 AM
RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,

The significance only means something if we *
make* it mean something.
I understand that there might be concern about an OASIS TC being seen just to do DHS’s bidding. However, expanding on what Tony rightly says, there are many TCs where there are initial worries that one party (public, private, research, not-for-profit) is set to run the show – but the nature of the open process, transparency, and engagement from all sides will do more to “disappear” that myth than any “fix”.
This is not an argument against co-chair(s) per se: just that, if we need such a role, it will become apparent quickly enough.
All the best,

 Tony Rutkowski [mailto:tony@yaanatech.com]
 11 June, 2015 08:11
 Trey Darley; Peter Allor; Peter F Brown
 Chet Ensign; Aharon Chernin; Terry MacDonald; Jordan, Bret; cti@lists.oasis-open.org; Richard Struse; Scott McGrath; Robin Cover; Carol Geyer
 Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,

The world of international technical committees in
this sector contains numerous examples of chairs
from government agencies.  Furthermore, Rich
is rather more than an agency representative in
this context.  From both a substantive perspective
as well as effective leadership and "messaging,"
his chair position is important.

As someone who leads the ETSI equivalent activity,
(and formerly led the equivalent in ITU-T) Rich's
chair position probably enhances the global
assimilation of the CTI suite.

On 2015-06-11 10:45 AM, Trey Darley wrote:
    However, I suggest the following, especially for us 'Americans' to consider.    We need to have another individual as a co-chair.    Simply put, to not be something that OASIS is adopting only for the US Department of Homeland Security (DHS).


Anthony Michael Rutkowski  
EVP, Industry Standards & Regulatory Affairs
+1 703 999 8270
Yaana Technologies LLC
542 Gibraltar Drive
Milpitas CA 95035 USA


Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]