I second the nomination of Jason Keirstead for consideration as CTI co-chair.
The CTI community requires a strong leader that has practical and broad experience in making standards work for todayâs cybersecurity market complexities. A standard that is neither implemented by anyone nor adopted
is not an effective standard.
This community needs to focus on adoption of STIX/TAXII v2 in the marketplace.
As my co-chair on the STIX/TAXIIv2 Interoperability sub-committee, Jason has helped move us towards introducing the industryâs first certification program for Cyber Threat Intelligence products.
Jason continues to bring a practical and realistic perspective that the CTI community needs to ensure the STIX/TAXII specifications make sense and are implemented by as many organizations as possible.
Both Trey and Jason have shown great passion and desire for our community to succeed. The choice of co-chair is an important one and difficult given the pedigree of both candidates.
I encourage you to consider Jason for CTI co-chair.
LookingGlass Cyber Solutions
From: "email@example.com" <firstname.lastname@example.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Date: Monday, September 24, 2018 at 6:08 AM
To: Bret Jordan <Bret_Jordan@symantec.com>
Cc: "email@example.com" <firstname.lastname@example.org>
Subject: Re: [cti] Nomination for CTI Co-Chair
Bret; Thank you for the nomination - after carefully considering it overnight - I humbly accept.
When composing this acceptance, I decided to check the calendar - and I was surprised to discover that it has been over four years since I became involved in this effort! Time moves fast...
During that time, I have seen STIX, TAXII, and the standard formerly known as Cybox evolve from nascent beginnings to one of the few cybersecurity-specific information exchange standards that has
gained somewhat widespread adoption. That said, it is important for members of this technical committee to realize that there is still a very, very long way to go regarding adoption. It is still on a very routine (daily / weekly) basis that I have to educate
clients, partners, and developers on basic matters regarding this standard, and I view this as one of the most urgent challenges that we as a TC have to embrace and face if we want this standard to be a success.
* I routinely interact with cybersecurity start-ups - whose innovation still very much shapes the direction of this industry - and they rarely consider STIX & TAXII when developing product, if they
even know of it's existence.
* There is still an extremely large subset of the established cybersecurity industry who view this standard as "that thing to share IOCs", when you advocate using STIX/TAXII for more advanced use
cases. The idea of using STIX beyond basic intel sharing is unheard of.
* Even those vendors who want to embrace STIX/TAXII often have numerous implementation roadblocks that inhibit adoption (Do I need to support 1.x? Do I "wait" for 2.1?)
I believe that this TC is at a crossroads. Adoption is the life-blood of a standard - a standard without widespread adoption is not really anything more than a thought experiment. Cybersecurity is
an industry where technology evolves at an exponential pace, and is not one who will wait-around for STIX & TAXII, *even if* they are a superior way to do business. History - and the cybersecurity industry itself - is littered with examples of standards (both
de-facto and from standards organizations) that have either never gotten off the ground, or have been supplanted with others, because they did not do all that they could to ensure widespread adoption. I believe that there are changes we have to encourage in
this TC to right this ship, lest we also succumb to this fate. We can not rest on our laurels, nor can we allow debates in the TC to endlessly circle around property minutia or the "next great object", as the industry moves on and leaves us behind.
I firmly believe that more widespread adoption and growth of this standard - including expansion of its use beyond simple intel sharing - would not only greatly help the cybersecurity industry move
forward, but also help simply make the planet a safer place. That is why I stay involved in this effort. If elected, my primary focus will be on continuing to do whatever I can to help the TC in promoting STIX and TAXII adoption, and helping the TC internally
to foster that end - which includes the encouragement of acceleration of progress where necessary, yet simultaneously, encouragement of moving implementation forward rapidly with what we have today. Only by executing on both simultaneously will we end up successful.
Lead Architect - IBM.Security
"Things may come to those who wait, but only the things left by those who hustle." - Unknown
From: Bret Jordan <Bret_Jordan@symantec.com>
To: "email@example.com" <firstname.lastname@example.org>
Date: 09/23/2018 10:14 PM
Subject: [cti] Nomination for CTI Co-Chair
Sent by: <email@example.com>
After a lot of thought and reviewing the large number of qualified and exceptional people in this TC, I would like to nominate Jason Keirstead from IBM to be a co-chair of the CTI TC.
Jason has been involved in this TC for a long-time and has consistently provided sound vision and objectivity. He has shown over and over that he is able and willing to work with the larger group to get key things done. He has
also, when needed, helped the TC to reset and refocus on key aspects and principles. Jason is an exceptional leader in this space and I would feel comfortable with him helping to lead us for the next few years.