This Turbo Talk will give a brief introduction and overview of an ongoing effort to define a standardized integrated information architecture for representing structured cyber threat information.
The effort known as the Structured Threat Information eXpression (STIX) is a work in progress among a broad community of industry, government, academic and international experts. This representation, as a whole or in parts, is actively being pursued as a basis for automation and information sharing within several active communities.
Sean Barnum is a Cyber Security Principal at The MITRE Corporation where he acts as a thought leader and senior advisor on software assurance and cyber security topics to a wide variety of US government sponsors throughout the national security, intelligence community and civil domains. He has over 25 years of experience in the software industry in the areas of architecture, development, software quality assurance, quality management, process architecture & improvement, knowledge management and security. He is a frequent contributor, speaker and trainer for regional, national and international cyber security and software quality publications, conferences & events. He is very active in the Cyber Security community and is involved in numerous knowledge standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC), the Software Assurance Findings Expression Schema (SAFES), the Malware Attribute Enumeration and Characterization (MAEC), the Cyber Observables eXpression (CybOX), the Indicator Exchange eXpression (IndEX), the Structured Threat Information eXpression (STIX) and other elements of the Cyber Security Programs of the Department of Homeland Security, Department of Defense and NIST. He is coauthor of the book "Software Security Engineering:A Guide for Project Managers", published by Addison-Wesley. He serves as the official liaison between ISO/IEC JTC 1/SC 27/WG 3 and the Cyber-Security Naming & Information Structures Group. He also acted as the lead technical subject matter expert for design and implementation of the Air Force Application Software Assurance Center of Excellence (ASACoE).