Information-sharing Tools, Taxonomies, and Trust: Babel or Better?

SOURCE Boston 2014

Presented by: Trey Darley (@treyka), Tom Millar, Doug Wilson, John A. Wunder
Date: Wednesday April 09, 2014
Time: 16:00 - 16:45
Location: Library

There has been a fury of activity over the past year around defining information-sharing protocols. In true Darwinian fashion, as with most standards processes, there is a confusing array of rapidly-evolving, partially-overlapping formats. STIX, CybOX, TAXII, MAEC, OpenIOC, IODEF, VERIS, CIF - the alphabet soup just goes on and on. The purpose of this panel will be to shed light on the current format and tooling landscape, discuss real-world applications, and try to forecast where this space is headed in the coming 18-24 months.

Trey Darley

Trey Darley is a Senior Security Strategist with Splunk's Security Practice. A jack-of-all-trades, he has been leading Splunk's efforts to facilitate and utilize information-sharing methodologies. In his copious spare time he serves on the BruCON organizing committee and haunts EU policy-making circles around Brussels.

Doug Wilson

Douglas Wilson is the manager of the Mandiant Threat Indicators team, a part of the Threat Intelligence business unit. Doug's team primarily works on developing and refining techniques for improving threat indicator quality and coverage, as well as working on innovative threat intelligence automation efforts. Doug is based out of Washington DC. He has over 14 years of experience in a variety of Information Security and Technology positions, including having previously focused in Incident Response and Multi-tiered Application Architecture. Doug is also the unofficial spokesperson for the open threat information sharing standard, OpenIOC (http://openioc.org). Doug has spoken on various Infosec topics at events including FIRST, GFIRST, DoD Cybercrime, NIST IT-SAC, Suits and Spooks, Shmoocon, and many other local events in the Washington DC Metropolitan area.

Stephen K. Brannon

Stephen K. Brannon is a Principal in the Verizon Cyber Intelligence Center (VCIC). He is a contributing author of the Verizon Data Breach Investigations Report that uses the VERIS framework to study security incidents and drive evidence-based risk management. In the new VCIC, Mr. Brannon focuses on threat intelligence gathering, analysis, and sharing using a variety of formats that are the subject of this panel. Before working at Verizon, he was a Cybercrime Analyst in the Cybercrime Lab of the Computer Crime and Intellectual Property Section (CCIPS), U.S. Department of Justice, in Washington, DC. He practiced digital forensics, online investigations, and conducted research in the field. Before working at the Department of Justice, Mr. Brannon worked at the FBI leading a team responsible for computer security incident response and vulnerability assessment. He has received degrees from Georgetown University and the University of Virginia as well as professional certifications.

John A. Wunder

John Wunder is a Lead Information Security Engineer at the MITRE Corporation, a research lab that acts as a technical advisor for the U.S. federal government. He is a lead member of the STIX project, an effort to develop a common language to enhance sharing and analysis of cybersecurity threat information in both industry and government. He has been in the software and security field for ten years and has a Master's of Information Assurance from Northeastern University.

Tom Millar

Mr. Thomas R. Millar serves as the United States Computer Emergency Readiness Team's (US-CERT) Chief of Communications, a role which finds him at the intersection of outreach, awareness, standards development, and technical interoperability initiatives. In this role, Mr. Millar is focused on modernizing US-CERT's approaches to information sharing, knowledge exchange and coordination. Since joining US-CERT in 2007, he has played a significant role in US-CERT's response activities during major cyber events such as the Distributed Denial of Service (DDoS) attacks on Estonia in 2007, the outbreak of the Conficker worm, and the DDoS attacks on major U.S. Government and commercial Web sites in 2009. Mr. Millar has previously worked as a team lead for intrusion detection and analysis at the FBI's Enterprise Security Operations Center. Prior to his cybersecurity career, he served as a linguist with the 22nd Intelligence Squadron of the United States Air Force. Mr. Millar has a Master's of Science in Engineering Management from the George Washington University.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats