sFractal at BSidesSF

@[email protected]
34 Followers
36 Following
13 Posts
(he/him) In software development long enough to remember when cybersecurity meant taking your punch cards home at night and locking up a building that barely fit the computer inside of it. Blue team in a 35-year career with AT&T kick-started by experience as part of the AFIWC cyber attack team during the first Gulf War. A few patents and certs (CSSIP/CSSLP/CCSK/PE), a few boards (OASIS Open Director, Open Cybersecurity Alliance Governor, NIEM Governor, Cybeats Advisor), and a few awards (OASIS Distinguished Contributor, AT&T Science and Technology Medal, and an Intelligence Community Seal Medallion - heavier than they look, thanks for asking). Semi-retired, devoted as ever to cybersecurity, agile, secure software development, SBOM, and cybersecurity automation standards.
LinkedInhttps://www.linkedin.com/in/sFractal/
GitHubhttps://github.com/sparrell
sFractal at BSidesSFApr 22, 2023
Do you work at the intersection of #privacy and #cybersecurity? If you do, we want to hear your story. Submit to the #BorderlessCyber CFP. https://borderlesscyber2023.oasis-open.org
Home

The Call for Presentations is now open with a deadline of 26 May. Borderless Cyber has been an important forum for security in which practitioners and researchers get together to discuss and share insights about grand challenges, projects and lessons learnt in cybersecurity. This year, we are

sFractal at BSidesSFApr 22, 2023
BSidesSF begins.
sFractal at BSidesSFApr 13, 2023
Excellent video on #cybersecurity automation by JHU-APL on using OASISopen Open Cybersecurity Alliance tools: https://youtu.be/wRZi6At3k0s
Machine Readable Representation of Adversary Behavior

YouTube
sFractal at BSidesSFMar 20, 2023
https://www.oasis-open.org/2023/03/20/oasis-board-member-spotlight-qa-with-duncan-sparrell/
OASIS Board Member Spotlight: Q&A with Duncan Sparrell - OASIS Open

Meet Duncan Sparrell, a seasoned network security evangelist with more than 40 years of expertise in conceiving, developing, and delivering state-of-the art software platforms. A strong advocate for the cybersecurity industry, Duncan was named an OASIS Distinguished Contributor in 2021 for his significant impact advancing open standards and open source projects. Can you tell us […]

OASIS Open
sFractal at BSidesSFJan 21, 2023
Fire talks about to start @ShmooCon
sFractal at BSidesSFJan 20, 2023
Great talk by @HarleyGeiger @ShmooCon
sFractal at BSidesSFJan 19, 2023
#Shmoocon #SBOM/#VEX meetup!
Saturday, 12:30-1:30pm
Location: #ShmooLobbyCon (ie you don't need a ticket).
I hope to see you there.
sFractal at BSidesSFJan 17, 2023
The Open Cybersecurity Alliance now has Indicators of Behavior (#IoB) as a Sub-Project to help automate more sophisticated responses to today’s complex cyber attacks. The Open Cybersecurity Alliance (OCA) brings together vendors and end-users to create an open cybersecurity ecosystem where products can freely exchange information, insights, analytics, and orchestrated response. Threat actors are increasingly using coordinated, automated attacks that are more frequent, more impactful, and more sophisticated. Like-minded OCA members aim to create a standardized approach for representing cyber threat actor behaviors in a shareable format, helping to collectively identify attackers based on their behavior patterns. Read the full press release: https://www.oasis-open.org/2023/01/17/open-cybersecurity-alliance-adds-indicators-of-behavior-iob-sub-project/.
Open Cybersecurity Alliance Adds Indicators of Behavior (IoB) Sub-Project - OASIS Open

Boston, MA, USA, 17 January 2023 — The Open Cybersecurity Alliance (OCA), a global, ​standards-based initiative to simplify ​​integration across the threat lifecycle, announced today that it has accepted the Indicators of Behavior (IoB) Working Group (WG) as a sub-project. The OCA IoB brings together like-minded stakeholders in the cyber threat intelligence community to collectively focus […]

OASIS Open
sFractal at BSidesSFDec 14, 2022

Good article on #OASISopen #CSAF, #VEX, #SBOM and automating vulnerability management.

https://www.darkreading.com/threat-intelligence/csaf-is-the-future-of-vulnerability-management

CSAF Is the Future of Vulnerability Management

Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.

Dark Reading
sFractal at BSidesSFDec 2, 2022
Wendy NatherDec 2, 2022
What do we do with a vendor SBOM? 🎶 Here are a few ideas from the Atlantic Council (and me): https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/the-cases-for-using-sboms/
The cases for using the SBOMs we build

Software bills of materials (SBOMs) provide key data suit for many uses. Industry and government can continue to sharpen their demand signals, shape implementation, and continue driving development and adoption.

Atlantic Council