Filtra per genere

OCA Community Connect

OCA Community Connect

Roseann Guttierrez

Welcome to 'Community Connect,'  this is the space where we dive into the benefits of seamlessly integrating security products using open source software and standards, all with the goal of fostering a more interoperable security ecosystem. In each episode, we'll embark on a journey into the heart of the OCA community, engaging in insightful conversations with the individuals who are actively shaping the open source security landscape.  Expect to stay up-to-date with the very latest developments, as we bring you exciting news, updates, and a closer look at the sub-projects that are steering the course of future security tooling. So, whether you're an experienced contributor, a curious developer, or simply someone with a profound commitment to securing our digital realm, this podcast is your go-to destination. Together, we'll drive innovation, elevate security standards, and contribute to a safer world.   Host info: Roseann Guttierrez is your host. A cybersecurity professional with over two decades of experience. Specializing in computer forensics, digital investigation, and critical infrastructure. As the voice of the podcast, she embodies the spirit of a cybersecurity superhero, dedicated to forging alliances that enhance security across the digital realm.

10 - STIX Shifter - March 2024
0:00 / 0:00
1x
  • 10 - STIX Shifter - March 2024

    In this episode of OCA Community Connect, we speak with Md Saroer-E Azam, a software developer at IBM and a key maintainer/contributor to STIX Shifter. The focus of today's discussion is the STIX Shifter project, an open-source python library designed to facilitate the connection and querying of diverse data sources no matter where they reside.  It does this using STIX patterning and returning the results as STIX cyber observable objects.

    Azam sheds light on the intricacies and challenges of developing and maintaining an open-source project while working for a commercial company. His insights offer valuable perspectives on the critical aspects of community engagement, documentation, code quality, compatibility, and security, which are crucial elements in ensuring the sustainability and growth of an open source project.

    The episode delves into the potential directions for STIX Shifter's future, including expanding data source support and the need for greater volunteer contributions to drive its evolution. Join us as we explore the driving forces behind STIX Shifter and it potential for enhancing the cybersecurity ecosystem.


    Reference Links:

    Open Cybersecurity Alliance (OCA) website:
    https://opencybersecurityalliance.org/

    Open Cybersecurity Alliance (OCA) GitHub
    https://github.com/opencybersecurityalliance

    Open Cybersecurity Alliance (OCA) YouTube
    https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg


    Share Your Ideas & Guest Suggestions!

    Got a topic or an expert in mind for "OCA Community Connect"? We’re always on the lookout for fresh insights and voices in cybersecurity and open-source innovation.

    How to Contribute:

    - Topics: Tell us what you’re curious about in the cybersecurity world.
    - Guests: Know someone who’d be a great interview? We’d love to hear about them.

    Reach Out: Drop us an email or message us on social media. Your suggestions help shape our show, and we can’t wait to hear from you!

    Thu, 21 Mar 2024
  • 9 - CACAO Roaster - Feb 2024

    Welcome back to OCA Community Connect, your source for all things related to the Open Cybersecurity Alliance. In today's episode, we have the pleasure of speaking with Vasilios Mavroeidis, a cybersecurity professor at the University of Oslo and a member of the OCA governing board. So, join us as Vasilios Mavroeidis shares his expertise and insights into the world of cybersecurity standards, offering a compelling look into the innovative CACAO roaster subproject and its potential to shape the future of cybersecurity operations.

    This project aims to expand on the CACAO standard by providing an application that enables defenders to effectively design, sign, exchange and utilize playbooks. Vasilios advocates for the importance of this subproject, highlighting its potential to enhance the capacity of security operation centers, particularly for national security authorities and operators of essential services.

    Throughout our conversation, Vasilios emphasizes the significance of community involvement in the project's development. He expresses the need for contributions from the wider cybersecurity community to improve the project, expand its capabilities, and create a valuable knowledge base of playbooks. Vasilios also delves into the potential for automation and the broad impact that the CACAO standard and in turn, the Roaster subproject could have on the field of cybersecurity.

    - - -

    **Episode Specific References**

    OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security
    https://groups.oasis-open.org/communities/tc-community-home2?CommunityKey=b75cccb8-adc6-4de5-8b99-018dc7d322b6


     


     

    Reference Links:

    Open Cybersecurity Alliance (OCA) website:
    https://opencybersecurityalliance.org/

    Open Cybersecurity Alliance (OCA) GitHub
    https://github.com/opencybersecurityalliance

    Open Cybersecurity Alliance (OCA) YouTube
    https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg

     


    Share Your Ideas & Guest Suggestions!

    Got a topic or an expert in mind for "OCA Community Connect"? We’re always on the lookout for fresh insights and voices in cybersecurity and open-source innovation.

    How to Contribute:

    Topics: Tell us what you’re curious about in the cybersecurity world.
    Guests: Know someone who’d be a great interview? We’d love to hear about them.

    Reach Out: Drop us an email or message us on social media. Your suggestions help shape our show, and we can’t wait to hear from you!

    Mon, 04 Mar 2024
  • 8 - OCA 2023 Highlights - Jan 2024

    Welcome back to another insightful episode of OCA Community Connect. Today, our host Roseann Guttierrez engages in a compelling conversation with Mark Mastrangeli, the cloud engagement director at Palo Alto Networks and co-chair of the OCA Project Governing Board (PGB). Mark shares his remarkable journey into the tech industry and the pivotal role he plays in advocating for collaboration and interoperability in the cybersecurity domain.

    In this episode, Mark deep dives into the significant achievements of OCA in 2023. He sheds light on the launch of two projects - the Open XDR architecture and the Indicator of Behavior project, both aimed at driving innovation and enhancing cyber defense capabilities. Furthermore, Mark underscores the successful launch of the CACAO Roaster playbook editor, a project that promises to simplify the creation of playbooks for organizations.

    Looking ahead to 2024, Mark unveils OCA's vision to expand its reach and bring different cybersecurity communities together. He emphasizes the mission to develop more inclusive and accessible solutions by fostering collaboration and interoperability. As the community aims to serve as an ecosystem of ecosystems, this episode gives a glimpse into the future of cybersecurity and the pivotal role that OCA is set to play in shaping it.

    - - -

    **Episode Specific References**


    MITRE Security Automation Framework (SAF)
    https://saf.mitre.org/

    Open Cybersecurity Schema Framework (OCSF)
    https://docs.aws.amazon.com/security-lake/latest/userguide/open-cybersecurity-schema-framework.html

    Vulnerability Exploitability eXchange (VEX)
    https://www.cisa.gov/resources-tools/resources/minimum-requirements-vulnerability-exploitability-exchange-vex

    Borderless Cyber - OAISIS Open
    https://borderlesscyber2023.oasis-open.org/

    - - -

    Reference Links:

    Open Cybersecurity Alliance (OCA) website:
    https://opencybersecurityalliance.org/

    Open Cybersecurity Alliance (OCA) GitHub
    https://github.com/opencybersecurityalliance

    Open Cybersecurity Alliance (OCA) YouTube
    https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg


    Share Your Ideas & Guest Suggestions!

    Got a topic or an expert in mind for "OCA Community Connect"? We’re always on the lookout for fresh insights and voices in cybersecurity and open-source innovation.

    How to Contribute:

    Topics: Tell us what you’re curious about in the cybersecurity world.
    Guests: Know someone who’d be a great interview? We’d love to hear about them.

    Reach Out: Drop us an email or message us on social media. Your suggestions help shape our show, and we can’t wait to hear from you!

    Wed, 14 Feb 2024
  • 7 - Kestrel as a Service (KaaS) - Nov 2023

    Welcome to another fascinating episode of OCA Community Connect! In this installment, our host, Roseann Guttierrez, engages in an insightful conversation with Kenneth Peeples, a principal cybersecurity architect at Red Hat, to unravel the ins and outs of the cutting-edge Kestrel as a Service (KaaS) project. As Kenneth shares the nitty-gritty details of KaaS, he paints a vivid picture of a platform designed for crowd hunting and threat collaboration, with a focus on enhancing the speed of detecting cyber threats. Delving deeper, he opens up about the personal significance of the project, tying it back to his profound passion for security and the inspiration he draws from his parents. Moreover, he sheds light on the vital role of community involvement in propelling the Kestrel as a Service platform forward, emphasizing the need for collaboration and contributions. Through this engaging conversation, we gain invaluable insights into the complexities and potential of Kestrel as a Service, as well as the pivotal role of open source collaboration in the dynamic landscape of cybersecurity. So, tune in and join us on this illuminating journey through the world of Kestrel as a Service!


     

    Reference Links:

    Open Cybersecurity Alliance (OCA) website:
    https://opencybersecurityalliance.org/

    Open Cybersecurity Alliance (OCA) GitHub
    https://github.com/opencybersecurityalliance

    Open Cybersecurity Alliance (OCA) YouTube
    https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg

     


    Share Your Ideas & Guest Suggestions!

    Got a topic or an expert in mind for "OCA Community Connect"? We’re always on the lookout for fresh insights and voices in cybersecurity and open-source innovation.

    How to Contribute:

    Topics: Tell us what you’re curious about in the cybersecurity world.
    Guests: Know someone who’d be a great interview? We’d love to hear about them.

    Reach Out: Drop us an email or message us on social media. Your suggestions help shape our show, and we can’t wait to hear from you!

    Wed, 14 Feb 2024
  • 6 - Open XDR Architecture (OXA) - July 2023

    In this episode of OCA Community Connect, we delve into the world of Open XDR Architecture (OXA) with our guest, David Bizeul, the co-founder and chief scientific officer of Sequoia IO. David provides an in-depth look at OXA, its significance, and the impact it has on the cybersecurity community. He emphasizes the importance of preserving expert resources, placing technology ownership on vendors, and raising the bar against attacks using CTI dissemination. Join us as we explore the potential of Open XDR Architecture and how the community's involvement is crucial for its success. Listen in for an engaging discussion and the various opportunities for participation and contribution.

    *** NOTE:  This episode had slides related to the discussion that can be found on this link ***


     

    Reference Links:

    Open Cybersecurity Alliance (OCA) website:
    https://opencybersecurityalliance.org/

    Open Cybersecurity Alliance (OCA) GitHub
    https://github.com/opencybersecurityalliance

    Open Cybersecurity Alliance (OCA) YouTube
    https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg

     


    Share Your Ideas & Guest Suggestions!

    Got a topic or an expert in mind for "OCA Community Connect"? We’re always on the lookout for fresh insights and voices in cybersecurity and open-source innovation.

    How to Contribute:

    Topics: Tell us what you’re curious about in the cybersecurity world.
    Guests: Know someone who’d be a great interview? We’d love to hear about them.

    Reach Out: Drop us an email or message us on social media. Your suggestions help shape our show, and we can’t wait to hear from you!

    Wed, 14 Feb 2024
Mostra altri episodi