OCA Community Connect
OCA Community Connect
Roseann Guttierrez
Welcome to 'Community Connect,'  this is the space where we dive into the benefits of seamlessly integrating security products using open source software and standards, all with the goal of fostering a more interoperable security ecosystem. In each episode, we'll embark on a journey into the heart of the OCA community, engaging in insightful conversations with the individuals who are actively shaping the open source security landscape.  Expect to stay up-to-date with the very latest developments, as we bring you exciting news, updates, and a closer look at the sub-projects that are steering the course of future security tooling. So, whether you're an experienced contributor, a curious developer, or simply someone with a profound commitment to securing our digital realm, this podcast is your go-to destination. Together, we'll drive innovation, elevate security standards, and contribute to a safer world.   Host info: Roseann Guttierrez is your host. A cybersecurity professional with over two decades of experience. Specializing in computer forensics, digital investigation, and critical infrastructure. As the voice of the podcast, she embodies the spirit of a cybersecurity superhero, dedicated to forging alliances that enhance security across the digital realm.
OCA 2023 Highlights
Welcome back to another insightful episode of OCA Community Connect. Today, our host Roseann Guttierrez engages in a compelling conversation with Mark Mastrangeli, the cloud engagement director at Palo Alto Networks and co-chair of the OCA Project Governing Board (PGB). Mark shares his remarkable journey into the tech industry and the pivotal role he plays in advocating for collaboration and interoperability in the cybersecurity domain. In this episode, Mark deep dives into the significant achievements of OCA in 2023. He sheds light on the launch of two projects - the Open XDR architecture and the Indicator of Behavior project, both aimed at driving innovation and enhancing cyber defense capabilities. Furthermore, Mark underscores the successful launch of the CACAO Roaster playbook editor, a project that promises to simplify the creation of playbooks for organizations. Looking ahead to 2024, Mark unveils OCA's vision to expand its reach and bring different cybersecurity communities together. He emphasizes the mission to develop more inclusive and accessible solutions by fostering collaboration and interoperability. As the community aims to serve as an ecosystem of ecosystems, this episode gives a glimpse into the future of cybersecurity and the pivotal role that OCA is set to play in shaping it. - - - **Episode Specific References** MITRE Security Automation Framework (SAF) https://saf.mitre.org/ Open Cybersecurity Schema Framework (OCSF) https://docs.aws.amazon.com/security-lake/latest/userguide/open-cybersecurity-schema-framework.html Vulnerability Exploitability eXchange (VEX) https://www.cisa.gov/resources-tools/resources/minimum-requirements-vulnerability-exploitability-exchange-vex Borderless Cyber - OAISIS Open https://borderlesscyber2023.oasis-open.org/ - - - Reference Links: Open Cybersecurity Alliance (OCA) website: https://opencybersecurityalliance.org/ Open Cybersecurity Alliance (OCA) GitHub https://github.com/opencybersecurityalliance Open Cybersecurity Alliance (OCA) YouTube https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg
Feb 14, 2024
16 min
Kestrel as a Service (KaaS)
Welcome to another fascinating episode of OCA Community Connect! In this installment, our host, Roseann Guttierrez, engages in an insightful conversation with Kenneth Peeples, a principal cybersecurity architect at Red Hat, to unravel the ins and outs of the cutting-edge Kestrel as a Service (KaaS) project. As Kenneth shares the nitty-gritty details of KaaS, he paints a vivid picture of a platform designed for crowd hunting and threat collaboration, with a focus on enhancing the speed of detecting cyber threats. Delving deeper, he opens up about the personal significance of the project, tying it back to his profound passion for security and the inspiration he draws from his parents. Moreover, he sheds light on the vital role of community involvement in propelling the Kestrel as a Service platform forward, emphasizing the need for collaboration and contributions. Through this engaging conversation, we gain invaluable insights into the complexities and potential of Kestrel as a Service, as well as the pivotal role of open source collaboration in the dynamic landscape of cybersecurity. So, tune in and join us on this illuminating journey through the world of Kestrel as a Service!  
Feb 14, 2024
11 min
Open XDR Architecture (OXA)
In this episode of OCA Community Connect, we delve into the world of Open XDR Architecture (OXA) with our guest, David Bizeul, the co-founder and chief scientific officer of Sequoia IO. David provides an in-depth look at OXA, its significance, and the impact it has on the cybersecurity community. He emphasizes the importance of preserving expert resources, placing technology ownership on vendors, and raising the bar against attacks using CTI dissemination. Join us as we explore the potential of Open XDR Architecture and how the community's involvement is crucial for its success. Listen in for an engaging discussion and the various opportunities for participation and contribution. *** NOTE:  This episode had slides related to the discussion that can be found on this link *** Reference Links: Open Cybersecurity Alliance (OCA) website: https://opencybersecurityalliance.org/ Open Cybersecurity Alliance (OCA) GitHub https://github.com/opencybersecurityalliance Open Cybersecurity Alliance (OCA) YouTube https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg
Feb 14, 2024
14 min
Cybersecurity Automation Sub-Project (CASP) and Village
In this episode of OCA Community Connect, we have the pleasure of welcoming Duncan Sparrell, chief cyber curmudgeon of sFractal Consulting LLC, and OASIS Board member. Duncan gives us a glimpse into the Cybersecurity Automation Sub-Project (CASP) and also shares information on the recent cybersecurity automation village event, providing highlights and detailing the scenarios that were addressed and discussed. He emphasizes the importance of automation in kicking hackers out of systems quickly. The conversation concludes with a discussion on upcoming events, including a meet-up at the borderless cyber event in London and a two-day event planned for early 2024. The next CASP event will be a 2-day Cybersecurity Automation Village in Virginia in April,2024. For more info, see Next Village and participate in the CASP mailing list. Reference Links: Open Cybersecurity Alliance (OCA) website: https://opencybersecurityalliance.org/ Open Cybersecurity Alliance (OCA) GitHub https://github.com/opencybersecurityalliance Open Cybersecurity Alliance (OCA) YouTube https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg
Feb 14, 2024
11 min
Kestrel
In this episode of OCA Community Connect, our host Roseann Guttierrez sits down with Xiaokui Shu, a senior research scientist from IBM and chair of the OCA technical steering committee, to delve into the world of cybersecurity and the Kestrel subproject. Xiaokui provides an insightful overview of Kestrel as a threat hunting language aimed at streamlining the process of identifying and addressing potential security threats. He shares the project's fascinating journey, from its inception in a DARPA program to its evolution into an open-source initiative at IBM. Xiaokui also sheds light on the challenges the Kestrel project currently faces and offers listeners the opportunity to join the conversation through the OCA Slack Space and the dedicated Kestrel channel. Whether you're a cybersecurity enthusiast or simply curious about the cutting-edge developments in threat detection, this episode provides an engaging look at the Kestrel project and how you can be a part of its ongoing growth and innovation. Reference Links: Open Cybersecurity Alliance (OCA) website: https://opencybersecurityalliance.org/ Open Cybersecurity Alliance (OCA) GitHub https://github.com/opencybersecurityalliance Open Cybersecurity Alliance (OCA) YouTube https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security October 2018 Pages 1883–1898 https://doi.org/10.1145/3243734.3243829      
Feb 14, 2024
9 min
RSA 2023 USA Teaser
Jason Keirstead, a Distinguished Engineer with IBM and the CTO of Threat Management, discusses the importance of the Open Cybersecurity Alliance (OCA) in addressing the problem of interoperability in cybersecurity. He explains that the lack of common ways to integrate cybersecurity products has led to inefficiencies and high costs for vendors and consumers. The OCA aims to improve interoperability, reduce friction, and lower integration costs by promoting open collaboration and sharing of source code. JK emphasizes the need for collective defense and collaboration in the industry to effectively counter threat actors. He also mentions the upcoming OCA breakfast event at RSA 2023 USA, where new initiatives related to XDR and application security will be announced.   Reference Links: Open Cybersecurity Alliance (OCA) website: https://opencybersecurityalliance.org/ Open Cybersecurity Alliance (OCA) GitHub https://github.com/opencybersecurityalliance Open Cybersecurity Alliance (OCA) YouTube https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg
Feb 13, 2024
11 min
STIX Shifter sub-project
In this episode of OCA Community Connect, our guest Danny Elliott, a senior product owner for UDI and CAR integrations at IBM Security, gives us an inside look into the STIX Shifter project. He explains how this Python library facilitates data retrieval from various security products and data repositories using STIX Patterning. Once the data is found it transforms the results into STIX Observables. Danny also highlights the project's ongoing need for new connectors and domain expertise to enhance existing integrations. Stay tuned to learn more about the importance and impact of the STIX Shifter project in the world of cybersecurity.   Reference Links: Open Cybersecurity Alliance (OCA) website: https://opencybersecurityalliance.org/ Open Cybersecurity Alliance (OCA) GitHub https://github.com/opencybersecurityalliance Open Cybersecurity Alliance (OCA) YouTube https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg
Jan 30, 2024
3 min
Indicators of Behavior sub-project
In this podcast episode, Charles Frick, a Chief Scientist at Johns Hopkins University Applied Physics Laboratory, discusses the Indicators of Behavior (IOB) subproject under the Open Cybersecurity Alliance. He explains the need for open standards to represent cyber adversary behaviors, aiming to share detections with longer shelf lives than current Indicators of Compromise (IOCs). Charles also emphasizes the importance of automation in cybersecurity to keep pace with adversaries and calls for community involvement to improve reference implementations, partner with other initiatives, and contribute to the project's GitHub repository. He invites feedback, collaboration, and volunteer efforts to advance the project's goals.   Blog on Indicators of Behavior (IOB) https://opencybersecurityalliance.org/introducing-the-indicators-of-behavior-iob-sub-project/   Reference Links: Open Cybersecurity Alliance (OCA) website: https://opencybersecurityalliance.org/ Open Cybersecurity Alliance (OCA) GitHub https://github.com/opencybersecurityalliance Open Cybersecurity Alliance (OCA) YouTube https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg
Jan 24, 2024
9 min