Date   

[RFC] - Request for any notes on EDU.SIG plan

CRob Robinson (Intel)
 

EDU.SIG - as we near completion of the revised plan, I invite EVERYONE to give it a last read/re-read to ensure it makes sense and we're not missing any obvious gaps.  As each section wraps up I'll be ensuring the formatting/wording is consistent as well as collecting all resource needs into a summary page.  I'll send an official RFC out once that happens, but we'd love to get any gaps or questions addressed ASAP - https://github.com/ossf/education/tree/main/plan

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 


Education Materials Organization Spreadsheet Complete

Dave Russo
 

FYI,

The initial version of the Educational Materials Matrix [1] has been completed and is available to accept data. The intention for this spreadsheet is to have a definitive centralized list of the existing secure development educational materials that the Education SIG intends to use in pursuit of our objectives. We have defined a number of categories that will help us understand what each artifact provides and assist with creating curricula, defining gaps, acquiring and creating new content and planning for engaging and incentivizing the open source community.

To add an item to the spreadsheet, please provide the following in the Matrix tab:
- Title of the artifact, hyperlinked to its location
- Content Type - selected from the drop-down list
- Check all Domains that apply to the artifact (these are intended to be general, see the Domain Mapping tab for examples)
- Check all Personas that apply to the artifact (the types of learner that would benefit from the content)
- Check all Learner Levels that apply to the artifact
- Stack / Language - selected from the drop-down list
- The date of the submission in the Last Updated column
- The name (and e-mail) of the person who submitted the artifact in the Submitted By column

Suggestions for changes to the spreadsheet and categories should be submitted by creating an issue in the SIG repo [2].

Thanks to everyone that contributed, especially those who met during our working session yesterday to get things wrapped up!
Dave

[1] https://docs.google.com/spreadsheets/d/14g7jdt-e-AV1aeFFDKpPkyUh3ljPhC2kalaojMurqBU/edit?usp=sharing
[2] https://github.com/ossf/education/issues

-- 
Dave Russo
Senior Principal Program Manager, Secure Development
Red Hat Product Security


Invitation: Materials Matrix Spreadsheet @ Thu Oct 20, 2022 9am - 10am (EDT) (openssf-sig-education@lists.openssf.org)

Dave Russo
 

Materials Matrix Spreadsheet
One of the deliverables that the Create & Curate Content [1] section of the EDU SIG is finalizing is a method for organizing the education materials the SIG will be working with. We
 
One of the deliverables that the Create & Curate Content [1] section of the EDU SIG is finalizing is a method for organizing the education materials the SIG will be working with. We are using this spreadsheet [2] as a working document to determine the categories and values that will be used for this purpose.

There are multiple dependencies for this information across all three sections, so we intend to finalize this by 21 Oct. All spreadsheet feedback and suggestions due by 18 Oct and we will discuss this at the 19 Oct EDU SIG meeting, with the expectation for finalizing v1.0 by 21 Oct.

To help facilitate this effort I am scheduling a working meeting for Thursday Oct 20 @ 9:00am EDT. Anyone interested in contributing to this effort is encouraged to join the call if able.

I'm not sure we will get this on the OSSF calendar in time, the Zoom link to join is:
https://zoom.us/j/93408997717?pwd=MlBTTERFV0FxUmlEWXhlVkJCNkFVdz09

Thanks,
Dave

[1]https://docs.google.com/document/d/1bNAUPTTwFbffulI0h5Oiakq7CfP1tuIlmDcjNMG0XR4/edit?usp=sharing
[2]https://docs.google.com/spreadsheets/d/14g7jdt-e-AV1aeFFDKpPkyUh3ljPhC2kalaojMurqBU/edit#gid=0

When

Thursday Oct 20, 2022 ⋅ 9am – 10am (Eastern Time - New York)

Location

https://zoom.us/j/93408997717?pwd=MlBTTERFV0FxUmlEWXhlVkJCNkFVdz09
View map

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more


Education Materials Organization - Spreadsheet Working Meeting

Dave Russo
 

One of the deliverables that the Create & Curate Content [1] section of the EDU SIG is finalizing is a method for organizing the education materials the SIG will be working with. We are using this spreadsheet [2] as a working document to determine the categories and values that will be used for this purpose.

There are multiple dependencies for this information across all three sections, so we intend to finalize this by 21 Oct. All spreadsheet feedback and suggestions due by 18 Oct and we will discuss this at the 19 Oct EDU SIG meeting, with the expectation for finalizing v1.0 by 21 Oct.

To help facilitate this effort I am scheduling a working meeting for Tuesday Oct 18 @ 10:00am EDT. Anyone interested in contributing to this effort is encouraged to join the call if able.

I'm not sure we will get this on the OSSF calendar in time, the Zoom link to join is:
https://zoom.us/j/93408997717?pwd=MlBTTERFV0FxUmlEWXhlVkJCNkFVdz09

Thanks,
Dave

[1] https://docs.google.com/document/d/1bNAUPTTwFbffulI0h5Oiakq7CfP1tuIlmDcjNMG0XR4/edit?usp=sharing
[2] https://docs.google.com/spreadsheets/d/14g7jdt-e-AV1aeFFDKpPkyUh3ljPhC2kalaojMurqBU/edit#gid=0
-- 
Dave Russo
Senior Principal Program Manager, Secure Development
Red Hat Product Security


Re: Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

CRob Robinson (Intel)
 

Sounds like a great suggestion

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 

From: openssf-sig-education@... <openssf-sig-education@...> On Behalf Of eric.tice via lists.openssf.org
Sent: Tuesday, October 11, 2022 11:44 AM
To: Robinson, Christopher <christopher.robinson@...>; openssf-sig-education@...; bbehlendorf@...; David A. Wheeler <dwheeler@...>
Cc: Arnaud Le Hors <lehors@...>; daniel.appelquist@...
Subject: Re: [openssf-sig-education] Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

 

We should discuss this in the Education SIG expand content meeting also?

 

Respectfully,

 

signature_98399051

Eric Tice

Global Director, Enterprise Architect & COE Leader

CTO Office

in/erictice @EricTice4

+1 615-342-9277, US Central Time Zone (CST)

 

 

From: Robinson, Christopher <christopher.robinson@...>
Date: Tuesday, October 11, 2022 at 10:18 AM
To: openssf-sig-education@... <openssf-sig-education@...>, bbehlendorf@... <bbehlendorf@...>, David A. Wheeler <dwheeler@...>
Cc: Eric Tice <eric.tice@...>, Arnaud Le Hors <lehors@...>, daniel.appelquist@... <daniel.appelquist@...>
Subject: RE: [openssf-sig-education] Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.
 

David and I chatted after the BEST working group call today.  He and I and many in the group see a lot of value in contributing here.  To that end I created this strawman draft(1) for the group to massage and contribute to if we want one response from the SIG.  It would be useful to get some guidance on how we want to position the response (is this a list of what we’re doing?  Is this a list of proposed contributions to their effort?  Is this an invitation for their contributions? Etc.).  I know that my company will also be working up a response from their perspective that may touch on the SIG’s efforts, but ultimately be tailored to their interactions with the NCD to date and ongoing.

 

We’re VERY excited about this opportunity and I welcome the SIG (and other members) to help us craft a most excellent response.  I’m glad to help steer this and get it prepped for your side’s legal review. TEAM – please get your thoughts/suggestions/additions/removals/comments in before 16October so we can give the LF team time to do their review. 

 

Thank you all!

 

  1. - https://docs.google.com/document/d/13k55_RfxUj4sd0XEFPiDESynap1w-G1Snji-X2ZsjuQ/edit

 

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 

From: openssf-sig-education@... <openssf-sig-education@...> On Behalf Of Brian Behlendorf
Sent: Tuesday, October 11, 2022 11:01 AM
To: Robinson, Christopher <christopher.robinson@...>
Cc: openssf-sig-education@...
Subject: Re: [openssf-sig-education] Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

 

If this group wants to develop a response, I can send it into the RFI on OpenSSF letterhead, but I'll need a week to get legal review on our side (among other reasons so we stay clear of "lobbying"). It's not going to take a week's worth of work to review, but I don't control the queue of items through the LF's legal team, so a week is my safe estimate of how long that'll take assuming a couple of pages of response plus work any changes with the SIG. I also can't commit OpenSSF staff time to collate/organize/make sense of individual responses into a unified one - it needs to be someone here who can be the editor.

 

Brian

 

On 10/11/22 05:46, Robinson, Christopher wrote:

Thanks for sharing Brian!  I think this would be something most excellent for the group to have some thoughts on!  Do you have a deadline when you’d like comments back to you (I am assuming you’ll be collecting for the OSSF)?

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 

From: openssf-sig-education@... <openssf-sig-education@...> On Behalf Of Brian Behlendorf
Sent: Tuesday, October 11, 2022 4:15 AM
To: openssf-sig-education@...
Subject: [openssf-sig-education] Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

 

Thought people here might find this of interest. Probably worth multiple responses rather than a SIG-coordinated one, but perhaps worth discussing how a response to this might connect with the goals of this SIG.

Brian

 

 

---------- Forwarded message ---------
From: Tortora, Paul J. EOP/NCD <Paul.J.Tortora@...>
Date: Wed, Oct 5, 2022 at 5:48 AM
Subject: Office of the National Cyber Director - RFI for ideas, inputs, and recommendations
To:
Cc: Stewart Gloster, Camille A. EOP/NCD <Camille.A.Stewart@...>, Nielsen, Suzanne C. EOP/NCD <Suzanne.C.Nielsen@...>

 

Dear Colleagues:

As many of you know, the Office of the National Cyber Director is in the initial stages of a collaborative development of a new National Strategy on Cyber Workforce and Education.  As part of our wide-reaching plan and in order to gather as much information, ideas, and recommendations for this to be a successful effort, we are seeking best practice insights, ideas, and inputs from stakeholders in the private sector, non-profit organizations, academic institutions, and government in the following areas:

 

I.  Cyber Workforce:  Recruitment, Hiring, Career Development, Reskilling, Retention, Statistics & Data

II.  Diversity, Equity, Inclusion, and Accessibility (DEIA):  In the Workforce, and in Training, Education, and Awareness Efforts

III.  Training, Education, Awareness:  Training, Higher Education, K-12 Education, General Cybersecurity education, digital awareness and online safety

To reach as much of the nation as possible, we are casting a wide net through a publicly available Request for Information ( Office of the National Cyber Director Requests Your Insight and Expertise on Cyber Workforce, Training, and Education - The White House), and we would welcome your thoughts and experiences on this topic, as well as those from within your organization to provide us with impactful insights and recommendations to share in any of the above or related areas.  We want to ensure that we hear from as many voices as possible as we move forward, so should you or your staff have any questions, please feel free to share them with me or Suzanne Nielsen, Director, National Workforce and Education Strategy (suzanne.c.nielsen@... ), and our team will follow up with you as soon as possible.

Thank you for your involvement and partnership,

 

Sincerely,

 

Paul

 

Paul J. Tortora

Office of the National Cyber Director

Executive Office of the President

Paul.j.tortora@...

C: 202-881-9625

 


 

--

Jim Zemlin
Executive Director, The Linux Foundation

 

 

 

-- 
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf

 

'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'

Internal to Wipro


Re: Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

eric.tice@...
 

We should discuss this in the Education SIG expand content meeting also?

 

Respectfully,

 

signature_98399051

Eric Tice

Global Director, Enterprise Architect & COE Leader

CTO Office

in/erictice @EricTice4

+1 615-342-9277, US Central Time Zone (CST)

 

 

From: Robinson, Christopher <christopher.robinson@...>
Date: Tuesday, October 11, 2022 at 10:18 AM
To: openssf-sig-education@... <openssf-sig-education@...>, bbehlendorf@... <bbehlendorf@...>, David A. Wheeler <dwheeler@...>
Cc: Eric Tice <eric.tice@...>, Arnaud Le Hors <lehors@...>, daniel.appelquist@... <daniel.appelquist@...>
Subject: RE: [openssf-sig-education] Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.
 

David and I chatted after the BEST working group call today.  He and I and many in the group see a lot of value in contributing here.  To that end I created this strawman draft(1) for the group to massage and contribute to if we want one response from the SIG.  It would be useful to get some guidance on how we want to position the response (is this a list of what we’re doing?  Is this a list of proposed contributions to their effort?  Is this an invitation for their contributions? Etc.).  I know that my company will also be working up a response from their perspective that may touch on the SIG’s efforts, but ultimately be tailored to their interactions with the NCD to date and ongoing.

 

We’re VERY excited about this opportunity and I welcome the SIG (and other members) to help us craft a most excellent response.  I’m glad to help steer this and get it prepped for your side’s legal review. TEAM – please get your thoughts/suggestions/additions/removals/comments in before 16October so we can give the LF team time to do their review. 

 

Thank you all!

 

  1. - https://docs.google.com/document/d/13k55_RfxUj4sd0XEFPiDESynap1w-G1Snji-X2ZsjuQ/edit

 

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 

From: openssf-sig-education@... <openssf-sig-education@...> On Behalf Of Brian Behlendorf
Sent: Tuesday, October 11, 2022 11:01 AM
To: Robinson, Christopher <christopher.robinson@...>
Cc: openssf-sig-education@...
Subject: Re: [openssf-sig-education] Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

 

If this group wants to develop a response, I can send it into the RFI on OpenSSF letterhead, but I'll need a week to get legal review on our side (among other reasons so we stay clear of "lobbying"). It's not going to take a week's worth of work to review, but I don't control the queue of items through the LF's legal team, so a week is my safe estimate of how long that'll take assuming a couple of pages of response plus work any changes with the SIG. I also can't commit OpenSSF staff time to collate/organize/make sense of individual responses into a unified one - it needs to be someone here who can be the editor.

 

Brian

 

On 10/11/22 05:46, Robinson, Christopher wrote:

Thanks for sharing Brian!  I think this would be something most excellent for the group to have some thoughts on!  Do you have a deadline when you’d like comments back to you (I am assuming you’ll be collecting for the OSSF)?

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 

From: openssf-sig-education@... <openssf-sig-education@...> On Behalf Of Brian Behlendorf
Sent: Tuesday, October 11, 2022 4:15 AM
To: openssf-sig-education@...
Subject: [openssf-sig-education] Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

 

Thought people here might find this of interest. Probably worth multiple responses rather than a SIG-coordinated one, but perhaps worth discussing how a response to this might connect with the goals of this SIG.

Brian

 

 

---------- Forwarded message ---------
From: Tortora, Paul J. EOP/NCD <Paul.J.Tortora@...>
Date: Wed, Oct 5, 2022 at 5:48 AM
Subject: Office of the National Cyber Director - RFI for ideas, inputs, and recommendations
To:
Cc: Stewart Gloster, Camille A. EOP/NCD <Camille.A.Stewart@...>, Nielsen, Suzanne C. EOP/NCD <Suzanne.C.Nielsen@...>

 

Dear Colleagues:

As many of you know, the Office of the National Cyber Director is in the initial stages of a collaborative development of a new National Strategy on Cyber Workforce and Education.  As part of our wide-reaching plan and in order to gather as much information, ideas, and recommendations for this to be a successful effort, we are seeking best practice insights, ideas, and inputs from stakeholders in the private sector, non-profit organizations, academic institutions, and government in the following areas:

 

I.  Cyber Workforce:  Recruitment, Hiring, Career Development, Reskilling, Retention, Statistics & Data

II.  Diversity, Equity, Inclusion, and Accessibility (DEIA):  In the Workforce, and in Training, Education, and Awareness Efforts

III.  Training, Education, Awareness:  Training, Higher Education, K-12 Education, General Cybersecurity education, digital awareness and online safety

To reach as much of the nation as possible, we are casting a wide net through a publicly available Request for Information ( Office of the National Cyber Director Requests Your Insight and Expertise on Cyber Workforce, Training, and Education - The White House), and we would welcome your thoughts and experiences on this topic, as well as those from within your organization to provide us with impactful insights and recommendations to share in any of the above or related areas.  We want to ensure that we hear from as many voices as possible as we move forward, so should you or your staff have any questions, please feel free to share them with me or Suzanne Nielsen, Director, National Workforce and Education Strategy (suzanne.c.nielsen@... ), and our team will follow up with you as soon as possible.

Thank you for your involvement and partnership,

 

Sincerely,

 

Paul

 

Paul J. Tortora

Office of the National Cyber Director

Executive Office of the President

Paul.j.tortora@...

C: 202-881-9625

 


 

--

Jim Zemlin
Executive Director, The Linux Foundation

 

 

 

-- 
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf

'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'

Internal to Wipro


Re: Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

CRob Robinson (Intel)
 

David and I chatted after the BEST working group call today.  He and I and many in the group see a lot of value in contributing here.  To that end I created this strawman draft(1) for the group to massage and contribute to if we want one response from the SIG.  It would be useful to get some guidance on how we want to position the response (is this a list of what we’re doing?  Is this a list of proposed contributions to their effort?  Is this an invitation for their contributions? Etc.).  I know that my company will also be working up a response from their perspective that may touch on the SIG’s efforts, but ultimately be tailored to their interactions with the NCD to date and ongoing.

 

We’re VERY excited about this opportunity and I welcome the SIG (and other members) to help us craft a most excellent response.  I’m glad to help steer this and get it prepped for your side’s legal review. TEAM – please get your thoughts/suggestions/additions/removals/comments in before 16October so we can give the LF team time to do their review. 

 

Thank you all!

 

  1. - https://docs.google.com/document/d/13k55_RfxUj4sd0XEFPiDESynap1w-G1Snji-X2ZsjuQ/edit

 

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 

From: openssf-sig-education@... <openssf-sig-education@...> On Behalf Of Brian Behlendorf
Sent: Tuesday, October 11, 2022 11:01 AM
To: Robinson, Christopher <christopher.robinson@...>
Cc: openssf-sig-education@...
Subject: Re: [openssf-sig-education] Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

 

If this group wants to develop a response, I can send it into the RFI on OpenSSF letterhead, but I'll need a week to get legal review on our side (among other reasons so we stay clear of "lobbying"). It's not going to take a week's worth of work to review, but I don't control the queue of items through the LF's legal team, so a week is my safe estimate of how long that'll take assuming a couple of pages of response plus work any changes with the SIG. I also can't commit OpenSSF staff time to collate/organize/make sense of individual responses into a unified one - it needs to be someone here who can be the editor.

 

Brian

 

On 10/11/22 05:46, Robinson, Christopher wrote:

Thanks for sharing Brian!  I think this would be something most excellent for the group to have some thoughts on!  Do you have a deadline when you’d like comments back to you (I am assuming you’ll be collecting for the OSSF)?

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 

From: openssf-sig-education@... <openssf-sig-education@...> On Behalf Of Brian Behlendorf
Sent: Tuesday, October 11, 2022 4:15 AM
To: openssf-sig-education@...
Subject: [openssf-sig-education] Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

 

Thought people here might find this of interest. Probably worth multiple responses rather than a SIG-coordinated one, but perhaps worth discussing how a response to this might connect with the goals of this SIG.

Brian

 

 

---------- Forwarded message ---------
From: Tortora, Paul J. EOP/NCD <Paul.J.Tortora@...>
Date: Wed, Oct 5, 2022 at 5:48 AM
Subject: Office of the National Cyber Director - RFI for ideas, inputs, and recommendations
To:
Cc: Stewart Gloster, Camille A. EOP/NCD <Camille.A.Stewart@...>, Nielsen, Suzanne C. EOP/NCD <Suzanne.C.Nielsen@...>

 

Dear Colleagues:

As many of you know, the Office of the National Cyber Director is in the initial stages of a collaborative development of a new National Strategy on Cyber Workforce and Education.  As part of our wide-reaching plan and in order to gather as much information, ideas, and recommendations for this to be a successful effort, we are seeking best practice insights, ideas, and inputs from stakeholders in the private sector, non-profit organizations, academic institutions, and government in the following areas:

 

I.  Cyber Workforce:  Recruitment, Hiring, Career Development, Reskilling, Retention, Statistics & Data

II.  Diversity, Equity, Inclusion, and Accessibility (DEIA):  In the Workforce, and in Training, Education, and Awareness Efforts

III.  Training, Education, Awareness:  Training, Higher Education, K-12 Education, General Cybersecurity education, digital awareness and online safety

To reach as much of the nation as possible, we are casting a wide net through a publicly available Request for Information ( Office of the National Cyber Director Requests Your Insight and Expertise on Cyber Workforce, Training, and Education - The White House), and we would welcome your thoughts and experiences on this topic, as well as those from within your organization to provide us with impactful insights and recommendations to share in any of the above or related areas.  We want to ensure that we hear from as many voices as possible as we move forward, so should you or your staff have any questions, please feel free to share them with me or Suzanne Nielsen, Director, National Workforce and Education Strategy (suzanne.c.nielsen@... ), and our team will follow up with you as soon as possible.

Thank you for your involvement and partnership,

 

Sincerely,

 

Paul

 

Paul J. Tortora

Office of the National Cyber Director

Executive Office of the President

Paul.j.tortora@...

C: 202-881-9625

 


 

--

Jim Zemlin
Executive Director, The Linux Foundation

 

 

 

-- 
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf


Re: Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

Brian Behlendorf
 

If this group wants to develop a response, I can send it into the RFI on OpenSSF letterhead, but I'll need a week to get legal review on our side (among other reasons so we stay clear of "lobbying"). It's not going to take a week's worth of work to review, but I don't control the queue of items through the LF's legal team, so a week is my safe estimate of how long that'll take assuming a couple of pages of response plus work any changes with the SIG. I also can't commit OpenSSF staff time to collate/organize/make sense of individual responses into a unified one - it needs to be someone here who can be the editor.

Brian

On 10/11/22 05:46, Robinson, Christopher wrote:

Thanks for sharing Brian!  I think this would be something most excellent for the group to have some thoughts on!  Do you have a deadline when you’d like comments back to you (I am assuming you’ll be collecting for the OSSF)?

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 

From: openssf-sig-education@... <openssf-sig-education@...> On Behalf Of Brian Behlendorf
Sent: Tuesday, October 11, 2022 4:15 AM
To: openssf-sig-education@...
Subject: [openssf-sig-education] Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

 

Thought people here might find this of interest. Probably worth multiple responses rather than a SIG-coordinated one, but perhaps worth discussing how a response to this might connect with the goals of this SIG.

Brian

 

 

---------- Forwarded message ---------
From: Tortora, Paul J. EOP/NCD <Paul.J.Tortora@...>
Date: Wed, Oct 5, 2022 at 5:48 AM
Subject: Office of the National Cyber Director - RFI for ideas, inputs, and recommendations
To:
Cc: Stewart Gloster, Camille A. EOP/NCD <Camille.A.Stewart@...>, Nielsen, Suzanne C. EOP/NCD <Suzanne.C.Nielsen@...>

 

Dear Colleagues:

As many of you know, the Office of the National Cyber Director is in the initial stages of a collaborative development of a new National Strategy on Cyber Workforce and Education.  As part of our wide-reaching plan and in order to gather as much information, ideas, and recommendations for this to be a successful effort, we are seeking best practice insights, ideas, and inputs from stakeholders in the private sector, non-profit organizations, academic institutions, and government in the following areas:

 

I.  Cyber Workforce:  Recruitment, Hiring, Career Development, Reskilling, Retention, Statistics & Data

II.  Diversity, Equity, Inclusion, and Accessibility (DEIA):  In the Workforce, and in Training, Education, and Awareness Efforts

III.  Training, Education, Awareness:  Training, Higher Education, K-12 Education, General Cybersecurity education, digital awareness and online safety

To reach as much of the nation as possible, we are casting a wide net through a publicly available Request for Information ( Office of the National Cyber Director Requests Your Insight and Expertise on Cyber Workforce, Training, and Education - The White House), and we would welcome your thoughts and experiences on this topic, as well as those from within your organization to provide us with impactful insights and recommendations to share in any of the above or related areas.  We want to ensure that we hear from as many voices as possible as we move forward, so should you or your staff have any questions, please feel free to share them with me or Suzanne Nielsen, Director, National Workforce and Education Strategy (suzanne.c.nielsen@... ), and our team will follow up with you as soon as possible.

Thank you for your involvement and partnership,

 

Sincerely,

 

Paul

 

Paul J. Tortora

Office of the National Cyber Director

Executive Office of the President

Paul.j.tortora@...

C: 202-881-9625

 


 

--

Jim Zemlin
Executive Director, The Linux Foundation

 

 


-- 
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf


Re: Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

CRob Robinson (Intel)
 

Thanks for sharing Brian!  I think this would be something most excellent for the group to have some thoughts on!  Do you have a deadline when you’d like comments back to you (I am assuming you’ll be collecting for the OSSF)?

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 

From: openssf-sig-education@... <openssf-sig-education@...> On Behalf Of Brian Behlendorf
Sent: Tuesday, October 11, 2022 4:15 AM
To: openssf-sig-education@...
Subject: [openssf-sig-education] Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

 

Thought people here might find this of interest. Probably worth multiple responses rather than a SIG-coordinated one, but perhaps worth discussing how a response to this might connect with the goals of this SIG.

Brian

 

 

---------- Forwarded message ---------
From: Tortora, Paul J. EOP/NCD <Paul.J.Tortora@...>
Date: Wed, Oct 5, 2022 at 5:48 AM
Subject: Office of the National Cyber Director - RFI for ideas, inputs, and recommendations
To:
Cc: Stewart Gloster, Camille A. EOP/NCD <Camille.A.Stewart@...>, Nielsen, Suzanne C. EOP/NCD <Suzanne.C.Nielsen@...>

 

Dear Colleagues:

As many of you know, the Office of the National Cyber Director is in the initial stages of a collaborative development of a new National Strategy on Cyber Workforce and Education.  As part of our wide-reaching plan and in order to gather as much information, ideas, and recommendations for this to be a successful effort, we are seeking best practice insights, ideas, and inputs from stakeholders in the private sector, non-profit organizations, academic institutions, and government in the following areas:

 

I.  Cyber Workforce:  Recruitment, Hiring, Career Development, Reskilling, Retention, Statistics & Data

II.  Diversity, Equity, Inclusion, and Accessibility (DEIA):  In the Workforce, and in Training, Education, and Awareness Efforts

III.  Training, Education, Awareness:  Training, Higher Education, K-12 Education, General Cybersecurity education, digital awareness and online safety

To reach as much of the nation as possible, we are casting a wide net through a publicly available Request for Information ( Office of the National Cyber Director Requests Your Insight and Expertise on Cyber Workforce, Training, and Education - The White House), and we would welcome your thoughts and experiences on this topic, as well as those from within your organization to provide us with impactful insights and recommendations to share in any of the above or related areas.  We want to ensure that we hear from as many voices as possible as we move forward, so should you or your staff have any questions, please feel free to share them with me or Suzanne Nielsen, Director, National Workforce and Education Strategy (suzanne.c.nielsen@... ), and our team will follow up with you as soon as possible.

Thank you for your involvement and partnership,

 

Sincerely,

 

Paul

 

Paul J. Tortora

Office of the National Cyber Director

Executive Office of the President

Paul.j.tortora@...

C: 202-881-9625

 


 

--

Jim Zemlin
Executive Director, The Linux Foundation

 

 


Office of the National Cyber Director - RFI for ideas, inputs, and recommendations

Brian Behlendorf
 

Thought people here might find this of interest. Probably worth multiple responses rather than a SIG-coordinated one, but perhaps worth discussing how a response to this might connect with the goals of this SIG.

Brian



---------- Forwarded message ---------
From: Tortora, Paul J. EOP/NCD <Paul.J.Tortora@...>
Date: Wed, Oct 5, 2022 at 5:48 AM
Subject: Office of the National Cyber Director - RFI for ideas, inputs, and recommendations
To:
Cc: Stewart Gloster, Camille A. EOP/NCD <Camille.A.Stewart@...>, Nielsen, Suzanne C. EOP/NCD <Suzanne.C.Nielsen@...>


Dear Colleagues:

As many of you know, the Office of the National Cyber Director is in the initial stages of a collaborative development of a new National Strategy on Cyber Workforce and Education.  As part of our wide-reaching plan and in order to gather as much information, ideas, and recommendations for this to be a successful effort, we are seeking best practice insights, ideas, and inputs from stakeholders in the private sector, non-profit organizations, academic institutions, and government in the following areas:

 

I.  Cyber Workforce:  Recruitment, Hiring, Career Development, Reskilling, Retention, Statistics & Data

II.  Diversity, Equity, Inclusion, and Accessibility (DEIA):  In the Workforce, and in Training, Education, and Awareness Efforts

III.  Training, Education, Awareness:  Training, Higher Education, K-12 Education, General Cybersecurity education, digital awareness and online safety

To reach as much of the nation as possible, we are casting a wide net through a publicly available Request for Information ( Office of the National Cyber Director Requests Your Insight and Expertise on Cyber Workforce, Training, and Education - The White House), and we would welcome your thoughts and experiences on this topic, as well as those from within your organization to provide us with impactful insights and recommendations to share in any of the above or related areas.  We want to ensure that we hear from as many voices as possible as we move forward, so should you or your staff have any questions, please feel free to share them with me or Suzanne Nielsen, Director, National Workforce and Education Strategy (suzanne.c.nielsen@... ), and our team will follow up with you as soon as possible.

Thank you for your involvement and partnership,

 

Sincerely,

 

Paul

 

Paul J. Tortora

Office of the National Cyber Director

Executive Office of the President

Paul.j.tortora@...

C: 202-881-9625

 



--
Jim Zemlin
Executive Director, The Linux Foundation




[RFC] Cross-Foundation Glossary of terms

David A. Wheeler
 

Regarding a glossary (lexicon?!):

The NIST Computer Security Resource Center (NSRC) Glossary
<https://csrc.nist.gov/glossary> might be useful to look at. They only list various definitions
along with their sources. An important limitation of this glossary is that they
*only* list definitions from US Federal Information Processing Standards
(FIPS), various final NIST documents, and the
Committee on National Security Systems (CNSS) Instruction CNSSI-4009.
That said, it's a decent place to look for sourced definitions. A good example
of what it's like is the entry on "vulnerability":
https://csrc.nist.gov/glossary/term/vulnerability

Notice how easy it is to have a URL that jumps directly to a definition.
I think that's a key necessary feature. You can have separate pages, or one page with
named anchors (where the term is the name of the anchor), but I think that's valuable.

Some other sources:
* NIST IR 7298 "Glossary of Key Information Security Terms" - https://csrc.nist.gov/publications/detail/nistir/7298/rev-3/final
* SANS - https://www.sans.org/security-resources/glossary-of-terms/
* CISA - https://niccs.cisa.gov/cybersecurity-career-resources/glossary

I think you want to use the term "glossary" not "lexicon" (NIST uses the term "glossary").
A lexicon is often considered just a list of words, NOT necessarily including any definitions
<https://dictionary.cambridge.org/us/dictionary/english/lexicon>
In contrast, <https://www.google.com/search?q=define+glossary>:
"A glossary is a list of an alphabetical list of terms or words found in or relating to a specific subject, text, or dialect, with explanations; a brief dictionary".
Note that all the sources I cited above use the term "glossary".

Also: if there's going to be a lexicon/glossary, maybe it should be moved to the Best Practices WG or similar, not just within the Education SIG. That might give it more visibility. Obviously definitions aren't limited to education :-). But if others think it should be within the education SIG that's fine.

--- David A. Wheeler

On Aug 31, 2022, at 10:02 AM, CRob Robinson (Intel) <christopher.robinson@...> wrote:

Hello TAC. The Education SIG(1) would like to propose the creation of a common lexicon for terms and definitions that would be used throughout OSSF work and materials (if one does not already exist in either the OSSF or larger LF). We’d like the TAC’s assistance in soliciting contributions from across the working groups to contribute specific terminology that may exist in our respective areas (e.g. supply chain-specific terms, tooling/development-specific words, etc.) so that we have one all-inclusive set of artifacts we all can reference that establish how WE ALL are using this terminology so that internal and external collaborators understand what we are trying to convey in a given interaction.

We plan on leveraging existing definitions from such sources as NIST, ISO, or other recognized security or open source community bodies as the basis of such work wherever possible, and then augmenting as needed for our specific OSSF-usecases. We’d love your thoughts and suggestions on this initiative. Thanks for your time and feedback.

• - https://github.com/ossf/education

Cheers,

CRob
Director of Security Communications
Intel Product Assurance and Security



[FYI] No EDU SIG Section One Call Sept 15

Dave Russo
 

Due to OpenSSF week activities we will not have the Section One EDU SIG call on Thursday Sept 15.

Thanks!
Dave

--
Dave Russo
Principal Program Manager, Secure Development
Red Hat Product Security


[FYI] No Full EDU.SIG Call 14September /eom

CRob Robinson (Intel)
 

$SUBJECT

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 


[FYI] Meeting Time changes have been made

CRob Robinson (Intel)
 

All – with the assistance of the inestimable Jory Burson, we’ve official adjusted our meeting times to the following:

 

  • Full SIG calls every other Wednesday at 9am EST – starting 7September
  • Collect & curate (Section 1) – every other Thursday at 9am EST starting TOMORROW!!
  • Expand Content (Section 2) – every other Thursday at 430pm EST starting TOMORROW!!
  • Reward Developers (Section 3) – TBD – look for update soon!

 

Everyone is welcome to all calls, meetings will be recorded for those that can not attend and updates will be shared at each Full SIG call.  You can see all the foundation meetings in the community calendar(1).  VERY excited to be accelerating our work and getting the plan revised so we can start to being our good work for the community!  Thanks all.

 

  1. - https://calendar.google.com/calendar?cid=czYzdm9lZmhwNWk5cGZsdGI1cTY3bmdwZXNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ

 

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 


[RFC] Cross-Foundation Glossary of terms

CRob Robinson (Intel)
 

Hello TAC.  The Education SIG(1) would like to propose the creation of a common lexicon for terms and definitions that would be used throughout OSSF work and materials  (if one does not already exist in either the OSSF or larger LF).  We’d like the TAC’s assistance in soliciting contributions from across the working groups to contribute specific terminology that may exist in our respective areas (e.g. supply chain-specific terms, tooling/development-specific words, etc.) so that we have one all-inclusive set of artifacts we all can reference that establish how WE ALL are using this terminology so that internal and external collaborators understand what we are trying to convey in a given interaction.

 

We plan on leveraging existing definitions from such sources as NIST, ISO, or other recognized security or open source community bodies as the basis of such work wherever possible, and then augmenting as needed for our specific OSSF-usecases.  We’d love your thoughts and suggestions on this initiative.  Thanks for your time and feedback.

 

  1. - https://github.com/ossf/education

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 


[FYI] Plan 2.0 uploaded as md files to our repo

CRob Robinson (Intel)
 

Team – THANK YOU for all the amazing collab so far.  Due to all of YOUR hard work we have reached the next milestone of our efforts – we are now ready to start fleshing out the skeleton of our plan(1), adding details, and honestly estimating resources and timelines!!  We are also now ready to start accepting PRs/issues now that the plan is in git.  Happy typing (and patches are welcome to help correct any md formatting across the 3 plan files)!

 

To that end, we’ve collected volunteers to help us break into smaller focus groups, iterate through the plan(1), and come back to present their work/request larger group’s approval/help:

  1. Collect & Curate Content
  1. Lead: Dave Russo
  2. Team: Sal Kimmich, Emily Fox, Judy Kelly, VMB, Randall T. Vasquez, Christine Abernathy, CRob, Wheeler
  1. Expand Training
  1. Lead: Glenn ten Cate
  2. Team: Christine Abernathy,, Randall T. Vasquez, CRob, Wheeler
  1. Reward and Incentivize Developers and Maintainers
  1. Lead: Sal Kimmich
  2. Team: Emily Fox, VMB, Randall T. Vasquez, Christine Abernathy, CRob

 

As we enter this next phase, ALL ARE WELCOME to join the focus groups, and our intent is that by zeroing in on a more precise problem set we’ll be able to increase our velocity in prepare the final plan that will be presented to the TAC and GB.

 

As we coordinate small group meeting times/details, I’ll talk to each section leader to talk about what we want content/formatting-wise from each group to deliver back to the team, but here is where our analysis and detail work will come into play, so please continue the excellent collaboration we’ve had to date.

 

Great job all, I’m looking forward to shaping our final deliverables with you all.  Thank you!

 

  1. https://github.com/ossf/education/tree/main/plan

 

Cheers,

 

CRob

Director of Security Communications

Intel Product Assurance and Security

 

 

1 - 16 of 16