Tuesday, December 11, 2012

Interview with Chairwoman Kathleen M. Moriarty of the MILE Working Group





A unique event occurred in Atlanta, Georgia starting from Sunday, November 4th 2012 and lasting until Friday, November 9th 2012.  That especially important happening was called, IETF 85 short for Internet Engineering Task Force 85.

OK, so you might ask what is IETF?  The IETF is one of two working bodies that set the technical standards for the Internet.   Within it, there are many people focus on individual subjects related to creating communications basis of comparisons for the Internet.

Likely, the individual subjects or “Working Groups” would address a specific related topic, whereas the focus is more concentrated.

The MILE Working Group is one of those individual subjects; I by some extraordinary circumstances happen to stumble upon it while taking an in-depth look at the IETF 85 during
my very first visit to this type of event.

Tuesday, November 6th 2012, I had the opportunity to sit in a meeting presided by Chairwoman Kathleen M. Moriarty of the MILE Working Group (“WG”).

Finding myself fascinated by the MILE WG, I approached Ms. Moriarty to learn more.

As a result of a series of conversations and emails, Chairwoman Kathleen M. Moriarty agreed to an interview.

As a small business owner, I would have been quite comfortable if she only agreed to answer a few questions, but she was glad to answer all ten (10) questions with great detail below,
check them out:

C. Henry’s comment:  In Ms. Moriarty Field of Expertise, she is considered the “Best of the Best” when it comes to Governance, Risk and Compliance.  She is known in the Cyber Security Industry where she has been asked to speak on several occasions regarding the three terms mentioned, so I started the interview addressing what appears to be her Life’s Work.

C. Henry Adams: Governance, risk and compliance programs; are these subjects mentioned- things that a small business needs to be concern with in modern times? If yes, please explain briefly why in your professional opinion.

Kathleen Moriarty: 
While I do think Governance, Risk, and Compliance (GRC) are important topics and there has been significant progress in the past few years, there is much work to be done to achieve the levels of automation needed to improve the efficiency of GRC programs. Currently, I am looking towards efforts like the Security Automation and Continuous Monitoring (SACM) mailing list in the IETF to assist in elevating the solutions to a new level. Before we can achieve GRC, the underlying methods to gather data to support GRC must improve. To me, this means security and IT automation with information and metrics generated for administrators first. Once we can generate these metrics in a sustainable way, we will be able to derive more useful business level metrics to demonstrate the impact of a new program or the effectiveness of certain security or IT controls. While we can do much of this today, there is a lot of work to be done to improve GRC with automation.

C. Henry Adams:  The MILE Working Group operates under the schema of XML or extensible markup language, which relates to a certain way to send and receive communications via the Internet. Are the standards your Working Group (MILE) developing involved with the security aspects of the Internet?


Kathleen Moriarty:  The MILE working group approaches its standards first with the data model description of any data format representations needed. The current data models (IODEF, IODEF extensions and RID) are represented using XML schemas. Since the MILE working group is focused on enabling the secure exchange of cyber security incident and indicator information, we address security at both the object level (apply data encryption techniques to the data itself) and at the transport layer. The standards in the MILE working group make use of the appropriate security standards to protect the data exchanged and will enable an early warning by sharing cyber security threat information.

C. Henry’s comment: In an attempt to figuratively throw a “curb ball” question to her, Ms. Moriarty hit a grand slam home run out of the park with the following interview question.

C. Henry Adams:  It is understood that you are a Renown and Upcoming Star in your Field of Expertise. How would you inspire little girls and boys, as well as, Young Adults to follow in your footsteps?

Kathleen Moriarty:  Thank you! Young people need to have the confidence instilled in them to believe that they can make a difference and solve problems in math and science. I am glad you asked this in reference to today’s youth as girls make a decision to enter science and math fields as early as 11 or 12. Some successful programs have been able to attract young women in programs through women role models who have blazed the trail demonstrating that women are successful in the specific areas of science and math. I think it is important to encourage youth while exposing them to science and math opportunities through the positive influence of teachers, role models, and outreach of those role models.

C. Henry’s comment:  When I read her answer to the previous question, I found myself reading it again.  She is so modest that she tried to indirectly say she would be glad to speak with inspired girls in person.

C. Henry Adams: What is the primary object of the MILE Working Group for the IETF? Do you share the responsibility of chairing this group alone or with another person?

Kathleen Moriarty:  C. Henry, the information provided in my response is based on my experience with the IETF, therefore links have been provided to ensure accurate and up-to-date information while being easily accessible to those interested.

Brian Trammell is my Co-Chair for the MILE working group and we make a great team balancing the work we both enjoy. The primary object of the MILE working group is to enable the secure automated exchange of cyber security information through international standards. You can find the charter for the working group at the following link for a more detailed explanation:

http://datatracker.ietf.org/wg/mile/charter/


C. Henry Adams:  We understand that RFCXXXX where "XXXX" equals a number- stands for 'Request for Comment’, whereas, it represent a publication of Internet Standards.  Has MILE WG published any RFCs to date?

Kathleen Moriarty:  Yes, the full list of drafts in progress and published RFCs associated with the MILE working group can be found on the charter web page, by following the “documents” link. RFC6545 and RFC6546 were the first of several documents that will be published as RFCs in the IETF through the MILE working group.

http://datatracker.ietf.org/wg/mile/

C. Henry’s comment: There is a difference between a RFC and Internet Draft; I learned quickly that one must speak the Technical Language casually spoken at any meeting in the IEFT to fully understand.  I know now why they have a Newcomer’s Orientation. LOL

C. Henry Adams:  While attending IETF 85, I reviewed several Draft Documents of various Working Groups. What is an Internet Draft and does the MILE WG have any written and published?


Kathleen Moriarty:  As you are aware, reviewing Internet drafts is very important when attending IETF meetings as well as following the mailing lists of the working groups that interest you most. An Internet draft is a work-in progress document that is either an individual draft or a working group document. The Internet draft may progress to become an RFC, or an IETF standard. The Newcomers Guide provides additional information that discusses the process for various types of Internet drafts to become RFCs and the types of RFCs.

http://www.ietf.org/newcomers.html

C. Henry’s comment: I guess the IETF encountered many Newcomers like myself who thought they knew a thing or two, why do I make this statement?  Well, it turns out at the beginning of the IETF 85, Newcomers were given the opportunity to meet Chairs of various working groups. Where was I when this gathering was going on?  Probably enjoying the Chocolate Chip Cookies placed out on serving tables to be devoured by the likes of me or someone else.  LOL

C. Henry Adams:  In a conversation with you following a long day of meetings at the IETF 85, you made a unique, inspiring statement. Basically if I recall correctly, you explain that one does not have to be an official with technical background to grasp understanding or participate within a Working Group. What is required to participate in a Working Group within the IETF like MILE? Speaking of MILE WG, where can one find information about it?

Kathleen Moriarty:  Thank you for raising this important point! Just about all of the IETF working groups need to be informed by real users of the solutions that would be a result from that working group. In the case of MILE, we need input from business owners like yourself, security professionals, and incident response handlers in addition to data model and transport protocol experts.

C. Henry Adams:  How many times does the IETF meet in one year and where?

Kathleen Moriarty:  The IETF meets three times a year, typically in March, July, and November. The schedule is posted years in advance to allow for planning and to prevent conflicts with other related meetings. The locations of the meetings vary with an effort to distribute the travel burden evenly among participants. As such, there may be one meeting in Asia, then Europe, followed by one in North America. The last four meeting locations included Taipei, Paris, Vancouver, and Atlanta, Georgia.
 
C. Henry’s comment: If you thought for one instance that the IETF is just another conference spending money in extravagant places most people can’t afford while playing on the Internet, think again.  Their work is NO PLAY GAME, however, it is very serious, as well as, time consuming. The ease of communicating on the Internet that you and I experience daily or even down to milliseconds are the positive results of the many professionals involved with the IETF, IAB, ISOC and other Global related organizations which encompass the Internet.

C. Henry Adams:  What steps should a small business owner or entrepreneur take to join any IETF Working Group?

Kathleen Moriarty:  I would recommend reviewing the list of active working groups to see which of the working groups has the most relevance to your business. The IETF web site is the official place to find information and I recommend following the links provided to learn more about the IETF and to find the most current information. The list of IETF working groups and information about working groups can be found at the following link:

http://www.ietf.org/wg/
  
C. Henry Adams: Final question, what recommendations would you give to Newcomers regarding the IETF?

Kathleen Moriarty:  The IETF put together the following page to assist newcomers:

http://www.ietf.org/newcomers.html

Additionally, the IETF holds a Newcomer session the first day of the meeting cycle followed by a social. I highly recommend that Newcomers review the provided information and attend the sessions specific to Newcomers. The IETF web site is the best place to get information on the IETF to ensure the information is up-to-date.

C. Henry Adams:  This concludes the interview questions and I most certainly thank you again for any considerations. Oh yeah, please excuse my grammar.

Kathleen Moriarty:  Thank you very much for the great set of questions! It is important that IETF efforts continue to grow and include opinions and perspectives from folks such as yourself.

C. Henry’s comment: Listen, I was “blown away” (Figuratively Speaking) by the professional manner this intelligent and graceful Lady took the time to address my questions, as well as, concerns.  I’m encouraged by the fact that Globally we all appear to have great communications developing through the ‘likes’ of the Internet.
 

Written by,

C. Henry Adams

President / CEO
Broadcasting Interest Enterprise, Inc.

and answered in writing by,

Kathleen M. Moriarty
EMC2




Sphere: Related Content

No comments:

Post a Comment

Write A Comment And Tell Us What You Think.

C HENRY BLOGS ARCHIVE

Enter your email address:

Delivered by FeedBurner