Aharon Chernin

I create standards based information security infrastructure that’s wrapped in automation and allows for objective measurable security. “If you can’t measure it, you can’t manage it.” – Dr. W. Edwards Deming Cyber Threat and Intelligence: * Cyber intelligence standards development and operationalization: TAXII, STIX, CybOx, MAEC, IODEF * Automating cyber intelligence creation, distribution, and consumption * Expert in converting intelligence into actionable detectable data * Documenting and automating cyber intelligence content process * Developing repositories of cyber intelligence data * Cyber intelligence security research, development, and innovation * Active Security Clearance, DHS sponsored Compliance and Vulnerability Management: * OVAL (Open Vulnerability Assessment Language) board member * CVSS v3 working group member * Creation of vulnerability and configuration compliance policy * Innovative vulnerability management and compliance strategy * Expert knowledge of SCAP and its associated standards – CVE, CVSS, XCCDF, CPE, and OVAL. * Developed repositories of SCAP data Security Automation: * Lead a team of developers who focus on automation through standards usage * Quantifying security automaton time and cost savings * Chair of the FS-ISAC Security Automation Working Group * Integrate and automate communication between information security tools * Automated creation of actionable data Specialties: * Information Security Vulnerability Program Management * Compliance * Information Security Policy * Innovative and future Information Security technology * SCAP standards - OVAL, CVE, CVSS, CCE, XCCDF * Threat intel standards - TAXII, CybOx, MAEC, INDEX * Systems Automation and Integration * Information Security Automation * Unix, PHP, Perl, MySQL