Aharon CherninFounder

United States - Tampa, Florida

I create standards based information security infrastructure that’s wrapped in automation and allows for objective measurable security.

“If you can’t measure it, you can’t manage it.” – Dr. W. Edwards Deming

Cyber Threat and Intelligence:
* Cyber intelligence standards development and operationalization: TAXII, STIX, CybOx, MAEC, IODEF
* Automating cyber intelligence creation, distribution, and consumption
* Expert in converting intelligence into actionable detectable data
* Documenting and automating cyber intelligence content process
* Developing repositories of cyber intelligence data
* Cyber intelligence security research, development, and innovation
* Active Security Clearance, DHS sponsored

Compliance and Vulnerability Management:
* OVAL (Open Vulnerability Assessment Language) board member
* CVSS v3 working group member
* Creation of vulnerability and configuration compliance policy
* Innovative vulnerability management and compliance strategy
* Expert knowledge of SCAP and its associated standards – CVE, CVSS, XCCDF, CPE, and OVAL.
* Developed repositories of SCAP data

Security Automation:
* Lead a team of developers who focus on automation through standards usage
* Quantifying security automaton time and cost savings
* Chair of the FS-ISAC Security Automation Working Group
* Integrate and automate communication between information security tools
* Automated creation of actionable data

Specialties: * Information Security Vulnerability Program Management
* Compliance
* Information Security Policy
* Innovative and future Information Security technology

* SCAP standards - OVAL, CVE, CVSS, CCE, XCCDF
* Threat intel standards - TAXII, CybOx, MAEC, INDEX
* Systems Automation and Integration
* Information Security Automation
* Unix, PHP, Perl, MySQL