| Re: [open-regulatory-compliance] Open Regulatory Compliance Working Group Election Notice - Call for Nominations |
On 2024-11-12 11:34:42 -0500 (-0500), Zahra Fazli wrote:
> Hello Jeremy,
>
> Thank you for your self nomination.
>
> Please send us a brief position statement highlighting your work. Attached,
> please find a template for reference.
Apologies for the delay. Here it is reformatted into the requested
template...
I, Jeremy Stanley, hereby nominate myself as a candidate for a
Foundation Member seat on the Specification Committee.
Candidate profile ("Bio"):
Jeremy Stanley is presently an employee of the Open Infrastructure
(OpenInfra) Foundation, which is a Foundation Member of the ORC WG.
In addition, he serves on the Board of Directors for Software in the
Public Interest (SPI), performs vulnerability management duties in
projects like OpenStack and Zuul CI, is a root systems administrator
of the OpenDev Collaboratory, holds and has held numerous other
free/libre open source software community leadership roles including
chairing the OpenStack Security SIG, Zuul Maintainer, member
emeritus of the OpenStack Technical Committee, and former lead of
the OpenStack Infrastructure Project Team. His professional
experience outside F/LOSS communities includes more than a decade as
an information security practitioner at data center management,
hosting, cloud/IaaS and Internet service provider companies managing
systems security processes as well as writing and maintaining
regulations-compliant security policies.
Jeremy's voice on the Specification Committee will bring open source
community collaboration and information security perspectives to
guide ORC WG specification process.
Candidate statement:
My day-to-day focus is on sustaining open source software
communities, especially at the intersection of information security,
vulnerability management, and regulatory compliance. I've been
involved so far in initial discussions for the Horizontal Security
Standards workstream as well as the CRA FAQ workstream, and
participated in a number of the CRA Consultation calls attempting to
bring open source community centric feedback into those (as much as
was possible anyway).
My professional background is a mixed bag. I started as a systems
administrator in the early '90s, which was coincidentally when I
began to get involved in free and open source software communities.
In the years following Y2K, my focus shifted to writing
regulations-compliant corporate security policies and managing other
information security relevant activities. For over a decade now,
I've been on the staff of the OpenInfra Foundation (formerly
OpenStack Foundation), serving in a variety of roles but have also
spent most of that time as a member of OpenStack's Vulnerability
Management Team, and one of the authors of their transparent VMT
Process which has seen widespread reuse by other open source
communities (and parts of which have since found their way into
popular vulnerability management standards in recent years).
If elected, my voice on the Specification Committee will bring open
source community collaboration and information security perspectives
to guide ORC WG specification process. Whether or not I am elected,
I still intend to stay involved in the specification drafting effort
as well as in other areas of the working group. Thanks for your
consideration!
--
Jeremy Stanley
Attachment:
signature.asc
Description: PGP signature