| Re: [open-regulatory-compliance] Open Regulatory Compliance Working Group Election Notice - Call for Nominations |
Candidate profile ("Bio"):
Jeremy Stanley is presently an employee of the Open Infrastructure
(OpenInfra) Foundation, which is a Foundation Member of the ORC WG.
In addition, he serves on the Board of Directors and as Secretary
for Software in the Public Interest (SPI), is presently Debian's
Affiliate Representative to the Open Source Initiative (OSI),
performs vulnerability management duties in projects like OpenStack
and Zuul CI, is a root systems administrator of the OpenDev
Collaboratory, holds and has held numerous other free/libre open
source software community leadership roles including chairing the
OpenStack Security SIG, Zuul Maintainer, member emeritus of the
OpenStack Technical Committee, and former lead of the OpenStack
Infrastructure Project Team. His professional experience outside
F/LOSS communities includes decades as an information security
practitioner at data center management, hosting, cloud/IaaS and
Internet service provider companies managing systems security
processes as well as writing and maintaining regulations-compliant
security policies.
Jeremy's voice on the Specification Committee will bring open source community collaboration and information security perspectives to guide ORC WG specification process.
Candidate statement:My day-to-day focus is on sustaining open source software communities, especially at the intersection of information security, vulnerability management, and regulatory compliance. I've served the past year on the Specification Committee as well as staying involved in reviewing general ORC WG document pull requests, discussions for the Horizontal Security Standards and Vulnerability Handling workstreams, and participating in a number of the CRA Consultation calls attempting to bring open source community centric feedback into those (as much as was possible anyway).
My professional background is a mixed bag. I started as a systems administrator in the early '90s, which was coincidentally when I began to get involved in free and open source software communities. In the years following Y2K, my focus shifted to writing regulations-compliant corporate security policies and managing other information security relevant activities. For over a decade now, I've been on the staff of the OpenInfra Foundation (formerly OpenStack Foundation), serving in a variety of roles but have also spent most of that time as a member of OpenStack's Vulnerability Management Team, and one of the authors of their transparent VMT Process which has seen widespread reuse by other open source communities (and parts of which have since found their way into popular vulnerability management standards in recent years).
If reelected, my continued voice on the Specification Committee will bring open source community collaboration and information security perspectives to guide ORC WG specification process. Whether or not I am reelected, I still intend to stay involved in the specification drafting effort as well as in other areas of the working group. Thanks for your consideration!
-- Jeremy Stanley
Attachment:
signature.asc
Description: PGP signature