Fwd: Skills requirements input ideas for SSR2-RT
Hi team, Please see the email from ssac (below). Please let the list know what you all think, and any opinions or input you have. Thanks! Eric Sent from my iPhone Begin forwarded message: From: Rod Rasmussen <rod@rodrasmussen.com<mailto:rod@rodrasmussen.com>> Date: November 2, 2017 at 3:41:49 PM GMT+4 To: Denise Michel <denisemichel@fb.com<mailto:denisemichel@fb.com>>, "Osterweil, Eric" <eosterweil@verisign.com<mailto:eosterweil@verisign.com>>, Don Blumenthal <dmb@donblumenthal.com<mailto:dmb@donblumenthal.com>>, "Geoff Huston" <gih@apnic.net<mailto:gih@apnic.net>> Cc: Patrik Fältström <patrik@frobbit.se<mailto:patrik@frobbit.se>> Subject: [EXTERNAL] Skills requirements input ideas for SSR2-RT Hi Folks, As we talked about in our informal get-together tomorrow, a few of us from SSAC have pulled together a list of skills applicable to doing a lot of the work you are tasked with from our own skills survey and own experiences. This is informal and not an official SSAC communication, but rather represents input we gathered quickly from several of our members to help you with the issues we know you’ve been wrestling with on the area of necessary skills. We also know that we have some SSAC members interested in joining the SSR2-RT to help with the next phase of your work to help fill some of the gaps you may have should the SO/AC Chairs wish to name more members, which I personally hope happens. I will be sending this e-mail to the entire SSAC as well so they are up-to-speed on our assistance and individual members may have some further thoughts to add at some point. I am sending this to the co-chairs and the SSAC appointees to SSR2 in order to make sure it gets disseminated, as I of course cannot send to the list itself. Please feel free to get back to us with any questions - best through our appointees Geoff and Don so they can send those around and get feedback. I, of course, stand ready to assist in any way I can in my personal capacity, and am happy to chat with any/all of you about ways some or all of us in SSAC can help or provide some advice. We ALL want this to end with a highly successful review! Cheers, Rod ================================ With this list we hope that the SSR2-RT can: 1. state which of its members has skills/experience in each area. (Suggest a Matrix: one axis with skills, other axis with members) 2. look at the its mandate points and tasks (notably the 28 recommendations from SSR1) and determine which skills/experience areas are relevant to each. (Suggest a Matrix: one axis with recommendations/mandate/whatever, other axis with skill/experience.) This exercise should reveal whether there are any gaps on the SSR2 team that need to be filled. Some of the below are practice areas (such as Information Security). Some are areas of subject expertise that are important to mention specifically (for example, directory services operations). Some practice areas may assume or cover certain subjects. (For example, risk analysis may assume knowledge of disaster planning and recovery.) Didn’t want to get too granular. In a matrix they could all be on one list, undifferentiated. Practice areas: Information Security (IS) Information Technology (IT) Project management Security auditing and standards Risk assessment / analysis Data analytics Contractual compliance Subject expertise: DNS Network architecture/design and operations Root server operations Directory services operations ICANN policy ICANN strategic plan and budget PTI functions Internet protocols Penetration testing
I am not of support of this initiative. We have the "pause" status from the Board, let us wait Board directives on the next step. The communication to the team and our constituency need to structured to avoid any inconveniences like the one we are currently going through. Regards, Matogoro On 11/2/17, Osterweil, Eric via Ssr2-review <ssr2-review@icann.org> wrote:
Hi team,
Please see the email from ssac (below).
Please let the list know what you all think, and any opinions or input you have.
Thanks!
Eric
Sent from my iPhone
Begin forwarded message:
From: Rod Rasmussen <rod@rodrasmussen.com<mailto:rod@rodrasmussen.com>> Date: November 2, 2017 at 3:41:49 PM GMT+4 To: Denise Michel <denisemichel@fb.com<mailto:denisemichel@fb.com>>, "Osterweil, Eric" <eosterweil@verisign.com<mailto:eosterweil@verisign.com>>, Don Blumenthal <dmb@donblumenthal.com<mailto:dmb@donblumenthal.com>>, "Geoff Huston" <gih@apnic.net<mailto:gih@apnic.net>> Cc: Patrik Fältström <patrik@frobbit.se<mailto:patrik@frobbit.se>> Subject: [EXTERNAL] Skills requirements input ideas for SSR2-RT
Hi Folks,
As we talked about in our informal get-together tomorrow, a few of us from SSAC have pulled together a list of skills applicable to doing a lot of the work you are tasked with from our own skills survey and own experiences. This is informal and not an official SSAC communication, but rather represents input we gathered quickly from several of our members to help you with the issues we know you’ve been wrestling with on the area of necessary skills. We also know that we have some SSAC members interested in joining the SSR2-RT to help with the next phase of your work to help fill some of the gaps you may have should the SO/AC Chairs wish to name more members, which I personally hope happens. I will be sending this e-mail to the entire SSAC as well so they are up-to-speed on our assistance and individual members may have some further thoughts to add at some point.
I am sending this to the co-chairs and the SSAC appointees to SSR2 in order to make sure it gets disseminated, as I of course cannot send to the list itself.
Please feel free to get back to us with any questions - best through our appointees Geoff and Don so they can send those around and get feedback.
I, of course, stand ready to assist in any way I can in my personal capacity, and am happy to chat with any/all of you about ways some or all of us in SSAC can help or provide some advice. We ALL want this to end with a highly successful review!
Cheers,
Rod
================================
With this list we hope that the SSR2-RT can:
1. state which of its members has skills/experience in each area. (Suggest a Matrix: one axis with skills, other axis with members) 2. look at the its mandate points and tasks (notably the 28 recommendations from SSR1) and determine which skills/experience areas are relevant to each. (Suggest a Matrix: one axis with recommendations/mandate/whatever, other axis with skill/experience.)
This exercise should reveal whether there are any gaps on the SSR2 team that need to be filled.
Some of the below are practice areas (such as Information Security). Some are areas of subject expertise that are important to mention specifically (for example, directory services operations). Some practice areas may assume or cover certain subjects. (For example, risk analysis may assume knowledge of disaster planning and recovery.) Didn’t want to get too granular. In a matrix they could all be on one list, undifferentiated. Practice areas: Information Security (IS) Information Technology (IT) Project management Security auditing and standards Risk assessment / analysis Data analytics Contractual compliance
Subject expertise: DNS Network architecture/design and operations Root server operations Directory services operations ICANN policy ICANN strategic plan and budget PTI functions Internet protocols Penetration testing
-- MATOGORO Jabhera Assistant Lecturer & Coordinator - Microsoft Innovation Center, Tanzania College of Informatics and Virtual Education The University of Dodoma (www.udom.ac.tz)
Hi, In response to your question Eric, I think this is one useful activity we can complete on the last SSR2 meeting before this pause takes effect. Geoff
On 2 Nov 2017, at 4:09 pm, Osterweil, Eric via Ssr2-review <ssr2-review@icann.org> wrote:
Hi team,
Please see the email from ssac (below).
Please let the list know what you all think, and any opinions or input you have.
Thanks!
Hi Folks, Am 02.11.17 um 13:09 schrieb Osterweil, Eric via Ssr2-review: Thanks Rod and Patrik for the initial skill list, which I would only adjust a little as follows:
Practice areas: Information Security (IS) Information Technology (IT) Project management Security auditing and standards Risk assessment / analysis
Risk Management instead of Risk assessment / analysis (as they are part of the general process) and I would like to add Business Continuity Management as a separate area. Considering our Call for Volunteers for the SSR2 <https://www.icann.org/news/announcement-3-2016-06-30-en> we should add furthermore following practice areas: * Corporate Data Security * Business Systems * Incident Response * Malware and abuse vectors
Data analytics Contractual compliance
Subject expertise: DNS
additionally AS Numbers, and Protocol Parameters as a part of Internet Unique Identifiers
Network architecture/design and operations Root server operations Directory services operations ICANN policy ICANN strategic plan and budget PTI functions Internet protocols
We should add further Registry and Registration security
Penetration testing
IMO we don't necessarily need that. A summarized view:
Practice areas: [] Information Security (IS) [] Information Technology (IT) [] Project Management [] Security Auditing and Standards [] Risk Management [] Business Continuity Management [] Corporate Data Security [] Business Systems [] Incident Response [] Malware and Abuse Vectors [] Data Analytics [] Contractual Compliance
Subject expertise: [] DNS [] AS Numbers [] Internet Protocols [] Network architecture/design and operations [] Root server operations [] Directory services operations [] ICANN policy [] ICANN strategic plan and budget [] PTI functions [] Registry and Registration security
Wishing you all a productive meeting day. - Boban. -- Boban Kršić Chief Information Security Officer DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY E-Mail: krsic@denic.de, Fon: +49 69 272 35-120, Fax: -248 Mobil: +49 172 67 61 671 https://www.denic.de PGP Key-ID: 0x43C89BA9 Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9 Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main) Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger Vorsitzender des Aufsichtsrats: Thomas Keller Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt am Main
participants (4)
-
Boban Krsic -
Geoff Huston -
Matogoro Jabera -
Osterweil, Eric