The Open Cybersecurity Alliance (OCA) is on a mission to break down the silos in cybersecurity, making it easier for tools and teams to collaborate in defending against evolving threats. Our open-source community is growing, and with that growth comes the need for passionate leaders who can help steer our initiatives to new heights. Today, we’re reaching out to the cybersecurity community with an exciting opportunity: the STIX-Shifter project is looking for an  additional maintainer.

Why the OCA Matters

In a world where cyber threats are becoming increasingly sophisticated, the need for interoperability among cybersecurity tools has never been more critical. The OCA was founded on the belief that collaboration, supported by open standards and open-source projects, is the key to effective threat detection and response. By creating a common language and framework for security products to communicate, we empower organizations to leverage their existing investments while enhancing their overall security posture.

Our projects, like STIX-Shifter, play a crucial role in this vision. They are not just tools; they are bridges that connect diverse security ecosystems, enabling seamless data sharing and query translation across platforms.

What is STIX-Shifter?

STIX-Shifter is one of the OCA’s flagship projects, designed to address the challenge of interoperability in cybersecurity data sharing. STIX-shifter is an open-source Python library that allows the software to connect to products that house data repositories by using STIX Patterning and returning results as STIX Observations.

This library takes in STIX 2 Patterns as input and “finds” data that matches the patterns inside various products that house repositories of cybersecurity data. Examples of such products include SIEM systems, endpoint management systems, threat intelligence platforms, orchestration platforms, network control points, data lakes, and more.

In addition to “finding” the data by using these patterns, STIX-Shifter also transforms the output into STIX 2 Observations. Why would we do that, you ask? To put it simply – so that all of the security data, regardless of the source, mostly looks and behaves the same.

The power of STIX-Shifter lies in its ability to standardize disparate data formats, making it easier to correlate information, identify threats, and respond swiftly. Whether you’re threat hunting, conducting incident response, or automating security workflows, STIX-Shifter enables you to gather, share, and analyze data more effectively.

Why We Need a New Maintainer

As the cybersecurity landscape evolves, so too must our tools. We are seeking a new champion and maintainer for the STIX-Shifter project—someone with the vision, expertise, and commitment to drive the project forward. The ideal candidate will bring not only technical proficiency but also a passion for open-source collaboration and a deep understanding of the challenges faced by today’s security teams.

The Role of the Champion/Maintainer

The champion/maintainer will be responsible for:

• Guiding the Project’s Technical Direction: Ensuring STIX-Shifter continues to meet the needs of the community by evolving its capabilities and maintaining compatibility with emerging cybersecurity standards.
• Community Engagement: Building and nurturing a vibrant community of contributors, users, and stakeholders. This includes leading discussions, fostering collaboration, and encouraging contributions from across the cybersecurity ecosystem.
• Collaboration within OCA: Working closely with other OCA projects to enhance interoperability and align with the broader OCA vision.
• Ensuring Quality and Stability: Overseeing code contributions, managing releases, and maintaining the overall stability and security of the STIX-Shifter project.

Why This Role Matters

Becoming the champion of STIX-Shifter is more than just a leadership position; it’s an opportunity to make a lasting impact on the cybersecurity community. You will be at the forefront of driving interoperability, helping organizations around the world to defend against cyber threats more effectively. Your work will directly contribute to the OCA’s mission of creating a more connected, secure, and resilient digital ecosystem.

How to Get Involved

If you are passionate about cybersecurity, have experience in open-source development, and are excited by the challenge of leading a key project within the OCA, we want to hear from you. Join us in shaping the future of cybersecurity by stepping up as the new champion of STIX-Shifter.

For more details on how to get involved, please reach out to us either on Slack in the #stix-shifter, via email, or visit our GitHub page.

Together, we can build a more interoperable and secure world.