2025 OASIS Board Candidate
Justin Murphy
Justin Murphy, Vulnerability Analyst, DHS Cybersecurity and Infrastructure Security Agency (CISA)
Biography:
Justin Murphy is a Vulnerability Analyst with the Cybersecurity and Infrastructure Security Agency (CISA). He helps to coordinate the remediation, mitigation, and public disclosure of newly identified cybersecurity vulnerabilities in products and services with affected vendor(s), ranging from industrial control systems (ICS), operational technology (OT), medical devices, and traditional information technology (IT) vulnerabilities. Justin is involved with many other vulnerability management related efforts, including CISA’s Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) work, and he serves as co-chair for the OASIS Open Common Security Advisory Framework (CSAF) and OpenEoX Technical Committees. Justin is also a founding member of the Global Community of Practice on Coordinated Vulnerability Disclosure (Global CVD-COP). Justin is a former high school mathematics teacher turned cybersecurity professional and has a M.Sc. in Computer Science from Tennessee Technological University, and a B.Sc. degree in Mathematics and Statistics from the University of Tennessee (Knoxville).
Additional Information:
One issue I have observed in my role as a Vulnerability Analyst at CISA and as co-chair of the OASIS CSAF and OpenEoX Technical Committees is the need to foster greater adoption and operationalization of open standards across sectors. While OASIS has developed many impactful standards, there is still work to be done to ensure these frameworks are fully implemented and integrated into existing cybersecurity operations. I have enjoyed participating in efforts such as the Open Cybersecurity Alliance (OCA), which emphasizes the importance of creating an open, interoperable ecosystem for seamless information exchange and orchestration. I am a strong advocate for open source projects and open standards because they promote transparency, interoperability, and global collaboration—factors that are critical for addressing complex cybersecurity challenges and the ability to adapt to a diverse set of use cases. I think that through my roles at CISA and OASIS, I am in a position to bridge the gap between the public and private sectors, fostering trusted partnerships that enable consistent, coordinated efforts to protect and secure critical infrastructure and I believe this collaboration is essential for building a more resilient and secure ecosystem.