Seastrom, Robert

This nominee has

5

statements of support.

Affiliation: Capital One / ClueTrust

Nomination Committee Evaluation: Qualified

Candidate Speech

Nominee Questionnaire

1. Board of Trustees Qualifications and Responsibilities

Please review the ARIN Board of Trustees Expected Qualifications and Responsibilities thoroughly. Please describe, providing specific details, any barriers you foresee to your fully meeting those qualifications and undertaking those responsibilities. A Trustee’s responsibilities have usually required about 5-10 hours per week.

No barriers.

2. Conflicts of Interest

a) Please disclose any conflicts of interest you may have, real or perceived, that would impact your ability to perform your duty as a member of the ARIN Board of Trustees. (If no conflicts, please enter “N/A”)

I (personally) hold two IPv4 /23s and an ASN and am an LRSA signatory

I am associated with ClueTrust, an ISP in the ARIN region which holds several small IPv4 address blocks, an IPv6 allocation, and an ASN – all under RSA.

My day job is with a large enterprise (Capital One) which is an end user of ARIN-supplied number resources.

I serve ICANN as a Trusted Community Representative (TCR  Crypto Officer) for signing the DNSSEC root.

b) How do you propose to resolve any conflicts identified in (a)? (If no conflicts identified, please enter “N/A”)

I do not believe that any of these situations is an actual conflict of interest when properly disclosed.  Three of the four make me a personally-interested consumer of ARIN’s services.  I have a track record of helping make sure that ARIN policy proposals affect all similarly-situated organizations equally.

c) Are you currently eligible to serve on the Board of Trustees according to the Conflict of Interest Requirements and the eligibility requirements?

No

d) If not currently eligible, describe how you will become eligible to serve, if elected (i.e., “If elected, I will resign from the position of ____________  before 31 Dec 2022”). If currently eligible, please enter “N/A”.

If elected, I will resign from the ARIN Advisory Council before 31 Dec 2022.

3. Education

a) Please list any degree(s) you received, the institution and the date issued.

  • I pursued a degree in Electrical Engineering at University of Delaware but dropped out.

b) Please list any professional designations, certifications, or development education (non-degree) and the dates completed.

  • Senior Member, IEEE (based on CV review), 2015

4. Employment and Experience

a) Please provide the name of any company or organization you currently are employed by, or from which you receive directly or indirectly a material portion of your compensation. Please describe the business of each such entity, your current title, and the office address of the organization.

Capital One is a multinational multi-line bank headquartered at 1680 Capital One Drive McLean, VA 22102.

I am a Senior Manager in the Information Security Office providing technology oversight and risk briefings for leadership.

b) Please refer to the ARIN Board of Trustees Guidance to the 2022 Nomination Committee in answering this question: Please describe your relevant professional experience and expertise and explain how this background will make you an effective trustee.

My career arc of over 30 years as an individual contributor and people manager in large and small service providers and critical Internet infrastructure providers informs my thoughts about scaleable and secure infrastructure in both large enterprises and organizations that are central to the reliable operation of the Internet.  While primarily a technologist, my skill set includes risk evaluation and explaining complex technical issues in a fashion suitable for a wider audience.

Please note that the attached short form resume has not been updated to detail current job functions.

Attach a resume, curriculum vitae, or other biography highlighting your experience most relevant to the duties of the ARIN Board of Trustees. (PDF, DOC, DOCX files only)

https://arin-elections.net/wp-content/uploads/2022/08/seastrom_resume.pdf

You may also optionally include additional web links to external websites (e.g., social media), though not as a substitute for your biography. One URL per line.

None provided.

5. Governance Experience

a) Please identify any boards on which you currently serve that carry fiduciary duties, whether at a for-profit or non-profit organization. Please note how long you have served and what offices, if any, you have held.

None at present.

b) Please identify any other boards on which you have served in the past 10 years that are not included in answer to (a), listing your dates of service.

None within the last 10 years, however, just outside of the scope of this question are two positions that are relevant to serving on the ARIN Board of Trustees:

  1. I served from 2008 to 2011 on the North American Network Operators Group (NANOG) Steering Committee, which became the NANOG Board of Directors as it evolved to a standalone organization.
  2. I served from 2004 to 2012 as the Secretary and Treasurer of Piedmont NRA Instructors, a non-political non-profit dedicated to teaching firearm safety to the general public.

In the more distant past I served as a Board Alternate on a 501(c)(3) amateur radio organization and as President and cofounder of an ISP that was organized as a 501(c)(12) cooperative telephone company.

c) What is the role of ARIN’s Board of Trustees?

ARIN’s Board of Trustees serves in a supportive, strategic, and oversight capacity.  Unlike smaller boards, its role is not dirt-underfingernails, but rather to ensure proper succession plans, secure, retain, and challenge senior leadership, be informed of risk, and make wise decisions in terms of big-picture direction.  Of particular interest is the Board’s responsibility in the Policy Development Process:  the ARIN Board of Trustees is not actively involved in crafting policy; rather its job is to ensure that the bottom-up community driven policy process is followed while protecting the continued viability of the organization.  The ARIN Board oversees the management of ARIN’s investments.  From time to time, the Board has found it necessary to enact emergency policies to deal with exigent circumstances via the process outlined in ARIN’s bylaws.

d) How does your past governance experience prepare you to help fulfill that role by serving as an ARIN Trustee?

I served on NANOG’s board during a period of intense change.  As we evolve our thinking about ARIN’s revenue sources, equitable fee structures, and what it will mean to be an RIR in a post-IPv4 world, I believe my previous experience with that will serve me well.

6. Understanding of ARIN’s role in the Internet governance ecosystem

a) What is ARIN’s role in the Internet governance ecosystem?

ARIN is a Regional Internet Registry and is responsible for fair, impartial, and technically sound administration of Internet Number Resources within its service area (geographic region).  The ARIN Advisory Council shepherds community-submitted policy proposals to accomplish this. ARIN also develops globally coordinated number resource policies with other RIRs via the Number Resource Organization.  Like all RIRs, ARIN has three seats on the Address Supporting Organization Address Council.  Among other things, the Address Supporting Organization is responsible for appointing seats 9 and 10 to the ICANN Board. In addition, ARIN maintains liaisons with governments and law enforcement, NGOs, treaty organizations, and similar Internet governance stakeholders.

b) Describe any past experience or involvement with ARIN or other Internet governance bodies.

I have served on the ARIN Advisory Council since 2003 and have served on multiple committees in conjunction with that role.

I served on NANOG’s Steering Committee / Board of Directors from 2008 to 2011.

I have been a Trusted Community Representative (Crypto Officer) for signing the DNSSEC Root since 2010.

7. Board Discussion Topics

a) Risk Oversight and Management

i) Understanding and overseeing organizational and environmental risk is an important responsibility of Trustees. What do you see as potential risks to the organization, and which are newer risks that have emerged more recently?

Pandemic risk being top of mind has subsided into a “new normal” of hybrid meetings.  Yet hybrid meetings pose their own set of challenges for inclusion and a level playing field between remote and on-site participants and encouraging full community participation. 

If we fail, there are associated business, financial, and reputational risks as well as a possibility of regulatory risk.

Increased reliance on RPKI to a degree many of us did not expect years ago creates operational risks for the Internet, which fall to the RIRs to mitigate.

While the transfer market has existed for over a dozen years, the particulars of the challenges to keep it healthy continue to evolve and landscape for the intersection between transfers (both on and off the books), registry accuracy, and several of the risks outlined above continues to evolve.

There is risk that is not entirely ARIN’s to mitigate.  Should one or more components of the RIR system appear to be in grave danger, there is regulatory and reputational risk that will attach to ARIN by association, which the Board must stand ready to swiftly mitigate if that unfortunate time comes.

There are ongoing risks and challenges in areas of internal governance, government relations, equity and participation, and transparency.

ii) How should the Board best discharge its responsibilities regarding risk oversight and management?

As stated earlier, the ARIN Board is not a small-organization-hands-on board, yet just as we need board members who are skilled in reading a financial statement and asking well- grounded questions of staff and external auditors, we need Board members who are skilled in risk analysis and management to help ensure that we have proper leadership in place and make sure that our strategic plan to manage risk is sound.  We also need board members who are well versed in the minutiae of how the Internet (both customers and non-customers) interact with the ARIN ecosystem.  As ARIN takes a more active role in the routing infrastructure of the Internet via RPKI and evolution of ARIN’s IRR component, this becomes more and more necessary.

It is important to note that elimination of risk is not the prime directive!  Risk reduction (with a goal of acceptable risk not completely getting rid of risk) must be carefully balanced against mission goals; it would not do to be so risk averse that we fail to support our constituency or are unwilling to be bold and do the right thing.

A mature formal risk register is important to properly contextualizing the plethora of risks that are before the organization at any given time, and the Board should continue to make sure that appropriate resources are available to facilitate its growth and evolution.

iii) How will you contribute to strengthening risk oversight and management at ARIN?

My understanding is that ARIN is already moving in the direction of having more formal security structures, particularly in the cyber arena (such as SOC2 and/or ISO27000).  But risk goes well beyond mere cyber risk.  There is risk in literally everything we do.  Legal, reputational, operational, and financial risks need to be taken into account as well.

My day job is technical and business risk evaluation, including developing risk and threat models and matrices.  If elected, I will champion continuous improvement of formalized risk evaluation – not as an end unto itself but rather as a tool to inform our strategic thought about our exposures.

b) Strategy

i) Supporting and reviewing the strategic direction identified by ARIN’s management, in consultation with its membership, is an important responsibility of Trustees. Based on your understanding of ARIN’s current strategic plan and the environment in which it operates, what opportunities or challenges do you foresee for the organization?

ARIN is still figuring out what it means to be an RIR in a post-IPv4-depletion world, and moreover in a post-IPv4 world.  What is the proper level of oversight to apply to number resource transfers?  What are appropriate and equitable fee structures? We have made much progress over the past decade yet there is still work to do. The time will come when the value of IPv4 addresses falls because they are no longer technically relevant, just as nobody is interested anymore in Telex numbers or X.25 DNICs. Far from being an indictment of current or past leadership, this situation is a reflection that the only constant in life is change.

ii) How might these challenges and opportunities influence current or future strategic plans?

Nature abhors a vacuum.  If we fail to evolve to meet current demands of our constituency, others will step in to fill that void.  Will they share our values of a community-driven open process with bottom-up policy development?

iii) Please explain how your background and experience would help in addressing what you believe are ARIN’s greatest challenges.

Having served on the ARIN AC for approaching two decades, my institutional knowledge of where we have been and past challenges will be invaluable as we look to the future.  As a deep technologist, I have served ARIN in the arena of RPKI, IRR, and registry integration and will continue to do so.  My career pivot in recent years to risk oversight of essential infrastructure rather than building same provides important dimensionality to my understanding of our problem space, while a central theme of my entire career has been as a bridge builder between hardcore techies and those whose skills lie in business and finance.

5 responses

  1. Gaige B. Paulsen

    I’ve known RS for over thirty years and we have worked together in many different companies. He is a person of the utmost integrity who takes his responsibilities seriously. He understands that each situation is nuanced and seeks solutions in which all stakeholders concerns are taken seriously. As demonstrated in his work on the ARIN AC, he works for policies that meet the needs of the community, and due to his experience with organizations large and small he can see, and respect, many sides of any issue. His long-term vision for ARIN and understanding of the responsibilities of the Board of Trustees will serve ARIN well into the future. I unreservedly support his candidacy for the Board of Trustees.

  2. I have known Rob Seastrom (RS) since 1990, and we have worked side by side in many organizations many times in the past 3 decades. I know the man’s technical networking skills to be very difficult to even match. His ability to listen carefully to arguments on two sides of a debate I have seen first hand. He is amazingly fair, and reasonable, and further, is willing to take time to explain the pros and cons of each side’s arguments. I have seen him settle such discussions so that both sides decide on mutual ground without further worries. He is an outstanding candidate and will be a serious member of the board of directors.

  3. Kerrie Ann Vassall Richards

    I have known Rob since 2017 where he was primary shepherd on my very first policy. Not only is he a wealth of historical knowledge on number resource policy but also on procedural matters. He offers diversity and depth of thought that takes into consideration the needs of all stakeholders.
    He has an enquiring mind and this is would benefit the BoTs. I support his candidacy for the Board of Trustees.

  4. Christian Tacit

    I have known RS for about ten years and have worked with him on the ARN AC for almost eight years. RS has always impressed me as being a very dedicated community members. He is also technically excellent. he is thoughtful, articulate and creative and has often come up with policy proposals that very sensible once you see them, but not obvious before you do. He also seems aware of the responsibilities of Board members and is highly attuned to technical risk management. I think he would make a great addition to the Board and I support his candidacy!

  5. Chris Woodfield

    RS (as everyone other than his lawyer calls him) is the longest-serving member of the Advisory Council and an indelible part of ARIN. From my first election onto the AC and to the current day, RS has been a dependable “coach” for me, and I’ve spent numerous hours with him getting a crash course in NRPM policy and invaluable insights on the development of particular policy language. He is a technologists’ technologist, always learning and questioning, and I believe would be an excellent addition to the Board Of Trustees. I fully support his election.

All statements of support are held for moderation and subject to the Statement of Support Acceptable Use Policy. Comments without a full, complete name and email may not be approved for publication.
Moderation will be completed within one business day. If you have any questions, please let us know at elections@arin.net.