Cisco SecCon 2012 brought together hundreds of engineers, live and virtually, from Cisco offices around the globe with one common goal: to share their knowledge and learn best practices about how to increase the overall security posture of Cisco products.
It is amazing to see how many definitions the word “hack” has out on the Internet. Just look at Wikipedia: http://en.wikipedia.org/wiki/Hack. In short, the word “hack” does not always mean a “bad” or “malicious” action.
I’ve had the opportunity and honor to present at SecCon several times, 2012 being my fourth year. My session this year was titled “Cisco PSIRT Vulnerability Analysis: What Has Changed Since Last SecCon”. As you probably already know (or might have guessed), I’m part of Cisco’s Product Security Incident Response Team (PSIRT). During my talk I went over an analysis of the vulnerabilities that were discovered, driven to resolution, and disclosed during this past year, as well as lessons learned from them. I also highlighted several key accomplishments Cisco has achieved during the last few years. For example, Cisco now has the ability to correlate and patch third-party software vulnerabilities. Additionally, we have grown Cisco’s Secure Development Lifecycle (CSDL) into a robust, repeatable and measurable process. As Graham Holmes mentioned in a recent blog post:
Our development processes leverage product security baseline requirements, threat modeling in design or static analysis and fuzzing in validation, and registration of third-party software to better address vulnerabilities when they are disclosed. In the innermost layer of our products, security is built-in to devices in both silicon and software. The use of runtime assurance and protection capabilities such as Address Space Layout Randomization (ASLR), Object Size Checking, and execution space protections coupled with secure boot, image signing, and common crypto modules are leading to even more resilient products in an increasingly threatening environment. Read More »
Research from IDC Health Insights (Clinical Buyer Behavior Study) shows on average clinicians typically use 6.4 different mobile devices daily for professional use. Recently, I participated in a Cisco Bring Your Own Device (BYOD) workshop discussing challenges Healthcare organizations have supporting mobile devices with reliable, high performance, in-building wireless coverage while maintaining operational efficiencies. Healthcare experts from Networking, Security and IT discussed challenges facing Healthcare and various ways BYOD is defined. A common question is how to address challenges with BYOD. What recommendations does Cisco Healthcare offer in implementing BYOD? What options are available with wireless reducing security risks? What are Cisco’s best practices with BYOD maintaining compliance with regulatory policies and accreditation requirements?
This time last year, I was sitting at an old, high-top biology lab table with my son’s AP Biology teacher, asking him to explain this whole “Flipped Classroom” thing and why his classes’ AP bio scores were so high. Lo and behold, Flipped Learning became the mantra of the year.
Sal Khan and the Khan Academy became the best-known content-feeder into this phenomenon, and I started voraciously consuming his videos on pre-calculus, statistics, and world history. So did teachers and students as they turned to Khan as a source of pre-packaged lectures, new flipped learning models, and emerging information on different assessment measurements. Aaron Sams and Jonathan Bergmann even wrote a book about it, The Short History of Flipped Learning, and they joined us as guest speakers at the 2012 ISTE show.
At Cisco, we rely on more than 600 suppliers worldwide to manufacture, test, ship, and recycle the products we design. And, we expect these suppliers to meet the same high standards on ethics, labor rights, health and safety, and the environment that we apply to our people and operations.
So how do we manage that task over such a large network of suppliers?
One of our most powerful tools is our supplier scorecard. In the last fiscal year, we added sustainability criteria to the scorecard for the first time, and we are encouraging our suppliers to report their performance publicly in a Corporate Social Responsibility Report report and to disclose their greenhouse gas emissions through the Carbon Disclosure Project.
I have just come back from the Gartner Data Center conferences in London and Las Vegas where I got to witness the increasing relevance of Cisco in the data center. The critical role of the network to enable the world of many clouds has becomes evident, and Cisco continues to establish itself as an innovator in the server market. Our vision and solutions really grabbed the attention of the analysts and customers at a level that I certainly didn’t see last year.
Data center consolidation, server virtualization, and converged infrastructure continue to be chief concerns among decision makers. Emerging topics such as fabric –based infrastructure, hybrid cloud, and network programmability were definitely the focus of numerous presentations and endless conversations.
Cisco continues to innovate on all these fronts, and we had a lot of progress to present to the audiences in London and Vegas.
Three Insightful Conversations
I’d like to share with you three conversations I had at the Gartner DC Conference in Las Vegas. Two are with the sales and engineering leaders for Cisco Data Center, Frank Palumbo (@fpalumbo) and David Yen, and the third is with one of our partners, Siki Giunta from CSC, who participated on a panel on Cloud that I moderated.
Frank Palumbo on convergence, virtualization, network programmability, and SDN
In the first conversation, Frank Palumbo, VP Global Sales, reports some of the major concerns of the IT organization. Our conversation covers:
The new role of the “cylinders of excellence” — servers, network, storage and security teams — when the goal is to implement a convergence infrastructure;
The benefits of deploying unified computing in environments where virtualization coexists with “bare-metal” workloads; and
Network programmability and SDN.
David Yen on the evolving data center
My second conversation was with David Yen, Cisco SVP & GM, Data Center Group, who gave a great presentation to more than 600 attendees called “The Evolving Data Center: Past, Present, and Future.”
David — who brings in-depth knowledge of IT technologies from his years working with Sun Microsystems, Juniper, and Cisco – provides new perspective on the evolution of the data center.
In his presentation David explains how the convergence infrastructure, on the one hand, and network programmability, on the other hand, reshapes the data center landscape to make the world of many clouds possible.