Avatar

John Stuppi

Technical Leader

Cisco Security Research & Operations

John Stuppi, CCIE No. 11154, is a technical leader in the Security Intelligence Operations (SIO) organization at Cisco where he helps customers leverage their Cisco infrastructure to overcome emerging security challenges. In this role, John is responsible for creating, testing, and communicating effective techniques using Cisco product capabilities to provide identification and mitigation solutions for Cisco customers facing current or expected security threats.  Current projects include helping customers leverage DNS and NetFlow data to identify and subsequently mitigate network-based threats.  Additionally John contributes to the Cisco SIO Portal through the publication of white papers, Security Blog posts, and Cyber Risk Report articles and has presented several times on various network security topics at Cisco Live.  John is also a CISSP (#25525) and holds an Information Systems Security (INFOSEC) Professional Certification. In addition, John has a BSEE from Lehigh University and an MBA from Rutgers University.   John lives in Ocean Township, New Jersey (aka the “Jersey Shore”) with his wife, two kids and his dog.

Articles

January 22, 2016

SECURITY

Overcoming the DNS “Blind Spot”

2 min read

[ed. note – this post was authored jointly by John Stuppi and Dan Hubbard] The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring DNS is often a critical step in […]

January 8, 2015

SECURITY

CVSS Version 3 Available For Public Comments

1 min read

The Common Vulnerability Scoring System (CVSS) Special Interest Group (SIG), in which Cisco is an active participant, acting on behalf of FIRST.org, has published a preview of the upcoming CVSS v3.0 scoring standard.  The CVSS v3.0 preview represents a near final version and includes metric and vector strings, formulas, scoring examples and a v3.0 calculator […]

November 13, 2013

SECURITY

Cybersecurity: Where are the Biggest Threats?

1 min read

Rarely a week goes by that we don’t hear of a database compromise that results in confidential data—many times consisting of personally identifiable information (PII)—falling into the hands of those who should not have access to the data. Protection of our PII is becoming increasingly critical as more and more information is collected and stored through the use of Internet-enabled devices.

October 21, 2013

SECURITY

Security Is Pervasive in the Cisco Blog Community

1 min read

As we pass the halfway point of National Cyber Security Awareness Month (NCSAM), I wanted to call attention to some of our colleagues over on the Cisco Government Blog.

October 3, 2013

SECURITY

Ten Simple Ways to Enhance Cyber Security for You and Others

5 min read

Hi there and welcome to today's U.S. National Cyber Security Awareness Month tip, courtesy of those of us involved in administering and/or contributing to Cisco Security Intelligence Operations!! For...

July 8, 2013

SECURITY

Cisco Live USA 2013: Recap from a Network Security Engineer

3 min read

Having just returned home to New Jersey from Cisco Live US in Orlando, Florida, I thought I’d share my experiences as a Network Security Engineer both attending and presenting at this year’s conference. There were approximately 20,000 attendees at this year’s conference, which I believe set a new Cisco Live attendance record! Considering the huge size […]

April 15, 2013

SECURITY

Cisco Security Disclosure: Help Us Help You!

2 min read

The decision to deliver the biannual (on the fourth Wednesday of every March and September) Cisco IOS Software Security Advisory Bundled Publication brought with it many challenges, process changes, and—in the end—a format for Cisco Vulnerability Disclosure that we hope addresses at least some of your concerns. What we would like to get now is feedback from our customers on how the bundle delivery format has changed your lives (well, at least during working hours!), for better or for worse, when it comes to dealing with Cisco PSIRT security vulnerabilities identified in your Cisco IOS environment. The information you provide in this survey will help Cisco to continue to evolve our vulnerability disclosure process to address your challenges and concerns, just as we did back in 2008 when we listened to you and developed the Cisco IOS Software Security Advisory bundle process.

January 3, 2013

SECURITY

Protecting Our Networks: It’s a Team Game Now!

3 min read

I have been coaching youth sports for the past seven plus years now and one of my common mantras when speaking to the girls and boys each season is that “we will win as a team and lose as a team.”  In other words, I will never tolerate one player acting selfishly enough to think […]