Cisco Blogs


Cisco Blog > Security

How to Land Yourself in A Dream Career in Cybersecurity

Last week I had the wonderful honor of being a presenter in the Cisco Networking Academy Find Yourself in The Future Series. To date this series has attracted over 9000 live attendees, which is testament to the extremely high levels of interest in technology careers in this region as well as the extraordinary efforts of the APAC marketing team. One figure blew me away in particular: 70% of attendees are interested in pursuing careers in cybersecurity.

Cybersecurity is an incredibly exciting field. It draws in some of the most talented technologists and brainiacs and in many ways cybersecurity is similar to a game of chess. It’s about anticipating and staying ahead of your opponent. It’s also about learning to think like the bad guys except that he patterns are anything but predictable and then doing good. And, that feeling of contributing to the good of humankind is intensely gratifying.

Cybersecurity is such a diverse field and it intersects with just about every area of technology and even behavioral sciences. And, it’s this intersection that will enable students to pursue their dream careers in cybersecurity. Imagine a career in cybersecurity that intersects with medicine. Today people could die from hackers sending fatal doses to hospital drug pumps and you might have a vision for solving this life-threatening problem. In my work one of my goals is to provide our chidren a safe, digital playground. This combines my interest for education with privacy and digital safety.

On last week’s presentation I suggested students take the following steps to achieving their dream careers. And, it’s these very steps that have been major enablers in my career too.

  1. Find an area of cyber security that is particularly compelling and exciting to you. Or find the intersection of cybersecurity with another field and think of ways that you could change or influence the industry.
  2. Research that area on the web and learn as much as you can about it.
  3. Explore possibilities of being an intern in an organization that is pursuing innovative directions that coincide with your interests.
  4. Find a mentor. Mentors both help you grow your career as well as help you navigate a workplace. If you can find a way to help the person who is mentoring you, for example, research a new area, then you become very valuable to your mentor too.
  5. Finally, think about your career in a series of phases. What you might start out doing may be very different to what you do in 20 years from now. So think about companies that allow you to evolve and career paths that are flexible.

We live in an increasingly insecure digital world. The upside is that that cybersecurity will continue to be a much sought after skillset in the workforce. And, if I can help you pursue your dream career in cybersecurity, please reach out to me and if you missed the session you can view the recording on YouTube.

Tags: , ,

Hook, Line & Sinker: Catching Unsuspecting Users Off Guard

This post was authored by Earl Carter.

Attackers are constantly looking for ways to monetize their malicious activity. In many instances this involves targeting user data and accounts. Talos continues to see phishing attacks targeting customers of multiple high profile financial institutions.  In the past couple of months, we have observed phishing attacks against various financial customers including credit card companies, banks, credit unions, and insurance companies, as well as online businesses such as Paypal and Amazon. These phishing attacks have gone old-school in that they either attach an HTML document or include HTML data in the actual email to present the user with official looking pages that appear to be from the actual businesses being targeted.

Read More »

Tags: , , ,

Responding to Third Party Vulnerabilities

We are now more than one year on from the release of HeartBleed, the first major vulnerability disclosed in widely used third-party code. This is an excellent point in time to look back at what Cisco and our customers have achieved since, including how the Cisco Product Security Incident Response Team (PSIRT) has evolved to meet this new type of threat. It’s also a key time for us to confirm and clarify our commitment to transparency in the vulnerability disclosure process.

Read More »

Tags: , , ,

Securing the Supply Chain is a Collaborative Effort

I’ve been thinking lately about how collaboration can work for the IT industry as we strive to address security. Cisco’s supply chain security capability focuses on three key exposures: taint, counterfeit and misuse of intellectual property.

Specifically, I’ve been thinking about how we might detect and mitigate against counterfeit ASICs. I have a hunch that working with the semiconductor industry, we can achieve this goal. Read More »

Tags: , ,

Domain Shadowing Goes Nuclear: A Story in Failed Sophistication

This post was authored by Nick Biasini

Exploit Kits are constantly altering their techniques to compromise additional users while also evading detection. Talos sees various campaigns start and stop for different exploit kits all the time. Lately a lot of focus has been put on Angler, and rightly so since it has been innovating continually. Nuclear is another sophisticated exploit kit that is constantly active. However, over the last several weeks the activity had ramped down considerably to a small trickle. Starting several days ago that activity began ramping up again and Talos has uncovered some interesting findings during its analysis.

There are several large scale concurrent campaigns going on with Nuclear right now, but one in particular stood out. This campaign is using some familiar techniques borrowed from other exploit kits as well as a new layer of sophistication being added with mixed success. Attackers are always trying to work the balance of evasion and effectiveness trying to evade detection while still being effective in compromising systems. This is especially evident in those hacking for monetary gain in non-targeted attacks. Talos has found a Nuclear campaign using both Domain Shadowing and HTTP 302 cushioning prevalent in Angler. The biggest change is that it appears to be so sophisticated that it’s not working properly. Read More »

Tags: , , ,