Cisco Blogs


Cisco Blog > Life At Cisco

Cisco Employee Earns Security Bug Bounty – 1 Million United Miles!

If you had a million airline miles, where would you travel?

Kyle Lovett, a security penetration tester with the Advanced Services Security Team is asking himself that very question right now. That’s because his United Airlines mile bank is overflowing, thanks to a security bug he found through a bug bounty United Airlines was offering.

Kyle's United Miles

Kyle Lovett, security penetration tester at Cisco, has a million miles in his United app, thanks to a bug bounty the airline initiated.

Bug bounties are nothing new, they’ve been around for a while, usually offered by big tech companies. It’s an opportunity for white-hat “hackers” (those using their powers only for good) to find security vulnerabilities for rewards. United is the first airline to offer a bug bounty.

Kyle lives and breathes security. He says he’s been “breaking things” since he was a kid. It’s a part of his day-job, but also something he enjoys in his free time. Normally, he doesn’t participate in bug-bounties, but in the case of United, he was intrigued.

“Sometimes, a company will recognize the work with a good reward,” Kyle says. “What caught my eye [with the United bug bounty] is that they were giving away miles. But they were significant miles. So I sat down one Saturday morning and got to work.”

Kyle Lovett

Kyle Lovett, security penetration tester at Cisco.

Kyle got to work for sure. In a few hours, he’d made several different submissions. One of those submissions was significant enough to get United’s almost immediate attention. He’s under agreement not to say what the bug was, but it was big enough to earn the largest prize in the bug bounty – he’s now in the million mile club.

“United reached out to me with questions and clarifications,” he explains. “We went back and forth over the course of a week, and they had it fixed in a few days. Then they said ‘Congratulations! Here are a million miles.’ They were genuinely concerned about the bug and very professional.”

He opened his United app, and saw the seven-figure number. A million miles means approximately 40 domestic round-trip flights, 20 round-trip flights to Europe, or eight first-class trips. Here’s the kicker. He still has additional submissions that might earn him MORE miles.

How will Kyle put them to use? He’s already bringing his mom and brother out from Virginia to visit him in California. His job gives him a lot travel opportunities as well, so he’s a little stumped right now.

“I’ve always wanted to go to East Asia or the Southern Pacific. Not for the scenery (although that’s nice). I’m more intrigued to see the culture,” he says. “But I would like to give at least one ticket away for someone who might really need it, maybe for medical treatment or they can’t afford to get home.”

How’d Cisco get so lucky to have such a great security tester on the team?

“The Internet of Everything is near and dear to my heart, especially the security around it,” Kyle says. “There is such a large wealth of people to reach out to in all different areas. And the culture and atmosphere here is genuine. I’ve not met one person who works here that doesn’t enjoy what they do!”

Want to join Kyle and the Cisco Security team? See open security jobs here.

Tags: , , ,

Security as an Enabler in a World of Increased Manufacturing Vulnerability

CF imageTShakibManufacturing is entering a new digital era, with more opportunity for mass customization, reduced downtime, and increased innovation. Manufacturers are capturing the value of the Internet of Everything (IoE) by becoming digital. Many are taking their first steps in this transformation by adopting Ethernet to connect plant floor devices to better manage operation and supply chain workflows, improve efficiency, and reduce costs. This digital transformation, however, creates greater exposure to cyberattacks. As a result, mitigating security threats has never been more important. Read More »

Tags: , , , , , , , ,

#CiscoChampion Radio S2|Ep 23. Cisco Hosted Identity Services

CiscoChampion200PXbadge#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’ll be talking about Cisco Hosted Identity Services with Cisco Lead Architect Eric Eddy.

Listen to the Podcast.

Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.
Ask about the next round of Cisco Champions nominations. EMAIL US.

Cisco SME
Eric Eddy, Lead Architect for Cisco Hosted Identity Services

Cisco Champion Guest Host
Josh Warcop, @Warcop, Senior Consultant

Moderator
Brian Remmel (@bremmel) Read More »

Tags: , , , ,

#CiscoChampion Radio S2|Ep 20. Talos

CiscoChampion200PXbadge#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’ll be talking about the Talos Security and Intelligence Research Group with Sr. Technical Leader / Security Outreach Manager Craig Williams.

Listen to the Podcast.

Learn about the Cisco Champions Program HERE.
See a list of all #CiscoChampion Radio podcasts HERE.
Ask about the next round of Cisco Champions nominations. EMAIL US.

Cisco SME
Craig Williams, Sr. Technical Leader / Security Outreach Manager
Blogs by Craig Williams
Craig Williams (@security_craig) on Twitter

Cisco Champion Guest Hosts
Jake Gillen, @jakegillen, Senior Security Engineer

Moderator
Brian Remmel (@bremmel) Read More »

Tags: , , ,

Plan to Be Secure; Secure to Your Plan

The routine goes something like this. First a breach of security occurs somewhere in the enterprise, it could be something as small as a single computer getting infected or it could be a massive data loss. It seems like that’s a wide range of events, but often the reaction in an enterprise is the same. The IT executives have a meeting to determine fault and then the analysts and engineers are given the task of making sure that that particular incident never happens again. The analysts and engineers then reply with budget requests for new software and hardware from their favorite vendors. Unfortunately the end result is generally that money is spent and security is only moderately improved, if at all.

In the midst of reacting, everyone forgets that technology doesn’t configure itself and that the weakest link are the people. Instead of ramming in the latest and greatest in technology, we should be leading our company to review, create (if necessary) and rewrite our security policies. Without a policy, security tools are like unguided missiles that we hope hit their target. Read More »

Tags: , , ,