Cisco Blogs

Cisco Blog > Government

RSA Conference 2013: I Am Security

Here I sit… In Mel’s Drive-In Diner, San Francisco, CA. I just inhaled the “El Ranchero Americano”, which I am sure to regret later, and am enjoying tunes from yester-year complete with Doo-Wop and Presley. You may ask, “Why do I care…?”  Well, before this turns into an episode with Anthony Bourdain, I will let you know that I am in ‘The City’ attending RSA Conference 2013.


RSA Conference 2013 Video


Allow me to give you a quick background.  RSA’s goal is to connect security professionals from around the world in order to continue the growth and importance of security as technology aggressively expands. RSA started these conferences in 1991 when internet security really became a topic of discussion.  Everyone who is anyone is here, from start-up companies to our own Cisco.

Again, you might ask “What’s the big deal?”  I listened to a keynote by Vint Cerf, widely known as ‘The Father of the Web’, he gave an ‘If you can imagine…” speech. In this talk, he said if we could imagine our refrigerator being able to ‘talk’ to us… explore the internet for recipes in which the ingredients are what we currently have in the fridge and have a list of those recipes ready for us on the door or emailed to us. Pictures on our refrigerator being streamed live from our loved ones as they are posted on various social media sites, keeping us in the loop with our families across the world… It’s not ‘If’, it’s most certainly ‘when’… We are currently living in the era of the ‘Internet of Everything’.

With this, though, comes the most important element:  Security. How? How do we secure all of our information as we move forward? How do we secure billions of people while maintaining a ‘free moving internet?’ That’s why we’re here. We are here to discuss current security initiatives, evolving ideas, discussing the gaps in our current security… We are here to protect you.

As we move forward, it is absolutely essential to protect our ‘freedom’ to use the internet anytime, anywhere, and on any device. There are professionals working tirelessly in order to maintain that connectivity, and conversely, there are just as many trying to take our freedom away by disrupting our service and ‘stealing’ our personal information for their personal gain.

In our progression to ‘work our way’ in every way, we must stay vigilant and always on guard. I don’t know about you, but I do enjoy my flexibility and I also know I can sleep well at night knowing that there are people invested in my cybersecurity safety.

Until next time.


Tags: , , , , , , ,

Mobile Telework: Cost Effective, Flexible and Secure

RPODIMG_5776I really love my mobile devices, my iPhoneiPod, and rPod.

What’s an rPoD you ask? It’s my mobile getaway vehicle.

I can get access to mobile apps, listen to music, and enjoy a getaway to the coast. These devices are not just for fun though, these are powerful tools that allow me to telework from home or in reality anywhere and anytime. My mobile apps include my email, calendar, webex, jabber and other apps required for me to do my job.  I’m more productive, it’s more cost-effective, and very flexible.  And, it’s secure.

This week, I’m attending the RSA security conference in San Francisco.  Mobile device security and cyber security are some of the hot topics in the keynotes, special government sessions, and throughout the event. I’m able to attend this event to learn about the new technologies available to secure mobile devices and cloud and also the expanding cybersecurity threats. At the same time, I’m productive, mobile and secure.

Next week, like most every week, I will be teleworking. Please join me and more than 100,000 others to support Telework Week.

Cisco, in partnership with the Mobile Work Exchange, is a proud supporter of Telework Week from March 4-8. Telework Week 2013 is a global effort to encourage government agencies, business organizations, and individuals to pledge to telework anytime during this week. Please take a minute to visit this site to learn more about the benefits of Telework, pledge to support this initiative, and use the calculator to estimate savings. I have been teleworking for nearly 20 years and plan to continue to enjoy the benefits for mobility and telework for years to come.

Read More »

Tags: , , , ,

Protecting Our Networks: It’s a Team Game Now!

I have been coaching youth sports for the past seven plus years now and one of my common mantras when speaking to the girls and boys each season is that “we will win as a team and lose as a team.”  In other words, I will never tolerate one player acting selfishly enough to think he or she is above everyone else on the team.  I strive to instill the objective that we will collectively pool our talents for the betterment of the team.  We use this approach because each boy and girl, believe it or not, brings with himself or herself a unique set of abilities and strengths with which the entire team will benefit.

So why should you care about my coaching philosophies?  :-)  Read More »

Tags: , , , , ,

Security Assessments: More Than Meets the Eye

Is the product safe to use? I have been asked this question on occasion in a non-technical sense and maybe you have too. In a technical context, I could frame the question as “Are the online services and underlying technologies supporting my services safe?”  A continuous effort must go into substantiating the preferable answer (“Yes”) that we are looking for, both prior to and after releasing a product or service into the wild. Security Intelligence Operations (SIO) includes a team of network security experts that form the Security Technology Assessment Team (STAT). They provide security assessment expertise across Cisco’s product and services organizations. In this article, I elaborate on their role and how they complement product and services organizations at Cisco in helping to protect you, our customer.

In the not-so-distant past it used to be that the majority of notoriety around product security was focused more around physical aspects. For example, a manufacturer announces a product recall about a defect (i.e. vulnerability) that could cause potential physical harm or worse. Fast-forward to today where computing devices and associated Internet plumbing comprise an entirely distinct category of product security needed.  Within that category, I would also suggest that services and the underlying supporting infrastructure would also fall into this category in the ongoing quest for achieving network security.  I think that this quote from a U.S. government hearing underscores the value of that quest as well.

When we bring in new technologies, we bring in new exposures and new vulnerabilities, things we really haven’t thought about. It takes a little while before we understand it, and after a while we begin to secure it. But our mindset needs to change. This is not the same as industrial technologies or new ways of doing aircraft or cars. These technologies are global and they expose us globally, literally within milliseconds.

House of Representatives Hearing on Cybersecurity: Emerging Threats, vulnerabilities, and challenges in securing federal information systems

Business units and quality assurance groups at Cisco apply multi-level security processes throughout the development of products and services to ensure that security is embedded into everything that is ultimately delivered to customers. For example, Cisco’s secure development life cycle (SDL) provides a highly effective process in detecting and preventing security vulnerabilities and improving overall system quality.  Cisco SDL has several elements that include, but not limited to, source code analysis and white box testing that feed into the security posture of a product or service.  Cisco has a security advocates program, a virtual community of people who understand network security and secure product development (and testing) and who can share and evangelize that knowledge with their peers, their colleagues, and their management.

Read More »

Tags: , , , , , ,

Network Attacks: The Who, What, Where and Why

As security practitioners, we generally see three types of perpetrators with different motives:

  • Financial
  • Political
  • General trouble-making

Each of these attackers can display various levels of organizational structure:

  • Individual
  • Well-organized, persistent group
  • Ad-hoc groups pursuing a common purpose

Each one of these subsets has their own techniques and goals, but unfortunately, can strike anywhere at anytime.

As different attack types come in and out of vogue, we are closely watching all of these perpetrators and their preferred methods of attack to better understand how to recognize and counteract them.

In the video linked here, I discuss some of the latest threat trends, and how businesses and individuals can prepare and protect themselves.

Tags: , , ,