I have been coaching youth sports for the past seven plus years now and one of my common mantras when speaking to the girls and boys each season is that “we will win as a team and lose as a team.” In other words, I will never tolerate one player acting selfishly enough to think he or she is above everyone else on the team. I strive to instill the objective that we will collectively pool our talents for the betterment of the team. We use this approach because each boy and girl, believe it or not, brings with himself or herself a unique set of abilities and strengths with which the entire team will benefit.
So why should you care about my coaching philosophies? Read More »
Is the product safe to use? I have been asked this question on occasion in a non-technical sense and maybe you have too. In a technical context, I could frame the question as “Are the online services and underlying technologies supporting my services safe?” A continuous effort must go into substantiating the preferable answer (“Yes”) that we are looking for, both prior to and after releasing a product or service into the wild. Security Intelligence Operations (SIO) includes a team of network security experts that form the Security Technology Assessment Team (STAT). They provide security assessment expertise across Cisco’s product and services organizations. In this article, I elaborate on their role and how they complement product and services organizations at Cisco in helping to protect you, our customer.
In the not-so-distant past it used to be that the majority of notoriety around product security was focused more around physical aspects. For example, a manufacturer announces a product recall about a defect (i.e. vulnerability) that could cause potential physical harm or worse. Fast-forward to today where computing devices and associated Internet plumbing comprise an entirely distinct category of product security needed. Within that category, I would also suggest that services and the underlying supporting infrastructure would also fall into this category in the ongoing quest for achieving network security. I think that this quote from a U.S. government hearing underscores the value of that quest as well.
“When we bring in new technologies, we bring in new exposures and new vulnerabilities, things we really haven’t thought about. It takes a little while before we understand it, and after a while we begin to secure it. But our mindset needs to change. This is not the same as industrial technologies or new ways of doing aircraft or cars. These technologies are global and they expose us globally, literally within milliseconds.”
Business units and quality assurance groups at Cisco apply multi-level security processes throughout the development of products and services to ensure that security is embedded into everything that is ultimately delivered to customers. For example, Cisco’s secure development life cycle (SDL) provides a highly effective process in detecting and preventing security vulnerabilities and improving overall system quality. Cisco SDL has several elements that include, but not limited to, source code analysis and white box testing that feed into the security posture of a product or service. Cisco has a security advocates program, a virtual community of people who understand network security and secure product development (and testing) and who can share and evangelize that knowledge with their peers, their colleagues, and their management.
As security practitioners, we generally see three types of perpetrators with different motives:
Financial
Political
General trouble-making
Each of these attackers can display various levels of organizational structure:
Individual
Well-organized, persistent group
Ad-hoc groups pursuing a common purpose
Each one of these subsets has their own techniques and goals, but unfortunately, can strike anywhere at anytime.
As different attack types come in and out of vogue, we are closely watching all of these perpetrators and their preferred methods of attack to better understand how to recognize and counteract them.
In the video linked here, I discuss some of the latest threat trends, and how businesses and individuals can prepare and protect themselves.
The National Retail Federation predicts that Holiday Shopping this year will grow to $586.1 billion, with a record percentage of those purchases occurring online and from mobile devices.
As more shoppers make purchases online and on their mobile devices, Cyber Monday is fast becoming Mobile Monday, opening up a variety of new threats and challenges for shoppers. And even after the shopping is done, consumers need to take care when they open their presents and turn on new devices for the first time, and know what to expect when they bring their purchases to work or school in early January.
Join us on Wednesday, Nov. 28 at 10:00 AM PT for a live discussion with John N. Stewart, SVP and Chief Security Officer of Global Government and Corporate Security at Cisco. John will address topics ranging from how to stay safe while shopping online, tips for securely setting up gifts you receive, and how to safely bring new devices into work and school in the new year.
Today more than ever, networks are transforming the way organizations operate and are touching more people through a wider range of devices than ever before. Achieving a secure infrastructure is increasingly complex with today’s mobility, collaboration and cloud services added to the mix. These new capabilities offer much operational efficiency and reduce costs, but they also introduce additional risk to the network. Read More »
Read More »
Business units and quality assurance groups at Cisco apply multi-level security processes throughout the development of products and services to ensure that security is embedded into everything that is ultimately delivered to customers. For example, Cisco’s 
