Cisco Blogs


Cisco Blog > Security

How to Land Yourself in A Dream Career in Cybersecurity

Last week I had the wonderful honor of being a presenter in the Cisco Networking Academy Find Yourself in The Future Series. To date this series has attracted over 9000 live attendees, which is testament to the extremely high levels of interest in technology careers in this region as well as the extraordinary efforts of the APAC marketing team. One figure blew me away in particular: 70% of attendees are interested in pursuing careers in cybersecurity.

Cybersecurity is an incredibly exciting field. It draws in some of the most talented technologists and brainiacs and in many ways cybersecurity is similar to a game of chess. It’s about anticipating and staying ahead of your opponent. It’s also about learning to think like the bad guys except that he patterns are anything but predictable and then doing good. And, that feeling of contributing to the good of humankind is intensely gratifying.

Cybersecurity is such a diverse field and it intersects with just about every area of technology and even behavioral sciences. And, it’s this intersection that will enable students to pursue their dream careers in cybersecurity. Imagine a career in cybersecurity that intersects with medicine. Today people could die from hackers sending fatal doses to hospital drug pumps and you might have a vision for solving this life-threatening problem. In my work one of my goals is to provide our chidren a safe, digital playground. This combines my interest for education with privacy and digital safety.

On last week’s presentation I suggested students take the following steps to achieving their dream careers. And, it’s these very steps that have been major enablers in my career too.

  1. Find an area of cyber security that is particularly compelling and exciting to you. Or find the intersection of cybersecurity with another field and think of ways that you could change or influence the industry.
  2. Research that area on the web and learn as much as you can about it.
  3. Explore possibilities of being an intern in an organization that is pursuing innovative directions that coincide with your interests.
  4. Find a mentor. Mentors both help you grow your career as well as help you navigate a workplace. If you can find a way to help the person who is mentoring you, for example, research a new area, then you become very valuable to your mentor too.
  5. Finally, think about your career in a series of phases. What you might start out doing may be very different to what you do in 20 years from now. So think about companies that allow you to evolve and career paths that are flexible.

We live in an increasingly insecure digital world. The upside is that that cybersecurity will continue to be a much sought after skillset in the workforce. And, if I can help you pursue your dream career in cybersecurity, please reach out to me and if you missed the session you can view the recording on YouTube.

Tags: , ,

Cybersecurity 101: Assessing the Threat & Mitigating Cyber Risks in Higher Education

Cybersecurity threats in the higher education community continue to rise at an alarming rate. Poor security strategies and the need for open learning environments make securing these institutions an even harder problem to solve. It is no longer a matter of whether or not you will be hacked, rather when. Higher education leaders are recognizing the need for a cybersecurity strategy that encompasses responsibility across the institution, from the boardroom to the classroom.

Join The Chertoff Group and Cisco on June 24th with a panel of higher education security experts to learn about:

  • The current higher education threat landscape
  • Trends and observations in higher education cyber threats
  • Methodologies on threat assessment
  • How to identify your unique areas of vulnerability
  • Best practices for enterprise risk management

We have convened an esteemed panel of subject matter experts to discuss the cyber risk confronting higher education today, including:

  • Pat Hogan, Executive Vice President and Chief Operating Officer, University of VA
  • Brian J. Tillett,  Principal and Director,  Cisco Cybersecurity Practice
  • Michael A. Wertheimer,  Former Director of Research, National Security Agency

Please be sure to attend the webcast where the panel will share their experiences and insights as well as answer questions. Register now and join us on June 24th to understand the current threat landscape your institution is facing and how to build a comprehensive security strategy to mitigate your risk.

Tags: , ,

Security Is a Top Priority for Feds and Should Be Moving Forward

It’s no secret that security is top priority for the federal government. It seems like every week we are hearing about a new threat, hack, or breach that has hit an agency. In just the past few weeks, we’ve heard about significant breaches that have resulted in both citizen and federal employee information being compromised.

Obviously, these kinds of attacks are putting agencies on alert. This is especially important as organizations continue to embrace new technologies and polices to improve operations and efficiency. As technology investments bring great new capabilities to government, it’s imperative that IT managers design security in from the very beginning.

I recently discussed this topic in an article published in Federal Times. The article explored how the Internet of Things (IoT) and Internet of Everything (IoE) need cybersecurity protection. In addition to a projected $4.6 trillion in value for global public sector by 2022, the enhanced connectivity offered by IoE technologies also creates an increased need for network security. For example, while BYOD programs are tremendously valuable, these initiatives also create a larger surface area for potential attacks by adding devices to the networks.

With billions of devices expected become connected over the next five years, it’s important that agencies have a plan in place to address their security needs. In general, agencies should focus their efforts on creating a cybersecurity strategy that is visibility-driven, threat-focused and platform-based. As more individuals and devices need network access, having real-time visibility becomes even more critical to gaining insight on surrounding threats and identifying system vulnerabilities. Also, presuming the network has already been breached it can help agencies be more proactive their approach. And lastly, a platform-based approach will provide scalability and flexibility required to address a variety of threats and reduce complexity through centralized management.

The number of ways IoE can make our lives better and our organizations more efficient depends mainly on our ability to think of new ways to use the technology. If we can be confident in the security of IoE, we can be confident developing more applications for it. All organizations should be in a position to ask, “Now that I am confident with my protection, what new things can I develop to save money or time and delight my users?”

Take a look at the Federal Times article for more insights around IoE and cybersecurity, and check out this white paper to learn more about IoE’s impact on public sector.

Tags: , , , , , , , ,

Mitigating Security Threats in Manufacturing with Cisco’s Connected Factory

Today’s manufacturing industry faces an aging industrial machinery infrastructure that presents huge security challenges poised for continued growth in the coming months and years. Increasingly, manufacturers are beginning to view data security as a top barrier to realizing the value of the Internet of Everything (IoE). In fact, the steady growth of the IoE is creating efficiencies and cost savings across the entire value chain, presenting a $3.9 trillion value opportunity for manufacturers. However, this exponential growth of connections and integration between people, processes, data, and things also presents added security risks and threats that are often complex and multifaceted.

Here are a few of the implications and impacts of security breaches for manufacturers:

  • Theft or Loss of proprietary or confidential information and intellectual property
  • Downtime in factories and lost productivity – potentially very severe
  • Violation of regulatory requirements
  • Loss of public confidence and brand
  • Economic loss
  • Impact on national security

According to Symantec, the manufacturing business sector was the most targeted in 2013, accounting for 24% of all targeted attacks. Of those attacks, industrial networks topped the list of systems most vulnerable to cybersecurity issues. Additionally, the number of attacks on industrial supervisory control and data acquisition (SCADA) systems doubled from 2013 to 2014. Unfortunately for manufacturers, 91% of breaches took just hours or less to perpetrate, yet more than 60% of attacks took months – or even years – to detect. This considerable gap gives cyber attackers plenty of opportunities to access a manufacturer’s trade secrets and sensitive production data.

Tags: , , , , , , , , , ,

Cisco Live 2015 has a Secure Ops Solution Demonstration Area

Many of you know about the Cisco Secure Ops Solution that was announced in 2014, and that it has already been adopted by Shell to secure the company’s critical infrastructure, but may not have seen a demonstration or talked with a Cisco subject matter expert about it.

Cisco Live, San Diego, CA, USA

Cisco Live, San Diego, CA, USA

Well, here’s your chance. We have arranged for a booth in the industrial vertical area at the World of Solutions at Cisco Live in San Diego to show just that. We’re pleased to be accompanied by one of Cisco’s security partners to show new features and functionality that takes Secure Ops even deeper into the cybersecurity protection and surveillance arenas.

The Cybersecurity space is getting more and more alarming every day. As my colleague Peter Granger notes, we have gone from the quaint world of Sherlock Holmes…

Sherlock Holmes: I didn’t really ask, Dr. Franklyn, but what exactly do you do here?

Dr. Franklyn: Oh, Mr. Holmes, I’d love to tell you. But then of course, I’d have to kill you.

Sherlock Holmes: That would be tremendously ambitious of you.

…past the pseudo-high-tech world of James bond and closer to a more modern world reminiscent of Kiefer Sutherland’s character Jack Bauer in the TV series ’24’. Today’s Cyber attacks are not just disgruntled employees or simple mischief makers (although that’s bad enough), but can be carried out by powerful crime syndicates and hostile governments.

Now more and more attacks are becoming visible and reported (e.g. Stuxnet like ‘Havex’ malware strikes European SCADA Systems – June 2014) and whether they are a terrorist attack such as the data destruction attacks on Saudi Aramco and on Qatar’s RasGas gas company in 2012 or unintentional (the vast majority of reported cyber incidents are ‘accidental in nature’ as reported by the Repository of Industrial security incidents, 2011), billions of dollars are lost every year because of them. Night Dragon, Shamoon, Flame, and Duqu have joined Stuxnet in the past few years and more will come.

A study by Fox-IT reported that 60 percent of oil and gas companies do not have a cybersecurity incident response plan. In addition, only 11 percent are fully confident that they can address a cybersecurity breach appropriately. Twenty-three percent admitted that they are not actively monitoring their network for potential intrusions.

How can Cisco help your energy organization? You can find out more by visiting our cisco.com website, and check out the Security for Industrial Networks Overview/White Paper (don’t worry, it’s less than 3 pages!).

Security continuum #1And, of course, you can also visit us Cisco Live: there you’ll see how the Cisco Secure Ops Solution is relevant to many industries and is helping tackle our customers’ security challenges. A combination of technology, software and services expertise, Secure Ops Solution can help you increase your security response levels significantly – before, during and after an attack, across the entire attack continuum.

Don’t forget our other presence there around the Collaborative Operations Solution, which my colleague Suresh Venkat talks about here: What does a Cisco Live Demonstration have to do with droughts, floods and fossil fuels?

We look forward to seeing you in the Process Manufacturing Secure Industrial Networks booth at the World of Solutions next week.

As always – comments are always appreciated and we respond to questions!

Tags: , , , , , , , , ,