Cisco Blogs


Cisco Blog > Security

Security and the Board

Not long ago I was asked to attend a quarterly Board meeting of one of my healthcare clients and to present the recommendations of a Strategic Security Roadmap (SSR) exercise that my team and I had conducted for the organization. The meeting commenced sharply at 6am one weekday morning and I was allocated the last ten minutes to explain our recommendations and proposed structure for a revised Cybersecurity Management Program (CMP).

Blog1

The client Director of Security and I waited patiently outside the Board Room while other board business was conducted inside. As is the case with many organizations, information security was not really taken seriously there, and the security team reported into IT way down the food chain, with no direct representation in the C Suite. The organization’s CMP had evolved over the years from anti-virus, patching and firewall management into other domains of the ISO27002 framework but was not complete or taken seriously by those at the top. Attempts at building out a holistic security program over the years had met with funding and staff resource constraints and Directors of Security had come and gone with nothing really changing. Read More »

Tags: ,

Cisco Secure Ops demonstrated at Cisco Live 2015

As I mentioned in my last blog: “Cisco Live Hosts Enhanced Cisco Collaborative Operations Solution Demonstration“, Cisco Live excited many delegates this year, and one of the highlights was indeed the World of Solutions. I talked about how the industrial section of the ‘Cisco Campus’ not only showed off lots of new advances, but, for the first time, the small but important process industries (including Oil and Gas) booth opened up showing the services-based solutions Secure Ops and Collaborative Operations. Now let’s talk about Secure Ops.

In the video, I interview Cisco and Partner representatives to discuss the Secure Ops Solution from Cisco: What it is, what the business need is, and how Cisco is helping customers get better better business outcomes – especially when it comes to cybersecurity! Having the Secure Ops solution can increase availability of systems and critical infrastructure, reducing downtime in, for example, the oil and gas industry, or or any industry that relies on critical infrastructure such as process manufacturing, oil and gas, pharmaceuticals or other industrial automation environments.

Cisco Secure Ops delivers a standardized, comprehensive and integrated approach to security. It is supported by automation suppliers such as Yokogawa and Rockwell and technology providers such as McAfee and Symantec and provides a framework for a wide range of partners to participate. It’s currently installed at customers such as Royal Dutch Shell.

Rob Arlic of Cisco is joined by Galina Antova at Cisco Live. Rob talks about what Secure Ops is, how it helps provide not only cybersecurity protection, but also demonstrable regulation compliance. It therefore provide companies with higher availability and better Operational Excellence.

Galina talks about what’s new. Added capabilities include going deeper than just the IP network to gain more profound visibility into operations. Then gaining a view of what’s normal/abnormal in those other networks which can be assessed. Managing all that is key, and included.

Rob concludes by summing up: “It’s all about up-time and availability. If there are security vulnerabilities, (making sure) those are addressed proactively, proactively and preemptively”.

To learn more go to www.cisco.com/go/oilandgas.

And, as always, tell us what you think.

Tags: , , , , , , , , , , ,

How to Land Yourself in A Dream Career in Cybersecurity

Last week I had the wonderful honor of being a presenter in the Cisco Networking Academy Find Yourself in The Future Series. To date this series has attracted over 9000 live attendees, which is testament to the extremely high levels of interest in technology careers in this region as well as the extraordinary efforts of the APAC marketing team. One figure blew me away in particular: 70% of attendees are interested in pursuing careers in cybersecurity.

Cybersecurity is an incredibly exciting field. It draws in some of the most talented technologists and brainiacs and in many ways cybersecurity is similar to a game of chess. It’s about anticipating and staying ahead of your opponent. It’s also about learning to think like the bad guys except that he patterns are anything but predictable and then doing good. And, that feeling of contributing to the good of humankind is intensely gratifying.

Cybersecurity is such a diverse field and it intersects with just about every area of technology and even behavioral sciences. And, it’s this intersection that will enable students to pursue their dream careers in cybersecurity. Imagine a career in cybersecurity that intersects with medicine. Today people could die from hackers sending fatal doses to hospital drug pumps and you might have a vision for solving this life-threatening problem. In my work one of my goals is to provide our chidren a safe, digital playground. This combines my interest for education with privacy and digital safety.

On last week’s presentation I suggested students take the following steps to achieving their dream careers. And, it’s these very steps that have been major enablers in my career too.

  1. Find an area of cyber security that is particularly compelling and exciting to you. Or find the intersection of cybersecurity with another field and think of ways that you could change or influence the industry.
  2. Research that area on the web and learn as much as you can about it.
  3. Explore possibilities of being an intern in an organization that is pursuing innovative directions that coincide with your interests.
  4. Find a mentor. Mentors both help you grow your career as well as help you navigate a workplace. If you can find a way to help the person who is mentoring you, for example, research a new area, then you become very valuable to your mentor too.
  5. Finally, think about your career in a series of phases. What you might start out doing may be very different to what you do in 20 years from now. So think about companies that allow you to evolve and career paths that are flexible.

We live in an increasingly insecure digital world. The upside is that that cybersecurity will continue to be a much sought after skillset in the workforce. And, if I can help you pursue your dream career in cybersecurity, please reach out to me and if you missed the session you can view the recording on YouTube.

Tags: , ,

Cybersecurity 101: Assessing the Threat & Mitigating Cyber Risks in Higher Education

Cybersecurity threats in the higher education community continue to rise at an alarming rate. Poor security strategies and the need for open learning environments make securing these institutions an even harder problem to solve. It is no longer a matter of whether or not you will be hacked, rather when. Higher education leaders are recognizing the need for a cybersecurity strategy that encompasses responsibility across the institution, from the boardroom to the classroom.

Join The Chertoff Group and Cisco on June 24th with a panel of higher education security experts to learn about:

  • The current higher education threat landscape
  • Trends and observations in higher education cyber threats
  • Methodologies on threat assessment
  • How to identify your unique areas of vulnerability
  • Best practices for enterprise risk management

We have convened an esteemed panel of subject matter experts to discuss the cyber risk confronting higher education today, including:

  • Pat Hogan, Executive Vice President and Chief Operating Officer, University of VA
  • Brian J. Tillett,  Principal and Director,  Cisco Cybersecurity Practice
  • Michael A. Wertheimer,  Former Director of Research, National Security Agency

Please be sure to attend the webcast where the panel will share their experiences and insights as well as answer questions. Register now and join us on June 24th to understand the current threat landscape your institution is facing and how to build a comprehensive security strategy to mitigate your risk.

Tags: , ,

Security Is a Top Priority for Feds and Should Be Moving Forward

It’s no secret that security is top priority for the federal government. It seems like every week we are hearing about a new threat, hack, or breach that has hit an agency. In just the past few weeks, we’ve heard about significant breaches that have resulted in both citizen and federal employee information being compromised.

Obviously, these kinds of attacks are putting agencies on alert. This is especially important as organizations continue to embrace new technologies and polices to improve operations and efficiency. As technology investments bring great new capabilities to government, it’s imperative that IT managers design security in from the very beginning.

I recently discussed this topic in an article published in Federal Times. The article explored how the Internet of Things (IoT) and Internet of Everything (IoE) need cybersecurity protection. In addition to a projected $4.6 trillion in value for global public sector by 2022, the enhanced connectivity offered by IoE technologies also creates an increased need for network security. For example, while BYOD programs are tremendously valuable, these initiatives also create a larger surface area for potential attacks by adding devices to the networks.

With billions of devices expected become connected over the next five years, it’s important that agencies have a plan in place to address their security needs. In general, agencies should focus their efforts on creating a cybersecurity strategy that is visibility-driven, threat-focused and platform-based. As more individuals and devices need network access, having real-time visibility becomes even more critical to gaining insight on surrounding threats and identifying system vulnerabilities. Also, presuming the network has already been breached it can help agencies be more proactive their approach. And lastly, a platform-based approach will provide scalability and flexibility required to address a variety of threats and reduce complexity through centralized management.

The number of ways IoE can make our lives better and our organizations more efficient depends mainly on our ability to think of new ways to use the technology. If we can be confident in the security of IoE, we can be confident developing more applications for it. All organizations should be in a position to ask, “Now that I am confident with my protection, what new things can I develop to save money or time and delight my users?”

Take a look at the Federal Times article for more insights around IoE and cybersecurity, and check out this white paper to learn more about IoE’s impact on public sector.

Tags: , , , , , , , ,