I’m at AWS re: Invent this week – it’s always an exciting show with fantastic exhibits, compelling presentations, and cutting edge demos. It’s been great to see all that Cisco is doing with AWS, in terms of networking, security, analytics, and management. One of the things we are excited to bring to this year’s event is a demo of our Cisco IoT portfolio which showcases some of that innovation.
Developers building IoT systems in industries like energy, transportation, and mining need secure, reliable, and always-on compute from the edge to their applications in the cloud or data centers. Edge compute enables developers to reduce latency with decisions at the edge, lower transport costs by only transmitting valuable information and resiliency in case of backhaul disruptions. Cisco has extended the leading secure networking platform with orchestration of containers and microservices for IoT edge use cases.
The demo showcases an industrial IoT environment with distributed assets being remotely monitored, performing data extraction, and being controlled from a service running on AWS. As a part of the demo, Cisco and AWS developers collaborated to build a system to extract data from an asset with a Cisco IoT gateway executing AWS Lambda microservices that were developed on AWS. To accomplish this use case, Cisco and AWS have enabled AWS Greengrass core in a secure container, hosted in a Cisco IoT gateway. Cisco IoT gateways are enabled with the Cisco Kinetic IoT platform that combined, provide:
Secure zero-touch deployment and simplified cloud management of IoT gateways
Enforcement of data distribution policies on the network
Seamless interoperability between AWS IoT and the Cisco edge compute platform
This is a great use case to highlight, as industrial IoT deployments need to securely connect assets to the network without requiring IT experts. Customers want to extract data for a variety of business purposes including condition-based maintenance and remote management of assets. If managing something like a remote oil pump (LACT) in the energy sector or heavy equipment in the construction sector, there are similar requirements for distributed assets connected over non-reliable network links.
Using the Cisco IOx edge computing platform, developers can build applications in any programming language, use open-source container tools for packaging, and deploy them on thousands of remote IoT gateways with a single click of a button. Cisco IOx allows only trusted applications to run on the gateways, thus securing critical assets and processes against malicious attacks. Cisco’s AppDynamics tools provide end-to-end visibility into complex IoT infrastructure and business processes by monitoring gateways, networking elements, and edge/cloud applications. AppDynamics tools track KPIs and greatly reduce service restoration, incident response times, and overall operation costs, by sending real-time alerts back to operations, so developers can troubleshoot applications without physically visiting the sites. The demo Cisco and AWS collaborated on brings the agility and flexibility of serverless computing to the Cisco IoT portfolio. AWS Greengrass integrated with Cisco IOx, allows developers to author serverless code (AWS Lambda functions) in the cloud and conveniently deploy it to Cisco IoT devices for local execution. AWS Lambda functions perform real-time data analytics near the source and send filtered data to business applications in AWS cloud for deeper analytics.
Our demo shows how a developer can create AWS Lambda microservices, run them on the cloud, and easily extend and execute the same microservices in a container-based architecture in the Cisco IoT gateway portfolio. Cisco has combined industry-leading, IOS-powered IoT gateway platforms with the capabilities of Cisco Kinetic to deliver Kinetic-enabled IoT-gateways that enable partners and developers on this open system. The result is Cisco IoT gateways that securely connect assets, perform edge compute functions written as AWS Lambda microservices, and securely transmit the data to the application in AWS.
This is a great example of how Cisco is working directly with AWS to give customers and developers to accelerate their projects and bridge the IoT computing gap from cloud to the edge.
If you are here at AWS re: Invent this week, stop by our booth the see this demo in action.
The Internet of Things (IoT) is ushering in an exciting digital renaissance that is redefining the traditional models of how healthcare is delivered. With IoT devices such as smart infusion pumps or connected inhalers, healthcare providers can now remotely monitor and adjust care. IoT devices in healthcare, where mobile and wearable devices are increasingly connected and working together to create a holistic medical picture that can be accessed anywhere by your healthcare provider, are expected to be worth $2.5 trillion by 2025, and are projected to add $285 billion in healthcare provider value to the global economy by 2020.[1]
The Burden of Cybsecurity on Healthcare
While these digital innovations are already delivering higher quality care, improved patient safety, and lowered costs, they also carry with them inherent cybersecurity risks that can put lives at risk in addition to creating economic losses for healthcare providers. In my previous blog, I highlighted how cybersecurity attacks such as the recent WannaCry virus can cause serious damage to our healthcare infrastructure. Ransomware attacks extort victims to recover valuable assets while data breaches now cost the healthcare industry an average of $6.2 billion per year.[2]
Experts are concerned about medical device security as many devices are still far too vulnerable to malicious attack. Imagine being in need of a time sensitive CT or MRI scan to make a critical medical decision but the imaging machines are unavailable due to a ransomware attack. This scenario isn’t farfetched; rather, it represents an alarming trend as assaults on IoT components, including operational systems, embedded devices, and consumer tech, skyrocketed almost 250 percent in 2015 alone[3].
ISE, Stealthwatch and TrustSec for Visibility, Control, and Rapid Threat Containment
Managing cybersecurity risk is no small feat for healthcare providers, especially for those who have limited security budgets and staff. Savvy healthcare leaders are leveraging an integrated approach that provides:
Comprehensive access and policy control, providing comprehensive visibility to devices that are connected to the network,
Quick visibility threats and indications of compromise impacting the network, and
The ability to apply scalable polices that rapidly contain these threats from further spreading across the network.
In my last post, I introduced the Cisco Medical Network Access Control (NAC) solution—a framework designed to address healthcare cybersecurity attacks. Let’s examine these components:
Onboarding and Identifying Medical Devices
Providing network access for both users and medical devices in a healthcare organization can be a complex process as administrators, healthcare clinicians, patients and visitors all need reliable and secure connectivity. Healthcare organizations must also adhere to strict privacy laws and guidelines such as the Health Insurance Portability and Accountability Act (HIPAA) to safeguard patient medical, financial, and electronic protected health information (ePHI), as well the Payment Card Industry Data Security Standard (PCI DSS). These regulations raise the stakes for healthcare organizations to discover, fingerprint, classify, and validate the posture of devices connecting to the network; and, ensure proper access controls, as the failure to do so can result in compromised patient safety as well as financial and legal repercussions.
Cisco Identity Services Engine (ISE) is helping healthcare organizations to gain device visibility and apply access control policy for more than 250 clinical devices and thousands of non-clinical devices. Cisco Stealthwatch enables organizations to monitor, in real time, any device on the network and detect behavior that is anomalous, malicious or in violation of organization policy. Integrating the two provides actionable intelligence about different classes of devices.
Access Control Policy with Software-defined segmentation
Many organizations have historically built highly-available, high-performance, flat networks. When a threat actor penetrates the perimeter of a flat network, the actor has network layer reach to everything. One of the goals in reducing risk is to segment the network and implement policy controls to limit what can reach medical devices and applications. For example, infusion pumps and patient monitors are segregated from other networked hosts to prevent tampering and being the pivot point to other systems.
Traditional segmentation based on IP addressing is manual and time intensive. Cisco TrustSec simplifies network segmentation, making it software-defined. Policies about what devices and systems can talk to are expressed based on business intent (imaging machine can speak with imaging server) rather than topology (VLANs/VRFs with associated IP-based ACLs or FW rules). Proper segmentation is more easily achieved and maintained, thereby limiting the scope of damages.
And when an indication of compromise is detected – for example, Stealthwatch picking up data exfiltration from a point-of-sale terminal – ISE can be used to change the access permissions of the device from PoS to compromised-POS, and the policy, based on business intent, for what to do with compromised-POS machines is already defined. A security operator can even click a button in Stealthwatch to instruct ISE to perform this rapid threat containment.
With lives on the line, it is vital for healthcare organizations to ensure the security and integrity of their infrastructure. With Cisco Stealthwatch, ISE and TrustSec, healthcare organizations now have a potent trio that provides the comprehensive security infrastructure needed to protect against next generation security threats.
Click here to learn more about how leading healthcare systems are leveraging these Cisco tools to stay one step ahead in the security space.
[1] Intel: The Internet of Things and Healthcare Policy Principles
[2] Cost of a Breach: A Business Case for Proactive Privacy Analytics
[3] The Digitization of the Healthcare Industry: Using Technology to Transform Care
On December 5, 2017, at 1 pm Eastern, Cisco Security Incident Response Service experts will present a webinar titled “Dissecting a Breach: An Incident Responder’s Perspective.” This webinar will describe how our team performs incident handling within the service and what you should expect during any incident engagement, regardless of who is doing the work. We will be mapping the incident response process described in this blog to some case studies. To attend our webinar, please register here. To learn more, read on.
Incident response is a complex process which involves the systematic analysis, containment, and recovery from a security breach. A breach, or incident, is a compromise of the confidentiality, integrity, or availability of an information system, or the data it contains. The following two definitions will help to clear up what we mean when we talk about security breaches and incident response, or incident management:
“A “computer security incident” is a violation … of computer security policies, acceptable use policies, or standard security practices.” – NIST SP 800-61r2
“Incident management includes detecting and responding to computer security incidents as well as protecting critical data, assets, and systems to prevent incidents from happening.” – US-CERT
What is clear with these two widely accepted definitions is that a breach does not necessarily require malicious intent. A breach is any time a security policy is violated. Every breach requires some level of investigation for an organization to make rational conclusions on the impact of an incident. Many organizations take a “set-it and forget-it” approach to their security tools. While security appliances are always increasing in effectiveness, they will still require the watchful eye of an analyst and the keen skills of an incident responder when an adversary successfully breaches security using a novel technique or when an insider discloses confidential information.
Every mature field requires repeatable processes. On the Cisco Security Incident Response Service team, we use an Incident Response process based on the NIST 800-61r2, as seen in the figure below. By mapping our process to an industry standard, we can adapt when those standards are changed ensuring that our activities will meet compliance. The process also allows our team to clearly communicate where in the process we are during the investigation, frame communications around the process, and identify the types of tools needed to accomplish the goals in each step.
Figure 1: Incident Response Process
Preparation summarizes all activities before an incident actually occurs. The first and most important aspect of the Preparation phase is writing an incident response plan. When you start to focus your mind on the implications of a cyber security incident through formally documenting a plan, other security practices may fall in line as well. An incident response plan should be more than a checkbox in the compliance audit. It needs to be a living document built on input from all stakeholders.
While writing an incident response plan, you may realize that the current security controls in place are not sufficient to execute the plan. Basing the plan on industry best practices can help to justify initiatives to cover the security gaps. For example, many organizations lack the capability to perform digital forensics, so they either build that capability in-house or they utilize incident response retainers to ensure that the capability is available when it is needed. Logging may also be inefficient to investigate an incident or endpoints may not be properly monitored. These gaps should become evident once the appropriate policies and plans are in place.
For the Cisco Security Incident Response Service, the Preparation phase involves filling in every available space of time between customer engagements with self-development and process improvement. To stay on top of the needs of our customers, we have to keep moving forward. Internal incident response teams should exercise the same process of continuous improvement.
Preparation is also fed directly by lessons learned during Post-Incident Activity. When a compromise is successful, some failure in security control must have occurred. There will also likely be failures in process which can be corrected for the next incident. No incident response activity goes perfectly smoothly. There are a lot of moving parts. Capturing those missteps, then practicing how incident response should be performed with table-top or red-blue team exercises is a necessary part of the Post-Incident Activity and Preparation phases.
Detection and Analysis are two distinct, but directly supporting, functions that are used to determine whether there is an incident and the scope of impact for the incident. Detection is typically performed by a Security Operations Center or by the user base. When a suspicious event has occurred, it is the responsibility of the Incident Response team to determine whether the event is worthy of formally declaring an incident.
Incident responders will then work with the information technology department and other stakeholders to determine a containment plan.
Containment is a key response action to any serious incident. Ignoring containment is a recipe for the disaster of reinfection. Containment will nearly always be business impacting. The risk of not containing compromised hosts is that they will continue to be a source of compromise while attempts at eradication and recovery go without success. Not much is more frustrating during an incident response then to spend hours remediating hosts, only to have them infected again with the same family of malware.
To properly contain a host, it must be completely cut off from communicating to enterprise network resources. We often recommend for customers who do not have other means of containment, to configure their routers and switches to set up a “containment” virtual local area network (VLAN) and prevent routing between the “containment” VLAN and the normal production network. Making appropriate containment configurations ahead of time can allow for quick response times.
In order to minimize impact of containment on a business, be sure to establish proper backups of critical hosts during the Preparation phase. If a critical host needs to be contained, there may be an opportunity to restore a new host from the backup prior to the compromise.
Eradication and Recovery are two processes which can sometimes happen simultaneously. The goal of this step is to ensure that there is no infection left on the information systems.
For incidents which involve the compromise through malicious logic, it is often recommended that these hosts be entirely reimaged. When an adversary gains system-level access to a host, which is trivial to do, they have the capability to modify the integrity of the operating system. Apart from outliers, most hosts whose integrity has been violated in such a way should be treated as untrusted. The quickest way to restore trust in that system is to reimage with a known clean image. Outliers do exist though. Some critical services simply cannot be handled through reimaging. In those cases, the incident responders can work with stakeholders to devise alternative eradication procedures.
Recovery is only complete when the enterprise is returned to a fully operational state. This certainly does not mean the same state as before the compromise though. As previously mentioned, a compromise occurs because of some exposed vulnerability. Throughout the incident response process, steps to prevent reinfection should be identified and vulnerabilities mitigated or monitored. This may result in changes to the configuration of the enterprise. The goal is to make those changes while minimizing the impact to business operations.
At any time during the Detection and Analysis through the Eradication and Recovery phases, if there are new indicators of compromise discovered, those must be handled through the proper processes. This can result in a feeling of taking a step backward. It can be difficult to explain to leadership that the incident response process is not as far along as had been previously reported. We should approach the process of incident response through the eye of disassociated rational decision making. Sometimes that will mean giving bad news. If we are honest about the situation and present the news with solutions, then we can minimize the shock.
Post-Incident Activity is simply all activity after the Eradication and Recovery phase is completed. Again, this phase can only be undertaken after the compromise is completely removed and when all business services are restored. The most important piece of Post-Incident Activity is the lessons learned meeting. During the lessons learned meeting, the intention should be to identify what went right, what went wrong, and do so quantitatively through the use of metrics such as dwell time, time to detect, and time to recover.
The results of Post-Incident Activity will impact how Preparation is performed for the next compromise. This will likely result in changes to configurations and processes. It may also result in the recommendation to procure new security products to cover gaps identified. Remember, this entire process is a continuous cycle of improvement.
If you have any questions about incident response, feel free to reach out to me on Twitter @aubsec or send me an email at maaubert@cisco.com. Do not forget about our webinar on December 5. We will be demonstrating this process to use through a couple of case studies.
This is a major challenge. Because 5G technology is going to massively increase bandwidth demands, as well as requiring more agile and intelligent network services. And if service providers try to meet these requirements using their current approaches, their costs will soon become uncontrollable.
It’s the latest chapter in an ongoing story for service providers. While their customers always expect more, they don’t want to pay more. The industry moved from 3G to 4G without significantly increasing costs for customers. And so while customer expectations of 5G connections will increase over the next few years, it’s going to be difficult to ask for much more money for them.
Calling for greater collaboration to drive 5G costs down, he said: “This will change the landscape and some vendors will disappear and some new ones will come into the game – it is going to be a disruptive moment in time,” he said.
If service providers want to be among the companies that will use 5G as a springboard for success, rather than disappearing in the upheaval, they’ll need to think hard about how they can make their network infrastructure work harder.
Cost savings through new Cisco technology
Cisco has developed a new solution which allows service providers to massively increase their aggregation network’s capacity and agility, while keeping costs at a manageable level.
The key to the technology is that it enables the use of coherent 200G Dense Wavelength Division Multiplexing (DWDM). With DWDM, instead of passing just one wavelength along a fibre, you can pass almost 100 along it.
Before, if service providers wanted to introduce coherent DWDM deeper into their aggregation networks, they had to buy different pieces of expensive equipment and build connections between them.
But that’s now changed. We’ve created a streamlined IP router with integrated 200G optical uplinks, that’s small enough to fit in your laptop bag. It converges the network’s optical and IP layers, taking the cost, power and space demands to an affordable level.
Cisco research has found that investing in this technology brings major cost savings compared to a non-converged approach. Over six years, our solution leads to capital expenditure savings of 49% and operational expenditure savings of 36% – meaning a saving of 45% on the total cost of ownership.
More capacity. More programmability. More innovation
Deploying DWDM affordably doesn’t just mean more bandwidth. It also makes it a realistic possibility to extend segment routing and programmability beyond the core of the network. And that means more of the simplicity, automation, and agility that these technologies deliver.
So the cost-effectiveness of investing in Cisco’s new solution is two-fold. It leads to savings in the short term by boosting capacity in an efficient way. And it lays the foundations for success over the next decade and beyond, by enabling more innovation and efficiency.
Cisco has always been a pioneer in networking technology. So it’s no surprise that we’re now leading the way in helping service providers succeed in a world of 5G networking – and come up with answers to the 500 billion Euro question.
Cisco Stealthwatch Cloud recently launched as a fully procurable SaaS service available on AWS Marketplace. As a security service available on Amazon Web Services (AWS), Stealthwatch Cloud provides security monitoring, visualization, and automatic threat detection. Stealthwatch Cloud uses advanced modeling and machine learning techniques to identify behavior changes in AWS provisioned entities. Stealthwatch Cloud learns normal behavior for a resource or user and when a behavior change is observed that should be investigated, Stealthwatch Cloud will generate a programmatic alert, including the details and context needed to investigate the incident.
By offering support for Stealthwatch Cloud on AWS PrivateLink, private connectivity between a customer’s Amazon Virtual Private Cloud (Amazon VPC) and Stealthwatch Cloud occurs without traversing the public internet. This connectivity further simplifies the subscriber’s access without the need for complicated peering, security configurations or the use of virtual private networks. When subscribers access Stealthwatch Cloud services on AWS PrivateLink, traffic never leaves their Amazon VPC enabling them to meet the requirements of regulations such as HIPPA or PCI.
AWS customers can use AWS Marketplace to easily discover, purchase and deploy Stealthwatch Cloud with PrivateLink connectivity from within their Amazon Elastic Compute Cloud (Amazon EC2) Console. AWS PrivateLink also enables customers to connect with DNS names rather than fixed IP addresses. Cisco Stealthwatch Cloud supports both usage-based, metered billing and fixed prices with term contracts. A 60-Day free trial of the full Stealthwatch Cloud service is available to all new subscribers.
Machine learning. Next-generation antivirus. Artificial intelligence. These are all terms you likely see in your inbox on a daily basis from various endpoint security vendors. Meanwhile, you’re trying to protect your business and don’t have time to assess the 50+ vendors touting the latest tool designed to solve all of your endpoint security problems and world hunger at the same time.
So how can you cut through the noise? The basic questions you’ll need answered during an incident are:
How did it get in? Who is affected? What is it after? How do we stop it?
These are all questions you should be able to answer with your endpoint security. If you can’t, yours might not be up to snuff. You don’t have the time to do a full assessment of the 50+ vendors who are calling you every day with their new-fangled tool that will solve your endpoint security problems and world hunger all at the same time.
Here are 4 key questions to ask that will help you identify if a solution is a potential fit:
Does the solution integrate prevention, detection, and response capabilities in a single solution? Point-products needlessly drive costs up and efficiencies down. Ain’t nobody got time for that! Especially when integrated solutions are available that address the bulk of your needs. Look for a solution that blocks as many threats as possible up front, then goes a step further to continuously monitor everything else. Trust should be earned. And when malicious activity is detected, the solution should automatically take action, not send more alerts that you don’t have time to deal with.
Are there agentless detection capabilities? Endpoint agents can’t be installed on some endpoints, including legacy systems, unsupported operating systems (yes, we still see Windows XP out there), and many IoT devices creating blind spots within your network. Fileless malware is also on the rise, and might not be visible to an endpoint agent. This includes in-memory malware and browser injections. Therefore, your next-gen endpoint security solution should provide some level of agentless detection. Using another point product that claims to be “integrated” (the term ‘integrated’ can be used very loosely), is a half measure.
Does it provide automated response? Responding to threats can be difficult and time consuming, but it doesn’t have to be. When an event is qualified and turns to an incident, sadly many security teams I’ve spoken to do not have the tools to quickly respond and remediate. A next-gen endpoint security solution will enable you to respond quickly and comprehensively. Look for solutions that accelerate investigations and reduce management complexity by searching across all endpoints for indicators of compromise (IoC’s) and malware artifacts, easily connect the dots across all endpoints and the network, and systemically respond to and remediate malware across PCs, Macs, Linux, and mobile platform – automatically or with just a few clicks.
Can the endpoint security solution work with your network security solutions, or at the very least a security management platform? As mentioned above, automated response should be a requirement in your next endpoint security tool. That capability should also extend from the endpoint to the remainder of your security architecture. The endpoint is the last line of defense, thus it should be informing your first line of the threats detected so they can be blocked from entering in the future. Building an integrated threat defense architecture is no easy feat, very few companies have been able to do it – like Cisco.
See how Mobile County Public Schools addressed their endpoint security needs in a simple, automated way:
https://www.youtube.com/watch?v=XkH6s36OQrI
And don’t forget to always ask for proof. Test for yourself, and ask to see demos – but don’t rely solely on vendor provided samples.
Craig Tranter is a former educator, and now serves as a technology presenter for Cisco. This blog is the seventh in his series on advancements and opportunities in education. All views are his own.
Textbook and PowerPoint are old hat now. So, what can we do as educators to really bring the classroom to life?
One way that a lot of teachers have done this is through the use of QR (Quick Response) codes.
Gone are long web links for students to access content. Instead, they can simply scan the QR code with their device and be taken directly to a website or particular resource. Some devices have QR recognition built in, but if you need to download a QR app, a free one that I would recommend is i-Nigma (available on your native app store). Once you have a QR reader, try scanning the QR code below, which will take you to a great website which will help you to create lots of classroom resources. For those of you already on your mobile device, you can also access the website via this link.
The advantage of this is that students no longer need to take down long web addresses and can quickly and easily access the content, which can then be stored directly on their own devices. However, we can take this type of technology one step further and really make the classroom experience come alive through the use of holograms. Rather than simply following a link to a video, imagine using your device to see your professor appear on the desk in front of you. Simply scan the code and away you go. Check it out:
Remember that we are a very visual society, so the more ways in which we can engage our students through visual stimuli, the more likely they are to consume and retain that information. There’s also the added benefit that this form of media can be revisited, paused, rewound etc. to suit each student’s learning speed.
Let’s take this even further and take a look at technologies such as Google Daydream, which brings lessons to life through the use of virtual reality. Simply load up the VR video on your personal device and put on the VR goggles for a fully immersive experience, or if you prefer not to lock yourself away from the world, why not try Microsoft HoloLens? Rather than Virtual Reality, this brings the physical world around you to life with augmented reality. Let’s look at an example: Imagine studying human physiology and being able to see the human body in front of you as well as being able to manipulate and interact with those visuals within your physical environment. Cool, right?
These technologies may seem like a thing of the future, but they are already here. That being said, these are not going to become commonplace overnight. However, while they may not be widely adopted in education any time soon, with further developments and content being created every day, these may become the new normal in classrooms across the globe sooner than you might think.
I am always ready for adventure! Aren’t you? Working for Cisco’s AppDynamics on the Customer Success Team provides me with a sense of continued adventure, and I knew that I wanted to add a bit of unique excitement when I used my annual volunteer hours. (Cisco gives us FIVE days to give back each year in ways that are meaningful to each employee!) So, this year, I signed up for a journey to Cuba where I’d volunteer at organic farm called Finca Agroecologica el Paraiso in Viñales!
My incredible Cuban adventure was organized by Bright Light Volunteers, who partnered with the founder and owner of the Yoga Movement, the studio at which I practice. Not only did it provide me with the opportunity to work with the local farmers in Cuba, but it also allowed me to deepen my yoga practice and immerse myself in the Cuban culture for 10 incredible days.
The day I arrived in Cuba felt like I had taken a time machine back to the 60s and 70s. Talk about surreal! Everything was so colorful, the people were so friendly, and the culture was contagious. I couldn’t wait to be part of it! The first few days of the trip were spent in the exciting capital of Havana, and there was lots to see and do in such a bustling city! Then we headed out to the farm in the Viñales Valley. This was by far the most beautiful farm I have ever seen throughout my travels.
On the farm our daily tasks consisted of weeding, planting, and picking the fruits and vegetables. I saw my first cashew fruit (which I learned looks like a tomato with the cashew nut as part of the stem and tastes unlike any other fruit), banana tree, and jícama plant. It’s incredible how many different plants you see growing in the tropics. In between our work on the farm, we were fortunate enough to spend quality time with the locals and be exposed to Cuban culture.
Our residences were called Casa Particulars, which are accommodations within a Cuban family’s home. My roommate and I had our own separate bedroom and bathroom – the perfect balance of personal space and family feel. During dinners, we had live music almost every night and some salsa dancing after which we would play dominoes, a local favorite.
By day two, the neighborhood children heard that I brought my own domino set and gathered around on the action. Despite language barriers we found a common thread through dancing and dominoes, which made our group feel like we had known each other for much longer than just a few days. Prior to going out to the local salsa clubs and later the famous Buena Vista Social Club in Havana, we even got to take some salsa lessons in Viñales. Despite being extremely uncoordinated, I was able to grasp the basic concepts of the dance and successfully put them to use.
As part of our cultural enrichment we rode horses through the Viñales Valley, which beats any bus tour! Our group also rode ox-carts (yes, that is still a thing in Cuba) to the organic tobacco farm, one of Cuba’s most popular exports, aside from the rums, sugar, coffee, and fruit. At the farm we got to learn how to properly roll the cigars and the process that the tobacco leaves go through prior to becoming a cigar. While still in capital, we had the chance to take several different vehicles (among them being a 1959 Dodge Custom Loyal Lance Convertible) along the Malecón, where we not only enjoyed the sunset, but also learned about the rich history of the area and famous monuments.
This whole experience humbled me, making me realize how small the world really is – how we can connect through much more than just our languages, and it helped me gain further appreciation for things that we take for granted in America. To have this unique opportunity to “step back in time” and learn about a whole new culture was so rewarding.
Originally from Moscow, I started traveling at a young age and my close friends will confirm that travel is my version of caffeine and adrenaline. It’s hard to stay in one place when there is so much of the world we all can see!
With Cisco’s encouragement of giving back, with five days paid to do so, I urge my fellow Cisconians to take advantage of this incredible benefit, and make a difference in someone’s life! Whether it is in your local communities, or traveling to do so – it is such an enriching experience.
After my experience helping the farmers in Cuba, I was further able to appreciate the work I do at AppDynamics & Cisco in helping customers realize the full potential of our products and services. I loved coming home to tell my team all about my latest adventure, and encouraging them to find a way to give back that speaks to them. It boosted team morale and brought us all closer together and everyone was excited to hear about Cuba.
So, are you ready for adventure? I know I’m eagerly anticipating my next journey already!
Want to work for a company that encourages you to give back? We’re hiring!
This post was guest-written by Brendan McDonald, who has been an aid worker since 1999. He has a Masters of Social Science in International Development and has worked in Kosovo, North Korea, Sri Lanka, Libya, Jordan, and Iraq. Diagnosed with leukemia in 2015, Brendan recently co-founded Uncomfortable Revolution, a company dedicated to changing the way people talk about sensitive personal topics.
My name is Brendan McDonald, and I am an aid worker. I am passionate about harnessing empathy in support of tolerance, human rights, and social justice.
This Giving Tuesday, I am partnering with Cisco Corporate Social Responsibility (CSR) to achieve these goals. Some of you might ask, “Why Cisco?,” but the answer is simple—I am impressed by what they do.
By partnering with nonprofits who are tackling some of the world’s most pressing development and humanitarian challenges, Cisco leverages its strength as one of the worldwide leaders in IT and networking to provide expertise, partnerships, and financial resources to change people’s lives.
For example, as part of Cisco’s Tactical Operations (TacOps) team, Cisco employees provide expertise and equipment to restore communications after disasters. Many of their staff also volunteer to work with NetHope, an American non-governmental organization (NGO) co-founded by Cisco, providing communications to refugees in places such as Turkey, Greece, and Kenya and connecting families after disasters such as Hurricane Irma in Puerto Rico.
Cisco is part of a long and proud tradition of philanthropy and volunteerism in America. Every day across all walks of life, Americans donate to nonprofits. Every day, Americans volunteer their time to help others in need. This year, there are over 141 million people in need of humanitarian assistance. Without American generosity, many of their needs will go unmet.
Nowhere is this more visible than in Yemen, the site of the world’s largest humanitarian crisis. That’s why for Giving Tuesday, I have chosen to use my in-kind donation of US$5,000 from Cisco to support Save the Children.
Save the Children, the first international aid group to establish a presence in Yemen in 1963, has a track-record of feeding, educating, protecting, and providing medical care to countless Yemeni children. Their deep community ties, dedicated staff, and knowledge of how to get things done, despite overwhelming odds, makes Save the Children an organization you can trust to help ease the suffering of girls and boys caught in the midst of this crisis.
Sarah, 12 years old, is a displaced girl now living in Hodeidah who is unable to access education
“My family and I have been displaced since the war started. I used to go to school every day, but now I don’t. I lost all of my school documents and certificates when I fled with my family from the deadly airstrikes. I could have been in the sixth grade now if I had not missed two years during my displacement. I feel sad when I see my cousins going and coming back from school, but I hide my feelings. However, I am now registered in a child-friendly space—I spend my time drawing and playing with my new friends. I love to study, and I love the child-friendly space. I want to be a police officer in the future to protect my family. I wish I could go back to my school and village; I wish with all my heart that the war stops.”
Save the Children coordinates their work with the United Nations, the International Red Cross, the Red Crescent Movement, and other NGOs in Yemen to ensure their activities have maximum impact.
Here are five practical ways your support for Save the Children can help children in Yemen:
Treating sick and injured children at hospitals and mobile health units
Feeding malnourished children
Giving girls and boys school supplies and educational materials
Providing children with safe spaces to learn, play, and cope with the recent tragedies
Ensuring families have safe drinking water and hygiene supplies
This Giving Tuesday, please donate to Save the Children, your favorite nonprofit, or cause at www.brightfunds.org/u/cisco. Every dollar helps.
This is a great use case to highlight, as industrial IoT deployments need to securely connect assets to the network without requiring IT experts. Customers want to extract data for a variety of business purposes including condition-based maintenance and remote management of assets. If managing something like a remote oil pump (LACT) in the energy sector or heavy equipment in the construction sector, there are similar requirements for distributed assets connected over non-reliable network links.
