Gavin Reid


Public Sector

With over 25 years of experience in the field, Gavin Reid is an expert in cyber threat intelligence. Reid has created numerous threat intelligence programs over the years including Cisco’s Security Incident Response Team (CSIRT), which is a global network of information security professionals responsible for monitoring, investigating, and responding to cyber security incidents.


November 21, 2016


What do Mirai & IoT botnets mean to the public sector?

5 First Steps to Defending against IoT Driven DDoS Attacks In honor of October’s National Cybersecurity Awareness Month, users of Twitter, Netflix, Reddit and the New York Times were treated to a special treat – and just in time for Halloween. Unfortunately it was more of a trick as users of these and other major […]

November 7, 2016


Is Your Race to SOC Headed for an Epic Crash?

Before You Take Off, Get Up To Speed on These Six Precursors to Incident Response It seems most advice on setting up a Security Operations Center (SOC), or creating a Computer Security Incident Response Team (CSIRT), focuses on people, technology or processes. Unfortunately, such advice may also include doing so at full speed, from the […]

October 18, 2016


On or Off the Clock, Staying Cyber Secure is a New Fact of Life

On or Off the Clock, Staying Cyber Secure is a New Fact of Life  Cybersecurity has always been a major concern for workplace networks. But, increasingly, it is top of...

July 25, 2016


Cognitive Bias in Incident Response

This blog is a co-authored by Jeff Bollinger & Gavin Reid Are You Too Confident in Your Incident Response? When Charles Darwin stated “Ignorance more frequently begets confidence than does knowledge,” civilization’s evolution from Industrial Age to Information Age was nearly a century away. Yet, when it comes to many aspects of IT, he nailed […]

June 9, 2016


Detection in Depth

Defense in depth is a well understood and widely implemented approach that can better secure your organization’s network. It works by placing multiple layers of defense throughout the network to create a series of overlapping and redundant defenses. If one layer fails, there will still be other defenses that remain intact. However, a lesser known […]

July 6, 2016


NetFlow AND PCAP (not or)

As digital transformation sweeps across the world, there is a driving need for more effective logging and data recording for incident response. In today’s IT world, your agency’s Computer Incident Response Team (CIRT) must have the capability to quickly determine the source and scope of an attack on its network in order to effectively mitigate […]

February 19, 2014


Cisco Hosting Amsterdam 2014 FIRST Technical Colloquium

The registration is now open and there is still time left to respond to the call for papers for the upcoming FIRST Technical Colloquium April 7-8, 2014. Please contact us at amsterdam-tc@first.org for speaker engagements. The event already has an exciting preliminary program covering: Savvy Attribution in the DNS – Using DNS to Geo-locate Malicious […]

January 20, 2014


Cisco 2014 Annual Security Report: Cybercriminals Applying “Old” Techniques in New Ways

We know that as time goes on, the cybercrime network’s operations will only more closely resemble those of any legitimate, sophisticated business network. And like all enterprising businesspeople, those who are part of the “cybercriminal hierarchy”—which is discussed in the Cisco 2014 Annual Security Report and illustrated below—look to increase their profits by continually innovating […]

May 6, 2013


Security Logging in an Enterprise, Part 2 of 2

We first logged IDS, some syslog from some UNIX hosts, and firewall logs (circa 1999). We went from there to dropping firewall logging as it introduced some overhead and we didn’t have any really good uses for it. (We still don’t.) Where did we go next?

  • 1
  • 2