Avatar

Jeff Bollinger

CSIRT Manager

Infosec CSIRT

Jeff Bollinger joined Cisco Systems in 2002 supporting Cisco's security technologies and solutions for SMB and enterprise customers. In 2006 Jeff moved to the Computer Security Incident Response Team (CSIRT) and rapidly developed its global security monitoring and incident response capabilities. Specialising in investigations, and intrusion detection, Jeff built one of the largest Cisco IPS networks in the world as well as an enterprise class secure web proxy architecture. His recent efforts include log mining and optimisation, threat research, and security investigations.

Articles

May 12, 2019

SECURITY

Cisco Security First: Focusing on the Issues of Incident Response and Security Teams

Cisco CSIRT is a global team of information security professionals responsible for the 24/7 monitoring, investigation and response to cybersecurity incidents for Cisco-owned businesses. CSIRT engages in proactive threat assessment,...

February 9, 2018

SECURITY

Cisco Hosting Amsterdam 2018 FIRST Technical Colloquium

We would like to announce a “Save the Date” and “Call for Speakers” for the FIRST Amsterdam Technical Colloquium (TC) 2018.

August 7, 2017

SECURITY

Open Source Threat Intel: GOSINT

It’s our pleasure to announce the public availability of GOSINT – the open source intelligence gathering and processing framework. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you are applying research […]

February 27, 2015

SECURITY

Cisco Hosting Amsterdam 2015 FIRST Technical Colloquium

Registration is now open for the upcoming FIRST Technical Colloquium May 4-6, 2015 at Cisco Systems in Amsterdam, Netherlands. Please contact us at amsterdam-tc@first.org for any questions. The event already has an exciting preliminary program covering: Attacks Against Cloud Server Honeypots Emerging Threats – The State of Cyber Security Cisco IOS and IOS-XE Integrity Assurance […]

December 3, 2013

SECURITY

Operational Security Intelligence

Security intelligence, threat intelligence, cyber threat intelligence, or “intel” for short is a popular topic these days in the Infosec world. It seems everyone has a feed of “bad” IP addresses and hostnames they want to sell you, or share. This is an encouraging trend in that it indicates the security industry is attempting to […]

October 24, 2013

SECURITY

To SIEM or Not to SIEM? Part II

The Great Correlate Debate SIEMs have been pitched in the past as "correlation engines" and their special algorithms can take in volumes of logs and filter everything down to just...

October 22, 2013

SECURITY

To SIEM or Not to SIEM? Part I

Security information and event management systems (SIEM, or sometimes SEIM) are intended to be the glue between an organization's various security tools. Security and other event log sources export their...

October 3, 2013

SECURITY

Big Security—Mining Mountains of Log Data to Find Bad Stuff

Your network, servers, and a horde of laptops have been hacked. You might suspect it, or you might think it’s not possible, but it’s happened already. What’s your next move? The dilemma of the “next move” is that you can only discover an attack either as it’s happening, or after it’s already happened. In most […]