John Stuppi

2 min read

[ed. note – this post was authored jointly by John Stuppi and Dan Hubbard] The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring DNS is often a critical step in […]

1 min read

The Common Vulnerability Scoring System (CVSS) Special Interest Group (SIG), in which Cisco is an active participant, acting on behalf of FIRST.org, has published a preview of the upcoming CVSS v3.0 scoring standard.  The CVSS v3.0 preview represents a near final version and includes metric and vector strings, formulas, scoring examples and a v3.0 calculator […]

1 min read

Rarely a week goes by that we don’t hear of a database compromise that results in confidential data—many times consisting of personally identifiable information (PII)—falling into the hands of those who should not have access to the data. Protection of our PII is becoming increasingly critical as more and more information is collected and stored through the use of Internet-enabled devices.

1 min read

As we pass the halfway point of National Cyber Security Awareness Month (NCSAM), I wanted to call attention to some of our colleagues over on the Cisco Government Blog.

5 min read

Hi there and welcome to today's U.S. National Cyber Security Awareness Month tip, courtesy of those of us involved in administering and/or contributing to Cisco Security Intelligence Operations!! For...

3 min read

Having just returned home to New Jersey from Cisco Live US in Orlando, Florida, I thought I’d share my experiences as a Network Security Engineer both attending and presenting at this year’s conference. There were approximately 20,000 attendees at this year’s conference, which I believe set a new Cisco Live attendance record! Considering the huge size […]

2 min read

The decision to deliver the biannual (on the fourth Wednesday of every March and September) Cisco IOS Software Security Advisory Bundled Publication brought with it many challenges, process changes, and—in the end—a format for Cisco Vulnerability Disclosure that we hope addresses at least some of your concerns. What we would like to get now is feedback from our customers on how the bundle delivery format has changed your lives (well, at least during working hours!), for better or for worse, when it comes to dealing with Cisco PSIRT security vulnerabilities identified in your Cisco IOS environment. The information you provide in this survey will help Cisco to continue to evolve our vulnerability disclosure process to address your challenges and concerns, just as we did back in 2008 when we listened to you and developed the Cisco IOS Software Security Advisory bundle process.

3 min read

I have been coaching youth sports for the past seven plus years now and one of my common mantras when speaking to the girls and boys each season is that “we will win as a team and lose as a team.”  In other words, I will never tolerate one player acting selfishly enough to think […]