Having recently wrapped up the 5th Annual Cisco SecCon Conference, I’d like to take this opportunity to share with you what Cisco SecCon is and the benefits to our products and you, our customers. With that, let’s start with a brief overview!

What is Cisco SecCon?

SecCon is a security conference for Cisco engineers that focuses on two critical elements for a healthy corporate Security intelligence: 1) expansion of knowledge for all and 2) building a sense of community. We allocate two days for intensive hands-on security training, and then we provide two general session days to discuss a variety of security topics including:

    • Cisco Secure Development Lifecycle
    • Best practices for security test suites
    • Cutting-edge cryptography
    • Implementation challenges
    • Current threat landscape
    • Vulnerability trends

Where is the conference held?

We host this conference in San Jose, CA, with remote site participation in seven additional locations, including Bangalore; Shanghai; Boxborough, MA; Lawrenceville, GA; Austin, TX; Richardson, TX; and Raleigh, NC. Coordinating the programs across a global community is a challenge and so worthwhile. Our global attendance for last year was 1,300, and we’ve expanded that this year with 1,000 onsite attendees and 1,000 virtual attendees.

What’s the goal of SecCon?

We work to build and extend our security community through conversation and community building around common technologies and implementations; long-term education and recognition programs development; and recognition of significant accomplishments. This year we recognized 18 Security Champions–individuals who stood out in their efforts to increase and improve Cisco product security within their organizations. Congrats to those folks!

What is the role of the Cisco Secure Development Lifecycle at SecCon?

The evolution of the Cisco Secure Development Lifecycle (SDL) began over ten years ago as a pet project of Cisco PSIRT and was meant to gather standard requirements, formalize those standards, and socialize them with key product teams. Since then, Cisco SDL has evolved into a formal baseline set of requirements. Partnerships with industry leaders, such as Microsoft, have also influenced our development of Cisco SDL. Through this evolution, Cisco SDL has become a more robust and comprehensive program, not just a set of requirements, but design, coding, and testing practices. Concurrent to the development of the formal methods, we realized the need to support engineers throughout the product teams and thus was born the Security Advocate program. Our latest evolution has been a focused senior-level management engagement program. All of this culminates in our annual SecCon conference, where we showcase technologies, highlight learning opportunities, and delve into the latest threats and challenges examining security in a holistic product approach. It’s not enough to provide world class security products—our products must have world class security baked into the process, not bolted on as an afterthought.

The keys to incenting the right behavior are to ensure that everyone building products is aware of the security milieu, understands the mitigation strategies, and is well supported and incented to continuously improve product security and quality.

I’m happy to kick off this blog series with an introduction to Cisco SecCon, what it is, what it means to Cisco, and what benefits it brings to our customers—a mature Cisco security community of support that helps focus our Engineering organization on what’s important—ensuring that our products work securely, and supporting our customers to the highest standards.

Enjoy the various blog posts from my colleagues—attendees, presenters, and trainers alike. Please reach out to any of us with questions or comments. We look forward to hearing from you!

For all things Security don’t forget to visit our Cisco Security Intelligence Operations (SIO) Portal—the primary outlet for Cisco’s security intelligence and the public home to all of our security-related content. And, we’re easy to remember! Just go to cisco.com/security!