Managing Security Content That Matters

September 18, 2012 - 0 Comments

What might interest you to spend time at a website such as Cisco’s Security Intelligence Operations (SIO) web portal? You might be compelled because of the relevant security content made available to you that matters most. Directly linked to that experiential perspective are the behind-the-scenes efforts that are related to the publishing and presentation of security content, which is a dynamic undertaking because the Internet never sleeps and the next cyber-security event looms just around the corner. Security practitioners, and non-practitioners alike, reap the benefits from the security content that the Cisco SIO content managers orchestrate for the SIO portal. This article provides insights into how they contribute to the publishing of trusted, consistent, and predictable content for you, our customers, on a daily basis throughout the year.

Managing security content is significant in several respects to SIO, where there is an array of options to apply and reap maximum benefit from content within the key security tenets: confidentiality, integrity, and availability. At its core, SIO’s security content transcends diverse communications mediums and is woven into the methods related to how we consume and interact with it. Cisco has a team of dedicated content managers chartered with meeting the demands and challenges of delivering timely, credible, and actionable security intelligence through the editorial and web publishing services that they provide within SIO.

The Security Content Manager needs to be mindful of the content providers and publishing platforms covered while aggregating and distilling security information for use by a global audience over multiple communications channels within the context of their use cases. This approach is integral to facilitating the degree and impact of the security content’s effectiveness and utility.

A common theme here is to deliver an experience that imparts security content that is relevant, easy to access, applicable, instructional, and perhaps even thought provoking. The Security Content Manager supports the delivery of SIO intellectual property through collaboration with multiple SIO contributors, such as security intelligence engineers, PSIRT incident managers, and security analysts. These and other core groups in SIO were also highlighted in the Network World feature article (page 3), “Inside Cisco Security Intelligence Operations.” The Security Content Manager predominantly focuses on publishing tools and processes that can be applied to transform both the delivery of security content and supporting delivery mechanisms. This positions them well to provide the editorial and publishing functions for several SIO deliverables such as the actionable intelligence contained in Applied Mitigation Bulletins, IntelliShield Alerts, Cisco PSIRT Security Advisories, and Threat Defense Bulletins.

As a continuation of my previous series of ”Day in the Life” blog articles on security roles at Cisco, the following is taken from an interview I conducted with an SIO Content Manager. My goal was to provide a closer look at the SIO Content Manager role and help those considering a similar career in the information security field.

What range of background does a Security Content Manager role have?

I previously worked as an analyst with IntelliShield and bring with me a technical background. Proven college-level writing and grammatical skills provide a basic foundation. From an educational perspective our team comprises degrees in journalism as well as English majors and a certified project manager, combined with technical knowledge. In essence, the team is highly complementary, each having their own forte, which has also helped us to develop our own writing style.

What does a Security Content Manager do to come up to speed?

We actually just finished training two new members of the team. To get them up to speed, we helped them to understand who does what within the SIO organization. Understanding which groups are responsible for the different types of documents really helps a security content manager develop a better understand of the entire organization. We use several web-based tools to push out content to the SIO portal, security content managers need to become familiar with all of them. Almost all of these tools are all custom built to meet our needs. New Content Managers also need to learn our writing style and apply our style guides to documents before publishing. That should provide a baseline competency.

What do you like most about your role?

The first thing that comes to mind is the inherit variety of content. While managing the content that ends up on the SIO Portal we cover a lot of different areas, so if there is something that you like to do, there is a chance we cover it in one way or another. I had an opportunity to integrate our SIO content into the technical support application and was able to collaborate with the Cisco Security support team to do this. I also get to work on the security blog and learn about different topics. Other team members work on business operational aspects, video and graphics editing, voice work (podcasts), metrics, and strengthening the organization’s writing/communications skills by leading instructional classes. We might not create the content directly, but we do make it possible to get it accessible through multiple channels that are available throughout the SIO portal. Overall, the variety is dynamic and that continues to make my role enjoyable.

Can you share some insights on what your daily core activities involve?

One of the fundamental activities is to review and publish IntelliShield Alerts to the SIO portal that are created by Cisco security intelligence analysts. For example, we recently published 261 alerts over the span of a week. We support the publication of the PSIRT and Applied Intelligence teams’ content (Security Advisories and Applied Mitigation Bulletins). Other activities involve making sure that all of this information reaches the SIO portal via automated and manual processes.

How does your day usually begin?

On a good day, my first action is usually reviewing my e-mail and calendars to see what has been happening since I logged off the day before. Keep in mind that SIO is a global organization. Therefore, just because I may not have been online, others indeed have been and I need to synch up to where they left off. For example, that means synching up on any IntelliShield alerts that are in my assignment queue. After that, I check to make sure that other outstanding tasks are moving forward, such as security advisories, white papers, Applied Mitigation Bulletins, blog posts, etc. From a holistic perspective, our team functions as the air traffic controllers for SIO. We direct and evaluate a lot of content. However on an exception basis, there could be an event that takes precedence. For example, if I am on call and there is a critical event that requires us to publish content quickly, my day might begin at 1 a.m.

What is a key aspect (for example, qualitative or quantitative) of being successful?

Because of the variety of content, the quantity aspect can be difficult to measure beyond meeting publishing timelines. However, from a qualitative aspect, it comes down to how well you communicate with others. For example, if we do not communicate well with someone on a team, then we miss a deadline and that can directly impact our customers.

Are there any other aspects of your job that are essential as you work with your team members or others that depend on your work?

This is one of those roles where it can be beneficial to be a perfectionist. However, you need to be mindful not to take things to such a degree where it could be counter-productive. Although we do not necessarily create the content, we are in charge of how it is displayed, including its appearance and how it works optimally for the customer. That means presenting content in a consistent style, ensuring that there is no question as to the meaning, and that the information is seamlessly accessible on the SIO portal.

What else can you recommend to others regarding optimizing their practices based on your experience?

Challenge yourself to take your content management practice to the next level and tap into your creativity. For example, the SIO portal is a dynamic environment. That means you need to embrace innovation to determine the best ways to deliver information to your customers and make it even more valuable to your audience.

What do you like to do for fun when you are not a practicing Security Content Manager?

When I punch out, I enjoy spending time with my family. I also like sports and outdoor activities, playing video games, and trying out the latest technologies.

I encourage you to check out the wealth of information and resources available at the SIO portal. Let me know where we can improve as well as which aspects of the portal you like. If there are other Cisco security roles you are interested in for future blog post articles, please let me know.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.