SecCon 2011 – Addressing Customer Security Requirements

November 4, 2011 - 4 Comments

What a week! From October 31-November 3, Cisco hosted its annual internal security event—SecCon 2011. Co-hosted by Greg Akers, SVP of Cisco’s Global Government Solutions Group and Ed Paradise, Vice President of Engineering, this marked the fourth year in which we shared the latest in product security practices, policies, processes, and thought leadership with employees who participated in live and virtual sessions around the world.

We kicked-off the event with pre-conference trainings and boot camps, moving into a general assembly, hands-on breakout sessions, panel discussions, and networking opportunities with both internal and external security professionals to round out the four days. Cisco employees participated from India to Ireland to Norway to China, as well as numerous sites across the United States via Cisco’s internal TV broadcast, WebEx or TelePresence capabilities.

Through this year’s theme—“From Basics to Advanced – Addressing Security Threats From a Customer’s Perspective”—we addressed many security measures that we focus on to help Cisco and our customers to be more secure. We covered vital aspects of product security, including trustworthy systems, public policy, product certifications, common crypto, and the primary method that we use for addressing security threats. The Cisco Secure Development Lifecycle (CSDL), our internal proactive security approach, identifies specific tools and processes needed to deliver secure and resilient products for our customers.

Amongst the exciting line-up of speakers, our special guests this year included Melissa Hathaway, former cybersecurity lead under President Obama and coordinator for former-President Bush, who shared her perspective on how and why cybersecurity is such an urgent national need. Immediately following, Paul Steinau from the U.S. Secret Service, reviewed the TJMaxx network intrusion case. While this incident occurred four years ago, it is a phenomenal case study that outlines a specific threat to the network, and how quickly a security breach can turn into a crippling security challenge with far-reaching economic impact.

Each of our guest speakers shared their specialized perspectives to demonstrate the need for greater security and how customers—with Cisco’s help—are addressing today’s security threats and vulnerabilities, while upping the ante to protect and secure our products from those who would do us harm.

Today more than ever, security is gaining momentum in mindshare and importance for our customers, and we see it as both a priority and opportunity for Cisco. As Cisco strives to shape and influence global security standards and drive innovation, we are all stepping up our efforts to ensure that security is embedded in all of our products. Through successful events like SecCon, our employees are recognizing that they all play a vital role in not only securing our company, but also ensuring that the products we deliver are secure.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Looking forward to attending someday soon, when I’m back in the area

  2. Did anyone address standardising security metrics or the valuation of digital objects and flows?

    • Lance Hayden did a pretty good book on this entitled IT Security Metrics, which a number of people @ Cisco contributed to even though its published independently. May want to check it out.

      The EAN number is EAN:9780071713405


      • Hi John,

        Was not aware of this book (since Andrew J’s book on SecurityMetrics (ISBN-13: 978-0321349989)

        I’m an old contributor to the SecurityMetrics mailing list started by Andrew et al. At one or two mini-metricons we bounced ideas off Dan Geer, Fred Cohen…etc. (Cisco’s Gav Reid is notable too with initiatives like CVSS)… however… in my mind no one has addressed the fundamental valuation of data objects/flows and the new physics adequately… I will read this book with a sense of optimism and park my Security “all current digital risk units are fundamentally flawed” and get back to you… 😉

        Dan Geer’s tutorial on metrics still sticks out in my mind: