SecCon is our internal security conference, which for the past five years has taken place live in San Jose. Many industry recognized experts  over the years have graced the stage, and the security community at Cisco looks forward to each December where we gather together to network  and  learn  about the new threats that face our products.  In past years, remote sites around the globe were linked into San Jose, sharing part of the speaker line-up and also giving local security people at remote sites the ability to speak to a local audience. In 2013, for the first time ever, SecCon events were hosted in remote locations.

The goal of these events is twofold: first, to provide high-quality, topical security education to those people responsible for building our products, and second, to growthe security community amongst our engineering population. We believe that security must be part of everyone’s job description at Cisco. We are all part of the security solution, and we use these SecCon events to band together.

The first remote SecCon event of 2013 took place in Shanghai, China at the Cisco China Research & Development Center. Approximately, one hundred people came together to attend boot camp trainings and the conference. The boot camps covered the application of the Cisco Secure Development Lifecycle for development and test engineers. The local conference speakers focused on web application security, with talks specifically providing a deep dive on the Open Web Application Security Project (OWASP) Top 10 and also browser / cache security.


The second SecCon event of 2013 took place in Bangalore, India. There were more than 800 individual participants that attended the conference and training sessions. The Bangalore event featured speakers from industry, government, and the local Cisco population. Dr. Gulshan Rai, Director General, CERT.IN delivered a session about the security challenges faced by the Government of India. Felix Mohan, CISO for Airtel, provided a customer perspective on networking and connecting security products together.


A team of product security experts and conference hosts from the Cisco Secure Development Lifecycle (SDL) team traveled to these locations to provide boot camp training and bolster the case for building security into everything that Cisco produces. The traveling crew provided two different talks: “The State of the Hack is Everything” and “Why YOU Need to Be Part of the Security Solution.” These talks were the bookends of each conference. The State of the Hack focuses on the security threats and challenges of the Internet of Things / Everything. A solution was proposed to use SDL to ensure that security is properly designed into IoT / IoE. The Security Solution talk charged up the audience to focus on securing all Cisco products.


A take away from these two events is that product security and innovation is alive and well within Cisco, both in the United States and globally. Engineers have caught the vision of building security into all of our products. We look forward to 2014 when additional internal security conferences take place around the globe–in Israel and Europe. These events  will continue to establish Cisco as the leader in the Secure Development Lifecycle and product security.

For more information on SecCon, please visit the SecCon page on Cisco.com. For more information on Cisco SDL, please visit the Cisco SDL page on Cisco.com.


Chris Romeo

Chief Security Advocate

Cisco Secure Development Lifecycle (CSDL) program