Login
For these Cisconians, hands-on is the way to go when it comes to giving back. Using Cisco’s Time2Give benefit that provides 10 paid days to volunteer each year, team members rolled up their sleeves to build homes, cuddle and care for animals, distribute food and more. If you also value giving back, check out our open roles.
Marketing Specialist, Global Events Julie Kramer used Time2Give to build a shed with Habitat for Humanity of Huron Valley. Kramer especially appreciated learning about the organization’s purpose in addition to learning how to build.
John Hindman, an account executive, used Time2Give to spend a week in Nicaragua with SuNica, an organization centered on clean water and fellowship. Hindman cleared out downed trees, picked coffee and built treehouses to allow the organization to host more children from surrounding communities.
In the community Hindman visited, repurposing recycled materials is critical to the economy, and one way that happens is through “mining” the local landfill. Hindman’s team encouraged local employees and led games and activities for local children.
For those considering Time2Give, Hindman says, “Do it. Unplug, find something you’re passionate about, set up your out-of-office, and ignore everything work-related for the time you’re serving.”
Animal lover Carrie Cordeiro, a Cisco Secure digital strategist/manager on the Brand Marketing team, volunteers with Hopalong and Muttville as a kitten cuddler and dog walker. Most of her time is spent transporting kittens, puppies, cats and dogs around the Bay Area to vet appointments, adoption centers and foster locations.
The best part for Cordeiro is “getting to interact with so many adorable animals,” she said. As for leadership support around utilizing Time2Give? “I love doing it and my management team absolutely supports it, especially when I share photos.”
Customer Success Manager Kristen Gehrke reminds us that, “You don’t always have to look far to utilize Time2Give.” She sewed a baby blanket for Bluebonnet Trails Community Services. “The best part of the experience was giving back to mothers and their babies, as I am an expecting mother myself,” she said.
Engineering Manager Blake Ellingham organized food pantry shelves and packed bags for food distributions with HTB Food Bank. “I love getting to do work with my hands that helps others,” he said.
Ellingham recommends scheduling something routine for Time2Give. “Consistency matters! By going in every week for a half day of volunteering, I was able to make great friends with the staff,” he said.
From empowering youth globally and remotely to volunteering across community hubs, Cisconians deeply value innovative ways to contribute their time and talents.
If you are interested in increasing the impact of your skills and passions at work and beyond, check out our open positions.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cisconians delight in contributing to their communities in a variety of ways including at the local theatre, farm and library. Cisco’s paid Time2Give benefit encourages team members to volunteer at the places where their passions thrive.
How should you decide where to get involved? Customer Success Program Manager Kate Pydyn advises: “Find something that speaks to your passion while giving back. There are so many opportunities that involve being outdoors, crafting, teaching skills you’ve developed, telling stories or providing comfort.”
With ten paid days a year to give, these Cisconians demonstrate that building relationships with people, the arts and the earth can increase fulfillment, connection and community.
Urban farming is an issue very close to the heart of Petra Hammerl, a senior enterprise customer success manager who works on Duo Security. Hammerl frequently volunteers at Farm City Detroit, part of Detroit Blight Busters. Using Time2Give, Hammerl has shared the experience by “bringing a crew of awesome co-workers which has been amazing and a lot of fun,” she said.
“It felt great to take action! There are so many problems in the world, and I often feel powerless to make a difference. What I did was small, but with all of the volunteers together, the work that was done makes a real difference in the lives of my neighbors.” – Kate Pydyn
Pydyn and Emily Gennrich, a manager of operations for security customer success at Cisco Secure, joined in on the fun by contributing to multiple facets of gardening from weeding to harvesting food. “It felt great to take action! There are so many problems in the world, and I often feel powerless to make a difference. What I did was small, but with all of the volunteers together, the work that was done makes a real difference in the lives of my neighbors,” Pydyn said.
Senior Communications Manager, Brand Strategy & Design at Cisco Secure Chrysta Cherrie spent her Time2Give as a sighted assistant at the VISIONS vendor fair, hosted at the Ann Arbor District Library Downtown. “I was really happy to take some time to volunteer at the VISIONS vendor fair for people who are blind, visually impaired or physically disabled,” Cherrie said.
Learning how to be a sighted assistant was “a reminder that we can do more when we can rely on each other. Taking the time to better understand how someone makes their way through life gives you a chance to build empathy,” Cherrie said. She escorted attendees around the event where exhibitors offered products and services like electronic readers, leader dogs and transportation. There were also talks throughout the day and Cherrie helped attendees navigate between the presentation and vendor areas.
Meeting attendees of the VISIONS vendor fair and experiencing how meaningful the event is also moved Cherrie. The fair “brings out folks throughout southeast Michigan, so there’s a good chance that the person you’re assisting will run into some friends, and getting to see people connect like that can’t help but make you feel good,” Cherrie said.
Jenny Callans, a senior design researcher who works on Duo Security, serves as the chair of the Friends of the Detroit Film Theatre’s Auxiliary, a part of the Detroit Institute of Arts. “We support the mission of the Friends of the Detroit Film Theatre to make great niche films accessible to audiences,” she said. To do that, the organization is responsible for building a community of film fans and overseeing how donations are spent.
For Callans, the most meaningful part of using Time2Give to support the FDFT and the DIA is sharing her love of film with others. Time2Give supports her duties as FDFT chair, and gives her a sense of connection when she’s visiting the DFT to take in a movie. “Sitting in a theatre next to my young adult son, but surrounded by strangers watching a film that is unusual or unexpected but which moves me and challenges me to think is the best part hands-down,” Callans said.
From supporting youth to volunteering at community hubs, Time2Give “is a fantastic opportunity to have a long-lasting, meaningful relationship with your community by volunteering as a board or committee member! Having a long-term presence with an org is amazingly impactful, for you and for the organization,” Callans said.
Time2Give is one of Cherrie’s favorite things about working at Cisco. She says, “Take advantage of the opportunity! Time2Give is a great way to give back to your community and the people and causes that you care about.”
Stay tuned for more posts celebrating the community engagement Time2Give fosters and check out our open roles to join in on giving back.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Giving back is part of the ethos at Cisco. Part of how that happens is through employees volunteering as part of Cisco’s Time2Give benefit in which employees can use paid time to contribute to their communities and support the causes they’re passionate about. During the pandemic, Cisco increased this benefit from five paid volunteering days to 10 and encourages virtual volunteering, too.
Elizabeth Chang, a software engineer on the Duo Security platform services team, considers Time2Give a great opportunity to “invest in people around you. It is amazing that Cisco supports what we are passionate about and that we can use this time to grow ourselves in other areas of life,” she said.
Cisconians care deeply about many causes, and this post celebrates how teammates spend their time supporting children, youth and teens in and out of school and those preparing for college. Stay tuned for future posts highlighting how other employees give their time. You may even be inspired to find out how you can develop your skills while contributing to organizations that matter to you!
Pierpaolo Panarotto, an account executive on Duo’s EMEAR continental team, volunteers at Sport senza frontiere onlus, a summer sports camp in Italy for refugee children. This summer Panarotto tutored and taught badminton. The program also welcomed children from Ukraine this year.
For Panarotto, the best part, hands down, was seeing the children’s smiles. He advised, “Give back to your community. Sometimes we forget how lucky we are.”
Chang also volunteered at a summer camp, supporting middle and high school students in Boston. The program she supported, Area Youth Ministry Leadership Camp and Summer Boost, fosters leadership skills and college readiness while promoting mentorship.
By helping lead a coding workshop, Chang was able to share what she does professionally. “I was glad that I got to help inspire youth to pursue computer science,” she said. The camp was such a hit that many participants “didn’t want to go home because they had such a fun time,” Chang shared.
“Take the time! You’ll never get the opportunity to go back and take it later. Your community and your heart will thank you!” – Sarah Moon-Musser
Now that school has started, Engineering Program Manager in Platform Engineering Sarah Moon-Musser helps teach the Belleville High School Marching Band’s color guard choreography for their halftime show. She loves spending time with the students. To those considering utilizing Time2Give Moon-Musser says, “Take the time! You’ll never get the opportunity to go back and take it later. Your community and your heart will thank you!”
College readiness is also a passion for Justin Fan and Seema Kathuria who both volunteer with Code2College. They’re able to volunteer virtually by reviewing resumes and college entrance essays and providing constructive feedback through shared documents.
Senior Product Marketing Manager, Kathuria appreciates “learning about the experiences of high school students and how they approach writing about their accomplishments,” she said.
For Fan, a senior customer success manager in security customer success, “the best part is supporting younger generations as they move into college and career. They’re so much more focused and mature than I was at their age,” he said. Fan also participates in virtual career workshops with high school and college students with Students Rising Above.
For others wanting to use Time2Give, Fan suggests finding opportunities you’re passionate about and utilizing light meeting days to volunteer. Kathuria says, “Take advantage of the 10 Time2Give days per year that Cisco gives us. It is very generous, and it feels so good to give back to the community in whatever way makes you happy and fulfilled.”
If you’re looking to feel fulfilled by your work and the impact you can make, please check out our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Written by Martin Lee and Richard Archdeacon.
Lloyds of London have recently published a Market Bulletin1 addressing the wording of cyber insurance policies to exclude losses arising from:
“state backed cyber-attacks that (a) significantly impair the ability of a state to function or (b) that significantly impair the security capabilities of a state.”
The concern raised is that this sort of attack will produce losses that the market cannot absorb. Most insurance policies already include provisions that exclude the consequences of armed conflict. Applying these to potential cyber warfare is a logical step.
The bulletin includes the tenet to:
“set out a robust basis by which the parties agree on how any state backed cyber- attack will be attributed to one or more states.”
What should the CISO be thinking of when reviewing such an exclusion clause, how can we clearly define this key term and what issues may arise?
Attribution is the science of identifying the perpetrator of a crime. In cyber attacks, this is arrived at by comparing the evidence gathered from an attack with evidence gathered from previous attacks that have been attributed to known perpetrators to identify similarities.
In practice, statements of attributions are carefully phrased. Rarely is evidence clear-cut. Frequently attribution is labelled as being ‘consistent with’ a threat actor, or wrapped in words of estimative probability such as ‘highly likely’, ‘probably’, ‘possibly’ etc.
The malicious actors who conduct cyber attacks are referred to as threat actors. The cyber research community identifies and keeps track of the actions of these threat actors, publishing compendia of known actors such as those made available by MITRE2 or Malpedia3.
Rarely do threat actors identify their true identities, they may actively try to confuse or frustrate attribution. Many of the named groups may be synonyms of other groups, equally many of the chains of evidence used to attribute groups may be incorrect. The compendia of threat actors should not be considered as reaching the evidence threshold of “beyond reasonable doubt”.
Some identified threat actor groups are assumed to be criminal gangs due to the nature of their activity. Others appear to be conducting attacks solely to further the geopolitical aims of a nation state and are assumed as being state sponsored or state backed. Some of these groups have been able to be associated with specific national intelligence agencies or state apparatus.
The following are four practical factors to consider when setting out a robust basis for attribution of attacks in a contractual basis.
Step 1 – Collect forensic evidence.
No attribution of an attack can be made without forensic evidence. CISOs should ensure that they are able to gather forensic evidence from attacks to identify as much information as possible regarding how an attack was carried out, and the infrastructure used by the attacker. This requires a basic level of security telemetry gathering with the ability to secure and query this data.
This forensic capability, how evidence will be gathered and preserved, should be agreed with the insurer. However, both parties must bear in mind that attackers may destroy or tamper with evidence, and in the urgency of halting an attack, forensic evidence may be compromised or omitted.
The CISO should be prepared to discuss internally with senior executives the possibly competing priorities of stopping an attack versus collecting good forensic evidence.
Step 2 – Define how attribution will be made.
The attribution of a specific attack must be made by comparing evidence gathered from the attack with that of previous attacks. CISOs should agree the process by which forensic artifacts are used to attribute attacks and the degree of certitude necessary to declare an attack as having been carried out by a specific group.
The set of organisations trusted to assert attribution should be agreed. Attribution made by national bodies such as NCSC, CISA or ENISA may be assumed to be reliable, as may those made by major security vendors (such as Cisco) with expertise and resources that a CISO will never have inhouse. However, anyone can suggest attribution. CISOs should be certain to insist on the exclusion of assertions that have not been confirmed by a trusted entity.
This raises the question as to whether a trusted organisation would be prepared to support their attribution in a scenario where they would have to expose their intelligence sources and methodologies to examination. Attribution may be based on classified intelligence, or made according to ‘fair efforts’ that fall below the legal threshold of “on the balance of probabilities.”
Step 3 – Consider the volatility of attribution.
The gathering of evidence and intelligence is a continuing process. Information previously assumed to be fact may be subsequently identified as incorrect or a purposeful red herring. New evidence may be identified months or years after an attack that changes the estimated attribution of prior attacks.
CISOs must determine a period after which the attribution of attack (if made) will not be changed even if subsequent evidence is uncovered.
Step 4 – Define the nature of state backing.
CISOs should agree what constitutes state backing. Ideally CISOs should agree with their insurers the set of threat actor groups (and their synonyms) which are considered to be ‘state backed’.
State involvement in cyber attacks is a spectrum of activity. Criminal threat actors may be under various degrees of state tolerance or encouragement without being fully backed by a nation state. Some criminal groups may be under partial state direction, acting in a manner akin to privateers. Some state backed actors may indulge in criminal style attacks to boost their coffers.
In any case, criminal and state sponsored actors can easily be confused. They may choose to use the same tools or apply the same techniques to conduct their activities. Non-state threat actors may come into possession of state developed tools which may have been stolen or traded without permission.
Some threat actors may actively resort to influence attribution, either through choice of tooling, or through sock puppet accounts attesting attribution, to increase pressure on CISOs to pay ransoms by influencing if insurance is paid out or not.
The decision line where an attack can be referred to a ‘state backed’ is a fine one that requires consideration and agreement.
Changes bring opportunities, the need for this robust process may cause complications for CISOs. But it is an opportunity for CISOs to review the details of cyber insurance contracts and to hammer out the details of how issues of attribution will be determined.
Lloyd’s Market Association provide sample clauses for insurers4, we intend to consider these in a subsequent blog.
One thing is certain, there will be many opportunities for the legal profession.
The information provided here does not, and is not intended to, constitute legal advice. When negotiating a specific matter, readers should confer with their own legal adviser to obtain advice appropriate for a specific insurance contract issue.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Few security career paths are linear. For Stephanie Frankel the journey to Cisco Secure was circuitous. The Ann Arbor, Michigan native studied journalism at the University of Michigan before managing communications for the Washington Capitals and NBC Sports. But after several stints at communications agencies, she charted a new path for herself in cybersecurity. Not only has her diverse background served as a strength in her current role as senior manager for strategy and operations, but it’s also informed her management philosophy.
After doing project management and account direction at consulting agencies, Frankel was interested in honing her skills and expertise on the client side. She had heard amazing things about Duo and wanted to stay in Ann Arbor and work for a company with local roots. After interviewing, Frankel realized that “working at Duo was a cool, exciting opportunity with a really awesome group of people.”
Frankel was on the ground running working as a technical project manager in research and development overseeing the Multi-Factor Authentication, applications and mobile engineering teams despite not having worked in information security before.
Duo’s security education allowed Frankel to understand the industry and is something she values for getting more people into the cybersecurity field. At Duo and Cisco Secure, employees come from a variety of backgrounds and some don’t have much (or any) experience with cybersecurity.
Robust educational programs build knowledge about security and specific products which empower new team members to grow and learn. Every team also has a learning and development budget for employees to quench their curiosity and enhance their knowledge through courses, books or other programs Manager of Global Employee Programs Anndrea Boris shared.
“People are open to having conversations and open to ideas and ways to solve those ideas. If you have an idea of how to solve a problem, no matter whether it’s your job or not, people are open and willing to listen to you.” – Stephanie Frankel
Something Frankel also appreciates most is that ideas are valued at Duo and Cisco Secure: “Even in my first job, I would have ideas and go to my boss or our head of engineering and say, ‘Hey, I think this could be a really cool opportunity, and I think it needs this.’ People are open to having conversations and open to ideas and ways to solve those ideas. If you have an idea of how to solve a problem, no matter whether it’s your job or not, people are willing to listen to you.”
After a year, Frankel moved from engineering to marketing to run operations for Duo’s in-house brand team, leading the team through a rebrand. “The team really rallied behind this new brand and it was amazing to see their pride and hard work when sharing it,” she said. With Frankel’s leadership, the team showcased not only the new look and feel of the brand but also the customer research that went into understanding the need for the change.
“Our amazing team knew that for it to catch on internally we needed to help people understand the why. The team put together an amazing training and went around the company to help people understand the security buyer, the industry overall and our differentiators and how we could do all of this within the umbrella of Cisco,” she said.
Recognizing that she most enjoys and feels best suited for a strategic operations role, she had open conversations with her manager. “I told my boss, ‘It’s just not a great fit.’” Her manager was very supportive, and they worked through potential options. “You’ll find a lot of that at Cisco,” she said.
Now as senior manager in the Strategy and Operations Group within Cisco’s Security and Collaboration division, Frankel runs key initiatives for business operations that drive business growth. She is empowered to creatively solve problems and collaborate “with all the stakeholders within each group to move these programs forward, to understand the problems we’re looking to solve, create objectives, a program plan, and continue to track metrics and progress towards those ultimate goals,” she said.
A self-described “over communicator,” Frankel believes that as a leader, “the more you communicate and the more transparent you are, the better.” Frankel loves leading people who are experts in their fields and letting them do what they do best.
On the brand team, for example, she trusted her team’s expertise in producing stories, videos and animations to demystify Cisco’s security products.
“All I needed to do was give them the objective and the goals and they were able to come up with the solutions,” Frankel said.
She fondly remembers the boss at one of her first jobs out of college. In that job Frankel wrote press releases and wanted her boss to fully approve the final versions before sending them to the media. Once her boss told her, “Stephanie, if you keep giving it back to me, I will keep finding things to change. I trust you to know when it is ready to go.” That confidence in her so early in her career “gave me so much confidence in myself,” she said.
Frankel emulates his approach to management by recognizing that each employee has different needs in their lives, in their careers, and in how they like to receive feedback. From that boss Frankel first learned that for every piece of negative feedback, you must give four pieces of positive feedback for “someone to actually hear it because that’s how you balance things out in your mind.”
Frankel believes feedback is crucial for growth. “I don’t see how you can improve or grow without it, no matter what level of your career you’re at. Feedback shouldn’t be taken as negative, as much as it is a way for you to improve,” she said.
One of the most helpful things Frankel learned in a Cisco class for managers was the importance of asking a person if they are in a good place to receive critical feedback. “You might not be in the mindset to accept the feedback and to do something constructive with it,” she said. ”If you’re having a bad day or struggling, you could say, ‘You know what, I’m not going to be able to take it today, but let’s talk tomorrow and I’ll be in a better place to receive it.’’’
Frankel has spent the last year thriving in a role she never anticipated in an industry her college training in journalism didn’t fully prepare her for. The secret, she says, is keeping an open mind to new possibilities and a willingness to take on new challenges, even if you don’t feel 100% ready.
“A lot of it is getting real world experience and learning your way through it and knowing that there’s a lot of opportunities and a lot of people that are willing to teach you,” she said.
To pivot professionally Frankel advises not feeling pigeonholed just because you studied a particular topic or have been in a certain industry for a long time. Take what you can from where you started such as storytelling and communications skills in the case of journalism for Frankel. While trying something new may require taking a different level or type of job “sometimes it’s worth it because you have that opportunity to grow and you might find you’re happier somewhere else,” she said.
When discerning professional steps Frankel recommends having open and honest conversations with yourself and others such as mentors.
“Cisco has so many mentorship programs and so many people that are knowledgeable about a lot of things,” she said. ”Just because your current role isn’t a great fit doesn’t mean that there’s not another good fit within the corporation, or it doesn’t mean that you can’t create your own good fit.”
Did you know that Cisco offers cybersecurity trainings and certifications? Start developing your cybersecurity skills today! And if you’re ready to jump into an exciting new career in security, check out the open roles at Cisco Secure and Duo Security.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
FreshRSS 