Blog index > Archives > Infosec in the Fast Lane
avatar

New Forum on Secure Borderless Networks

Thursday, January 20th, 2011

I and some colleagues are starting a web forum on “Secure Borderless Networks” via LinkedIn.com Groups.  If you have an interest in how to tame the Borderless Frontier,  log in to Linkedin.com and search the groups for “Secure Borderless Networks” or just click here: http://www.linkedin.com/e/6neuiq-gj5xaum1-2z/vgh/3754005/.  The purpose of this group is to provide a forum for discussing Cisco Technologies and architectures supporting Secure Borderless Networks.  This includes ACS, NAC, TrustSec and other emerging technologies.

The Cisco “Borderless Networks” vision is both awesome and scary:  facilitating “access to anything on the network from anywhere” means enabling rapid business transactions and innovation,but it also now expands the “threat surface” of the corporate network dramatically.  Without a robust discussion about these challenges and potential solutions, the borderless frontier starts to look like the wild west, an inviting place for criminal hacker activity. The goal of this group is to encourage broad discussion of the potential threats and solutions, down to the features and lackings.

1 Comment

This entry was posted on January 20th, 2011 by and is filed under Category: Infosec in the Fast Lane.
You can follow any responses to this entry though the RSS 2.0 feed.

avatar

Hot New Security Certification from Cisco: CCNP Security

Friday, October 22nd, 2010

Reacting to a need for more “Job Role” informed training and certification for Security Professionals, Cisco announced earlier this week that it is end-of-life-ing the venerable CCSP, replacing it with the “Cisco Certified Network Professional for Security” Certification.  For those of us that have been in this business a while, it is reminiscent of Microsoft’s move from the MCSE to the MCITP.  Last I checked, It did not help Microsoft’s certification business.  The Cisco change, however, leverages the popular “CCNP” brand and actually decreases the requirements for the certification candidates, both which bode well for its longevity.  CCVP as well is moving to the CCNP Voice, and a CCNP Wireless already exists.

The titles of the exams in most cases look new, but the associated courses are simply revisions of existing courses:
CCSP Titles————-> CCNP Security Titles
SNRS———————-> SECURE v 1.0 (Securing Networks with Cisco Routers and Switches)
IPS 6.0——————–> IPS 7.0 (Implementing Cisco Intrusion Prevention Systems)
SNAF———————-> FIREWALL v 1.0 (Deploying Cisco ASA Firewall Features)
SNAA———————-> VPN v1.0 (Deploying Cisco ASA VPN Solutions)

So while the Course/Exam acronyms have changed, the underlying objectives and technologies are largely the same.  The major differences in the new courses is that they reflect more adherence to the actual job tasks performed, rather than a pure technology focus.  It might sound like a subtle difference, but it points to a migration happening at Cisco for all of its courses, basing its development work more so on Job Task and Job Role analyses.
This is a good thing for employers and particularly for one major employer:  the Department of Defense.  The DoD has place the strengthening of its “Information Assurance Workforce” at the top of its priority list.  Most of you already know about the DoD 8570 mandate.  This shift in Cisco Certification methodology answers the need for more “Performance-Based” training and certification.
And for you cert hounds, there is one big advantage of the CCNP Security over the CCSP:  one less exam.  If you have already started working toward your CCSP, don’t worry, there is a migration path for you.  Check out our CCNP Security Certification page for more info.

Also, being on the inside track has its perks:  We have already productized and released an all-inclusive CCNP Security Boot Camp.

If any of this leaves some confusion, please let me know,

Barry Kaufman, Fast Lane

No Comments

This entry was posted on October 22nd, 2010 by and is filed under Category: Cisco in the Fast Lane, General, Infosec in the Fast Lane.
You can follow any responses to this entry though the RSS 2.0 feed.

avatar

Top 10 concerns facing Cloud Cyber Security Warriors

Wednesday, June 16th, 2010

Let’s face it: the information that the critical infrastructure and corporations need to secure will continue to move into private and/or public cloud infrastructures.  It’s an unstoppable trend, squeezing efficiencies out of technology and creating the new normal for performance, agility, accessibility and cost containment.

But it is hard to find someone who feels that cloud-based and virtualized infrastructures inherently improve Security.  In theory, it COULD improve operations, and thus security, by improving on operational efficiencies, providing sophisticated fault tolerance, reducing the mean time to rebuild (rather than repair).  But, regardless of the cloud model—software as a service (SaaS), infrastructure as a service (IaaS) or platform as a service (PaaS)—the very nature of the cloud approach introduces a wide range of vulnerabilities, some we know about and some that time will reveal. Read the rest of this entry »

6 Comments

This entry was posted on June 16th, 2010 by and is filed under Category: General, Infosec in the Fast Lane.
You can follow any responses to this entry though the RSS 2.0 feed.

avatar

3 in Demand Skills required for the DoD 8570 Cyber Security / IA Workforce

Friday, June 4th, 2010

For most professionals in InfoSec / IA community around the defense industry, the DoD Directive 8570 has largely been an exercise in knowledge acquisition—Certifications like the CompTIA Security+, the (ISC)2 CISSP and the ISACA CISM require candidates to absorb “vendor-neutral” security concepts rather than skills on how to harden, attack or defend specific systems or infrastructures.   Concerns are perhaps justified that, to some degree, the 8570 has been a boon to the Certifying Bodies and the IT/InfoSec training industry, but have not fully addressed the true intention of the DoD8570 Directive—namely, to creating a better IA workforce in the DoD and to improve our most critical infrastructure’s security posture.  It is also observed that some in the defense community view the 8570 as largely a “box-checking” activity to meet compliance. Read the rest of this entry »

4 Comments

This entry was posted on June 4th, 2010 by and is filed under Category: General, Infosec in the Fast Lane.
You can follow any responses to this entry though the RSS 2.0 feed.

« Older Entries