IT Security Refresh: More Practical Tips for a Good Foundation (Part 2)
Information technology is constantly changing. To help stay at the forefront of it, I’ve made attending Cisco Live – an annual gathering of engineers and other thought leaders on all things business, technology, and Cisco – a part of my professional development plan since the late 1990’s (back when it was all technology and still called Networkers). This year I participated in the business-focused IT Management track.
My only complaint about Cisco Live (if you can call it a complaint) is that there’s never enough time to do everything I want there!
One important message from this year’s event: Corporate IT professionals can no longer operate in their organizations’ shadows, using indecipherable language to describe projects only they understand. They must learn to communicate the business value of the work they do.
As noted by Pat Bodin, well-known as the founder of Firefly Education and now an “Agent of Change” for Triangility, saving 5% of your IT budget won’t get you noticed in the business. On the other hand, finding a way to leverage IT to achieve the business’ strategic goals, or to improve the core business’ efficiency or cost of production by 5%, could make you not only business relevant, but a hero!
Just being able to explain what your team is doing in ways that non-technical business people understand will go a long way toward earning respect for IT. To draw on Pat’s example, it’s unlikely your CEO wants to hear about the MPLS VPNs your team is provisioning. It’s likely he or she is a lot more interested in what business goal that supports, such as opening the new sales office. Speak in terms your audience will appreciate.
Each year NetCraftsmen brings a large contingent to Cisco Live because we consider it a vital part of our mission to remain among the world’s leading experts in applying technology to business challenges. I’ll have some more observations about this year’s event at the end of this post. First, though, my colleagues share some of their takeaways:
One thing that took me by surprise was the closing keynote presentation by, of all people, actor Kevin Spacey. Spacey talked about the importance of storytelling in connecting businesses with their prospects and customers. “What really separates Starbucks from any other coffee chain?” he asked. “Is it really because they make the best cup of coffee going? Probably not… They do whatever it takes to continue to sell that story they’ve created.” It occurred to me that the many technologies we install and manage help companies tell their stories.
I also learned a lot of practical new things from the breakout sessions, ranging from data center technologies, routing and switching, security, ACI, and wireless. We were informed of advances in configuring wireless for real time applications, which is becoming a need for corporate communications.
The advanced ISE tips and tricks provided great insight into ISE integrations and also provided a lot of how-to’s for real-life ISE deployments. I was glad to learn about the new firepower manager and deployment of NGFW scenarios. In WAN technologies, the session on DMVPN and Carrier Ethernet were great additions.
I actually started a few days early with the DevNet springboard – an educational gathering for the Cisco developer community. I learned that Cisco is investing a lot into development and operations, and this was apparent with the free two-day DevNet springboard, the large amount of floor space dedicated to DevNet, and a Spark Innovation Fund that is giving away $150 million to developers.
It was also nice to learn more about new and improved tools that Cisco has developed, especially in the data center and security fields. The World of Solutions vendor exhibit was also a great resource to check out new vendor offerings. And there were plenty of opportunities to talk to other network engineers and get their input on what tools they use in their environment.
Apart from technical discussion, I really appreciated Cisco’s promotion of its humanitarian endeavors. For example, I volunteered time to help create a total of 200,000 meal kits and 5,000 hygiene kits to be donated to the less fortunate. All I can say in regards to working up a sweat: I’m glad I’m an engineer and don’t work on an assembly line!
Since the announcement of Application Centric Infrastructure (ACI) a few years ago, there has been much hype on this new data center technology. There’s been a flood of information regarding ACI, but for me the most helpful information was a breakout session at Cisco Live entitled “How to Setup an ACI Fabric From Scratch.”
This brief two-hour session covered connectivity, the importance of maintaining consistency with ports across the fabric, naming of the fabric, and the controller. It also included how to add the switches to the controller and some caveats which will save time in the long run if we identify them before we start configuring.
My focus at Cisco Live was on SDN: APIC-EM, ACI, and IWAN. I found the DevNet Springboard to be informative; the in-depth technical presentations and discussions in the DevNet zone helped build my SDN understanding. I’m very interested in the current topology/discovery capabilities of APIC-EM for legacy networks, and the possibilities for modeling networks using the mapped information. I am also intrigued by the possibilities to use the Plug and Play application to support Zero Touch Deployment for routers, switches, and wireless controllers.
One of the key takeaways for me was the focus on automation. APIC-EM can do IWAN/DMVPN configuration if you’re willing to use its defaults. If you want more options, Prime Infrastructure has an IWAN Wizard. Nexus Fabric Manager is an automation tool for Nexus 9K VXLAN+EVPN+VPC deployment. Both appear to want to control “their” portion of the configuration. Simple tools, API for those who wish to program more on top. The ACI fabric build (plus) demo/presentation emphasized how easy it is to get started with ACI – something NetCraftsmen can help you with.
What I learned is that APIs are disrupting the world around us. Cisco is broadly characterizing this as “Digitalization.” The push here is to create seamless experiences using orchestration, APIs, and analytics – the imperative being that consumers want a cohesive experience with interactions with other people/consumers, with business systems, and between business systems.
Additionally, the various ecosystems built around Cisco are collapsing, changing, and evolving at a rapid pace. The cloud, specifically cloud APIs, is enabling more rapid innovation and more flexible adaptation to changing business requirements. The development lifecycle around APIs is changing a bit, too. While there are still some frameworks steeped in obscurity, many APIs are trying to be more approachable. Creating a development environment that is more akin to “application composition” than “pure coding.”
Susie Wee, CTO & VP of DevNet at Cisco, taught us that the definition of a developer is changing. That the term “developer” is not just for application/web/UI developers anymore, but is now broadening out to include application power users in the IT and OT communities.
This is interesting because it speaks to the skills that we need to be encouraging in our best engineers. They don’t have to become great programmers, but to deliver the results businesses need, they’ll have to leverage automation, which will mean some combination of scripting and becoming power users of various tools. It’s not all about the CLI anymore. Speed is important in business, and developer skills are a key to automating changes and enforcing business policies within the network quickly enough to gain a competitive advantage. You can leverage Cisco’s DevNet for friendly tutorials that are well-suited to getting your engineers started in this space.
Lance Perry of Cisco led a great closing session on “Inspiring Leadership: Tapping into the Power of Culture.” He exhorted us to uphold high standards, saying “Leaders don’t give the message, they are the message.” Conveying the right messages starts with being clear about your own core values, committing to do “the right thing” even in hard circumstances, and continuously re-inventing yourself in ways consistent with your core values as circumstances change. Lance’s suggested life plan for us was something along the lines of:
He emphasized that leaders need to prepare people to grow beyond and eventually move out of their current jobs; that you need to be loyal to your team if you want them to be loyal to you; and that you should strive to understand where they are and what they need out of life. Good leadership is a force multiplier, and it makes life better for all of us.
Feel free to get in touch for a conversation about how any of what we learned at Cisco Live can be put to use in your organization.
IT Security Refresh: More Practical Tips for a Good Foundation (Part 2)
New Nexus 9K Items
Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.
Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.
John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services. Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.
He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.