Security Knowledge Empowerment (SKE) program develops key security knowledge of information technology architects, enabling them to become "security sensors."
Michele D. Guel, Distinguished IT Engineer and Senior Security Architect at Cisco, receives a National Cybersecurity Innovation Award with White House Cyber Coordinator, Howard Schmidt at the National Cybersecurity Innovation Conference in Washington DC.
WASHINGTON DC, November 3, 2011
The SANS Institute announced today that Cisco has won the 2011 U.S. National Cybersecurity Innovation Award for developing and sharing with the IT community, a scalable solution to the challenge of baking security into internal systems and into products offered to clients.
Securely designed and engineered applications provide a far more defensible base of operations than applications that have security bolted on at the end. Efforts to bake security in from the beginning have been hindered by the shortage of skilled security architects and engineers. Failing to find the necessary talent, most organizations are forced to deploy systems built with insufficient attention to security architecture.
Cisco discovered and developed an innovative solution to this problem, dividing the job of "baking security in" into two parts. One part is performed by IT architects who have been allowed to attend the Security Knowledge Empowerment (SKE) class taught by Cisco's top security architects. The IT architects bring their security training to nearly every design meeting and they are primed to recognize what goes wrong when certain design decisions are made and when data flows in specific ways. They know the six "gates" through which each application must pass, the questions that should be asked at every gate, and what the answers should look like. They are not security engineers but they are security "sensors" who can spot trouble and call in appropriate security engineers to solve problems. These human sensors often become converts and powerful advocates for security when they realize they can make a difference.
The SKE (Security Knowledge Empowerment) program is being deployed to IT architects and engineers throughout Cisco and is expanding to Cisco program and service managers. Cisco's senior security architects are actively sharing the program with other organizations, many of whom are adapting the program.
Cisco wins the 2011 National Cybersecurity Innovation Award for developing world-class Cybersecurity talent by training IT architects to be security architecture sensors, enabling security to be baked into software applications.
The National Cybersecurity Innovation Awards recognize developments undertaken by companies and government agencies that have developed and deployed innovative processes or technologies that (1) is innovative in that it has not been deployed effectively before, (2) can show a significant impact on reducing cyber risk, (3) can be scaled quickly to serve large numbers of people, and (4) should be adopted quickly by many other organizations. Nominators for the include most of the senior government officials involved with cybersecurity as well as those from the major Cybersecurity Information Sharing and Analysis Centers (ISACs). Corporations and individuals, including SANS instructors also nominated innovations. Each nomination was tested by SANS research department against the criteria; those that met *all* four were recognized. More than 50 nominations were received; 14 were selected.
Alan Paller, email@example.com, (301) 951-0102 x108
Established in 1989 as a cooperative research and education organization, SANS' programs reach more than 400,000 security professionals, auditors, system administrators, and network administrators who share the lessons they are learning and jointly find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community. (www.sans.org)