As the SOC Manager with Cisco Active Threat Analytics (ATA), Gawel is responsible for building, growing and operating Cisco Managed Security Services SOC in Krakow, Poland and Tokyo, Japan.
Before that, Gawel spent half a decade in various Architect and Consulting Security roles at Cisco. He holds numerous industry certificates, including CCIE #24987, CISSP-ISSAP, CISA, C|EH and SFCE. Gawel is a frequent speaker at IT events, such as Cisco Live! Europe/Australia, PLNOG, EuroNOG, Security B-Sides, CONFidence, Cisco Connect, Cisco Expo and Cisco Forum.
Before Gawel has joined Cisco, he was a UNIX System Administrator and a Systems Engineer with one of the leading system integrators in Poland. He was also a Cisco Networking Academy Instructor. Gawel graduated from Warsaw University of Technology with degree in Telecommunications.
9. Computer Security Incident
Response Team (CSIRT)
Threat Assessment, Incident Detection
and Response, and Incident Trending
and Analysis
Product Security Incident
Response Team (PSIRT)
Global Team Managing the Investigation and
Reporting of Vulnerability Information for
Cisco Products
Experts with Deep Security Knowledge
Deliver Threat Mitigation Procedures for
Cisco Products
Security Research and
Operations
Security Operations
Centers
Cisco Remote Managed Support and
Managed Threat Defense
III. Making use of Security Intelligence
Security Community Data
Actively work with and contribute
discovered threat intelligence
Partner Data
Exchange intelligence through private
partnerships
Vulnerability Research Team
(VRT)
Elite cyber security experts
dedicated to identifying new trends,
malware and vulnerabilities
Research and collection of
vulnerabilities on endpoints, mobile
devices, virtual systems, web and
email
Sourcefire Vulnerability Research
23. • Top events fired per event source
• Top malicious domain
• Total infected hosts
• Top malware type/family
• Highest areas of infection (lab, DC,
DMZ, etc.)
• Infections by theatre
Present Even More Reasons for Your Existence!
• Infection by role/org (sales,
engineering, marketing, etc.)
• Event rates and collection stats (total
volume of alarms, then
• Alarms by source, index/filesize
avg/day)
• Unique user counts avg/day
• Total attacks blocked
• Top infections by event source (event
source detection ranking)
25. Cisco Public 28
„ If you think technology can solve your
security problems, then you don't
understand the problems and you don't
understand the technology. ”
Bruce Schneier
Security Guru