Case Studies

Mar 19, 2024

Cisco’s offensive security transformation: Building advanced cybersecurity capabilities with OffSec

Breadth and depth of cybersecurity training give peace of mind to Cisco

5 min read

Challenges:

  • No clear learning path and objectives for learning offensive security
  • Need for learning to provide the necessary depth and breadth of skills
  • Their team needs to be taught the methodology of offensive security

Solutions:

  • OffSec’s learning programs that possess the depth and breadth of content necessary
  • Robust LMS to streamline the delivery, tracking, and management of training
  • Demonstrate skill level with a certification

Benefits:

  • Increased number of discovered zero-day vulnerabilities
  • Enhancement in skill development
  • Clearly defined career development framework
  • Improved employee retention rates
  • Simplified talent recruitment

Challenges

Cisco, a global leader in IT and networking, was enhancing its team’s capabilities in offensive security. Speaking with Sam Cosentino, Global Leader for Cloud Offensive Security at Cisco, a couple of challenges were discovered.

The initial obstacle was the lack of a clear learning program and well-defined objectives for offensive security training. The absence of a structured educational framework meant that learning was sporadic and unfocused, leading to gaps in knowledge and skills that were essential.

“I really wanted the team to learn skill sets that are required to keep our application secure in the cloud. We needed something that could provide those skills in enough breadth and depth.”
– Sam Cosentino, Global Leader of Cloud Offensive Security, Cisco

Recognizing the urgency of the situation, Sam set out to overhaul its approach to offensive security training. The goal was to develop a learning program that provided both the depth and breadth of skills necessary to combat sophisticated cyber threats. This program needed to go beyond the basics, delving into advanced techniques and strategies that would enable the team to think and act like the very adversaries they were up against.

Another critical aspect of this transformation was teaching the methodology of offensive security. It wasn’t just about learning tools and techniques; it was about cultivating a mindset that could anticipate, outmaneuver, and exploit vulnerabilities in potential attackers’ strategies.

“OffSec doesn’t just teach you how to hack into something. They actually teach you their methodology and then force you to define your own. The methodology teaches skills like critical thinking, and no other cybersecurity training platform does that.”

This journey was not just about acquiring new skills; it was a paradigm shift in how Cisco approached cybersecurity. By addressing these challenges head-on, Cisco not only enhanced its defensive capabilities but also positioned itself as a leader in offensive cybersecurity, ready to tackle the complexities of the digital age with newfound expertise.

Solutions

In their quest to strengthen their cybersecurity capabilities, Cisco Systems Inc. embarked on a strategic initiative to address the challenges in their offensive security training. The solution came in the form of a partnership with OffSec. This collaboration marked a pivotal turn in Cisco’s approach to cybersecurity training.

OffSec’s reputation for comprehensive and in-depth learning programs was a key factor in Cisco’s decision. These programs offered the depth and breadth of content that Cisco needed. OffSec’s curriculum was not just a series of disjointed lessons; it was an educational journey that covered every aspect of offensive security. From fundamental concepts to advanced tactics, OffSec provided a holistic learning experience that was both rigorous and relevant. This comprehensive approach ensured that Cisco’s team would gain a thorough understanding of the various facets of offensive security, equipping them with the knowledge to tackle complex cybersecurity challenges.

“We use OffSec for skill assessments, and career development that considers long-term goals. Having OffSec training has helped with employee retention and recruitment. The regularly updated content makes it useful for all kinds of security professionals.”

A significant component of OffSec’s solution was its robust Learning Management System (LMS). This platform streamlined the delivery, tracking, and management of Cisco’s training initiatives. The LMS provided an intuitive and user-friendly interface, allowing Cisco’s team to easily access training materials, track their progress, and manage their learning journey. This level of organization and accessibility was crucial in maintaining the momentum of the training program, ensuring that learning was consistent, efficient, and effective.

Moreover, OffSec offered a tangible way for Cisco’s team members to demonstrate their skill level through certification. These certifications were not just pieces of paper; they were a testament to the holder’s expertise and proficiency in offensive security. Earning an OffSec certification required not only theoretical knowledge but also practical skills, as the exams were designed to test real-world application. This aspect of the program was particularly appealing to Cisco, as it provided a clear benchmark for skill assessment and a goal for their team members to aspire to.

Benefits

One of the most notable outcomes was the increased number of discovered zero-day vulnerabilities. Armed with the in-depth knowledge and practical skills acquired from OffSec’s comprehensive training programs, Cisco’s cybersecurity team became adept at identifying and mitigating vulnerabilities that had previously gone unnoticed.

In terms of skill development, the impact was profound. OffSec’s rigorous training programs, known for their depth and practical focus, enabled Cisco’s team to develop and refine their skills in real-world scenarios. This hands-on approach ensured that the learning was not just theoretical but directly applicable to the challenges they faced daily. As a result, the team’s overall proficiency in offensive security saw a significant boost, making them more capable and confident in their roles.

The partnership also led to the establishment of a clearly defined career development framework within Cisco. OffSec’s structured learning paths and certification process provided a clear roadmap for professional growth. This clarity in career progression was not only motivating for the existing team members but also made it easier for Cisco to identify and cultivate talent internally.

Another key benefit was improved retention rates. The investment in their team’s development and the clear career progression opportunities led to higher job satisfaction and loyalty among Cisco’s employees. This was a crucial advantage in the competitive field of cybersecurity, where retaining top talent is as important as attracting it.

Lastly, the collaboration simplified Cisco’s recruitment process. The OffSec certifications served as a reliable benchmark of skill and expertise, making it easier for Cisco to assess and select the right candidates. This streamlined recruitment process ensured that Cisco was able to efficiently onboard individuals who were not just qualified but also well-prepared to integrate into their advanced cybersecurity environment.

Conclusion

Cisco is looking forward to additional skill development opportunities with the OffSec Cyber Range and is a strong supporter of the addition of job role-based learning paths for all cybersecurity team members.