Gigamon Deep Observability Pipeline

Supercharge your observability tools with actionable network-level intelligence to realize the transformational promise of the cloud.

LEARN MORE

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

TRAFFIC INTELLIGENCE

From the Core to the Cloud, See it All

Simplify, secure and scale your hybrid cloud infrastructure to accelerate digital innovation.

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

INDUSTRY

A Thriving Partner Ecosystem

Gigamon reseller and integration partners design, implement and optimize best-of-breed and validated joint solutions.

FIND A PARTNER

NOT A PARTNER?

ALREADY A PARTNER?

Proven Support and Services

Our global support team is committed to creating experiences of unmatched quality, scalability and efficiency.

OVERVIEW

GET SUPPORT

VÜE COMMUNITY

voice of the customer

Gigamon serves the world's more demanding enterprises and public sector agencies, enabling them to harness actionable network-level intelligence to amplify the power of their cloud, security and observability tools.

CUSTOMERS

cegedim

Cegedim.cloud

Improves cloud infrastructure and visibility

 

Five9

Five9

Delivers Cloud-Powered Contact Center Excellence

DoD

Department of Defense

Confidently feeds different tool sets in the physical and virtual world.

 

Resource Library

Your one-stop hub to explore content resources and stay current on the latest in how to amplify the power of your cloud, security and observability tools.

RESOURCES

def-guide

Achieve Hybrid Cloud Observability

Strengthen visibility and security.

deep observability

Observability is Key to Transformation

Unleash cloud potential with deep observability.

ebook

Deep Observability eBook

Take your security and observability tools to a whole new level.

WHY GIGAMON

Gigamon offers an advanced deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of your cloud, security and observability tools.

LEARN MORE

IN THE NEWS

COMPANY INFORMATION

Deep Observability

Unseen Threats Can Lurk in Your Midst

Deep observability exposes previously unseen threats.

GPTW

Join the Team

Become a part of the OneGigamon team. Search for your next opportunity.

SHARE
Security / October 14, 2019

Confessions of a (Mostly) Reformed Dave

Jessica Harrington Jessica Harrington  

Editor’s note: Too often your weakest security link is a human, who we like to call Dave. He’s doesn’t mean to be a threat, he’s just a person going about his day. For National Cybersecurity Awareness month get tips for promoting good security practices with your own employees like him.

“There are two reasons we call people to a meeting like this: theft or security breach. Which one did you do?”

The question came from a person dressed in all black glaring down at me from a large video conference screen. He and his two colleagues waited for an answer. I looked around the enormous conference room for the person being addressed. Still just me.

Years later, this experience still brings about strong emotions for me. So, in honor of National Cybersecurity Awareness Month, and as a Dave myself, I want to share my thoughts on how security professionals can help employees understand the consequences of seemingly simple mistakes.

I stammered a reply. “I’m sorry, I think I’m in the wrong meeting.” Minutes earlier I had been taken off guard when a vaguely titled meeting popped up in my calendar, and now I felt unsettled by the way these guys were looking at me.

“No, you’re in the right meeting, and I’ll give you a hint: It’s a security breach. Now tell us what you did,” he said.

“What? No, I’m Jessica Harrington. This meeting just popped up on my calendar. I think there’s been a mistake,” I replied.

“No, you committed a company security offense and you need to tell us about it.”

“I don’t know what you are talking about. Can you just tell me what you think I did?”

“We ask the questions. Now think really hard about what you have done to breach security policy.”

We went several rounds of me being utterly confused and the interrogators determined to break me. And break me they did. After watching me ugly cry for several minutes and listening to me repeatedly say, “Just (sob) tell (sob) me (sob) what (sob) I (sob) did,” it clicked that I was not trying to be stealthy — I was, in fact, utterly clueless.

Turns out I had forwarded a work email to my personal email address. Yeah, I did that and didn’t think anything of it. Until, that is, I sat under the emotionless stares of these three.

All of the training I had received at the start of my employment came flooding back, and this was definitely on the list of no-nos. They made me log in and watched me delete the email from my personal email account and then from my trash. It was an email singing my praises, so I made a mental note to go back later to copy and paste the content.

Here is the part that I didn’t understand back then: When a security breach like this happens, it doesn’t necessarily end with me. I am not the endgame, I am merely a conduit to get to the real goods. This is the part I think non-security professionals, like myself, need help understanding.

So, on behalf of all Daves everywhere, I have a confession to make: We don’t really pay attention during those security presentations. Sometimes we don’t even understand the words you are using, but we pretend we do so we can get out of there as quickly as possible. Given that fact of life, here are a few ideas to help make us better corporate citizens when it comes to cybersecurity:

  • Make it us vs. them. Security training has an employee vs. security department vibe. Let’s change that to a company-wide effort to protect ourselves — an insiders vs. outsiders vibe.
  • Tell us why. When I look at security training materials, I see lots of don’t do this and don’t do that. No real explanation of why, other than bad things will happen. That doesn’t strike a chord with non-security employees who are just trying to finish their training to move on to the next module.
  • Change the dialog. Communicating that bad actors are using employees, like me, like Dave, to get to what they want will positively influence employee behavior and diligence. No one likes to think they are being used; it feels awful.  

I’ve been scared straight since the email incident, but who knows what other security violations I have unintentionally committed. We, your users, want to learn. We will pay attention if we feel like we, users of a security policy and those who create that policy, are in this together. Speak to us in a language we understand, so the only translation we have to make is from the awful grammar in phishing emails asking us to wire money to a prince somewhere.

Get more perspectives for encouraging employees like Dave to practice better security hygiene.

Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.

  • © Gigamon 2024
Back to top