My Ten Years at F5

So far...

I try not to brag that much (yea right) since a long time ago a good friend would always quip, 'Everyone loves a bragger!' Noting that boasters are usually more talk than anything and it is important to stay humble. Well, I'm humbled (and bragging) that I've reached an important milestone with F5. Ten years on the job. Yup, a decade with F5. Around 20% of my life has been with F5 and I still enjoy it all. Seriously.

I joined in 2004 - 'duh' if you can count years - as part of what was our original Security Business Unit. F5 had recently acquired uRoam in 2003, SSLVPN technology which eventually became our FirePass and Access Policy Manager solutions along with Magnifire WebSystems in 2004 which bore our TrafficShield and Application Security Manager web application firewalls. Our task, at the time, was to help our customers understand and deploy remote access systems and secure their applications. The early stages of F5 moving into the security market. Look at us now.

It was fun being one of the first three Security Systems Architects at F5. My good pals Ken Salchow (now running Certification) and Charlie Cano (Sr. BD Solution Architect) rounded out the 3 headed monster. We would visit with customers sharing insight on current security threats - which at the time were things like SQL injections, forceful browsing, parameter tampering and many of the same threats still dogging companies today. We spoke about the benefits of SSL VPN over IPSec. Remember those arguments? We also ran around the country installing F5 security controllers and troubleshooting them when things went astray. It was a busy but exciting time and I learned a bunch during those first couple years. But we grow.

That same 2004, F5 released BIG-IP v9 with TMOS, iRules, and a full proxy architecture. Terminate the network connection at the BIG-IP, decrypt/inspect/manipulate/secure/manage traffic and establish a new connection to the server. This gives organizations the ability to modify TCP traffic in either direction. A few years later, 2009, we released v10. By then however, I had moved on to Marketing.

In 2006, I jumped at an opportunity to join the fledgling Technical Marketing team, led by Ken Salchow. The same Ken as above. We were the technical writers, speakers and resources for the marketing organization. We did whitepapers, articles, blogging along with speaking at conferences and briefing analysts. We were unique, in that, instead of just focusing on F5 solutions, we were focused on a technology area. Virtualization, Security, Core, Service Provider, you get the idea. So we needed to understand the technologies and trends first to determine how our solutions solved or didn't solve certain industry challenges. Great team and enjoyable work. I've been fortunate.

Also in 2006, my daughter was born and 10 months later we were in the hospital for two weeks due to a rare genetic condition. She's doing OK today but back then, we had no idea what was happening or if she was going to even make it. I still remember getting a call from the EVP of my department telling me to take care of my family first and not to worry about work. Take whatever time you need. I was blown away. Granted, F5 was a much smaller company then and we all pretty much knew each other but I was so touched that the company cared more for my family's well being than me getting my work done. Now many F5ers are more than just F5 family, they are 'Ohana.

In 2009, I started to produce F5 videos - ALOHA! Initially, videos were not a huge part of how we told our story or shared insight but felt it would become an  important communication tool for business. I created the In 5 Minutes or Less series to show how easy it was to deploy certain functionality within a BIG-IP, especially the new v9 stuff. I also started to cover our trade shows, doing video interviews to showcase F5 technology, the integration with partners, and the important trends in the industry. This is what I love most.

You see, I studied theatre in college and dreamed of being an actor, director or producer. Something in the entertainment industry. My dad worked 30 years for IBM so I grew up with computers in the house. In every theatre I worked in, I also (in part) was the ad-hoc systems administrator. I remember playing with AppleTalk in the early 90's and admin'ing laptops with NT 3.51/4 around the same time. I was also fortunate to think back then that the internet just might become our entertainment medium of the future. I quit the theatre and started to work in technology. Fast forward to today and I feel extremely lucky to be able to combine what I know and what I love to create technology related videos. Here at F5.

And most recently, while still carrying the TMM banner, I'm part of the awesome Marketing Architectures Team at F5. We design and develop the Reference Architectures that organizations can deploy today to solve a bunch of industry challenges. Areas like security, mobility, availability, performance and access & identity all have specific reference architectures covering things like DDoS, DNS, Application Services and Cloud to name a few. Still thrilled.

Ten years is a long time at any company these days and I've been blessed this last decade being able to do my thing with such a great organization. Thanks to everyone who has helped along the way!

I am grateful.

ps

 

Technorati Tags: f5,decade,history,silva,irules,annaversary,milestone,grateful

 

Connect with Peter:	Connect with F5:

CloudExpo 2014: Future of the Cloud

Lori MacVittie, Sr. Product Manager Emerging Technologies, discusses the future of the cloud and where do we go from here. She talks about some of barriers, tools and solutions to take cloud adoption to the next level along with how DevOps and Cloud play together.

 

ps

 

Technorati Tags: f5,cloud,data_center,macvittie,silva,devops,hybrid,video

Connect with Peter:	Connect with F5:

A Living Architecture

You often hear people say, 'oh, this is a living document,' to indicate that the information is continually updated or edited to reflect changes that may occur during the life of the document. Your infrastructure is also living and dynamic. You make changes, updates or upgrades to address the ever changing requirements of your employees, web visitors, customers, partners, networks, applications and anything else tied to your systems.

This is also true for F5's Reference Architectures. They too are living architectures.

F5's Reference Architectures are the proof-points or customer scenarios that drive Synthesis to your data center and beyond.

When we initially built out these RA's, we knew that they'd be continuously updated to not only reflect new BIG-IP functionality but also show new solutions to the changing challenges IT faces daily. We've recently updated the Intelligent DNS Scale Reference Architecture to include more security (DNSSEC) and to address the highly hybrid nature of enterprise infrastructures with Distributed DNS.

F5’s end-to-end Intelligent DNS Scale reference architecture enables organizations to build a strong DNS foundation that maximizes the use of resources and increases service management, while remaining agile enough to support both existing and future network architectures, devices, and applications. It also provides a more intelligent way to respond and scale to DNS queries and takes into account a variety of network conditions and situations to distribute user application requests and application services based on business policies, data center conditions, network conditions, and application performance. It ensures that your customers—and your employees—can access your critical web, application, and database services whenever they need them.

In this latest DNS RA rev, DNSSEC can protect your DNS infrastructure, including cloud deployments, from cache poisoning attacks and domain hijacks. With DNSSEC support, you can digitally sign and encrypt your DNS query responses. This enables the resolver to determine the authenticity of the response, preventing DNS hijacking and cache poisoning.

Also included is Distributed DNS. Meaning, all the DNS solution goodness also applies to cloud deployments or infrastructures where DNS is distributed.  Organizations can replicate their high performance DNS infrastructure in almost any environment. Organizations may have Cloud DNS for disaster recovery/business continuity or even a Cloud DNS service with signed DNSSEC zones. F5 DNS Services enhanced AXFR support offers zone transfers from BIG-IP to any DNS service allowing organizations to replicate DNS in physical, virtual, and cloud environments. The DNS replication service can be sent to other BIG-IPs or other general DNS servers in Data Centers/Clouds that are closest to the users.

In addition, Organizations can send users to a site that will give them the best experience. F5 DNS Services uses a range of load balancing methods and intelligent monitoring for each specific app and user. Traffic is routed according to your business policies and current network and user conditions. F5 DNS Services includes an accurate, granular geolocation database, giving you control of traffic distribution based on user location.

DNS helps make the internet work and we often do not think of it until we cannot connect to some resource. With the Internet of Nouns (or Things if you like) hot on our heels, I think Port 53 will continue to be a critically important piece of the internet puzzle.

ps

Related:

• Intelligent DNS Scale Resources
• F5 Synthesis
• DNS Reimagined keeps your Business Online
• DNS Does the Job
• The DNS of Things
• DNS Doldrums
• The Internet of Things and DNS

 

Technorati Tags: f5,big-ip,dns,reference architecture,dnssec,iot,things,name_resolution,silva,security,cloud,synthesis

 

Connect with Peter:	Connect with F5:

Welcome to the The Phygital World

Standards for 'Things'

That thing, next to the other thing, talking to this thing needs something to make it interoperate properly. That's the goal of the Industrial Internet Consortium (IIC) which hopes to establish common ways that machines share information and move data.

IBM, Cisco, GE and AT&T have all teamed up to form the Industrial Internet Consortium (IIC), an open membership group that’s been established with the task of breaking down technology silo barriers to drive better big data access and improved integration of the physical and digital worlds. The Phygital World. The IIC will work to develop a ‘common blueprint' that machines and devices from all manufacturers can use to share and move data. These standards won’t just be limited to internet protocols, but will also include metrics like storage capacity in IT systems, various power levels, and data traffic control.

Sensors are getting standards. Soon.

As more of these chips are getting installed on street lights, thermostats, engines, soda machines and even into our own body the IIC will focus on testing IoT applications, produce best practices and standards, influence global IoT standards for Internet and industrial systems and create a forum for sharing ideas. Explore new worlds so to speak. I think it's nuts that we're in an age where we are trying to figure out how the blood sensor talks to the fridge sensor which notices there is no more applesauce and auto-orders from the local grocery to have it delivered that afternoon. Almost there.

Initially, the new group will focus on the 'industrial Internet' applications in manufacturing, oil and gas exploration, healthcare and transportation. In those industries, vendors often don't make it easy for hardware and software solutions to work together. The IIC is saying, 'we all have to play with each other.' That will become critically important when your imbedded sleep monitor/dream recorder notices your blood sugar levels rising indicating that you're about to wake up, which kicks off a series of workflows that start the coffee machine, heat & distribute the hot water and display the day's news and weather on the refrigerator's LCD screen. Any minute now.

It will probably be a little while (years) before these standards can be created and approved, but when they are they’ll help developers of hardware and software to create solutions that are compatible with the Internet of Things. The end result will be the full integration of sensors, networks, computers, cloud systems, large enterprises, vehicles, businesses and hundreds of other entities that are 'connected.'

With London cars getting stolen using electronic gadgets and connected devices as common as electricity by 2025, securing the Internet of Things should be one of the top priorities facing the consortium.

ps

Related:

• Consortium Wants Standards for ‘Internet of Things’
• AT&T, Cisco, GE, IBM and Intel form Industrial Internet Consortium for IoT standards
• IBM, Cisco, GE & AT&T form Industrial Internet Consortium
• The “Industrial” Internet of Things and the Industrial Internet Consortium
• The Internet of Things Will Thrive by 2025
• Securing the Internet of Things: is the web already breaking up?
• Connected Devices as Common as Electricity by 2025
• The ABCs of the Internet of Things
• Some Predictions About the Internet of Things and Wearable Tech From Pew Research
• Car-Hacking Goes Viral In London

Technorati Tags: iot,things,internet of things,standards,security,sensors,nouns,silva,f5

Connect with Peter:	Connect with F5:

Moving Target

I moved recently. Not too far away nor to a different state, just the other side of town. It is simultaneously exhilarating and exhausting. Most people in the U.S. moving during the summer. Kids are out of school, the weather is mostly nice, friends might be available to help and you are settled in for the holidays. And while you are worrying about packing, movers, mail and all the other check lists, your identity is ripe for the picking.

The increased risk of identity theft during a move is because personally identifiable information is being shuffled around from one home to the next. At the same time, buyers and renters are preoccupied with the move and can forget to protect their sensitive documents. You may lock up or personally carry your jewelry, checkbook and other 'valuables' but your personal information might be unprotected and targeted during a move.

If you are moving this summer like I just did, there are a few things you can do to minimize the risk. While most moving sites have 'Change of Address' as their top protection mechanisms (which we'll get to), I feel that shredding old bills, receipts and financial info is critical. First, you might not want to drag all that old paperwork with you, especially if you are paying by the pound but more importantly, shredding important documents can prevent thieves from finding any information in your trash. Old-skool dumpster diving is still a viable method to steal personal information. You also might not want the movers themselves to have access to those documents, particularly if you are having them help pack. I was fortunate to find reputable movers but mover fraud is becoming more commonplace in the U.S.

Mail call! What? Oh yea, Change of Address. Seems like a no brainer, filling out a postal change of address but it is also important. Make the change with all the companies, financial institutions, magazines, and other organizations that regularly send you mail. Identity theft is often carried out by stealing mail. The folks who move into your old house might not steal your identity, but they will most likely throw away mail that isn’t theirs, and they won’t necessarily take the care to shred it as you would. If your mail continues to be delivered to your old address, it might be left on the doorstep or in an unlocked mailbox, making it very easy for anyone to walk away with it.

Lock down your electronics. Many households have multiple computers now including tablets, mobile phones and other 'things' storing sensitive information. These are a treasure trove. You can carry/pack yourselves and make sure they are always in your possession or password protect and place in a slightly unmarked box. Maybe label it as 'dog food' and the crook, movers or otherwise, just might pass it over. If you plan on donating or recycling your old computer(s), make sure you totally erase the hard drive since criminals can easily retrieve those files and sue them for no good. Slightly related to this, I recently bought a refurbished Blu-ray player with various streaming services. I wanted to replace the one we broke with the exact same one but they stopped making that model. When it arrived, I went in to configure our Netflix account. So I clicked the Netflix icon and it loaded fine. Wait a minute, that's not my Instant Que. Whoever had the unit prior to me, still had their Netflix saved and I could see all their viewing habits. Old episodes of Leave it to Beaver and Attack of the 50 Foot Cheerleader.

And keep an eye out for yourself before, during and after. Check credit monitoring if you have it; your credit report a few months later for anything suspicious; that all your mail is arriving intact; that all your household items are accounted for; and we often leave cars, garages, and other entrances wide open when moving so keep an eye there, if the location warrants.

Physical items can be used to create digital identities and while we may read about ID theft topics when computer breaches are reported, the physical realm is still ripe with fraudsters. Everything is game nowadays but you can take physical and digital action to stay safe when you are finally home sweet home.

ps

Resources:

• Prevent ID Theft while moving
• Identity Theft Risk Factor: Moving to a New Home
• Moving and Identity Theft - How to Protect Yourself
• Ten Tips to Avoid Identity Theft When You Move
• Minimizing the Risk of Identity Theft When You’re Moving

 

Technorati Tags: identity theft,id theft,moving,home,household,iot,mail,security,pii,silva,f5

 

Connect with Peter:	Connect with F5:

Uncle DDoS'd, Talking TVs and a Hug

Information security is one of those areas where a lot is always happening. From breaches to vulnerabilities to scams to anything else that's designed to store, protect or even attack and pilfer our sensitive information, information security encompasses a lot of things. A Three Ring Circus, Three Little Pigs, The Three Stooges and when three different stories grab my attention, well I just gotta share.

SCMagazine.com had an interesting story yesterday talking about how two servers designed to prevent DDoS attacks were, themselves, used in a DDoS attack. Incapsula reported that it had to fend off a sizable DDoS attack that was launched using high-capacity servers hijacked from a DDoS protection services provider. The attack itself was against an online gaming site and the attackers actually hijacked and commandeered two high capacity servers from a DDoS protection service provider to spearhead the attack. The service provider was so focused on incoming traffic, they had to be notified to take a look at the massive outgoing traffic being sent. While the DDoS protection market has grown with many outsourcing solutions, it is still a shared service. Remember the old tiered-hosting-separated-by-a-partition days? Even if you are not the target, you still might be caught up in it if your neighbor is.

Next up is security experts at NCC Group said SmartTVs with built-in microphones and storage can be turned into bugging devices by malware and used to record conversations. Not to mention remotely turning on the TV camera at will. They did need physical access to the TV to install the malware but as more TV apps get developed, it is conceivable that a malicious app could be downloaded to the TV for the same purpose. They demonstrated how they could capture 30 seconds of buffered mic audio but could have also manipulated more to use internal storage and send the audio files to an awaiting server. NCC engineers wanted to highlight the security shortcomings on the home front of the Internet of Things. Start to get used to no privacy in the privacy of your home.

And last but certainly not least, Thieves steal ID and credit card data with a hug. OK, I'm Hawaiian and we are a bunch of huggers so this is interesting. Apparently a Georgia woman was approached at a gas station by another woman begging for some money so she could put gas in her car. The kind, generous woman gave the crooked lady $20. With a full Oscar nominated performance, the crooked lady wept with joy and wanted to thank the generous one with a hug. Embrace ensued. So touched by the gesture, the man with the crooked lady got out of the car and also wanted to physically thank the Samaritan. The next morning she realized why they wanted to hug her when she discovered that $3000 was gone from her bank account. $2400 from a grocery store and another $200 plus from ATMs. The thieves got close so they could scan her for RFID enabled cards. She had her credit cards in her front pocket and was scanned during the not so loving embrace. Well that sucks. The cool thing is that the woman is not jaded and will continue to help others. Nice.

And to those I know: If we typically hug when we see each other, I promise won't be scanning your pockets.

ps

Related

• Hijacked anti-DDoS servers used to carry out massive DDoS attack
• F5 DDoS Protection
• Hey, does your Smart TV have a mic? Enjoy your surveillance, bro
• Your TV might be watching you
• The ABCs of the Internet of Things
• Thieves steal ID, credit card data with a hug
• Georgia Good Samaritan scammed by couple she helped

 

Technorati Tags: ddos,f5,security,identity theft,iot,smartTV,rfid,silva,privacy

 

Connect with Peter:	Connect with F5:

The Reach of a Breach

It comes as no surprise that the CEO of Target has resigned in the wake of their massive data breach. The 2nd executive, if I remember correctly, to resign due to the mishap. Data breaches are costly according to the most recent Ponemon 2014 Cost of Data Breach Study: United States and the main reason for the steep increase in costs is 'the loss of customers following the data breach due to additional expenses required to preserve the organization's brand and reputation.' The cost of each lost or stolen record, on average, increased from $188 to $201 per record from 2012 to 2013 - a 9% increase.

But that's not all, In 2013, there appeared to be 'an abnormal churn rate' of 15% of customers abandoning companies, especially those in financial services, hit by a breach says Ponemon. I'm always curious about that. I usually avoid stores that have been recently compromised wondering if something is lingering yet think, they gotta be on high alert, especially with law enforcement involved. Maybe it's as safe as it ever will be.

A recent Courion survey of IT security executives showed that 78% of respondents say they're anxious about the possibility of a data breach at their organization. If there were a massive security breach at these companies, 58.8% said 'protecting the privacy of our customers' would be top priority and 62.7% would lament about 'negative publicity affecting the company brand' due to the breach. Maybe that's the problem. They're more worried about their image than they are of protecting our info. It's the 58.8% you want to shop at.

Reaching for more, Symantec’s Internet Security Threat Report (ISTR), Volume 19, shows a big change in cybercriminal habits, revealing the bad guys are plotting for months before pulling off the huge heists – instead of popping quick hits with smaller bounty. One big is worth fifty small. In 2013, there was a 62% uptick in the number of data breaches exposing more than 552 million identities. That's about 10% of the planet's population, give-or-take.

And finally, there have been a few companies that have gone out of business due to a leakage but a few months ago a data breach also closed some Seattle area Catholic schools. According to the Seattle Archdiocese, at least three Roman Catholic parishes and the Archdiocese’s chancery offices had been targeted by a tax-fraud scheme. In order to allow those who were victims time to contact the appropriate institutions during school hours, they cancelled classes. How's that for reach.

ps

Related:

• 2014 Cost of Data Breach Study (pdf)
• A Decade of Breaches
• Breaches expose 552 million identities in 2013
• Data Breaches 9% More Costly in 2013 Than Year Before
• Why the Target Data Breach May Have Been a Great Thing, According to Wells Fargo & Co and Bank of America Corp
• Data Breaches: Worse for Your Image than a Dead Body in the Parking Lot
• 78 Percent of IT Security Execs Worry About Data Breaches
• Data breach to close some area Catholic schools Friday

 

Technorati Tags: breach,target,data_loss,ponemon,security,identity theft,f5,silva

 

Connect with Peter:	Connect with F5: