Welcome to the Cisco Security Spotlight, a series that takes you behind the curtain to meet some of our talented cloud security researchers. Whether you’re new to security, a seasoned pro, or stumbled upon this blog by accident, we hope you’ll enjoy learning about at the people behind our products. Today, we’re talking to Brad Antoniewicz, Research Manager at Cisco, frequent speaker, blogger, published author, former adjunct professor, and fierce advocate for women in tech.

Cisco Security Research Manager Brad Antoniewicz

Hi Brad! Tell us: What you do at Cisco?

Hi, nice to meet you! My name is Brad and I lead the Research Analyst, CyberLab, and CASI teams within Cisco’s Cloud Security Research group. Together, we identify brand-new threats that impact our customers and build an index of known-good and known-bad entities on the internet. I joined Cisco about two years ago from Intel Security where I led a research team focusing on vulnerability research and automation.

How and when did you start taking an interest in technology — and, more specifically, cybersecurity?

It all started when I was in my early double-digits —  my mom ran a computer lab at a local middle school, and after school I’d hang out there playing computer games. For the older folks out there, one of the games that always brings back memories is Winter Challenge for DOS!

Eventually my mom saved up and bought a computer for the house, which my older brother and I were completely consumed with. That led to a life of BBSs, War Dialing, and eventually IRC. The next thing I knew, I stopped taking my normal school bus home, and starting taking one that would drop me off at the doorstep of a sweet computer repair job — a job my older brother helped me land.

What personal and professional qualities are important for a career in cybersecurity?

As with all jobs: unrelenting passion. You have to love the challenge of solving problems, breaking into systems, and catching bad guys!

Tell us about some of the more interesting research you’ve done.

One of my favorite all-time hacks was against those building access card systems. You know, those little black squares next to doors that let you into your office. I wrote some code that would allow you to mimic the access badges given to employees and essentially brute force those. Well, it worked really well and security professionals from all over the place would write me, telling about stories of how they used it to test the security of their organization. I also discovered ways to open any door, in any office, via the network, for specific deployments. It was awesome! It’s been a while since I did that research, but you can find some of the code here https://github.com/brad-anton/proxbrute and https://github.com/brad-anton/VertX

What challenges can we expect from the ever-increasing number of IoT devices, workloads moving to the cloud, and cyber attacks?

IoT has been impacting the industry in two interesting ways. The first is a massive nuisance: DDoS. Vulnerabilities and lax configuration settings in internet-connected devices like cameras are giving attackers the ability to gain control over these systems and use them on a gigantic scale to flood targets. This flooding is not only a nuisance, it’s used as a diversion tactic.  While an organization is focused on dealing with the flood, actors launch quieter, more directed attacks to break into systems and gain access to sensitive data.

The second way IoT is impacting the industry is more of an artifact of technological innovation. Critical infrastructure — like water treatment facilities and power plants of all types — have used embedded systems for years to control core elements of their operation. As internet adoption grew, these older systems connected to the internet so they could be more easily managed and monitored.

However, much has changed in terms of security, and many of the devices and applications still in use weren’t built with the basic security features that are standard in modern operating systems. This has the potential to give attackers the ability to impact physical things by modifying something virtually — for instance, opening the floodgates on a dam. Unfortunately, some individuals and organizations underestimate the potential for loss and treat security reactively instead of proactively.

How does your research feed into Cisco products and services?

The research my team conducts at Cisco focuses on defending against attackers by understanding every component of an attack and using that knowledge to build systems to detect them automatically. We also spend hours hunting through our data sets to identify new infrastructure, tools, and actors. We then take all of this information and feed it directly into blocking mechanisms that are used by many Cisco products. The impact of our research is freakin’ awesome!

Thanks for your time, Brad! Before you go, tell us something fun or interesting people might not know about you.

I absolutely love to snowboard! It has been a joy of mine for years, ever since I was a teenager, but I rarely find time to go. One time, after a long period of not snowboarding, I fell so hard that my pants literally fell off. They were the zip-up kind, and two of my friends had to help me up and put my pants back on. When I hear the phrase “catching them with their pants down,” used to describe attackers on the internet, I can’t help but think about the snowboarding incident. Thankfully, I’m much better at catching attackers on the internet than snowboarding!

Where can we find you online?

Find me on Twitter (without having to spell my last name) at @brad_anton.


Want to see Brad’s research in action? Try Cisco Umbrella for free!  Do you want to work with people like Brad? We’re hiring!

This post is categorized in: