A Growing Field: Cisco Chief Security and Trust Officer John Stewart Discusses Cybersecurity

On Friday, December 8, John Stewart, Cisco’s Chief Security and Trust Officer, came to Dublin High School to speak to students about his work and answer any questions they had about the cybersecurity field.


Instead of presenting with a slide deck as most speakers do, Stewart explained that he wanted the students to drive the conversation and ask him questions they wanted to know the answers to. Otherwise, he would ask members of the audience some of his own questions. When asked any questions, he answered them thoroughly and gladly, and it was definitely interesting to hear some of his answers. He even spoke on a variety of topics, including qualities he believes make successful engineers, his philosophy on success, and major security breaks he has experienced in his line of work.


He began by discussing his journey to his position at Cisco – he graduated with a specialization in artificial intelligence from Syracuse University and became interested in cybersecurity following the huge 1998 internet attack. Initially, he loved hard coding, and obsessively tried to make his code more “beautiful.” Then, Stewart gradually discovered that if there was something more difficult than code, it was people. Following this intellectual challenge, he realized he was more of a “people person.” This caused a shift in his career, from coding to leading teams and investing and working with different companies. Stewart confessed that he loves doing “a lot of different things in a lot of different directions,” and changes his mind often. One of the driving forces behind that is because he enjoys helping others’ startups succeed by investing in projects that seem to have potential, and this often goes in different directions.


A senior who was interested in running a startup with a few of his friends asked, “Would it be worth the experience to work in a startup rather than a big corporation straight out of college?”


Stewart answered that where a person feels comfortable ultimately depends on their personality. Some people might find it more helpful to work in a large company instead of working in a startup. But nevertheless, “you can get experiences anywhere. You learn a lot about yourselves when you’re not [successful].” The important factor is simply gaining a variety of experiences, and constantly learning from them.


As for other life lessons he wanted to share, he acknowledged that to get somewhere, you have to work for other people, but not “bad people,” and mentioned that you should “make sure you get someone else successful while you make yourself successful,” an ideology he himself goes by – it makes the whole world a better place.


About his position at Cisco, he admitted that he always makes sure that he still loves what he is doing, and would suggest that everyone else do the same, because you don’t have to keep going higher on the hierarchy of a company if it’s not what you want to do.


Afterwards, Stewart shared some extremely interesting stories of security breaches at Cisco, which were not “interesting” when they occurred, but extremely stressful, and only a little funny and ridiculous later. One of these stories was about how a sixteen-year-old in Sweden hacked into Cisco, one of the top global technology companies, using a little skill and lots and lots of luck. At the time, Cisco had two servers to check one-time passwords for each employee to log into Cisco, using a VPN client. Each one-time password could, as the name suggests, never be used again, but because the two servers that checked the password were off by three and a half seconds, there was a three and a half second gap where two people could, hypothetically, log in using the same password. The Swedish teenager did not know all of this, but still, after many attempts, somehow managed to almost instantaneously use the same password as an actual employee, thus getting into Cisco. Although the story seemed exciting, the fallout was not, and Stewart used this as an example to explain why white hat hacking is worth more than black hat hacking, because although the teen was not arrested for this particular incident, he eventually went to the dark side, stole information, and ended up in prison.


Another incident occurred with an engineering team at Cisco, which was trying to build an internet-connected kitchen, but accidentally ended up disrupting Cisco’s entire system – a set of machines was attacking Cisco from the inside because they had not been properly patched. Stewart recalled how ridiculous it felt to tell the others who were at the meeting to discuss the problem that the cause of everything was a kitchen.


Stewart then explained how cybersecurity is a huge, growing field, with many, many opportunities since there are so many jobs to be filled – more than 1.8 million. After all, the internet is accessible nearly everywhere now, and everything that is connected has to be connected very carefully. As technology is improving and developing, more and more cybersecurity professionals are needed to secure all of them.


Stewart’s presentation ended with his advice to the students on how to become successful engineers in cybersecurity. The points he discussed are the following:

  1. Learn how the internet actually works.
  2. Be self-aware to admit you don’t know something when you don’t know it. Don’t make stuff up.
  3. Think creatively. Be curious. Learn constantly.
  4. Think “us”: challenge each other in a team, and try to make a bigger impact.


For any aspiring engineers, cybersecurity is definitely a field to consider because of the current shortage of engineers in the field despite its importance to maintain the safety and security of technology. Cybersecurity needs engineers like YOU to keep the world safe. You can start right now with a plethora of opportunities, such as the Air Force Academy’s CyberPatriot program and Capture The Flag (CTF) competitions, which can be found online.