+ Reply to Thread
Results 1 to 4 of 4
  1. Junior Member Soondubu's Avatar
    Join Date
    Apr 2012
    Location
    Supposed City of Angels
    Posts
    13

    Certifications
    CCNA, CCNA-V
    #1

    Default General Cisco Security Question

    I keep hearing from coworkers and other Cisco associates that there is a heavy liability issue for Cisco Security Engineers. From what i'm told, a security engineer can be sued if the network they're responsible for is penetrated by a malicious entity. I've also heard that this isn't true from someone that is CCNP:S, but I just wanted to ask anyone out there that may have any input or an opinion. The reason why I ask is because I considering going through the Cisco Security track myself. Thanks for any input you guys may have.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Feb 2012
    Posts
    2,307

    Certifications
    CCIP, CCNP, CCNA, JNCIA, etc.
    #2
    My title is not "Cisco Security Engineer" so I cannot answer from that perspective, but the claim sounds far-fetched. We are usually only financially responsible for the damages we cause or that we allow to be caused through gross negligence, barring an agreed upon contract stating the contrary. Even in roles where that's a serious worry of lawsuits involving damages--and I have been in such roles--a half-million to a million dollars of liability insurance doesn't cost so much as one might think, especially if one can demonstrate to the insurer that they are a professional taking reasonable precautions.
    Last edited by NetworkVeteran; 05-12-2012 at 04:16 AM.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Apr 2012
    Location
    Shreveport, LA
    Posts
    102

    Certifications
    OSCP, CISSP, CCNP Security, CEH, Security+, GIAC GAWN
    #3
    I work as a 'security engineer' and have never worried about, personally, being sued by a client. As long as I can show I used due care they would have a hard time proving negligence. I mean, if someone uses some 0day against them, how am I supposed to prevent that from happening (yes,yes, defense in depth and all that jazz)? That being said, my employer does carry insurance that covers this, but that is mainly one client practicing risk avoidance by transferring it to us It is an interesting question though, I mean, no network is 100% secure. At what point can you say, I've done all I can do, you can't sue me now?
    Reply With Quote Quote  

  5. Senior Member PhildoBaggins's Avatar
    Join Date
    Sep 2010
    Location
    In America
    Posts
    274

    Certifications
    A+, Net+, MCP, LCP, BAIS, BCNE, CCENT, CCNA, CCNA Security, CCNA Voice, CCDA, CCNP, CUDS, LCSAUC, CIPTDS, NSA 4011, Cisco IOS Security Specialist, Hub
    #4
    If you take your car to a mechanic, they change the oil and filter then seal it all up 100% and your car catches fire it is really hard to prove it was the mechanics fault.

    Clients are going to blame the company, the companies CSMs will blame production, production leaders will blame engineers. Engineers will have to look at the aftermath and perform a post mortem. The same can be said for a Problem Manager if your following ITIL.

    I have only seen it once maybe twice in 10 years where neglegence leads to some sort of legal battle and both instances (even though it was an individuals fault) the individual responsible no longer worked at the organization because well they performed less than satisfactory. By the time the indicents occur its really the responsibility between the Customer facing leaders of your company and the decisionmakers and stakeholders of the client to determine who owns what and AFTER mitigating any issues how they will move forward from there.

    You do take on more risk the higher you go. I am responsible for alot of stuff as a Tier 3 Senior guy but if anyone told me they were gonna sue me for somethign I designed 16 months ago I would tell them to go talk to their customer service rep.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks