What drives Barry’s passion, drive, and focus on empowerment? The following is a work in progress to help others learn from my journey, my experiences, people who have cleared the path for me, people who have helped me, and people who have been my allies for change over the last few decades. This page is part of the “Empowerment” series on Senki.
How does Barry get the job done?
Today, I do not get pulled into the cybersecurity commercial ‘dependency trap.’ If listening to the vendor’s cybersecurity experts had worked, it would have reduced risk. What we’re seeing over and over again is an increase in risk, not a reduction. Commercial cybersecurity’s primary job is profit maximization – not the elimination of risk.
Barry’s approach is to find ways to empower, upskill, and well-network the organization’s team with peers to drive risk to the lowest possible levels, then prepare a rapid response that is flexible, resilient, maintains the mission, and collects the details needed to go after the threat actors.
Trust your existing team, clear the path for their success, and find people who are interested in turning your team into peers in the community. This has been the core of my success. Impact is NOT what I can deliver. Impact is the team I empower to achieve the mission in my absence. It is rooted in the training I received during my USAF days, fantastic mentors, and a Bahá’í view that sees everyone as having the potential to impact the world around them.
Barry’s way is to “clear the path,” instigate/inspire, and set examples for peers to step forward and act. Success is when the problem is solved, the team is acknowledged, and people do not realize the role, influence, or impact I’ve had in facilitating it. Some say this is insane – where all the credit goes to others. True. But my goal has always been “mechanism of world inter-communication will be devised, embracing the whole planet, freed from national hindrances and restrictions, and functioning with marvelous swiftness and perfect regularity.”
Effective Cybersecurity Resiliency is all about an intentionally woven community of peers. There are multiple communities that do not require members to spend thousands of dollars. Many organizations pay high membership fees to “cybersecurity organizations” that host conferences and talk about cybersecurity.
The most effective cybersecurity communities (effectiveness is about getting help when you need it) are volunteer-driven, non-profit, and quiet (don’t want threat actors to know everything). The “cybersecurity tapistry of effectiveness” is multi-layered, with operational, architecture, product, marketing, executives, and board of directors all interacting with their peers – each a pattern of respectful interaction within the tapistry’s patterns.
Barry has always been committed to instigating, building, facilitating, and curating these cybersecurity “trust group” communities. It takes time to earn the trust of cybersecurity professionals to be admitted to TLP: RED groups that uncover threat actors, orchestrate disruptions, and work with international law enforcement to make arrests. I help organizations build step-by-step mentorship guides that help their teams gradually develop the “operational trust” needed to be active members of these critical communities.
CISOs fall into a trap. They do not set up their trusted advice groups, nor do they budget for and find their “1st Sergeant,” who works side by side to get things done. They are placed in an “alone” leadership position as an expendable scapegoat when the inevitable reportable incident affects the mission.
These days, I help my peers who are taking on CISO roles. I help build that small group around them, a “cybersecurity trust group.” I teach them how to budget and justify their role within their organization. I coach them on how to find that “1st Sergeant – Master Chief” to work throughout the organization, doing the “extras” that lead to team cohesion, teamwork, and execution.
Again, I build on what I have seen successful over the decades – where weaving a community of peers inside the organization with leadership and “clear the path” “1st Sergeant” types weaves“cybersecurity tapistry of effectiveness.”
Daily, weekly, and strict “preventive maintenance” is “the” ignored cybersecurity essential. I always start with the essentials drilled into me while maintaining mission-critical systems. Over the decades, I have found that cybersecurity resilience is not about the new technology. It is about the daily operational habits that mitigate risk and prepare for an unavoidable cybersecurity crisis. Cybersecurity is no different from living in a cyclone/hurricane/typhoon zone. Those organizations that survive a cyclone are the ones that anticipate, prepare, and work within the community to build collective resilience.
When SHTF, it is the community around you that gets you back up and running, not some cybersecurity gadget of the year.
Principle-Centered Leadership combined with Pushing up People as lessons for success.
Turning the Internet Systems Consortium (ISC) from failure to success – demonstrating sustainable Open Source Ecosystems
Barry Raveendran Greene was President of Internet Systems Consortium (ISC) – a +60 strong 10 million dollar open-source organization responsible for Internet critical software services, and infrastructure – including BIND – our industry’s core DNS server. ISC’s President leads engineering, sales, marketing, product management, and all aspects of the business. Barry is responsible for transforming ISC from a heavy engineering organization into a balanced and stable force that can continue to develop BIND (DNS), DHCP, Quagga, and other Internet-critical open-source software, services, and capabilities. Barry continues ISC’s evolution as an Agile Software Development process company, incorporating the Agile essence across all aspects of operations, systems, and application design. ISC is now a constituent-oriented organization, applying its brain trust to problems that impact the Internet’s sustainable future growth. Some of these areas include industry-transformational work with the Security Information Exchange (SIE), Passive DNS, and other tools that uncover cybercriminal activities and facilitate action. In addition, ISC has been asked by the industry to take the Internet-critical quality experience with BIND and DHCP and apply it to open-source routing architectures, enabling new operator-driven innovation to facilitate the success of an ever-converging Internet. Barry is heavily involved in operational security, working with the industry to build a collaborative private-industry team that tracks cybercriminal activities, works with law enforcement, and facilitates the public-private partnership to take down the “cyber-criminal cloud.”
Barry brings 30 years of industry experience, with 20 years directly focused on the growth, stability, and resiliency of the Global Internet. This experience is critical to Barry’s ability to drive transformation in a way that is unique and demonstrates tangible success. He is a pioneer in the fields of Service Provider Security and Operational Security reaction teams – creating many of the techniques, technologies, and capabilities used in the industry today to protect all telecommunications from a range of cybersecurity threats. Barry actively participates in key policy meetings – being on the 2002-2003 US Government Cyber-Security Commission and is currently on the US Federal Communications Commission’s (FCC’s) Communications Security, Reliability, and Interoperability Council (CSRIC).
Transforming Juniper’s Security Practice
Before ISC, Barry was Director of Juniper’s Security Incident Response Team (SIRT), fulfilling Juniper’s mission to deliver products that are Fast, Reliable, and Secure. Barry transformed the Juniper SIRT Team to lead the industry in recognized performance and capabilities. This included the roles of reactively & proactively responding to security Incidents; providing customers with operational intelligence on the threats to their business; building and delivering effective customer empowerment outreach programs; crafting closed-loop win-win processes to facilitate a self-sustaining SIRT Team, and driving enhancements that add resiliency and security to the Juniper product portfolio. As part of his SIRT mission, Barry continued his efforts with Operational Security Communities, serving the members of these groups to protect their networks and fight the Underground Economy.
Leveraging Cisco’s “Empowerment” and Customer Advocacy to Grow the Internet
Before Juniper, Barry’s spent 12 years at Cisco Systems, spending the last 6 as Cisco’s Chief SP Security Architect – driving programs, products, innovation, and strategy to meet an SP’s security business He has led Cisco’s broad SP Security talent to deliver products, services, designs, and best practices which allow SPs to survive today’s vibrant and thriving “miscreant economy.” Barry has been instrumental in pulling together collaborative “behind-the-scenes” industry groups to battle these threats. Previously, Barry has applied his 30 years of experience to diverse areas, such as SP Architect – specializing in Business Scalable IP Infrastructure; Overlay Content Systems; end-to-end security systems; Trans-Oceanic Backbones; Data Center Design; Database and systems integration; Network Forensics and Network Management Systems; Military Networking; Video Distribution Systems; and SP IP Interconnection Designs.
Empowerment of the new generations of talent is one of Barry’s passions. This can be seen in his extensive online publication; frequent empowerment talks about the world, the book ISP Essentials (written with his colleague Mr. Philip Smith); and intensive work with groups like NANOG, APRICOT, AFNOG, APNIC, AFRINIC, UNDP, USTTI, and NSP-SEC. As an advocate for scaling the Internet through empowering engineers, Mr. Greene was a key coordinator for several of Cisco’s ISP Empowering projects. These included co-coordinator of Cisco’s ISP Workshop program, sponsor for the Internet Society’s Network Technology Workshops, Cisco facilitator for Internet Exchange Points (IXPs) throughout the world, creator of the ISP Power Sessions, instructor of the ISP Security Seminars at NANOG, and instructor for UNDP and United States Telecommunications Training Institute (USTTI) ISP Training workshops. Mr. Greene is one of the founders of APRICOT (Asia & Pacific’s annual Internet Operations forum), a mentor for AFNOG (Africa’s annual ISP Operations forum), and periodically serves on the NANOG program committee. The empowerment efforts continue with Mr. Greene’s recent publication of Cisco ISP Essentials, written with his colleague Mr. Philip Smith.
Connecting ASEAN to the Internet while laying the foundation for Singapore’s Internet Transformation
Barry was Deputy Director of Engineering Planning and Operations for Singapore Telecom’s SingNet Internet Service. He is the creator of the Singapore Telecom Internet Exchange (STIX) and a major force in making Singapore a dominant regional Internet focal point.
Before Singapore Telecom, he was a Network Engineer and Systems Integrator at Johns Hopkins University/Applied Physics Laboratory (JHU/APL) and at Science Applications International Corporation (SAIC). Mr. Greene is a 10-year veteran of the United States Air Force (USAF), which provided him with a solid technical foundation, management, and leadership skills that he has used throughout his life.
Mr. Greene has a Bachelor of Science in History from Rolling College