Did you know? You can share this story using the social media icons on the left. Please include the hashtag #WeAreCisco. You can also rate and comment on the story below.
Harnessing Telemetry on Steroids
In his less than two years with Cisco, TK Keanini has already become a familiar face—and not just because of his distinctive shaved head and shark-tooth-themed tattoo sleeves.
The Hawaiian-born TK played a key role in our recently introduced "The Network. Intuitive." A principal engineer in Cisco's Security Business Group, he's leading our bleeding-edge security solution, ETA. Short for Encrypted Traffic Analytics, ETA is the industry's first solution to identify threats in encrypted traffic. You might have seen TK talking about it at Cisco Live in Las Vegas in June—an experience he counts as a career highlight.
"Being on stage with David Goeckeler in front of 28,000 people was so exciting," TK recalls. (The T stands for Tim. He says he uses his initials to distinguish himself from the abundance of Tims in the tech industry.)
If there's a traditional path to prominence in the security industry, TK didn't take it. His first love was music, especially bass guitar. Growing up on Oahu, he played gigs in hotels and on other islands and dropped out of high school. By the time he was 20, he was living and touring with different bands in California and beyond. A highlight of his musical career was opening for MC Hammer at the Moscone Center in San Francisco in the 1980s.
But after his first daughter was born in 1990, TK needed a way to earn a living that involved less travel—and so began his introduction to coding. He got a job at a store that specialized in computer software for music and quickly transitioned to developing video games with Brøderbund Software, where he spent over nine years working with creative geniuses. The experience colored his approach to security.
"With security, as with gaming, you're always thinking from an adversarial perspective," he says. "You have to get into your adversaries' heads."
In the late 90s, TK did a stint as a systems engineer with Cisco, but he got recruited away to help build an online trading system with Morgan Stanley. Later, he became CTO at nCircle—a network security company he sold to TripWire after 12 years.
It was through friend and security luminary Richard Stiennon that TK jumped into the role that would eventually lead him back to Cisco. While still living in Austin, Texas, he became CTO for the Alpharetta, Georgia, based Lancope—where he and his team built the award-winning Stealthwatch product line. Cisco later acquired Lancope, and Stealthwatch today sits at the center of the ETA solution set.
"Stealthwatch is the underpinning of ETA," TK says.
What was the impetus for Encrypted Traffic Analytics? TK says he came across a research paper published by Cisco Fellow David McGrew whose team had found a way to advance network-based telemetry, to drive a more advanced form of analytics. Telemetry has to do with infrastructure exhibiting metadata (data about the data) that can be used by analytics to offer insight. Stealthwatch had made use of telemetry for years, but TK saw revolutionary potential in the research.
"This was like telemetry on steroids," he says. "This level of visibility essentially leaves the threat actors nowhere to hide!"
Traditionally, Cisco develops new technologies internally, then works with the Internet Engineering Task Force (IETF) to make standards. But ETA developed through an opposite approach. The internally developed research was published in 2016 to the public for all to see. An open source package was also published as a reference implementation of the research. TK talked with customers about their pain points and what made sense to productize. Now, nearly two years later after the first public debut, the technology is being implemented in a way that solves real customer problems without increasing their operational overhead.
"The entire new Catalyst 9000 switching portfolio can exhibit this Encrypted Traffic Analytics based telemetry," TK says. "The network itself is the ultimate security sensor. It's fantastic!"
Over the years, TK has served on various boards to promote multi-vendor interoperability. He's been a founding member of a number of security standards, among them CVE, CPE, OVAL and CVSS. His philosophy on security? It's all about economics.
"Security is about making it too expensive for your adversaries to operate," he says. "You want to raise their cost of doing business. This way you play the long game—because a lot of times it seems you're in a losing battle."
But there's more to TK than security and work. He's a family man with a wife, three children, and two much-beloved French bulldogs—each of which has its own Facebook page. He misses playing with the band, but gets to see a lot of music. He also enjoys extreme obstacle-course sporting events, such as the Spartan Race and Tough Mudder. And he still loves to surf, though he's no fan of wetsuits. A couple of times a year he gets on a plane to surf in Hawaii rather than put on a wetsuit to surf on the mainland.
"My boards are still there at my brother's house," he says.
As for his priorities for the future, TK says he'd like to further develop ETA. He's also excited by our recent acquisition of Observable Networks, which he says will become the Stealthwatch cloud.
"ETA has a bright future," he says. "I think we have gotten about 10 percent of its value—there's a lot more."
- New Era of Networking: The Power of Security and Encrypted Traffic Analytics
- TK's Blog
- The Network Intuitive
- Careers at Cisco
- Mr Hugo Baws on Facebook
- Moo the Dog Cow on Facebook
Connect everything. Innovate everywhere. Benefit everyone.