easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114Jason Button leads the Cisco Security and Trust Mergers and Acquisitions (M&A) organization. He was formerly the director of IT at Duo Security, a company Cisco acquired in 2018, making him uniquely\u2026 Read more on Cisco Blogs<\/a><\/em><\/p>\n \u200b<\/p>\n Jason Button leads the Cisco Security and Trust Mergers and Acquisitions (M&A) organization. He was formerly the director of IT at Duo Security, a company Cisco acquired in 2018, making him uniquely positioned to lend his expertise to the M&A process. This blog is the continuation of a series focused on M&A cybersecurity listed at the end of this post.<\/em><\/p>\n This latest blog post will revisit the topic of Moving Left to Right: Cybersecurity Practices and Outcomes in M&A Due Diligence<\/a> and lessons learned from implementing Cisco\u2019s M&A Cybersecurity Framework<\/a> last year.<\/p>\n In this year alone, Cisco has made ten acquisition announcements<\/a>, ranging from small, agile start-ups to well-established, publicly traded companies. The varying size and complexity of the companies we\u2019re looking to acquire entail that we identify, assess, and adjust for risk differently.<\/p>\n Our M&A Cybersecurity Framework has allowed us to scale and streamline our discovery and risk assessment processes to better align with the level of security risk a deal poses. Using standard security guardrails, tooling, systems information, and other automated processes to screen and assess non-integrated risks, we can draft a Discovery Risk Assessment earlier, thereby freeing up teams to focus on assessing more complex acquisitions and potentially greater security risks.<\/p>\n Right-sizing your risk assessment approach has additional benefits, including the ability to identify areas of integration risk to accelerate integration after the deal closes. An example is the Valtix<\/a> acquisition earlier this year, where we conducted an aggressive and thorough discovery investigation to close the deal before the end of April. The driving factor was the opportunity to debut an essential product integration demonstration in early June at Cisco Live<\/a>, our flagship customer event.<\/p>\n To meet this timeline, we needed to ensure that the security risk was manageable and that we had stakeholder buy-in. We worked closely with cross-functional teams to identify and prioritize risk mitigation so that we could meet our commitment. By having a robust framework in place, we were able to accelerate the integration process while enabling the Valtix team to be more effective and productive in a short amount of time.<\/p>\n Another lesson we\u2019ve learned is prioritizing visibility into the acquired infrastructure earlier in the process. Deploying tools like Wiz.io<\/a> and JuniperOne<\/a> helps educate us about new environments and allows us to identify risks sooner. This is significant when triaging and prioritizing efforts between the company being acquired and the business it will be absorbed into. For the Armorblox<\/a> and SamKnows<\/a> acquisitions, we were able to focus on high-priority risks and spend less time spreading efforts across multiple work streams. Having a framework that helps us prioritize risks is what\u2019s most important and ultimately makes for better, more secure products.<\/p>\n Another important lesson learned this year was how to apply the M&A framework to re-visit previous acquisitions to assess and understand risk. Going through this process without time constraints or diligence pressures allowed us to hone our investigative methods and refine our practices. For example, we worked with the Meraki<\/a> team, a mature organization that was acquired over ten years ago and a significant contributor to Cisco\u2019s portfolio. We combed through a decade\u2019s worth of data to inform how we could simplify and streamline key areas of our integration framework and improve our overall security stance.\u00a0<\/p>\n One of the driving factors for Cisco to acquire companies is to identify and invest in new innovations that will improve the security and performance of our solution portfolio. The M&A Cybersecurity team works closely with Cisco\u2019s Corporate Development Integration team to assess and manage risk throughout the discovery, diligence, and integration process.<\/p>\n The M&A Cybersecurity Framework has been a valuable tool to ensure that business, engineering, and operations leaders align and focus on integration well before the deal closes. Operational alignment with IT, Security, and other functions has helped surface important issues, such as addressing workflows and user and customer identities before the integration process. We\u2019ve also found that by elevating security early in the M&A process, we\u2019re helping the business remove obstacles that could get in the way of business goals and achieve its value drivers faster, which leads to accelerated business growth.<\/p>\n Leadership expert Simon Sinek has frequently stated, \u201cA team is not a group of people who work together.\u202f A team is a group of people who trust each other.\u201d<\/p>\n Our M&A Cybersecurity Framework is a valuable tool to help securely enable the mergers and acquisition process. However, you can\u2019t underestimate the personal factors needed to make it a success. Building trust across a team takes time and requires focusing on developing relationships, being empathetic, and demonstrating respect for a company\u2019s culture.<\/p>\n The press release<\/a> announcing Cisco\u2019s intention to acquire Splunk cited one of the key value propositions: \u201cUnites two \u201cGreat Places to Work\u201d with similar values, strong cultures, and talented teams.\u201d The M&A process is much more than the intellectual property and technology being acquired; the human capital and cultural strengths are often the most valuable assets.<\/p>\n Looking back this year, my colleague Mo Iqbal summed it up best, \u201cWe can\u2019t understand the technologies until we understand the people and culture that enabled them to be so successful.\u201d<\/p>\n If you are interested in learning more, please read More than an Asset: The People Side of Mergers & Acquisitions<\/a>.<\/p>\n Mergers and Acquisitions Cyber Risk Management<\/a><\/p>\n Cybersecurity Awareness Month<\/a><\/p>\n Managing Cybersecurity Risk in M&A<\/a><\/p>\n Demonstrating Trust and Transparency in Mergers and Acquisitions<\/a><\/p>\n When It Comes to M&A, Security Is a Journey<\/a><\/p>\n Making Merger and Acquisition Cybersecurity More Manageable<\/a><\/p>\n Ensuring Security in M&A: An Evolution, Not Revolution<\/a><\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!<\/em><\/p>\n Cisco Secure Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\n \u00a0\u00a0This M&A blog is a continuation of a blog series that was launched last year during Cybersec Month that are referenced in the blog copy. We will be posting a second blog as a look back since publishing the framework last year.\u00a0\u00a0Read More<\/a>\u00a0Cisco Blogs\u00a0<\/p>","protected":false},"excerpt":{"rendered":" <\/p>\n Jason Button leads the Cisco Security and Trust Mergers and Acquisitions (M&A) organization. He was formerly the director of IT at Duo Security, a company Cisco acquired in 2018, making him uniquely\u2026 Read more on Cisco Blogs<\/a><\/em><\/p>\n \u200b<\/p>\n Jason Button leads the Cisco Security and Trust Mergers and Acquisitions (M&A) organization. He was formerly the director of IT at Duo Security, a company Cisco acquired in 2018, making him uniquely positioned to lend his expertise to the M&A process. This blog is the continuation of a series focused on M&A cybersecurity listed at the end of this post.<\/em><\/p>\n This latest blog post will revisit the topic of Moving Left to Right: Cybersecurity Practices and Outcomes in M&A Due Diligence<\/a> and lessons learned from implementing Cisco\u2019s M&A Cybersecurity Framework<\/a> last year.<\/p>\n In this year alone, Cisco has made ten acquisition announcements<\/a>, ranging from small, agile start-ups to well-established, publicly traded companies. The varying size and complexity of the companies we\u2019re looking to acquire entail that we identify, assess, and adjust for risk differently.<\/p>\n Our M&A Cybersecurity Framework has allowed us to scale and streamline our discovery and risk assessment processes to better align with the level of security risk a deal poses. Using standard security guardrails, tooling, systems information, and other automated processes to screen and assess non-integrated risks, we can draft a Discovery Risk Assessment earlier, thereby freeing up teams to focus on assessing more complex acquisitions and potentially greater security risks.<\/p>\n Right-sizing your risk assessment approach has additional benefits, including the ability to identify areas of integration risk to accelerate integration after the deal closes. An example is the Valtix<\/a> acquisition earlier this year, where we conducted an aggressive and thorough discovery investigation to close the deal before the end of April. The driving factor was the opportunity to debut an essential product integration demonstration in early June at Cisco Live<\/a>, our flagship customer event.<\/p>\n To meet this timeline, we needed to ensure that the security risk was manageable and that we had stakeholder buy-in. We worked closely with cross-functional teams to identify and prioritize risk mitigation so that we could meet our commitment. By having a robust framework in place, we were able to accelerate the integration process while enabling the Valtix team to be more effective and productive in a short amount of time.<\/p>\n Another lesson we\u2019ve learned is prioritizing visibility into the acquired infrastructure earlier in the process. Deploying tools like Wiz.io<\/a> and JuniperOne<\/a> helps educate us about new environments and allows us to identify risks sooner. This is significant when triaging and prioritizing efforts between the company being acquired and the business it will be absorbed into. For the Armorblox<\/a> and SamKnows<\/a> acquisitions, we were able to focus on high-priority risks and spend less time spreading efforts across multiple work streams. Having a framework that helps us prioritize risks is what\u2019s most important and ultimately makes for better, more secure products.<\/p>\n Another important lesson learned this year was how to apply the M&A framework to re-visit previous acquisitions to assess and understand risk. Going through this process without time constraints or diligence pressures allowed us to hone our investigative methods and refine our practices. For example, we worked with the Meraki<\/a> team, a mature organization that was acquired over ten years ago and a significant contributor to Cisco\u2019s portfolio. We combed through a decade\u2019s worth of data to inform how we could simplify and streamline key areas of our integration framework and improve our overall security stance.\u00a0<\/p>\n One of the driving factors for Cisco to acquire companies is to identify and invest in new innovations that will improve the security and performance of our solution portfolio. The M&A Cybersecurity team works closely with Cisco\u2019s Corporate Development Integration team to assess and manage risk throughout the discovery, diligence, and integration process.<\/p>\n The M&A Cybersecurity Framework has been a valuable tool to ensure that business, engineering, and operations leaders align and focus on integration well before the deal closes. Operational alignment with IT, Security, and other functions has helped surface important issues, such as addressing workflows and user and customer identities before the integration process. We\u2019ve also found that by elevating security early in the M&A process, we\u2019re helping the business remove obstacles that could get in the way of business goals and achieve its value drivers faster, which leads to accelerated business growth.<\/p>\n Leadership expert Simon Sinek has frequently stated, \u201cA team is not a group of people who work together.\u202f A team is a group of people who trust each other.\u201d<\/p>\n Our M&A Cybersecurity Framework is a valuable tool to help securely enable the mergers and acquisition process. However, you can\u2019t underestimate the personal factors needed to make it a success. Building trust across a team takes time and requires focusing on developing relationships, being empathetic, and demonstrating respect for a company\u2019s culture.<\/p>\n The press release<\/a> announcing Cisco\u2019s intention to acquire Splunk cited one of the key value propositions: \u201cUnites two \u201cGreat Places to Work\u201d with similar values, strong cultures, and talented teams.\u201d The M&A process is much more than the intellectual property and technology being acquired; the human capital and cultural strengths are often the most valuable assets.<\/p>\n Looking back this year, my colleague Mo Iqbal summed it up best, \u201cWe can\u2019t understand the technologies until we understand the people and culture that enabled them to be so successful.\u201d<\/p>\n If you are interested in learning more, please read More than an Asset: The People Side of Mergers & Acquisitions<\/a>.<\/p>\n Mergers and Acquisitions Cyber Risk Management<\/a><\/p>\n Cybersecurity Awareness Month<\/a><\/p>\n Managing Cybersecurity Risk in M&A<\/a><\/p>\n Demonstrating Trust and Transparency in Mergers and Acquisitions<\/a><\/p>\n When It Comes to M&A, Security Is a Journey<\/a><\/p>\n Making Merger and Acquisition Cybersecurity More Manageable<\/a><\/p>\n Ensuring Security in M&A: An Evolution, Not Revolution<\/a><\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!<\/em><\/p>\n Cisco Secure Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\nSize Matters<\/strong>\u00a0<\/h2>\n
Accelerating Integration<\/strong>\u00a0<\/h2>\n
Looking Back to Power Forward<\/strong>\u00a0<\/h2>\n
Securely Enabling Business Growth<\/strong>\u00a0<\/h2>\n
Earning and Maintaining Trust<\/strong>\u00a0<\/h2>\n
Additional Resources<\/strong>\u00a0<\/h2>\n
Related Blogs<\/strong>\u00a0<\/h2>\n
Size Matters<\/strong>\u00a0<\/h2>\n
Accelerating Integration<\/strong>\u00a0<\/h2>\n
Looking Back to Power Forward<\/strong>\u00a0<\/h2>\n
Securely Enabling Business Growth<\/strong>\u00a0<\/h2>\n
Earning and Maintaining Trust<\/strong>\u00a0<\/h2>\n
Additional Resources<\/strong>\u00a0<\/h2>\n
Related Blogs<\/strong>\u00a0<\/h2>\n