It’s impossible to know when and where the next data breach or cyber attack will originate. Customers don’t want to take risks, and companies can’t afford to make themselves vulnerable. That’s why Comcast turned to Myrna Soto in 2009. The telecom giant with 22.6 million video customers, 21.1 million Internet customers, and 10.8 million phone customers made the MGM Mirage alumna and cybersecurity expert its first chief infrastructure and information security officer.
Soto is responsible for the safety and security of a network that spans 147 million fiber route miles with the ability to connect more than 50 million homes. She’s implementing IP addressing, data loss prevention, and other initiatives designed to protect the $65 billion company and the customer experience.
CyberSecurity 2.0: Playing Defense
In the age of frequent online attacks, a company like Comcast must be prepared for anything that comes its way—and Comcast’s large service delivery network complicates Soto’s work. “The list goes on and on,” she says of potential threats. “We have to be ready for an incident geared to interrupt our service or introduce malware or customer issues like ID theft and data management. The safety and security of our customers is number one.”
Comcast’s network provides video, digital voice, and high-speed data Internet service to customers in 39 states and the District of Columbia. The company ranks top in cable television and Internet and fourth in phone service. Since Soto joined Comcast in 2009, the security team has been taking a proactive approach and investing in its defenses. While staying ahead of every attack is impossible, Soto says she’s designed technologies, systems, and processes that manage evolutions of the threat landscape to stay as prepared as possible.
“We’ve developed and implemented a lot of tools in a very strong analytics division that we run on our network to pick up on unusual activities,” she explains. By completing forensics and data analyses, Soto and her colleagues can emulate potential threats and use that data to build solutions shared with tech partners to build best-in-class products. She also sits on an advisory board of tech companies through which she gives input to vendors regarding the safety and security of their products and services.
Soto has been charged with protecting the customer experience at Comcast, and in 2011, the Comcast team released a suite of security and safety tools known as Constant Guard. The service—provided free of charge to Comcast’s Xfinity Internet customers—offers tools, support, and awareness to enhance security online. By installing Constant Guard, users can safeguard personal information, store IDs, hide credit card information, prevent key-logging, block suspicious programs, identify fraudulent websites, avoid Trojan attacks, and access financial information through a secure connection. Hackers are able to take control of personal computers and link them together through a “botnet.” The infected computers are then disguised and used for illegal activities like sending spyware, stealing data, or launching attacks. If customer computers are compromised and become part of these botnets, Constant Guard alerts the customers of the compromise and guides them to cleansing activities to remediate.
Partnering on National Cybersecurity
As a member of the Communications, Security, Reliability and Interoperability Council (CSRIC) of the Federal Communications Commission (FCC), Soto represents Comcast and helps develop cybersecurity best practices for her industry. In 2012, Comcast became the first North American Internet service provider to implement domain name system security extensions, which authenticate and secure data. The company shared the practice with CSRIC, which now endorses the adoption of the extensions.
When the FCC joined with the National Institute of Standards and Technology (NIST) to introduce a set of cyber defense practices, Soto told Washington Post that “broadband providers must work collaboratively with government and across various sectors to develop sound industry practices. Comcast will continue working with the chairman, his fellow commissioners, and the dedicated staff at the FCC to help achieve these important goals.” The consortium hopes to shore up defenses, frustrate hackers, and improve national cybersecurity. Soto later told reporters that Comcast would “evaluate [NIST’s guidelines] to assess whether it can be tailored and adapted to our business circumstances and network configuration, and possibly serve as a reference tool for managing the cyber risks and threats we face.”
Providing tools is important, but Soto says Comcast always wants to educate its customers on how to change their behavior and manage security. “I don’t have access to your home computer, nor would we want it. But I do want to help you understand how you can use it in the safest way possible,” she explains.
The company has published surveys and studies like its 2011 “Internet Safety and Security Survey,” which revealed that only 65 percent of parents talk to their children about appropriate online activities. Comcast then created discussion guides to help parents initiate such conversations in the home as part of National Cyber Security Awareness Month. The survey, which is free online, found that teens use riskier passwords, repeat passwords often, and often post content they later regret sharing. Almost 70 percent of teenagers surveyed admitted to downloading a program or software without parental consent.
Two decades in IT and security have taught Soto just how important it is to use appropriate behavior when it comes to interacting online. “I’m a consumer of the Internet, too,” she says. “Based on my experience and what I’ve seen in the security landscape, I’m very attuned to the websites and properties with which I interact.”
3 Ways to Surf Safely
Soto shares her tips for safe Internet use
1. Make sure that the websites you access display the secure socket layer “https” in the address bar. The “s” should appear on a safe and secure URL without a user entering the letter. It’s the web hosting owner letting you know there’s another added layer of security.
2. Manage passwords judiciously and use a unique code for each point of entry on the Internet. If you use the same password for everything, you put yourself at greater risk. I suggest coming up with a phrase you will remember and drawing your password from the words in that phrase.
3. Manage the amount of personal info you share. I’m very active on social media, but I tell people to manage their digital presence in the spirit of security because it could be used as a social engineering vector to harm you in the future.
Recently, Comcast has emerged as an industry leader in the adoption and implementation of IPv6—the sixth version of Internet protocol (IP) addressing. This latest iteration that provides a unique location for Internet-connected devices and directs traffic all across the Internet solves the problem of IP exhaustion. IPv4 was simply out of unique identification codes after issuing approximately four billion unique numbers, the last of which was allocated in 2011. Comcast pioneered in this arena by becoming the first cable service operator to run IPv6 in dual-stack with IPv4 and by employing security technologies adapted for IPv6. “As an organization, we saw that we would continue to grow exponentially in terms of web presence and services. That meant we would require a lot more bandwidth in the IP space,” says Soto. “We needed to be early adopters, and we knew we couldn’t afford to let the security system be open-ended.”
That need for robust security motivated Comcast to work with other companies to design network-monitoring capabilities around security, so they would be IPv6-enabled from the start. Comcast’s IPv6 deployment grew to be the world’s largest in just over three months, thanks to support through a wireless gateway that brought the innovation to approximately four million customers. Comcast then partnered with Cisco Systems to take the deployment over its broadband network. In early 2014 Comcast announced the project was 100 percent complete.
The Internet of Things
As tech continues to evolve and the Internet continues to grow, Soto is moving to prepare for increased security concerns. “I think that the number of connected devices will just explode over the next decade,” she says. Imagine a world in which all of our gadgets—our can openers, garage doors, grills, lights, cars, health devices, TVs, and blenders—are IP-enabled. Comcast already provides Xfinity Home Security, which uses an Internet connection to allow customers remote monitoring and control via camera and Internet. Now, she’s leading her team to move forward in its unending effort to stay ahead of technology. “The Internet and the security of the Internet of things becomes important for us to work on today to make sure we’re there in the future,” says Soto.
Empowering Future Leaders
In 2008, Soto joined HITEC, The Hispanic IT Executive Council. In late 2014, after sitting on the organization’s board of directors, she became its vice president. “We want to help the next generation by providing development and mentoring opportunities in the science, technology, engineering, and math (STEM) fields,” she says, adding that there are great opportunities for women and minorities in companies like Comcast. Soto was born to a Cuban father and Puerto Rican mother in south Florida and became the first in her family to graduate from college. She started her career at a cruise line, found her way into a tech job, was given the opportunity to lead a project, and never looked back. Through her work in HITEC, she hopes to give other Hispanics an easier path forward. “Hispanics have a lot to contribute and offer in the STEM fields,” she says. “They just need to be shown that there are opportunities out there.”