Presented by Cisco
This article is part of VentureBeat’s special issue, “The cyber resilience playbook: Navigating the new era of threats.” Read more from this special issue here.
When most fans think of the NFL, they picture roaring crowds, cutting-edge video displays and high-speed connectivity enhancing every moment of the game. Sold-out stadiums, advanced Wi-Fi and in-seat services combine to create a premium experience for every fan.
What they rarely see is the invisible fortress of technology and partnerships protecting every event, venue and fan. The NFL’s security team intends to keep it that way.
That fortress is built in part by Cisco, which since 2021 has served as the NFL’s Official Enterprise Networking Partner and an Official Cybersecurity Partner of the league. Together with the NFL’s chief information security officer, Tomás Maldonado, Cisco helps orchestrate defense strategies that often begin 12 to 18 months before any major event.
Maldonado’s team relies on close collaboration with government agencies including the Secret Service and the FBI, as well as with core technology partners like Cisco, to deploy adaptive and flexible solutions capable of protecting any game in any venue worldwide.
Partnering to gain greater scale, speed and strength
Of the many partners the NFL depends on for robust cyber defenses, Cisco stands out for its depth in threat intelligence and its proven record stopping attacks at scale. VentureBeat recently spoke with JJ Cummings, national security principal at Cisco Talos — Cisco’s industry-leading threat intelligence research organization — to learn how his team collaborates with the NFL to understand the evolving threat landscape and keep security measures agile and effective.
“We have become highly adaptable, not that we weren’t before, but even more so for these types of events,” Cummings told VentureBeat, emphasizing flexibility in addressing high-pressure challenges. Collaboration is key: “Setting up early the right players and keeping the door open for collaboration so that information can be freely exchanged at a high pace.”
Working closely with Maldonado’s team has given Cummings a vantage point on which security plays matter most for large-scale events. The following insights form a playbook that any security leader can learn from.
No off-season: Inside the NFL’s 24/7 cyber defense playbook
Cyberattacks never take a time-out, and the NFL’s security teams mirror that relentless pace to defend the Super Bowl and every game on the schedule.
Here are seven core priorities — or table stakes — from the NFL that are equally applicable to any organization looking to stay ahead of modern cyber threats:
Security is a 24/7 team sport. “Threat actors don’t keep office hours, and neither can cybersecurity teams,” Cummings emphasized. NFL security is a year-round effort. Maldonado’s staff and Cisco Talos teams share intelligence, run pre-game drills and monitor stadium networks, even when there’s no event on the calendar.
Be data-obsessed to predict threats early. “Security isn’t just about reacting — it’s about seeing trouble before it starts,” Cummings explained. The NFL employs real-time data analytics — across ticket scans, Wi-Fi traffic, IoT sensors and more — to detect anomalies before they escalate. By partnering with Cisco, they spot suspicious logins or vendor software issues early, often stopping threats before they fully form.
Gamify cyber risks by using simulations. The NFL regularly conducts high-intensity security drills — distributed denial of service (DDoS) attacks, phishing simulations and AI-driven cyberattack attempts — to build what Cummings calls “muscle memory.” Frequent tabletop exercises and red-team drills train everyone to respond swiftly and precisely under pressure.
Build and constantly strengthen ecosystem-wide partnerships. “No one fights cybercrime alone, and the more intelligence we share, the stronger we all are,” Cummings noted. The NFL cooperates with the FBI, Secret Service, Department of Homeland Security (DHS) and other agencies, alongside technology firms, to stay ahead of threats that cut across multiple industries.
Security must be a strategic pillar of any enterprise. “Security needs a seat at the table from day one,” said Cummings. From Super Bowl venue selection to vendor contracts, Maldonado’s team integrates security into every strategic decision. For other organizations, this means involving security leadership in operational and product planning early and often.
Building a strong culture delivers the foundation you need for resilient security. According to Cummings, “If security feels like a burden, people avoid it — but if it feels like a shared mission, they embrace it.” The NFL invests in league-wide security training so that employees at every level know their role in safeguarding the organization.
Adapt or die — because complacency kills in security. “The moment you think you’re secure, you’ve already lost,” Cummings warned. Constantly evolving threats — from AI-driven phishing to zero-day exploits — drive the NFL to keep improving. For any security leader, that means automating patch management and ensuring red teams are always challenged with new scenarios.
Game-changing cybersecurity: From playbook to practice
“Security isn’t about reacting, it’s about staying ahead of the game,” said Cummings. The NFL’s security strategy, built on partnerships with Cisco and government agencies, relies on real-time intelligence, teamwork and a security-first culture. Staying ahead means constant adaptation, especially as attackers evolve.
“The moment you think you’re ahead, attackers are already pivoting,” Cummings warned. AI-driven threats have made phishing lures more convincing, forcing defenders to stay even sharper. That’s why the NFL treats security like training for game day — running high-intensity simulations, embedding security into every decision and ensuring that every stakeholder understands their role.
A tighter, relentless defense
The NFL’s success in safeguarding the world’s biggest sporting events is rooted in preparation, partnerships and adaptability. But even the most sophisticated cybersecurity strategy hinges on one critical factor: Speed.
“In this business, intelligence is only as good as its timing,” Cummings explained. “If I get a piece of intel that says an attack might be happening in the next two hours — but it reaches the right people in three hours — it’s already too late.” This is why, he emphasized, strong partnerships and trust are non-negotiable. “We’re in constant coordination with law enforcement, the NFL’s security teams and government agencies. The key isn’t just sharing information, but doing it fast enough to make a difference.”
For any organization facing modern threats, adopting these best practices is the surest way to stay one step ahead — always ready to blitz, pivot and ultimately win the cyber defense game.
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact
