May 04, 2014

The technology world's sexism needs to end
How do these locker-room attitudes impact women in IT? Head over to the Everyday Sexism project to read testimony like this example: "Despite the fact that I had, on average, five years more experience and two years more education than any of the men on the team, took only the challenging service calls and those that involved cleaning up messes made by some of the more junior men on the team, and consistently outperformed everyone else on the team by every measure, I was paid $2 less per hour than even the entry-level guys. Management rationalized this to me (and themselves) by claiming that it was simply 'risky' to hire women in IT," a female techie notes.


Where’s the Next Heartbleed Bug Lurking?
“The problem with open source is that you have the ‘free rider’ problem,” says Chris Wysopal, a well-known computer security expert and chief technology officer and cofounder of Veracode, an application-security assessment firm. “People and companies who are using it, and getting huge value out of it, are not giving a lot of money to keep it going.” Even three weeks after the bug was discovered, some laggard businesses are still updating servers, installing new cryptographic certificates, and directing users to reset their passwords. More troubling for experts like Wysopal is that other foundational components of the Internet are, like OpenSSL, small open-source projects.


Digital Influences More than $1 Trillion in Retail Store Sales
"Each interaction is an opportunity for a retailer to enhance the customer experience and tell its brand story," said Jeff Simpson, director, Deloitte Consulting LLP and co-author of the study. "However, retailers often measure success solely on how many widgets they sell through their web or mobile sites. For example, retailers might regard online shopping cart abandonment as a failed conversion when in reality, it may represent a customer who started their wish list in the online basket, but chose to purchase the items in the store. In that case, digital engagement may have led to a sale in the physical store. This impact is much higher when measured holistically across the organization and regardless of channels, rather than force-fitted to a single point of purchase."


Demystifying Design Thinking: Interview with Tamara Christensen
I think the biggest obstacle to understanding Design Thinking is to treat it as a rigid process, a series of steps that must be followed in a particular sequence. I have seen this happen time and again when a team tries to apply Design Thinking with questionable success and then decides “Design Thinking doesn’t work.” In reality, what doesn’t work is treating Design Thinking like a recipe that must be adhered to. It is more like a mindset, multiple modes of thinking and doing that are iteratively utilized as the project requires. Design Thinking is first and foremost about people and keeping them at the center of the process.


Auditing and Assessing IT Governance
In this session, we will hear from three experts on the topic of IT Governance. Steve Romero, who is a renowned evangelist for IT governance, will explain what IT governance is. Then, Brian Barnier, an advisor to finance and IT executives and a member of the COBIT 5 development team, will share his views on the value to the organization of effective IT governance. Finally, Dan Swanson, an experienced practitioner and editor of the EDPACS magazine, will discuss his recommended approach to assessing the effectiveness of IT governance. The session will be moderated by Norman Marks, an evangelist for better run business with over 30 years’ experience in IT auditing and management.


GRC, Security and the Temple of Doom
That thought of “how did I get so old?” happens so quickly. Some reference to something from the past celebrating an anniversary will immediately trigger it. So when I saw the CNN article “Happy 30th, Dr. Jones: 10 Things a Hero Taught Us”, I immediately cringed. ...  I am even older than I first thought. But I comforted myself with the “I am not older; I am better” internal speech all of us old timers are so readily able to spin. Then I sighed and clicked on the link to find out what the indomitable hero Dr. Henry Walton “Indiana” Jones Jr. has taught us. Read the article above first and then see what can GRC and Security programs can learn from the legendary Dr. Jones.


Voice phishing scheme lets hackers steal personal data from banks
According to LaCour, attackers install their IVR software on hacked servers and route calls to it from compromised VoIP servers. They use free text-to-speech tools to generate the IVR interactive messages and email-to-SMS gateways to send out text messages to thousands of users. "Targeted companies often encounter difficulties when attempting to mitigate vishing attacks," LaCour said. "It can take weeks for an organization to navigate the structures of telecom providers, carriers, and service providers and effectively shut down the phone numbers used to scam customers."


Startups Experiment with Ads That Know How You Drive
Ads tailored to driving behavior will be possible thanks to a partnership with fellow startup Mojio. It will launch a $149 device in June that plugs into a car’s diagnostic port and streams vehicle data to a smartphone app to help users track their driving, their fuel economy, and their vehicle’s maintenance status. Kiip will use data from that device to target promotions inside the Mojio phone app. Sprague says that getting access to data from a car’s engine and safety systems could unlock some unprecedented approaches to ad targeting. Mojio’s device can tell when a car’s airbags are deployed, or whether crash sensors on the bumpers have been triggered, potentially allowing ads pegged to incidents on the road.


The Elusive Dependency
What materialised during the replacement effort, were design assumptions within the extensions about the old system’s currency rounding strategy (e.g., number of decimals per calculation step). The extension designers had taken great care with the interface specifications, and the new application was both functionally and technically compatible with the extensions . . . except customer invoices now had what looked like elementary rounding errors. The obvious lesson here is to avoid making assumptions about how another system works – a form of defensive design where you aim to minimise external dependencies as much as possible.


Defining Test Automation Metrics
Tom DeMarco wrote “You can’t control what you cannot measure”. If test automation has always been actively discussed, the returns of automated tests were usually described in a very general way. There have been so far very few methodologies that can provide you with unbiased assessment of your software testing automation process. This article proposes some of methods to define test automation key performance indicator (KPI). The emphasis in proposed metrics is made upon two points: cost difference and duration difference



Quote for the day:

"The greatest leaders mobilize others by coalescing people around a shared vision." -- Ken Blanchard