Daily Tech Digest - November 17, 2016

Learning To Trust Cloud Security

As you begin your journey, enlist the help of public cloud and software-as-a-service providers. Learn how they think and operate. Check the "us vs. them" attitude at the door and be realistic about your own capabilities. Their reputations rely on their ability to execute, and to do it securely. There's a reason the National Security Agency, for example, turned to Amazon Web Services to build the NSA cloud — instead of attempting it on its own. It's OK to learn as you go. Many organizations have approached the move to the cloud as they would any major IT transition. They analyzed it and tried to glean as much as they could about the cloud and how it's provisioned, managed, and secured. That's not all bad, but the traditional vetting and risk processes slowed them down. 


Your future job (part 1) – Cloud Architect

So how do you become a cloud architect? Many of these roles are now filled by people who changed in line with technology and had a background in infrastructure architecture. Some come from a developer background and go involved as part of the delivery of automation services. A good place to start is an understanding of infrastructure design. It is also a core requirement to both know, and keep up with the relevant product portfolios. Along with technical prowess, there are a set of equally important soft skills. Being able to relate business objectives (application uptime and performance for example) with the underlying technology. Then being able to explain to non-technical colleagues or customers how the two interact. Being the bridge between management and developer, and being comfortable in both arenas is essential.


Tech skills earning the highest cash premiums -- no certification required

How do you know if your employer is a victim? Say, for instance, your company doesn’t normally have trouble retaining tech talent and suddenly the best people start walking out the door. Most likely your company wasn’t able to match competing salary offers. Then, to make matters worse, it's soon discovered that the competing offers were actually realistic average local market salaries for these positions -- your employer was actually underpaying people what they were worth from the start. It’s called "salary compression": when market driven pay for talent is growing at a faster rate than the annual salary increases employers are able to offer their workers. Compression is a widespread systemic reality that tends to be much worse in the tech workforce because of the rapid evolution of technology, skills, and jobs.


What the history of open source teaches us about strategic advantage

Collaboration with regards to fixing each other's software challenges had been taking place since the 1960s, but it wasn't until the 1990s before the open movement began benefitting a widespread number of organizations. What movements are slow-cooking within your own organization? If they are slow moving, don't give up on them; instead, remain patient. ... Open is a here-to-stay movement. But what will the next movement be? The most successful organizations will embrace the next movement by taking human nature into account: spending patterns, technology trends, and psychological dynamics. The winning strategy is to go with the flow, listen, be alert, and remain balanced. It's common sense to do so. It's practical.


Social Engineering

Smokers are one of my favorite targets while Social Engineering. Often these employees are frustrated and looking for a quick break from the stress of the day. Sometimes just having a lighter in your pocket or an extra cigarette is all you need to strike up a conversation. Other times it’s just relating to their frustration and using Neuro-Linguistic Programming (NLP) to create a bond while having a smoke. By mirroring the target’s body language, breathing rate, voice and vocabulary, I can begin to build a connection on a subconscious level. This will often throw my target off and they will allow me to walk into the building behind them without a badge. There are ways to improve your protection from these attacks though.


Why Business Departments Choose Their Own Tech

CIOs should view this as a natural evolution of the ongoing digital transformation—one in which the lines between tech and business get increasingly blurry, and close collaboration proves critical. "As digital innovation accelerates, the winners will create new customer experiences, make faster and better decisions through smarter collaboration, and create new digital business models and revenue streams securely," said Mark Rogers, CEO at Logicalis. "CIOs and IT leaders can play a leading role in enabling that innovation, drawing on skills from insightful partners to help shape their businesses and lead their sectors through the application of digital technologies." The findings cover a broad range of other tech topics—such as the internet of things (IoT), app development, big data, the cloud and cyber-security—and we've included some of those here.


The Right Cyber Coverage Can Protect a Business from Financial Ruin

An essential point to remember when seeking to address cyber risk is to take a proactive stance regarding cyber security. This includes implementing training, education and regular testing for employees as well as developing a cyber risk strategy that includes an examination of IT infrastructure to identify potential exposures, key cyber stakeholders, types of data held and the value of that data. Tackling cyber risk is an ongoing process that requires engagement at all levels of an enterprise. A knowledgeable broker can use analytics and cyber exposure expertise to determine how much cyber coverage limit is needed, how that limit should be allocated based on the unique needs of the business and how to avoid off the shelf policies that typically are limited in scope and coverage.


Frankfurt’s fledgling fintechs show a city racing to catch up

German fintechs could benefit from more technology “sandboxes” for testing software in a safe environment with banking regulators’ cooperation, said Bussmann, who introduced Blockchain digital ledger software at UBS. He’s also credited with modernizing the bank’s information technology system before departing earlier this year. Europe’s biggest banks are increasingly tapping into startups to aid the development of digital services and products to retain clients and stave off competitors. Technology that’s changing how customers can get loans and pay bills is reducing the need for costly branches, adding to pressures on Deutsche Bank and Commerzbank, which are grappling with the squeeze from record-low interest rates in the region’s most-competitive market.


Microsoft Doubles Down On Linux Love, Joins Foundation

"Microsoft is hitting all the right notes in terms of aligning its developer business with an ecosystem much broader than Windows," he said in an email. "Joining the Linux Foundation is a natural progression of this strategy and one that might still generate a double take if it wasn’t for all the actions the company has already taken in terms of supporting Linux in Azure and with SQL Server." With the release of the pubic beta for SQL Server on Linux, anyone will be able to take the relational database software for a spin on a Linux machine, though they shouldn't expect the full set of features available on Windows to make their way over to Linux just yet. Microsoft has planned to make SQL Server on Linux available in the middle of next year, and Wednesday's launch is an important step along that path.


Using vfsStream to Test File Uploads with Laravel

Testing of uploading files can be tricky, but with the right tools and the knowledge of a few tricks, the process can be more efficient and a lot less difficult. If you haven’t been exposed to vfsStream in the past, it allows interaction with a file that is stored in memory vs. one that is physically on the machine. This is nice since you don't have to delete files that are used for testing, which is more of a problem when a test fails and the teardown or other code doesn't run to remove the files used in testing. Additionally, it's faster since it is dealing with memory rather than the physical hard drive. Simply put, it's cleaner and faster. This post will go over creating an endpoint (route) to upload a CSV file of users and testing that users in the CSV are displayed in the JSON response, as well as adding validation to ensure CSV files are the types of files being dealt with.



Quote for the day:


"The smarter you get, the less you speak" -- Unknown