Daily Tech Digest - December 13, 2016

10 brain teasing questions to ask when interviewing IT professionals

Tech companies are notorious for asking impossible interview questions meant to stump job candidates and demonstrate how they think on their feet. Google abandoned these types of questions several years ago, and executives later admitted that even they could not solve them, but several companies continue to use them as part of the interview process. These types of questions can either hurt or harm an interview, said Jen Teague, a small business staffing and onboarding coach. "When the interviewer has good grasp of the hiring procedures and what to look for, these can be very insightful as to how a candidate thinks," Teague said. "However, when they are added for no purposeful reason, they will turn away good candidates. These are really good for STEM-related fields but not usually as appropriate for other industries."


General Data Protection Regulation: the BC/DR impact

The regulation will impact any business, whether based in the EU or not, that holds the personal data of EU citizens. Moreover, the definition of ‘personal data’ is broad and could change as consumers continue to expand their online presence. Ultimately, it means that not only must organisations intensify their data protection efforts, they must do so for a large volume of data. In turn, organisations will need to extend their BC/DR efforts to cover this greater remit. And, as the pressure rises, so too do the stakes. GDPR is driven by two serious threats: reputational damage and monetary fines. Although you could argue that the former has always existed – with plenty of organisations having endured serious backlash from consumers following a data breach – the idea of financial penalties is new.


Never Stand Alone: Collaboration In The Face Of Cyber Threats

Information Sharing and Analysis Centers (ISACs), Information Sharing and Analysis Organisations (ISAOs) and communities of cybersecurity analysts work in a similar way, built on trust and the common desire for large-scale collaboration. Members agree on the rules and principles that govern community participation, including the level of anonymity and what data should be shared at what time. Shared goals and values as well as clear, agreed boundaries encourage initial collaboration, and as trust grows and working relationships expand, the collaboration occurs organically. It is in these dynamic, responsive relationships between like-minded experts where the value of these communities is demonstrated.


Hack of Saudi Arabia Exposes Middle East Cybersecurity Flaws

The extent of the damage isn’t clear, though two people informed of the security breach said it targeted the Saudi central bank, the transportation ministry and the agency that runs the country’s airports. One bright spot is that the Saudis have been able to restore some lost data via back-ups, recovering faster than they did after the 2012 strike, said one person familiar with the clean-up.  The central bank, known as the Saudi Arabian Monetary Authority, denied that its systems were breached. The country’s General Authority of Civil Aviation said damage to its networks was limited to some office systems and employee e-mails. While the assault was similar to the one that hit Saudi Aramco four years ago, the impact was “much smaller” and didn’t disrupt transportation or aviation services, said Abbad Al Abbad


Dozens arrested in international DDoS-for-hire crackdown

The arrests targeted buyers of DDoS-for-hire services, which get paid to flood websites or internet-connected systems with traffic, forcing them to go offline. In addition to the 34 arrests, law enforcement agencies interviewed and warned another 101 individuals. Many of the suspects were under the age of 20, the European Union police agency Europol said in a Monday statement. Most buyers of DDoS-for-hire services use them to pull pranks, often in online gaming. For example, a flood of traffic can be sent to a rival player’s IP address, severing his or her internet connection to a game. But DDoS attacks can also be used for more malicious purposes. For example, hackers have used them to shut down online businesses as part of extortion schemes.


The big data ecosystem for science: Physics, LHC, and Cosmology

Large-scale data management is essential for experimental science and has been for many years. Telescopes, particle accelerators and detectors, and gene sequencers, for example, generate hundreds of petabytes of data that must be processed to extract secrets and patterns in life and in the universe. The data technologies used in these various science communities often predate those in the rapidly growing industry big data world, and, in many cases, continue to develop independently, occupying a parallel big data ecosystem for science (see Figure 1). This post highlights some of these technologies, focusing on those used by several projects supported by the National Energy Research Scientific Computing Centre (NERSC).


Top 10 developments of 2016 in autonomous vehicles

"Automated driving developments in 2016 became more concrete," said Bryant Walker Smith, an expert in legal aspects of autonomous driving, "and I expect developments in 2017 to be even more so. More and more people in the field are saying, 'just do it already'—not to full automation anytime anywhere, but rather to specific pilot projects that will start to showcase high automation under limited conditions." And according to John Dolan, a principal systems scientist in the Robotics Institute at Carnegie Mellon University, "a major trend is the more intensive application of machine learning to autonomous driving." Michael Ramsey, autonomous vehicle analyst for Gartner, also contributed to the list, pointing to the first fatality of a semi-autonomous car as one of the biggest news items of the year.


Don't let your filters become blinders

As destructive as dirty filters can be in the public square, I can personally testify that, in business, they can be devastating. Especially when a company, division or team is struggling for one reason or another, as mine once was. It was that experience, in fact, that served as the genesis of our research exploring the reasons why companies succeed and fail. It revealed that internal misalignment is the number one issue with which struggling companies must deal, and anything that exacerbates internal division makes recovery less likely. In that sense we can become our own worst enemies. Most of us have come to understand the wisdom of filtering what we say (particularly in social media). But it’s equally important to be aware of our tendencies to filter what we hear, how we’re treated, and the reasons we ascribe to both.


10 outdated security tools that need to be replaced

One of the biggest ways to shift into this new era of security involves the relationships within the organization. In what West called ‘series’ management, he stressed the need for CISOs to work closely with the operations department. “The relationship with operations is critical to the success of any CISO,” West said. “I create relationships to make security work. Five years ago, this didn’t exist. The security person has never been asked to meet with the CSO or the management community. And today that happens all the time.” West explained that involves knowing what executives do and do not understand about the technical aspects of security risks. “If I can explain to them in a few minutes in language they understand,” he continued, “we can be successful at getting funding.”


Resolving the Disconnect Between IT Security and C-Suite Executives

Organizations need to adopt a different approach to security, one which understands that the goals of both IT teams and company executives are interconnected. Security goals and the strategies to meet them need to be set by top leadership, and specific security objectives should also be built into staff performance goals and supplier performance measurements to drive behavioral change. Implementing effectively security programs and improving the security awareness of both employees and partners can help companies better protect their assets and information, and avoid the fall-out from breaches, helping them meet their business objectives as well. Bridging the Communications Divide So how can this be accomplished? To overcome the communications divide between IT and executives, there needs to be active dialogue and continuous engagement between the two parties.



Quote for the day:


"We are all pretty bizarre, some of us are just better at hiding it, that's all." -- Andrew Clark