Daily Tech Digest - July 17, 2017

Look beyond job boards to fill cybersecurity jobs

Companies have to step up both their offensive and defensive capabilities in order to find and retain the talent they need. "The people you want already have jobs," says Bob Heckman, VP and CISO at Vienna, Virginia-based Criterion Systems, Inc. To get to the best people, to those who are successful and happy in their jobs, and aren't actively job hunting, takes work. One successful strategy is to draw on the personal connections of your own employees, Heckman says. "We have a cybersecurity architect who is brilliant, and his personal reputation draws other people like him," he says. That means that the current employees have to be able to make friends, build reputations and personal networks. "Not only do we encourage it, we make them do it," says Heckman. "We make them attend cyber functions that aren't sales."


CFOs Can Expect Pain When Hit With a Security Breach

While cybersecurity is often seen as an IT concern, the impact that a data breach has on an organization’s financial standing makes it a serious issue for financial executives. The real cost of a data breach to a company’s bottom line based on recent research is shocking. While data breaches are an inevitable part of doing business today, there are steps you can take to lessen their damage to your company’s finances over the long term. Centrify teamed up with security researcher Ponemon Institute to survey a large group of IT, information security, senior marketing and communication professionals as well as a healthy number of consumers. A key objective of the study was to get a handle on the financial impact of a cybersecurity breach on a typical organization.


9 Developer Secrets That Could Sink Your Business

When it comes to working on an existing application, management has a choice: Push the development team to make quick fixes or ask them to re-engineer the whole stack. Quick fixes often feel good — and appear to cost less. With a quick fix, you get to solve your problems immediately and we get to please you, which for the most part we like to do. But over time the bandages and duct tape build up. Some smart developer coined the term "technical debt" to capture all the real work that should have been done but was delayed by a decision to use bailing wire and chewing gum. Of course, it's not an accurate term. You don't need to pay the debt. If you're lucky, you can keep the software running without reworking everything. But eventually some major event is going to break everything in a way that can't be fixed easily.


Every generation brings different cybersecurity risks to work

According to Les Willliamson, Citrix’s APAC vice president, high-profile attacks on organisations such as the one on the Bureau of Meterology, show Australia is on the receiving end. “Cyber-crime alone poses a real threat in Australia, with the Australian Crime Commission estimating the annual cost of cyber-crime to Australia is over AUD$1 billion in direct costs. With that in mind, it’s particularly concerning to see that ANZ security professionals don’t feel confident they can protect their organisations’ security, especially with the new working behaviours we’re seeing from millennial employees,” Williamson says. However, recognising security issues and putting protective frameworks still face conflict between confidence and executive leadership, despite 88% investing more than $1 million in their information security budget.


Why serverless? Meet AWS Lambda

Why would a developer use AWS Lambda? In a word, simplicity. AWS Lambda—and other event-driven, “function-as-a-service” platforms such as Microsoft Azure Functions, Google Cloud Functions, and IBM OpenWhisk—simplify development by abstracting away everything in the stack below the code. Developers write functions that respond to certain events (a form submission, a webhook, a row added to a database, etc.), upload their code, and pay only when that code executes. In “How serverless changes application development” I covered the nuts and bolts of how a function-as-a-service (FaaS) runtime works and how that enables a serverless software architecture. Here we’ll take a more hands-on approach by walking through the creation of a simple function in AWS Lambda and then discuss some common design patterns that make this technology so powerful.


Verizon leak a reminder to businesses: safeguard your cloud data

More such exposures are likely until businesses, which are increasingly using the cloud to store and analyze customer data and their own content  ...  “When you have these complex systems and you force humans to solve the problem manually, we make mistakes,” Nathaniel Gleicher, head of cybersecurity strategy at Illumio and former director of cybersecurity policy in the Obama administration. “Complexity is the enemy of security.” His take: data leaks are going to keep happening until cloud storage systems become more automated and enterprises have more help dealing with systems. Amazon Web Services, where the Verizon data was stored, operates under a "shared responsibility" model with the customer — the Amazon cloud unit controls the physical security and operating system, and gives customers encryption tools, best practices, and other advice to help them maintain security of their data.


How cognitive and robotic automation play in SecOps

The prevalence of automation is everywhere in our modern, tech-first culture and continuously on the rise — with good reason. Cybersecurity experts see vast amounts of data and countless attempted breaches, becoming literally overwhelmed and specifically because of two challenges: (1) effectively finding attacks hidden among billions of daily security events, (2) efficiently responding to those attacks in a timely manner. These challenges are not being addressed and, in most SOCs, decades-old tools are used to do only a partial job. These tools are simple, rules-based systems and fundamentally limited in capabilities. For those testing new techniques, automation is consistently used at the wrong times and in the wrong ways. This leads to a rise in breaches and millions of unfilled security analyst positions.


Winning the Digital Race

The Millennial generation was born with an extended brain called the Internet. As a result, the education system has become outdated. Many parents of these digital pioneers report that their kids can’t remember as well as mom and dad. Those observations are supported by research in California, where CAT scans of digital natives have found areas of the brain associated with memory function greatly diminished while the area that networks right and left spheres of the brain has enlarged. What is behind this? Smartphones. The Millennial brain is just efficiently handing over memory function to a machine in order to concentrate on the integration of information rather than data storage. But these physiological changes have substantial implications. In fact, as the first generation of digital natives, Millennials are one of the most important generations in the history of human evolution.


The augmented reality boom will transform phones (and business)

The ultimate and eventual hardware platform for augmented reality will be glasses and goggles. But until technology advances enough to enable that broadly, AR will live on smartphones and tablets. The industry is focusing on mobile devices because they're ubiquitous and have the basic necessary hardware ingredients for AR - connectivity, screens, cameras, processors, motion sensors and the ability to run apps. Everybody will be surprised when the obvious and inevitable happens -- when the capabilities and performance of AR on phones and tablets becomes the reason to buy one brand of phone over another. You can bet that smartphone makers will then innovate with new hardware features to boost AR. It's actually already happening. Silicon Valley is suddenly exploding with chatter about an industry-wide race to optimize smartphones for AR.


Why AI still has a ways to go in wealth management

Drew Sievers, CEO of Trizic, a company that provides wealth management software for large firms, also sees limitations to AI in this field. “AI is emerging technology,” he said. “It’s not as sophisticated as everybody thinks. In this wealth space as we talk about new fintech, there's a lot of emerging technology that's being deployed; in some cases either the technology is not quite there yet, or the technology is there but the implementation of that technology isn't quite yet. In the area of AI, it's the former.” Sievers agrees with McMillan that natural language processing has gotten better. But he also agreed that content needs to be structured in a way that the processing can read and retrieve the right information. “You're effectively tagging content, because people don’t write in the way that NLP is coded,” Sievers said. 



Quote for the day:


"Assumptions are the termites of relationships." -- Henry Winkler