Tech Bytes - Daily Digest: October 16, 2016
10 highest-paying IT security jobs, You've been hacked. What are you liable for, GE CIO shares what he looks for in IT talent, What should be on the next President's cyber agenda, What lies beneath - Unpacking data center risks, Agile develelopment at the enterprise level - Misconceptions that jeopardize success and more.
Data breaches, DDOS attacks, hacks and threats continue to dominate the headlines, so it's no surprise that some of the most in-demand IT jobs are in the security area. And with a massive skills gap, companies are willing to pay handsomely for skilled security talent at all levels. "One area we're still seeing huge demand for is in cybersecurity, and hiring companies are willing to pay whatever it takes for talent that can help secure data and mitigate threats while simultaneously ensuring consistent and simplified accessibility from desktop to mobile devices. Companies are sending the message with their budgets: you can't put a price on that," says Jack Cullen, CEO of IT staffing firm Modis. Here are the top 10 highest-paying security roles, culled from career site Dice.com clients' job postings and median salary range data from cloud compensation solutions firm PayScale.com.
“If users are using the same or similar passwords across accounts – which a majority of respondents indicated – then they are also essentially handing the key to hackers to access their most critical information when they attack another, less important account,” the survey said. Hackers are using algorithms to check stolen passwords and simple variations of them on other accounts, Bauer said, looking for variations that simply add exclamation points, pound signs and asterisks to the end. The LastPass survey brought bad news for businesses: A third of respondents say they create stronger passwords for their personal accounts over work accounts. Experts agree on asking users not to reuse passwords but disagree on what users should do for adequately strong passwords.
One of the difficulties facing organisations is that data protection legislation is vague when it comes to specifying the standards of protection required. The Data Protection Directive and the UK Data Protection Act both require the data controller to “implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access”. This concept is carried over to the new EU General Data Protection Regulation, which will be enforced throughout the EU – yes, including the UK – from May 2018. In fact, it also requires the controller to build in data protection by design and by default. ..., the ICO has not yet stipulated a particular minimum threshold for protection, but it generally penalises organisations that suffer the loss of unencrypted laptops and mobile devices.
We look to hire clear thinkers who are adaptive and agile. We want people with a strong sense of imagination who are also willing to take risks. Most of all I’m looking for people who have the ability to influence. Driving change is probably the hardest part of the job and influence is key. ... Another key takeaway was that the workforce is more global and diverse than ever and everyone has different needs. So, we changed our benefits package to adopt a model that allows customization for each employee. You’ve also probably seen the “Owen” commercials. We’ve been successful by being self-aware and making fun of our reputation as an “old school” company and talking honestly about how we’re evolving.
Raw security data and community-generated threat intelligence feeds are full of non-applicable warnings, red herrings and often don’t speak the same language – causing duplicate information. On top of this, security teams are working on disparate systems that can’t communicate about the potential threat indicators within the network. We call these issues threat fragmentation. Cleaning up the threat management mess From malware to phishing and ransomware, cyber threats take many forms, adding to the breadth of information from threat intelligence feeds and security tools that organizations must utilize in order to detect, respond to and mitigate threats. Sometimes the security personnel working to detect threats work well together – but often times they are moving quickly, causing disconnected and uncoordinated efforts.
Due to significant investments and research, we can mimic the process of the human brain via sophisticated, multi-level, “deep” neural networks. These networks are made possible due to the development of graphic processing units that now have enough power to accelerate deep learning algorithms for training or inference. The technology behind it all is complex, but the ability for computers to learn, write software and perform artificially intelligent tasks, is revolutionising the world we live and work in today. ... Drones that don’t just fly by remote control, but navigate their way through a forest for search and rescue; compact security surveillance systems that don’t just scan crowds, but identify suspicious activity; and robots that don’t just perform tasks, but tailor them to individuals’ habits.
"We really haven't acknowledged the extent of the damage that could be done by a cyberattack on our infrastructure," Borg said. "Industrial control systems could be hijacked and cause massive physical damage. That could be done with a migrating piece of malware with no Internet connection, as was done with Stuxnet." ... However, since it's likely the United States has planted similar malware on those countries' systems, something similar to the nuclear stalemate during the Cold War exists. "I'm particularly worried about the Russians or Chinese," Borg said. "What I'm worried about is some completely irresponsible agent without any involvement in the modern economy acquiring these capabilities."
Because the pace of change has accelerated dramatically in the digital age, and organizational complexity has skyrocketed, knowing how to change and adapt is an essential discipline for any business. If you’re a global hotel chain, you consider a response to the arrival of Airbnb. If you’re a well-established restaurant chain, what do you do when a young upstart franchise offers fresher food, simply by leveraging more modern data technologies to improve supply chain logistics? If you haven’t established a competency around the very idea of transformation, what you probably do is have a lot of unproductive, increasingly urgent meetings with costly management consultants while your competition literally eats your lunch.
There is a major education challenge at play, where those with software asset management in their remit need to quickly learn how this aspect of the IT estate is presenting risk. Their role is evolving as a result. This changing role is one factor to overcome. But many organisations will find there is confusion over who owns licences in the data centre. It could be the data centre manager, it could be the IT manager, or the person with software asset management (SAM) in their remit. Is this leaving a gap, where everyone has different priorities, and are looking to each other to take responsibility? Given the data centre manager is invariably focused on the hardware and smooth running of the data centre, this is unfortunately a common scenario. If the SAM manager is responsible, the likelihood is that the metrics they are accustomed to managing is not in the data centre.
Agile approach that works within their environment.It’s radically different from the waterfall method of application development and delivery, incremental in its approach and focused on just-in-timecompletion of work. ... “The Impacts Of Missed Requirements In Agile Delivery,” a recent study by Forrester, explored the root causes of missed requirements in Agile adoption and the tangible business benefits organizations could achieve with better management tools. 96 percent of respondents reported problems in software development projects due to missed requirements, and 60 percent expected increased customer satisfaction from faster delivery as a result of avoiding missing requirements. IT and business leaders need to discern between fact and fiction when it comes to making Agile work in the enterprise.
Quote for the day:
"Cunningham's Law: The best way to get the right answer on the Internet is not to ask a question, it’s to post the wrong answer." -- @Tech_faq