Hiring developers? Here's how to keep them happy and productive
"Whiteboard coding was another thing that was just totally broken in engineering
hiring. Asking people to code on a whiteboard is a different skill set. People
don't do it for their day-to-day. It was silly for us to ask people to put code
on a whiteboard, but we did it for years!" A better strategy for onboarding
developers remotely, Pillar says, is a sort of BYOD policy, whereby hiring
managers ask candidates to bring their laptops along to the interview with the
understanding that they'll be performing some form of on-the-spot coding while
they share their screen with the interviewer. "That's a way more productive way
to get an excellent signal about the quality of a developer, because it's
actually their environment and you can see them using the tools that they're
familiar with," he explains. ... "A meeting is an extremely expensive thing for
an engineer. It's way easier, unfortunately, to interrupt an engineer's flow in
a remote world with a meeting because their calendar is open, you can just throw
it in there and you don't even really think about it. Some software providers
now provide analytics tools that will measure how workers' time is spent, some
of which include the ability to measure interrupted time – also known as
'friction time'.
How Security Architecture Is Shaping Up for 2021
Access is often referred to as zero-trust network access, which seems incorrect
to me since its application access, which is network access, which is the old
traditional VPN piece. But that architecture makes no difference if you’re on or
off the network. It uses an access proxy to provide a security and control
context, it’ll provide identity components for users and devices. So it gives
you this application [information] and then contextual information as applied
per session. That’s one architecture — one of the problems, obviously, when you
have some of these architectures is that you try and build it, and you’ve got
five different vendors, you’re trying to build it from code union and endpoint
solution, you to proxy, you need security, you need identity, you need these
other contextual engineering management [techniques]. So customers have trouble
when they try to build it across maybe five or six vendors. That’s why I think
it’s a really important architecture, especially when I think people are gonna
be more and more often on the network and backward and forwards, it doesn’t
really matter whether it’s a zero trust architecture. So that’s one really
important component.
IT security strategy: A CISO's 5 essentials
One of the most common cyberattack vectors remains exploiting known
vulnerabilities in OS software and applications. To combat these attacks, stay
on top of the maintenance level of your hardware and software. Unsupported
components should be upgraded or replaced as soon as possible. Conduct
vulnerability scans for the full infrastructure monthly, and correct issues as
soon as possible. Ensure your scans include third-party products and
applications. ... A famous baseball coach once said, “You can observe a lot by
just looking.” Make better use of the logs and reports provided by the systems
and applications running your business. Delineate baselines and metrics defining
security health. A change in activity patterns or metrics may be an early
indicator of trouble brewing. Develop, maintain, and test a practical security
incident management plan so you will know what to do if faced with a real
incident. Composing a secure foundation isn’t easy in the best of times. While
these five tips may not be as exciting as hunting for hackers or implementing a
sophisticated security incident event management (SIEM) system, they are the
building blocks of a strong foundation and offer the best way to move
organizations forward safely.
Power Equipment: A New Cybersecurity Frontier
While IoT has been the catalyst for many positive developments, there are
challenges with these expanding interconnections. For power management, the
ability to connect backup equipment like an uninterruptible power supply (UPS)
can prove helpful in enabling IT teams to monitor and maintain essential
infrastructure more efficiently. However, like any other network-connected
devices, they become assets that need to be secured from potential cyber
breaches. Though UPS doesn't traditionally come to mind when envisioning ways
cybercriminals infiltrate a network, the same could also be said for other
inconspicuous devices like HVAC units. Yet, that's exactly what hackers pursued
when they were able to gain access to Target's system and steal data on over 40
million credit and debit cards. And consider how hackers were able to penetrate
the network of a North American casino utilizing an Internet-connected
thermometer inside an aquarium. Finding the vulnerability in a fish tank, of all
places, allowed hackers to access the casino's database and ultimately steal
private customer data.
How do I select a SOAR solution for my business?
A SOAR solution should enable teams to automate the identification and response
process across significant volumes of disparate data streams, so that the
prioritisation of threats and vulnerabilities becomes almost seamless, not least
far more operationally efficient. If implemented correctly, Security Operations
Centres (SOC) can benefit from using SOAR solutions helping them to deal with
threats faster and more efficiently. Integrating SOAR with other security tools,
such as Security Information and Event Management (SIEM), can transform SOC
teams business and technology outcomes through automation, while also increasing
efficiency. Combining forces, organisations can use SOAR to augment the
capabilities of SIEM, offering an all-comprehensive solution. SIEMs collect and
store data in a useful manner which SOAR can use to automatically investigate
and respond to incidents and reduce the need for manual operations. What’s more,
in tackling one of the biggest challenges for SOC teams to date, SOAR solutions
can help to ingest information, sort, prioritise and combine duplicate alerts to
reduce the number of false positives.
Fintech Innovation Done Right: Be A Creator
Fintech can also create entirely new product categories. One mechanism I’ve
explored previously are embedded fintech strategies. A financial product can be
embedded into other products to change the nature of, availability and
engagement model with customers. Companies like Opendoor give customers the
ability to make cash offers for homes to make them more competitive. Boost
allows companies to launch insurance products and bundle them into a broader
offering. Zola bundles loans and mobile repayments with Pay-As-You-Go
financing to unlock demand for home solar systems in Africa. Without the
built-in financing, the systems would be unaffordable making the loan a core
piece of the business model, rather than a feature. Similarly, many boot camps
engage in income sharing agreements – rather than charging tuition, the program
is repaid through a percentage of future earnings for a set period of time.
Finally, players like ZhongAn have created fully automated insurance built into
products. For instance, in a partnership with a telephone provider, they can
automatically detect a broken screen.
Untangl CEO discusses how Insurtech startups are disrupting finance markets
“There’s no doubt that technology is going to disrupt the insurance sector like
it has any other industry,” said Stewart. “But I think insurance has been
particularly slow when it comes to modernising, and that’s been highlighted by
the rapid shift to the cloud. “The pandemic has been another catalyst in a
rethink of operations going forward, but a cultural problem has been present
around an industry that’s underinvested in technology, while finding it
difficult to innovate in such a risk-averse, high margin landscape.” Stewart
went on to explain that companies in the space can often spend up to 18 months
making decisions to solve inquiries in response to potential problems, a
reflection that he described as “a reflection of how not to do it”. However,
while the insurance sector has found innovating quickly with short term projects
more difficult than other sectors, the past year has seen areas such as personal
lines become more agile and intuitive. “It’s not easy because the industry has
experts in their complex fields, who are representing stakeholders with billions
in capital behind them, and any mistakes can be financially disastrous,” Stewart
added.
The Brain of Security
In fairness security analysts are seeking to make risk-informed decisions, as
the human brain does this instinctively. However, they can only do that based
on the information they are provided. There are not many security programmes
where business context was provided to the analyst to aid in decision making.
Recognising this reality, organisations are seeking to quantify their cyber
risk to better align security to the business, drive remediation and response
activities, support investment decisions and demonstrate return on security
investment. Many have already embraced the move to a quantified understanding
of risk – only to be let down as current approaches require too much manual
data collection, too much training and professional services support, don’t
connect this newfound understanding with the ability to take action and fail
to meet the need to efficiently and cost-effectively mitigate risk.
Organisations need to acknowledge that understanding and quantifying risk is
critical to building an effective security programme in this day and age.
Solely orchestrating and automating security actions with an intelligence-led
approach is not enough.
CIO Agenda for Right Now: Priorities a Year Into the Pandemic
First, the COVID-19 pandemic brought a period of rapid change and challenges
for organizations, and that has accelerated technological change. Future
conditions will be significantly different from the past and even from the
present, according to White. Second, operating models have had to change. Now
that the dust has settled, organizations will be using the rest of 2021 to
review and consolidate all of the changes that have happened in organizations,
White said. Third, the pandemic has raised new business priorities. Work from
home has been one of them. But deeper in that trend, the pandemic has
disrupted traditional research conducted by business and has raised different
priorities for innovators, according to White. Plus, the work-from-home trend
will drive significant organizational changes. Remote leadership poses
challenges for presence and influence, according to White. Leaders and
managers will need to adapt their styles to encompass non-line-of-sight
supervision and performance management. Fourth, the CIO role has changed and
will continue to change. Technology and the CIO's response to the pandemic,
lockdown, and economic downturn, meant that many organizations were able to
survive the initial crisis.
OpenAI’s state-of-the-art machine vision AI is fooled by handwritten notes
Researchers from machine learning lab OpenAI have discovered that their
state-of-the-art computer vision system can be deceived by tools no more
sophisticated than a pen and a pad. As illustrated in the image above, simply
writing down the name of an object and sticking it on another can be enough to
trick the software into misidentifying what it sees. “We refer to these
attacks as typographic attacks,” write OpenAI’s researchers in a blog post.
“By exploiting the model’s ability to read text robustly, we find that even
photographs of hand-written text can often fool the model.” They note that
such attacks are similar to “adversarial images” that can fool commercial
machine vision systems, but far simpler to produce. Adversarial images present
a real danger for systems that rely on machine vision. Researchers have shown,
for example, that they can trick the software in Tesla’s self-driving cars to
change lanes without warning simply by placing certain stickers on the road.
Such attacks are a serious threat for a variety of AI applications, from the
medical to the military.
Quote for the day:
"The most difficult thing is the
decision to act, the rest is merely tenacity." --
Amelia Earhart
No comments:
Post a Comment