In the United States, there are around 879,000 cybersecurity professionals in the workforce and an unfilled need for another 359,000 workers, according to a 2020 survey by (ISC)2, an international nonprofit that offers cybersecurity training and certification programs. Globally, the gap is even larger at nearly 3.12 million unfilled positions, the group says. Its CEO, Clar Rosso, said she thinks the need may actually be higher, given that some companies put off hiring during the pandemic. The needs range from entry-level security analysts, who monitor network traffic to identify potential bad actors in a system, to executive-level leaders who can articulate to CEOs and board directors the potential financial and reputational risks from cyber attacks. The US Bureau of Labor Statistics projects "information security analyst" will be the 10th fastest growing occupation over the next decade, with an employment growth rate of 31% compared to the 4% average growth rate for all occupations. If demand for cybersecurity professionals in the private sector increases dramatically, some experts say talented workers could leave the government for more lucrative corporate jobs
Regardless of company size or ownership status, all organizations that support the BES are required to comply with a set of cybersecurity standards known as the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) standards. NERC-CIP defines the reliability requirements for planning, operating and protecting the North American bulk power supply system. It covers everything from identifying and categorizing assets, to implementing physical and digital security controls, to dealing with incidents and recovering from a cyber breach. As any security officer knows, “compliance” does not guarantee “security.” Even if all companies that are part of the BES are fully compliant with NERC-CIP — and that’s a big “if” — it’s still a good idea to have a group of experts examine the security controls and bring them up to date to be able to counter current threats from a variety of adversaries. The DOE’s 100-day plan states that “the initiative modernizes cybersecurity defenses and encourages owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities”
In a recent blog post, Facebook revealed its new AI-based speech recognition technology, wav2vec-Unsupervised (or wav2vec-U), which aims to solve the problems posed by transcribing such languages. This is a method by which individuals could build speech recognition systems that do not require transcribed data. The ML algorithm still requires some form of training. Wav2vec-U is trained purely through recorded speech audio and unpaired text. This method entails first learning the structure of the target language’s speech from unlabelled audio. Using wav2vec 2.0, Facebook’s self-supervised speech recognition model, and a k-means clustering algorithm, wav2vec-U segments the voice recording into speech units loosely based on individual sounds. For instance, the word cat would correspond to the sounds: “/K/”, “/AE/”, and “/T/”. This allows it to comprehend the structure of this speech. To recognise the words in an audio recording, Facebook will use a generative adversarial network (GAN) consisting of a generator and a discriminator network. The generator will take each audio segment embedded in self-supervised representations and predict a phoneme
Keep in mind that Cloud Custodian emerged from work Thangavelu was doing at Capital One, which is a big company with over 50,000 employees and tens of billions in revenue. It was a laboratory primed to help Thangavelu "service the different needs from different groups within the enterprise: audit, risk, security, application teams, lines of business," he said. That helped make Cloud Custodian incredibly useful within his enterprise. But just one enterprise. Open source increased the scope and utility of Cloud Custodian beyond one company's needs. "As we've gotten to open source, that pool of use cases simply expanded," he noted. No matter how creative your product managers, they're always necessarily constrained by the needs of the business they're running. By contrast, Thangavelu continued, "Open source is the strongest way to achieve [expanded scope] because your usage and your users address a wider swath of needs than any given company has. They represent the needs of a large diverse set of interests. And they're all pulling in different directions." This push-and-pull from a growing Cloud Custodian community has made it a useful tool for organizations that may have thousands or even tens of thousands of diverse policies to manage.
Recently risen to prominence, robust AI methods outline the onset of the new era in lung image analysis. Adept at seeing and making sense of vital image-led patterns, AI tools help make the respiratory field more effective — improving diagnosis and therapeutic planning, letting pulmonologists spend extra time with patients. Hence, various attempts have been made to develop automated segmentation techniques lately. Yet, the strain on the healthcare and particularly radiology system, following the pandemic, will remain until these AI-based approaches are adopted. A major hurdle of lobe segmentation arises because different respiratory diseases affect the lung architecture in different ways. For example, COVID-19 pneumonitis would manifest on imaging very differently from pulmonary emphysema. For respiratory physicians, accurate lobar segmentations are vital in order to make treatment plans appropriately. Inaccurate lobe segmentation can give misleading information about the disease process, which can lead to erroneous treatment decisions.
Networks can be very complex, and many are segmented into VLANs to segregate traffic. What’s more, there are many devices on the network that can shape or route traffic depending on how the network infrastructure has been configured. “Today, networks are highly segmented, yet still interconnected; there are numerous devices, such as content filtering appliances, load balancers and so on, that all work together to shape and control network traffic,” Gridelli said. “Here, active network monitoring can verify whether or not security policies are properly in effect, and detect unauthorized changes to the network infrastructure.” Active network monitoring tools often deploy sensors, which can look into a network and report on what is happening on that network. Administrators can define policies that verify network segmentation, segregation and even the functionality of content filtering devices. By running end-to-end active network monitoring tests, it’s possible to also verify whether certain security policies, such as compliance requirements, are working as intended. Sensors can be installed on protected networks, such as those used for compliance (PCI, HIPAA, etc.)
Interest is expanding as graph data takes on a role in master data management, tracking laundered money, connecting Facebook friends, and powering the search page ranker in a dominant search engine. Panama Papers researchers, NASA engineers, and Fortune 500 leaders: They all use graphs. According to Eifrem, Gartner analysts are seeing explosive growth in demand for graph. Back in 2018, about 5% of Gartner’s inquiries on AI and machine learning were about graphs. In 2019, that jumped to 20%. From 2020 until today, 50% of inquiries are about graphs. AI and machine learning are in extremely high demand, and graph is among the hottest topics in this domain. But the concept dates back to the 18th century, when Leonhard Euler laid the foundation of graph theory. Euler was a Swiss scientist and engineer whose solution to the Seven Bridges of Königsberg problem essentially invented graph theory. What Euler did was to model the bridges and the paths connecting them as nodes and edges in a graph. That formed the basis for many graph algorithms that can tackle real-world problems. Google’s PageRank is probably the best-known graph algorithm, helping score web page authority.
One of the things that scares me in a lot of organizations is how attached people become to best practices. They might’ve been the best at the time that you created them. But as the world around you changes, as your culture evolves, what was best five years, 10 years ago may not be what’s most productive today. I think the language of best practices creates this illusion that there’s an end point, that we’ve already reached perfection. And so we don’t need to change anything. What I would love to see more organizations do instead is to strive for better practices, right? To say, “Okay, you know what? No matter how good a practice becomes it can always be improved. And we’re open to trying whatever ideas you have for trying to evolve the way that we do things around here.” ... When you see what other people are feeling, that’s information about what their motivations are, what’s occupying a lot of their energy and attention. Without that information, you’re actually handicapped as a leader.
The "low-hanging fruit" many attackers are going for are graphical user interfaces (GUI) -- including human machine interfaces (HMI) -- which are, by design, intended to be simple user interfaces for controlling complex industrial processes. As a result, threat actors are able to "modify control variables without prior knowledge of a process," Mandiant says. Another trend of note is hacktivism, propelled by widely available and free tutorials online. Recently, the researchers have seen hacktivist groups bragging in anti-Israel/pro-Palestine social media posts that they have compromised Israeli OT assets in the renewable and mining sectors. Other low-skilled threat actors appear to be focused on notoriety, however, with little knowledge of what they are targeting. In two separate cases, threat actors bragged about hijacking a German rail control system -- only for it to be a command station for model train sets -- and in another, a group claimed they had broken into an Israeli "gas" system, but it was nothing more than a kitchen ventilation system in a restaurant.
Business and IT must work together to understand the business environment and adapt the architecture accordingly. Only then is the feedback loop between the new customer’s needs and a created solution short enough to evolve architecture in the right direction. The delivery team directly listens to the client’s needs and proposes a solution. Therefore, our architecture evolves naturally with the overall business. There isn’t an additional layer of communication that slows down accommodating the change. When the architecture doesn’t correspond to the business environment, we can remodel architecture much more quickly. Additionally, the delivery team works more closely with the clients. They understand their needs. Based on that, the evolution of the system becomes more business-oriented. We don’t create architecture for the sake of the architecture -- we create a spine for the overall business goal. This idea of empowered teams is shown in detail in the book Empowered by Marty Cagan and Chris Jones. A team is responsible for gathering clients’ needs, discovering the right solution, implementing it, and gathering feedback.
Quote for the day:
"Leaders must know where they are going if they expect others to willingly join them on the journey." -- Kouzes & Posner