Addressing the cybersecurity skills gap through neurodiversity
It’s time to challenge the assumption that qualified talent equals
neurotypicality. There are many steps companies can take to ensure inclusivity
and promote belonging in the workplace. Let’s start all the way at the beginning
and focus on job postings. Job postings should be black and white in terms of
the information they are asking for and the job requirements. Start by making
job postings more inclusive and less constrictive in what is being required.
Include a contact email address where an applicant can ask for accommodations,
and provide a less traditional approach by providing these accommodations.
Traditional interviews can be a challenge for neurodivergent individuals, and
this is often the first hurdle to employment. For example, to ease some
candidates’ nerves, you could provide a list of questions that will be asked as
a guideline. More importantly, don’t judge someone based on their lack of eye
contact. To promote an inclusive and belonging culture of neurodiversity in the
workplace, the workplace should be more supportive of different needs.
Cost of Delay: Learn Why Your Organisation Is Losing Millions
Backlogs in business can cause a drop in revenue. This is why some experts say
that if you want to make profit or save money, you have to prioritize your
backlog in terms of money. Bear in mind that each product or project has
different features or benefits. Consumers often think all these features are
important. But the reality is that each feature takes a different time to create
and implement. They also don’t have the same level of worth in the business.
Prioritizing one means limiting or delaying the other. And every day that a
feature is not in production means another day that the company is not profiting
from it. By utilizing the Cost of Delay, the company can determine which feature
will cost them the most by a delay in the delivery. It also sets a clear
guideline on what projects would matter most for the company and other
stakeholders without the friction of other decision making obstacles which bring
us to the next point below. ... The MosCow method often puts everything in the
“Must-Have” bucket. Imagine if your company has a limited resource and manpower.
The quality of work and output will surely suffer.
Google releases new open-source security software program: Scorecards
These Scorecards are based on a set of automated pass/fail checks to provide a
quick review of many open-source software projects. The Scorecards project is an
automated security tool that produces a "risk score" for open-source programs.
That's important because only some organizations have systems and processes in
place to check new open-source dependencies for security problems. Even at
Google, though, with all its resources, this process is often tedious, manual,
and error-prone. Worse still, many of these projects and developers are
resource-constrained. The result? Security often ends up a low priority on the
task list. This leads to critical projects not following good security best
practices and becoming vulnerable to exploits. The Scorecards project hopes to
make security checks easier to make security easier to achieve with the release
of Scorecards v2. This includes new security checks, scaled up the number of
projects being scored, and made this data easily accessible for analysis. For
developers, Scorecards help reduce the toil and manual effort required to
continually evaluate changing packages when maintaining a project's supply
chain.
Kubernetes Fundamentals: Facilitating Cloud Deployment and Container Simplicity
Kubernetes has made containers so popular, they are threatening to make VMs
(virtual machines) obsolete. A VM is an operating system or software program
that imitates the behavior of a physical computer, and can run applications and
programs as though it were a separate computer. A virtual machine can be
unplugged from one computer, and plugged into another, bringing its software
environment with it. Both containers and VMs can be customized and designed to
any specifications desired and provide isolated processes. Both VMs and
containers offer complete isolation, providing an environment for
experimentation that will not affect the “real” computer. Typically, containers
do not include a guest operating system, and usually come with only the
application code, and only run the necessary operations needed. This is made
possible by using “kernel features” from the physical computer. A kernel is
the core program of a computer operating system, and has complete control over
the entire system. On most computers, it is often the first program (after the
bootloader) to be loaded on start-up.
IoT is the Key to Reopening Safe Workplaces
By implementing IoT connected devices for predictive cleaning, building managers
can improve the overall efficiency and cleanliness of shared spaces. For
example, IoT sensors can notify facility managers when soap dispensers and
towels are running low so they can replace them immediately without a manual
check. Predictive cleaning can lower infection rates and costs by enabling
on-demand and as-needed cleaning to ensure common areas such as restrooms and
conference rooms are safe for employees to use. Freespace created a
Cleanreader solution that works by using sensors to collect occupancy data. It
provides facility managers and cleaning staff with the data they need to ensure
that desks, meeting rooms and communal areas are cleaned and disinfected between
users. Our expectation as workers and consumers has reached a new baseline. We
want to be able to see what businesses are doing to be safe and to know they are
addressing how to avoid future impacts of this pandemic or any future major
health crisis. Clearly, workers are concerned about the safety of their work
environments. OSHA data shows more than 60,000 COVID-19-related complaints have
been filed to the agency’s state and federal offices, as of March 28, 2021.
The Most Prolific Ransomware Families: A Defenders Guide
DomainTools researchers feel that it is important to remind readers that all of
these groups make alliances, share tools, and sell access to one another.
Nothing in this space is static and even though there is a single piece of
software behind a set of intrusions there are likely several different operators
using that same piece of ransomware that will tweak its operation to their
designs. The playbook of the affiliate programs that many of these ransomware
authors run is to design a piece of ransomware and then sell it off for a
percentage of the ransom gained. Think of it as a cybercrime multi-level
marketing scheme. Often there is a builder tool that allows the affiliate to
customize the ransomware to their needs for a specific target which at the same
time tweaks the software slightly so it can evade standard, static detection
mechanisms. This article’s intent is not to dive deep into tracking individual
affiliates or into each of the stages of a piece of packed malware (looking at
you, CobaltStrike), but just to the top level of software used and their
relations. Lastly, we must mention that access for the ransomware is often being
provided by an initial backdoor or botnet, frequently called an initial access
broker.
The next frontier of digital transformation: Are you onboard?
All the transformations are going to bring a lot of confidential data online and
some in the public domain. This data will need sufficient protection from
getting hacked and misused. So the next big digital transformation will be in
the field of cybersecurity. Mathias cautions on the safety of customer data
while adopting digital as a means of business. “Brands have to be very sensitive
to data privacy concerns of consumers even as they need to provide a real time
intuitive experience. This is a fine balance that many brands struggle with, as
in the digital world users expect similar levels of customer experience from a
local on-line retailer as they would from global giants like Amazon,” he adds.
Tibrewala also noted that customer data is becoming more important than ever
before. “Brands will need to invest in technologies like customer data platform
and marketing automation to assimilate customer data; generate a single view of
the customer across online and offline channels, and then use machine
intelligence to provide the customer with the best possible solution for their
requirement.”
Using collections to make your SQL access easier and more efficient
Collections are essentially indexed groups of data that have the same type—for
instance arrays or lists (arrays, for instance, are collections of index-based
elements). Most programming languages in general provide support for
collections. Collections reduce the number of database calls due to caching
(cached by the collections themselves) of regularly accessed static data.
Reduced calls equals higher speed and efficiency. Collections can also reduce
the total code needed for an application, further increasing efficiency. Each
element in a collection has a unique identifier called a subscript. Collections
come with their own set of methods for operating on the individual elements.
PL/SQL includes methods for manipulating individual elements or the collection
in bulk. ... Earlier versions of PL/SQL used what were known first as PL/SQL
tables and later index-by tables. In a PL/SQL table, collections were indexed
using an integer. Individual collection elements could then be referenced using
the index value. Because it was not always easy to identify an element by its
subscript, PL/SQL tables evolved to include indexing by alphanumeric strings.
Single page web applications and how to keep them secure
The architecture of SPAs presents new vulnerabilities for hackers to exploit
because the attack surface shifts away from the client-layers of the app to the
APIs, which serve as the data transport layer that refreshes the SPA. With
multi-page web apps, security teams need to secure only the individual pages of
the app to protect their sensitive customer data. Traditional web security tools
such as web application firewalls (WAFs) cannot protect SPAs because they do not
address the underlying vulnerabilities found in the embedded APIs and back-end
microservices. For example, in the 2019 Capital One data breach, the hacker
reached beyond the client layer by attacking Capital One’s WAF and extracted
data by exploiting underlying API-driven cloud services hosted on AWS. SPAs
require a proper indexing of all their APIs, similar to how multi-page web apps
require an indexing of their individual pages. For SPAs, vulnerabilities begin
with the APIs. Sophisticated hackers will often begin with multi-level attacks
that reach through the client-facing app and look for unauthenticated,
unauthorized, or unencrypted APIs that are exposed to the internet to hack and
extract customer data.
Could cryptocurrency be as big as the Internet?
As with every nascent technology, of course, we are not yet seeing all of
cryptocurrency’s potential. Yet, the winds of change are blowing. Payments is
one small aspect of what Bitcoin and cryptocurrencies enable. With the unique
ability of having programmatically financial instruments, the ecosystem of
technology being built on top of that foundation is enabling diverse new use
cases. Solutions like the Lightning Network on top of Bitcoin for fast, small
payments, or collateral-based loans for fast liquidity, start to create
possibilities beyond the foundational aspects of bitcoin and other cryptos. This
could not have come at a better time. Following the pandemic, large retailers
are increasingly determined to move to a 100% cashless model. For them, the cost
of handling cash across thousands of different stores is an added expense that
they want to divest. Moving to more digital payment structures, including the
adoption of cryptocurrencies, is a path many will start to follow over the next
year. Yet, there are also security benefits to consider as well. The
cryptographic certainty of cryptocurrencies adds an extra security layer for
financial institutions by eliminating forgery risk or counterparty risk that any
other current financial instrument has today.
Quote for the day:
"Leadership has a harder job to do than
just choose sides. It must bring sides together." --
Jesse Jackson
No comments:
Post a Comment