Three key areas to consider when settling technical debt
Software is an iterative product, and much of it has been developed over
decades, by teams of workers with significant experience and institutional
knowledge. These teams are also responsible for maintaining and managing older
technologies and platforms. But as business priorities change over time, systems
built on older code can be neglected. Software development teams’ attention
turns elsewhere, either by choice or force – which can create disenfranchisement
among staff if not managed correctly. When access to and knowledge of older code
resides only among a few people, we see potential insider threat risk of
particular concern if software is being used to run critical IT infrastructure.
To that end, IT leaders must factor in succession planning into any strategic
discussions they’re having. All workers eventually leave or retire, and if
knowledge isn’t shared, you risk older systems becoming impossible to manage by
newer employees. The importance of getting the basics right, such as applying
updates and patches or managing configurations, never goes away, even for older
systems.
Consistency, Coupling, and Complexity at the Edge
The key to understanding whether you should base your API design principles on
REST or GQL is to grasp a concept in computer science known as Separation of
Concerns (SoC). Well-designed yet non-trivial software is composed of many
layers where each layer is segmented into many modules. If the SoC for each
layer and module is clearly articulated and rigorously followed, then the
software will be easier to comprehend and less complex. Why is that? If you know
where to look for the implementation of any particular feature, then you will
understand how to navigate the codebase (most likely spread across multiple
repositories) quickly and efficiently. Just as REST and GQL queries provide
consistency in API design, a clear SoC means that you have a consistent approach
to where the implementation for each feature belongs. Developers are less likely
to introduce new bugs in software that they understand well. It is up to the
software architect to set the standard for a consistent SoC. Here is a common
catalog of the various layers and what should go in each layer.
Certified ethical hacker: CEH certification cost, training, and value
While in the very early days of computing hacker was a value-neutral term for
a curious and exploratory computer user, today most people use the word to
describe bad guys who try to break into systems where they don't belong for
fun or (usually) profit. An ethical hacker is someone who uses those hacking
skills—the ability to find bugs in code or weaknesses in cyber defenses—for
good, rather than for evil, tipping the potential victims off and using the
insights gained to implement improved security measures. In some ways, the
term "ethical hacker" arises from a milieu where many "black hat" bad guy
hackers do in fact switch sides and become good guys and defenders rather than
attackers. But it's also just a sexy term for a discipline that goes by other,
more boring names like "penetration testing" or "offensive security research."
You might also hear the term "red team" used—in large-scale penetration
testing exercises, the red team plays the role of the attackers, while the
blue team makes up the defenders. Still, whatever you call it, it's a job
that's in demand: more and more companies are recognizing the business case
for having in-house hackers probing their defenses for weakness, or using bug
bounties to encourage freelance ethical hackers to find problems they may have
missed.
5 steps for modernizing enterprise networks
Historically, network and security technologies were deployed independently
with the latter typically being an overlay to the network. This was never
ideal but worked well enough to stop the majority of breaches. Network
engineers would design the network, and security professionals would deploy
security tools at each point of ingress. One of the challenges today is that
there are hundreds if not thousands of points of entry ranging from SaaS
applications to VPN tunnels to guest access on Wi-Fi networks. Even if a
business had infinite dollars, it would be impossible to deploy all the
necessary security tools to defend each point. Another point of complexity is
that the number of security tools continues to grow. In the past, firewalls
and IDS/IPS systems were sufficient to protect an enterprise. Modern security
includes those but also zero trust network access (ZTNA), secure web gateways
(SWG), cloud access security brokers (CASB), endpoint and network
detection-and-response, and other tools. One growing way to secure an
enterprise is by embedding security into the network as a cloud service.
Next generation physicians reflect on overcoming barriers to digital transformation
Healthcare information systems struggle to replicate the achievements of
sectors like banking and retail not only because of the increased regulatory
scrutiny, but also because incentives are more complicated. "It’s not an
'I’m trying to sell you something, you’re trying to buy something'
one-to-one relationship where you’re free to choose," said Dr. Stephanie
Lahr, CIO and CMIO at Monument Health (formerly Regional Health). "We have
payers in the middle of that construct, and that totally changes the dynamic
of how those patients can come together and makes it difficult for us to
look at airlines and banking and things like that [for examples]," said
Lahr. "There’s a middle person with their own agenda and goals. … That’s one
of the things that makes this difficult, because it’s not a free market."
"The answer to every question is always time, money and motivation," said
Dr. Yaa Kumah-Crystal, assistant professor of biomedical informatics and
pediatric endocrinology at Vanderbilt University Medical Center.
Digital transformation metrics: 8 counterintuitive lessons learned
Cybersecurity has long been considered by many executives to be a cost to be
managed or even a drag on overall performance. Today, however, “the
realization that cybersecurity has to be part of every discussion is more
pervasive now than ever,” says Bentham. “Regulations, now employed in many
countries, are driving the accountability to companies, making them liable
for damages to citizens, customers and the like.” Thus, technology leaders
must incorporate cybersecurity investments into their digital plans and ROI
calculations. “The digital transformation strategist forges an early
partnership with the cybersecurity organization and integrates them at all
levels of the business and technology,” Bentham explains. “This integration
allows the cyber professionals, who write or interpret cyber policies, to do
so through a business lens.” As more organizations evolve to a cloud-first
model, their security metrics may need to evolve as well. “Because the cloud
is more dynamic, new metrics like mean time to adapt (MTTA) or mean time to
secure (MTTS) will apply,” says Vishal Jain
Demystifying four aspects of launching an online business
Although social networks are a good tool to create valuable content, generate
interaction with your customers, create a community around your brand and even
expand your reach, it is essential that you have a website, integrated with
your social networks, on the that you can have total control of the messages
and images of your business and your products or services. On your own
website, you can personalize the customer experience with the colors and
design of your brand, make photo or video galleries, as well as create a
personalized email that matches your company name, create marketing campaigns
by email and even spice up your own online store. With the right service
provider as a partner, you can link your website and online store with your
social networks and even design the images and update the products that you
show in them, directly from your website. Having your own website and online
store to sell your products and services can help increase your customers'
trust in your brand and make them commit to your business.
TestNG vs. JUnit Testing Framework: Which One Is Better?
JUnit was introduced in 1997 as an open-source Java-based framework for unit
testing. It is a part of XUnit, which is a representation of the family of
unit testing frameworks. It allows developers to write and run repeatable
tests. It is used extensively along with Selenium for writing web automation
tests. Its latest programmer-friendly version is JUnit 5, which creates a
robust base for developer-based testing on the Java Virtual Machine. TestNG is
also a Java-based unit testing framework developed in 2007 on the same lines
of JUnit but with new and improved functionalities. These new functionalities
include flexible test configuration, support for parameters, data-driven
testing, annotations, various integrations, and many more. TestNG performs
unit, end-to-end, and integration testing. TestNG generates reports that help
developers understand the passed, failed, and skipped status of all the test
cases. With the help of TestNG in Selenium, you can run failed tests
separately using a testng-failed.xml file to run only failed test cases.
Five steps to strengthen your security posture
DevSecOps is a modern approach to software development which makes security an
integral part of the software lifecycle right from the outset. Security teams
are integrated into the development and operations teams, meaning that app
security is not just an afterthought, but a fundamental part of the
architecture. Here you will also empower the security teams to introduce new
security capabilities that can enhance user experience. In the traditional
approach, IT teams operate within silos that don’t necessarily communicate
effectively with each other during a threat. Bottlenecks can occur as the buck
is passed from security to development and back again, which has a detrimental
effect on the ability to respond to threats in a timely fashion. When
everyone’s on the same team, and security is built into the core of an app,
your organisation can take a much more agile approach, and be better prepared
for potential security breaches. To take full advantage of DevSecOps, your
systems should make use of full-stack observability, the ability to monitor
the entire IT stack from customer-facing applications down to core network and
infrastructure.
Elevating cyber resilience and tackling government information security challenges
We can divide the challenge to two parts. The first challenge is developing a
solution that will provide actional insights or an automated operation to
reduce the “alert fatigue syndrome” which affects most of today’s security
operations centers (SOCs). The second challenge is to recruit, train and
maintain cyber professionals, and for that we need to develop and utilize
advanced methodologies and technologies. When discussing national level cyber
security operations center, we need to remember that national grade challenges
require national grade solutions. These solutions have to incorporate several
elements: state of the art technology; effective, field proven methodology;
constant innovation, since the cyber domain is constantly evolving;
collaboration (and I already elaborated about the Israeli Cyber Companies
Consortium) and finally capacity buildup, addressing the human factor –
training, certification and awareness.
Quote for the day:
"It is time for a new generation of
leadership to cope with new problems and new opportunities for there is a
new world to be won." -- John E Kennedy
No comments:
Post a Comment