Daily Tech Digest - October 04, 2021

4 Misconceptions about DevSecOps Every CIO Should be wary of

True DevSecOps, like DevOps, necessitates a harmonious collaboration of people, processes, and tools. It’s a culture, automation, and platform design approach that emphasizes security as a shared responsibility across the IT lifecycle. DevSecOps is, in fact, a human as well as a technical challenge. Personal development, culture, and connections with teams and managers are all critical factors in forming a successful DevSecOps team.  ... Cloud and cloud-native software and infrastructure are ideal fit for DevSecOps. It is, nonetheless, useful for a wide range of environments, particularly those who continue to apply a ten-year-old security playbook to their risk profile. Containerized cloud-native environments aren’t the only place where DevSecOps can be used. Some of the technological and process features of DevSecOps, as well as the general shift toward rapid, iterative development cycles – work well with micro-services architecture, but not as well with big monoliths’ many dependencies and extensive test cycles. However, most organizations may benefit from DevSecOps’ cultural features, particularly those that have traditionally considered security as a pre-deployment checkbox rather than a priority ingrained throughout the organization.


Are You Too Late to Start Your Data Science Journey?

What concerned me the most about being too late was not the amount of materials I needed to learn. I’d rather have doubts if I would be able to find a job by the time I learned enough. Data science was a pretty hot topic and there were quite a number of people already working in this field.In the last three years, I have been not only learning data science but also observing the dynamics of this field. My thought about being too late changed. I was not too late to start back then. Moreover, if I started learning data science today, I would not be too late either. ... The biggest challenge for those who want to make a career change to work in data science is finding the first job. I faced the same challenge and it took me about two years to land my first job. This issue is not related to if you are too late to start learning data science. The jobs are out there and increasing. However, without prior job experience, it is difficult to demonstrate your skills and convince employers or recruiters. 


3 fading and 3 future IT culture trends

Whether your IT team is remote, hybrid, or back in the office, all the pivots of 2020 made it clear just how crucial digital transformation is for business. But more than that, it’s important to have the right tech stack – one that’s simple, efficient, and centralized, not scattered or complicated. Adobe Workfront’s State of Work 2021 report indicates that 32 percent of employees have left a job due to inadequate technology that was a barrier to their workflow, and another 49 percent are likely to quit if the tech stack is frustrating or hard to use. IT leaders must scale down their technology in order to consolidate tools and software programs for maximum efficacy. ... While we’re on the subject of a centralized tech stack, let’s talk about the newer trend that has made an imprint on IT culture: the cloud-based workspace. Part of a tech solution called Infrastructure as a Service (IaaS), this digital hub is hosted in the cloud but accessible wherever there’s an internet connection. A cloud-based workspace also eliminates the need for complex hardware or equipment since workers can access it from a wireless device. 


Looking into the future of the metaverse

What will make or break the metaverse will be its ability to capture data from its surroundings and even the biosphere. The only way to do that will be by mass ingestion of the data coming from the Internet of Things. Only with this data will you be able to create a rich and meaningful environment. The next need after “seeing” will be “interacting,” meaning that the data not only needs to be represented in a meaningful way but also must be responsive. On the lowest level, equal to the physiological needs of humans in the real world, you can imagine the needs of a digital infrastructure in the metaverse: tools for ingestion of and access to data and the infrastructure to store, analyse and enrich data. But just like in the real world, before any meaningful interactions can be achieved, security needs to be guaranteed. With all the attention on the exciting possibilities of the metaverse, you could forget what infrastructures will be needed for the heavy lifting. It would have to be optimised for transferring and storing data. To make the metaverse attractive, not only would historical data need to be available, to facilitate context and depth in any interaction, but it would also have to be highly accurate.


5 Practical Steps To Protect Your Business From BYOD Security Risks

In general, personal mobile devices should not be considered the employee’s primary device – they should only be considered a convenience to access chat, email and other cloud apps when using a more secure device is not an option. Note that a VPN is needed when in a public place and an unsecure Wi-Fi network is the only option. Again, it is recommended the employee use their company-provided and managed laptop, not a personal mobile device. Many usage policies actually prohibit employees from connecting to unsecured Wi-Fi in the first place, which solves the problem. ... Another important step to protecting your business against BYOD risks is to create a list of accepted devices for accessing company data. Without a thorough list of the number of BYOD devices in use within an organization’s ecosystem, it’s extremely difficult to effectively measure and mitigate the risk that this poses. Knowing the number of personal devices being used for business tasks allows you to require specific security measures for each type of device. 


How Can Leaders Prepare for the Unexpected?

With the impacts of an inflection point clear, how do organizations operate in a timely fashion to plan and then respond? Francis said, “I tried to use the past to potentially predict future. It didn’t work. Given this, I gather all the critical players together routinely. At the same time, I let the pros do their job and I focus on clearing the way of obstructions.” To be able to do this, Young said it is "important to hire good people, empower them, give them resources they need to operate at the best of their ability, and let them do their jobs. The basics of practicing disaster recovery/business continuity should be built into organization DNA.” CIO Martin Davis claimed, “it is important to think through common scenarios and workout how you would handle them and ensure you have game plans on the shelf that can be adapted for the unexpected. Ensure you learn from previous and have practical advice ready to use and people with the right training.” To do this, Gildersleeve said the organizations needs clear definitions for who is responsible for what areas in advance of the unexpected. 


Learn the Blockchain Basics - Part 9: Blockchain Around the World

From the perspective of a technician, the blockchain is: A transactional platform and distributed accounting ledger using cryptocurrency tokens as a representation of a specific value at the current time (same as fiat). That means that a transaction is carried out by the blockchain nodes, and every member of this blockchain party has a copy of this transaction on their computer (node). Everybody verifies if the entities that are about to do a transaction have enough funds to make this transaction happen. You are basically announcing to all members of this system that you are about to make something happen and, even though this action is happening between two peers, the rest of the network verifies and records the transaction. It is a computing infrastructure that uses the power of the decentralized database with linear cell-space structure, published in a semi-public way (also known as “the block”). It’s an open-source software operating on a development platform of the future. The trust service layer, in combination with Peer to Peer (P2P) network, handles microtransactions and large-value transactions as well - allowing two users to do the same things that a bank would need to do on their behalf.


Donald Knuth on Machine Learning and the Meaning of Life

“The word open source didn’t exist at that time,” Knuth remembers, “but I didn’t want proprietary rights over it, because I saw how proprietary rights were holding things back.” Knuth remembered how IBM had allowed other companies to make their own compilers for IBM’s Fortran programming language — whereas things were different in the typography industry. “Each manufacturer had their own language for composing pages, and that was holding everything back…” But in addition, due to the success of his programming books, “I didn’t need the income! I already had a good job, and people were buying enough books that it would bring me plenty of supplemental income for everything my kids needed for education, whatever,” he said. Referring to a familiar structure in Boolean logic, Knuth quips that income “is sort of a threshold function” — that is, it basically just needs to determine whether a certain minimum has been exceeded. “And so I could specifically see the advantage of making it open for everybody…”


6 data center trends to watch

The struggle to attract and retain staff is an ongoing problem for many data-center owners and operators. Among respondents, 47% report difficulty finding qualified candidates for open jobs, and 32% say their employees are being hired away, often by competitors. In the big picture, Uptime projects that staff requirements will grow globally from about 2 million full-time employee equivalents in 2019 to nearly 2.3 million in 2025. According to Uptime: “New staff will be needed in all job roles and across all geographic regions. In the mature data-center markets of North America and Europe, there is an additional threat of an aging workforce, with many experienced professionals set to retire around the same time—leaving more unfilled jobs, as well as a shortfall of experience. An industry-wide drive to attract more staff, with more diversity, has yet to bring widespread change.” The notion of sustainability is growing in importance in the data-center sector, but most organizations don’t closely track their environmental footprint, Uptime finds. Survey respondents were asked which IT or data-center metrics they compile and report for corporate sustainability purposes. 


Combating vulnerability fatigue with automated security validation

Legacy vulnerability management tools flood security teams with long lists of community prioritized vulnerabilities – there were more than 15,000 vulnerabilities found only in 2020. Of these, only 8% were exploited by attackers. Not to mention the top 30 recently reported by CISA. Currently, it’s a cat and mouse game that the customer can never win – chasing an ever-growing list of vulnerabilities without knowing whether they fixed the ones that attackers want to target, exposed the most risk-bearing vulnerabilities, checked if there is an active exploit for a specific vulnerability, or analyzed what the possible risk and impact is that may originate from a vulnerability. All that context is required for security and IT teams to reduce the risk, maintain business continuity, and be a step ahead of the adversary. Unfortunately, the chase for more and more vulnerabilities has kept us away from the goal of where we want and need to be. At this stage of the battle with cyber adversaries, CISOs can’t go backward into the world of vulnerability fatigue.



Quote for the day:

"Great Groups need to know that the person at the top will fight like a tiger for them." -- Warren G. Bennis

No comments:

Post a Comment