Daily Tech Digest - March 02, 2022

7 mistakes CISOs make when presenting to the board

“Board meetings are not a great place for surprises,” says James Nelson, vice president of information security at Illumio, and CISOs need to avoid being caught off guard by questions they can’t answer. “Preparation should include not just generating the content in your slides, but also thinking about what questions the board will potentially ask you and considering your answers ahead of time.” Nelson advises apprising any executive team attendees of both your prepared material and the questions you think will be asked, as well as how you plan to answer them. “They will know you can’t guess them all, but the process can help build trust,” he adds. ... A boardroom is not the place to unburden yourself, although it can be tempting when you feel the collective burden of everyone’s risks on your shoulders, says Watts. “Don’t be the prophecy of doom, and be very careful when using fear, uncertainty, and doubt (FUD) as a weapon of leverage—it can come back to bite you.” Instead, explain why you think a problem exists, and follow that with solution options, your recommendations, and their associated benefits, Watts continues. “Do this as a package.”

InfluxDB as an IoT Edge Historian: A Crawl/Walk/Run Approach

The question of how to get data into a database is one of the most fundamental aspects of data processing that developers face. Data collection can be challenging enough when you’re dealing with local devices. Adding data from edge devices presents a whole new set of challenges. Yet the exponential increase in IoT edge devices means that companies need proven and reliable ways to collect data from them. The following are three different approaches to collecting data from edge devices. Edge devices have different capabilities — processing power, memory capacity, connectivity, etc. — so finding the right solution for your use case may require a bit of trial and error. However, you can use these approaches as a jumping-off point for building your solution. For context, we’re using InfluxDB as the processing and storage solution, and the cloud version of InfluxDB is the target destination here. Each edge device in these examples also runs the open source version of InfluxDB. We’re using the Flux language to create tasks that perform data transformations and annotations.

Introducing Ballast: An Adaptive Load Test Framework

As Uber’s architecture has grown to encompass thousands of interdependent microservices, we need to test our mission-critical components at max load in order to preserve reliability. Accurate load testing allows us to validate if a set of services are working at peak usage and optimal efficiency while retaining reliability. Load testing those services within a short time frame comes with its unique set of challenges. Most of these load tests historically involved writing, running, and supervising tests manually. Moreover, the degree to which tests accurately represent production traffic patterns gradually decreases over time as traffic organically evolves, imposing a long-term maintenance burden. The scope of the load testing effort continuously increases as the number of services grows, incurring a hidden cost to adding new features. With this in mind, we developed Ballast, an adaptive load test framework that leverages traffic capture using Berkeley Packet Filter (BPF) and replays the traffic using a PID Controller mechanism to adjust the number of requests per second (RPS) to each service. 

Why Israel's Ministry of Defense is moving to the public cloud

The Tel Aviv-based engineering head of the MOD's cloud initiative, who asked that his name not be published for his own security purposes, explained the reasoning behind the changeover. "So, we are a very conservative organization, as to say, we have sensitive information, various sensitivity and classifications, and most of the data processing we do on an on-premise network," the MoD Infrastructure Cloud Group Leader told ZDNet. "But the data grows, and we (now) can just grow with it. So when we go to a public cloud, we want to address our ever-growing compute needs. And the second level is the (distribution) of services -- hundreds and even thousands of software services. So for us, it is in essence, a digital transformation. We can't achieve what we need by staying at home on our on-premise networks." Using the Anjuna Confidential Cloud software, the MoD is now able to achieve public cloud scale, agility, and maximum data security immediately, without having to recode or refactor applications, the MoD project head said.

CISO Checklist for Offboarding Security Staff

"As companies deal with increased rates of employee turnover, they must also consider the fact that highly skilled ex-employees are leaving with key institutional knowledge and confidential information," warns Todd Moore, global head of encryption products at Thales, a France-based multinational provider of electrical systems and services for the aerospace, defense, transportation, and security markets. "This potentially increases the risk of data breaches and other cyber incidents, which is further amplified when data organization and protection is overseen by human managers." Leave nothing to chance or oversight by working with a checklist instead. "CISOs should already be monitoring and updating the access rights of all employees and manage administrator access periodically and have a list of tasks and procedures in place when employees leave," says Ahmad Zoua, senior project manager at Guidepost Solutions, a global security, compliance, and investigations consulting firm.

10 key ESG and sustainability trends for business, IT

CIOs have an important role in the growing concern for sustainability and other social conscious issues. "We live in a more technology-enabled and technology-dependent world than ever before, leaving CIOs with a great opportunity and an enormous responsibility," said Jahidul Khandaker, senior vice president and CIO of Western Digital, a U.S. computer hard disk drive manufacturer and data storage company, headquartered in San Jose, Calif. "CIOs must balance ... new [market] demands with how we respond to critical issues facing the world today, especially around the environment." Being proactive in these areas is critical. "Every enterprise is on the pathway to net-zero whether they have decided this for themselves at this point or not," Mingay said. "The only choice they have left is whether they want to lead, follow or get drawn in kicking and screaming." Regardless of how companies choose to engage, CIOs will have different roles, depending on those initiatives, Mingay said. Those roles can range from supporting leaders in other departments with the right information to taking on a more direct role in managing sustainability transformation, much like other digital transformation projects.

Avoiding the Chaotic 5G Rollout at Airports

The similarities between the C-band frequencies and those used by radio altimeters can lead to interference with these radio altimeters receiving the appropriate radio waves, resulting in the following risks: Risk of aircrafts’ engine and braking systems not transitioning to landing mode and therefore preventing an aircraft from stopping on the runway; Risk of the altimeter not being able to receive the waves or being able to distinguish between the waves that it is expecting to receive and other nearby waves, thereby giving the wrong reading or not functioning at all. The risks listed above could result in situations such as those of the two fatal crashes of the Boeing 737 Max plane in Indonesia and Ethiopia, which killed 346 people. The US Federal Aviation Administration (FAA) and airlines have shown concerns about these risks, which have led to wireless carriers that purchased 5G frequencies via the Federal Communications Commission (FCC) 5G Spectrum Auction and are implementing the 5G rollout (Verizon and AT&T) stating that they would delay the expansion of new 5G cellular service near some airports in order to avert damaging disruptions in airport operations.

Behavioral Analytics is getting trickier

Although most enterprise CISOs are fine with behavioral analytics on paper (on a whiteboard? As a message within Microsoft Teams/GoogleMeet/Zoom?), they're resistant to rapid widespread deployment because it requires creating a profile for every user — including partners, distributors, suppliers, large customers and anyone else who needs system access. Those profiles can take more than a month to create to get an accurate, consistent picture of each person. I hate to make this even worse, but there are now arguments that security admins don't need one profile for every user, but possibly dozens or more. Why? ... You now have a behavioral profile of that user. That profile, however, is likely based on the user’s regular behavior during normal workdays. What about when that user is exhausted, say possibly after arriving in the office from a red-eye flight? Or ecstatically happy or horribly depressed? Do they behave differently in an unfamiliar hotel room compared to the comfort of their home office? Do they act differently after their boss has screamed at them for 10 minutes?

Software development coaching dos and don’ts

Going one step beyond empathy requires software development managers to recognize the symptoms of people burning out. Signs of burnout include decreased productivity, increased cynicism toward colleagues, and a sense of detachment from the company. Dawn Parzych, manager of developer marketing at LaunchDarkly, believes that development teams can reduce stress by utilizing devops tools and practices. She shared a recent study showing that 91% of software development professionals who lack processes, such as using feature flags, report feeling stressed during deployments. She suggests, “As a manager, look to how you can remove stress and help your team members avoid burnout by improving build and deploy processes through the use of chaos days, observability, or feature flags.” ... Development managers should remind software developers that they don’t need to reinvent the wheel and code solutions from scratch all the time. There’s a wealth of software as a service, open source, cloud services, and low-code solutions available for developers to leverage.

Agile transformation: 5 ways to measure progress

In Agile workplaces, silos are broken down in favor of collaboration, communication, and transparency. To determine how well this is happening in your organization, assess the structures being put in place across projects. The presence of product owners in each of your scrum teams is a good starting point. A regular conversation with the product owners and scrum leaders can help you assess if the hierarchies are breaking down in favor of a more synergistic approach. Consider joining a few standup calls as an observer to get a first-hand understanding of how the development of a specific feature or assignment is moving between product owners, development teams, and quality assurance owners. A new business strategy can also be evaluated in terms of employee buy-in. If team members believe in the value and importance of Agile transformation, they will work harder to ensure its success. But if a critical mass of employees is skeptical about the change, they will make it harder to see a positive result.

Quote for the day:

"Power should be reserved for weightlifting and boats, and leadership really involves responsibility." -- Herb Kelleher

No comments:

Post a Comment