7 mistakes CISOs make when presenting to the board
“Board meetings are not a great place for surprises,” says James Nelson, vice
president of information security at Illumio, and CISOs need to avoid being
caught off guard by questions they can’t answer. “Preparation should include not
just generating the content in your slides, but also thinking about what
questions the board will potentially ask you and considering your answers ahead
of time.” Nelson advises apprising any executive team attendees of both your
prepared material and the questions you think will be asked, as well as how you
plan to answer them. “They will know you can’t guess them all, but the process
can help build trust,” he adds. ... A boardroom is not the place to unburden
yourself, although it can be tempting when you feel the collective burden of
everyone’s risks on your shoulders, says Watts. “Don’t be the prophecy of doom,
and be very careful when using fear, uncertainty, and doubt (FUD) as a weapon of
leverage—it can come back to bite you.” Instead, explain why you think a problem
exists, and follow that with solution options, your recommendations, and their
associated benefits, Watts continues. “Do this as a package.”
InfluxDB as an IoT Edge Historian: A Crawl/Walk/Run Approach
The question of how to get data into a database is one of the most fundamental
aspects of data processing that developers face. Data collection can be
challenging enough when you’re dealing with local devices. Adding data from edge
devices presents a whole new set of challenges. Yet the exponential increase in
IoT edge devices means that companies need proven and reliable ways to collect
data from them. The following are three different approaches to collecting data
from edge devices. Edge devices have different capabilities — processing power,
memory capacity, connectivity, etc. — so finding the right solution for your use
case may require a bit of trial and error. However, you can use these approaches
as a jumping-off point for building your solution. For context, we’re using
InfluxDB as the processing and storage solution, and the cloud version of
InfluxDB is the target destination here. Each edge device in these examples also
runs the open source version of InfluxDB. We’re using the Flux language to
create tasks that perform data transformations and annotations.
Introducing Ballast: An Adaptive Load Test Framework
As Uber’s architecture has grown to encompass thousands of interdependent
microservices, we need to test our mission-critical components at max load in
order to preserve reliability. Accurate load testing allows us to validate if a
set of services are working at peak usage and optimal efficiency while retaining
reliability. Load testing those services within a short time frame comes with
its unique set of challenges. Most of these load tests historically involved
writing, running, and supervising tests manually. Moreover, the degree to which
tests accurately represent production traffic patterns gradually decreases over
time as traffic organically evolves, imposing a long-term maintenance burden.
The scope of the load testing effort continuously increases as the number of
services grows, incurring a hidden cost to adding new features. With this in
mind, we developed Ballast, an adaptive load test framework that leverages
traffic capture using Berkeley Packet Filter (BPF) and replays the traffic using
a PID Controller mechanism to adjust the number of requests per second (RPS) to
each service.
Why Israel's Ministry of Defense is moving to the public cloud
The Tel Aviv-based engineering head of the MOD's cloud initiative, who asked
that his name not be published for his own security purposes, explained the
reasoning behind the changeover. "So, we are a very conservative organization,
as to say, we have sensitive information, various sensitivity and
classifications, and most of the data processing we do on an on-premise
network," the MoD Infrastructure Cloud Group Leader told ZDNet. "But the data
grows, and we (now) can just grow with it. So when we go to a public cloud, we
want to address our ever-growing compute needs. And the second level is the
(distribution) of services -- hundreds and even thousands of software services.
So for us, it is in essence, a digital transformation. We can't achieve what we
need by staying at home on our on-premise networks." Using the Anjuna
Confidential Cloud software, the MoD is now able to achieve public cloud scale,
agility, and maximum data security immediately, without having to recode or
refactor applications, the MoD project head said.
CISO Checklist for Offboarding Security Staff
"As companies deal with increased rates of employee turnover, they must also
consider the fact that highly skilled ex-employees are leaving with key
institutional knowledge and confidential information," warns Todd Moore, global
head of encryption products at Thales, a France-based multinational provider of
electrical systems and services for the aerospace, defense, transportation, and
security markets. "This potentially increases the risk of data breaches and
other cyber incidents, which is further amplified when data organization and
protection is overseen by human managers." Leave nothing to chance or oversight
by working with a checklist instead. "CISOs should already be monitoring and
updating the access rights of all employees and manage administrator access
periodically and have a list of tasks and procedures in place when employees
leave," says Ahmad Zoua, senior project manager at Guidepost Solutions, a global
security, compliance, and investigations consulting firm.
10 key ESG and sustainability trends for business, IT
CIOs have an important role in the growing concern for sustainability and other
social conscious issues. "We live in a more technology-enabled and
technology-dependent world than ever before, leaving CIOs with a great
opportunity and an enormous responsibility," said Jahidul Khandaker, senior vice
president and CIO of Western Digital, a U.S. computer hard disk drive
manufacturer and data storage company, headquartered in San Jose, Calif. "CIOs
must balance ... new [market] demands with how we respond to critical issues
facing the world today, especially around the environment." Being proactive
in these areas is critical. "Every enterprise is on the pathway to net-zero
whether they have decided this for themselves at this point or not," Mingay
said. "The only choice they have left is whether they want to lead, follow or
get drawn in kicking and screaming." Regardless of how companies choose to
engage, CIOs will have different roles, depending on those initiatives, Mingay
said. Those roles can range from supporting leaders in other departments with
the right information to taking on a more direct role in managing sustainability
transformation, much like other digital transformation projects.
Avoiding the Chaotic 5G Rollout at Airports
The similarities between the C-band frequencies and those used by radio
altimeters can lead to interference with these radio altimeters receiving the
appropriate radio waves, resulting in the following risks: Risk of aircrafts’
engine and braking systems not transitioning to landing mode and therefore
preventing an aircraft from stopping on the runway; Risk of the altimeter
not being able to receive the waves or being able to distinguish between the
waves that it is expecting to receive and other nearby waves, thereby giving the
wrong reading or not functioning at all. The risks listed above could result in
situations such as those of the two fatal crashes of the Boeing 737 Max plane in
Indonesia and Ethiopia, which killed 346 people. The US Federal Aviation
Administration (FAA) and airlines have shown concerns about these risks, which
have led to wireless carriers that purchased 5G frequencies via the Federal
Communications Commission (FCC) 5G Spectrum Auction and are implementing the 5G
rollout (Verizon and AT&T) stating that they would delay the expansion of
new 5G cellular service near some airports in order to avert damaging
disruptions in airport operations.
Behavioral Analytics is getting trickier
Although most enterprise CISOs are fine with behavioral analytics on paper (on a
whiteboard? As a message within Microsoft Teams/GoogleMeet/Zoom?), they're
resistant to rapid widespread deployment because it requires creating a profile
for every user — including partners, distributors, suppliers, large customers
and anyone else who needs system access. Those profiles can take more than a
month to create to get an accurate, consistent picture of each person. I hate to
make this even worse, but there are now arguments that security admins don't
need one profile for every user, but possibly dozens or more. Why? ... You now
have a behavioral profile of that user. That profile, however, is likely based
on the user’s regular behavior during normal workdays. What about when that user
is exhausted, say possibly after arriving in the office from a red-eye flight?
Or ecstatically happy or horribly depressed? Do they behave differently in an
unfamiliar hotel room compared to the comfort of their home office? Do they act
differently after their boss has screamed at them for 10 minutes?
Software development coaching dos and don’ts
Going one step beyond empathy requires software development managers to
recognize the symptoms of people burning out. Signs of burnout include
decreased productivity, increased cynicism toward colleagues, and a sense of
detachment from the company. Dawn Parzych, manager of developer marketing at
LaunchDarkly, believes that development teams can reduce stress by utilizing
devops tools and practices. She shared a recent study showing that 91% of
software development professionals who lack processes, such as using feature
flags, report feeling stressed during deployments. She suggests, “As a
manager, look to how you can remove stress and help your team members avoid
burnout by improving build and deploy processes through the use of chaos days,
observability, or feature flags.” ... Development managers should remind
software developers that they don’t need to reinvent the wheel and code
solutions from scratch all the time. There’s a wealth of software as a
service, open source, cloud services, and low-code solutions available for
developers to leverage.
Agile transformation: 5 ways to measure progress
In Agile workplaces, silos are broken down in favor of collaboration,
communication, and transparency. To determine how well this is happening in
your organization, assess the structures being put in place across projects.
The presence of product owners in each of your scrum teams is a good starting
point. A regular conversation with the product owners and scrum leaders can
help you assess if the hierarchies are breaking down in favor of a more
synergistic approach. Consider joining a few standup calls as an observer to
get a first-hand understanding of how the development of a specific feature or
assignment is moving between product owners, development teams, and quality
assurance owners. A new business strategy can also be evaluated in terms of
employee buy-in. If team members believe in the value and importance of Agile
transformation, they will work harder to ensure its success. But if a critical
mass of employees is skeptical about the change, they will make it harder to
see a positive result.
Quote for the day:
"Power should be reserved for
weightlifting and boats, and leadership really involves responsibility."
-- Herb Kelleher
No comments:
Post a Comment