What Women Should Know Before Joining the Cybersecurity Industry
Women still are underrepresented in software engineering and IT. And many times,
cybersecurity gets lumped together with those, and with that comes the belief
that it requires the same skills. And that's simply not the case. At the core,
the job of cybersecurity teams is to assess, prioritize, and work to resolve
risks; nothing in there requires a STEM background or understanding of software
engineering. Sure, these risks might related to code a developer wrote, or a
cloud environment the IT team deployed, but reviewing alerts, assessing the
impact to the business and the potential risk, and determining the appropriate
course of action — those are not things that require a security professional to
be a developer or to moonlight in IT. Computer science skills and backgrounds
aren't a barrier to the cybersecurity profession — we're a business function,
not a technical one. ... If you're on a cybersecurity team, you're tasked with
keeping all these teams safe, each and every day. But this isn't something you
can do alone. You need help from all of them in order to deliver that
protection.
Overcoming the Top 3 Challenges of Infrastructure Modernization
Container environments like Kubernetes provide similar benefits and challenges
as the cloud. Containers empower IT teams to increase efficiency, agility and
speed, improving application life cycle management and making it faster and
easier to modernize existing applications. Like the cloud, though, containers
must be optimized to deliver on their ability to reduce costs and streamline
performance. To orchestrate containers effectively, IT must understand how to
allocate them. As with cloud provisioning, under-allocating container resources
can result in issues with service assurance, while over-allocation can lead to
wasted spending, especially since individual application teams tend to request
more resources than they need to be safe. Right-sizing container environments is
particularly important when containers are used to manage the impact of
fluctuating business demands on IT systems. It’s crucial to optimize container
environments for your current state, but it’s also important to know what’s
coming so resources can be allocated accordingly.
Tracking Ransomware: Here's Everything We Still Don’t Know
ENISA estimates that during the timeframe it studied, there were 3,640
successful ransomware attacks, of which it was only able to obtain details for
623 incidents. "All results and conclusions as presented should take into
account this disclaimer concerning the number of incidents used in this
analysis" and highlight the overall lack of solid details about so many
incidents, it says. "In addition, the fact that we were able to find publicly
available information for [only] 17% of the cases highlights that when it comes
to ransomware, only the tip of the iceberg is exposed and the impact is much
higher than what is perceived," it says. Indeed, most attacks never get publicly
reported, because victims don't want the negative publicity. Unfortunately,
getting a victim to pay quickly and secretly suits ransomware-wielding attackers
too. Law enforcement has a tough time identifying individual attackers or groups
at work, prioritizing them based on impact, and issuing warnings to help other
organizations block groups' commonly used tactics.
Managing Kubernetes Secrets with the External Secrets Operator
/filters:no_upscale()/articles/k8s-external-secrets-operator/en/resources/1pasted%20image%200-10-1659174794947.jpeg)
ESO is a Kubernetes operator that connects to external secrets-management
systems like the ones we mentioned above and reads secret information and
injects the values into Kubernetes secrets. It is a collection of custom API
resources that provide a user-friendly abstraction for the external APIs that
manages the lifecycle of the secrets for us. Like all other Kubernetes
operators, ESO is composed of some main components:Custom Resource Definitions
(CRD): These define the data schema of the settings available for the operator,
in our case SecretStore and ExternalSecret definitions. Programmatic Structures:
These define the same data schema as the CRDs above using the programming
language of choice, in our case Go. Custom Resource (CR): These hold the values
for the settings defined by the CRDs and describe the configuration for the
operator. Controller: This is where the actual work takes place. Controllers act
on custom resources and are responsible for creating and managing the resources.
They can be created in any programming language, and ESO controllers are created
in Go.
Can artificial intelligence really help us talk to the animals?
Raskin is the co-founder and president of Earth Species Project (ESP), a
California non-profit group with a bold ambition: to decode non-human
communication using a form of artificial intelligence (AI) called machine
learning, and make all the knowhow publicly available, thereby deepening our
connection with other living species and helping to protect them. A 1970
album of whale song galvanised the movement that led to commercial whaling
being banned. What could a Google Translate for the animal kingdom spawn?
The organisation, founded in 2017 with the help of major donors such as
LinkedIn co-founder Reid Hoffman, published its first scientific paper last
December. The goal is to unlock communication within our lifetimes. “The end
we are working towards is, can we decode animal communication, discover
non-human language,” says Raskin. “Along the way and equally important is
that we are developing technology that supports biologists and conservation
now.” Understanding animal vocalisations has long been the subject of human
fascination and study.
Microsoft's new security tool lets you to see your systems like a hacker would
The attack surface management service could be useful given data that
attackers start scanning the internet for exposed vulnerable devices within
15 minutes of a major flaw's public disclosure and generally continue
scanning the internet for older flaws like last year's nasty Exchange Server
flaws, ProxyLogon and ProxyShell. This service discovers a customer's
unknown and unmanaged resources that are visible and accessible from the
internet – giving defenders the same view an attacker has when they select a
target. Defender EASM helps customers discover unmanaged resources that
could be potential entry points for an attacker. Across MSTIC and Microsoft
365 Defender Research, Microsoft is tracking 250 different actors and
ransomware families. "We're providing intelligence across all of them and
bringing that into your security team — not just to learn the latest news…
but also to explore it, so if I see an indicator, I might explore where that
might live on the network and connect that to what I'm seeing in my company.
It's like a workbench for analysts inside a company," says Lefferts.
Microsoft hails success of hydrogen fuel cell trial at its New York datacentre
The company deployed a proton exchange membrane (PEM) fuel cell technology
at its Latham site, which generates electricity by facilitating a chemical
reaction between hydrogen and oxygen that creates no carbon emissions
whatsoever. “The PEM fuel cell test in Latham demonstrated the viability of
this technology at three megawatts, the first time at the scale of a backup
generator at a datacentre,” the blog post stated. “Once green hydrogen is
available and economically viable, this type of stationary backup power
could be implemented across industries – from datacentres to commercial
buildings and hospitals.” The company first started experimenting with the
use of PEM fuel cells as an alternative to diesel backup generators in 2018,
having previously tested and ruled out the use of natural gas-powered solid
oxide fuel cells on cost grounds. This work gave way to a collaboration
between Microsoft and the National Renewable Energy Laboratory in 2018 that
saw the pair deploy a 65 kW PEM fuel cell generator to power a rack of
computers.
Legislators Gear Up to Take On Cloud Outages
The good news, if you’re in favor of this kind of regulation (or the bad
news if you’re not) is that regulatory bodies across the Atlantic seem to be
sliding towards a new compliance regime for cloud providers along these
lines. A paper from the UK Treasury, published last month, revealed that
Treasury and Bank of England have been mulling a new regulatory framework
for “critical” cloud-based third-party services since 2019. They propose
fairly broad powers to enforce standards and investigate violations. This
isn’t legislation, of course; that step, the paper notes, will come “when
parliamentary time allows,” and since Britain won’t have a government before
September, we will likely be hearing more of this in 2023. Meanwhile, on the
Continent, the European Council and Parliament came to an understanding in
May that the (Digital Operational Resilience Act (DORA), a regulatory
framework that is not yet in law, will be able to “maintain resilient
operations through a severe operational disruption” in finance, including on
cloud platforms.
What transformational leaders do differently
A transformational leader actively listens and establishes trust with their
team, encourages diversity of thought, and creates an environment where the
team feels they “belong” and are comfortable sharing ideas without judgment.
Effective change cannot happen without everyone working together against a
common purpose, recognizing that a team is more important than any individual,
and always putting the company first when making decisions. A leader must
create an environment where team members feel seen, heard, and fully
understand the company and department strategy and goals. As a
multi-generational, family-owned business, Southern Glazer’s culture has an
entrepreneurial spirit that challenges team members to think beyond the here
and now, focusing on how we can do something better than before. Technology is
business, and it is the responsibility of the IT team to bring innovative
ideas that drive transformational change, to digitally transform across all
company functions to create the right employee and business partner experience
while also delivering operational efficiency and effectiveness.
Entrepreneurship for Engineers: Solo Founder or Co-Founder?
Founding a startup is hard, and it can be a lonely road, especially for solo
founders. There are a lot of issues that come up in a startup that you can’t
talk about with your employees, you can’t discuss with your investors, your
friends won’t understand (unless they are also startup founders themselves) —
and your spouse won’t get, either. “I was a founder, and I had a co-founder,
and I can not thank God enough to have had that opportunity,” said Dokania.
“It definitely makes it easier emotionally.” Raman echoed this sentiment.
“It’s incredibly hard to build a company, and doing so while knowing that you
are entirely responsible for the success or failure through that entire
journey is exceptionally stressful,” she said. “The highs are very high, but
the lows are so extremely low.” Many founders, especially early on, think of
the advantage of a co-founder as being about finding someone with
complementary skills, so you can build the business while each focusing on
your strengths. However, Dokania and Raman agreed that the primary benefit of
having co-founders is emotional — because humans are social animals and
building a company is stressful enough without also being lonely and
isolating.
Quote for the day:
"Leaders begin with a different
question than others. Replacing who can I blame with how am I responsible?"
-- Orrin Woodward
No comments:
Post a Comment