Daily Tech Digest - August 02, 2022

What Women Should Know Before Joining the Cybersecurity Industry

Women still are underrepresented in software engineering and IT. And many times, cybersecurity gets lumped together with those, and with that comes the belief that it requires the same skills. And that's simply not the case. At the core, the job of cybersecurity teams is to assess, prioritize, and work to resolve risks; nothing in there requires a STEM background or understanding of software engineering. Sure, these risks might related to code a developer wrote, or a cloud environment the IT team deployed, but reviewing alerts, assessing the impact to the business and the potential risk, and determining the appropriate course of action — those are not things that require a security professional to be a developer or to moonlight in IT. Computer science skills and backgrounds aren't a barrier to the cybersecurity profession — we're a business function, not a technical one. ... If you're on a cybersecurity team, you're tasked with keeping all these teams safe, each and every day. But this isn't something you can do alone. You need help from all of them in order to deliver that protection.

Overcoming the Top 3 Challenges of Infrastructure Modernization

Container environments like Kubernetes provide similar benefits and challenges as the cloud. Containers empower IT teams to increase efficiency, agility and speed, improving application life cycle management and making it faster and easier to modernize existing applications. Like the cloud, though, containers must be optimized to deliver on their ability to reduce costs and streamline performance. To orchestrate containers effectively, IT must understand how to allocate them. As with cloud provisioning, under-allocating container resources can result in issues with service assurance, while over-allocation can lead to wasted spending, especially since individual application teams tend to request more resources than they need to be safe. Right-sizing container environments is particularly important when containers are used to manage the impact of fluctuating business demands on IT systems. It’s crucial to optimize container environments for your current state, but it’s also important to know what’s coming so resources can be allocated accordingly.

Tracking Ransomware: Here's Everything We Still Don’t Know

ENISA estimates that during the timeframe it studied, there were 3,640 successful ransomware attacks, of which it was only able to obtain details for 623 incidents. "All results and conclusions as presented should take into account this disclaimer concerning the number of incidents used in this analysis" and highlight the overall lack of solid details about so many incidents, it says. "In addition, the fact that we were able to find publicly available information for [only] 17% of the cases highlights that when it comes to ransomware, only the tip of the iceberg is exposed and the impact is much higher than what is perceived," it says. Indeed, most attacks never get publicly reported, because victims don't want the negative publicity. Unfortunately, getting a victim to pay quickly and secretly suits ransomware-wielding attackers too. Law enforcement has a tough time identifying individual attackers or groups at work, prioritizing them based on impact, and issuing warnings to help other organizations block groups' commonly used tactics. 

Managing Kubernetes Secrets with the External Secrets Operator

ESO is a Kubernetes operator that connects to external secrets-management systems like the ones we mentioned above and reads secret information and injects the values into Kubernetes secrets. It is a collection of custom API resources that provide a user-friendly abstraction for the external APIs that manages the lifecycle of the secrets for us. Like all other Kubernetes operators, ESO is composed of some main components:Custom Resource Definitions (CRD): These define the data schema of the settings available for the operator, in our case SecretStore and ExternalSecret definitions. Programmatic Structures: These define the same data schema as the CRDs above using the programming language of choice, in our case Go. Custom Resource (CR): These hold the values for the settings defined by the CRDs and describe the configuration for the operator. Controller: This is where the actual work takes place. Controllers act on custom resources and are responsible for creating and managing the resources. They can be created in any programming language, and ESO controllers are created in Go.

Can artificial intelligence really help us talk to the animals?

Raskin is the co-founder and president of Earth Species Project (ESP), a California non-profit group with a bold ambition: to decode non-human communication using a form of artificial intelligence (AI) called machine learning, and make all the knowhow publicly available, thereby deepening our connection with other living species and helping to protect them. A 1970 album of whale song galvanised the movement that led to commercial whaling being banned. What could a Google Translate for the animal kingdom spawn? The organisation, founded in 2017 with the help of major donors such as LinkedIn co-founder Reid Hoffman, published its first scientific paper last December. The goal is to unlock communication within our lifetimes. “The end we are working towards is, can we decode animal communication, discover non-human language,” says Raskin. “Along the way and equally important is that we are developing technology that supports biologists and conservation now.” Understanding animal vocalisations has long been the subject of human fascination and study. 

Microsoft's new security tool lets you to see your systems like a hacker would

The attack surface management service could be useful given data that attackers start scanning the internet for exposed vulnerable devices within 15 minutes of a major flaw's public disclosure and generally continue scanning the internet for older flaws like last year's nasty Exchange Server flaws, ProxyLogon and ProxyShell. This service discovers a customer's unknown and unmanaged resources that are visible and accessible from the internet – giving defenders the same view an attacker has when they select a target. Defender EASM helps customers discover unmanaged resources that could be potential entry points for an attacker. Across MSTIC and Microsoft 365 Defender Research, Microsoft is tracking 250 different actors and ransomware families. "We're providing intelligence across all of them and bringing that into your security team — not just to learn the latest news… but also to explore it, so if I see an indicator, I might explore where that might live on the network and connect that to what I'm seeing in my company. It's like a workbench for analysts inside a company," says Lefferts.

Microsoft hails success of hydrogen fuel cell trial at its New York datacentre

The company deployed a proton exchange membrane (PEM) fuel cell technology at its Latham site, which generates electricity by facilitating a chemical reaction between hydrogen and oxygen that creates no carbon emissions whatsoever. “The PEM fuel cell test in Latham demonstrated the viability of this technology at three megawatts, the first time at the scale of a backup generator at a datacentre,” the blog post stated. “Once green hydrogen is available and economically viable, this type of stationary backup power could be implemented across industries – from datacentres to commercial buildings and hospitals.” The company first started experimenting with the use of PEM fuel cells as an alternative to diesel backup generators in 2018, having previously tested and ruled out the use of natural gas-powered solid oxide fuel cells on cost grounds. This work gave way to a collaboration between Microsoft and the National Renewable Energy Laboratory in 2018 that saw the pair deploy a 65 kW PEM fuel cell generator to power a rack of computers.

Legislators Gear Up to Take On Cloud Outages

The good news, if you’re in favor of this kind of regulation (or the bad news if you’re not) is that regulatory bodies across the Atlantic seem to be sliding towards a new compliance regime for cloud providers along these lines. A paper from the UK Treasury, published last month, revealed that Treasury and Bank of England have been mulling a new regulatory framework for “critical” cloud-based third-party services since 2019. They propose fairly broad powers to enforce standards and investigate violations. This isn’t legislation, of course; that step, the paper notes, will come “when parliamentary time allows,” and since Britain won’t have a government before September, we will likely be hearing more of this in 2023. Meanwhile, on the Continent, the European Council and Parliament came to an understanding in May that the (Digital Operational Resilience Act (DORA), a regulatory framework that is not yet in law, will be able to “maintain resilient operations through a severe operational disruption” in finance, including on cloud platforms. 

What transformational leaders do differently

A transformational leader actively listens and establishes trust with their team, encourages diversity of thought, and creates an environment where the team feels they “belong” and are comfortable sharing ideas without judgment. Effective change cannot happen without everyone working together against a common purpose, recognizing that a team is more important than any individual, and always putting the company first when making decisions. A leader must create an environment where team members feel seen, heard, and fully understand the company and department strategy and goals. As a multi-generational, family-owned business, Southern Glazer’s culture has an entrepreneurial spirit that challenges team members to think beyond the here and now, focusing on how we can do something better than before. Technology is business, and it is the responsibility of the IT team to bring innovative ideas that drive transformational change, to digitally transform across all company functions to create the right employee and business partner experience while also delivering operational efficiency and effectiveness.

Entrepreneurship for Engineers: Solo Founder or Co-Founder?

Founding a startup is hard, and it can be a lonely road, especially for solo founders. There are a lot of issues that come up in a startup that you can’t talk about with your employees, you can’t discuss with your investors, your friends won’t understand (unless they are also startup founders themselves) — and your spouse won’t get, either. “I was a founder, and I had a co-founder, and I can not thank God enough to have had that opportunity,” said Dokania. “It definitely makes it easier emotionally.” Raman echoed this sentiment. “It’s incredibly hard to build a company, and doing so while knowing that you are entirely responsible for the success or failure through that entire journey is exceptionally stressful,” she said. “The highs are very high, but the lows are so extremely low.” Many founders, especially early on, think of the advantage of a co-founder as being about finding someone with complementary skills, so you can build the business while each focusing on your strengths. However, Dokania and Raman agreed that the primary benefit of having co-founders is emotional — because humans are social animals and building a company is stressful enough without also being lonely and isolating.

Quote for the day:

"Leaders begin with a different question than others. Replacing who can I blame with how am I responsible?" -- Orrin Woodward

No comments:

Post a Comment