Digital transformation: Top 5 skills you need to succeed
First and foremost, workers need to possess a basic level of digital fluency in
order to successfully implement digital transformation. Depending on the
industry, digital fluency can range from a basic knowledge of Microsoft Suite to
an understanding of cloud computing. This necessity of this skill is
company-wide; Harvard Business School Professor Tsedel Neeley points out that
digital fluency adheres to a basic tenet of linguistics. "I often reference the
30% rule; borrowed from the study of languages, when applied to digital fluency,
it dictates that the entire company needs to be, at least, at a 30% fluency
baseline in order to move in a new digital direction effectively." ... An
oft-neglected component of digital transformation is cybersecurity. According to
research and marketing firm ThoughtLab, the average number of cyberattacks rose
by 15.1% in 2021, as compared to 2022. The implications are sobering: Blockchain
analysis firm Chainalysis reports that victims of ransomware spent almost $700
million paying off their attackers in 2020. As the digital transformation
process accelerates, companies should cover potential risk areas by hiring those
with cybersecurity skills.
You Are Blind to the Risks in Your Cloud — Why Companies Need Cloud Security Monitoring
The first is because they are ephemeral in nature and always growing. The second
is that they rely on outdated, and ineffective tooling and processes. What once
worked in the data center does not work for the cloud. This leads to blind spots
and greater difficulty protecting data. In one study, 87% of respondents say
they fear that a lack of cloud visibility is obscuring security threats to their
company. And 95% blame visibility problems for application and network
performance issues. Cloud security monitoring provides deep visibility across
multiple environments for real-time threat discovery and remediation. ...
Oftentimes, they discover cloud security gaps long before companies do. When
this happens, bad actors can enter without detection. In most cases, the
affected organization is completely unaware of the breach and vulnerability or
misconfiguration that enabled it. ... With a robust cloud security monitoring
solution in place, companies can discover and remediate misconfigurations like
publicly exposed data stores, over-privileged Identities, lack of encryption,
lack of auditing, or vulnerabilities in a workload in near real-time — before
these issues can be exploited.
IT career roadmap: Cloud architect
Merritt has found a niche working with clients that might be startups or smaller
or medium-size companies that are growing quickly. He notes that he can relate
to their entrepreneurial values from having worked at a number of these kinds of
companies himself. “I can switch roles according to what they need in the
moment,” he says. “One week I'm coding, the next I'm doing high-level design,
and the next may be a go-to-market plan. I thrive on this kind of change, and
clients appreciate that I can switch roles as they require.” “I try to do work
on hard problems that require heavy left-brain thinking, like coding or
debugging, in the morning,” Merritt says. “Then get out for some physical
exercise to clear my head. I try to push meetings, writing, and admin to the
afternoon or evening.” For his current client, Merritt is doing a lot of
architectural design work for security, infrastructure, and technology
operations, including writing code, testing, and planning. “For some clients,
I'm collaborating a lot all day,” he says. For others, “I just show results when
I'm done,” he says. “I post milestones regularly, so clients can follow where
I'm at with their project.
Identity is the killer context: 4 ways to stay in control
A good IDaaS solution should be able to apply identity-based, context-aware
rules across an organization’s ecosystem to spot unauthorized behavior before it
leads to a breach. It should be capable of operating autonomously to
authenticate the right users based on contextual data – and block access based
on suspicious activity. As organizations build larger and more complex
cloud-based data landscapes, they should create a zero-trust environment which
protects against threats on the inside as well as external risks. Through
intelligent, autonomous defense technology, businesses can also implement
systems that analyze far more than just a password or one-time code when
determining whether a user is granted access to a system or data. IP addresses,
past behavior, endpoint ID, geolocation and the time of day are just some of the
data points that should be gathered and analyzed by an intelligent IDaaS
platform to decide whether an access request should be granted. A modern
approach to identity within the network can help to mitigate the risk of insider
attacks.
Validate Your Cybersecurity Skills On The Range
The phrase “practice makes perfect” is misleading. There is no perfect.
However, good practice makes you better and allows you to both hone and verify
your skills—and one of the best ways to practice is on a range. If you want to
get better at golf, you go to a driving range. If you want to improve your
marksmanship, you go to a shooting range. You might not think of cybersecurity
in the same way, but the same principle applies. Organizations today must
defend a complex and expanding attack surface, against sophisticated
adversaries and a daunting threat landscape. You certainly don't want to wait
until you’re in the middle of an active cyberattack to learn the hard way that
you’re not as prepared as you need to be. ... Likewise, a cyber range should
also emulate a real-world IT environment as much as possible. It should
deliver realistic network traffic and accurately emulate network, user, and
threat actor behavior. Ideally, it should be an expandable, high-fidelity,
open platform that provides flexibility to train in a variety of scenarios. A
cyber range is multifaceted and enables a variety of training or validation
scenarios.
Traffic Light Protocol for cybersecurity responders gets a revamp
Interestingly, not everyone subscribes to the idea that the dissemination of
cybersecurity information should ever be restricted, even voluntarily.
Enthusiasts of so-called full disclosure insist that publishing as much
information as possible, as widely as possible, as quickly as possible, is
actually the best way to deal with vulnerabilities, exploits, cyberattacks,
and the like. Full-disclosure advocates will freely admit that this sometimes
plays into the hands of cybercriminals, by clearly identifying the information
they need (and giving away knowledge they might not previously have had) to
initiate attacks right away, before anyone is ready. Full disclosure can also
disrupt cyberdefences by forcing sysadmins everywhere to stop whatever they
are doing and divert their attention immediately to something that could
otherwise safely have been scheduled for attention a bit later on, if only it
hadn’t been shouted from the rooftops. Nevertheless, supporters of full
disclosure will tell you that nothing could be simpler, easier or fairer than
just telling everybody at the same time.
7 skills CIOs say are core to their jobs
Today’s technology leaders are a critical part of running any business and
have been awarded a seat at the table to partner and drive progress. This
requires that IT leaders not only understand the technology and the industry
as they have in the past but also the value of building strong relationships
and trust in the organization. To build these relationships and trust, I have
significantly focused on listening and understanding different points of view.
With business partners, this allows you to truly understand the business
problems being brought to the team to solve and dig below the surface to
ensure you provide robust solutions for the customer. This instills trust and
confidence in the group. Equally important is listening to your team members,
truly understanding the work they are engaged in and why it matters. When the
team understands the end goal, it drives empowerment that leads to innovation
and efficiency. It allows the team to contribute to the company’s success by
being a part of the solution, not just executing against a predefined plan.
Cyberattack on NHS Vendor Already Offering Critical Lessons
The NHS situation is already offering several important lessons to other
healthcare entities and their vendors, some experts say. "It is critical that
an organization ensure that vendors that have network access or connectivity
ensure that they have proper cyber hygiene protections in place," says retired
supervisory FBI agent Jason G. Weiss, an attorney at law firm Faegre Drinker
Biddle & Reath LLP. It is also critical to audit and ensure that the
protections a vendor claims to have in place are verifiable and subject to
testing to ensure the controls work appropriately, he adds. "One option is to
require IT vendors to have established and proven cybersecurity frameworks in
place such as ISO 27001, zero trust architecture or the National Institute of
Standards and Technology's Cybersecurity Framework, just to name a few
options," he says. In the meantime, threats, such as ransomware as a service,
that are available to cyberthreat actors have greatly expanded the scope of
potential threats that healthcare sector entities and their vendors face, he
says.
Establishing a strong DevOps pipeline
“DevOps, and more recently DataOps, has pushed software development to the
front of most corporate IT roadmaps. The rise of DevOps has been well
explained as a new approach to make monolithic applications more agile and
responsive to market and workforce changes,” says Ramachandran. “There are so
many different patterns in data integration – from batch, to streaming and
beyond – that a patchwork landscape of technologies has led to huge
fragmentation. Data engineers without the right tools end up stressing about
constantly pivoting to keep things in sight and steady, which is a drag on
resources,” Ramachandran adds. “Therefore, DevOps is only useful if businesses
can interpret and take action on the data. Organisations must have a strong
pipeline in place to manage the incoming data and this is where application
integration comes in. Having a powerful integration platform can automatically
manage the DevOps data pipeline to provide better visibility and insights,
real-time engagement with customers, and frictionless partner and supplier
transactions.”
Rules of Thumb & Traps When Approaching Tech Stack Decisions
It happens in unhealthy organizational environments where developers build
silos of knowledge. I have talked to a tech giant where a single engineer
wrote essential services. He held the organization hostage to receive a better
salary, did not get what he wanted, and left the company in the end. They had
to rewrite it as nobody was able to support it. Silos, however, can occur
naturally due to high pressure from management for fast delivery. In
high-pressure environments, developers have to specialize in certain areas to
be more efficient. So the de-silofication should be considered a complementary
task while dealing with technical debt. Regardless of why such silos occurred,
we should know how many of them are critical. I have witnessed huge companies
that should not allow five specific engineers to travel on the same tram, as
the risk of survival of the company if something happens with the tram is
simply too high. If this is the case in your company, then it is time for you
to think about doing things differently. Spread the knowledge, and implement a
proxy strategy where other engineers will start taking tasks intended for the
“tram-people.”
Quote for the day:
"What great leaders have in common is
that each truly knows his or her strengths - and can call on the right
strength at the right time." -- Tom Rath
No comments:
Post a Comment