The Great Resignation continues, and companies are finding new ways to tackle the talent shortage
The Great Resignation is far from over. According to a study of 1,000 hiring
managers in the US, 60% are struggling to find quality talent needed to fill
open roles, with many now turning to freelance workers to bridge the growing
skills gap. According to Upwork's most recent Future Workforce Report, 56% of
companies that hire freelance workers hired freelancers at an increased rate
within the last year. Companies are seeking out skilled independent workers to
fill empty positions to compensate for the ongoing loss of talent, particularly
in data science, accounting, and IT departments. Many companies are still
feeling the burn of the COVID-19 pandemic and its effect on job trends. The
ongoing tendency for workers to quit their jobs in search of better
opportunities is persistent, and tech workers have proved particularly difficult
to hire. Hiring managers surveyed by Upwork said data science and analytics
roles would be the hardest to hire for over the next six months (60%), followed
by architecture and engineering (58%) and IT & networking (58%).
Serverless Is the New Timeshare
There’s one great use case I can think of: webhooks. Getting the duct tape code
for webhooks is always a pain. They don’t trigger often and dealing with that is
a chore. Using a serverless function to just add stuff to the database and do
the work can be pretty simple. Since a callback is hard to debug anyway, the
terrible debugging experience in serverless isn’t a huge hindrance. But for
every other use case, I’m absolutely baffled. People spend so much time checking
and measuring throughput yet just using one slightly larger server and only
local calls will yield more throughput than you can possibly need. Without all
the vendor tie-ins that we fall into. Hosting using Linode, Digital Ocean, etc.
would save so much money. On the time-to-market aspect, just using caching and
quick local tools would be far easier than anything you can build in the cloud.
Containers are good progress and they made this so much simpler, yet we dropped
the ball on this and went all in on complexity with stuff like Kubernetes. Don’t
get me wrong. K8s are great.
The 6 most overhyped technologies in IT
These CIOs say that metaverse enthusiasts, including vendors who have a stake
in its promotion, have created a sense that this technology will have us all
living in a new digital realm. Most aren’t buying it. “Could it turn out to be
great? Well, possibly. But so many other things have to change in order for
that to work,” says Bob Johnson, CIO of The American University of Paris, who
extended his comments to include the related technologies of extended reality
(XR), virtual reality (VR), and augmented reality (AR). “They have some
wonderful applications, but they don’t change the way we live.” ... CIOs also
labeled blockchain as overhyped, noting that the technology has failed to be
as transformative or even as useful as hoped nearly a decade into its use.
“Initially, the name ‘blockchain’ sounded pretty cool and quickly became a
buzzword that drew interest and peeked curiosities,” says Josh Hamit, senior
vice president and CIO of Altra Federal Credit Union and a member of ISACA’s
Emerging Trends Working Group. “However, in actual practice, it has proved
more difficult for many organizations to identify tangible use cases for
blockchain, or distributed ledger as it is also known.”
How fusing power and process automation delivers operational resilience
The integration of power and process is a catalyst for operational resilience
and improved sustainability across the lifecycle of the plant. This
integrated, digitalised approach drives Electrical, Instrumentation and
Control (EI&C) CAPEX reductions up to 20% and OPEX efficiencies, including
decreased unplanned downtime up to 15%, in addition to improving bottom line
profitability by three points. End users see energy procurement cost
reductions of 2-5% and carbon footprint reductions of 7 – 12% when
implementing these strategies. It offers a comprehensive view of asset
performance management, energy management, and the value chain from design
through construction, commissioning, operations, and maintenance. When
undergoing such an integration effort, implementing the right strategies can
improve operational resilience for better anticipation, prevention, recovery
from, and adaptability to market dynamics and events. This plant-wide data
collection, reliable control and command exchange between systems, operators
and control room will empower the workforce with clear and verified
decision-making.
Multi-stage crypto-mining malware hides in legitimate apps with month-long delay trigger
Once the user downloads and installs an app, the deployment of malicious
payloads doesn't happen immediately, which is a strategy to avoid detection.
First, the app installer, which is built with a free tool called Inno Setup,
reaches out to the developer's website and downloads a password-protected RAR
archive that contains the application files. These are deployed under the
Program Files (x86)\Nitrokod\[application name] path. The app then checks for
the presence of a component called update.exe. If it's not found, it deploys
it under the Nitrokod folder and sets up a system scheduled task to execute it
after every restart. The installer then collects some information about the
victim's system and sends it to the developer's server. Up to this point, the
installation is not very unusual for how a legitimate application would
behave: collecting some system data for statistics purposes and deploying what
looks like an automatic update component. However, after around four system
restarts on four different days, update.exe downloads and deploys another
component called chainlink1.07.exe.
The new work–life balance
The pandemic seemed to render work–life balance a laughable concept. As
white-collar workers set up workstations at home, there was no longer a
separation of job and personal time or space. So we need something new,
something more useful, to help us think about balance in our lives. Here’s an
alternative model. ... There is no right mix, per se, and each individual’s
outlook will change over time. When we are in our 20s, we can indulge in more
of what we want to do. The same is true later in life, when personal interests
can be prioritized. It’s those decades of our 30s, 40s, and 50s that can be
particularly challenging—raising a family and building a career, which will
include jobs that are stepping stones to more fulfilling roles. These chapters
of life gave rise to the widely cited U-shaped happiness curve. To me, that
three-part pie chart is useful in determining whether we feel a sense of
balance in our lives. And it also helps explain some of the meta-narratives of
the moment, including the “great resignation” and the persistent desire of
employees to work from home. All that time alone during pandemic lockdowns
gave people time to consider the meaning of life and prompted many to quit
unrewarding jobs.
Edge computing: 4 considerations for success
Automation is usually accomplished through automation workflows close to the
edge endpoints and a centralized control layer. Localized execution guards
against high latency and connection disruptions, while centralized control
provides integrated control of the entire edge environment. ... The edge can
become a bit like the Wild West if you let it. Even with automation and
management systems in place, it still takes an architectural commitment to
maintain a high degree of consistency across the edge (and datacenter)
environment. One rationale for a lack of consistency is that devices at the
periphery are often smaller and less powerful than servers in a data center. The
reasoning then follows that they need to run different software. But this isn’t
necessarily the case – or at least, it isn’t the whole story. You can build
system images from the small core Linux operating system you run elsewhere and
customize it to add exactly what you need in terms of drivers, extensions, and
workloads. Images can then be versioned, tested, signed, and deployed as a unit,
so your ops team can know exactly what is running on the devices.
How Observability Can Help Manage Complex IT Networks
“Everything in computing is difficult for humans to see, simply because humans
are so much slower than any computer,” Morgan says. “Almost anything we can do
to provide visibility into what’s really happening inside the application can be
a big help in understanding.” This means not just fixing things that break, but
improving things that are working, or explaining them to users and new
developers. He points to the oldest observability tool, ad-hoc logging -- still
in use today -- but adds tools like distributed tracing can provide a standard
layer of visibility into the entire application without requiring application
changes. This in turn reduces the burden on developers (less code to write) and
on support staff (fewer distinct things to learn). “As an industry, we’ve
created many tools for observability over the years, from print statements to
distributed tracing,” Morgan says. “Network analytics bring a welcome uniformity
to observability.” He adds that at a certain level, network traffic is the same
no matter what the application is doing, so you can easily get equivalent
transparency for every service in your application.
As States Ban Ransom Payments, What Could Possibly Go Wrong?
Victims may not know exactly what all ransomware attackers have encrypted or
stolen, and finding out may take substantial time and energy. Likewise,
negotiators can sometimes reduce the ransom being demanded by a large factor. In
some cases, attackers may also provide a decryptor without a victim having to
pay. Perhaps state legislators are attempting to look tough by essentially
telling ransomware gangs to look elsewhere. No doubt they also don't want the
political baggage associated with spending taxpayer money to enrich criminals.
"A ransomware payment to the evil 'insert one of four known
protagonists'-affiliated cybercriminals for multimillion-dollar amounts is bad
optics at the political level when infrastructure is crumbling, inflation is
climbing and social services such as policing and justice, healthcare, and other
government services are under immense strain and financial pressure," says Ian
Thornton-Trump , CISO of Cyjax. Previously, he says, many victims could pay for
cleanup - and sometimes the ransom payment - using their cyber insurance or by
making a business-disruption claim.
Outdated infrastructure not up to today’s ransomware challenges
Challenges pertaining to outdated infrastructure could easily be compounded by
the fact that many IT and security teams don’t seem to have a plan in place to
mobilize if and when a cyber attack occurs. Nearly 60% of respondents
expressed some level of concern that their IT and security teams would be able
to mobilize efficiently to respond to the attack. These are just some of the
findings from an April 2022 survey, conducted by Censuswide, of more than
2,000 IT and SecOps professionals (split nearly 50/50 between the two groups)
in the United States, the United Kingdom, Australia and New Zealand. All
respondents play a role in the decision-making process for IT or security
within their organizations. “IT and security teams should raise the alarm bell
if their organization continues to use antiquated technology to manage and
secure their most critical digital asset – their data,” said Brian Spanswick,
CISO, Cohesity. “Cyber criminals are actively preying on this outdated
infrastructure as they know it was not built for today’s dispersed, multicloud
environments, nor was it built to help companies protect and rapidly recover
from sophisticated cyberattacks.”
Quote for the day:
"Speaking about it and doing it are
not the same thing." -- Gordon Tredgold
No comments:
Post a Comment