Daily Tech Digest - October 12, 2022

Consumer cyber hygiene makes significant gains, report shows

The new survey shows 75% of respondents were at least somewhat concerned about privacy of personal data collected online. Of those who showed little concern about the issue, 24% said it was because, “there’s nothing I can do about it anyway.” Another 18% of that group said, “I take all of the privacy precautions that I can, so I believe the security and privacy of my personal data is out of my hands.” According to the report, when asked “who should be most responsible for protecting the online privacy of Americans,” 32% said companies, 33% said the federal government, and 25% said it was consumers themselves. “This isn’t a surprise,” said Harvard Kennedy School fellow and lecturer Bruce Schneier. “Surveys consistently demonstrate that people are concerned about their privacy in the face of both governments and corporations. The reason people don’t often act on those concerns is that they feel powerless. There are often no easy ways people have to protect the privacy of their personal data, nor are there reasonable alternatives to the tech monopolies that make surveillance their business model.”

Australia moots changes to privacy laws after Optus data breach

The proposed regulatory changes would allow telcos in the country to temporarily share certain government identifier data, such as Medicare and passport numbers, with financial services providers. This aimed to facilitate enhanced monitoring and safeguards for customers affected by a data breach, the office of Australian Treasurer Jim Chalmers said in a statement Thursday. He added that the amendments would enable better coordination between the telcos, financial institutions, as well as federal and state government agencies to detect and mitigate the risks of cybersecurity incidents. "The proposed regulations have been carefully designed with strong privacy and security safeguards to ensure that only limited information can be made available for certain purposes," Chalmers said. The amendments will apply to all financial institutions regulated by Australia's Australian Prudential Regulation Authority (APRA), excluding branches of foreign banks, with the personal identifier information only to be used for "preventing or responding" to cybersecurity incidents, fraud, scam activities, or instances of identity theft.

How to Transition from General IT to Cybersecurity

People often ask, “How do I change my career to cybersecurity with no experience?” or “Can I get into cybersecurity without IT experience?” It is critical that employers can distinguish you from your peers. Employers certainly prefer job candidates with experience; however, degrees and certifications also demonstrate your understanding of relevant topics and can set you apart from other applicants. Nearly 9 in 10 (88 percent) of respondents to ISACA’s survey reported that a cybersecurity candidate’s credentials are somewhat or very important in determining if they are qualified. How quickly can you learn cybersecurity? It depends on your path—degrees typically take two to four years, depending on the level of education and focus of the subject matter. Certifications are less of a time commitment but be sure to pick the one that is right for your background and level of experience. For example, ISACA’s Cybersecurity Fundamentals Certificate is designed for entry-level professionals, but the CISM and CSX-P certifications are meant for more seasoned practitioners.

ESG and Cybersecurity Compliance Are Every Employee’s Concern

For the rapidly changing worlds of both cybersecurity and ESG, past performance cannot be considered an indicator of future success. Instead, companies need to train up existing employees, hire new talent, and bring in external consultants to develop and vet their plans for both regulatory compliance and how to showcase that hard work. New hires and specific employee designations are only one piece of achieving legal compliance (and, of course, great PR). Thoughtful training and awareness maintenance is key here as well. In cybersecurity, an organization is only as strong as its weakest link; in ESG, employees with multifaceted skill sets (namely, strategic plan evaluation and ability to analyze both qualitative and quantitative inputs) will be the ones who drive value in meeting this multifaceted and demanding acronym. The best training and awareness programs not only account for legal obligations, but they also consider employees’ specific responsibilities and how everyone interacts with cybersecurity and ESG sectors in differing ways. Dynamic workshops, lecture sessions, and specialized training are solid paths to showcase compliance in both cybersecurity and ESG

Three Ways To Close Your Cyber Skills Gap

If hiring outside talent is too difficult, time-consuming or expensive, it may be time to look inward and develop your own talent pipeline from within your organization. Good cybersecurity employees must be curious, measured and driven with an attitude of “I don’t know the answer, but I can figure it out.” The rest you can teach. I have personally transitioned employees from DevOps and infrastructure teams into roles as IAM specialists, senior security architects and engineers. Unfortunately, internal development programs are often hampered by a lack of time and resources or leadership turnover, which makes it impossible to settle on a strategy for longer than a single technology refresh cycle. But if you make the investment and look beyond certifications and formal training, you will often find passionate existing employees who simply need an opportunity and a nudge in the right direction. Personally, I’ve found that web developers, network administrators, cloud engineers and operations personnel all make fantastic cybersecurity candidates with the right support.

9 things you shouldn’t virtualize

Although virtualization has kept up to date with the ability to handle streaming and other relatively high-performance processes, some memory-intensive projects aren’t a good fit. Not having enough memory or overcommitting the memory you do have can lead to performance issues. Server virtualization may make it easier for you to save physical space, but it still requires a lot of memory. ... When it comes to power sources, it’s best practice to always have a backup. The same is true of virtualizing servers. Don’t go out on a limb with virtualizing something and end up removing the redundancy the original had. Make sure you’ve tested that the virtualized server and its backup work well before you make any changes you can’t reverse. ... What if the VM you’re trying to repair also controls the retinal scanner that is supposed to let you into the building? Now you have a second problem. Software on VMs shouldn’t be the only way to access physical controls, especially if they’re mission critical or could cause problems for the people working on the servers themselves. 

8 signs your low-code platform is overpromising and underdelivering

Many low-code and no-code platforms allow developers to customize the implementation with custom code. But if you are adding too much pro code, being confined to a low-code platform may be constrictive. Alternatively, if business stakeholders are writing requirements and aren’t open to the solutions accelerated through low-code platforms, you might as well develop a custom solution. David Brault, product marketing manager at Mendix, agrees, “A low-code solution that requires developers to leave the platform and revert to full-code development environments to make enhancements to an application is one that will consistently underdeliver.” Guljeet Nagpaul, chief product officer at ACCELQ, adds, “One sign that your low-code platform is not working concerns customizations. If you find that your platform needs constant customizations, that suggests that the code is being written without the discipline of architecture and sound design. The maintenance of this customization will quickly become unsustainable and ultimately drag down the return on investment.”

Mentor Magic: How To Make Mentorship Work for Your Career

Before looking for a mentor, think hard about whether you are ready to be mentored and ready to invest in the relationship. Being a mentee isn’t sitting at the foot of a mentor and having them impart wisdom. The mentor is offering their valuable time and hard-won wisdom; these are gifts that you acknowledge and express gratitude for not just with words, but by your attitude and your actions. Being a great mentee means being open-minded, ready to change, dedicated to preparing ahead of time for sessions with your mentor, and committed to following through on goals or projects established with your mentor. How do you prepare? Know what skill or competency you are looking to build, or the question you need help with. Before the meeting, send an email with a subject line that succinctly telegraphs the topic of the meeting and outlines what you’d like to discuss. This ensures that valuable time during your meeting won’t be wasted on laying out why you are there, and it gives your mentor time to prepare as well. Next, prepare for the meeting itself. Detail the steps you have already taken to build the skill or answer the question yourself. 

CIO role: 5 secrets to success

IT is not a function to be hidden in the shadows anymore. Today, every company is a tech company – and they need to think and act like one. That puts the CIO in a high-visibility/high-impact role. Use a products-and-platforms approach: Prioritize the design and build for the organization’s “customer” or “consumer.” More and more CIOs are talking about business and motivating people inside and outside their organizations. ... Engage business leaders in your vision that information technology is at the heart of the organization. How technology and data are woven into business priorities and support the company’s evolution is a critical conversation that you should be driving and engaging people in. The IT Vision should feel like it is owned by more than just the CIO. The CIO provides the inspiration, the experience, and the direction, but to get true ownership, accountability, and trust, the vision needs to be owned and delivered by the leadership team. Engaging cross-functional and internal leaders in this vision will accelerate the journey toward achieving this transformation.

Have Some CAKE: The New (Stateful) Serverless Stack

C Is for CockroachDB Serverless - To power these next-generation serverless applications, we need a database that solves your scale-up and scale-down problems. And it needs to be a consistent data store so you can use it for your most business-critical applications. ... A Is for Auth - To enable all those different endpoints to have common access controls, we also need next-generation authorization, authentication, session and user management. ... K Is for Kubernetes - Distributed systems are inherently complex, so we need a way to orchestrate all the moving pieces. The essential anchor of our new stateful serverless stack is Kubernetes, since the big K8s vendors are offering dynamic, low-friction scaling mechanisms for our orchestration layer. ... E Is for Serverless Frameworks - Of course, we need to host and deploy our serverless, event-driven architecture. At this point in the stack there are two moving pieces to select: serverless frontend and backend frameworks. 

Quote for the day:

Good leaders value change, they accomplish a desired change that gets the organization and society better. - Anyaele Sam Chiyson

No comments:

Post a Comment