Daily Tech Digest - April 19, 2023

Why Your Current Job May Be Holding Back Your IT Career

Failing to pursue professional development opportunities and not maintaining a current and relevant skillset are both great ways to shift a career into neutral. “This includes not keeping up with the latest industry trends and technologies, not networking with other professionals, and not pursuing additional training or education opportunities,” Delfine says. “IT professionals need to continually develop their skillsets and be aware of and learn new methods and tools that can be applied across multiple industries.” Another mistake is spending too little or too much time in a particular role. Knowing when to stay and when to move on is a skill within itself, says Erin Goheen, vice president of technology at freight and logistics services firm XPO. “I've seen cases where job-hopping can be detrimental to one's career because it prohibits technologists from maximizing the amount of learning and skill development gained in a particular role,” she explains. “Conversely, if you’re in a role for too long and you're no longer learning and expanding your professional capabilities, other professionals who are actively growing in similar roles will pass you in their career trajectories.”

Top risks and best practices for securely offboarding employees

Shadow IT and information systems that aren’t part of a business’s identity and access management (IAM) architecture are a huge risk to successful, secure offboarding, says Richard Jones, global CISO at Orange Cyberdefense. This is magnified for cloud and SaaS systems/applications that don’t require specific network access or physical presence in an office, with IT teams often unaware of the extent of employees’ SaaS usage. ... Another challenge is managing software asset licenses. If employees aren’t properly offboarded from cloud system licenses this can lead to excessive IT costs as well as security risks, as licenses are often changed per user, per month, Jones says. It’s not just the risks of outgoing employees themselves that CISOs need to consider. “In most cases, mass layoffs cause remaining employees to be concerned about their job security, which can increase insider threats and introduce security gaps caused by unintentional negligence,” says Mohan Koo, CTO at DTEX Systems.

How Cybersecurity Leaders Can Capitalize on Cloud and Data Governance Synergy

In today’s modern organizations, explosive amounts of digital information are being used to drive business decisions and activities. However, both organizations and individuals may not have the necessary tools and resources to effectively carry out data governance at a large scale. I’ve experienced this scenario in both large private and public sector organizations: trying to wrangle data in complex environments with multiple stakeholders, systems, and settings. It often leads to incomplete inventories of systems and their data, along with who has access to it and why. Cloud-native services, automation, and innovation enable organizations to address these challenges as part of their broader data governance strategies and under the auspices of cloud governance and security. Many IaaS hyperscale cloud service providers offer native services to enable activities such as data loss protection (DLP). For example, AWS Macie automates the discovery of sensitive data, provides cost-efficient visibility, and helps mitigate the threats of unauthorized data access and exfiltration.

Seven Tips for Achieving Dynamic Professional Transformation with Framework Modeling

Framework modeling can be a significant differentiator and can empower professionals with rich knowledge repositories of best practices derived from frameworks. The modeling of the framework offers a big-picture approach and life cycle perspective for achieving goals. This can aid professionals as existing and emerging technologies impact which professional skills are relevant and required in the market. Innovative technologies continue to emerge and create an impact on employment due to new services made possible through innovation and automation. For example, there is much speculation about how ChatGPT will impact employment opportunities in various lines of work. There is also widespread concern that management will prefer to harness technology rather than employees when considering value delivery in the future. Hence, professionals as knowledge workers can benefit by upgrading their skills by adapting the framework modeling approach. ...  Framework modeling can be considered the skill of carving the required knowledge from the structure and contents of a framework per an enterprise’s needs.

FBI and FCC warn about “Juicejacking” – but just how useful is their advice?

The idea is simple: people on the road, especially at airports, where their own phone charger is either squashed away deep in their carry-on luggage and too troublesome to extract, or packed into the cargo hold of a plane where it can’t be accessed, often get struck by charge anxiety. Phone charge anxiety, which first became a thing in the 1990s and 2000s, is the equivalent of electric vehicle range anxiety today, where you can’t resist plugging in for a bit more juice right now, even if you’ve only got a few minutes to spare, in case you hit a snag later on in your journey. But phones charge over USB cables, which are specifically designed so they can carry both power and data. So, if you plug your phone into a USB outlet that’s provided by someone else, how can you be sure that it’s only providing charging power, and not secretly trying to negotiate a data connection with your device at the same time? What’s if there’s a computer at the other end that’s not only supplying 5 volts DC, but also sneakily trying to interact with your phone behind your back?

7 keys to controlling serverless cloud costs

Overprovisioning memory and CPU allocation are two culprits often found behind serverless computing cost overruns. When you execute a serverless function in your cloud application, your CSP allocates resources according to the function’s configuration. Then when billing time comes around, your CSP bases your billing on the amount of resources your application consumes. It makes good business sense to spend the extra time during the design phase to determine the appropriate amount of resources that each serverless function requires, so you’re minimizing costs. Train your cloud developers to use compute only when necessary, advises CloudZero. They give the example of using step functions to call APIs instead of Lambda functions, meaning you only pay for the step functions. The major CSPs and cloud management platforms include key performance indicator (KPI) monitoring dashboards of one form or another. You can also use observability tools, such as Datadog, for KPI monitoring. Monitoring your serverless KPIs should figure prominently in your project and deployment plans.

New DDoS attacks on Israel’s enterprises, infrastructure should be a wake-up call

“Generally speaking, all these attacks happen with more or less sophisticated forms, either abusing different vulnerabilities and systems or brute force DDoS,” Izrael said. “What’s different about these is that an unsophisticated DDoS tactic would be to blast a website with traffic and take it down. What’s happening here is that attackers have been targeting a lot of weak spots where they are taking down services.” Izrael added that the attackers have also managed to hobble, albeit briefly, smart IoT functionality at individual homes, buildings and other structures. Justin Cappos, professor of computer science and engineering at the NYU Tandon School of Engineering, said network provisioning operators need to pay attention to any new group launching large-scale DDoS attacks. ... Izrael said the combination of direct attacks by the Iranian government and indirect attacks by affiliated groups achieves two goals: keeping the provenance of the attacks very murky and making the attack seem bigger because the origin of the attacks is unclear. 

Rising to the challenge: the role of boards in effective bank governance

Effective governance has been a priority of our supervision for several years, and will continue to be in the years to come. As part of our work on this priority, we are carrying out an update of our supervisory expectations on governance. Today’s seminar is an important opportunity to listen to the industry as we fine-tune those expectations, and marks one of many milestones along the way. Particularly in the current climate, it is essential for banks to have strong and effective governance. A bank needs a board that can steer it through calm and stormy waters alike, setting the compass on the strategy for the bank, while ensuring a sustainable business model and monitoring risks in a forward-looking manner. In today’s environment, backward-looking indicators of risk might be misleading. It is therefore more important than ever for boards to be vigilant. Boards need to take a proactive approach to identifying emerging risks and trends, assessing potential impacts on the bank, and taking appropriate actions to mitigate them.

Unlocking the power of a multigenerational workforce

Those organisations that don’t innovate die a slow death; those who are not open to change and not forward-looking will not be far behind. Organisations have to constantly employ different ‘listening methods’ to gauge the pulse of employees across generations, check on new trends and keep revisiting their programs and policies to imbibe what’s new, instead of sticking to the ‘tried and tested’. ... Learning only happens when one’s thoughts and opinions are challenged by those people from entirely different backgrounds or have a very different thought process from that of one’s own. The influx of talent from diverse groups, especially from across generations hence continues being very essential for the organisation. The early-age talent brings enthusiasm and challenge; the older age group folks infuse much-needed wisdom and experience! Sensitising managers and leaders: Since they hold the staff for taking the organisation ahead, especially in turbulent times. ‘How to lead a team with members across generations’ is a learning module that organisations must learn to invest in – incorporating elements like empathy, situational leadership and leaving one’s ego behind.

CIO Fletcher Previn on designing the future of work

The network that can properly support hybrid work needs to be more distributed, porous and has a very different attack surface than when we were all in the office. Technologies like Zero Trust become even more important, along with split tunnel VPNs and having the right endpoint security strategy so you don’t have to backhaul all the traffic in order to inspect it. You need carrier and path diversity at your carrier neutral facilities and network points of presence, and you want to have a good peering strategy so you can bring applications closer to the end users and take traffic off the public internet. Full-stack observability becomes more urgent in a hybrid world. How do we really understand our employee experience our employees are having when they are connecting from across all sorts of networks that we don’t manage? We need to understand the performance of the public internet and various SaaS tools in order to really know what our hybrid work experience is going to be for our people. We also need tools that provide valuable observability that lets us detect and fix problems before our employees even know there is an issue brewing.

Quote for the day:

"Leadership should be born out of the understanding of the needs of those who would be affected by it. " -- Marian Anderson

No comments:

Post a Comment