4 Misconceptions about DevSecOps Every CIO Should be wary of
True DevSecOps, like DevOps, necessitates a harmonious collaboration of people,
processes, and tools. It’s a culture, automation, and platform design approach
that emphasizes security as a shared responsibility across the IT lifecycle.
DevSecOps is, in fact, a human as well as a technical challenge. Personal
development, culture, and connections with teams and managers are all critical
factors in forming a successful DevSecOps team. ... Cloud and cloud-native
software and infrastructure are ideal fit for DevSecOps. It is, nonetheless,
useful for a wide range of environments, particularly those who continue to
apply a ten-year-old security playbook to their risk profile. Containerized
cloud-native environments aren’t the only place where DevSecOps can be used.
Some of the technological and process features of DevSecOps, as well as the
general shift toward rapid, iterative development cycles – work well with
micro-services architecture, but not as well with big monoliths’ many
dependencies and extensive test cycles. However, most organizations may benefit
from DevSecOps’ cultural features, particularly those that have traditionally
considered security as a pre-deployment checkbox rather than a priority
ingrained throughout the organization.
Are You Too Late to Start Your Data Science Journey?
What concerned me the most about being too late was not the amount of materials
I needed to learn. I’d rather have doubts if I would be able to find a job by
the time I learned enough. Data science was a pretty hot topic and there were
quite a number of people already working in this field.In the last three years,
I have been not only learning data science but also observing the dynamics of
this field. My thought about being too late changed. I was not too late to start
back then. Moreover, if I started learning data science today, I would not be
too late either. ... The biggest challenge for those who want to make a career
change to work in data science is finding the first job. I faced the same
challenge and it took me about two years to land my first job. This issue is not
related to if you are too late to start learning data science. The jobs are out
there and increasing. However, without prior job experience, it is difficult to
demonstrate your skills and convince employers or recruiters.
3 fading and 3 future IT culture trends
Whether your IT team is remote, hybrid, or back in the office, all the pivots of
2020 made it clear just how crucial digital transformation is for business. But
more than that, it’s important to have the right tech stack – one that’s simple,
efficient, and centralized, not scattered or complicated. Adobe Workfront’s
State of Work 2021 report indicates that 32 percent of employees have left a job
due to inadequate technology that was a barrier to their workflow, and another
49 percent are likely to quit if the tech stack is frustrating or hard to use.
IT leaders must scale down their technology in order to consolidate tools and
software programs for maximum efficacy. ... While we’re on the subject of a
centralized tech stack, let’s talk about the newer trend that has made an
imprint on IT culture: the cloud-based workspace. Part of a tech solution called
Infrastructure as a Service (IaaS), this digital hub is hosted in the cloud but
accessible wherever there’s an internet connection. A cloud-based workspace also
eliminates the need for complex hardware or equipment since workers can access
it from a wireless device.
Looking into the future of the metaverse
What will make or break the metaverse will be its ability to capture data from
its surroundings and even the biosphere. The only way to do that will be by mass
ingestion of the data coming from the Internet of Things. Only with this data
will you be able to create a rich and meaningful environment. The next need
after “seeing” will be “interacting,” meaning that the data not only needs to be
represented in a meaningful way but also must be responsive. On the lowest
level, equal to the physiological needs of humans in the real world, you can
imagine the needs of a digital infrastructure in the metaverse: tools for
ingestion of and access to data and the infrastructure to store, analyse and
enrich data. But just like in the real world, before any meaningful interactions
can be achieved, security needs to be guaranteed. With all the attention on the
exciting possibilities of the metaverse, you could forget what infrastructures
will be needed for the heavy lifting. It would have to be optimised for
transferring and storing data. To make the metaverse attractive, not only would
historical data need to be available, to facilitate context and depth in any
interaction, but it would also have to be highly accurate.
5 Practical Steps To Protect Your Business From BYOD Security Risks
In general, personal mobile devices should not be considered the
employee’s primary device – they should only be considered a convenience
to access chat, email and other cloud apps when using a more secure
device is not an option. Note that a VPN is needed when in a public
place and an unsecure Wi-Fi network is the only option. Again, it is
recommended the employee use their company-provided and managed laptop,
not a personal mobile device. Many usage policies actually prohibit
employees from connecting to unsecured Wi-Fi in the first place, which
solves the problem. ... Another important step to protecting your
business against BYOD risks is to create a list of accepted devices for
accessing company data. Without a thorough list of the number of BYOD
devices in use within an organization’s ecosystem, it’s extremely
difficult to effectively measure and mitigate the risk that this poses.
Knowing the number of personal devices being used for business tasks
allows you to require specific security measures for each type of
device.
How Can Leaders Prepare for the Unexpected?
With the impacts of an inflection point clear, how do organizations
operate in a timely fashion to plan and then respond? Francis said, “I
tried to use the past to potentially predict future. It didn’t work.
Given this, I gather all the critical players together routinely. At the
same time, I let the pros do their job and I focus on clearing the way
of obstructions.” To be able to do this, Young said it is "important to
hire good people, empower them, give them resources they need to operate
at the best of their ability, and let them do their jobs. The basics of
practicing disaster recovery/business continuity should be built into
organization DNA.” CIO Martin Davis claimed, “it is important to think
through common scenarios and workout how you would handle them and
ensure you have game plans on the shelf that can be adapted for the
unexpected. Ensure you learn from previous and have practical advice
ready to use and people with the right training.” To do this,
Gildersleeve said the organizations needs clear definitions for who is
responsible for what areas in advance of the unexpected.
Learn the Blockchain Basics - Part 9: Blockchain Around the World
From the perspective of a technician, the blockchain is: A transactional
platform and distributed accounting ledger using cryptocurrency tokens
as a representation of a specific value at the current time (same as
fiat). That means that a transaction is carried out by the blockchain
nodes, and every member of this blockchain party has a copy of this
transaction on their computer (node). Everybody verifies if the entities
that are about to do a transaction have enough funds to make this
transaction happen. You are basically announcing to all members of this
system that you are about to make something happen and, even though this
action is happening between two peers, the rest of the network verifies
and records the transaction. It is a computing infrastructure that uses
the power of the decentralized database with linear cell-space
structure, published in a semi-public way (also known as “the block”).
It’s an open-source software operating on a development platform of the
future. The trust service layer, in combination with Peer to Peer (P2P)
network, handles microtransactions and large-value transactions as well
- allowing two users to do the same things that a bank would need to do
on their behalf.
Donald Knuth on Machine Learning and the Meaning of Life
“The word open source didn’t exist at that time,” Knuth remembers, “but
I didn’t want proprietary rights over it, because I saw how proprietary
rights were holding things back.” Knuth remembered how IBM had allowed
other companies to make their own compilers for IBM’s Fortran
programming language — whereas things were different in the typography
industry. “Each manufacturer had their own language for composing pages,
and that was holding everything back…” But in addition, due to the
success of his programming books, “I didn’t need the income! I already
had a good job, and people were buying enough books that it would bring
me plenty of supplemental income for everything my kids needed for
education, whatever,” he said. Referring to a familiar structure in
Boolean logic, Knuth quips that income “is sort of a threshold function”
— that is, it basically just needs to determine whether a certain
minimum has been exceeded. “And so I could specifically see the
advantage of making it open for everybody…”
6 data center trends to watch
The struggle to attract and retain staff is an ongoing problem for many
data-center owners and operators. Among respondents, 47% report
difficulty finding qualified candidates for open jobs, and 32% say their
employees are being hired away, often by competitors. In the big
picture, Uptime projects that staff requirements will grow globally from
about 2 million full-time employee equivalents in 2019 to nearly 2.3
million in 2025. According to Uptime: “New staff will be needed in all
job roles and across all geographic regions. In the mature data-center
markets of North America and Europe, there is an additional threat of an
aging workforce, with many experienced professionals set to retire
around the same time—leaving more unfilled jobs, as well as a shortfall
of experience. An industry-wide drive to attract more staff, with more
diversity, has yet to bring widespread change.” The notion of
sustainability is growing in importance in the data-center sector, but
most organizations don’t closely track their environmental footprint,
Uptime finds. Survey respondents were asked which IT or data-center
metrics they compile and report for corporate sustainability
purposes.
Combating vulnerability fatigue with automated security validation
Legacy vulnerability management tools flood security teams with long
lists of community prioritized vulnerabilities – there were more than
15,000 vulnerabilities found only in 2020. Of these, only 8% were
exploited by attackers. Not to mention the top 30 recently reported by
CISA. Currently, it’s a cat and mouse game that the customer can never
win – chasing an ever-growing list of vulnerabilities without knowing
whether they fixed the ones that attackers want to target, exposed the
most risk-bearing vulnerabilities, checked if there is an active exploit
for a specific vulnerability, or analyzed what the possible risk and
impact is that may originate from a vulnerability. All that context is
required for security and IT teams to reduce the risk, maintain business
continuity, and be a step ahead of the adversary. Unfortunately, the
chase for more and more vulnerabilities has kept us away from the goal
of where we want and need to be. At this stage of the battle with cyber
adversaries, CISOs can’t go backward into the world of vulnerability
fatigue.
Quote for the day:
"Great Groups need to know that
the person at the top will fight like a tiger for them." --
Warren G. Bennis
