April 29, 2021
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Why the Age of IIoT Demands a New Security Paradigm
Perhaps the most dangerous and potentially prolific security threats are employees, experts contend. “We fear Russia in terms of cybersecurity breaches, but the good-hearted employee is the most dangerous,” says Greg Baker, vice president and general manager for the Cyber Digital Transformation organization at Optiv, a security systems integrator. “The employee that tries to stretch their responsibilities by updating a Windows XP workstation to Windows 10 and shuts the factory down—they’re the most dangerous threat actor.” Historically, security of OT environments has been addressed by preventing connectivity to outside sources or walling off as much as possible from the internet using a strategy many refer to as an “air gap.” With the latter approach, firewalls are the focal point of the security architecture, locking down an automation environment, perhaps in a specific building, to prevent external access as opposed to a strategy predicated on securing individual endpoints on the industrial network such as HMIs or PLCs. “We used to live in a world that was protected—you didn’t need to put a lock on your jewelry drawer because you had a huge fence around the property and no one was getting in,” explains John Livingston
9 unexpected skills you need for today's tech team
Pekelman said that being adaptable is also crucial. "More than ever, teams need to be agile and flexible—as we've learned, things can truly change in a very short period of time," he said. Nathalie Carruthers, executive vice president and chief HR officer at Blue Yonder, agreed that change, innovation and transformation are the only constants in the tech world. "We look for candidates who can adapt to this constant change and who have a passion for learning," she said. In addition to working well with others, IT professionals have to be able to set priorities for their daily and weekly to-do lists without extensive guidance from the boss. Jon Knisley, principal of automation and process excellence at FortressIQ, said employees also should be able to think critically and act. "With more agile and collaborative work styles, employees need to execute with less guidance from management," he said. "The ability to conduct objective analysis and evaluate an issue in order to form a judgement is paramount in today's environment." Carruthers said technical skills and prior experience are good, but transferable skills are ideal. "Transferable skills showcase problem-solving ability, versatility and adaptability—common traits in successful leaders and essential elements for career development," she said.
4 Innovative Ways Cyberattackers Hunt for Security Bugs
A more time-consuming and less satisfying tactic to find bugs is fuzzing. I was once tasked with breaking into a company, so I started at a relatively simple place — its employee login page. I began blindly prodding, entering ‘a’ as the username, and getting my access denied. I typed two a’s… access denied again. Then I tried typing 1000 a’s, and the portal stopped talking to me. A minute later, the system came back online and I immediately tried again. As soon as the login portal went offline, I knew I found a bug. Fuzzing may seem like an easy path to finding every exploit on a network, but for attackers, it’s a tactic that rarely works on its own. And if an attacker fuzzes against a live system, they’ll almost certainly tip off a system admin. I prefer what I call spear-fuzzing: Supplementing the process with a human research element. Using real-world knowledge to narrow the attack surface and identify where to dig saves a good deal of time. Defenders are constantly focused on making intrusion more difficult for attackers, but hackers simply don’t think like defenders. Hackers are bound to the personal cost of time and effort, but not to corporate policy or tooling.
7 Things Great Leaders Do Every Day
A leader needs to inspire takeaways, which will bring value to-and-for the team. Consistency in success relies on having all able hands on deck, working together and with mutual understanding, to make for the steadiest ship. If you're trying to build better structure within mid-sized or larger organizations, the Leader should consider delegating the sharing of information amongst department/division heads and allow for them to disseminate the state of things to their reports. Choosing one-on-ones, senior staff huddles, and/or both (depending on what needs to be accomplished) are good ways to ensure this process smoothly moves forward. These should not substitute for any regularly scheduled staff meetings, which should be conducted at the frequency and manner that most makes sense for your organizational environment, sector, and company size. In turn, communicating the state of things to your department/division heads will task and empower them to take progressive roles in having ownership of communications relevant to their department/division while being “in the know” on the overall macro level.
Rearchitecting for MicroServices: Featuring Windows & Linux Containers
First, let’s recap the definition of what a container is – a container is not a real thing. It’s not. It’s an application delivery mechanism with process isolation. In fact, in other videos I have made on YouTube, I compare how a container is similar to a waffle, or even a glass of whiskey. If you’re new to containers, I highly recommend checking out my “Getting Started with Docker” video series available here. Second, let’s simplify what a Dockerfile actually is – the TL;DR is it’s an instruction manual for the steps you need to either simply run, or build and run your application. That’s it. At its most basic level, it’s just a set of instructions for your app to run, which can include the ports it needs, the environment variables it can consume, the build arguments you can pass, and the working directories you will need. Now, since a container’s sole goal is to deliver your application with only the processes your application needs to run, we can take that information and begin to think about our existing application architecture. In the case of Mercury Health, and many similar customers who are planning their migration path from on-prem to the cloud, we have a legacy application that is not currently architected for cross platform support – I.E. it only runs on Windows.
How to Change Gender Disparity Among Data Science Roles
There are times that I see job reqs and I’ll see recruiters come back saying they’re not finding that type of candidate -- that it doesn’t exist. I’m pretty convinced that the way the job requisitions are written they are inherently attracting individuals that may feel more confident. There’s a ton of data around the idea that individuals that identify as female are far less likely to apply to a role if they don’t tick every single box whereas their male counterparts, if they check a third or less, will be bold and apply. I think we need to do a better job at writing job descriptions that are inclusive. If there’s roles that you foresee your organization is going to need filled in AI, robotics, or edge computing -- some of the things that are tip of the spear -- the whole market is stripped out irrespective of what gender or background you may have. That is a leading indicator that an investment needs to be made. Whether that’s investing in junior practitioners, or creating alliances and relationships with local colleges and universities, or being more creative about how you curate your class of interns so they have time to ramp up, you’ve got to handle both sides of it.
Read more here ...