Agile, DevOps, Continuous Delivery and Continuous Development all help improve software delivery speed. However, as more applications and software development tools include AI, might software developers be trading trust and safety for speed?
The software delivery cadence has continued to accelerate with the rise of Agile, DevOps and continuous processes including Continuous Delivery and Continuous Deployment. The race is on to deliver software ever faster using fewer resources. Meanwhile, for competitive reasons, organizations don't want to sacrifice quality in theory, but sometimes they do in practice.
Recognizing the need for speed and quality, more types of testing have continued to "shift left." Traditionally, developers have always been responsible for unit testing to ensure the software meets functional expectations, but today, more of them are testing for other things, including performance and security. The benefit of the shift-left movement is the ability to catch software flaws and vulnerabilities earlier in the lifecycle when they're faster, easier and cheaper to fix. That's not to say that more exhaustive testing shouldn't be done; shift-left testing just ensures that fewer defects and vulnerabilities make their way downstream.
Background On October 18, 2018, 360 Threat Intelligence Center captured for the first time an example of an attack using the Excel 4.0 macro to spread the Imminent Monitor remote control Trojan. Only 10 days after the security researchers of Outflank, a foreign security vendor, publicly used Excel 4.0 macros to execute ShellCode’s exploit code for the first time on October 6, 2018. Although Excel 4.0 macro technology has been released for more than 20 years, and is often used to make macro viruses early in the technology, in fact, Microsoft has long used VBA macros (Visual Basic for Applications) instead of Excel 4.0 macro technology. This leads to Excel 4.0 macros not being well known to the public. Also, because Excel 4.0 macros are stored in the Workbook OLE stream in Excel 97-2003 format (.xls, composite binary file format), this makes it very difficult for anti-virus software to parse and detect Excel 4.0 macros.
360 Threat Intelligence Center analyzed in detail how Excel 4.0 macros are stored in Excel documents, and through in-depth research found that after using some techniques to hide Excel 4.0 macros and perform some specially processed ShellCode, you can completely avoid almost all antivirus. The software statically and dynamically kills and executes arbitrary malicious code. Since the new utilization technology based on Excel 4.0 macro has been published, and the use of this technology to spread the remote use of the remote control Trojan has emerged, 360 Threat Intelligence Center released the analysis report and reminded to prevent such attacks.
Tech analyst firm Gartner has compiled a list of the top ten strategic technology trends that organisations need to explore in 2019. According to Garner, these technologies have substantial disruptive potential and are either on the edge of making a big impact, or could reach a tipping point in the next five years.
Some of these trends will be combined: "Artificial intelligence (AI) in the form of automated things and augmented intelligence is being used together with the Internet of Things (IoT), edge computing and digital twins to deliver highly integrated smart spaces," explained Garner vice-president David Cearley.
The analyst firm's top 10 strategic technology trends for 2019 include:
As the lead for information security at Chicago Public Schools in 2013, Edward Marchewka wanted a way to measure how well the nation’s third largest public school district was doing at protecting its sensitive data.
Marchewka couldn’t find a model he liked, so he built one. It didn’t take long for him to see that there was a market gap for aggregating IT and information security metrics – one that he was well-positioned to fill. In 2015, he formed CHICAGO Metrics™, a platform that helps companies tell a better story by managing their key IT and information security risks.
Starting your own IT consulting business can be both enticing and intimidating. You exchange a corporate safety net for flexibility and autonomy. See below for tips on how to make that transition a success.
Be prepared to be a jack-of-all-trades.
When you start an IT consulting business, you’re no longer solely focused on your area of IT expertise. You’re also in charge of project management, bookkeeping, contracts, legal matters related to starting a business, and potentially, employees.
Three jobs completely new to the IT industry will be data trash engineer, virtual identity defender, and voice UX designer, according to Cognizant.
With technology flooding the enterprise, many people fear the emergence of tech will take over their jobs. However, tech like artificial intelligence (AI) and machine learning will actually create more jobs for humans, according to a recent Cognizant report. The report outlines 21 "plausible and futuristic" jobs that will surface in the next decade.
The 21 jobs follow three major underlying themes: Ethical behaviors, security and safety, and dreams, said the report. These themes come from humans' deeper aspirations for the future of the enterprise and daily life. Humans want machines to be ethical; humans want to feel safe in a technologically-fueled future; and humans always dreamt of a futuristic world, which is coming to fruition, according to the report.
When hiring gets tough, IT leaders get strategic. Here's how successful organizations seize the experts their competitors' only wish they could land.
The technology industry's unemployment rate is well below the national average, forcing companies to compete aggressively for top talent. When presented with a range of recruitment strategies by a recent Robert Half Technology questionnaire — including using recruiters, providing job flexibility and offering more pay — most IT decision makers said they are likely to try all approaches in order to land the best job candidates for their teams.
"We're currently in a very competitive hiring market," noted Ryan Sutton, district president for Robert Half Technology. "Employers want to hire the best talent to help keep their organization's information safe, but so do a lot of other companies."
Robert Half's research finds that software development and data analytics experts are the most challenging to hire. Many other talents are scarce, too. "Some of the most in-demand skills right now include cloud security, security engineering, software engineering, DevOps, business intelligence and big data, as well as expertise in Java full-stack, ReactJS and AngularJS," Sutton said.
People make a lot of excuses for avoiding cybersecurity assessments and getting third party help to build effective security teams. “My IT guy does that for me” and “It’s too expensive” are automatic, followed by “We’re just a small business, our data doesn’t matter.”
As cybersecurity has become more complex, traditional methods do not account for the wide range of issues related to securing corporate data and handling privacy concerns, according to new research report from CompTIA.
In the association’s report titled 2018 Trends in Cybersecurity: Building Effective Cybersecurity Teams, barely a quarter of those surveyed are satisfied with their current security posture and only 26 percent have a dedicated security team. On one hand, companies complain that good cybersecurity is too time consuming and not in the budget. At the same time, decision makers are scared to death of developing and executing a good cybersecurity plan and make lots of excuses to avoid it.
The survey polled 1,900 technology professionals employed in the United States. Half of the respondents worked in management roles, and half held staff positions. Forty-five percent were from enterprises with more than 1,000 employees, and they represented a wide range of industries.
Both managers and IT staffers saw their pay rise by $5,000. For staff, median total compensation rose from $85,000 in last year to $90,000 this year. That’s a significant increase, but the end result still trails the all-time high of $92,000 set in 2014.
Blockchain, AI, facial recognition? Here are Gartner's top strategic predictions for 2019 and beyond, delivered during the Gartner Symposium/ITExpo.
Deciding which projects to invest in right away and what projects should wait a little longer is one of the big tasks corporate boards and CIOs are focused on right now during IT budget season. To help decision makers with the big task at hand, Gartner Distinguished VP and Analyst Daryl Plummer announced to a packed house Gartner's Top Strategic Predictions for 2019 and Beyond during Gartner Symposium/ITExpo yestereday in Orlando.
"When we look at predicting the future, we typically have an 80 to 85% accuracy rate across all our predictions, and one of the things that I always say is that that's not good," Plummer said. "I'd be happier if our accuracy rate was 60% because I say if you aren't wrong you're not trying hard enough. I just found out one of our reports dropped to a 30% accuracy rate. I wasn't as happy about that as I thought I might be."
San Diego is uniquely positioned to be a leader in cybersecurity — not only in California but in the United States and even the world. The city’s proximity to the U.S. military and some of the world’s biggest technology companies has created more than 7,500 cybersecurity jobs.
RADM (Ret.) Kenneth Slaght is at the forefront of growing them and establishing San Diego’s standing in the process. Slaght is Chair and President of the San Diego Cyber Center of Excellence (CCOE), an organization established in 2014 to address the region’s cybersecurity industry needs.
“Companies in the region like Qualcomm and FICO said workforce was the biggest issue they faced,” Slaght said. “There are more than 100 companies doing cyber work in this region and they can’t find the people to fill their open positions.”
Thanks to the efforts of Slaght and his team, and the partnerships they’ve made with education and industry, the CCOE is well on its way to tackling that problem and building a robust cybersecurity workforce. The organization maintains a job board of hundreds of open positions and created a career map that shows education and certification pathways to join this in-demand industry.
“On any given day, there are 80-100 job openings here in the region,” Slaght said. “The region’s colleges are just meeting or barely meeting that demand without accounting for the fact that we lose many of our graduates to places like Silicon Valley and Washington, D.C.”
While the region’s universities and colleges graduate over 3,000 computer science and engineering students each year, the demand for qualified cyber workers continues to increase across all sectors.
FOR IMMEDIATE RELEASE Contact: Steve Wright Information Communication Technologies-Digital Media Sector Navigator California Community Colleges [email protected]
ROCKLIN, Calif. — There’s never been a better time to enter the IT workforce, as thousands of high paying jobs remain unfilled across California. A new initiative at California’s Community College is making it easier than ever for people with little or no technical experience to find a pathway toward one of those jobs in just a few months.
The IT Technician Pathway, offered at 22 California community colleges, is a series of four sets of courses designed to take students from computer sales to help desk support to more specialized fields like networking and cybersecurity. Each group of courses in the pathway corresponds to industry certifications that are essential for employment in any IT job.
By the end of grade 2, a student should be able to explain the functions of common hardware and software components in a computer. By the end of grade 5, he or she should be able to determine potential solutions to solve simple hardware and software problems using common troubleshooting strategies. By the end of grade 8, the student should be able to explain potential security threats and security measures to mitigate threats. And by the end of high school, he or she should be prepared to create data visualizations that can help others better understand real-world phenomena. Those requirements are among the computer science standards recently approved by the California State Board of Education. The process for developing those standards began in 2014 when Governor Jerry Brown signed into law a bill directing the state's Instructional Quality Commission to undertake development.
Women play an important role in building an innovative workforce, so it's critical to support to the next generation of women technologists and empower their careers.
In my 20 years in the technology industry, I’ve often been the only woman in the room. That was especially true at the beginning of my career.
Nowadays, things are different. Research shows that young women today are 33% more likely to study computer science, compared with women born before 1983. I see many more of these women entering the technology workforce, including my daughter. When I look at her and other young women following this path, I see them entering a much different workplace than I did, one that has more awareness of the challenges women face in male-dominated industries.
FOR IMMEDIATE RELEASE: Washington, D.C. (September 26, 2018)— “5 of every 6 routers are inadequately updated for known security flaws, leaving connected devices open to cyberattacks that can compromise consumer privacy and lead to financial loss,” according to a new study released today by the American Consumer Institute. The study, “Securing IoT Devices: How Safe Is Your Wi-Fi Router?”— finds that the majority of Wi-Fi router manufacturers are neglecting to update their firmware for known vulnerabilities leaving consumers at risk of having their data compromised and identity stolen.
The results show that this problem is pervasive among the most popular Wi-Fi routers in peoples’ homes:
As hackers get smarter and more determined, artificial intelligence is going to be an important part of the solution
As corporations struggle to fight off hackers and contain data breaches, some are looking to artificial intelligence for a solution.
They’re using machine learning to sort through millions of malware files, searching for common characteristics that will help them identify new attacks. They’re analyzing people’s voices, fingerprints and typing styles to make sure that only authorized users get into their systems. And they’re hunting for clues to figure out who launched cyberattacks—and make sure they can’t do it again.
“The problem we’re running into these days is the amount of data we see is overwhelming,” says Mathew Newfield, chief information-security officer at Unisys Corp. UIS 1.99% “Trying to analyze that information is impossible for a human, and that’s where machine learning can come into play.”
With ‘social engineering’ schemes, cybercriminals trick employees into handing over valuable information.
Often it begins with an innocuous-seeming email from an internet domain that closely resembles the victim’s. The message may appear to come from the company’s chief executive or another senior executive. “Are you at your desk?” it asks. “I need your help with something.”
Only after the conversation has begun will scammers ask for what they really want—a transfer of money. But by then it is often too late. The victim believes he’s emailing his boss and makes the payment.
Security pros call this social engineering, and it is replacing malicious software as the weapon of choice for cybercriminals. Social engineering is a bit of a catchall phrase, but it is happening anytime hackers trick employees into sharing intelligence that helps the hackers find vulnerabilities in company systems and carry out attacks. In addition to increasingly personalized phishing emails, it often involves phone calls in which the criminals trick employees into handing over private information or account passwords. Some employees have been tricked into wiring millions of dollars to offshore bank accounts controlled by the thieves.
Four years ago in May of 2014, the CEO of Code.org, Hadi Partovi, sent a letter to Governor Jerry Brown asking for a meeting to talk about the importance of expanding student access to computer science education in California’s K-12 schools.
Gov. Brown asked State Board of Education President Michael Kirst to advise him. A colleague of mine for over twenty-five years, Mike asked me to look into it and to answer some basic questions: What is computer science education? Why should it be for all students? Why now?
With college degrees in English Literature and Public Policy, and accustomed to relying heavily on Apple’s Genius Bar to fix my iPhone and laptop, I had a very steep learning curve.
But with mentoring from Code.org, the national nonprofit expanding K-12 computer science across the country and support from California’s many computer science advocates, I dug in. And the more I learned and understood, the more passionate I became about the need for computer science to be brought into K-12 as a foundational subject and about the critical importance of ensuring that girls, students of color, low-income kids, EL students — all students have access.
It’s easy to talk about the need for more women in IT, but hearing stories from friends and family members drove the point home for Del Norte High School student Lily Hu.
“Females are given fewer opportunities than their male colleagues,” Hu said. “If more young women become involved with IT and cybersecurity, we can change such stereotypes. Having more women would encourage support for one another.”
Hu is one of seven students from the CyberAegis team in San Diego to receive a National Center for Women in Technology (NCWIT) Aspirations in Computing Award. The award honors women in grades 9 through 12 who are active and interested in computing and technology, and encourages them to pursue their passions.
Cybersecurity is a rapidly growing field with a substantial shortage of qualified professionals.
The sponsors of this site are committed to building a strong technology workforce by building interest in the field at a young age. This site is a place for all California cybersecurity educators, coaches, mentors and students to share resources, best practices and support.
Development of the initial Cyberhub concept was funded by the CA Tech Hire Academy grant provided by Vice Chancellor Van Ton Qunlivan and the Doing What Matters for Jobs and the Economy program. Subsequent partnership with the California Governor's office (GoBiz) created the California Cyberhub as a state-wide, virtual collaboration funded by government, business and others.