November 07, 2024

Keep Learning or Keep Losing: There's No Finish Line

Traditional training and certifications are a starting point, but they're often not enough to prepare professionals for real-world challenges. Current research supports a need for cybersecurity education to be interactive, with practical approaches that deepen both engagement and understanding. ... For cybersecurity professionals, a commitment to lifelong learning is a career advantage. Those who prioritize continuous education stand out, not only because they keep pace with industry advancements but also because they demonstrate a proactive mindset valued by employers. Embracing lifelong learning positions professionals for growth, higher responsibility and leadership opportunities within their organizations. Organizations that foster a culture of continuous learning create an environment in which employees feel empowered and supported in their growth. These organizations often find they retain talent longer and perform better in crisis situations because their teams are both knowledgeable and resilient. By prioritizing ongoing education, companies can cultivate a workforce that's agile, engaged and better prepared to face cyberthreats head-on. In cybersecurity, the question isn't whether you'll keep learning - it's how you'll keep learning. 

Top 5 security mistakes software developers make

“A very common practice is the lack of or incorrect input validation,” Tanya Janca, who is writing her second book on application security and has consulted for many years on the topic, tells CSO. Snyk also has blogged about this, saying that developers need to “ensure accurate input validation and that the data is syntactically and semantically correct.” Stackhawk wrote, “always make sure that the backend input is validated and sanitized properly.” ... One aspect of lax authentication has to do with what is called “secrets sprawl,” the mistake of using hard-coded credentials in the code, including API and encryption keys and login passwords. Git Guardian tracks this issue and found that almost every breach exposing such secrets remained active for at least five days after the software’s author was notified. They found that a tenth of open-source authors leaked a secret, which amounts to bad behavior of about 1.7 million developers. ... But there is a second issue that goes to understanding security culture so you can make the right choices of tools that will actually get deployed by your developers. Jeevan Singh blogs about this issue, mentioning that you have to start small and not just go shopping for everything all at once, “so as not to overwhelm your engineering organization with huge lists of vulnerabilities. ..."

There is No Autonomous Network Without Observability

One of the best things about observability is how it strengthens network resilience. Downtime can not only damage your reputation and frustrate your customers; it is also flat-out expensive. Observability helps you spot vulnerabilities before they become major issues. With real-time insights, you can jump in and make fixes before they lead to downtime or degraded performance. Plus, observability works hand-in-hand with AI-driven assurance systems. By constantly monitoring performance, these systems diligently look for patterns that might hint at future problems. They can make proactive adjustments, which cut down on the need for manual intervention. The result? A network that is more self-reliant, adaptive, and able to keep running smoothly. Observability doesn’t just stop there—it also steps up your security game. With threat detection built into every layer of the network, observability helps your network identify and deal with security issues in real time, making it not just self-healing but self-securing. ... Today’s networks are not confined to one domain anymore. We are working with multi-domain networks that tie together radio, transport, and cloud technologies. That creates a massive amount of data, and managing that data in real time is a challenge. 

Building a better future: The enterprise architect’s role in leading organizational transformation

Architects bring unique capabilities that make them well-suited for leadership roles in an evolving business landscape. Their core strength lies in aligning technology with business goals. This keeps innovation and growth interconnected. Unlike traditional executives, architects have a holistic view of both domains, allowing them to see the big picture and drive meaningful change. With deep technical expertise, architects can navigate complex systems, platforms, and infrastructures. But their strategic thinking sets them apart—they don’t just focus on technology in isolation. They understand how it drives business value, enabling them to make informed decisions that benefit both the organization and its customers. Moreover, architects are natural collaborators. They excel at bridging gaps between different business units, fostering cross-functional teams, and ensuring integrated solutions that work for the entire organization. This ability to collaborate across departments makes them ideal for leadership in a world that values adaptability, inclusivity, and alignment over rigid command structures. The shift from a ‘command and control’ leadership mode to one of ‘align and collaborate’ is transforming how organizations are managed. 

How ‘Cheap Fakes’ Exploit Our Psychological Vulnerabilities

Cheap fakes exploit a range of psychological vulnerabilities, like fear, greed, and curiosity. These vulnerabilities make social engineering attacks prevalent across the board -- over two-thirds of data breaches involve a human element -- but cheap fakes are particularly effective at leveraging them. This is because many people are unable to identify manipulated media, particularly when it aligns with their preconceptions and existing biases. According to a study published in Science, false news spreads much faster than accurate information on social media. Researchers found several explanations for this phenomenon: false news tends to be more novel than the truth, and the stories elicited “fear, disgust, and surprise in replies.” Cheap fakes rely on these emotions to spread quickly and capture victims’ attention -- they create inflammatory imagery, aim to increase political and social division, and often present fragments of authentic content to produce the illusion of legitimacy. At a time when cheap fakes and deepfakes are rapidly proliferating, IT teams must emphasize a core principle of cybersecurity: Verify before you trust. Employees should be taught to doubt their initial reactions to digital content, particularly when that content is sensational, coercive, or divisive.... 

Cloud vs. On-Prem: Comparing Long-Term Costs

You’ve seen many reports of companies saving millions of dollars by moving a portion or majority of their workloads out of the cloud. When leaving the cloud becomes financially viable, the price point will depend on your workload, business requirements, and other factors, but here are some basic guidelines to consider. Big cloud providers have historically made moving all your data out of their cloud cost-prohibitive. Saving millions of dollars on computing will not make sense if it costs millions to move your data. ... You would have to reduce your cloud spend by 90-96% to save as much money as buying hardware. Reserved instances and spots may save money, but never that much. Budgeting hardware and collocation space will be easier to engineer and more predictable for your long-term projected spending. Spending this much money also means you are likely continuously upgrading based on your cloud provider’s upgrade requirements. You will frequently upgrade operating systems, database versions, Kubernetes clusters, and serverless runtimes. And you have no agency to delay them until it works best for your business. But saving people’s costs isn’t the only benefit. A frequent phrase when using the cloud is “opportunity cost.” 

Read more here ...