Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For technologists

 

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

By Sanjay Mehta

In recent years, brands have started butting up against the line between convenience and privacy.  Shoppers love the convenience of personalized experiences that their data powers, but then horror stories such as the Cambridge Analytica scandal make people skeptical about how much information companies should be collecting and sharing.

Related: Apple battles Facebook over consumer privacy

Fundamentally this comes down to the underlying user identity, what data it contains, who generates that data, and where it resides.

Here we’ll discuss the implications to the third-party tracking and data which has been most impacted by recent privacy regulations and protocols. First it is important to understand the different degrees of data privacy.

Degrees of privacy

Customers share their information either explicitly through forms and transactions, or implicitly through their behaviors such as searches and clickstreams. Data explicitly provided by the user is considered “zero-party” data.

In ecommerce, this commonly comes in the form of a registration, a review, or a purchase. This is used for communication, personalization and

GUEST ESSAY: How SPDX helps reconcile interdependencies of open, proprietary software

By Kate Stewart

Software today is built on a combination of open source and proprietary software packages.  Developers can reuse and build on the packages created by others, which results in the rapid creation of new capabilities and technologies.

Related: How SBOM factors into DevSecOps

This reuse creates dependencies, all of which don’t necessarily stay updated at the same pace. The accurate and authenticated identification of all the relevant software package dependencies is key to preventing software supply chain attacks.

Agreeing on a standard way of cataloging summary information about the packages and their dependencies is necessary for multiple tools to interact efficiently and keep up with the rapid pace of reuse.

History of SPDX

We started the Software Package Data Exchange® (SPDX®) project in 2010. The project had the simple goal of sharing summary information about a software package between the creator and consumer. At that time, to comply with the licenses in open source, you had to find them in the source code.

This resulted in hours of issuing grep commands or working with commercial source scanning tools, and once you had the details, you didn’t have a good way of sharing them.

GUEST ESSAY: What it will take to train the next generation of cybersecurity analysts

By Gary S. Mullen

It is no secret that there is, and has been for some time, a shortage of trained cyber security professionals in corporate IT Security teams.  The Wharton School of the University of Pennsylvania observed that “nowhere is the workforce-skills gap more pronounced than in cybersecurity.”

Related: Deploying ‘human’ sensors’

According to data gathered by CyberSeek under a Commerce Department grant, there are currently nearly 465,000 unfilled cyber jobs across the US alone.  This shortage is significantly impacting corporate America, and it is particularly dire across federal, state and local governments.

The cyber security talent crunch has been a growing issue for many years now.  According to the 2019/2020 Official Annual Cyber Security Jobs Report sponsored by the Herjavec Group, the number of open cyber security positions has grown 350 percent from 2013 to 2021.  Cybersecurity Ventures predicts that there will be 3.5 million unfilled cyber security jobs globally by 2021.

Unfortunately, getting the hands-on experience needed to become a cyber security analyst is out of reach of many today.  In 95% of the hiring decisions being made for open positions, employers are looking for that hands on experience.

According to MIT Technology Review, fewer than one in four candidates applying for cyber security positions are qualified.

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

By April Miller

Assessing the risks involved in using the latest technology is something our culture had to adopt in the early days of the computer. New technologies come with risks — there’s no denying that.

Related: How Russia uses mobile apps to radicalize U.S. youth

To minimize their impact, implementing preventive security measures into these advanced systems is crucial. Businesses across all industries can function adequately without worrying about would-be hackers with malicious intent when they secure their networks.

Phishing scams, malware, ransomware and data breaches are just some of the examples of cyberthreats that can devastate business operations and the protection of consumer information.

Here are five notable historical events that influenced cybersecurity assessment and transformed it into what it is today:

The Battle of Midway (1942)

After the devastating blow of Pearl Harbor, U.S. military officials hired data analysts to crack the Japanese secret code known as JN-25.

SHARED INTEL: Reviving ‘observability’ as a means to deeply monitor complex modern networks

By Byron V. Acohido

An array of promising security trends is in motion.

New frameworks, like SASE, CWPP and CSPM, seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks.

Related: 5 Top SIEM myths

And a slew of new application security technologies designed specifically to infuse security deeply into specific software components – as new coding is being developed and even after it gets deployed and begins running in live use.

Now comes another security initiative worth noting. A broad push is underway to retool an old-school software monitoring technique, called observability, and bring it to bear on modern business networks. I had the chance to sit down with George Gerchow, chief security officer at Sumo Logic, to get into the weeds on this.

Based in Redwood City, Calif., Sumo Logic supplies advanced cloud monitoring services and is in the thick of this drive to adapt classic observability to the convoluted needs of company networks, today and going forward. For a drill down on this lively discussion, please give the accompanying podcast a listen. Here are the main takeaways:

GUEST ESSAY: Why it’s worrisome that China has integrated Huawei switches into telecoms worldwide

By Sarina Krantzler

In the previous discussion, China’s 14th Five-Year Plan was summarized to capture relevant aspects of dual circulation, the Digital Silk Road (DSR), and the Belt Road Initiative (BRI) that aim to advance China as an economic, technological, and foreign policy powerhouse.

Related: Part 1. China’s 5 year digital plans

Both of those initiatives are well-funded, thoughtful, and strategic in their attempts to spread influence and widespread dependency on Chinese products.

The first blog concluded with a strong message of encouragement for the U.S. to evolve its own creative cybersecurity strategy leveraging strategic goals with economics and public policy to create a sustainable, secure cyber system consistent with Western ethical standards, our free market philosophy, and our democratic traditions.

The FCC’s Rip and Replace Model was introduced, by title only, to provide a glimpse into how the U.S. should, and is beginning to, take action to counteract intrusive Chinese technology within our critical infrastructure. To understand our options in this fight, however, we first need to understand who we’re up against.

Huawei Technologies, or Huawei for short, is a Chinese telecommunications firm that has been fed tens of billions of dollars in financial assistance by the Chinese government on a scale of subsidization that dwarfs the next closest competitors’ monetary receipt. To fuel their rise to the top of the global telecommunications landscape, Huawei had access to as much as $75 billion in state support as it grew from a little-known vendor of phone switches to the world’s largest telecom equipment company (Wall Street Journal).

Subsidies aside, since 1998, Huawei has received an estimated $16 billion in loans, export credits, and other forms of financing from Chinese banks for the firms’ operations and customers.

As referenced in the previous blog, Brazil was originally firmly in opposition of adopting Huawei technology into their infrastructure until the country became desperate amidst the COVID-19 pandemic.

GUEST ESSAY: How China’s updated digital plans impacts U.S. security and diplomacy

By Sarina Krantzler

In May 2021, China unveiled their updated Five-Year Plan to the world. This plan marks the 14th edition of their socioeconomic, political, and long-range objectives, and has set the tone for a Chinese-dominated supply chain that will be accomplished using antitrust, intellectual property, and standards tools to promote industrial policies.

Their plan poses a grave threat to the US.

Related: Part 2. The danger posed by Huawei switches

Despite this threat, the United States currently does not possess a similar strategic plan to combat China’s advancements or create a sustainably secure cyber system.

China is developing a self-reliant domestic economy supported by a domestic cycle of production, distribution, and consumption. Strategic investments made on behalf of the Chinese government to the technology industry, in the form of annual 7% increases and billion-dollar loans, will move China closer to their goals of technological independence and global influence.

The external aspect of this strategy attempts to secure their supply chains against pressures from the United States.

This portion of the strategy is integrated with China’s largest foreign policy known as the “One Belt One Road Initiative” (BRI), which includes offering critical infrastructure investment to cash-strapped nations and has led to an increasingly complex and prevalent alliance between China and its homegrown internet companies in the construction of their “Digital Silk Road” (DSR).

Both the BRI and DSR initiatives have been strategically positioned to facilitate secure trade and gain initial global footholds to accomplish the “Made in China 2025” goal.

Enormous subsidization efforts by the Chinese government, as part of their BRI initiative, allow internet giants such as Huawei and ZTE to conduct sweeping internet infrastructure strategies to secure rights to provide to poor or developing nations. Those providers will be discussed in detail in the following blog.

By embedding Chinese infrastructure in networks around the world, the Chinese government could have the ability to access information traveling across these networks … more