Cybersecurity – Women are the future?

Women. They’re everywhere. Waves of women, marching on Washington, New York, L.A., in communities across the country. On the cover of Time magazine. As far as the eye can see, a sea of pink hats, an ocean of assertiveness, goodwill and promise. The Year of the Woman. #MeToo. At the ballot box where they’re running for office in record numbers. In the cybersecurity industry, where they’re taking a much-deserved seat at the table.

There’s no doubt that the women’s movement, however you define it, has had a positive effect on the plight of women in security. “The landscape is changing and the most important thing is now it’s a conversation, women can now say that’s inappropriate,” says Circadence Vice President of Global Partnerships and Security Evangelist Keenan Skelly, who as a former U.S. Army explosive ordnance disposal technician is no stranger to working in male-dominated environments.

That’s in accordance with what Kathie Miley, COO at Cybrary, has observed while gathering data for a study on women in cybersecurity. “It’s out in the open where people feel more comfortable talking about it,” she says.

Inspired by #MeToo, which saw powerful men in Congress and Hollywood forced out of their positions for harassment and even assault, the women in the national security community wrote an open letter to government and their peers. “We, too, are survivors of sexual harassment, assault, and abuse or know others who are. This is not just a problem in Hollywood, Silicon Valley, newsrooms or Congress. It is everywhere,” the letter reads. “These abuses are born of imbalances of power and environments that permit such practices while silencing and shaming their survivors.”

Source: SC Magazine

Read the Full Story Here

VMware set to launch enterprise blockchain service

VMware could soon be launching its own blockchain service according to the company’s recently published content catalogues for its VMworld conferences in Las Vegas in August and Barcelona in November.

The catalogues offer more details on upcoming sessions at this year’s VMworld conferences and attendees at the event in the US will be able to attend a session titled “VMware enterprise blockchain – getting started” along with a workshop of the same name.

The company has expressed interest in blockchain for a while now though it wants to move beyond the proof-of-work most often used for blockchains. A VMware Research blog shows that the company is actively exploring enterprise blockchain and a video on the site hints that a real offering could be revealed soon.

The Barcelona catalogue also includes a session called “Introduction to the VMware Cloud Marketplace” that describes the marketplace as a new service that “extends the route to market you enjoy in VMware Solutions Exchange into the cloud.” Solutions Exchange is the company’s marketplace that allows software partners to sell their products and this could mean that VMware is going to provide its partners with added help.

Both VMworld conferences offer more than 1,000 sessions combined and attendees will likely get a glimpse into the company’s enterprise blockchain service in either August or November.

Source: IT Pro Portal

Read the Full Story Here

Former Citrix chief Mark Templeton takes over at cloud start-up DigitalOcean

Former Citrix CEO Mark Templeton has a new job. He’s taking over as chief of DigitalOcean, a trendy start-up that prioritizes developers and teams as it offers cloud infrastructure for hosting applications.

DigitalOcean offers low-cost competition to big cloud providers like Amazon, Microsoft and Google for the basic tasks that were the original appeal of cloud computing, like remotely running computing tasks and storing data. As companies become more comfortable relying on third-party providers to run their applications, the market is expanding, leaving some room for small players like DigitalOcean.

The company was founded in 2011, and its core market is developers who build things and don’t want to futz around with the complexity that you can run into when you use the big guys. It also has a community of 3.5 million developers, including some customers and some more casual users who look at documentation and other content on its web site.

But along the way, it’s racked up business customers, such as group video chat app Houseparty and managed hosting company Cloudways, and three-quarters of its revenue now comes from businesses, says cofounder and outgoing CEO Ben Uretsky. The company now has an annualized revenue run rate in excess of $200 million, Uretsky said.

Source: CNBC

Read the Full Story Here

AWS seeks ‘startup launch’ experience for end-user services

We smell a cloudy challenge to Citrix and VMware – and maybe Microsoft and Google.

AWS looks to be up to something in the end-user computing market.

The company’s already made waves with its Workspaces desktop-as-a-service offering and its AppStream application publishing tools.

Now it looks to have something else up its sleeve, an assertion we based on a tip from a reader with a background in end-user compute product management who was asked if she’s keen on a job pertaining to a forthcoming but currently secret service.

The Register has since seen ads for the job our reader mentioned. Said ads mention a “startup experience” for the successful candidate, the chance to do foundational product positioning and a requirement for “Experience with launching new and disruptive services”

So it seems something is afoot. But what?

The big players in end-user computing are VMware and Citrix and both offer “digital workspaces” that let admins push a bundle of apps out to users, who get single-sign on to a range of virtualized and/or SaaS apps. Users can access those apps from an in-house app store but need only log in to the digital workspace once to get all the apps and resources they need. IT gets control and therefore better security, plus tools that send apps to just about any device.

VMware and Citrix can both do this from on-prem hardware but emphasise their respective clouds as a fine way to deliver digital workspaces.

Source: The Register

Read the Full Story Here

Cyber security focus too much on tech, says Domino’s CISO

Many organisations are still focusing only on technology and compliance, which means their cyber defences are not as solid as they think, according to Domino’s Pizza chief information security officer.

Although common wisdom has recognised for years that security is a combination of people, process and technology, many firms still focus mainly on technology, according to Paul Watts, CISO for Domino’s Pizza, UK and Ireland.

“They also focus too much on box-ticking and compliance, but that is not necessarily synonymous with good security, which requires good, basic cyber hygiene and an establish culture of security,” he told Infosecurity Europe 2018 in London.

“All the compliance and certification in the world is no substitute for a solid foundation for cyber defences, and I know of organisations that have been breached by pen testers, even though the CISO had a string of certifications and he had implemented a host of high-grade security controls.”

On paper, the organisation looked solid, said Watts, but pen testers were able to access sensitive company data within an hour by socially engineering employees, discovering unprotected passwords on the network, and moving laterally with ease because a technician had used the same password for his password safe as for his personal accounts.

Source: ComputerWeekly.com

Read the Full Story Here

Samsung won’t be forced to update old phones

A consumer association had argued that Samsung should update its phones for at least four years after they go on sale.

Regular software updates can address security problems but older models do not typically receive all the latest updates.

However, the court rejected the association’s claims.

What was the issue?
Samsung produces some of the world’s best-selling mobile phones running Google’s Android operating system.

Google regularly produces software updates that address newly discovered security flaws, and offers these to phone manufacturers such as Samsung. It is often up to the phone manufacturer to distribute the update to its customers.

Consumer group Consumentenbond said Samsung was not distributing updates in a “timely” manner.

It also pointed out that many of its handsets no longer received any security updates at all. It claimed Samsung should support phones for at least four years after they first go on sale – or for at least two years after they were last sold.

Source: BBC News

Read the Full Story Here

VMware Partners with Okta on Identity Management

VMware is continuing its campaign to bake security into its virtual desktop application platform via an alliance with Okta, a provider of identity management software delivered as a cloud service.

Renu Upadhyay, senior director of product marketing for end user computing at VMware, said that while the on-premises version of VMware Workspace One already includes identity management capabilities, the alliance with Okta will extend those capabilities via an Okta cloud service that can be managed centrally. VMware’s approach to identity management is device-centric, while Okta adds a user-centric approach that gives IT organizations the ability the ability to apply policies based on an individual’s role.

VMware has been making a case for employing desktop virtualization to provide a zero-trust application environment that is inherently more secure because all the applications are centrally provisioned and managed by the IT organization, not loaded onto local PCs by users. As part of that effort, VMware is committed to developing an open cybersecurity ecosystem via partnerships, said Upadhyay.

Source: Security Boulevard

Read the Full Story Here

GDPR is Here, So What’s Next for Cybersecurity Professionals?

Today marks the implementation of the EU’s General Data Protection Regulation (GDPR). Two years of educating, planning and preparing, not to mention significant investment, to meet compliance requirements has led to this moment.

It’s a new era for data protection in Europe and beyond: extensive rights for citizens and responsibilities for organizations aimed at improving privacy and mitigating the risk of cyber-attacks and data breaches. Yet, with this slated ‘gold standard’ of protection now in place, what comes next for cybersecurity professionals, particularly for the CISO who has been leading efforts to be compliant from a security standpoint?

Source:  Info Security Magazine

Read the Full Story Here

Cyber Saturday—Would You Buy Cybersecurity From a Witch Doctor?

Happy weekend, Cyber Saturday readers.

It has been busy here at HQ between a Fortune 500 issue close and New York City’s “blockchain week,” so I’m passing my weekend column duties onto a pinch hitter. Today’s essay comes to you courtesy of Oren Falkowitz, a cybersecurity entrepreneur, NSA alum, and regular reader of this newsletter. His contribution is timely, you’ll discover as you read on, given that it was the 100th birthday of the late scientist Richard Feynman last week. Hope you enjoy.

When the Nobel Prize-winning physicist Richard Feynman delivered the 1974 commencement speech at Caltech, he warned against “cargo cult science,” in which people arrive at erroneous conclusions by misinterpreting the causality of results. The phrase derives from religious movements on isolated islands in the South Pacific that received airdrops of vital supplies during World War II. There, witch doctors pronounced that building new airstrips and bamboo headphones would make the supply-laden airplanes reappear.

Unfortunately, this sort of deluded thinking is just as prevalent in our modern world; nowhere more so than in cybersecurity.

Source: Forbes

Read The Full Story Here

Digital-keen customers put airport cyber security at risk

Air passengers’ growing desire for a seamless digital experience is putting airports at greater risk of cyber attack, a new study has found. The report from PA Consulting, Overcome the Silent Threat, said that a “hyper-connected model” where passengers in airports wanted fast internet and digital engagement with airlines and retailers brought “a larger attack surface for cyber criminals to exploit”. There were 1,000 cyber attacks each month on aviation systems in 2016, according to the European Aviation Safety Agency.

Last year, Latam Airlines and Ukraine’s Boryspil airport were indiscriminately hit by ransomware, and in 2016 Vietnam Airlines had to carry out its operations at airports by hand after hackers took down its website.

David Oliver, global travel security lead at PA, said: “There’s a steady trend of the customer being more demanding, expecting more and more connectivity and a more and more seamless experience and that puts the pressure on the airports to innovate . . . and integrate things in a way they wouldn’t have done previously.”

Source: Financial Times

Read the Full Story Here