The software that controls power plants is some of the most reliable ever created. But more and more systems and devices are being connected to the internet, and new security threats are constantly emerging. How to ensure that the lights stay on and bad guys stay out of our critical infrastructure? Find out more in the January 2013 edition of the JW Secure Informer Newsletter.
The above quote is referring to a management philosophy in IT that software developers are a readily transferrable asset – they can be seamlessly transitioned from project to project. There are some corollaries. First, that cancelling a project or product is no big deal from a personnel perspective, since everybody can be transferred to another effort. Second, that hiring for things like “core competencies” and “culture fit” are a sound strategy in that they facilitate the ease with which new teams can be composed and expected to gel.
The technology specialist and niche consultant in me immediately recognize a few cases where this approach to human resource management can be risky. First, specialists in some areas – operating system boot loaders, say – are unlikely to be of any use in the vast majority of projects unless they’re willing to walk away from their specialty. And, even for really good people, there is always ramp-up time that management should take into consideration, especially given the speed with which the competitive software market moves. From the perspective of the employee, though, this cuts both ways: if you’re going to specialize in OS boot loaders, you have to realize that you’re taking a risk in betting your career on something that only a few projects are going to require.
Another risk is that your best people – including those that can most quickly ramp up and provide leadership in new problem domains – are likely to be the least tolerant of being treated as an abstract, interchangeable resource.
Nevertheless, I generally agree that hiring managers can and should concentrate on the un-trainable skills: problem solving, customer focus, drive, etc. With those in place, and with support for ongoing training – and not to mention an engaging work environment – software developers can quickly respond to new challenges, and companies can stay competitive.
“Computer networks are only as secure as their weakest point, and cloud networks are no exception. The weak point can be a lost smartphone, unencrypted WiFi hot spot, or even a rogue system administrator. But computer security is constantly improving, and the latest generation of devices is the most security-capable to-date. Come learn how new security technologies, combined with old-school best practices such as authorization and auditing, can help keep the bad guys out and the good data in.”
Don’t know if this is true, but looks like Amazon may need to train it’s call center employees more carefully.
Briefly, BHT builds on the open-source Measured Boot Tool we announced earlier this year at DefCon by creating a full client/server implementation of what the National Institute of Standards and Technology calls BIOS Integrity Measurements. We’re adding our own special sauce (the “heuristics” part) for detection of untrusted endpoints.
More details to follow, including a full demonstration at RSA 2013.
Come visit the JW Secure booth at the Cyber Security Seminar and Technology Expo at Fort Huachuca on December 4. The weather promises to be sunny and the content informative! I’ll be presenting on “Locking Down the Endpoint with Measured Boot and UEFI” at 0930 local time.