Merritt College – Gearing Up For Its Third Year At National Cyber League

Merritt College is gearing up for 3rd year of competition at the National Cyber League Competition.  NCL provides a cybersecurity training ground in a high-fidelity simulation game environment that requires participants to play individually during Fall Regular Season and in teams during Fall Postseason Games.

Merritt College Cybersecurity students have participated the past two years with great results and success. In 2015, Merritt student s won second place, beating out 125 other colleges and universities.

Quotes from Team:

  • Sandy Keh: “It is exciting to begin another year of competition in the National Cyber League. This year we have a record, 37 students willing to participate and we hope to be ready for the challenge ahead.”
  • Norman Weekes: “Our success in the NCL is a testament to how lucky we are to be taught by teachers who have a long track record in the infosec business. In class and the NCL, we have learned how to tackle new problems as a team, in a short amount of time.”

The Applications and Infrastructure Security program is in its third year, is a fully accredited two-year degree program that is the result of a partnership with Merritt  College and the Consortium of Information Systems Executives (CISE). The program is a huge win in working to solve the cybersecurity crisis and has the support of Congressman Ro Khanna. Our objective is to place graduated (and soon-to-be-graduated) students within companies in the Silicon Valley. We’re looking for companies that are progressive and innovative in their approach to solving the cybersecurity issue.

We have students available for full-time and internship positions, and to streamline the hiring process we’re happy to announce that their resumes are available now at Jobvite.

Please contact me and I will put you in  touch with students.

Mark Egan

mark.egan@stratafusion.com

Organization Structure and Digital Business

In the equation of people, process, and technology, getting the “people” part right has been a tough challenge for many companies.  As technology evolves, the roles and talents needed to drive that technology and utilize it to help keep the business competitive requires constant evolution; getting the organization structure right in support of this evolving landscape has been an area we value advising in at StrataFusion.

In an earlier blog we looked at organization structure and critical success factors; now it would be useful to give further detailed thought to organization structure guidelines that are important to both traditional and digital business. Because digital business is different from your traditional data center kicking off this discussion would be some of the most important structural guidelines to consider in assessing your organization:

  • Align business facing technology functions to match the business organization, this expedites specification, understanding, and support of business requirements
  • Align technical development organizations along development lines and logical technical groupings to maximize development activity efficiency
  • Constantly reinforce the importance of key organizational and business dependencies. The goal is to create an environment where cooperation and team focused response become the normal team response
  • Create a system of organizational checks and balances. This allows your organization to be self governing, and can highlight important issues
  • Be consistent in your approach, limit exceptions
  • Separate your delivery function from your development function. A key check and balance that can avoid a lot of pain

Each of these guidelines could support a blog of their own, but the incorporation of these thoughts into decisions concerning how your team is organized and structured can create interactions and behaviors that can be important long term in a digital business environment.

Once you’ve assessed your answers to these questions we also believe that creating an organizational focus around rallying cries or mantra is extremely important. The idea of a mantra gives great organizational concentration, and provides a consistent focal point for how your team should be thinking.

Mantras can be a tool to guide proper organizational response

In creative organizational focus, here are some possible mantras:

  • User Ownership of Systems
  • Empowerment of the Community
  • Standards & Integration
  • Make Use of Forward Looking Development Technologies
  • Business Intelligence and Knowledge Management Systems
  • Right Tool/Right Place
  • Flexible Systems
  • Global/Shared/Local

Creating a mantra allows your team to default back to a common base – set of values, practices, and knowledge that will help them respond to questions or situations arising that are new or undefined – this is especially so in today’s digital era.  For instance, a mantra of “empowerment of the community” can help instill in your team the concept of insuring their actions result in recognition of the fact they serve a community or business and that it is in their self-interest to empower and equip that community to solve their own problems.  You can have the concept of “travel in packs” – if for those of your teams that exist in a highly competitive situation where stress is high and demands are intense and daily, a mantra of “travel in packs”  reminds them that they can count of your team for backup – you’re more than one person, they’re not alone, so that when if (for example) a website that is up 99.9999 of the time but crashes for a few minutes – upsetting c level executives – you have emotional, structural, and organizational back up.

In thinking about “Global/Shared/Local”, the mantra leads with the idea that things that data can have different types of ownership, some are universal and shared by all but require consistent management; while some can have more than one owner.

That a mantra can create organizational focus also works with another interesting potential which I call the ‘Manufacturing Metaphor’.  In the transformation to digital business this can remind you of how your digital delivery of an information product is not unlike some traditional manufacturing concepts, and incorporating some of those proven concepts into your business could be useful.

New digital business environments can be optimized by incorporating the similar concepts, processes, and flows as exists within manufacturing – digital business hold the same counterparts. For example, concepts of development engineering product engineering in manufacturing can be re-formed into as software development and operations delivery concepts in digital business; the shipping function in manufacturing is the data center in digital business. The terminology changes but the functions are similar, and taking a similar approach could favorably impact your “product delivery” process. Understanding these parallels again provides a framework within which it become easier to understand how to optimally structure your organization – with people being your most essential asset towards success.

In our third and final on blog on this topic we will be discussing the importance of infrastructure readiness on digital business delivery.

John Dick

 

Transforming Intelligent Medical Applications

Scenario

Imagine it is early afternoon. Alexa, tracking your schedule, asks if you want her to call you an Uber.  She has already computed the 40-minute ride based on traffic and how long the wait will be for the driver arrives.  She recommends you take an umbrella for the rain. As you get into the car, your home lights are dimmed and turned off, the AC is turned down and the TV show you were watching changes to record/mobile mode so that you can stream it on your mobile device or watch it later after your meeting. Mobile Alexa from your phone asks if she should set the alarm and lock the doors.

Now, and into the future, everything we do, will most likely use the Internet of Everything (IoE) to create a smart eco-system and facilitate our time so that our lives are easier, convenient, and more comfortable.

In the medical world, a patient interaction would leverage the same smart eco-system. Imagine a similar tech-driven scenario, this time with healthcare ramifications.

Mark and Sandy, married, are driving to Napa for dinner. Mark starts to feel chest pain.  Sandy calls the digital assistant and asks for directions to the nearest hospital.  Directions display on the car’s navigational system, and Siri asks if she can sign the family into the ER using the hospital’s SmartAttendant App. Sandy says (or clicks) “yes,” and the app is downloaded and auto-completes your medical registration forms.

Siri asks for the chief complaint (“What brings you to the hospital today?”) to complete the forms, and Sandy states “chest pains”.  A moment later, Siri tells her to park in the emergency parking beside the ER door, that there will be a valet attendant to take care of the car, and a wheelchair will be curbside with an RN awaiting her arrival.  Bio-signs from the husband’s Fitbit and cell phone are being directly fed to the ER Attendant, who sees on the iPad he is using to track the situation, that the patient (Mark) is 4 minutes out with traffic.

Mark’s doctor has been notified and his medical history and latest EKG are already being reviewed by the attendee who alerts the Cardiac CATH lab that a patient is inbound. Balloon time is 12 minutes.

At this time, Mark and Sandy’s family members receive an SMS message with a notification of the situation at hand, which includes a link to hospital services.  The link will outline for the family everything from directions to the patient’s room, meal choices, and even the amount of wait time at the nearest restroom.

Fortunately, Mark’s records are kept in his medical blockchain, and all relevant information is readily and securely available.  With a touch of a button or a verbal command, Mark (or Sandy) can determine who can access, update and change his information.  After his visit, his prescriptions are automatically ordered and set for next day delivery at his home.  His insurance is automatically billed and his next appointment dynamically scheduled.  Auto-magically, the hospital also submits all related expenses, which are processed behind the scenes.

The above example is already becoming a reality.  We are on this evolutionary journey as our knowledge-based society over the next 5-10 years works to create intellectual value that is consumed by the ubiquitous connectivity of people, devices, information, services and processes.

What is needed for this reality to prosper?  

Most of the tools needed to make this dream a reality already exist.   IoT, IoE, Blockchain and AI are all torch bearing technologies that will continue to shape this future.

For example, IoT with its foundational principle of enabling devices and things to communicate, is smart-enabling everything from tires to watches. As this concept evolves from one-way broadcast communications to bi-directional conversations, systems are being developed to talk and interpret these communications.

IoE, where everyone and everything has reliable ubiquitous internet, is becoming the defacto standard.  It fundamentally leverages the omnipresent connectivity of people, devices, sensors, items that Interact on behalf of humans.  This interaction with other devices and systems, allows us to integrate “things” together and automate digital business models.

Blockchain is the engine that makes BitCoin possible and it has emerged as a revolutionary and visionary method of a public secure ledger.  It allows for the recording of a secure, validated transaction that can be public or private.  It is also a component of SmartContracts, which enables rules and commands such as “pay the rent on the 15th on the month from my checking account” to automatically execute based on specific criteria encoded into the contract.

Artificial Intelligence (AI) is needed to gain insights from the mountains of sensor data generated by the IoT.  The real winner in this environment is machine learning, with its ability to process massive amounts of information, identifying patterns, habits, trends, cycles, etc.  These patterns, and statistical analysis of massive data pools, have evangelized machine learnings importance, which is a core component of AI.

The final piece of the puzzle

As we change from a post-industrial/mass production marketplace to a knowledge-based environment, we need to pivot the paradigm so that it is not about delivering a physical product or service, and instead, it is about how we offer a “smart” service for an intelligent consumer.

To do this, “Smart Contracts” need to become consumer friendly.  Mass market adoption can only occur when every age and demographic (your grandmother) can create a contract.  Today’s contracts are still only created by developers, which is limiting mass adoption.  It is estimated that developers are only 0.0035% of the population. Therefore, natural human interfaces have to be developed.

Given that, we are in for an exciting, dynamic ride for Intelligent Medical Applications over the next few years.

Henry Ivey

 

Velocity vs. Security

Earlier this year I hosted a panel where we explored how companies can continue to move fast and be innovative in parallel with being secure. Rather than pinning velocity against security, we argued and concluded that the two work together – companies can use security to drive and compliment innovation.

Security is often viewed as a barrier to innovation, and there are many examples of companies and verticals that have not let ensuring their environment is secure get in the way of promoting ideas, products and solutions that are true industry disruptors.

Examples include Amazon Web Services that provide a very disruptive solution requiring high levels of security; mobile banking and the fact that few people go into a physical bank these days; and Airbnb, that does not own any properties and provides a very disruptive service, requiring both physical and information security.

Strategically, the point is to have security differentiate your product or service, instead of being seen as a barrier.  Some of the strategies that can be quickly implemented to achieve the overall goal of secure innovation include consideration of the following questions:

  • What security threats affect our industry today and how can we provide solutions with our products and services
  • What security concerns do our existing customers have today and what can we do to alleviate their concerns
  • Can we become a thought leader in information security

Information security threats are not going away and companies need to embrace these issues and see them as an opportunity to offer new solutions and potentially get into new markets.

Mark Egan

@markeegan

Leveraging Actionable Intelligence to Mitigate Risk Within Your Enterprise

I recently hosted a panel with leading CISOs from around the world. We delved into how “Leveraging Actionable Intelligence to Mitigate Risk Within Your Enterprise” can be approached from a set of common points and differences. We opened with an overview of ideas that led to each panelist posing their own comments and questions with initial answers. The comments and questions below recap our discussion flow, and provide a current base for understanding the breadth and context of mitigating cybersecurity risks.

Panel Opening Comments

  • Security threats are increasing both in frequency and complexity
  • Security leaders need to be proactive in this area and put programs in place (people, process, and technology) to protect critical assets
  • We have assembled a panel of experts in this area and our goal is to provide recommendations that you can immediately use when you return to your office

Initial panelist comments

As predictive analytics matures, we may see significant improvement in the value of threat intelligence data.

  • If you’re spending money on Threat Intelligence, you must have first solved a lot of common problems, such as patch management.
  • Be realistic about what you expect to get from Threat Intelligence. Are you looking for Indicators of Compromise? Attribution? Predicting the next attack? Understand the limitations of the various types of Threat Intelligence data.

Second panelists comments

  • How does the actionable intelligence change as you move “up the stack” or away from the stack (to human)?
  • How is the IoT changing the “actionable” part of actionable intelligence?

Third panelist

Leveraging actionable intelligence is the process of gathering analytics based on the identification and collection of relevant threat information. Unfortunately, threat intelligence is an elusive concept for many companies. By 2020 there will be 50 billion connected devices. There are not enough cyber specialists now to handle current security issues, so businesses need to leverage actionable intelligence and analytics for companies to protect themselves.

  • Should threat intelligence be managed internally by companies?
  • When threat intelligence is accumulated what is the important information for the c suite?
  • What are the company’s concerns regarding their employees in leveraging actionable intelligence?
  • How does actionable intelligence apply to regulatory compliance?

Fourth panelist

How do we deal with the increasing scale and frequency of attacks, and threat actors that far outstrip our budgets and resources? Traditional information security methods within the enterprise are not a match for any of the above seven events.

Threat intelligence provides a possible way to get ahead of these threat actors and threats — to have intelligence on the threats. But, threat intelligence is a new data source, another fire hose of information that requires analysis. And it has a different nature from traditional tools. We’ll only get value out of the threat intelligence information if we properly analyze it and make it actionable.

Mark Egan

@markeegan

@StrataFusion

Merritt College Applications and Infrastructure Security Graduates Ready to Be Hired

Two years ago we launched the Merritt College fully accredited two-year degree program in Applications and Infrastructure Security. The program is the result of a partnership with Merritt  College and the Consortium of Information Systems Executives (CISE) and we’re thrilled that we’ll be graduating our second class of qualified cybersecurity professionals at the end of May. The program is a huge win in working to solve the cybersecurity crisis and has the support of Congressman Ro Khanna.  Our objective is to place graduated (and soon-to-be-graduated) students within companies in the Silicon Valley. We’re looking for companies that are progressive and innovative in their approach to solving the cybersecurity issue.

We have students available for full-time and internship positions, and to streamline the hiring process we’re happy to announce that their resumes are available now at Jobvite.

Please contact Mark Egan (mark.egan@stratafusion.com) for access to Merritt’s site.

Secure Innovation

I recently hosted a panel on the topic of Information Security and framed our discussion around the concept of Secure Innovation. Information Security is often viewed as a roadblock to innovation and an obstruction to moving quickly in a highly competitive environment. The panel focused on how to foster innovation and leverage security as a competitive advantage, and provided strategies that can be quickly implemented to achieve the overall goal of secure innovation.

Each panelist provided openings statements on their experience with innovation that required a high level of security and privacy, and led to pragmatic solutions to challenges in this area. One of our goals from the panel was that CIOs would have 2-3 things they could immediately implement when they got back to their desk.

We covered a number of compelling questions across People, Process, Technology, with some of the key remarks conveyed in the following:

CISO at an early stage security startup

What are your recommendations on sourcing, as you can’t do all of this in-house today?

You need to be creative in your staffing solutions; it is very hard to hire experienced staff. We recommend getting less experienced staff and training them. The Merritt College Cybersecurity program is a great source and example of this model.

What do you recommend on security reporting relationships (CIO, CEO, COO)?

I report to the CEO directly as it is essential to our company being a small, early stage startup.

CMO at an early stage security startup

Who are the bad guys and what do they want?

There are three main actors: One who wants to steal our money; the second, our IP; the third seeks notoriety (think Anonymous.)

CEO at early stage security company

How do organizations find and attract good security talent?

You bring in less experienced staff and train them.

Mark Egan

@markeegan