The modern technology landscape is ever-changing, with an increasing focus on methodologies and practices. Recently we’re seeing a clash between two of the newer and most popular players: DevOps vs DevSecOps. With new methodologies come new mindsets, approaches, and a change in how organizations run. What’s key for you to know, however, is, are they different? If so, how are they different? And, perhaps most importantly, what does this mean for you and your development team?

COVID-19 vaccines are starting to roll out after a year of grappling with the pandemic. While this certainly inspires hope for the future, there are still risks on the road ahead. As distribution ramps up, vaccine-related cybersecurity concerns are also rising. Cybercrime has been a prominent side effect of the pandemic throughout the past year. This wave of cyberattacks shows no signs of slowing as vaccines roll out, with some threat actors targeting distribution.

Google Cloud Platform (GCP) is attracting a lot of companies, large and small, with its stability and many built-in services. But aggregated security monitoring has to be done via an external service. However, log aggregation for security purposes is a mandatory requirement of many standards and regulations. Those include GDPR, HIPAA, SOX, PSD2, PCI-DSS, ISO 27001 and many more.

Software supply chain security concerns are more prevalent than ever. The U.S. Pentagon, Department of State, Department of Homeland Security, Microsoft, FireEye – this is just a partial list of the government agencies and companies hacked as a result of the attack on SolarWinds’ proprietary software – the Orion network monitoring program.

The recent SolarWinds breach highlights a new paradigm in the Software Supply Chain. When compared simply to the code itself without any additional tools, Proprietary Code is no more secure than Open Source. By contrast, many would argue that Open Source Code is more secure due to a faster fix/patch/update cycle and the pervasive access to source code (Clarke, Dorwin, and Nash, n.d.).

Misconfigurations remain one of the most common risks in the technology world. Simply telling organisations to “fix” this problem, however, is not as easy as it might first seem because there’s a myriad of technologies at play in modern infrastructure deployments. All of this results in a complicated mix of hardening approaches for each system. What is key, then, is to identify where hardening is required and then consider the methodology for each area.

I subscribe to a newsletter from Gary Burnison, CEO of Korn Ferry. His messages address a wide variety of career and personal issues in a thoughtful and educational manner. A recent Special Edition message was titled Exceeding Potential. It specifically addressed how opportunities present themselves and how to view and leverage them. He closed his message with this statement: It’s true that leaders are in the “what,” “how,” and the “when” business.

Did you know that 52 percent of all rework globally is caused by poor data and communication?1 In the construction industry, coordination between the office, subcontractors, partners, and multiple jobsites has always been a challenge. And with increasingly large files stemming from BIM, drone footage, and VR/AR applications, it is becoming more difficult to ensure everyone is in sync. Throw in COVID-19 and you have the perfect storm to significantly disrupt the pace of growth.

Some tasks are better off automated. Paying bills on time? Automated payments. Orchestrating a coordinated response to security alerts and triaging security events? There’s Splunk Phantom for that. Monotonous tasks, in our work and personal lives, should and can be automated in order to free up time and energy to focus on the things that matter.

Last year, Verizon’s data breaches report showed that “human error” was the only factor with year-over-year increases in reported incidents. The average cost of data breaches from human error stands at $3.33 million, according to IBM’s Cost of a Data Breach Report 2020. Even big companies and government entities have fallen victim to data breaches caused by human error.