When hobbies come together, nice things happen. Back in the end of 2020 I decided to move this blog. At the time I thought the free Oracle cloud tier would be inadequate for any serious work. Oh boy was I wrong!!!
Supply Chain Risk Management is the name of a big security problem in the business world. It is so important that there isn't a single security framework that doesn't include Supply Chain Risk Management in its agenda, guidance, and suggested controls. NIST has a set of resources on the topic, but it is not the only organization that is addressing this problem.
Disclaimer: Nothing below should be taken as a criticism of the services offered. Pointing out their flaws and inefficiencies does not mean they don't have any value.
Everybody has something to say about the Facebook / Cambridge Analytica case. And I am annoyed by people saying that when you give your data to Facebook, you forego some parts of your privacy (true) so you should not be surprised (false). In simple terms, it was an actual data breach. Individuals who had not consented, had their data exposed. This was not supposed to happen. There are two aspects I would focus on regarding this issue:
Building a Security Operations Center from scratch is not an easy thing. But since it's not the first time I'm doing it, I am familiar with the challenges. These challenges include the building of the processes in a company-adjusted manner, the selection of the toolset and integrations to match the company's enterprise architecture, network architecture and of course my own security architecture, but nowadays, and due to the significant skill shortage in cybersecurity the major challenge is finding the right people.
I remember reading that Game of Thrones was the most downloaded series in 2016. It's a pity; I'm sure that everybody needs and wants and deserves to get paid if they're doing a good job. I won't pretend to be a saint, but let's just say that if a series is available in the country where I live, in English, with English subtitles, I am more than happy to pay to watch it.
The discussion about talent and skill shortage in areas such as IT and mainly Information or Cyber Security is getting significantly more intense. At the same time, the unemployment in EU ranges from 5% to 25% (1). And the usual time to fill a position is over 3 months, in cases can reach even to a year (2), with just the interview process to be close to one month in most countries (3, 4). These are alarming indicators about how effective the recruiting industry is - or is not.
Earlier this month (that is, January 2016), news came out that Twitter is considering raising the character limit from the current 140 characters, to 10.000 characters. Is this the right thing to do?