You are an outlier. Your personal interests and professional skills are tightly aligned in a way that very few other people ever develop themselves. To expect to find a large pool of candidates who are similar to yourself is completely unrealistic.
It takes a certain type of exceptional individual to make a small company work. There are only so many of those people in the world. As companies grow, expectations need to change. Primary among those is the expectation that a new employee will be able to perform a number of different roles. The reason that the prior generation of the company was able to pick up many roles is because it happened organically. As tasks needed to be completed and as new challenges arose, people stepped up to the plate and tackled them because they had to.
The challenge that you are currently facing is that there are too many IT related tasks to do, and not enough people with the skills to do them. The solution to that challenge is not to expect engineers to become IT people. The solution is that management needs to create an IT department, or an IT position and staff it with IT people. Just as you would not expect an accountant to perform engineering work, even though both involve math and numbers, you cannot expect someone whose focus is on engineering to perform IT work.
I was about to say the same thing. I use Win10 Enterprise at work at Win10 Professional (free upgrade from Win7) at home. Work obviously does not have any ads. I must be desensitized to ads on the home version because I do not have the same level of 'hatred' for them that all of the stories that I have seen over the last year lead me to believe that I should.
The only thing that irks me about Win10 is that it seems to keep asking me if I want to continue using my non-MS programs as the default. For example, I use VLC. I ran the VLC function to associate all media types with VLC. Yet every time I open a 'new' media type that I haven't opened previously, Windows asks me if I want to continue using VLC.
I think that there might be some random ads or what not that pop up on the tiles when I click the Start button, but I do not really pay attention to them.
Where else in the OS am I supposed to be seeing these ads that everyone seems to hate so much?
Recently there was a story here about a room that can charge any device that enters into it. I cannot wait to see the health issues that arise from that.
Something extremely similar happened to my company last month. An EMC tech was onsite to work on the Isilon system. He was supposed to issue a command to put one of the nodes into maintenance mode. Instead he put the entire cluster into maintenance mode.
Needless to say, he is not welcome back. Ever.
Not to put myself above anyone else, I made a similar mistake a couple of years ago. I wrote a script that checked a csv input against a list of computers in Active Directory. It was supposed to delete all of the servers not on the list. Instead it deleted all of the servers on the list. It was pretty easy to fix with another script that rejoined all of them to the domain. None the less it was a pretty major fuck up, and one that I should have caught if I had tested my code properly.
Cellbrite is the next best thing to having someone like geohotz on the payroll. The forensics guys at my work swear by it as their go to tool for doing forensics collections of mobile devices.
Woman convinces beta male to have "open relationship" so she can fuck alphas on the side, SHOCKING beta with no game can't score
Exactly my thoughts. (Presumably) attractive woman in Silicon Valley seduces nerd, convinces him he is the "primary" in the relationship and then spends her time fucking other guys.
They also seem to be trying to appeal to "video and photo professionals". I used to work in Hollywood and I know plenty of 'creative' people. I do not know a single person using Ubuntu, or any Linux distribution, for professional multimedia work.
Beyond that, how many people who are using Gimp because they are too cheap to pay for Photoshop, have $4000+ to spend on one of these laptops?
To the original point of the OP who stated than an audit is just a CYA piece of paper, I do not think that is true.
While there might not be specific laws requiring the remediation of security deficiencies from an audit, the audit itself is not a get out of jail free card.
Maybe the OP is dealing with incompetent firms, or is just jaded and cynical from having had his findings ignored too many times.
In my experience, there are two types of audits that I deal with. The first are client initiated audits. My organization handles a lot of sensitive data for a number of large, publicly traded corporations. They entrust us with their data, and want to ensure that we have policies and controls (both procedural and technical) in place to safeguard that data. If we do not address items raised in the audit, they will not do business with us.
The second type are the more traditional, IT security focused audits. Those are used by the CISO and the board as a 'second set of eyes' on the security posture. It is not that the security team is slacking off. The reality is that there are new vulnerabilities discovered on a weekly basis, and new strategies being developed every year. The security audits confirm that things really are buttoned down, and if not, provide the security team areas for improvement. Never trust a security guy who claims to have it all under control, yet who balks at an audit.
I/think/ that you are slightly over simplifying things.
You have to document the security issue(s) / risk(s) and then decide to act upon them, or not. The decision to not act upon them is perfectly fine, but it is not a free pass. If that risk materializes and it affects the organization, then the person who signed off on it could be facing a 'resume generating event' at best. At worst, there could be some legal liabilities, either for the organization or the individual, depending on the outcome.
I am not an expert in HIPAA or SOX compliance, but I think that there are some pretty serious repercussions for failing to mitigate security risks that result in data breaches or information disclosure.
Nobody seems to have keyed into the fact that the article implies Facebook is planning to run content analytics and conceptual clustering algorithms across all of their databases. Databases including "private" conversations.
Having seen first hand what 5+ year old analytics tools can pull out of seeming disparate data sets, I find this both amazing and frightening.
They key quote from the summary is this one...
The "long-term promise of AI," he wrote, is that it can be used used to "identify risks that nobody would have flagged at all...
When you let an "AI" build concept clusters based on linguistic analysis, and then pattern match to find similarities, you will open Pandora's box to all sorts of unexpected correlations.
This seems pretty disconnected from reality. Any C-suite in a publicly traded corporation with a chief compliance officer is not going to be demanding exceptions from security policies. Those security policies are in place and enforced.
Let's take them one by one.
Full Disk Encryption - No way around that one. Every device has it. Period.
Local Admin Rights - What CEO wants to admin their own device? That is what the help desk / admin assistants are for. Really? C-suite, doing IT grunt work. Hahahahahahaha.
Complex Passwords - For most organizations, enforced by the Default Domain Policy. No way around it. It applies to the entire organization.
MFA - A person who earns six, seven or eight figures a year can handle transcribing a couple of numbers from their smartphone into their desktop / laptop. In fact most of them feel 'high tech' when they do it. Like they are secret agents, protecting supah sekrit datas.
Finally, someone who actually has some experience. You are right on point sir.
"Here is the risk. Here is the cost to mitigate the risk. Here is the risk of doing nothing. Let me know which way you want me to go. Please respond via email so that when the risk you decided you didn't want to mitigate materializes, you, me and everyone else understands who made the decision to ignore it."
That seems like cutting off your nose to spite your face. I went through the same thing, but I shrugged and moved on. I do not know what your desktop support team was like at Ford, but the guys where I am have everything running very well.
Windows 10, plus System Center and dare I say it Office 365 (2016) seem to be a good combination. Security updates are pushed out at the end of the Patch Tuesday (RIP) week. They are using PGP FDE and SSO through there works great. It does suck having to wait 4-6 hours to install some new software, but at the end of the day, the company is paying for my time. If the company can afford to eat the loss of productivity, I am not going to have a conniption fit over it. It is kind of nice not having to be responsible for my own desktop. After over a decade of consulting in the small business market, I enjoy letting someone else handle the headaches of desktop support.
Where did you get the impression that they are providing the licenses for free?
The summary said that they have 'images' pre-configured for SQL Server and Windows. I read that as VMs that have been provisioned based on Microsoft Windows Server ISOs, or Windows Server + SQL. It does not say anything about licensing.
From an Azure perspective, Microsoft lets EA customers double up on their licenses. You can use your internal license in Azure "for free" and just pay for compute.
They are setting up the population to view China as the ultimate enemy and further the narrative that the US needs to be involved in Asia.
Everything else is just window dressing. The Middle East is winding down. China is on the rise. The establishment that has spent the last six decades holding the threat of nuclear war over the collective heads of the world now needs a new enemy. The same "containment" policies that were used to justify Vietnam and covert actions in Latin America in the last century are going to be recycled and used to justify encircling China.
What is really, really going on is that the international financiers realize that the American consumer is completely tapped out. China is on par with and in some cases starting to pull ahead of America. They have a population of multiple billions of people. Over the coming decades we are going to see a massive shift of funding away from American corporations and to the Chinese.
The question for this generation is are we going to go down the Soviet path and ruin our economy by attempting to keep our military spending at insanely high levels, or are we going to pivot and invest what capital we have left in our economy and citizens. If history is any indicator, this is going to end with our navy on the bottom of the ocean, millions of dead Americans, and maybe a tactical nuke or two going off.
I have a full cable package from Frontier. We get most of the premium channels including HBO, Showtime and Starz. My wife purchases way more DVDs and Blu-ray discs than I want her to. We also go to the theater from time to time to watch movies.
I am not willing to pay for the same content over, and over and over again. I am especially unwilling to continue to pay for content due to wear and tear. For example, my wife has watched Friends and Sex in the City so many times that some of the discs skip or are even completely unwatchable. I have zero qualms with pulling down a torrent of those shows and storing them on the NAS so that she can watch them.
Another example is with HBO content. I am on the west coast. I watched Game of Thrones and Westworld on east coast time plus about 30 minutes. It was more convenient for me torrent a 1080p rip, than to wait until HBO decided it was time for my part of the country to be "allowed" to watch it.
Am I 'stealing' from HBO? Am I 'stealing' from the DVD / blu-ray producer?
I worked in Hollywood for a while. I understand that all of the below the line people have to eat and deserve to make a living wage. I do not endorse out and out, wholesale piracy. Just because "the studios" are turning a profit does not mean that everyone involved in getting content onto the screen is rolling in dough. Most of them are just regular Joe and Jane Doe's, putting in their hours and trying to put food on the table.
On the other hand, I am okay with preserving content that I paid for. Just because I have the technical capability of doing so should not make it wrong. In my eyes, it is no more wrong than a mechanic fixing their own vehicle. Are they 'stealing' from the dealership service departments? They have to buy their tools and parts. I have to buy my computers and storage medium.
Slashdot Mirror
You are an outlier. Your personal interests and professional skills are tightly aligned in a way that very few other people ever develop themselves. To expect to find a large pool of candidates who are similar to yourself is completely unrealistic.
It takes a certain type of exceptional individual to make a small company work. There are only so many of those people in the world. As companies grow, expectations need to change. Primary among those is the expectation that a new employee will be able to perform a number of different roles. The reason that the prior generation of the company was able to pick up many roles is because it happened organically. As tasks needed to be completed and as new challenges arose, people stepped up to the plate and tackled them because they had to.
The challenge that you are currently facing is that there are too many IT related tasks to do, and not enough people with the skills to do them. The solution to that challenge is not to expect engineers to become IT people. The solution is that management needs to create an IT department, or an IT position and staff it with IT people. Just as you would not expect an accountant to perform engineering work, even though both involve math and numbers, you cannot expect someone whose focus is on engineering to perform IT work.
I was about to say the same thing. I use Win10 Enterprise at work at Win10 Professional (free upgrade from Win7) at home. Work obviously does not have any ads. I must be desensitized to ads on the home version because I do not have the same level of 'hatred' for them that all of the stories that I have seen over the last year lead me to believe that I should.
The only thing that irks me about Win10 is that it seems to keep asking me if I want to continue using my non-MS programs as the default. For example, I use VLC. I ran the VLC function to associate all media types with VLC. Yet every time I open a 'new' media type that I haven't opened previously, Windows asks me if I want to continue using VLC.
I think that there might be some random ads or what not that pop up on the tiles when I click the Start button, but I do not really pay attention to them.
Where else in the OS am I supposed to be seeing these ads that everyone seems to hate so much?
Real gangsters keep their wealth in Rolex's and cocaine
Did the article really use "agility" and ITSM in the same context? Hahahahaha.
I 3 "executives".
Thanks for reseeding. I gave up on it.
Has anyone been able to download the torrent? I tried and it hasn't been working.
Have you been able to download the torrent? I haven't.
Recently there was a story here about a room that can charge any device that enters into it. I cannot wait to see the health issues that arise from that.
Something extremely similar happened to my company last month. An EMC tech was onsite to work on the Isilon system. He was supposed to issue a command to put one of the nodes into maintenance mode. Instead he put the entire cluster into maintenance mode.
Needless to say, he is not welcome back. Ever.
Not to put myself above anyone else, I made a similar mistake a couple of years ago. I wrote a script that checked a csv input against a list of computers in Active Directory. It was supposed to delete all of the servers not on the list. Instead it deleted all of the servers on the list. It was pretty easy to fix with another script that rejoined all of them to the domain. None the less it was a pretty major fuck up, and one that I should have caught if I had tested my code properly.
How else do you blow 700K?
The answer to your question was in the question itself.
Cellbrite is the next best thing to having someone like geohotz on the payroll. The forensics guys at my work swear by it as their go to tool for doing forensics collections of mobile devices.
Woman convinces beta male to have "open relationship" so she can fuck alphas on the side, SHOCKING beta with no game can't score
Exactly my thoughts. (Presumably) attractive woman in Silicon Valley seduces nerd, convinces him he is the "primary" in the relationship and then spends her time fucking other guys.
What are you using for video editing?
Has any of your work been broadcast?
How about your print work? Is it in any publications? Online anywhere?
Are you really making a living doing creative work, or is it a professional hobby of yours?
They also seem to be trying to appeal to "video and photo professionals". I used to work in Hollywood and I know plenty of 'creative' people. I do not know a single person using Ubuntu, or any Linux distribution, for professional multimedia work.
Beyond that, how many people who are using Gimp because they are too cheap to pay for Photoshop, have $4000+ to spend on one of these laptops?
To the original point of the OP who stated than an audit is just a CYA piece of paper, I do not think that is true.
While there might not be specific laws requiring the remediation of security deficiencies from an audit, the audit itself is not a get out of jail free card.
Maybe the OP is dealing with incompetent firms, or is just jaded and cynical from having had his findings ignored too many times.
In my experience, there are two types of audits that I deal with. The first are client initiated audits. My organization handles a lot of sensitive data for a number of large, publicly traded corporations. They entrust us with their data, and want to ensure that we have policies and controls (both procedural and technical) in place to safeguard that data. If we do not address items raised in the audit, they will not do business with us.
The second type are the more traditional, IT security focused audits. Those are used by the CISO and the board as a 'second set of eyes' on the security posture. It is not that the security team is slacking off. The reality is that there are new vulnerabilities discovered on a weekly basis, and new strategies being developed every year. The security audits confirm that things really are buttoned down, and if not, provide the security team areas for improvement. Never trust a security guy who claims to have it all under control, yet who balks at an audit.
I /think/ that you are slightly over simplifying things.
You have to document the security issue(s) / risk(s) and then decide to act upon them, or not. The decision to not act upon them is perfectly fine, but it is not a free pass. If that risk materializes and it affects the organization, then the person who signed off on it could be facing a 'resume generating event' at best. At worst, there could be some legal liabilities, either for the organization or the individual, depending on the outcome.
I am not an expert in HIPAA or SOX compliance, but I think that there are some pretty serious repercussions for failing to mitigate security risks that result in data breaches or information disclosure.
Am I misguided here?
Nobody seems to have keyed into the fact that the article implies Facebook is planning to run content analytics and conceptual clustering algorithms across all of their databases. Databases including "private" conversations.
Having seen first hand what 5+ year old analytics tools can pull out of seeming disparate data sets, I find this both amazing and frightening.
They key quote from the summary is this one...
The "long-term promise of AI," he wrote, is that it can be used used to "identify risks that nobody would have flagged at all...
When you let an "AI" build concept clusters based on linguistic analysis, and then pattern match to find similarities, you will open Pandora's box to all sorts of unexpected correlations.
This seems pretty disconnected from reality. Any C-suite in a publicly traded corporation with a chief compliance officer is not going to be demanding exceptions from security policies. Those security policies are in place and enforced.
Let's take them one by one.
Full Disk Encryption - No way around that one. Every device has it. Period.
Local Admin Rights - What CEO wants to admin their own device? That is what the help desk / admin assistants are for. Really? C-suite, doing IT grunt work. Hahahahahahaha.
Complex Passwords - For most organizations, enforced by the Default Domain Policy. No way around it. It applies to the entire organization.
MFA - A person who earns six, seven or eight figures a year can handle transcribing a couple of numbers from their smartphone into their desktop / laptop. In fact most of them feel 'high tech' when they do it. Like they are secret agents, protecting supah sekrit datas.
Finally, someone who actually has some experience. You are right on point sir.
"Here is the risk. Here is the cost to mitigate the risk. Here is the risk of doing nothing. Let me know which way you want me to go. Please respond via email so that when the risk you decided you didn't want to mitigate materializes, you, me and everyone else understands who made the decision to ignore it."
That seems like cutting off your nose to spite your face. I went through the same thing, but I shrugged and moved on. I do not know what your desktop support team was like at Ford, but the guys where I am have everything running very well.
Windows 10, plus System Center and dare I say it Office 365 (2016) seem to be a good combination. Security updates are pushed out at the end of the Patch Tuesday (RIP) week. They are using PGP FDE and SSO through there works great. It does suck having to wait 4-6 hours to install some new software, but at the end of the day, the company is paying for my time. If the company can afford to eat the loss of productivity, I am not going to have a conniption fit over it. It is kind of nice not having to be responsible for my own desktop. After over a decade of consulting in the small business market, I enjoy letting someone else handle the headaches of desktop support.
Where did you get the impression that they are providing the licenses for free?
The summary said that they have 'images' pre-configured for SQL Server and Windows. I read that as VMs that have been provisioned based on Microsoft Windows Server ISOs, or Windows Server + SQL. It does not say anything about licensing.
From an Azure perspective, Microsoft lets EA customers double up on their licenses. You can use your internal license in Azure "for free" and just pay for compute.
https://azure.microsoft.com/en...
Disclaimer: I'm neck deep in building out a private + Azure + AWS hybrid cloud infrastructure so I deal with this on a daily basis.
When incompetence seems to do as much damage.
I wonder how long until the airlines receive a 'modernization bailout' ^H^H^H initiative
They are setting up the population to view China as the ultimate enemy and further the narrative that the US needs to be involved in Asia.
Everything else is just window dressing. The Middle East is winding down. China is on the rise. The establishment that has spent the last six decades holding the threat of nuclear war over the collective heads of the world now needs a new enemy. The same "containment" policies that were used to justify Vietnam and covert actions in Latin America in the last century are going to be recycled and used to justify encircling China.
What is really, really going on is that the international financiers realize that the American consumer is completely tapped out. China is on par with and in some cases starting to pull ahead of America. They have a population of multiple billions of people. Over the coming decades we are going to see a massive shift of funding away from American corporations and to the Chinese.
The question for this generation is are we going to go down the Soviet path and ruin our economy by attempting to keep our military spending at insanely high levels, or are we going to pivot and invest what capital we have left in our economy and citizens. If history is any indicator, this is going to end with our navy on the bottom of the ocean, millions of dead Americans, and maybe a tactical nuke or two going off.
You mean other than raising the kid, cooking, cleaning, doing laundry, shopping, exercising, and hanging out with her friends?
I guess we find time to have sex every once in awhile.
I have a full cable package from Frontier. We get most of the premium channels including HBO, Showtime and Starz. My wife purchases way more DVDs and Blu-ray discs than I want her to. We also go to the theater from time to time to watch movies.
I am not willing to pay for the same content over, and over and over again. I am especially unwilling to continue to pay for content due to wear and tear. For example, my wife has watched Friends and Sex in the City so many times that some of the discs skip or are even completely unwatchable. I have zero qualms with pulling down a torrent of those shows and storing them on the NAS so that she can watch them.
Another example is with HBO content. I am on the west coast. I watched Game of Thrones and Westworld on east coast time plus about 30 minutes. It was more convenient for me torrent a 1080p rip, than to wait until HBO decided it was time for my part of the country to be "allowed" to watch it.
Am I 'stealing' from HBO? Am I 'stealing' from the DVD / blu-ray producer?
I worked in Hollywood for a while. I understand that all of the below the line people have to eat and deserve to make a living wage. I do not endorse out and out, wholesale piracy. Just because "the studios" are turning a profit does not mean that everyone involved in getting content onto the screen is rolling in dough. Most of them are just regular Joe and Jane Doe's, putting in their hours and trying to put food on the table.
On the other hand, I am okay with preserving content that I paid for. Just because I have the technical capability of doing so should not make it wrong. In my eyes, it is no more wrong than a mechanic fixing their own vehicle. Are they 'stealing' from the dealership service departments? They have to buy their tools and parts. I have to buy my computers and storage medium.