ElevateIT

A Fireside Chat with the World's Most Famous Hacker

(Kevin Mitnick - Contributor World's Most Famous Hacker) — Mon, 13 September 2021 12:00:00 GMT

Kevin Mitnick will be joining us at the ElevateIT: Houston Technology Summit on October 13th to discuss his amazing career as a Hacker, techniques used by hackers today to gain access to your data, and what you can do to minimize your risk.

Visit: www.eitevents.com/MITNICK to register, and use Kevin's Secret Code for Free Admission.

Ransomware – The Global Existential Threat

(Mike Davis - Contributor CISO, ExactlyIT) — Thu, 8 July 2021 21:43:50 GMT

Ransomware is a top threat to minimize; especially as it continues to grow, morph and become even more virulent and effective. Why classify it as Existential – for starters, governments have categorized it as destructive as terrorism overall, plus the asymmetrical advantage criminals have, putting the defenders at a significant disadvantage. This summary paper is meant to consolidate the main elements and key protections as serve as ‘talking points’ to those who manage the business and protect all its assets.

Though this threat can be scary, it can also be reasonably well-managed (there is no guarantee even close to 100% in cyber as well all know) – where you must invest in it with the same resolve as the criminals do to attack you.

Problem overview. Now that Ransomware has the attention consumers (e.g., loss of gas availability. meat production, water safety, etc), the risk has widespread attention. This is a very wide topic, so we only list the top contributing factors herein, not all the significant (and for the most part incalculable) organizational damages it can cause – as we assume those are well known at this point.

Key ransomware factors:

It is now a triple threat - (1) loss of data availability (encrypted), (2) data breach extortion (exfiltrated sensitive data) and (3) extortion of your partners and clients for their data stolen from you.

Ransomware as a Service (RaaS) – it is now a commodity service that can be easily bought and then executed on any entity at any time. It is also much more targeted now, not just a wide mass email to thousands, with gobs of social media data available, the phishing attacks are well done (and getting better with AI / ML too). The company is also assessed for its ability to pay, including those with cyber insurance.

Cybercrime is a business – they are well organized, have business plans, share data and now we discover they are supporting startup cybercrime entities as well. They are thriving as they reinvest into more effective methods, and tools – not to mention that they are essentially immune from the law or any real punitive repercussions (another story in itself)

Asymmetrical advantage – the above factors show they have the upper hand for the most part. It goes back to the adage that they need to find one vulnerability and we need manage 1000s… As well as being a well-organized, high profit and low risk business (with no stakeholders to account to).

So, what to do? While this is as they say, a “wicked” problem, it is not hopeless - the risk can be significantly reduced by an aggressive ransomware risk reduction program – show your resolve, initiate a ransomware task force! There are a lot of ransomware support resources, mitigations to follow, etc. (a few links are listed at the end); whereas those are best reviewed and then integrated into your own tailored, ransomware risk reduction program. Within the program you will have researched all potential risk reduction measures and weighted their utility, then prioritizing their mitigations. Like all programs, ensure it is resourced, managed, tracked, and reported frequently. This is where you need to make this risk reduction effort a priority or not – convince leadership that the company future could well depend on this effort – because it can. If you cannot, then redo the message and keep trying.

What are the key mitigations? As mentioned, review the major ransomware support references and build, tailor your own; whereas there are some common items to ensure are assessed, and in many cases must be verified / audited if need be (for example, have IT proved they can restore critical data, and just what data do they store, where?). The ransomware mitigations effort must be aligned and part of your overall risk-based security strategy, which must also account for data leak/breach, resilience, etc. That is why your formal risk register must keep track of all the risks, priorities, status, etc. – as most of us have a lot of risks, with the top business risk value efforts being done first. So, there it is – your top MUST DO task – use a risk register to account for all your risk assessment efforts; use it to show stakeholders the overall organization’s risk story – how their key business success factors are being supported.

As for what matters - it all does, and of course it depends, as the relative risks vary by environment and some measures can be “good enough’ while resources are used elsewhere to drive that risk down. The dozen items listed below are but one view, as many others exist, yet these tend to be key in both ransomware risk mitigation and overall risk reduction in general. That said, please skim the resources below and decide what matters for your environment – collectively they will capture a risk-based ransomware protection plan.

Risks and Rewards of Open-Source for the Enterprise

(Tom Sweet - Contributor VP Cloud Services, GM Financial) — Mon, 15 March 2021 20:37:00 GMT

Open-Source is Widespread

The software of today is built using open source. A 2020 Open Source Security and Risk Analysis report by Synopsys states that 99 percent of 1,250 audited applications contain at least one open source component. Some of the most popular programming languages today, including .NET Core and Node.js, are open source, along with Docker and Kubernetes, the two hottest applications for containerized applications and workloads.

One particular “chat” application found on GitHub has over 1,600 OSS components. It is not uncommon to have 10 or more different versions of the same component in various applications across the enterprise. Total component count can often be measured in the tens of thousands because OSS is cascaded inside other OSS, and what you thought was one component may in fact be 200.

Open-Source Risks

The first OSS risk to understand is the use of vulnerable software components. Just like commercial off-the-shelf (COTS) software, OSS can have bugs. Often, these vulnerabilities are addressed quickly in a newer version or release. Unfortunately, consumers of the older versions may not be aware of either the vulnerability or the available update. Remediating vulnerabilities in your environment may introduce a whole lot of unplanned work, and as a result, delivery can be delayed. With potentially thousands of open-source components in use in an organization, keeping up with all the vulnerabilities can require a small army.

The second risk involves OSS licensing. The chat application mentioned above had over 100 different license agreements within its internal components. OSS license agreements can be complex, but they generally fall into one of two groups: permissive and copyleft/restrictive. If you choose to distribute your software, permissive licenses allow you to distribute the OSS without any substantial restrictions on licensing. Copyleft requires you to offer any source code created with that component available under the same licenses. Copyleft means that all the code your developers wrote for your new whiz-bang application needs to be given away for free, but if you use permissively licensed OSS you do not have to do this.

An additional risk arises when using abandoned versions of OSS. These versions create problems if they contain security and other vulnerabilities, and no one in the community is maintaining them.

A company needs to understand its software supply chain - what all the components are and where they come from. According to the Sonatype's 2019 State of the Software Supply Chain Report, 79 percent of organizations not practicing DevOps do not have a software bill of materials. Industry best practice is to use tools such as Sonatype Nexus or JFrog Artifactory to store local copies of the components needed to build applications. Then, if an Internet outage occurs and your team is temporarily unable to get to the open-source central repositories, you will have cached copies locally, which supports your business continuity/disaster recovery plans.

Open-Source Action Plan

Educate your legal and contracts teams on risks and concerns. Agree on a set of license agreements which your company is comfortable with. You may consider starting with the MIT and Apache 2 licenses because many of the large OSS packages, including Microsoft’ use them.
Invest in OSS management tools. Auditing and scanning for OSS manually is not realistic in the enterprise, and if you have in-house development teams, the landscape changes daily. Most developers do a great job finding open source, but are not so great at reading licenses, often just clicking “Accept” when presented with one. Acquire the tooling that is the best for your needs, such as Sonatype Nexus, Synopsys BlackDuck or something similar. As your teams move to continuous integration and DevOps, ensure these tools are included in your DevSecOps pipelines to ensure that licensing, vulnerabilities, and encryption are scanned for compliance. Work with your cybersecurity, software, and governance/risk/compliance teams to agree on a level of risk and stick to it! Hold the development teams accountable and reject any software build that exposes the company well before production.
Create an internal education program to teach the IT team how to use the new tools along with reasons why. This would be a similar program to the phishing education programs that cybersecurity teams deliver to the enterprise.
Give back to the open-source community. Once you are sure that you have the above covered and have the tooling in place, you will eventually find vulnerabilities in the OSS your teams use. While many issues will already have available fixes, others you will need to fix yourselves. Once you fix these, you should then share your fix back to the specific open-source community who maintains the project. This is about more than just being a good citizen in the open-source world though. If you do not do this, you will be forever “forked” between later versions coming from the open-source community and your custom version that you must maintain, and which requires constant syncing. This is not sustainable long-term for even one package.
Consider releasing some applications or projects as open-source. Many times, teams create internal tooling or other software that is not especially proprietary and can be shared. By posting to a site such as GitHub, you can not only give back, but you can see who from outside your company is contributing to your projects. These contributors may be the type of talent you wish to hire. These online projects establish your company as a leader, creating a following of contributors. Much of the top talent wants to work with open source, so recruit from your own OSS projects.

When creating value for your business partners, speed matters. Reinventing the wheel by not using OSS only causes delays and lost opportunity costs. Open-source software is an accelerator.

Thomas J. Sweet is VP Cloud Services at GM Financial. Sweet is passionate about Digital Transformation, DevOps, Agile, Cloud, and attacking the talent shortage head-on by investing in his teams. His views are his own and not that of his employer, GM Financial.

2021 CyberSecurity Excellence Award – Team of the Year (North America).

(Michael Madero - Contributor AVP, Mr. Cooper) — Tue, 6 April 2021 16:15:00 GMT

Recently I had the privilege of leading the implementation of SailPoint IIQ for the usual reasons’ companies go on such journeys (compliance with regulatory and/or audit requirements) and I’m happy to say our team was successful for all the usual reasons (lots of hard work and sacrifice by all involved). We were even rewarded with a nomination and eventual recognition for the 2021 CyberSecurity Excellence Award – Team of the Year (North Amercia). However, I want to talk more about what we learned during that journey than the journey itself.

First, don’t let your past successes prevent you from delivering what’s best for your current situation.

It is human nature to figure out a “recipe for success” for a given problem and then apply said recipe anytime said problem presents itself. We even put a bunch of our favorite recipes together and call them “best practices”. It is no different with large implementations, especially when there is a large price tag involved. We want to be as certain as we can that we will be good stewards of the trust that we are given. In my experience, most Identity Management implementations take two to three years. Typically, we start with base provisioning and then build in an application request workflow and reconciliation cadence with key applications, usually no more than six to ten to start with. What we really needed was a huge improvement in all our user access reviews, which would typically come, at the earliest, at the end of year one. Typically, I had to decide whether to ask our Senior Leaders to continue to bear the current state for another year along with the increased risk while we took the typical life cycle approach. Again typically, the only other option would be taking a more unorthodox implementation approach with greater risk while delivering the pieces they needed first instead of year two. The lesson here is to succeed faster and more comprehensively by using the tools as well as our knowledge and experience.

Second, do not be afraid to use all the tools at your disposal, even the older ones.

As a weakness, we had manual processes that involved collecting, transforming, staging, certifying, and finally reporting on the data. What typically gives an Audit organization heartburn is a lack of evidence that your processes are “complete and accurate”. While end to end automation is the prescribed elixir here to produce accurate logs and reduce human error, time can sometimes limit what is possible. In our case, it was faster and easier to create transformation scripts for the source data files using the toolset from our old provisioning engine. We created a staging database to receive the transformed data from our scripts.The logs were kept courtesy of the old provisioning engine and we now had ONE JDBC integration for our new platform with associated lifecycle rules instead of forty. We learned that it is not necessary to build out all new roads to lead to your destination. Sometimes you need to use some of the older roads to keep your traffic moving while you complete higher priority objectives.

Third, be the rock and do not lose your cool.

People get sick. Loved ones have emergencies. People react to stress differently, but by and large, they do not perform better if you pressure them when they are dealing with external issues beyond their control. Stressful situations will come at critical junctures so resist the urge to appeal to their sense of guilt. Avoid using fear, regardless of how real that fear is for you. Instead, an investment of empathy and a reasonable amount of understanding will pay huge dividends. Remember, all eyes will be on you, especially those of your team. When you show them that you, their leader, has their back they won’t be looking over their shoulder and checking their six. It is hard to move forward with alacrity if your attention is on what is behind you. You will be spending a lot of time with your team under less-than-ideal circumstances (i.e. not enough time, too much to get done, you broke what?) and you will need their trust. Earn their trust and they will go to the wall for you. Appreciate them accordingly and they will continue to follow you and go to the wall for you again.

I said at the beginning that I had the privilege of leading a team on a successful journey.

To me, that is what leadership is: a privilege. It is also one of the greatest responsibilities you will have: to mentor the next leader(s). Knowledge, skill, and experience gets us to the mountain. However, it is your team that gets you to the summit. Use your skill and knowledge to help identify a new efficient solution to a problem your team is trying to solve. Challenge your team by asking them what they can do to work around gaps using whatever is at hand to buy time for the final solution. Be there for your team with words of wisdom, advice, encouragement, understanding, and most importantly, appreciation. Don’t miss an opportunity to recognize key individual contributions in leadership team forums/meetings so they are familiar with those names during merit and calibration meetings. Now, more than ever, I think people will be more likely to choose the “who” they want to work for rather than “where” they want to work as proximity becomes less and less important. Be the leader that makes your organization the best place to work because for most of us, the free coffee and snacks are not nearly as relevant as they used to be.

An Effective Cybersecurity Program: People, Process, and Technology … No, Really

(Rick Velasquez - Contributor SVP, JISO, Texas Capital Bank) — Thu, 29 April 2021 20:44:17 GMT

I have heard and experienced technology leaders talk about the importance of People, Process, and Technology, but often what I have seen is heavy on technology, some on people, and less on process. Striking a good balance and having all three overlap is what builds true effectiveness in a program, provides better security, and more Return on Investment (ROI).

In the absence of a good balance, people tend to get burned out, which leads to higher turnover. In turn, your organization begins taking on more risk, therefore increasing the likelihood of cyber incidents. Would it surprise you to know that over 50% of significant cyber incidents are related to human error? Whether it’s misconfiguration, poor coding, or simply sending data to the wrong recipient, cyber incidents fall into the category of unplanned work.

Unplanned work is the worse type of work for any organization and cyber incident response often lives in this space, especially when other foundational elements are not built out. What most people don’t realize is, when there is a cybersecurity incident, it’s not just the incident responders that have long disruptions in their schedules, but also application teams, database teams, legal, and others. The unplanned work due to cybersecurity incidents can have a broad impact on deliverable schedules.

So, let us take a look at three foundational elements that can reduce the risk of unplanned work, reduce the risk of employee turnover, provide better ROI, and build out a more effective program. Let us define People, Process, and Technology.

People

1. Are you right sized for the size of your organization, the complexity of your environment, and the number of tools the team is being asked to own?

a. When doing product evaluations with vendors, I like to ask how many Full Time Employees (FTE) are typical for implementation and how many FTEs for ongoing operations and continued tuning?

b. If you have three team members and 40 tools they need to manage, you are likely to have tools barley in place and doing the bare minimum. Team members will not have time to truly dive into a tool to understand it, configure it as it should be, and regularly tune it or build out actionable alerts if the tool is capable.

2. Are you providing opportunities, including time, for team members to be trained?

a. Training doesn’t always require a large budget. There are lots of free conferences team members could attend and you can also check into vendor provided lunch and learns.

b. Schedule a weekly Technical Interchange Meeting (TIM) where team members are encouraged to share something they learned over the past week that would benefit others. They could throw a few bullets on a slide or just speak to it. Keep it simple and relaxed. Each team member wouldn’t be required to present something each week, just when someone has something. Have a floating agenda that could be added to.

c. Paying for a few courses isn’t all that bad either. Although you can sometimes get more out of it if you bring an instructor in and invite people from other teams as well.

3. Are you providing clear strategic guidance, so the team understands where they are going and why?

a. It’s amazing how many times I’ve had team members express their appreciation for providing guidance and direction.

4. Expressing appreciation

a. Company awards are nice to give out in front of peers, but just saying “I appreciate you” or “great job”, can go a long way.

Process

1. Have you set expectations with your team/department to document processes?

a. There will be turnover of personnel and people take time off, but having processes documented and stored in an organized fashion will help with Continuity of Operations (COOP) and helps to keep a program maturing instead of constantly starting over in areas.

b. Documenting processes can also help to identify areas that can be automated.

2. Have you set expectations to document configurations, or at least variants from best practices or hardening standards?

a. There is a lot of value in storing configuration documents and variations from best practices, in a centralized location.

b. For any best practice or hardening standard, there might be a list of 20-400 controls. Understand what you are applying in your environment and why you are choosing to do something different from what’s recommended. Keep it simple, ask the following for each control:

i. Are we accepting and applying the recommended control?

ii. Are we modifying the recommended control? If so, why and make sure to document it.

iii. Are we choosing not to implement the recommended control? If so, why and make sure to document.

3. How effective is the vulnerability assessment and patch management program?

a. Some call it vulnerability management, but I like vulnerability assessment better as this team is usually not the team to actually manage the vulnerabilities, that is typically under patch management.

b. Are vulnerabilities identified, prioritized by risk level, and communicated to leadership as to how long they have been opened and unpatched?

c. Unpatched systems/devices add a significant amount of risk into an organization.

d. Is patch management under a centralized team, a couple of centralized teams, or left to the server owners who could be spread across multiple applications teams? A dispersed patch management program tends to be much less effective.

Technology

1. How much is too much?

a. No one has an unlimited budget and just because you have multiple layers and 40 different tools, does not mean you have an effective program or good security.

b. Do not look at a suite of a particular package as one tool, because many times team members will need to fully understand each component/module within the suite.

c. If you are not adjusting the FTE count as you continue to bring in more and more tools, then you will not be able to get the most from the tool and your opportunities to train and document processes will suffer.

d. Is the latest security concept worth purchasing? Maybe. Let us first look at if you are getting significant value from what you have.

2. Are you fully leveraging what you currently have?

a. It is critical to pay attention to the balance of people and process as you add more tools in. Will your people have appropriate time to train, fully understand the tool, and document processes and configurations?

b. More tools do not mean better security, it can mean worse security if there isn’t a balance with people and process. You can quickly be at a point where all you are doing is maintaining the operations and upgrades or the tools instead of fully understanding and leveraging their capabilities. This can give you a false sense of security and make for an extremely uncomfortable conversation with the board when you try to explain how you were breached after spending so much money on tools and discussing the various security layers.

c. Fewer tools can often be better security if you provide your team with capacity to understand the tool and document along the way. This also means setting the expectation and holding the team accountable to do so.

3. When do you add more and where?

a. First determine where the largest risk is. You can choose one of the cybersecurity frameworks and overlay the kill chain (advanced stages of an attack) with the areas it fits.

b. The goal is to have effective coverage in each area, then to increase additional coverage in the earlier stages of the kill chain, as the exposer gets more and more expensive the deeper an attacker gets.

c. As you consider adding a new tool or technology, make sure to ask if it can replace something else.

d. Can you reduce your vendor footprint without sacrificing security?

i. There can be value in the integration of various tools by a particular vendor but be careful not to sacrifice security to an unacceptable level. Also be aware, several tools under the same vendor might have been through acquisitions and might not provide the integration you are expecting.

ii. I would not have a goal of reducing to one vendor, but instead just focus on reducing vendors where feasible. Lots of vendors are now covering several different areas.

Rick Velasquez is SVP Joint Security Operations at Texas Capital Bank. Rick is passionate about building effective security programs, building people up, equipping them, and empowering them. His views are his own and not that of his employer, Texas Capital Bank

Connected Communities - Preparing the Enterprise for the Future of Smart Cities, Counties, and Airports

cjy@eitevents.com (Casey Yarbrough) — Mon, 11 January 2021 19:38:46 GMT

We are extremely excited for our upcoming ElevateIT: DFW Technology Summit on May 19th, 2021 at the Irving Convention Center. We thought we would share some insight from local leaders who spoke at last year's event.

Please enjoy this insightful panel, moderated by Patrick Benoit - Global BISO, CBRE, with special guests:

Eric Yancy - Chief Security Officer, City of Irving

Michael Anderson - CISO, Dallas County

Sonya Bridges - AVP of Technology, DFW Airport System

Be sure to join us this year by registering to attend at: REGISTER and use code EBT21 for complimentary admission.

Hoe AI en ML criminaliteit kunnen voorspellen - en bestrijden

cjy@eitevents.com (Casey Yarbrough) — Tue, 18 June 2019 10:40:00 GMT

AI/ML wordt in de misdaadbestrijding al jaren gebruikt voor het vaststellen van de identiteit van de daders, de verblijfplaats van de daders op het moment van een misdrijf en hun handelingen en hun verblijfplaats voorafgaand aan en na een misdrijf. Handmatig zijn dit lastige taken, maar AI-categorisering door middel van het doorzoeken van enorme hoeveelheden visuele gegevens, samen met ML-gedragsscripts geven AL/ML-algoritmen de mogelijkheid menselijke fouten te elimineren.Het voorkomen van geweldsdelicten "Voorspellende misdaadbestrijding" is de praktijk van het identificeren van de datum, tijden en locaties waar specifieke misdrijven het meest waarschijnlijk zullen voorkomen, en vervolgens het plannen van politie-inzet om in die gebieden te patrouilleren in de hoop dat er geen misdrijven zullen plaatsvinden, waardoor de buurten veiliger worden gehouden. Na veel onderzoek en input van grote politiediensten in samenwerking met softwareleveranciers zijn de voorspellende analysemodellen voortdurend verfijnd. Verdere conclusies hebben prioriteit gegeven aan het verzamelen van de drie belangrijkste datapunten: de datum en het tijdstip van het misdrijf, de locatie van het misdrijf en het soort misdrijf - en dus aan het vereenvoudigen en mogelijk verminderen van het verzamelen van gegevens.To read this article in full, please click here Read More @CIO

Being Open to Open Source with Chris Wood, Fellow for Lockheed Martin

cjy@eitevents.com (Casey Yarbrough) — Tue, 29 September 2020 13:00:00 GMT

A title of “Fellow” is granted to only the top 1% of those within an organization that meet its highest overall depth and breadth of skills. You must apply for the honor and only the very select few receive such an honor. Chris Wood, a brilliant engineer for Lockheed Martin has been granted the honor of “Fellow” for Lockheed Martin. Although Chris has acted as a CIO, his breadth and depth of experience far surpasses that of typical CIO from having 40 + years of experience in just about every facet of the Aeronautics industry.

“My father was in the Air Force working at Andrew’s Air Force base when I was just a boy and I was hooked on planes from then on.” Chris is a pilot with a fascination for continuous learning and has worked with young people using Open Source software for their first projects. An advocate for STEM, Chris has a soft spot for open source technology.

Open source tools began being inserted into new software product development in early development days to speed up product development. The continued difficulty is that Open Source has an extreme amount of vulnerabilities so, cybersecurity teams had their hands full shoring these up and making the product less exposed.

Since the result will be embedded in the controls of a plane, software safety pertaining to automation took on a new priority and testing for the worst-case scenario became a part of the process.

Predicting the worst case, hoping we actually know what that is and being able to test for it can be difficult. The more automation, the more possibility for error due to complexity. With software and automation complexity there is a need for continuous training and knowledge in both cybersecurity and development. Watch and Listen to Chris Wood as he imparts his wisdom for up and coming product developers and cybersecurity professionals.

No Experience, No Job; No Job, No Experience with Jessica Nemmers, CISO for Elevate

cjy@eitevents.com (Casey Yarbrough) — Mon, 21 September 2020 13:00:00 GMT

Jessica’s career spans from professional ballerina to CISO serendipitously from her ballet company closing due to lack of funds. She pivoted and reinvented herself having great support from her mentors paving the way. Having worked for Electronic Data Systems (EDS) and Perot Systems she became passionate about cybersecurity early in her career.

“There is a shortage of cybersecurity talent estimated to be a 3.5 million deficit in 2021,” (Gartner reports), stated Jessica. “There were only 20% women with CISSP certifications in 2019 and only 14% women CISOs or CSOs for Fortune 500 companies.”

Jessica’s goal is to be an influencer in bringing more women into the cybersecurity field through addressing possible opportunities when these positions become available and mentoring. With so much need and increased budgets women can find a rewarding career in cybersecurity.

Previously, cybersecurity was viewed as a function of Information Technology (IT) by Key Stakeholders, so budgets were tight and therefore, cybersecurity teams were small. Small teams meant Leadership had to hire the best of the best that could be found leaving little room for training new recruits. “We have doable options to fill the gap,” says Jessica.

That paradigm is beginning to shift with cybersecurity being risk based instead of a function of IT. Defending the company is now viewed as a part of Corporate Governance because a cyberattack can mean the loss of millions of dollars and even possible bankruptcy for a company.

“We need a Farm Team,” says Jessica. One option is to share resources across companies for comprehensive training and to reduce costs. Exploring this and many other options will help fill the cybersecurity talent gap. Now is the time for a great career in cybersecurity. Watch and listen to Jessica help pave the way for the NexGen cybersecurity professionals.

Beating the Pandemic Blues for Corporate, with Deepak Seth, Accenture Principal Director

cjy@eitevents.com (Casey Yarbrough) — Tue, 8 September 2020 13:51:00 GMT

Deepak says, “The 2 most critical challenges facing our future post Covid are 1) Business Resilience and 2) Cost Optimization.”

So where do go from here? What are the top priorities facing Leadership for Governance? Rigid thinking is thing of the past and radical rethinking is the new paradigm as it pertains to People, Processes, Technology and Information (Data).

People (resources) must be utilized at their fullest potential therefore, automating processes with more culturally effective and market flexibility is key. Through implementing technologies that include machine learning and artificial intelligence, resources can be removed from mundane activities producing 2) Cost Optimization through effective use of resources while creating 1) Business Resilience.

Effective planning to automate the capture and classification of data will require futuristic predictive Leadership and maybe even a crystal ball. Those better at forecasting accurately, making on-target governance decisions will lead with higher market share.

Automation will enable companies to be resilient, adaptable and continue to keep them relevant. We are in a Data Revolution, Now and for the foreseeable future.

Watch Deepak break down what can seem to be a complicated governance strategy and explain the post-Covid direction in simple terms.

Building the Path to IT Leadership with Raymond King, IT Director

cjy@eitevents.com (Casey Yarbrough) — Tue, 1 September 2020 13:30:00 GMT

Raymond King is an Information Technology (IT) 25-year veteran who has steered his own career through systematic decisions and continuous learning.

In the past, IT was considered overhead from a budget perspective. Now and for the past few years, Digital Transformation has surged to the forefront for businesses. Covid has only increased momentum for technological advances and adoption.

Key stakeholders now focus on using technology to mine their captured data along with those in technology positions to create a competitive advantage. Across every industry, “the business’s” relationship with its customers is enhanced through digitized data creating its competitive edge in the market.

In the early stages of technology Raymond was assigned a leadership role in the pharmaceutical industry which gave him a unique advantage to lead a comprehensive security and compliance project. That was a pivotal moment and recently, he has spent much time in continuous learning and has achieved ITIL, Cobit and his CISSP certifications.

Raymond said, “the CISSP certification was extremely broad and comprehensive.” He continued to add, “Although you have to know the stack, the CISSP is more about strategy pertaining to the business and less about technical knowledge.”

Like Raymond, are you looking for some career direction?

Watch and listen to Raymond King’s paradigm shift due to his pursuit of the CISSP

along with his recommendation for these two resources to prepare for the CISSP exam: Sari Green’s Training at https://sarigreenegroup.com/cissp-training/ and Luke Ahmed’s study notes and theory found at https://www.studynotesandtheory.com/blog/author/Luke-Ahmed

DigiSchools by AmazeOne

cjy@eitevents.com (Casey Yarbrough) — Wed, 15 April 2020 18:32:52 GMT

DigiSchools School Community Platform is the most affordable, totally comprehensive, modular cloud-based Educational System that runs on Windows Desktop, Windows Laptop and (IOS & Android) mobile devices. All Digi products including DigiSchools are hosted on Microsoft Azure in highly secured data centers in New York and California with a simple, intuitive dashboard offering minimal click navigation. Although there many school management platforms available including Google and Microsoft, DigiSchools is the most affordable and comprehensive School Community & Communication Platform I have seen with a full 360? institutional view through a single pain of glass including 1) Administration Management, 2) Teacher and Faculty Participation, 3) Parents Interaction and 4) Student Education & Activities.

Administration & Staff Management	Teacher & Faculty Digital Instruction	Parents & Student Teacher Guidance	Student Digital Lessons & Assignment
Class Curriclua & Lesson Plans	Attendance & Behavior Tracking	Grades & Report Cards	Admission Process & Accounting

Manage your complete admission, accounting and billing processes from the beginning with digital online enrollment, class scheduling and payment of fees simply and intuitively.
Streamline your full administration of one school branch to an entire school district to save time and overhead costs enabling more dollars spent on education.
Free simple integration professional services with existing financial systems and other systems already in place.
Improve teacher to student and parent, parent to teacher and student to teacher communication through mobile applications and desk and laptop platforms.
Disseminate digital assignments, tests and grades easily allowing each student to learn digitally at his or her own pace with direction and supervision.
360? view for all educationally processes at a fraction of the cost of other platforms.

To ask questions on an online live meeting or receive more information: Read More

Is it even possible to overcome built-in AI/ML bias?

cjy@eitevents.com (Casey Yarbrough) — Tue, 24 September 2019 12:04:00 GMT

Machines are fed mounds and mounds of data to extrapolate, interpret and learn. Unlike humans, algorithms are ill-equipped to consciously counteract learned biases because although we would like to believe AI/ML correlates to human thinking, it really doesn’t. AI/ML has created what we have determined to be the newest industrial revolution by giving computers the ability to interpret human language and without intention, it has learned human biases as well.So, where does the data being used by AI/ML systems come from? Most of this historical data comes from the same type of people who created the algorithms and the programs using the algorithms which until recently has been those socio-economically above average and male. So “without thinking” or intent, gender and racial biases have dominated the AI/ML learning process. An AI/ML system is not capable of “thinking on its feet” or reversing this bias once it makes a decision. The point is AI/ML systems are bias because humans are innately biased and AI/ML systems are not capable of moral decisions only humans are; at least not yet any way.

To read this article in full, please click here Read More @CIO

AI/ML in education closes the gap on income inequality

cjy@eitevents.com (Casey Yarbrough) — Tue, 6 August 2019 12:00:00 GMT

Today, every man, women and child no matter his or her origin, race, or economic circumstance can enrich their lives through educational made available through AI/ML educational learning systems. The caveat is connectivity access. Education assures equality and I believe is a better use of appropriated inequality funds rather than doling them out. I am a proponent of “teaching to fish” for the long-term. Education for all peoples in all countries with all languages will be as equally disseminated depending on the availability of connectivity and AI/ML educational systems. And if not easily available at home, schools and universities can incorporate AI/ML education; local libraries, churches, warehouses, parks, restaurants, offices and group homes can provide connectivity. Anywhere connectivity exists so can education thanks to AI/ML. We in the US need to put our efforts into making sure WI-FI or the next evolution of connectivity is available everywhere then supporting AI/ML educational systems.

To read this article in full, please click here Read More @CIO

Smart devices may be hazardous to your health

cjy@eitevents.com (Casey Yarbrough) — Wed, 31 July 2019 11:13:00 GMT

The International Agency for Research on Cancer (IARC) a division within the World Health Organization (WHO) has determined that non-ionizing radiofrequency radiation (NRFR) – which is emitted from cellphones, laptops, home appliances and all smart devices – may ultimately be hazardous to your health, as well as the health of your children and your employees.The WHO has classified NRFR as a Class 2B Carcinogen, in the same category as automobile exhaust, DDT, Titanium Dioxide found in sunscreens, etc. The effects of Electro Magnetic Frequency (EMF) have been insignificant until recently and as devices continue to permeate our homes, schools and work, WHO is beginning to issue caution because EMF is showing up as the cause of cancer.

To read this article in full, please click here Read More @CIO

Why AI/ML is top of mind with corporate executives

cjy@eitevents.com (Casey Yarbrough) — Tue, 23 July 2019 12:19:00 GMT

Early adopters embrace AI/ML Only early adopter corporate executives with a better than average understanding of the AI/ML cognitive processes have whole heartedly embraced AI/ML implementation across the enterprise. The majority of the rest of corporate executives are evaluating AI/ML in baby steps measuring risk vs. return. Following those executives and measuring AI/ML concerns and prospective adoption are top data analyst organizations like Deloitte, McKinsey, PricewaterhouseCoopers (PWC), Forrester and IDC. Surveys have shown that during early stages of AI/ML development, there was a rush to implement across the whole enterprise.Recently, adoption has slowed with executives beginning AI/ML pilots in predictable successful segments of their operations. As AI/ML products and services are developed the industry predicts at least 73% of corporate executives will implement some form of AI/ML not to eliminate people but to more effectively reposition them and fill gaps in a cost-effective manner. Retraining not only keeps the employee loyal and growing within the company but fills a position desperately needed that has been hard to fill with less cost.

To read this article in full, please click here Read More @CIO

Can private online communities drive corporate cultural change?

cjy@eitevents.com (Casey Yarbrough) — Thu, 18 July 2019 13:43:00 GMT

AI/ML will gather behavioral data and – through a system of assumptions and calculations known as analytics measurement – create both positive outcomes along with possible negative ones. Where is corporate governance and corporate culture in this readjustment out of public social media platforms and into private social community platforms?Today, good governance is a must have Facebook, the largest online public social media platform, was founded in 2004 and until recently has gone unchecked by oversite; typical for the first and the largest of its kind. There is now moral outrage from much of the social media community over Facebook’s continued lack of ethics.

To read this article in full, please click here Read More @CIO

Are you happy with chatbots replacing humans?

cjy@eitevents.com (Casey Yarbrough) — Tue, 9 July 2019 12:05:00 GMT

At least 95% of business professionals according to Forester have stated that utilizing chatbot to gather customer transactional history through live customer interactions is very important. Customer-facing tools like websites have been gathering and tracking customer traffic and performing search engine optimization (SEO) to stay “top of mind” for many years.The hope is that chatbots will gather immediate real time “buying” habits supplying data to a backend analytics engine that can offer suggestions and increase sales. Ultimate, the view is that a customer may answer chatbots more easily than real customer service people when requested for personal data. Is talking to a personal machine easier then to a person? Many customers have said that they answer without thinking because it is less personal talking to a machine. We opt-in without thinking. Why not chat with a bot without thinking?

To read this article in full, please click here Read More @CIO

As AI/ML permeates our lives, is privacy a thing of the past?

cjy@eitevents.com (Casey Yarbrough) — Thu, 27 June 2019 12:01:00 GMT

Debates on privacy continue between the business tech titans and the policy/lawmakers. Some tech titans, like billionaire Elon Musk, warn against the ensuing crisis of AI/ML – but they are in the minority. Too much good can be created and above all too much money can be made. There is a belief that the country that achieves more in AI/ML will dominate the world’s economy. So, it’s not a question of if but when freedom and privacy may be sacrificed on the road to “bigger, better and faster.”Are we headed for a privacy disaster with AI/ML? AI/ML needs massive amounts of your data to effectively analyze your behavior. The concern is that AI/ML becomes so precise in its ability to predict your actions that an AI/ML machine will think and act along a path predicting your future actions. There is no privacy with AI/ML due to its ability to predict an infinite number of steps ahead of you based on your predetermined actions; mimicking your future behavior, along each step’s path. Although it’s 2019, George Orwell in his book 1984 (published in 1949), warned of the possible risks that could lead to repressive and regimented actions. Could the achievements in the 4th Industrial Revolution end in disaster with the machines dominating humans? Well, it might be the few tyrannical humans who control the machines who control the rest of us.To read this article in full, please click here Read More @CIO

How AI/ML is helping to eradicate poverty

cjy@eitevents.com (Casey Yarbrough) — Tue, 18 June 2019 14:00:00 GMT

Outside the US, the definition of poverty is income of $1.50 a day or less per individual. In the United States the definition of poverty is income less than $34 per day per individual or a family of four with income less than $69 per day. After much research, experts have agreed that low income is only one indicator of poverty and a more accurate indicator is the measurement of consumption. It is necessary to fully understand what factors affect well-being therefore measuring consumption was determined a more accurate indicator of poverty.To know how to find solutions to poverty, we must first define the parameters and scope of poverty. The causes of poverty, the location of poverty and measuring consumption are factors involved in determining well-being and by extension a few of the data points that govern well-being. Next through the process of measuring on a previously defined and acknowledged scale, a threshold determination is agreed upon.To read this article in full, please click here Read More @CIO

Can crime be predicted with AI/ML?

cjy@eitevents.com (Casey Yarbrough) — Tue, 11 June 2019 14:00:00 GMT

For many years, AI/ML has been used to establish the identity of perpetrators, the perpetrators’ whereabouts at the time of a criminal act and their actions and whereabouts prior to and following a criminal act. By hand, these are arduous tasks but AI categorization sifting through massive amounts of visual data along with ML behavior scripts AI/ML algorithms can eliminate human errors especially in witness identification and therefore increasing arrest accuracy. Public data collection can impede violent crime “Predictive policing” is the practice of identifying the date, times and locations where specific crimes are most likely to occur, then scheduling officers to patrol those areas in hopes of preventing crimes from taking place, therefore keeping neighborhoods safer. After much research and input from major police departments in cooperation with software suppliers, predictive analytic models have been continuously refined. Further conclusions prioritized collections of the three most important data points: date and time of the crime, the location of the crime and type of crime – therefore, simplifying and possibly reducing data collection.To read this article in full, please click here Read More @CIO

The invention of voice recognition, this century’s phenomenon

cjy@eitevents.com (Casey Yarbrough) — Tue, 4 June 2019 12:19:00 GMT

DARPA’s RATS program Recent documents from DARPA show that they are in the third phase of their already initiated Robust Automatic Transcription of Speech (RATS) program. Until recently, the accuracy of speech recognition and differentiating signal processing was in question and not effective enough for military applications. The RATS program with initial funding of $13 million and then an extra $2.4 million for Air Force deployment was designed and stipulated to produce algorithms that correct former development flaws by: Separating speech patterns to filter out music and background noise. Determine the language of the speech. Provide Identification for a single speaker or multiple speakers. Analyze and identify specific word patterns. The DARPA RATS program has included IBM, the Massachusetts Institute of Technology (MIT) and other universities like Carnegie Mellon, John Hopkins, the University of Baltimore, the University of Maryland, the University of Pittsburgh and universities located in Czech Republic, Spain, England and Denmark. It has included research from Raytheon along with research from Stanford Research Institute (SRI).To read this article in full, please click here Read More @CIO

Are tech/business evangelists necessary to ensure your company stays relevant?

cjy@eitevents.com (Casey Yarbrough) — Wed, 22 May 2019 13:00:00 GMT

Technology/business evangelist is a fairly new position in many companies, but an absolutely necessary one and well worth the price tag to maintain resilience and relevance. In this day and age affective communications between the C-suite stakeholders, vendors, partners, potential customers and investors are extremely important to every business whether it be start-up, mid-tier or enterprise.Entrepreneurial energy is running rampant and the lifespan of companies are “here today, gone tomorrow” – whether being acquired or falling short. Technology/business evangelists on the payroll can make the difference in a company’s longevity and reputation.To read this article in full, please click here Read More @CIO

Made in India? Vietnam? Mexico?

cjy@eitevents.com (Casey Yarbrough) — Wed, 15 May 2019 11:55:00 GMT

India has to play catch-up Although India has been on US manufacturer’s radar for many years, India has growing pains to meet manufacturing production support demands and therefore their confidence. India’s completely unhinged economic development ecosystem and political instability can’t compete with China’s 10% year over year economic and technological growth as well as cheap labor. Last year, Samsung opened in India, what Samsung claimed is the world’s largest mobile phone plant in order to meet the global phone demand.In January of this year, Apple moved some of its iPhone assembly from Foxconn China to Foxconn India. Hon Hai Precision Industry Co., Ltd., better known as Foxconn, known for its ill treatment of its workers and stated to be the world’s largest multinational electronics manufacturing company that has its headquarters in Taiwan. Foxconn’s customer list includes Amazon, Apple, Blackberry, Nokia and Sony just to name a few. Samsung does its own manufacturing as well as some of Apple’s and has reported making more money from its manufacturing for Apple over its own Samsung mobile phones. The view is “If US manufacturers help build it the growth and benefits will come.”To read this article in full, please click here Read More @CIO

Peace or ‘Star Wars’ – US vs. China

cjy@eitevents.com (Casey Yarbrough) — Tue, 7 May 2019 11:17:00 GMT

Collateral damage is not important to China as it demonstrates its insatiable thirst for advancement and economic domination. China’s leverage of its year over year 10% economic growth has made its technological R&D arsenal in 5G, AI, mobile devices, lasers and space weaponry formidable. China’s Huawei, the world’s number one telecommunications company whose founder Ren Zhengfei was once a member of the People’s Liberation Army, holds second place for most International 5G Patents. ZTE, another Chinese telecom company, is said to hold third with Samsung from South Korea first.In 2018, Apple took a back seat to Huawei as the second largest smartphone supplier. China launched their “New Generation Artificial Intelligence Development Plan” (AI) in 2017, with focus on facial recognition for surveillance. Even scarier, China’s electromagnetic laser and microwave weaponry deployed to attack war ships and military facilities and as “anti-satellite” (ASAT) next generation “Star Wars” space weapons.To read this article in full, please click here Read More @CIO

Lithium-ion a pawn in economic domination

cjy@eitevents.com (Casey Yarbrough) — Thu, 2 May 2019 12:24:00 GMT

The demand for cobalt far out paces its production. Lithium cobalt oxide cathodes consist of 60% cobalt and offer unbeatable energy density. For the Dominican Republic of the Congo (DRC), cobalt is a global political pawn. Manufacturers of rechargeable Lithium-ion battery storage or manufacturers requiring these batteries are locking in cobalt delivery now for the long-term to take advantage of the current dip in the cobalt market. Limits of available cobalt may cause hording or price increases; therefore reduced digital-device and electric-vehicle release speeds and speed for adoption.Precarious and precious cobalt landscape Switzerland’s Glencore with $58 billion in market share is the world’s largest commodity producer with mines in 50 countries and the prime cobalt producer in the DRC. Composites of cobalt can be coupled with other mineral deposits when they come out of the ground. The DRC has a limit on uranium exports that prevents some composites of uranium with cobalt ore being exported. Glencore’s construction of an ion exchange plant would remove uranium from the ore thus allowing more cobalt supply availability for export. Unsuccessfully trying to manipulate and control its most prize commodity, the DRC Mines Minister Martin Kabwelulu Labilo, directed Glencore to suspend construction of its $25 million ion exchange plant and in a fit of insanity, ordered suspension of all cobalt concentrate exports. Thankfully, he came to some sense and retracted his last order the very next day.To read this article in full, please click here Read More @CIO