Wednesday, November 9, 2016
The good news here is that the voters are the investors. Moreover, Trump has never cared about any of the states that voted for him and won’t again for 4 years. He’ll only do their bidding if it lines his pockets or those of his friends. Maybe he won’t ruin America, our civil rights, and blow up the rest of the world like he’s promised to.
Let’s just hope he doesn’t run this investment into the ground too.
Thursday, May 15, 2014
That said, MS decided to release the big Internet Explorer patch and include XP. This is a particularly big bug and would be devastating to the web, if left unpatched.
I am curious how those who are paying millions for XP support feel about the rest of us getting this for free.
Thank you Satya Nadella for saving the web. I look forward to the next XP security update. I know you will do the right thing when the next big bug comes.
Sunday, February 23, 2014
Enter Caradigm a joint venture between Microsoft and GE! From the press release, this seems to be all about real-time healthcare data. They are talking about interoperability and collaboration with patient data. Done right, this is great stuff, however, we are talking about highly sensitive personal data in a very regulated space, in terms of data security.
Microsoft and GE are two of America's largest companies. I'm sure they have thought this all through... Caradigm is hiring the Information Security Manager. Copy here. While this role sounds like the manager of all InfoSec at Caradigm, surely they mean Manager in Information Security. The top InfoSec role at a company of this stature, with its hands in or on so much highly regulated data, must be a VP or maybe even a C level role. Then again, maybe they didn't think it all through and don't think security is important enough to pay a high salary for.
Security covers a lot of ground; policy, risk management, governance, vendor management, architecture, hands on techy stuff around hosts, network stuff, app layer stuff. The top role would cover all that.
And here is are a few of the job requirements... That looks like the whole list to me. Did we leave anything for the CISO to do?
• Participates in the architecture governance process. Provides technical guidance to project teams and vendors as appropriate.
• Implement Enterprise Information Security Standards
• Plans and supervises the support and maintenance for the enterprise information security including:
- Environment administration of all access rights to the overall network and applications within the network
- Vulnerability scanning
- Firewall administration
- Risk assessments
- Penetration testing
• Plans, supervises and participates (either personally or through team members or vendors) in every project within the environment to assure that security standards are maintained while meeting the business requirements
• Coordinates all audit requirements related to Information Security across all platforms and projects working directly with process owners and vendors to ensure compliance
• Sponsors the teams, which analyzes all vulnerability and patch requirements and assess their impact to the Security environment. Integrate this team’s strategic roadmap into the overall IT strategy to ensure a plan to protect its information assets into the future.
• Maintains accountability for responsible information security program governance through formal reporting
• Develops and implements an information security risk profile that prioritizes risk and the investment and financial strategy required to mitigate those risks
• Creates and maintains security architecture for the enterprise and participate in the solution selection and process development
• Develops security requirements for information technology infrastructure initiatives, selected enterprise applications and, as appropriate, reviews and approves security design of initiatives
• Understanding of appropriate leading-edge security technologies and services
• Matrix managing large virtual, remote, and global project teams (15+ members)
• Hiring, developing, leading, motivating, performance managing, and coaching a cross-section of security and technology professionals and managers
• Understanding of emerging technologies and their impact on security architectures: Service Orientated Architecture, Enterprise Frameworks, Message Based information exchange, etc.
• Project managing in the security arena in a healthcare customer facing role
• Information Security Architecture technologies and concepts: Firewalls, intrusion detection, assessment tools, encryption, certificate authority, etc.
• Information systems security, including such areas as identity and access management, security program policies, processes, and procedures
• Understanding of information security and the relationship between threats, vulnerability and information value in the context of risk management
• Excellent vendor management skills with demonstrated experience. Comprehensive understanding of the physical security discipline, focusing on operations. Strong cross-team and cross-group collaboration skills.
Friday, February 21, 2014
I've decided to start posting some of these with commentary. The one that finally made this decision for me is from Amazon.com . A copy can be found here. I've added bold for emphasis.
The almost certainly illegal and super ageist posting title is what caught my eye: "Systems Engineer - AWS Simple Storage Service (S3) -University Candidate: May 2014 Grads Only".
It was the wonderful nonsequitur requirements for job experience that really hooked me.
- Experience running and maintaining a 24x7 Internet-oriented production environment, preferably across multiple data centers, involving (preferably) at least hundreds of machines.
- Demonstrable expertise around specifying, designing, and/or implementing system health, performance monitoring tools, and software management tools for 24x7 environments.
- Experience with very large distributed systems such as multi-terabyte storage farms, and/or horizontally scaled request processing fleets