How to build a vulnerability management program

As businesses grow, so does their attack surface: more network-connected devices drive innovation and efficiency, but with more devices comes more cyber risk. Protecting the ever-expanding attack surface is more important than ever, with high-profile vulnerabilities being exploited more frequently—and with more impact. One of the most effective ways to mitigate cyber risk is by creating and maintaining a robust vulnerability management program.

12 reasons why you should hire a hacker

You’ve probably heard the phrase “you don’t know what you don’t know.” It’s a stage of learning most people find themselves in at one time or another. When it comes to cybersecurity, hackers succeed by finding the security gaps and vulnerabilities you missed. That’s true of malicious attackers. But it’s also true of their equivalent on your side: a certified ethical hacker.

A certified ethical hacker can be one of your best specialists for protecting against threat actors. Here’s why

How to build a winning resume

Career advancement is an art form with many facets. One vital tool is your cybersecurity resume, the quality of which can mean the difference between getting an interview for your dream job and not being considered at all. 

Following the standard advice on building a resume will give you a standard resume that won’t set you apart from the pack. Fresh thinking will give your resume a huge advantage. This is true whether you’re an entry-level candidate or applying for a chief information security officer (CISO) position, whether you’re building a security analyst resume or a security administrator resume. 

Yes, it’s important to pay attention to the do’s and don’ts of smart resume building. And, yes, there is a cybersecurity skills gap. But to make your resume stand out from the pack, you’ll want something new and different. Here are some great ideas for building a winning cybersecurity resume for those just entering the field, for the most seasoned veterans and everyone in between. 

Why cyber security demands that nothing and nobody is trusted. Ever.

The zero trust model is going mainstream, and for good reason. The rise in advanced attacks, plus IT trends that include the move to hybrid cloud and remote work, demand more exacting and granular defenses. 

Zero trust ensures verification and authorization for every device, every application and every user gaining access to every resource. This is a complete departure from the old model, where implicit trust was the norm and networks were protected by firewalls, VPNs and web gateways.

What we need now is a cultural pivot — a paradigm shift in how we think about digital defense. A zero trust model is dynamic and constantly changing. After your system verifies the user and device and assures minimum access, it’s vital to monitor, learn and adapt. That means zero trust is a growing, adaptable process.

Here’s what you need to know about zero trust, and why in today’s cybersecurity threat landscape, it’s really the only way to go

Why we don't need laptops or phones anymore

The tablet is a provocative beast.

Make a big one, and people argue over whether it could replace a laptop. Make a small one, and some users want it to be a giant phone. These conversations have repeated themselves since then-CEO Steve Jobs announced Apple’s ground-breaking iPad in 2010.

It was a pointless conversation at the time. Only the most dedicated tech nerds with specific kinds of work could even contemplate a stunt like replacing a phone or laptop with a tablet. Despite all the talk, few even attempted it.

Neither the world, nor the tablets, were ready — so the iPad and other tablets were relegated to lean-back, content-consumption device status.

But suddenly, the idea of actually using a tablet as a work laptop or a tablet as a work phone makes sense for some users, and is possible for most. This is especially true with either this year's 12.9-in. iPad Pro or the new 8.3-in. iPad Mini 6 unveiled this week.

Here’s why tablets can replace phones and tablets now. 

8 surprising ways remote work helps business

The rise of remote work is arguably the biggest change in how we work since the introduction of the networked PC. Yet so many unknowns remain.

When will pandemic-mandated remote work end? We don’t know.

What percentage of those now working from home will return to office work? We don’t know.

Is remote work, on balance, good for business? Or bad? Nobody agrees.

But we have learned a great many things about not only remote work, but office work, too — and the whole way business has been conducted in the past few decades. Because of what we’ve learned, business will function far better in the future.

Here are the eight ways remote work improved business by teaching us how to work together better.

Sorry: The iPhone 13 probably won’t connect to satellites

A smartphone connectivity revolution may be upon us, and I’m not talking about 5G.

In fact, 5G is a bit of a mirage — or, at least, it doesn’t offer what the public thinks it does. If you buy a 5G-enabled phone, it won’t connect to 5G networks unless you find yourself in a rare urban space within range of a 5G base station without the obstructions that limit its access. And even if you are within range, your phone won’t kick over to 5G mode unless you’re doing something super intense. Also: For some people using some carriers in some circumstances, available 4G is actually faster than 5G.

It’s complicated. But the bottom line is that for most users, 99% of the time they spend on their 5G phone will take place over 4G networks.

Satellite connectivity is a bit of a mirage, too. The worst thing about satellite phones is the very high price of a satellite account, and the high price of phone calls and other services. The other downside is that you can’t use satellite phones indoors. So hardly anyone has a satellite phone or mobile satellite service. It’s just not practical for most people.

But the big news that hit today: Apple’s next iPhone could actually be a satellite phone.

Ming-Chi Kuo, who has a solid track record of predicting Apple products and features, said recently in a letter to investors that Apple’s iPhone 13 (expected next month) will support satellite connectivity. 

Here’s what’s really going on.

(Check out the free version of Mike’s List here.)

I’m on TWiT!

Watch This Week in Tech!! Subscribe and watch later. Don’t miss this special edition of TWiT with Leo Laporte, Tim Stevens, Owen Thomas and me!

Watch on the TWiT site.

Watch on YouTube.

In this awesome episode, we talk about

The original IBM's PC
The Senate’s bill to force Apple to allow alt app stores
Lamborghini Countach LPI 800-4
"Blue" hydrogen
Apple’s child-porn idea
Nvidia CEO’s CGI stunt
Deepfake everything
Nikola’s fake truck stunt
Samsung Galaxy Z Fold 3
Xiaomi Mix 4
Huawei back door scandal
T-Mobile data breach
How Google bought Android book
Google’s child-protection changes
Remote work
Business travel
More car stuff

Companies: How to gather personal data from customers without violating their trust

Data-driven personalization is the practice of delivering relevant content to your customers based on the information you've gathered about them. Before data and personalization, brands had to generate demand for their products or make assumptions about their audiences using generalized data. But thanks to the internet and mobile devices, it's possible to communicate with heightened awareness about your market.

A data-driven approach enables you to collect data and use that data for a better customer experience throughout the entire customer life cycle. More importantly, it allows you to communicate the right message at the right time, based on where the customer is in that cycle, increasing engagement and conversion rates.

But the secret to making this personalization work is trust, which is earned through responsibly managing your customers' data. You have to strike the right balance between data and personalization, and your customers' privacy.

Old-fashioned business travel is dead (but don't blame the pandemic)

Everyone knows that business travel nearly stopped during the pandemic. But not everyone agrees about what happens next.

Hotels and airlines are optimistic, saying it's only a matter of time before the sector comes roaring back to its former glory. Former Microsoft CEO Bill Gates splits the difference, saying business travel will come back but stay at only 50% of its former strength.

Sorry, hospitality industry: Gates is right. The Golden Age of wasteful spending on business travel is over. Here’s what that means for you and your company.

The art and practice of digital workplace governance

In the past, some viewed the digital workplace as a kind of inevitability—something that will emerge organically as business tools and processes improve with the advance of new technology. But the pandemic changed everything. It prompted a swift move to cloud-based tools and a sharp rise in remote work.

The overwhelming majority of companies around the world believe that in the future, remote working will increase (78%) and that the digital workplace and the physical workplace will coexist (86%), according to a 2020 report from Harvard Business Review. Rather than allowing gradual trends to shape the digital workplace, many organizations are keen on accelerating the process to get in front of the changes happening to business and the culture. Success in these efforts will require deliberate digital workplace governance.

By driving a digital workplace culture, organizations can improve communication, connection and collaboration—leveraging the power of unified action across the organization. This can remove the barriers of time and place, enabling teams to work in physically distant locations, while mobile and in all time zones while staying coordinated and connected. It also boosts business agility, which is increasingly necessary in today's fast-moving, fast-changing and unpredictable world.

But the digital workplace needs more than the right tools. The other vital part? A digital workplace framework and workplace governance.

The trouble with two-factor authentication (and what to do about it)

Getting a second opinion is a great idea in both medicine and end-user cybersecurity. Two-factor authentication (2FA) and multifactor authentication (MFA) are powerful tools in the fight against all kinds of cyberattacks that involve end-user devices and internet-based services.

There’s just one big problem: It’s far, far too common for people to use text messaging as the second factor. That turns phone numbers into digital identity devices — a role they are poorly designed to play. If someone loses a smartphone or has it stolen or taken from them, they also lose their access to authentication. Worse, the attacker can transfer the phone number to another person, who will now receive authentication requests. 

Here’s what to do about the 2FA and MFA phone problem

Why I love Starbucks

You know those annoying people who hang out in coffee joints for hours on end, either chatting, doing business deals or working on their laptops?

Yeah, I’m one of them.

Before you judge, hear me out.

Do you know where coffee houses come from? Most people don’t.

All modern Starbucks and other coffee places descend directly from an Oxford coffee house that opened in 1650. That shop descended from similar establishments in Vienna, which themselves were modeled on coffee houses in Mecca and Istanbul and elsewhere in the Muslim world. (Coincidentally this photo was taken at an Istanbul Starbucks.)

Coffee was a novel beverage to Europeans in 1650. The first Oxford house was a hit, and coffee houses rapidly proliferated across the country, especially in London.

These establishments fueled the industrial revolution and the enlightenment — societal transformations that never could have happened in ale houses.

Their purpose wasn’t to dispense coffee. Entire businesses were set up and run inside the coffee houses. The world’s first newspapers were run out of them, then pamphlets distributed in them. Insurance companies operated entirely out of coffee houses. (Lloyd’s of London was named after Edward Lloyd’s coffee house on Tower Street, which opened in 1688.) Isaac Newton did most of his argumentation and idea exchanging with other scientists in the Grecian coffee house on the Strand.

For more than three centuries, coffee houses have served primarily as offices and meeting spaces for business people, journalists and intellectuals and secondarily as places to buy coffee.

Coffee houses came into existence not as a place where people are supposed to line up like addicts at a methadone clinic, then slink out. They’re a social meeting space for the community.

There’s a reason why 50 cents worth of coffee costs $4 at Starbucks and other places. You’re paying mainly for the space. You're paying for the seat and the table and the WiFi and the outlet and the bathroom and the climate control and the lighting. 

In recent decades, we’ve been trained like lab rodents to drop our cash and leave. McDonald's even trained the public to bus their own tables. In fact, the idea of buying coffee at a coffee house and taking it to go is an extraordinarily new phenomenon. They’ve recently conned us into paying the premium for the real estate, then feeling bad about using what we paid for.

The transition from coffee houses as the public’s place of business to the coffee house as a fast-food joint is part of the disgusting consumerization of the human animal. 

We’re not supposed to be citizens, thinkers or makers. We’re supposed to be consumers. Give me your money, then fuck off.

Ironically, Starbucks gets it. Considered derisively as the McDonald’s of coffee houses, the characterization is totally unfounded. Starbucks is committed to allowing anyone to use their WiFi free for as long as they want, at least in the United States and many other countries. Their stores have tables and outlets and couches and barstools. They invite everyone to hang out and linger. And there are other coffee places that understand the purpose of a coffee house as well.

But far too many believe a coffee house is just a place to extract money from customers, then force them to leave by failing to provide a social space. And when customers can’t find a table because people are staying too long, they don’t blame the establishment for failing to provide enough tables. They blame the campers.

My view is that if today’s coffee houses don’t know what a coffee house is for, they should close up shop and get out of the business. Maybe they can open a McDonald’s franchise.

Just don’t blame the customers who are using coffee houses for their intended and vital purpose.