Women’s Society of Cyberjutsu

Photo by Keira Burton on Pexels.com

https://womenscyberjutsu.org/

Today we are going to be taking a closer look at the Women’s CyberJutsu organization.  This organization is a non-profit that encourages women to take on cybersecurity roles.  They build a community of knowledge and encouragement and I think it’s a great way to get more females into the industry.  Let’s take a deeper look and see what they can offer you.

I think the Women’s Society of CyberJutsu is awesome.  I’ve been in the tech industry my entire career and there really is a need for more females in the industry.  The program is designed to encourage girls to get into STEM by offering a hands-on curriculum.  The program was started in 2012 and is run by volunteers.  Besides the hands-on training, WSCJ also offers networking opportunities, access to conferences, and leadership training.  One of the benefits that I find the most interesting is their study groups. Jumping in the field of cybersecurity can be challenging for anyone.  Having a great support group to help guide you through the different hoops you have to go through to enter the field is amazing.  These groups offer sessions where you can study for specific exams which, based on my experience, really do make a difference.  

I was trying to get someone that is a member to join the show, but due to the sensitivity of their work, they told me they couldn’t come on the show.  I’m going to see if I can find someone in the future, but for now, I thought it would still be beneficial to at least look at their website and discuss the details that are shared publicly.

If you are someone that is wanting to get into the field of cybersecurity, I would recommend you join a group like this.  Joining a technical field is pretty daunting as it is right now, but having a great support group can make a major difference.  I know that if something like this would have existed when I was trying to decide if I wanted to become an engineer, my life would have been a little easier.  I had so many questions and I didn’t have any resources to help answer them for me.  This group, and groups like this, are a great way to network and build community.  

If you are a student, or if you know a student that is interested in tech, I would recommend you take a look at Cyber Jutsu or similar programs.  Besides the networking, learning, and community benefits, you also get access to a couple of other perks such as discounts to certifications.  Certifications can help you stand out and can be valuable for people looking for a career change.  

If you are interested in supporting the program, they also take donations which are a tax deduction and you can also support via Amazonsmile which is a program designed to donate a small portion of your purchase to the organization of your choice.  

I would also recommend you check out their events page and see if there’s something that might interest you.  For me, having access to the study groups is super beneficial and makes the membership worth it.  Studying for these tests can be challenging and having a group of likeminded people, going through the same struggle can make all the difference in the world.  

Membership is 50 dollars for students and military.  If you are not a student or military, the full membership is 100 dollars.  Depending on where you are in life, this membership might be thing that you need to help you get started with your technical careers.

Personally, being a member of a group is very important for growth.  My advice to you would be that if you join a group, try not to be shy.  Joining a group like Cyber Jutsu isn’t going to be a silver bullet answer.  All your problems, doubts, and uncertainty are not going to magically go away.  To get the most out of a group like this, you need to invest your time and commit to getting the most out of it.  Reach out to the members of the group, attend the events, and be an active participant.  I know that this can sometimes be hard, but I assure you that if you step out of your comfort zone, you will be able to reap the benefits.  

There you have it, your overview on the Women’s Society of Cyberjutsu. Are you a part of any tech organization?  There are many orgs out there that each have their own specialization.  When I was in college, being a part of the Association for Computing Machinery was super important to my overall success.  I was part of the local student chapter which meant I had access to a ton of resources that I otherwise wouldn’t have had.  I built community and relationships with the other students in the organization.  I had a blast being an active member of that community and I highly encourage you to seek out a similar organization if you are thinking of joining something new.  

Well that’s it for this episode.  I hope you enjoyed it.  If you feel that someone you know could benefit from listening to this episode, please feel free to share it with them.  I appreciate you taking the time to listen to my podcast and thanks for the support! Thanks for being a part of this journey with me.  See you on the next one!

https://womenscyberjutsu.org/

Advertisements

Ransomware And Why You Need to Worry About It

Photo by David McBee on Pexels.com

Today we are going to be discussing ransomware.  Ransomware has been in the news a lot. Just this first week of June, a major meat producer was forced to shut things down due to a ransomware attack.  In May, the Colonial Pipeline that serves gas to many Eastern states was also forced to shut down due to a ransomware attack.  And finally, earlier in 2021, Scripps medical network in San Diego was also targeted by hackers and forced to pay a ransom.  To this day, members of that medical group still can’t access their online records.  Ransomware attacks are becoming more popular.  I want to talk more about it in today’s podcast episode.

What is Ransomware

Let’s start off with defining ransomware.  Ransomware, as the name suggests is when you are asked to pay money in exchange for something of yours that was taken.  Typically, this is very common in hostage situations or in kidnappings.  In the cyber world, rather than an individual being held up for ransom, an attacker will hold your data up for ransom.  A ransomware attack is pretty clever.  Rather than deploying malware to destroy your computer or network, a hacker will use a ransomware attack to make money.  They come into your computer, encrypt your hard drive, and then ask you to pay a ransom if you want your data back.  Failure to pay the ransom typically leads to your data being made publicly available on the internet.  For normal people like you and me, that might not be such a big deal, but for a corporation with millions, if not billions of dollars worth of data, it could be a HUGE deal.  

At this point, you might be asking yourself, how does a ransomware attack get carried out?  This attack usually starts off like any good social engineering attack.  The hacker or hacker group will send out an email in a phishing attack.  These emails are distributed to people that work for a company.  This is important to you because if you work for someone, or are entrusted with a company computer, then you become a high value target.  Most people only think about their personal devices, but if you have any computing resources from your employer, you should always be on the lookout for suspicious emails.  Once you receive this email, the attempt is to make it look real enough that you click on it.  When you click on it, that’s where the magic starts.  Either through an attachment, or a redirect to a malicious website, the hacker will download the script that encrypts your hard drive.  Once encrypted, you will not be able to access the data on the machine unless you have the decryption key.  The key is simple enough to get.  Pay the ransom and maybe you’ll get your stuff back.  There is no guarantee that you’ll get your data back but most people and businesses can’t risk not having their data.  Many pay the ransom which then further motivates hackers to carry out similar attacks because it is an easy way to make money.  

Do I need to worry about Ransomware?

Ransomware is growing in popularity. It’s been around for a long time, but most recently it has really caused significant financial damage to many corporations.  As a user of the internet, you should worry about ransomware.  The information you have on your computer or network might not be of high financial value, but there’s two reasons why you should get smarter about ransomware.  First, the data that’s on your computer is probably pictures and videos of your family.  While not high on the financial side, the memories captured in those digital files are priceless to some.  Losing access to your precious memories could be catastrophic.  The other reason is one I discussed already.  If you use an employer’s computer to conduct business, any email that comes into your mailbox whether personal or business, could be an entry way for ransomware attack.  The data that your employer entrusts you with could be worth millions of dollars.  If you are in this camp, you should take ransomware attacks even more seriously because you could potentially lose your job.

How can I protect myself?

Ransomware attacks sound scary, and they are.  But there are a few ways to protect yourself.  First, learn how to detect phishing emails.  That’s probably the easiest and most effective tactic that hackers use to deploy their attacks.  Next, keep a backup of all your data.  If your hard drive were ever to be encrypted, you could simply restore from a backup.  Having a backup means that the ransomware attack is pointless because you can just restore and come back without ever having to pay a ransom.  Keeping backups can be expensive, so consider it more of an insurance policy than anything else.  The last thing you can do is to monitor your network traffic.  Ransomware attacks usually take time to be carried out.  They sometimes remain dormant and don’t go into full effect until they are triggered by the hacker.  Being able to detect an intrusion to your computer or network could help you fight the war against hackers.

There you have it, ransomware 101 guide. These attacks are extremely lucrative for hackers.  They have the potential to make a lot of money and can cripple the systems that it infiltrates.  Not only that, but by hacking only a small number of machines/servers, millions can be impacted.  Everyone should be aware of ransomware attacks and they should do what they can to try and prevent an attack from happening.  Always double check your emails and never click on anything that you didn’t solicit.  The internet is a dangerous place and as long as people continue to pay the ransom, these attacks are going to continue.  Be smart and stay safe online.

Advertisements

Can Your Social Media Posts Be Used To Hack You?

Photo by Tracy Le Blanc on Pexels.com

Hello, and welcome to another episode of Cyber Security For All podcast.  A podcast all about cybersecurity from Apetech.  I’m your host, Alex and today we are going to be discussing how much personal information you can share online before the hackers come after you. It’s almost impossible to be online these days without sharing personal information.  This information can be information you either willingly disclose or it can also be information you are disclosing without you knowing it.  I’ll be discussing popular internet websites where folks typically share their personal information.  I’ll also be talking about the dangers of sharing your personal information. But, like everything in life, there is a balance.  Sharing some information isn’t going to get you hacked.  But just how much information can you get away with sharing and most importantly, are you sharing too much right now?  Let’s talk about it.

Social media has forever changed our lives.  Almost everyone I know is on some type of social media.  And yes, LinkedIn counts as a type of social media.  With all the different social media platforms that we can be on, our personal information gets shared and viewed more than ever.  And social media platforms make it super easy to share personal details about yourself.  Most of the time, we share information because only our friends and family can see this our posts.  But that’s not always the case.  Unless you manually go into your settings and configure for privacy, most of your information is public for anyone to see.  

With the introduction of stories, people post even more because their stories disappear after 24 hours.  This has created a false sense of security which has led to folks sharing even more personal information.  At this point, you may be asking yourself one of two things.  First, if you do not have social media you may think that none of this applies to you, but what about your spouse?  What about your kids?  Are any of them posting information about themselves or your family?  I know that well known youtubers tend to make it hard for people to find personal details about them online.  Information such as their phone numbers and addresses are redacted from the internet.  But, I know a lot of youtubers that also share their spouses name.  I have then been able to take their spouse’s name and find them on social media or find their personal information such as their address online.  Just because you aren’t posting things doesn’t mean someone else in your family isn’t.  The other thing you might be thinking is that I’m not a popular person and I’m only friends with people I know.  While this may be true, you never know when they might share a post you put with their friends or if you use a hashtag, you never know who is going to see your content. 

So, what’s the big deal if you post a picture of your kids at the park?  How can a hacker attack you based on something as harmless as a picture of your pet?  Everything about you can be used against you.  And this is not limited to only the internet.  Every public facing thing about you can be used to build a profile against you.  You might be surprised to hear this considering that we are almost half way through 20201, but phishing and social engineering attacks are still the #1 to hack into a company.  How does a hacker ensure success of a phishing or social engineering attack?  By exploiting the emotions of employees everywhere.  How do they know what makes us vulnerable inside?  It’s really quite simple.  All the things we post, every picture, every check-in, every tweet, it discloses something about us.  Hackers can then use this information to get inside our heads.  They can use this information as ammunition to craft a social engineering attack that is more likely to succeed because it is going to be very personal.  

With that said, I’m not saying you need to delete yourself from the internet.  Like everything I’m doing here on my podcast, I am creating this to raise awareness.  If you understand how the information you post on social media or on the internet can be used against you, I think it can help you in the long run.  You might craft your messages and photos differently.  I’ve seen many photos where they have geolocation enabled.  I’ve also seen photos that help identify where you were when that picture was taken.  Hackers can use information like this to find you and potentially befriend you in an effort to get you to trust them.  Before you think that is crazy, how many of you dog walkers have made friends with other folks walking their dog?  These are complete strangers yet you share so many personal details of your life with them because you “know” them.  Maybe it’s true, maybe it’s not.  Be careful.

We have a lot more to discuss on this topic and I’ll be saving that for a future episode.  

There you have it, your why you shouldn’t post so much personal information about yourself online 101 guide. How much information are you sharing online?  Have you ever stopped to think about what or how that information could be used by a hacker to gain access to a computer system?  What about theft?  Or identity theft?  Posting online isn’t just fuel for hackers, other bad people can use it as well to commit non technical crimes.  One last thing I want to leave you with.  It is natural to want to share your information with your friends and family.  Just make sure your permissions across your applications agree with you.  So many think that only their friends see their posts, but in reality, if the post is public, anyone can see it. 

Why You Need to Update Your Software: The Good, The Bad, and The Ugly

Photo by Anna Tarazevich on Pexels.com

Today we are going to be discussing why it’s a good idea to update your software. If you have a phone, computer, laptop, tablet, fridge, doorbell, car, or well, just about any type of device, it most likely is powered by some sort of software.  Software is like a tree. It’s a living thing that needs to be updated every once in a while.  We’ll be discussing why it’s a good idea to update your software and we’ll also talk about why sometimes it’s better to just wait.  

Since almost everything has software nowadays, I’m sure you’ve seen a message or two updating your software. I want to provide two different perspectives.  I want to discuss updating your software from a software engineering perspective and also from a cyber security perspective.  

Let me start with the software engineer side of the house.  Coming from the software world, software is buggy.  Software updates are a means to patch and hopefully resolve issues with the software you have. I’ve personally written software before and it’s not easy. It’s not easy to account for edge cases out there, so eventually, you might run into one of those cases.  Software updates are a great way to get fixes that developers eventually find and fix. However, sometimes these software updates actually break your things.  In what is commonly known as bricking, sometimes software updates can make your devices completely unusable.  This happens because not enough testing is done on the software before it gets shipped.  Depending on the type of software, the manufacturer might have different configurations and they just didn’t account for every single one.  And it is hard to account for every permutation of your software and hardware.  

From a cybersecurity perspective, it’s kind of a double edge sword as well.  When developers discover or become aware of vulnerabilities, they’ll fix them and issue a software patch.  Microsoft has a very famous patch Tuesday where every Tuesday they push out their weekly roll up of software fixes.  This is a great way to close up vulnerabilities that an attacker may take advantage of to exploit your system.  

The overall problem with software updates is that since we have so many we have to update, we end up just ignoring those updates.  This is perhaps the worst thing that can happen.  In some cases, it is good to wait.  I personally never update to the latest major version of a software package.  I always wait until the 12.0.1 version.  Unless you want to intentionally deal with the headaches behind obtaining version 12.0, I would suggest you wait.  Out of all the software being released, a major rev in the version usually indicates a major new feature or system overhaul.  This typically almost always comes with a high price to pay.  The next version, the minor rev, the .01 version, that one is usually a lot better and it’s the one I recommend.  But other than that first major release, I almost always update my software with the subsequent software revs because they will include the bug fixes and vulnerability patches we discussed earlier.  

To deal with being overwhelmed due to the number of applications you need to update, I recommend you do two things.  One, if your system allows it, enable auto-update.  The updates happen in the background and you’ll never know that the system is updating until it is complete.  This feature is great if updating software stresses you out.  The bad thing is that you will not have any control as to what software you are updating.  This is bad because most software release packages contain release notes which let you know what to expect.  If you have auto update enabled, you will not be able to read the release notes beforehand.  My second tip is to dedicate a day once a week or once a month where you update all of your devices.  These updates are usually very important.  Not updating is worse than updating.  If a device that you own, like your car, has a vulnerability that can be exploited by a hacker, something really bad can happen.  This catastrophic event could be eliminated if you just update your car’s software.    

There you have it.  Your why you should update your software guide 101. Which of these methods are you currently implementing? Are you thinking of implementing a new tactic that you might now have known about? One last thing I want to leave you with.  Updating your software is becoming increasingly more important.  I get that it can be annoying having to deal with all those software updates.  Back in the early days of the iPhone, I remember having to update 20-30 apps on my phone every other week.  I hope that you learned that updating your software is critical not only for software stability, but also to increase your cybersecurity posture.  Hackers have specialized software that will identify the software version of your devices and then know exactly which attacks can work on that device.  This is a constant game of chicken and egg between software manufacturers and hackers.  We just get to play in their game and we should do whatever we can to stay ahead of hackers whenever possible. 

Advertisements

3 Tips to Permanently Delete Files From a Hard Drive

Photo by Azamat Esenaliev on Pexels.com

Today we are going to be discussing how to wipe a hard drive to protect your data.  If you’ve ever sold a computer or bought a used computer, chances are that data was and still on that hard drive.  Truly wiping a hard drive requires specific tactics that I’ll be discussing today.  By the end of this episode, you’ll have the knowledge and guidance to really wipe your data off a hard drive.

Deleting Files:

When someone wants to delete something from their computer, they usually right-click on a file and click delete.  If they want to be extra cautious, they’ll then go to their recycling bin on their computer and empty that out.  And that’s pretty much it right.  The file is gone and cannot be retrieved anymore.  This would be great if this was what actually happened.  Let me tell you what actually happens when you do this.  Every file on your computer is nothing more than a collection of 0’s and 1’s.  Your computer knows where your files reside on your hard drive and when you want to access those files, your computer goes to the location of the file and retrieves it for you.  When you delete a file from your computer using the steps mentioned above, all you did was simply tell your computer to forget where that file lives, but the file is actually still there.  Deleting the file doesn’t actually remove the file from your hard drive.  With specialized free software, you can easily retrieve the file because this software will find the 0’s and 1’s and put the file back together.  If you really want to delete a file from your hard drive, deleting the file and emptying your recycling bin is not enough to get the job done.

DoD Wipe:

The most effective way to delete a file from your computer is to manipulate the 0’s and 1’s that are on your hard drive.  There are a couple of ways of doing this but the most common way is known as a DoD wipe.  Using specialized software, a DoD wipe is when a hard drive is overwritten three times. The first wipe changes all the bits in a hard drive to 0’s.  The second wipe will change them all to 1’s.  Finally, the third wipe will randomly change the bits to 0’s or 1’s.  After successfully wiping the drive three times, any data that was previously on the hard drive will be unretrievable.  This is because the 0’s and 1’s that used to make up your files have been manipulated so much that they cannot form the original document anymore.  Before you sell a computer or get rid of a hard drive, make sure you wipe it using this method.    

Physical Destruction:

The final method is the most drastic, but the most effective.  Physically remove the hard drive with your sensitive data and find a hammer or drill.  Take the hard drive, place it in a vise or something that can support the drive and start physically destroying the hard drive.  Physical destruction is the only way you can 100% guarantee that your data cannot be recovered should someone else get their hands on it.  It is very drastic and once you do it, there is no going back.  But, if you are looking for some peace of mind and you want to be absolutely certain that no one is going to be able to retrieve your files, this is the only way to go.   

There you have it.  Your how to wipe your data from a hard drive guide 101. Which of these methods are you currently implementing? Are you thinking of implementing a new tactic that you might now have known about? One last thing I want to leave you with.  When it comes to completely deleting your files from a hard drive to the point of no recovery, remember that it is best to simply destroy the hard drive.  This is the only way that you are going to guarantee that no one will ever be able to retrieve any data on that device.

Advertisements

5 Ways to Protect Your Children From Cybersecurity Threats

Photo by Julia M Cameron on Pexels.com

Today we are going to be discussing how to protect your children while they use the internet.  Children are using the internet more than ever and as a parent, there are a few things that you can be doing to help keep your child safe.  We’ll discuss what these things are in today’s episode.

In 2020, many students around the world went digital and went to school online.  My son has been going to school virtually since March of 2020 and he’s most likely going to be online for a while more.  If you child is anything like my son, they spend an incredible amount of time on these devices.  When the pandemic hit, many activities that children participated in got cancelled.  One year later, things are slowly starting to open back up, but my son still spends a good amount of this time on digital devices.  As a cybersecurity professional, I often find myself thinking about how I’m protecting my child from the internet.  I wanted to share five things that you should be doing to maximize your child’s safety while using the internet.  Two of them are going to require you to have difficult conversations with your kids, but I believe that if you execute on these two strategies well, your child is going to be more likely to actually listen.  The last three are more disciplined types of suggestions and I would only recommend you follow up on them if the first two options do not work.

Talk about the dangers of the internet with your kids:

The internet is a dangerous place.  No matter how hard we try as parents, our kids are eventually going to stumble upon something that they shouldn’t.  Rather than disciplining your kid when this happens, you should converse with your child and let them know that they need to be careful online.  I have personally sat with my son and explained to him that there are criminals, dangerous websites, viruses, and other bad things on the internet.  I’ve explained to him that he should only be on websites and youtube channels that we have reviewed together and deemed appropriate for him.  If he ever wants to venture into a new territory, it’s fine, but we just need to review them to make sure they are safe for him.  I’ve explained to him that he can’t trust people on the internet.  He needs to be cautious of what information he puts out there and should limit his communication to his friends and peers that he knows in the real world.  I can’t be there with my son for every interaction he does.  I have to hope that by building trust, he’ll notify me of things that he knows he shouldn’t be doing.  For example, he knows not to tell other players in roblox where he lives or any personal details about himself.  When he wants to talk with his friends, they open up a Facetime session and discuss through that medium.  I’m not too worried about him going to unsafe websites, but there have been occasions where he’s been asked to download something for a game.  Because I told him we do not download random things from the internet, he knows that he needs to ask and brings these things to my attention.  I know it’s not perfect, and trust is key for this tactic to work, but so far, it has worked wonderfully for my family and I’d recommend you try it as well.  It’s much better than disciplining kids when they make a mistake because they don’t know the dangers of the internet.

Empower your kids to make good choices:

My son is well versed in the world of cybersecurity.  He knows not to click on links he didn’t specifically request.  He knows not to download anything.  He knows he’s not supposed to provide any personal information.  He sticks to websites and games that have been approved by his parents and whenever a new opportunity pops up, we all review things together to make sure they aren’t going to harm him.  With this backbone in place, my son is able to make good decisions for himself.  If a friend tells him to play a game that isn’t approved, he doesn’t just fire up the game. My son makes sure he goes through the proper channels to make sure I’m aware of the game.  My son knows what he is and isn’t able to do online.  But what is important here is that I explain to my son why he isn’t able to do certain things.  I explain with examples he can understand and for the most part, I do not have to worry about my son making the wrong decision.  I’ve armed him with the right reasoning so that he can make the right choice when I’m not around to help him out.  I encourage you to talk to your kids and empower them to make the right choices.  

Know what they are doing online:

It is important to know what your kids are doing online.  There is an infinite number of things they can be doing or watching and it is important to stay on top of that.  Monitor YouTube channels and websites.  Know which games they are playing and the ratings for each game.  Know what sites they might be visiting that might be compromising the cybersecurity integrity of your home network.  Know what they download to their computers as this might introduce threat vectors to your home computers and/or network.

Know who they are talking to:

It is important to know who your kids are talking to online.  The internet allows you to hide your true identity.  If you remember the old movie First Kid, then you probably remember the relationship the president’s son developed with someone in a chat room.  Eventually that relationship was exploited and the bad actor tried to kidnap the president’s son.  While this is a hollywood movie, it is important to know that these things can happen.  This especially true with teens.  Be mindful of who your children are talking to.  You never know when someone might try to use your kids to pull off a social engineering attack on either them or you.  

Parental Controls:

Finally, and this one as old as the internet, set up parental controls.  They are there for a reason.  Limit websites and time that your children can be online.  While this is clearly a way of enforcing safer internet practices, it does come at the expense of trust.  Whenever someone is told they can’t do something, they always try to find a way around.  Setting up parental controls might be effective, but rest assured that they can be easily bypassed.  You might even fall victim of a social engineering attack from your child in an effort to retrieve the parental control password.  I have parental controls for my kids but strictly for websites that I know they should never under any circumstance visit.  But, everything else, I let them make their judgement.

There you have it.  Your how to keep your children safe while online guide 101. Which of these methods are you currently implementing? Are you thinking of implementing a new tactic that you might now have known about? One last thing I want to leave you with.  When it comes to cybersecurity in your home, it is important that everyone be onboard.  If the adults are trying really hard to not get hacked, but your children are introducing malware to your computers, you clearly have a vulnerability in your house.  Teach your kids about cybersecurity and how to use the internet safely.  Failure to do so could result in a cybersecurity attack.  

Can You Trust Your Operating System’s Privacy Settings?

Photo by Thomas Windisch on Pexels.com

Today we are going to be taking a deep dive into your Operating System’s privacy. Piggybacking off my episode last week, I want to explore different popular operating systems consumers own and see which one protects your privacy the most.  Maybe it is time that you change up your computer. 

Continuing with our theme of privacy, I wanted to take a deeper look at how our operating systems are protecting our privacy.  I had heard a lot of things about Windows 10 spying on their users.  For this episode, I’m going to stick to discussing just computer operating systems.  In a future episode, I’ll compare iOS with Android.  We spend a lot of time on our phones, and I think it’s worth going deeper and discussing how our phones track our every move.

The three main operating systems I’m going to be discussing today are: Windows 10, Mac OS and Ubuntu.  The first two are pretty well known, but the third one is one of the more popular Linux distributions that most people use.  Similar to my last episode, I’ll be reviewing privacy settings and policies that each operating system has.  You might be surprised with what I find.  I haven’t done the research yet, so I’m expecting my research to confirm my suspicions.  I predict that Windows 10 will be the worst operating system in terms of protecting your privacy.  I predict Ubuntu to be the one that protects your privacy the most.  Let’s see if I’m right.

Windows 10: 

Let’s start with the most popular operating system of them all.  Windows 10.  Microsoft started doing a very interesting thing with Windows 10.  If you’ve been around computers for a while, then you probably remember service packs.  It would take years to develop an operating system and every once in a while, you’d download a massive update.  These updates were far and few.  With Windows 10, Microsoft releases an update twice a year now.  Usually in the form of a Spring and Fall update.  With each update, Microsoft revises their privacy policies and opt users back into configurations that they have had changed before.  Windows 10 comes with an advertising ID.  You can turn this ID off if you do not want to receive personalized ads.  Windows 10 is also consistently sending data back to Microsoft so that they can improve your Windows experience.  If you are jumping between multiple Windows 10 computers that you own, Microsoft has something called activity history that allows you to switch computers and pick up where you left off.  A great convenience feature that comes with a significant cost to your privacy.  If you have a laptop, you can bet that Microsoft is tracking your location as well.  Windows 10 also has access to your camera and microphone.   This means that Microsoft can potentially hear and see you.  As you can see, Microsoft does a lot of tracking.  There is a privacy setting that allows you to toggle all these settings, but I’ve heard that Microsoft has the tendency of reverting these values back to their default (opt-in) values every time you update.  I personally haven’t seen this happen, but I’m going to keep an eye out for future updates. Let’s talk about Mac Os next.

Mac OS:

Apple does things a little differently here.  While Mac OS is tracking you a bit, it does so with a little more finesse.  Location tracking is enabled on your mac, but you have to allow apps to use the data.  Even within the Find My ecosystem, Apple claims that only you can see the location of your personal devices.  This means that Apple and other 3rd party entities can’t see your computer’s location.  Similar to Windows, Apple does collect some data to help improve the overall experience. And that’s about it.  Mac OS isn’t trying to make money off of you and Apple encourages you to use Safari since it will also work to protect your privacy.  Apple has their voice assistant and they do not associate your requests with your identity.  Every request is from a random identifier.  Apple can’t read your iMessages either. It’s all encrypted.  Apple’s newest computers come with an onboard machine learning chip that allows Apple to enhance the user experience without ever having to send data back up to Apple for processing.  Overall, Apple values your privacy a lot.  Let’s see how these two OS’s stack up against the free Ubuntu.

Ubuntu:

Similar to the other two, Ubuntu collects data from your computer to help improve the overall experience.  Like with the other two, you have the option to opt out of this.  Ubuntu is transparent with what they collect and nothing too personal is ever collected from you.  And that’s it.  Like Apple, Canonical, the makers of Ubuntu, really do care about your privacy.  

There you have it.  Your operating system 101 guide. Which operating system are you currently using? Are you thinking of making a switch based on the information presented?  I know that I use all three operating systems and I’m going to be reviewing my Windows 10 settings to make sure Microsoft stays away from my private data.  

Why Do We Need Cyber Security

Photo by Travis Saylor on Pexels.com

If you do any business online, you need to be aware of your cyber risks.  Just like a physical business will put up cameras, hire security guards, put up fences, you need to take actions to protect your digital assets.  It’s a scary world out there, and there is a legitimate threat from bad actors that spend their days targeting businesses and trying to find vulnerabilities to exploit.  Because of all of this, and much more, we all need to be a little more aware of what cyber security is and our roles to help promote good practices.  Regardless of whether you own a business or not, if you use the internet, shop online, go to school online, or do anything online, you should be paying more attention to your digital habits.  In this episode we are going to start peeling back the layers of cyber security.  When practicing safe cyber and information security, there are three main things we want to take into consideration.  We want to focus on prevention, detection, and recovery.  In other words, we want to be proactive and do whatever we can to prevent something bad from happening.  If something were to occur, we want to be able to act quickly.  Finally, in the unfortunate event that something bad does happen, we want to have a plan to get back to our baseline.  Let’s explore each of these topics in today’s episode.

Prevention

While not always easy, you want to prevent bad things from happening.  Looking back at our first post, you want to protect your data and resources.  Unfortunately, a lot of businesses believe that they can get away with a minimal effort here.  As seen in the news countless times, the number of companies that get hacked is overwhelming.  In many cases, improved prevention could have created a different outcome.  And it’s not just businesses either, your personal information, company information that you have access to, it should all be protected. I’ve heard that it’s too expensive to invest into having good prevention, so some folks get by with the bare minimum.  This is a silly idea because it’s always more expensive to fix something later than it is to fix it before a crisis happens.  If you have any digital information or resources, protecting and preventing cyber attacks from happening to you should be your number one priority. Don’t skip this step.  The same way you put up cameras and alarms to protect yourself, you should be taking the appropriate steps to prevent cyber attacks from happening to you.  We’ll go over specific details on how to prevent it in future posts.  For now, we are laying the foundation of cybersecurity, but rest assured, we’ll get into specific actions you can take.

Detection

Assuming you did everything you could to prevent a cyber attack from happening, the next step is to be able to detect it.  Cybersecurity is a constant, evolving game.  A policy you set up at the beginning of the year, might be obsolete by Summer.  The tactics and strategies that hackers use are constantly changing.  Your security policies have to change along with them otherwise, when an attack is successful, you’ll be crippled.  If someone is successful in attacking you, you need to be able to quickly and swiftly detect the attack.  

Recovery

If you did everything you possibly could to prevent and detect an attack, then comes dealing with the aftermath.  After an intrusion, or even a natural disaster, the road to recovery can be a long one depending on how much you prepared for this moment.  Right now, while everything is calm, you should be taking action to document everything about your system, resources, and data.  You need to create a baseline that accurately allows you to know what “normal” looks like.  If you have this, when someone attacks you, it’s easier to detect anomalies because you have something to compare against.  If your systems get taken down and you need to rebuild, you know how to restore a system back because you have all the configurations, software, and details documented.  If you don’t have all of this handy when an intrusion, attack, or disaster strike, recovery becomes much harder.  You miss things and some things get forgotten.  Take some time and do what you can to protect your assets.  You need to have a solid strategy and recovery plan to come back online if something bad happens.  Every day that your business is down, is a day without revenue.  Not only will this hurt your wallet, but you risk losing the trust of your customers in the process.  Have a recovery plan!                           

News Roundup and Discussion

While you cannot prevent every cyber attack, you should try to do as much as you can.  Ransomware, an attack that is becoming increasingly popular takes advantage of companies that fail to prevent, detect, and recover appropriately.  Ransomware attacks can be easily mitigated if you have a great backup policy.  Ransomware attacks will typically encrypt your hard drive along with all your data unless you pay a ransom.  Even if you pay the ransom, you are not guaranteed that you’ll get your data back. If you have a great recovery plan, you should be able to get back online quickly with minimal downtime.  But, unfortunately, many do not prepare and when disaster does strike, they are left dead in the water.  Hospitals a common target for ransomware attacks, but just about any business can fall victim to this attack.  If you are not preventing or detecting attacks, you should at the very least have a good recovery plan.  Things will go wrong at some point, it’s only a matter of time.  

Actions for Small Business Owners

Cybersecurity can be expensive.  You should be investing money into protecting your assets and data.  With almost every business going digital, not practicing these basic cybersecurity principles could have serious consequences to your business should you ever become a victim of an attack.  Biggest action is to start investing in good cybersecurity practices.  At the very least, make sure you have a backup of your stuff.  If you do not have a backup and your data gets lost, you will have to rebuild everything from scratch.  This is something that could potentially put any business out of business.  

Actions for every day users of the internet

Attackers aren’t just attacking businesses, your personal computers can be in danger as well.  Know which computers are supposed to be on your network.  Be mindful of things you download from the internet and always have a backup of your data.  

Conclusion

It is a smart idea to try to stay ahead of an attacker whenever possible.  Every day, there is a new attack. If you have any valuable digital information, you should be doing everything you possibly can to protect it.  Do not wait for an attack to happen before you take action.  An attack is inevitable.  Even if you do not get attacked, computer systems fail every once in a while.  As a business owner your data is your business.  If you lose that data, you could risk losing your business as well.  Don’t prolong this.  Start today and start implementing basic cybersecurity practices in your life.  

What is Technical Program Management (TPM)

hoto by Canva Studio on Pexels.com

I’ve wondered about this question for almost two years now.  I’ve held this position at two different companies and both places had completely different interpretations of what Technical Program Management is.  I decided I wanted to do my own research and went to the internet to see if I could find an answer.  I didn’t find much.  Most of the information I found was from a few years ago and my search results didn’t return anything more recent.  I then turned my attention to Twitter and put out a message to my followers that I was looking for Technical Program Managers.  No responses came back even though I know that people that are technical program managers based on their profiles.  After a few weeks of just searching for what this great profession is all about, I decided that the best way to get information was to create the information myself.  Since I couldn’t find anything concrete, other than a few high level articles, I decided I wanted to create the ultimate resource on Technical Program Management in case there were other people out there pondering about what it means to be a Technical Program Manager.

Technical Program Management falls in between two roles. The first role is project management. Most project management professionals learn how to manage well defined projects. They learn the skills to manage schedule, budgets, and risk. They know how to plan, how to triage, and how to communicate project statuses well. The other role is that of a Scrum Master. The Scrum Master helps guide a software team towards completion. They know the software, they know the architecture, and they know what the priorities for the software team. A Scrum Master sometimes helps with the planning and triaging of software related issues. They also have to be able to communicate really well. As you can, the roles between a Scrum Master and project manager are similar, but yet completely different. Enter Technical Program Management.

Technical Program Management is a position that requires you to be technically competent, understand software/hardware, and be extremely organized. The role is more demanding that regular project management because software is unpredictable. If a project manager tries to manage a software project with traditional PMP level techniques, they will most likely fail. Or, they will probably be very frustrated because software does not behave like a bridge or building behave. Software is research and it is always changing. Software is never done, which by itself is a problem for project management because there is typically an end to a project. Technical Program Management requires skills in not just planning, but in communication with multiple different stakeholders. TPM is not just managing a software project, it is managing all the teams and different stakeholders that have to come together to build a project. It also requires that you have ability to have difficult conversations and challenge team members. Scrum Masters can make good Technical Program Managers, but being a Technical Program Manager is much more involved. Technical Program Managers have to worry about all aspects of a project, not just what the software team is doing. It requires constant communication with leads from other technical and non-technical teams.

As you can see, the field of Technical Program Management can be exciting. It is a job that will not allow you to be bored. It requires constant communication in all forms of expression. An effective Technical Program Manager will know how to build trust and community with their teams. They’ll know how to influence a team to go above and beyond to deliver a world-class product. Technical Program Management is an amazing field that requires many different skills to all come together to help deliver a product. In the next article, we’ll explore the role of a Technical Program Manager in more detail. Stay tuned!

Introducción a Scratch 3.0

¿Qué Es Scratch?

Scratch es un lenguaje de programación desarrollado por la gente del MIT. Es una excelente manera de introducir a los estudiantes en la programación de computadoras. Scratch utiliza una interfaz gráfica que hace que aprender conceptos de programación reales sea divertido y sencillo. La plataforma está bien documentada y hay cientos de tutoriales que muestran todas las diferentes cosas que puedes hacer en Scratch.

Audiencia:

Scratch está destinado a ser lo suficientemente fácil de aprender para cualquier persona de cualquier edad. Cualquiera que desee aprender a programar puede crear fácilmente una cuenta y comenzar a aprender a programar. La codificación es una habilidad tan poderosa para aprender, y para muchos ingenieros de software, su primera línea de código está escrita en Scratch.

Scratch es ideal para las siguientes personas:

  • Padres
  • Educadores
  • Estudiantes

Cualquiera puede aprender a codificar. Este tutorial lo guiará a través de todos los pasos necesarios para obtener su propia cuenta de Scratch.

Qué Necesita Antes de Comenzar:

  • Computadora con acceso a internet.
  • Un padre o un adulto, si es menor de 13 años.

Qué Aprenderá:

Cómo crear su cuenta de Scratch.

Creación de Cuenta Scratch 3.0

1. Vaya a Scratch.mit.edu para crear su cuenta.

2. Haga clic donde dice (Join). En la página inicial, verá algo como lo siguiente:

3. Proporcione un nombre de usuario y una contraseña.

Haga clic en Next para ir a la página siguiente.

4. Indique el país en el que vive.

5. Proporcione su mes y año de nacimiento.

6. Proporcione su género.

7. Por último, proporcione su correo electrónico.

¡Bienvenido a Scratch!

Y eso es. ¡Ahora está listo para la siguiente parte, que consiste en crear su primer proyecto Scratch!