Today’s battlefield is a digital one. Cyber warriors who work with international law enforcement agencies, corporations, colleges and universities and non-profits fight with Russia, North Korea, Iran, China and other countries and criminals to protect critical data in a war zone that seems invisible but is real. The casualties in today’s war are your privacy, intellectual property and money.

More than 60 speakers who specialize in combating cybercrime will lead discussions and training sessions at Hack NYC at the Microsoft Center at 11 Times Square in New York City from May 8 to May 10, 2018. BugHeist is one of 50-plus supporting sponsors.

Organized by the Critical Infrastructure Association of America Inc., a 501(c)6 not-for-profit trade association of cybersecurity and cybersecurity-related professionals in the public, private and governmental sectors, the 3-day event will include:

• How to Develop and Implement the Appropriate Safeguards to Ensure the Delivery of Critical Infrastructure Services (Mike Krygier, Deputy Chief Information Security Officer, Urban Technology, New York City Cyber Command, and Tom Brennan, Producer, HACK NYC)

• Understanding Radicalization with the Intent to Disrupt, Isolate and Dismantle Organizations from an Academic Perspective; How Religious Extremists Use Social Media to Recruit Terrorists; and How to Use Scripture to Combat and Suppress Extremism (Mubin Shaikh, Radicalization and Counter/Cyber Jihadist Operations Analyst Instructor, Cyber Security Forum Initiative, and Paul De Souza, Founder, Director and President, Cyber Security Forum Initiative)

• How to Build a Defensible Cyber Space Using Recommendations from the New York Cyber Task Force Report (Katheryn Rosen, Non-Resident Senior Fellow, Atlantic Council, Jason Healey, Senior Research Scholar, Columbia University, and Phil Venables, Chief Operational Risk Officer, Goldman Sachs)

• Using CISQ’s Automated Standard to Reduce Business Risk and Maintenance Costs Associated with the Software Development Process (Tracie Berardi, Program Manager, Consortium for IT Software Quality (CISQ); Robert Martin, MITRE Corporations’ Senior Principal Engineer and Lev Lesokhin, Executive Vice President of Strategy and Analytics, CAST)

• Anatomy of a Medical Device Hack (Janine Medina, BioHacking Village Project Manager, DEF CON, and Beau Woods, Cyber Safety Innovation Fellow, Scowcroft Center for Strategy and Security, Atlantic Council)

• Designing Systems for Biometrics and other Authentication Technologies (John Checco, President Emeritus, NY Metro InfraGard)

• Digital Evidence: A Double-Edged Sword (Terry Sult, Chief of Police, City of Hampton, VA)

• Using OWASP’s Cyber Defense Matrix to Translate Cybersecurity Terminology into Understandable Information that Helps Organizations Choose the Right Tools (Sounil Yu, Senior Vice President, Bank of America)

• Using Social Engineering Methods like Phishing to Enhance Organizational Security Posture (Joe Gray, Senior Security Architect, IBM)

• Building Security into the Software Development Lifecycle Process (SDLC) (Tom Ryan, Senior Solutions Architect, Micro Focus)

Become an Urban Survivalist

On May 5, Mikey B, former United States Marine Corps Force Reconnaissance and Special Forces Cadre with GORUCK, will take people around New York City in an urban survival exercise as a part of its GORUCK Constellation events.

Participants will learn how to survive an airborne biological agent and active shooter attack, administer medical attention with a tool they bring and double as a tourniquet and engage in hand-to-hand self-defense at locations including Times Square, Hell’s Kitchen, the Intrepid Sea, Air and Space Museum and Central Park.

Click here to see the list of supplies attendees will need to pack in their rucksacks or backpacks.

More Confusing Tech Terms to Learn

Tara has yet to deploy any of her software on actual servers because she is learning the various flavors of JavaScript before she starts studying back-end programming languages. But that doesn’t stop her from confusing herself as she tries to absorb the latest descriptions software professionals use for new hardware and software environments and/or frameworks.

Following are some highlights from Serverless Security and Winning the DevSecOps Game webinar. Tom McLaughlin, founder of ServerlessOps, and James Wickett, head of research, Signal Sciences, discussed serverless, the integration of operations, software development and security and containers during this April 9, 2018 event.

Does Serverless Really Mean Server Less?

“Often times when you ask somebody this question and their immediate answer is oh, it's AWS Lambda! And that’s their immediate thought and go-to. That’s really not the whole picture. We like to call that functions-as-a-service,” McLaughlin explained. “And that’s your compute layer when it comes to serverless.”

“When it comes to, like, defining what is serverless, I like to use a slightly modified version of what AWS uses to define serverless. And it’s a set of characteristics. It starts with no servers to manage your provisions. So, you’re not dealing with physical servers, VMs (virtual machines) or containers. Now, all those are present, they’re just not your concerns. It’s consumption instead of capacity-based pricing. So, like normally you’re used to okay I allocate capacity with EC2 instances. However, if you know I’m not using all that capacity, I’m still paying for it. When you move to consumption-based pricing, you’re only paying when a function actually invokes.”

“So, you’re not paying for say like to the half-gig of memory that you allocate to a function. You’re not paying all month; you’re paying for that only when a functions runs,” stated McLaughlin. “The serverless components autoscale for you.”

Wickett added: “We have not discovered the Black Art of Computing where we can now do stuff without servers, you know. It’s the now I don’t have to care about them (servers) anymore.”

“Serverless encourages functions as deployable units, but also coupled with third party services that allow you to run end-to-end applications without having to worry about any sort of system operational concerns,” he continued.

Will the Network Operations Administrator Become Obsolete?

As network operations continue to become a hybrid of hardware and software functions will the operations person become an endangered species?

McLaughlin said that operations people must adapt and learn other technology skills.

“That’s the question that they keep trying to explore. I don’t see us spending our day-to-day time operating systems anymore. That’s something that’s being taken away from us. It’s moving to our cloud provider and so we’re in this position right now where we are trying to kind of like let’s redefine our role for several years out from now.”

McLaughlin continued: “The biggest thing that I, you know, think is going to happen with operations people is the need to be able to code. We’ve been saying this for a long time. But I think even more so than the ability to even join a feature team or a product pod something like that to be able to maybe perhaps fix bugs and code bugs within our systems to be able to optimize code….The heavy influence of code becoming a part of our job. And with that, it gives us the ability to also impart our operational expertise on to these sort of teams. And I think a lot of us—we talk about tearing down silos—between Dev and Ops for the past several years, but I’m even thinking about, you know, it’s maybe time for us to take operations people off of Operations teams and even make them a part of our development team.”

Wickett agreed with McLaughlin and added his perspective as an information security professional.

“Let’s think about something here, right. How much value is it for any company to employ a person to like patch stuff. That is not a useful value-adding thing, so I think of finding ways for operations folks to look inside the value stream of the organization and whatever the application of that value stream is and look at how do I actually support this and be like a value-adder…”

“I think security is going to have to go through the exact same thing. It’s like you gotta move left and help build the pipeline to get all that stuff deployed, right? You gotta move right and manage all these third party services and kind of understanding your new architecture, right? And yeah, you don’t have to mess around with a bunch of OS patching, which wasn’t really valuable in the first place. It’s just a necessary evil that we had to deal with.”

Tom: “Having Ops become directly involved in user happiness with our companies that puts in positions as operations people to—you know—to be monitoring and to be measuring the health of our systems in that term and be directly contributing to the bottom line of our companies.”

“Bring Ops to the human side,” Wickett added.