Tech Update Summary from Blue Mountain Data Systems December 2015

Tech Update Summary
December 2015 Blue Mountain Data Systems

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for December 2015. Hope the information and ideas
prove useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Databases & Storage
SCALABILITY: . In a new research report, Gartner advises clients to consider the
“avant-garde” of new relational databases from vendors like MemSQL, NuoDB, and
VoltDB when projects call for large amounts of scalability and elasticity on
industry-standard hardware, while retaining the precepts of relational tables and
SQL. Read moreScale, Flexibility Place New Demands on Databases
[ENTERPRISETECH.COM]
BIG DATA: Success Stories Beyond Hadoop. John Schroeder, co-founder and CEO of
MapR, is one of the big names of the Big Data revolution and a key provider and
enabler of many of its biggest success stories. In a recent interview, Schroeder talks
about the big data industry, their business, the most interesting use cases and his
views on the future. Read more
[FORBES.COM]

Databases & Storage
DOCUMENT DATABASES: Making NoSQL Scale Better On Hadoop. Document
databases are an integral part of the application stack, but they often have
scalability issues and they tend to end up off to the side of the Hadoop systems
that are increasingly being used as a the repository of record for all kinds of data.
Ideally, customers want an analytics system that can store data in various formats,
all on the same Hadoop cluster and all with the same underlying scalability of
Hadoop. Read more
[NEXTPLATFORM.COM]
ENTERPRISE APPS: What are Oracle and SAP’s Vision of the Future of Enterprise
Apps? Despite considerable headwinds, Oracle and SAP have their own strategies
for the future of applications. Here’s how the two giants are approaching
enterprise apps. Read more
[ZDNET.COM]

Databases & Storage
MongoDB: Over 680TB of Data Exposed in MongoDB Databases. There are at least
35,000 publicly accessible and insecure MongoDB databases on the Internet, and
their number appears to be growing. Combined they expose 684.8 terabytes of
data to potential theft. This is the result of a scan performed over the past few
days by John Matherly, the creator of the Shodan search engine for Internet-
connected devices. Read more
[COMPUTERWORLD.COM]
EXCEL 2016: Meet Excel 2016: 9 of Its Best New Features, from Databases to
Handwriting Tools. The database enhancements alone – which include merging
some of the previous Add-On programs such as Power Pivot and Power Query—
more than justify the upgrade. You’ll find options for Power Queries; Data Models;
Reports; Pivot Tables; One-Click Forecasting; and some new, one-button workbook
sharing through Power BI for creating and using interactive reports and
dashboards. Read more
[PCWORLD.COM]

Databases & Storage
SHAREPOINT: Avoiding Ginormous Transaction Logs with SharePoint Databases.
Find out how organizations avoid extremely large transaction log (.ldf) files.
Read more
[COMPUTERWORLD.COM]
GRAPH DATABASES: Graph Databases Enable New Data-Driven Applications.
Popular consumer web properties such as LinkedIn, Facebook, and Google all use
proprietary versions of graph technology. They pioneered its use to help
continuously deliver relevant information through easy-to-use interfaces, while
continuing to astound and amaze with new features and functionality at a rate
unmatched by traditional enterprise-class applications. So it comes as no surprise
to see the increased use of graphs in a new generation of enterprise data-driven
applications. Read more
[DATA-INFORMED.COM]

BYOD
FIRSTNET: FirstNet to Support Personal Devices Through BYOD Policy That
Complements Network. The nationwide public safety broadband network, or NPSBN,
will support personal devices once it is operational, said the First Responder Network
Authority, or FirstNet, the group tasked with standing up the new communications
network. Read more
[FIERCEGOVERNMENTIT.COM]
FOR THE CIO: Maximize Productivity While Maintaining Security. Surveys of
thousands of BYOD users across the world have shown an average productivity boost
of one hour per week for employees. However, many of the positive stories about
BYOD are found only in the marketing of vendors selling a BYOD product or solution.
Often these stories are in the form of customer case studies or “dogfood” stories
where the vendor has embraced and benefited from its own BYOD solution. Read
more
[ITBUSINESSEDGE.COM]

BYOD
SURVEY: Half of U.S. Businesses Have No Formal BYOD Policy for Security. Years after
the widespread adoption of workplace smartphones, more than half of U.S.
companies said they have no formal BYOD (bring your own device) policy to
safeguard their enterprises, according to a survey. Read more
[COMPUTERWORLD.COM]
CSO: Is It Time to Re-evaluate Your BYOD Policy? The rise in BYOD has left businesses
struggling to manage the growing number of access points across their systems. A
recent study conducted by Bitglass found that 57 percent of employees and 38
percent of IT professionals don’t participate in their company’s BYOD program due to
privacy concerns, that corporate leadership would have too much visibility into the
end user’s personal data. Read more
[CSOONLINE.COM]

Open Source
CIOs: What Does the Trend Toward Open Source Mean for CIOs? CIOs are wise to
evaluate how open source products might help them. One advantage is greater
transparency not only of the source code itself, but also of all the design
deliberations, etc. That’s a significant contrast to the secretive processes often
used by proprietary vendors. Read more
[CIODIVE.COM]
SECURITY: The Insecurity of Platforms and How Open Source Overcomes. No
platform is immune. But how does Linux and open source manage to overcome
issues like Linux.encoder.1 with such efficiency? Read more
[TECHREPUBLIC.COM]

Open Source
CONTINUOUS INTEGRATION: Git, Docker, and Continuous Integration for TeX
Documents. The power of Git, Docker, and continuous integration (CI) can be
leveraged to make TeX document compilation easy while keeping track of
different variants and versions. On the top of these technologies, a flexible
workflow can be developed to reflect successive changes in TeX documents in
each PDF. Here’s the tutorial. Read more
[OPENSOURCE.COM]
MICROSOFT: Microsoft to Open Source A Key Piece of Its Web Browser.
Microsoft will publish the source code for Chakra, the part of the Edge browser
responsible for running JavaScript code, next month on the code sharing and
collaboration site GitHub. The company will accept code contributions from
developers outside of Microsoft. Read more
[WIRED.COM]

Security Patches
MICROSOFT: Issues a Flood of Security Fixes in Time for the Holidays. This week
the software giant released an even dozen security updates. The company deemed
eight of those “critical,” meaning that IT staffs are supposed to apply them
immediately. All-in-all, the fixes addressed 71 issues – and that means a tough day
(or two) at the office for Windows administrators. Read more
[FORTUNE.COM]
ADOBE: Final Patch Update This Year: 78 Bugs Squashed. Adobe has issued the
company’s last 2015 security update which patches a total of 78 CVE vulnerabilities
in Flash Player, seven of which are deemed high-risk. The software giant has
recently renamed its Flash Professional product to Animate, no doubt to distance
the product from the bug-riddled and somewhat untrustworthy Flash Player, but a
simple renaming of the product family, unfortunately, does not erase security
flaws. Read more
[ZDNET.COM]

Security Patches
ANDROID: Google has released a new Android 6.0.1 Marshmallow update that’s
currently available for a few Nexus devices. This new update comes with the
build number MMB28M and it can be downloaded on the following Nexus
devices: Nexus 5, Nexus 6, Nexus 6P, Nexus 5X, Nexus Player, Nexus 7 2013 Wi-Fi
& SIM variants, Nexus 9 LTE & Wi-Fi variants. Read more
[NEUROGADGET.COM]
NODE.js : Security Patches Delayed by OpenSSL Updates. The Node.js
Foundation was to have posted patches but wants to release them with the
OpenSSL upgrades included. Read more
[INFOWORLD.COM]

Application Development
AGILE: Comes with Pressure and Pain. Agile development often takes federal
employees out of their comfort zones, which is precisely why it’s so beneficial, IT
leaders say. During a panel discussion sponsored by the Association for Federal
Information Resources Management, Environmental Protection Agency CTO Greg
Godbout said agile’s short delivery cycles require regular meetings and demand
accountability. “You know you will see them every two weeks,” he said, and “the
group will ask, ‘Who didn’t deliver?'”
Read more
[FCW.COM]

MOBILE APPS: Microsoft’s PowerApps Aim To Disrupt Enterprise Mobile App
Development Market. Microsoft launched a new enterprise service called
PowerApps that empowers users (employees of businesses) to create mobile apps
(they need), connect to existing business systems in a secure way and easily share
newly developed apps with coworkers. This is significant considering that over 2.1
billion mobile units will be sold by 2019 and that enterprise mobile apps market is
expected to grow with more companies and users relying on enterprise apps for
productivity. Learn how this service will disrupt the enterprise mobile app
development industry and add to Microsoft’s revenues. Read more [FORBES.COM]
PYTHON: Scales New Heights in Language Popularity. Python is increasingly in use
as a first language in high school and universities, propelling it to its highest spot
ever on the Tiobe index as well as a high ranking on the PyPL index.
Read more
[INFOWORLD.COM]

RED HAT SURVEY: Ninety Percent of Respondents to Red Hat Survey Plan to
Increase Mobile App Development Investments in 2016. Red Hat, Inc., the
world’s leading provider of open source solutions, today announced results from
a recent mobile maturity survey, which revealed that 90 percent of respondents
anticipate increasing investment in mobile application development within the
next 12 months. The 2015 Red Hat mobile maturity survey also finds that these
same respondents predict their organization’s investment for mobile application
development increasing at an average growth rate of 24 percent during the
same period. Read more
[SDTIMES.COM]

Penetration Testing
DHS: Giving Firms Free Penetration Tests. The U.S. Department of Homeland
Security (DHS) has been quietly launching stealthy cyber attacks against a range
of private U.S. companies — mostly banks and energy firms. These digital
intrusion attempts, commissioned in advance by the private sector targets
themselves, are part of a little-known program at DHS designed to help “critical
infrastructure” companies shore up their computer and network defenses
against real-world adversaries. And it’s all free of charge (well, on the U.S.
taxpayer’s dime). Read more
[KREBSONSECURITY.COM]

Penetration Testing
ATTACK SIMULATION: Startup Offers Free Cyberattack Simulation Service. First
came penetration testing, then the tabletop exercise, and now attack simulation
— the relatively nascent practice of war-gaming attacks on your network to
gauge how prepared (or not) you are, and where your weaknesses reside. Unlike
pen-testing, attack simulation doesn’t run exploit code. It’s more about
simulating the way attackers do their dirty work, from composing a phishing
email and infecting a machine to the path the take to access and then pilfer
credit-card data out of company. Attack simulation startup vThreat announced
free access to its software-as-a-service based applications. The concept of
simulating and providing a detailed postmortem of how an attacker could hack
you is capturing some venture capital interest. Read more
[DARKREADING.COM]

Penetration Testing
SECURITY THINK TANK: Pen Testing Must Be Followed by Action. How can an
organization ensure they get value from penetration and security testing services?
What role can penetration and security testing play in improving the security of an
organization? If the testing is comprehensive, carried out regularly and any issues
found quickly corrected then the overall picture of an organization’s security is
greatly improved, although it must be said that testing is not sufficient on its own.
Read more
[COMPUTERWEEKLY.COM]
AGENCIES: As hackers and other malicious actors become more sophisticated and
agile in their attacks, federal agencies need to be proactive about cybersecurity.
“Don’t wait to be hunted,” Linus Barloon, IT security branch manager for the U.S.
Senate Office of the Sergeant at Arms, told attendees at the Public Sector
Cybersecurity Summit hosted by Raytheon | Websense on Dec. 1. “Start hunting,”
he said. Read more
[FEDERALTIMES.COM]

Big Data
INSURANCE: How Big Data Is Changing Insurance Forever. Big Data is a buzzword
which refers to the ever increasing amount of digital information being generated
and stored, and the advanced analytics procedures which are being developed to
help make sense of this data. Some of the more recent developments in the
insurance industry have become available thanks to our increasing ability to record,
store and analyze data. Read more
[FORBES.COM]
IoT: 14 Ways IoT Will Change Big Data And Business Forever. The Internet of Things
(IoT) has gained momentum. Sensors are now small and cheap enough to embed in
all kinds of devices, and more companies are leveraging the vast data generated.
Here are some key drivers your company needs to remember as you jump into IoT.
Read more
[INFORMATIONWEEK.COM]

Big Data
CIO: Proving the Business Value of Big Data. Just organizations are getting more
precise in their decision making through analytics, they must now get more precise
in measuring ROI from big data investments. Here are four things you can do to
forge stronger connections between analytics and business outcomes. Read more
[CIO.COM]
GAO: Facing a Big Data Gap, GAO Kicks Off Agencywide Effort. The Government
Accountability Office is closing some of its biggest gaps in how it uses data to make
decisions. Comptroller General Gene Dodaro is asking the agency to develop a long-
term road map to expand and improve its use of big data. Howard Williams, the
GAO’s chief information officer, said the audit agency is “lagging a little bit” when it
comes to taking full advantage of big data tools and analyses. Read more
[FEDERALNEWSRADIO.COM]

Big Data
CUSTOMER SERVICE: What Big Data Can Do For Your Contact Center. Almost two-
third of contact center operations depends on voice services. But the future of
contact centers is no more limited to just voice calls. A recent survey suggests that
in the next couple of years, a larger number of users will choose digital interactions
over voice-based interactions for connecting with contact centers. Read more
[INSIDEBIGDATA.COM]
ANALYTICS: Fighting Evil AI, IBM Opens Watson IoT HQ: Big Data Roundup. Elon
Musk invests in AI to benefit humanity. Microsoft is acquiring SQL queries for all
data by all users. IBM is connecting Watson with IoT via APIs. Read more

Big Data
QUALITY CONTROL: Big Data’s Billion-Dollar Quality Problem: 3 Tips for
Sidestepping It. The costs of working with dirty data are staggering. Save money
and time by following these tips on how to improve the quality of your company
data. Read more
[TECHREPUBLIC.COM]
2016: 6 Predictions For Big Data Analytics And Cognitive Computing In 2016. The
larger market for business analytics software and business intelligence solutions
which now includes the new disciplines of data science and cognitive computing, is
at least 5 times bigger. But a much larger market, which may indeed approach a
trillion dollar sometime in the not-distance future, includes the revenues
companies in any industry will generate from “monetizing” their data and algorithms.
Read more
[FORBES.COM]

Project Management
MICROSOFT: Offers Preview of New Planner Project Management Tool. Microsoft
released its project management tool, Office 365 Planner, as a preview to Office
365 First Release customers. With Planner, users can create new plans, organize
tasks, assign team members to those tasks, share files and chat about workflow.
Planner also offers updates on progress as people work through tasks. Workers can
use the platform in many ways, including event planning, customer visits, product
brainstorming and more. Read more
[FIERCECIO.COM]
THE CLOUD: Project Management & Cloud Computing: Your Strategic Weapon for
Success. We are therefore not far away from that day when IT professionals will
solely depend on cloud for improved productivity and ROI. And it is not just IT
professionals. Project managers have already started leveraging the benefits of a
cloud-based efficiency upgrade. Read more
[SMARTDATACOLLECTIVE.COM]

Project Management
REMOTE: Does Remote Project Management Really work? Remote project
management may be a great alternative to traditional project management for
most organizations, project managers and team members, but is it realistic? There
are tangible advantages here, but this is not for the faint-hearted. Read more
[CIO.COM]
AGILE: How Project Managers Can be a Positive Agent for Agile. How does agile
impact the role of project managers? Is there still a need for project managers
when organizations transition to agile? How can you deal with project managers
who are oppose to agile? How can project managers be a positive agent for
change? Read more
[INFOQ.COM]

Search Engines & Technology
ELASTICSEARCH: Elasticsearch Servers Targeted by Linux-Based Botnet Operators. A
honeypot experiment ran by AlientVault has shown that the recent security
vulnerabilities discovered in Elasticsearch servers over the summer are now actively
being used by botnet operators. Read more
[NEWS.SOFTPEDIA.COM]
SEO: Is Google’s Search Market Share Actually Dropping? In a followup to his 2014
survey, contributor Eli Schwartz shares his data on search engine market share and
looks at how it’s changing over time. Read more
[SEARCHENGINELAND.COM]

ARTIFICIAL INTELLIGENCE: Google’s Tough Search — A Quantum Leap in Computing
Power. A computer that’s millions of times faster than the most powerful machine
available today could improve everything from climate and disease research to
understanding the contents of every YouTube video. That’s the promise of another
ambitious, long-term Google project that the Internet giant opened up about this
week. Like other so-called moonshots, this one could take a decade or more to
produce anything of tangible value, according to experts in the field. But Google is
hopeful. Read more
[BLOGS.WSJ.COM]

BIG DATA SEARCH: 9 Useful Open Source Big Data Tools. Hadoop is not the end-all,
be-all of Big Data. There are lots of other Big Data platforms and tools, many of
which are open source. Apache Solr is designed to be highly reliable, scalable and
fault tolerant, providing distributed indexing, replication and load-balanced
querying, automated failover and recovery, centralized configuration and other
features. Read more
[ENTERPRISEAPPSTODAY.COM]

For the CTO, CIO & CISO
CTO ADVICE: Stretch, Tackle and Question: One CTO’s Career Advice. Dr. Darlene
Solomon, CTO of Agilent, discusses taking risks, finding work that you enjoy,
collaboration and compassion. Read more
[COMPUTERWORLD.COM]
CIO: 5 Reasons 2016 Will Be the Year of the ‘New IT’. Digital transformation is
rewriting the rules of IT, and CIOs need to revamp their approaches if they want
their companies to survive and thrive. Here are five predictions for what 2016 will
bring under the ‘new IT.’ Read more
[CIO.COM]

CISO: The Ripple Effect of the CISO in the C-Suite. War games aren’t just for
movies. In fact, they have a place in every business, up through the C-suite. When
our experts from IBM Emergency Response Services (ERS) reported on the top
developments they’d seen in 2015 engagements in the recent IBM X-Force Threat
Intelligence Quarterly, the rise in prominence of the CISO role and the prevalence
of security concerns in the boardroom was one of the biggest trends for the year.
Read more
[SECURITYINTELLIGENCE.COM]
INTERVIEW: Rackspace CTO John Engates On Why Hybrid Cloud Matters. As
businesses opt for a combination of public and private cloud applications, chief
technology officer John Engates says Rackspace’s aim is to remove complexity and
make it easier for customers to deploy cloud technology. Read more
COMPUTERWEEKLY.COM]

SECURITY: How the Internet of Things Got Hacked. There was once a time when
people distinguished between cyberspace, the digital world of computers and
hackers, and the flesh-and-blood reality known as meatspace. Anyone
overwhelmed by the hackable perils of cyberspace could unplug and retreat to the
reliable, analog world of physical objects. But today, cheap, radio-connected
computers have invaded meatspace. They’re now embedded in everything from
our toys to our cars to our bodies. And this year has made clearer than ever
before that this Internet of Things introduces all the vulnerabilities of the digital
world into our real world. Read more
[WIRED.COM]

HACKS: The Most Innovative and Damaging Hacks of 2015. Not a week went by in 2015
without a major data breach, significant attack campaign, or serious vulnerability report.
Many of the incidents were the result of disabled security controls, implementation
errors, or other basic security mistakes, highlighting how far organizations have to go in
nailing down IT security basics. The year’s most significant attacks highlight how hackers
are changing tactics — and how security must evolve in the year ahead. Read more
[PCWORLD.COM]
JUNIPER HACK: Researchers Say The Juniper Hack Could Be The Work Of Government—
But Which One? As researchers uncover more about two vulnerabilities recently patched
in some Juniper Networks firewalls, the security community continues to speculate
about who inserted what Juniper called “unauthorized code” into the company’s firewall
operating system ScreenOS. Security experts suggested that one of the security holes in
particular, which Juniper warns could allow eavesdroppers to decrypt VPN traffic to some
of its NetScreen firewalls, could be the work of the National Security Agency or another
spy agency overseas. Read more
[FASTCOMPANY.COM]

PREDICTIONS: Federal Tech Predictions for 2016. From DevOps to cloud
computing, the speed at which the technology sphere is currently evolving is
only going to increase in the coming year. It is important for agencies to accept
this and welcome it into their daily work. That’s according to Joel Dolisy, chief
information officer and chief technology officer for technology company
SolarWinds. Dolisy’s advice for federal agencies navigating the IT space in 2016?
Embrace the change. Read more
[NEXTGOV.COM]

STATE CIOs: Push Accessibility and User Experience Standards. Nearly one in five
citizens need some kind of accommodation when accessing digital government
services – and ensuring that every citizen has equal access to those services is the
focus behind a new guidelines initiative of the National Association of State CIOs
(NASCIO) calling for increased understanding and use of accessibility standards.
Read more
[GOVTECHWORKS.COM]
CTOs: The Lasting Power Of Incremental Innovation. Guy Duncan, Chief
Technology Officer at PayU, discusses the importance of innovation that isn’t just
a “big bang,” but “fuel that powers the future.” Read more
[PYMNTS.COM]

CISOs: Déjà vu for the CISO. Rising chief information security officers, like CIOs
before them, need to start thinking like business people. Read more
[FEDSCOOP.COM]
FEDERAL CISOs: The US Government Wants In On the Public Cloud, but Needs
More Transparency. The U.S. federal government is trying to move more into the
cloud, but service providers’ lack of transparency is harming adoption, according
to Arlette Hart, the FBI’s chief information security officer. Read more
[CIO.COM]

Incident Response
INTERVIEW: How to Structure Cyber Incident Response. At a recent cyber war
game simulation, executives across various corporate functions worked through a
major cyber security breach at a fictitious company. The simulation underscored
the need to continually review cyber incident response plans and command
structures to ensure organizations can handle cyber incidents and return to
normal operations as quickly as possible, say war game participants Deborah
Golden, a Deloitte & Touche LLP principal and Deloitte Advisory’s Federal Cyber
leader, and retired U.S. Navy Captain John Gelinne, a Deloitte Advisory director
with Deloitte & Touche LLP. In a post-simulation interview, Golden and Gelinne
discuss how federal agencies can look to military readiness planning to structure
cyber incident responses to mitigate risk and protect mission-critical assets. Read
more
[DELOITTE.WSJ.COM]

Incident Response
PRIVATE SECTOR: Cyber Security Demands Early Detection and Rapid Response.
Attackers are more sophisticated and striking a broader set of companies. Like the
construction company that suddenly discovered more than $4 million in payroll
for its 1,000 employees had been covertly transferred to who knows where. Or
the CEO of a big tech firm who awoke one day to discover that all the company’s
computer hard drives had been solidly encrypted and an anonymous hacker was
offering to sell him the key to unfreeze them for thousands of dollars. And the
biotech conglomerate that learned – via a call from the FBI – that a criminal cyber
sleuth had accessed its network for more than six months looking for regulatory
documents that could tip off Wall Street traders about the status of its developing
drugs. Read more
[BOSTONGLOBE.COM]

Incident Response
STRATEGY: If You Haven’t Begun Cybersecurity Incident Response Planning, is it
Already Too Late? The question is no longer whether we will be breached but
when we will be breached. Cybersecurity is a C-suite and board-level issue
requiring a comprehensive risk management strategy, intelligent investment and
integration across the organization. Read more
[DAILY.FINANCIALEXECUTIVES.ORG]
SECURITY: When APIs and DevOps Meet Cybersecurity. Center of gravity will flow
to middleware and cybersecurity process expertise as software integration
proliferates in the enterprise cybersecurity market. Read more
[NETWORKWORLD.COM]

Programming & Scripting Development
Client & Server-Side

PHP: PHP 7.0 Boosts Speed and Security: What You Need to Know. The release of
PHP 7.0 and Zend Engine 3 bring a wide variety of speed improvements and
modernization to the popular server-side scripting language. Here’s what you need
to know. Read more
[TECHREPUBLIC.COM]
JAVA: The Missing Features. A look at some of the “missing features” of Java, as
well as the work, if any, to remediate those. Read more
[INFOQ.COM]

ANGULAR: Upgrading Apps to Angular 2 Using ngUpgrade. Earlier this year the
Angular team made an official announcement in which they talk about upgrade
strategies. First implementations of ngUpgrade have now landed in the code base.
Find out what you can do to prepare for an upgrade, and how to use ngUpgrade to
upgrade an application to Angular 2. Read more
[BLOG.THOUGHTRAM.IO]

WORDPRESS: WordPress.com Gets a New Face and Joins the JavaScript Age. In late
November, the popular blogging site WordPress.com unveiled a new admin
interface for managing blogs, posting content, and reading other people’s sites. If
you’re a regular user, you’ll notice a new look and feel. If you’re a code geek, you’ll
notice something more remarkable below the surface: JavaScript instead of PHP. If
you run the open source version of WordPress on your own server, you can
activate the new interface on your own site through the plugin Jetpack.
Automattic, the company behind WordPress.com – the commercial version of
WordPress – also released a WordPress application for Macintosh OS X. And it
made available the code that powers the new interface as open source software
for everyone. Read more
[WIRED.COM]

SWIFT & IBM: IBM’s Swift Sandbox Lets Coders Try Apple’s Programming Language
Easily. IBM announced its free, browser-based Swift Sandbox, which lets
developers write in Apple’s programming language and execute their code in a
server environment — on top of Linux. Read more
MICROSOFT: Treads on Node.js’s Turf with Chakra JavaScript Engine. Microsoft’s
plan to open-source its Chakra JavaScript engine has far-reaching implications.
Most of all, it shows that Microsoft wants to become a player in the JavaScript
ecosystem that has ambitions to be a near-universal runtime for every kind of
software. Read more
[INFOWORLD.COM]

TYPESCRIPT: Version 1.7 is Here with Async/Await as Default for ES6. A new version of
TypeScript has been unveiled with long awaited support for async functions for
ECMAScript 6 (ES6). Future support plans are already in place for ES3 and ES5, too.
TypeScript 1.7 also includes polymorphic this typing plus some breaking changes. Read
more
[JAXENTER.COM]
SPRING BOOT 1.3: Version 1.3 Released Featuring DevTools and ASCII Art. Spring
custodian Pivotal has released Spring Boot 1.3, which adds hot reload support of
Java classes/Spring configuration (using a new spring-boot-devtools module), cache
auto-configuration (for EhCache, Hazelcast, Infinispan, JCache, Redis and Guava),
and fully executable archives for Linux/Unix. The release has extensive release
notes detailing all of the changes. Read more
[INFOQ.COM]

C#: How to Use the Facade Design Pattern in C#. Take advantage of the facade
design pattern to provide a simplified interface to a set of sub systems and hence
reduce the dependencies and complexities in your designs. Read more
[INFOWORLD.COM]
CISCO: Bitten by Java Deserialisation Bug, Working on Patch. November’s high-
profile Java deserialisation bug has bitten Cisco, with the company announcing
vulnerabilities across the board in its huge product line. The problem is so
pervasive that it reaches into the most trivial activities of the sysadmin, such as
serial number assessment services. Read more
[THEREGISTER.CO.UK]

SWIFT: Why Non-Apple Developers Should Care About Swift. Now open source
with Linux support, Swift has a great deal to offer cross-platform and server-side
developers. Read more
[INFOWORLD.COM]
JAVASCRIPT: Red Hat Pursues Java-Node.js Connection. Red Hat envisions a world
in which the two environments co-exist, and the company wants to drive the
integration. Read more
[INFOWORLD.COM]

THREATS: The Programming Languages That Spawn The Most Software
Vulnerabilities. PHP, ASP Web scripting languages breed more vulnerabilities than
Java, .NET programming platforms, Veracode’s new state of software security
report says. Read more
[DARKREADING.COM]
SWIFT: After One Week as Open Source, Swift Is the Most Popular Programming
Language on Github. According to statistics provided by GitHub, in terms of “stars,”
the equivalent of a Facebook like or Twitter fave (heart), Swift already has over
21,000 stars, beating Mozilla’s Rust programming language, the former leader of
this ranking, which only has 14,400 stars. Read more
[MAC.SOFTPEDIA.COM]

JAVASCRIPT: 2015 in Review. JavaScript had a remarkable year. Despite reaching the
grand age of twenty in May, news, projects and interest in the language continue to
grow exponentially. Can’t think of another technology which moves at a similar pace.
It’s becoming increasingly difficult to keep up so hope this summary helps. Read more
[SITEPOINT.COM]
APIs: Composing APIs with Node-RED and JavaScript. As the Node-RED website says
“Node-RED is a tool for wiring together hardware devices, APIs and online services in
new and interesting ways”. It has been possible to use Node-RED for Internet of Things
scenarios on Bluemix for quite some time. With the new Connect and Compose (beta)
service you can now also use Node-RED to compose complex APIs via flow editor and
JavaScript. Learn how to make APIs with JavaScrips and Node-RED in this tutorial. Read
more
[DZONE.COM]

ADOBE: Finally Tells Developers to Stop Using Flash. Once the primary means of making
animation, browser games and interactive visualisations for the web, Adobe Flash has
been ailing for a long time. And now — after almost everyone else recognised the
massive security and performance problems with the proprietary tech — its makers
Adobe have announced that it will be moving away from the platform. Adobe said that
it would now encourage developers to “build with new web standards”, primarily HTML
5. Read more
[WIRED.CO.UK]
ANGULAR 2: Up Close with Google’s Angular 2 JavaScript Framework. Here’s all you
need to know about Angular 2, the exciting new successor to Google’s wildly popular
JavaScript framework, AngularJS. Read more
[INFOWORLD.COM]

GOOGLE: Confirms Next Android Version Won’t Implement Oracle’s Proprietary Java
APIs. Google is replacing its implementation of the Java application programming
interfaces (APIs) in Android with OpenJDK, the open source version of Oracle’s Java
Development Kit (JDK). The news first came by a “mysterious Android codebase
commit” from last month submitted to Hacker News. Google confirmed to VentureBeat
that Android N will rely solely on OpenJDK, rather Android’s own implementation of the
Java APIs. Read more
[VENTUREBEAT.COM]
FTC: Ruling Against Oracle Shows Why It’s Time to Dump Java. The FTC says Oracle
hasn’t been uninstalling older, insecure versions of Java. It’s time for users to ditch
client-side Java altogether. Read more
[INFOWORLD.COM]

Cloud Computing
SURVEY: 7 Insights And Predictions From IDG’s 2015 Enterprise Cloud Computing
Survey. Enterprises surveyed are predicting they will invest an average of $2.87M in
cloud computing technologies in 2016. 90% of enterprises are relying on APIs in their
cloud integration plans for 2016. 25% of total IT budgets will be allocated to cloud
computing in 2016. Security continues to be the biggest challenge enterprises face in
adopting cloud computing. Read the rest
[FORBES.COM]
STORAGE: Primary Storage Shifts To The Cloud. Hybrid cloud is popular, but slow
WAN connections ultimately make it an interim step towards moving all stored data
to public cloud. Many companies are planning a hybrid approach to the cloud where
some computing and storage is in a public cloud and the rest, including much of their
primary storage, is kept in-house in a private cloud. Hybrid clouds are just a stop-gap
measure. The migration of storage — including primary storage — to the public cloud
is inevitable. Read more
[NETWORKCOMPUTING.COM]

Cloud Computing
FEDERAL AGENCIES: How Open Source Can Bring Agencies to the Cloud. Cloud
computing has fundamentally changed how the world works, innovates and
connects .From businesses and governments to individuals, we are all finding
ourselves interacting in new and meaningful ways. Yet, according to IDC, only 6
percent of federal government applications run in the cloud. Read more
[FEDERALTIMES.COM]
GOOGLE: Google Hires VMware Co-founder Diane Greene as Cloud Chief, Aims for
Enterprise Adoption. Diane Greene will oversee all of Google’s cloud businesses,
including its Cloud Platform and Apps productivity suite. Greene, who has been on
the company’s board of directors for three years, took the position as the
technology giant agreed to acquire Bebop, a stealthy startup that she co-founded. In
a blog post announcing the news, Google CEO Sundar Pichai called the company’s
product “a new development platform that makes it easy to build and maintain
enterprise applications.” Read more
[COMPUTERWORLD.COM]

Cloud Computing
GOOGLE: Upgrades Cloud SQL, Promises Managed MySQL Offerings. Google has
announced the beta availability of a new improved Cloud SQL for Google Cloud
Platform – and an alpha version of its much anticipated Content Delivery Network
offering. Brett Hesterberg, Product Manager for Google’s Cloud Platform, says the
second generation of Cloud SQL will aim to give better performance and more
‘scalability per dollar’. In Google’s internal testing, the second generation Cloud
SQL proved seven times faster than the first generation and it now scales to 10TB
of data, 15,000 IOPS and 104GB of RAM per instance, Hesterberg said. Read more
[BUSINESSCLOUDNEWS.COM]

Cloud Computing
DOCUMENT MANAGEMENT: Still Dreaming of the Paperless Office? According to
AIIM’s latest study, ‘Paper-Free Progress: measuring outcomes’, many companies
still have desks piled high with paper. Only 17% of respondents said they work in
what can be described as a paper-free office. A staggering 40% still use paper for
filing “important stuff”, and 56% are wedded to signatures on paper for contracts
and order forms. This is despite around half of organisations (49%) saying they are
decreasing paper consumption. Read more
[CTOVISION.COM]
SECURITY FIXES: Cloud Users Should Prep For a New Wave of Security Fixes. Some
cloud providers – thus far IBM SoftLayer and Linode – have alerted customers
about hurried-but-planned updates to their cloud infrastructure to come this
week. The culprit appears to be another vulnerability to the Xen hypervisor that
many cloud providers rely on to pack lots of workloads onto shared computer
servers. Read more
[FORTUNE.COM]

Cloud Computing
CIOs: 3 CIO Insights on Cloud, Security and Mobile. At a recent Government
Technology Research Alliance Summit, one of the most discussed topics was the
adoption of new technology like cloud computing and mobile applications, and
the dire need for the federal government to share and collaborate on security
data governmentwide. The consensus seemed to be that without that
collaboration, there is no united front, and some agencies are always going to be
falling behind. Read more
[NEXTGOV.COM]

Encryption
CYBERSECURITY: Privacy Groups Discuss Encryption with White House. White
House officials met Dec. 10 with multiple civil liberties groups behind a petition
urging the Obama administration to support strong encryption. Administration
officials told representatives from the American Civil Liberties Union, the Center
for Democracy and Technology, Human Rights Watch, Access Now and New
America’s Open Technology Institute that they planned to issue a formal response
over the holidays. Read more
[FCW.COM]

Encryption
FBI: Renews Warnings on Terror and Encryption, With No Clear Solution in Sight.
Lawmakers face dueling security concerns as tech companies warn any backdoor
access to encrypted data will pave the way for cyber attacks. In the wake of the
Paris and San Bernardino terror attacks, a long-simmering debate over the
security risks of terrorists using encryption has come to a boil. Speaking before
Congress last week, FBI Director James Comey reiterated warnings that popular
encrypted communication apps are making it difficult for law enforcement
officials to monitor suspected criminals and terrorists. Read more
[FASTCOMPANY.COM]

Encryption
SSL: Testing Your SSL Encryption Can Provide Important Security Insights. Since the
Heartbleed vulnerability of 2014, more IT managers have been concerned about
the integrity of their SSL encryption, TLS services and associated supporting code
libraries. And while most SSL technology vendors have patched their servers since
then, there are still many ways to take advantage of this encryption protocol that
you should be aware of. A new series of free SSL server tests from High-Tech
Bridge can help highlight any problems and potentially show you what is going on
with how you encrypt your Internet traffic. Read more
[SECURITYINTELLIGENCE.COM]

Encryption
SECURITY: The Government Really Doesn’t Seem to Like Encryption.
Cryptographers, civil libertarians, and privacy advocates have spoken loud and
clear about how weakening encryption will make online communications and e-
commerce more vulnerable (and make tech companies less competitive
economically). But the war against crypto rages on in the wake of terrorist attacks
in Paris and San Bernardino. Read more
[WIRED.COM]

Business Intelligence
TRENDS: Ten Top Business Intelligence Trends to Expect in 2016. Business
intelligence continues to be one of the fastest-moving areas in the enterprise, and
the techniques that organizations are using to drive adoption and get value from
their data are multiplying. Those are among the conclusions of a new report from
Tableau Software. Read more
[INFORMATION-MANAGEMENT.COM]
STRATEGY: How to Make Your Business Intelligence More Mobile-Intelligent. We
need to move beyond traditional desk-based analytics software to solutions that
can intelligently adapt on the fly. Read more
[INFORMATION-AGE.COM]

SaaS TECHNOLOGY: Put the ‘Intelligence’ Back in Business Intelligence. Our ability to
disseminate all types of government data has become much more efficient, and one
would think local and state institutions would take advantage of this technology for
their business intelligence projects. But, unfortunately, many of these organizations
are still relying on cumbersome, expensive tools rather than embracing the benefits
of cloud-based software-as-a-service (SaaS) tech solutions. Read more
[AMERICANCITYANDCOUNTY.COM]
MICROSOFT BI: Brings Cortana, Quick Insights to Power BI for Better Business
Intelligence. Microsoft’s Convergence conference for business professionals is being
held this week in Barcelona, Spain. It has been bringing us a number of business
oriented announcements, including a new Office 365 E5 tier, Power Apps, and more.
Now today, more news around its business intelligence platform, Power BI. Read
more
[WINBETA.ORG]

CLOUD: Is Cloud-powered Business Intelligence Genuinely Useful or Mere Hype? All
hail democratised data. Until recently, business intelligence (BI) software was all on-
premise and then only for analysts who knew how to code, or those that had the
support of data science and IT staff. But with infrastructure quickly shifting to a
cloud model, new cloud-powered BI software is appearing that promises to
empower everyone and anyone within an organisation to work with data directly, in
real-time. Is cloud BI really the democratisation of data, or too good to be true? .
Read more
[TECHRADAR.COM]
DATA ACT: Pressures Mount to Deliver on DATA Act Promises. Pressure is building for
federal agencies to not only develop new financial data reporting systems in time to
meet a May 2017 deadline, but to also make sure the job gets done right, according
to federal IT officials. Read more
[FEDSCOOP.COM]

FUTURE OF THE CLOUD: Moving Up the Value Chain. Cloud technology is becoming
ubiquitous in the federal government. For agencies that have already unplugged
their traditional data centers and shifted their computing models, that move has
brought dramatic value — in well-documented savings of money, time and
resources. But what about the future? As cloud technology advances, will the value
of being in a cloud environment continue to increase? More important, as budgets
shrink and security risks grow, will the cloud provide a way to enhance innovation
and tackle increasingly complex technology challenges? Read more
[FCW.COM]
CORTANA: Taps Power BI, Wikipedia Leans On AI: Big Data Roundup. Updates on
some very cool use cases of machine learning, how Wikipedia is leveraging artificial
intelligence (AI) to improve its anti-vandalism efforts, Microsoft’s Cortana getting
integration with Power BI, and more. Read more

Federal Government
U.S. STATE DEPARTMENT: The U.S. State Department is About to Take Away Your
Extra Passport Pages. For frequent travelers, there’s nothing more impressive than a
well-stamped passport, with every page filled with multicolored inks, dates and
destinations. But if you’re down to your last blank page, you probably want to add
“request new visa insert” to your December to-do list. As of January 1, 2016, the
U.S. State Department will no longer issue additional passport pages due to its own
security concerns. Read more
[ROADWARRIORVOICES.COM]
CIOs: How to Help Federal CIOs Do More for Accessible Tech. According to Karen S.
Evans, national director of the U.S. Cyber Challenge, the Obama administration
should seize the opportunity to align regulations currently under review, giving
federal CIOs the tools they need to champion accessible technology and the policies
that govern it. Read more
[FEDERALTIMES.COM]

Federal Government
CYBERSECURITY: Asking DHS to Hack Your Systems. The Department of
Homeland Security is home to a broad range of cybersecurity missions —
including, apparently, network assessments and penetration testing for certain
private-sector companies. Brian Krebs, author of the popular Krebs on Security
blog, reported on Dec. 1 that DHS’ National Cybersecurity Assessment and
Technical Services (NCATS) have been “quietly launching stealthy cyberattacks
against a range of private U.S. companies — mostly banks and energy firms.
These digital intrusion attempts, commissioned in advance by the private sector
targets themselves, are … designed to help ‘critical infrastructure’ companies
shore up their computer and network defenses against real-world adversaries.”
Read more
[GCN.COM]

Federal Government
DEPARTMENT OF TREASURY: Seeing Fruits of IT Reforms Ahead of FITARA
Implementation. The true gauge of the Treasury Department’s IT reform efforts can’t
only be measured by the “D” grade on the report card recently issued by the House
Oversight and Government Reform Committee. But the fact is Treasury has spent the
better part of the last year preparing for the changes that came with the new
Federal IT Acquisition Reform Act (FITARA). Sonny Bhagowalia, Treasury’s chief
information officer, said he’s taking an approach that is part governance and part
operational improvements. Read more

Federal Government
ANALYTICS: Why the Federal Government Tracks Visitors to Dot-Govs. For the past
several months, the government has been publicly tracking how many visitors come
to certain agency websites, and what devices and Web browsers they use to get
there. Analytics.usa.gov, unveiled in March, uses Google Analytics to monitor Web
traffic. Earlier this month, the General Services Administration debuted new
dashboards showing the general geographic location of visitors to federal sites –
84.6 percent of visitors come from the U.S. and 4.5 percent of that from
Washington – and logs showing the most downloaded public documents. Currently
the most-clicked is a notification letter from the Office of Personnel and
Management alerting victims of the recent cyber hack. Read more
[NEXTGOV.COM]

Federal Government
COSTS: Federal Paper Pushing Costs Taxpayers Millions. The federal government is
the nation’s largest disburser—$600 billion a year in checks go out to suppliers from
civilian agencies alone, according to the Treasury Department. So it may surprise
some in this digital age that only 38 percent of the 19 million invoices filed by
agencies in fiscal 2013 were submitted electronically. That left a pile of 12 million
supplier invoices on old-fashioned paper, costing taxpayers an estimated $230
million yearly to process. Read more
[GOVEXEC.COM]

Federal Government
NIST: Tech Licensing Revenues Grow for Agency Labs. The federal government
brought in more money from licensing its own technology to the private sector and
increased the number of research and development partnerships it has forged,
according a report from the National Institute of Standards and Technology. Read
more
[FEDSCOOP.COM]
TECH LAB: What the Government Should’ve Learned About Backdoors from the
Clipper Chip. In the face of a Federal Bureau of Investigation proposal requesting
backdoors into encrypted communications, a noted encryption expert urged
Congress not to adopt the requirements due to technical faults in the plan. The
shortcomings in question would allow anyone to easily defeat the measure with
little technical effort. Read more
[ARSTECHNICA.COM]

Federal Government
ANALYSIS: What Does Federal Spending in 2016 Mean for the Cybersecurity Sector?
President Barak Obama included $14 billion for cyber security spending in his 2016
budget. A look at some key numbers and trends for 2016 reveals big opportunities
for vendors who provide cyber products and services to federal agencies, and big
challenges for federal agencies around recruiting and retaining cybersecurity staff.
Read more
[CSOONLINE.COM]
NIST: A Conversation With The Most Influential Cybersecurity Guru To The U.S.
Government. Ron Ross is a Fellow at the National Institute of Standards and
Technology, or NIST, a non-regulatory agency of the U.S. Department of Commerce.
NIST’s mission is to promote U.S. innovation and industrial competitiveness by
advancing measurement science, standards, and technology in ways that enhance
economic security and improve our quality of life. Check out his comprehensive
approach to data security. Read more
[FORBES.COM]

Federal Government
SURVEY: Majority of Agencies Follow NIST Cybersecurity Framework. A recent
survey found that 82 percent of 150 IT and security professionals in the federal
government said their agencies are either fully or partially implementing the NIST
Framework for Improving Critical Infrastructure Cybersecurity. When broken down
further, 53 percent are fully implementing, with 29 percent partially implementing
the guidance. Read more
[GCN.COM]
ENCRYPTION: Why Federal Encryption Regulations Could Put Cybersecurity At Risk.
Efforts to pass regulations in response to new security technology could, however,
run into legal and constitutional roadblocks. End-to-end encryption may be
defended under the Fourth Amendment right to privacy against unreasonable
search, as wiretapping often occurs without proper warrants on civilians who are
not suspected of being involved in criminal activity. Read more
[BROWNPOLITICALREVIEW.ORG]

IT - State & Local Governments

SEATTLE: Begins Three-Year IT Consolidation. Over the next three years, Seattle
will consolidate its disparate IT departments into a new agency, called Seattle IT,
and city officials expect big things from the change. Read more
[GOVTECH.COM]
US COUNTIES: New Interactive Tool Provides Key County Info. The NACo County
Explorer is a web-based visualization tool that provides key information on a
wide variety of topics that are summarized at the county-level. An interactive
map allows users to explore a variety of indicators, such as population density,
median household income, and number of endangered and threatened species.
County profiles are provided to highlight data and information related to key
federal policies and legislation. Read more
[COAST.NOAA.GOV]

LOCAL BANKS: These Cyberthreats May Be Coming to a Local Bank Near You. A
common consumer of news might assume that financial services hacking
incidents are just a big-bank problem. Cyberintrusions of the largest institutions
by sophisticated criminals and potentially foreign governments are well
documented. But community banks of every stripe should be on alert for a
genus of attacks meant more for smaller institutions than bigger ones. On Nov.
3, the Federal Financial Institutions Examination Council issued a joint statement
intended for community banks warning of the “increasing frequency and
severity of cyberattacks involving extortion.” Read more
[AMERICANBANKER.COM]

BIG BANKS: S&P Downgrades Holding Companies of Eight U.S. Banks. Standard
& Poor’s cut its nonoperating holding company (NOHC) ratings on eight U.S.
“global systemically important banks” by one notch, citing uncertainty about the
U.S. government’s willingness to provide support to the banking system if it
came under stress. Read more
[REUTERS.COM]
DHS: House Bill Lets State, Local Take Advantage of DHS Cyber Tools. New
legislation requires DHS to open the National Cybersecurity and
Communications Integration Center (NCCIC) to state and local governments that
request assistance, either in shoring up cybersecurity posture or help
investigating a specific incident. Read more
[FEDERALTIMES.COM]

MICHIGAN: Report Rips Security of State Computer Systems. Hundreds of state
computer servers are vulnerable to hacking and failure because of outdated
operating systems, ineffective security configurations, poor password control,
failure to install security patches and a lack of timely scanning to detect
vulnerabilities, according to a report released Thursday by Michigan Auditor
General Doug Ringler. Read more
[FREEP.COM]
INDUSTRY PERSPECTIVE: 4 Critical Challenges to State and Local Government
Cybersecurity Efforts. While the federal government works on big-picture
solutions, state and local government agencies are under tremendous pressure
to secure critical data, infrastructure and services. In fact, cybersecurity is the
No. 1 strategic IT priority in 2015 for state and local agencies, according to the
National Association of State Chief Information Officers. Read more
[GOVTECH.COM]

VOTING SECURITY: Outdated Voting Machine Technology Poses Security and
Election Risks. A new report highlights the looming crisis state and local
governments face with aging voting machine technology ahead of the 2016
election. A recent report by the Brennan Center for Justice at New York
University School of Law found that the expected lifespan of core components in
electronic voting machines purchased since 2000 is between 10 and 20 years,
and for most systems it is probably closer to 10 than 20. Experts surveyed by the
Brennan Center agree that the majority of machines in use today are either
“perilously close to or exceed these estimates.” Read more
[STATETECHMAGAZINE.COM]

IT Security | Cybersecurity
RISK MANAGEMENT: Moody’s Warns Cyber Risks Could Impact Credit Ratings.
Credit rating agency Moody’s Corp. warns that cyber defenses as well as breach
detection, prevention and response will be higher priorities in its analysis of the
creditworthiness of companies across all sectors, including healthcare and financial
services. Read more
[GOVINFOSECURITY.COM]
HIRING: OMB, OPM Chart Helps Agencies Identify Cyber Talent Gaps. With just five
weeks to go before the deadline for civilian agencies to submit their job codes for
specialty cyber roles, the Office of Management and Budget has added a resource
chart to its MAX site to help organize cyber talent gaps as they are identified. Read
more

CSO: Five Reasons Why Hackers Easily Get In. Vulnerable web application is just one
of the great gifts left for hackers, as it significantly reduces their time, cost and
efforts to get into corporate network. Why do companies fail to secure their web
apps? Read more
[CSOONLINE.COM]
STUDY: Financial Advisors Still Have a Long Way to Go on Cybersecurity. Since the
infamous cyberattack on Sony Pictures Entertainment a year ago, business leaders
have noticed an increase in hacks both externally and internally, according to a
survey conducted by the auditor PwC. Globally, the cost of cybercrime is estimated
to be upwards of $385 billion and those attacks can and do happen in every type of
industry, including financial services. Cyberattacks against financial advisors are
growing and getting more sophisticated. A new white paper by External IT, which
provides cloud computing to financial services companies, found that advisors are
vulnerable in three areas. Find out more
[CNBC.COM]

LOCKHEED LEAVES: Lockheed Martin Corp. To Exit Commercial Cybersecurity,
Double-Down On Helicopters And Combat Jets. Lockheed Martin Corp. has been
planning to sell off or spin off its roughly $4 billion government information
technology business since earlier this year. That would include its Cybersecurity unit.
“The cyber programs that will remain with the company are mostly focused on
defense and intelligence customers and will be realigned into the Corporation’s
other four business segments,” says Dan Nelson, Vice President, Corporation
Communications at Lockheed. Read more
[FORBES.COM]
PREDICTION: The Cybersecurity Startup Boom Will End in 2016. Too many
companies are selling similar tools. Read more
[FORTUNE.COM]

INDUSTRY INSIGHT: Cybersecurity is a Team Sport, but it’s No Game. We can all do
something to address the growing cybersecurity challenge. Individual users, small
departments and large agencies alike can take steps to improve our individual and
collective cybersecurity posture. It is estimated that roughly 80 percent of
exploitable vulnerabilities in cyberspace are a result of poor or nonexistent cyber
hygiene — the basic, fundamental protection measures that improve defense while
making it more difficult and more expensive for the bad guys to perpetrate an
intrusion. Read more
[GCN.COM]

FLORIDA: Builds New Cybersecurity Framework. Since the re-launch of Florida’s IT
agency last year, Chief Information Security Officer Danielle Alvarez has been
working to build up a cybersecurity framework for the state. Alvarez said the biggest
threat currently facing the state is “lacking that foundation” for how to effectively
handle information security, and she’s now in the midst of laying down those
guidelines. Read more
[STATESCOOP.COM]

Tech Vulnerabilities
THREATS: BackStab Attack Takes Indirect Route To Mobile Data. Attack technique
takes advantage of weak protections around mobile user’s backup files. While there
are plenty of mobile device vulnerabilities just waiting for bad guys to pick up on,
some of the lowest hanging fruit for mobile-oriented attackers isn’t on the device
itself. Instead, the softest target comes in the form of insecure back-ups stored on a
traditional desktop or laptop. Read more
[DARKREADING.COM]
COMPUTER SUPPORT: Vulnerabilities Found in Lenovo, Toshiba, Dell Support
Software. The number of vulnerabilities discovered in technical support
applications installed on PCs by manufacturers keeps piling up. New exploits have
been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell
System Detect. The most serious flaws appear to be in Lenovo Solution Center and
could allow a malicious Web page to execute code on Lenovo Windows-based
computers with system privileges. Read more
[CIO.COM]

Tech Vulnerabilities
GOOGLE: Patches Critical Media Processing and Rooting Vulnerabilities in Android.
Google has released a new batch of security fixes for its Nexus smartphones and
tablets, addressing flaws that could allow attackers to compromise the Android
devices via rogue emails, Web pages, and MMS messages. Firmware updates are
being rolled out to supported Nexus devices as an over-the-air update and the
patches will be added the Android Open Source Project over the next 48 hours.
Builds LMY48Z and Android Marshmallow with a Dec. 1, 2015, Security Patch Level
contain these fixes, Google said in its security bulletin. Read more
[INFOWORLD.COM]
CLOUD: Security Worries Hamper Adoption of Cloud Technology. Companies
migrating to the cloud plan to enforce internal security policies: 56 percent plan to
improve identity and authentication management. Read more
[EWEEK.COM]

From the Blue Mountain Data Systems Blog
Three-Dimensional Governance for the CIO
https://www.bluemt.com/three-dimensional-governance-for-the-cio
7 Reasons to Take Control of IT Incidents
https://www.bluemt.com/7-reasons-to-take-control-of-it-incidents/
Breach Mitigation Response Time Too Long, Survey Says
https://www.bluemt.com/breach-mitigation-response-time-too-long-survey-
says/
Six Tactics for Cyberdefense
https://www.bluemt.com/six-tactics-for-cyberdefense/

Feds Report Mixed Responses to Shared Services
https://www.bluemt.com/feds-report-mixed-responses-to-shared-services
Federal Employees Are Not Security Experts
https://www.bluemt.com/federal-employees-are-not-security-experts
Survival Guide for Network Administrators
https://www.bluemt.com/survival-guide-for-network-administrators
DBaaS: OpenStack Trove Changes DB Management
https://www.bluemt.com/dbaas-openstack-trove-changes-db-management

Help Wanted: Certified Cybersecurity Professionals
https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals
Cyber Threat Intelligence Integration Center Preview
https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/
Cloud Moves in 1-2-3
https://www.bluemt.com/cloud-moves-in-1-2-3/
Change Management for Disaster Recovery
https://www.bluemt.com/change-management-for-disaster-recovery/

Jeffersonian Advice For C-Suite Career Advancement
https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/
Ways To Survive The “Mobile-Pocalypse”
https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/
Microsoft Cloud Services Receive FedRAMP Authority to Operate
https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-
to-operate/
Hiring Pentesters? Here Are 10 Things You Need to Know
https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-
know/

Home Router Malware Alert
https://www.bluemt.com/home-router-malware-alert/
Threat Model Deconstruction
https://www.bluemt.com/threat-model-deconstruction/
Business Email Scam Nets $214 Million
https://www.bluemt.com/business-email-scam-nets-214-million/
How to Prevent Unauthorized Software from Taking Over Your Organization
https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

Digital Marketing Predictions for 2015
https://www.bluemt.com/digital-marketing-predictions-for-2015/
SDN: Network Administrator’s Friend or Foe?
https://www.bluemt.com/sdn-network-administrators-friend-or-foe/
Mobile Payments: A Must for Federal Agencies
https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/
Soft Skills Are A Must-Have For Careers In IT
https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems December 2015

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

Tech Update Summary from Blue Mountain Data Systems December 2015