CSOonline: Microsoft Azure’s Russinovich sheds light on key generative AI threats

Generative AI-based threats operate over a huge landscape, and CISOs must look at it from a variety of perspectives, said Microsoft Azure CTO Mark Russinovich during Microsoft Build conference this week in Seattle. “We take a multidisciplinary approach when it comes to AI security, and so should you,” Russinovich said of the rising issue confronting CISOs today. I cover his talk, which was quite illuminating, about AI-based threats here for CSOonline.

 

Gmail at 20, RIP Dan Lynch

Writing a computer-themed column appearing today can be a tough assignment. But I want to assure you that first, it isn’t any net-fueled prank and second, that it is actually written from start to end by me and not by some algorithm. More on that in a moment.

Today marks the 20th anniversary of Gmail’s creation. Google was playing with fire when it first announced the service in this press release, and the initial reaction was disbelief because of the date. Back then, it was an amazing feat to offer a gigabyte of storage — since expanded to 15 GB for the free tier. This was when many email services had capacity limits of 4MB or so, which seem laughable by today’s standards.

and the ability to search your entire email corpus. Now there are more than 1.5B users around, including myself. (I actually host my domain with Google, which was free until recently.) Here is a screen grab of what it looked like back then.

But there is another and sadder moment that I want to mention.

Over the weekend we lost one of the Great Ones, Dan Lynch, who was the founder of the Interop trade show. He was one of the prime movers behind the commercialization of the internet, back when we all used the capital “I” as befitting its status in society.

I was involved in the show in numerous ways: as a tech journalist (and editor-in-chief of what would become the leading computer networking business publication), as an editorial consultant to help guide the conference program, and as a speaker and lecturer. At its height, Dan put on five shows yearly around the world, and I spoke at many of them. Here is an interesting historical plot of when and where the shows took place.

You can read more about Dan’s accomplishments with this NYT obit written by Katie Hafner. He was 82, from kidney failure.

One of the features of Interop was its ability to force vendors into improving their products in real time, during the several days that the show was running, with what eventually was called the Shownet. In the early days, TCP/IP was still very much an experimental set of protocols and had yet to become the global lingua franca that it is today. The Shownet was born out of the necessity to get better interoperability, hence the show’s name. It began with 300 vendors and eventually blossomed to attract tens of thousands of attendees. This year the show is back from being virtual and being held in Tokyo this summer.

“The Shownet was also often the first place where many router or switch devices ever met a complex topology,” wrote Karl Auerbach, one of the many volunteer engineers who worked on it over the years, “Few saw the almost continuous efforts, done under Dan’s watch, between shows to design, pre-build (in ever larger warehouses), ship, deploy, operate, and then remove. The Shownet trained hundreds of electricians in the arts of network wiring over the years.”

I wanted to talk to Dan as part of an article that I am writing for the Internet Protocol Journal about the history and tenacity of the Shownet, but sadly we weren’t able to connect before his passing. He was truly a force of nature, a force that brought a lot of goodness to the world, and changed it for the better. Many of us owe our career developments, knowledge about computing, and human connections to Dan’s efforts.

So one final note. I came across this coda that explains “human-generated content” on a website by displaying one of three icons. I want to assure you that my website, newsletter, and any work that I produce is 100% written by me, that the people I quote are also actual carbon-based life forms, and no GPUs have been harmed or otherwise employed to produce this work product.

Building an unusual 30-year career in IT at the Catholic Health Association

Janey Brummett CAE PMPI had a chance to speak to Janey Brummett who has spent three decades working in the IT department for the Catholic Health Association, the national leadership organization of the Catholic health ministry, representing the largest nonprofit providers of health care services in the nation. She came to the association as a paralegal who got an early taste for computers, back when PCs were first coming into businesses and when she was helping to spec out mainframe systems. “I was the conduit to talk to the programmers back then,” she said. Over the years she worked her way up the IT org chart until retiring this year in a position that most of us would characterize as the CIO.

I recall those early years with a lot of fondness, as does Janey. Back then, we were pioneers in building local area networks that used very thick wires that was expensive to install. Wifi didn’t exist, and PCs had the massive 40 MB hard drives — well, they seemed massive at the time. Now you can’t even get that little memory in anything.

Those early LANs were running Novell Netware and Groupwise, an application that was an early collaborative tool that did email, shared calendars and documents.

The big switch came in the early 1990s for CHA when they went from DOS-based desktops to Windows. She had a major upgrade of their Netware server that was an all-nighter due to some data migration problems and access rights that didn’t transfer over. “That was a horrible experience,” as she recalls.

Now CHA is using Microsoft Copilot, and Teams to communicate, and they are developing their own AI-based tools to access a common data platform. “We are building a virtual data analyst that we can query and build charts and collect presentation talking points.” That is a sign of the times to be sure.

Janey remembers supporting a speaker at an annual association meeting in the early 2000s. “The speaker came to me a few minutes before their talk with a virus-infected floppy disk. That was typical of the times, and I sure am glad that systems have gotten a lot more stable and straightforward since then! Nowadays, there is more of a focus on end user tools and it all works really well.” I completely agree.

CHA was an early adopter of the internet, and Janey recalls teaching the first internal classes on how to use it in the mid-1990s. That was the same timeline for me (I started my Web Informant newsletters in the fall of 1995, BTW) and it was pretty exciting times to be sure.

“The pandemic years really changed our operations,” she told me. Back then, we had no one working remotely whatsoever. But we were fortunate to have put in place the infrastructure to support remote workers and had just started rolling out Teams. We had a lot of resistance before the pandemic, not to mention that less than half of our staff had laptops and we had to get that in place. Now we are almost all remote workers, with two or three days per month that people need to be in the office. Having Teams got us to jump light years ahead to collaborate to where it is second nature.”

How has she managed to stay at the same organization for all this time? “It comes down to constantly learning and innovating. Plus I enjoy what I do and my job is continually changing and evolving. IT should really stand for innovation technology.”

To read more interviews with long-standing IT managers, check out this three-part series that I wrote in the fall of 2022.

SiliconANGLE: After 10 years of crypto scammers, there is still a rocky road ahead

Running a criminal cryptocurrency enterprise has certainly gotten more complicated.

It was 10 years ago this week when Ross Ulbricht walked into a branch of the San Francisco public library to spend another day running the Silk Road, his marketplace for buying and selling illegal and questionable goods. He walked out in handcuffs after an elaborate sting operation carried out by the FBI. This week, the scene shifts to a downtown New York City courtroom, where former FTX Trading Ltd. founder and former Chief Executive Sam Bankman-Fried faces 12 counts that he attempted to defraud investors for his various alleged crypto-related schemes.

Although the two events deal with vastly different parts of the criminal justice system, they are notable bookends in the past decade for the rise and fall of cryptocurrencies, along with associated technologies regarding blockchains, smart contracts and other elements of this universe.

You can read my analysis of this historic moment in SiliconANGLE here.

SiliconANGLE: Rapid7’s security chief Jaya Baloo: Break up silos to lock down cybersecurity

Not many chief security officers will point out not one but two times they took a job while their companies were under attack. But this is what happened to Jaya Baloo, who is now chief security officer at cybersecurity provider Rapid7 Inc. Even more interesting, she considers both times — which happened at two different companies — career highlights. She has a lot more to say in this profile for SiliconANGLE,

 

SiliconANGLE: CIOs’ relationship with AI is complicated, but they have hopes for a promising future

Artificial intelligence — its value, risks and utility in enterprise scenarios — not surprisingly dominated the discussion at this week’s MIT CIO Symposium, one of the year’s biggest gatherings of senior information technology executives. In this post for SiliconANGLE, Paul Gillin and I review what some of the CIO panelists revealed about the state of their domains, and their relationship with AI tools.

Listening to the OG IT managers, part 3: It’s all about the people, not the tech

If you are just tuning in to my series highlighting some of my long-time IT manager sources, see part 1 where I introduce them and part 2 where I talk about some of their more memorable purchases. In this edition, I want to talk about the people behind all the gear.

Erica Wilson has had many career transitions “but I’d have to say taking on a CISO role was certainly a good experience. I learned a LOT about myself and why having a people-first mindset – supporting their wellbeing and growth — needs to be critical for all organizations. By doing so, with a small but mighty team we were able to accomplish some amazing things.”

Adam Kuhn told me that looking at all his career transitions, “My biggest failure was staying in positions too long.” Like many of my sources, he considers himself a lifelong learner and likes to learn about new technology. When you stop learning, it is time to find new challenges

Gayle Barton told me, “It’s fun to look back at the great projects and fun tools I’ve used, but it’s the people that I remember more often, and especially the people I had the opportunity to help, hire, mentor, or promote. I get the most pleasure from the opportunities I’ve had to hire people I think someone else might have overlooked, to move people forward on their career path, or to mentor students and help them see new possibilities. For the most part, I made some pretty great hires.” When she was at Springfield College she remembers: “They had never had a person designated to help faculty with using technology in teaching, and you can imagine the state of technology use in the classroom. I was able to create a position for an instructional technologist but the pay was low and the pool of applicants was very small. We ended up with a experienced high school teacher who had taught Microsoft Word to hundreds or thousands of students, and was looking for a career change, and I thought that if she could answer the same Word questions over and over, she could teach our faculty to use a new learning management system. She turned out to be great.”

She mentioned several other people who were special to her:

  • The English professor who was finally able to publish his life’s work with the help of a custom database. 
  • The 18 year-old administrative assistant who is now her university’s Director of Campus Services and Outreach. 
  • The former copier repair technician who is on his way to becoming a great network engineer. 
  • The people who Gayle nudged out of management positions, who were more successful and happier in new roles and actually thanked her later. 
  • The man who wanted to get home from the Middle East and who rebuilt a campus’ dying infrastructure. She said, “He has skills that I don’t, but I could sell the vision, ask hard questions, and remove obstacles. Together we put that university on a solid path forward, and it was a wonderful way to end my professional career.”

Gayle told me that “it was mostly great fun, but I am happy to be retired and to let someone else have a turn!”

David Goodman came to the CIO for the International Rescue Committee to create a functional and more business-oriented IT organization. “It was both the high and low points of my career and I doubled the headquarters department during my tenure. But when it came time to develop and implement a longer-term plan, my CEO just didn’t trust me. He rejected my plan and I had to leave. I realized I wasn’t the right guy to implement this plan. My core strength was as a turnaround guy to fix things.” That job helped him understand that “Work doesn’t define who I am. I found out that I had lots of value outside of work. And I was able to have a lot healthier attitude about work later on.”

David continues: “You were an enormous mentor and helped me early on in my career. You believed in me before I understood what I could do and taught me to take what the tech vendors said with lots of grains of salt. You have touched a lot of people and had a front-row seat to the industry and significant historical moments.”

Thanks David, and thanks to all of my sources for making my job so much fun and so rewarding. It has been a great 30 years, and I am glad to have played such a role for so many people, and hope you have enjoyed reading their stories.

Listening to the OG IT managers, part 2: first purchases

My celebration of longevity in the IT industry continues. See part 1 where I introduce my cast  of OG characters. In this post, they speak about some of their memorable first purchases. 

Back in the early days of the PC pioneers, we had to work a lot harder to make everything work together. Mark Lillie created Connecticut Blue Cross’ first internet connections, first web server and built the first set of web pages and installed the first LAN at an HMO that connected an HP minicomputer to a Novell Netware server, both running Oracle databases. “Yes, it actually worked and allowed our clients to easily query the HMO membership data base using PC tools they were already familiar with,” he remembered. Mark also remembers in those pre-internet times when he set up a 1.5M bps T1 lines between three of his offices and impressed his bosses with network links that allocated chunks of 56k bps bandwidth. That’s kilobytes for all of you that are reading quickly. “It was our very own wide-area network.”

Gayle BartonGayle Barton remembers the first time she wrote a purchase order for $75,000 worth of desktop computers when she was at St. Lawrence University. “It was probably three times my annual salary at the time and was quite exciting.” She got a handle on things since then: “For several jobs I changed the desktop purchasing process from ‘everybody gets what they want,’ with all the attendant complications of ordering, configuring, delivering, and training, to a standardized system.  People got four choices: laptop or desktop, Mac or PC, with exceptions for people who genuinely needed something else. We saved hundreds of person-hours and much angst every year.” She developed the first web pages at one university “at a time when the dining hall menu, the bus schedule, the weather and the campus directory were the most popular pages. We gradually moved into helping with digital storytelling for both faculty and students and marrying databases to the web.” Gayle also remembered picking her university’s domain name with the director of operations. “We knew we weren’t the right people to choose this but no one else would understand or care, so we just had a laugh and went forward. Our first user was a math professor who messaged his family in Israel.”

Adam Kuhn recalls that mainframe that I helped power down. “It was an IBM 4381 model 13. It had, at the end of its lifetime, a whopping 16 MB of memory and 7.5 GB of disk storage.”  

David Goodman said, “Lotus Agenda was the first personal information manager that was useful, it would categorize everything for you. I used it for years.” He contrasted it with Workday, “which was a great product but sadly the company didn’t care about the non-profit sector. Ultimately, we implemented it on a reduced scale. The head of HR and I were never on the same page about the technology, which impeded its deployment.”

When John Cronin was at a major telco company, he labored mightily to get Windows 95 to work with a team that was predisposed with OS/2: “they wanted us to fail and started sabotaging our work when they saw that Windows was a better bet.” Ah, those were the days: I labored to write a B2B book on OS/2 that went through numerous revisions, and was never published. He also designed that first Monsanto LAN (mentioned in part 1) to run DECNET protocols: this was prior to the internet but “once that took root, it was trivially easy to add TCP/IP protocols.“

Sometimes things didn’t always go according to plan. Jerry Hertzler went to their Bamako, Mali chapter in 1998. “I tried to connect their network and local email server to our global network but couldn’t complete the task.” Adam uses Microsoft Teams now, but “we bought some Teams desk phones that were both awful and unnecessary since the Teams PC client was excellent. We were lucky to sell them for a quarter of their purchase price!” Gayle bought a specialized academic software tool for $30,000 that was installed in just one classroom. “We never got any faculty on board and it never got used, but the students liked it.”

Sam Blumenstyk was involved in building various LANs and email systems at the Manhattan DA’s office and at multiple NY City agencies where he was one of the founders of an innovative interagency consulting group. He eventually became the Associate Commissioner of the organization. He was able to start with PC technology when it first came out and watch it evolve when he went to work for Prudential Bache Securities. He points to the longevity of Banyan Vines, which was one of the more innovative LAN operating systems, as standing the test of time. I was a fixture at many Banyan user group meetings for years because their users had so many great stories to tell.

Terry Evans said: “The IBM PC was one of the best decisions I ever made, because at the time there were several other contenders.” Despite his early IBM experience, he wasn’t a total fanboy: “Remember DISOSS and Displaywriters? All I can remember is the huge portion of my budget allocated to support them.” I do: I was an early DISOSS user, which combined electronic mail with centralized document storage when I worked in one of the early end user computing centers for a large insurance company.

Don Berliner remembers an early development project he did for the treasurer’s department of a major multi-national that was actually written in Fortran. Since then he has gotten more involved in building Salesforce applications. I was writing Fortran apps when I was in grad school. I am sure there are still apps running somewhere using it.

The IT purchase process

I asked my sources for some of the seminal moments where they made major tech purchases. Jerry recalls how they got involved with NetSuite. “We purchased it in 2017. It changed how we do our operations outside the US. We interviewed users in 23 countries and had reference calls with the UN and City of Orlando. It now runs in chapters in 150 countries.” Sam mentioned when he first got involved with VMware. “That had the biggest impact on my business, and still does,” he said.

For Terry, it was when they moved applications from mainframes to PCs. “There were many doubters that allowing people to do their own personal computing would be a waste of time and money.  Plus the fear of losing control of what people were allowed to do and NOT allowed to do. I felt at the time that this was the future, but really had no idea how far PCs would advance.” He put in place the first PC purchase standards to make support and mass purchases easier.

Erica Wilson doesn’t regret any of her tech purchase decisions. “Because in cybersecurity, traditionally almost all purchases were truly necessary if not required.” She recalls purchasing either an automated patching solution or vulnerability scanning product in her first job.

Next up is part 3 about understanding the career arcs of your people.

Listening to the OG IT managers, part 1

It is hard to believe that I have been working in IT for close to 40 years. I got my start doing tech support connecting dedicated NBI word processors to room-sized Xerox printers when the first IBM PCs were coming into corporations. I have written about my first editorial job at PC Week (now eWeek), and it has been quite a ride since then. And no, I am not writing this post with any thought of retirement. I am still having far too much fun. 

One of the best parts of my job is talking to my sources, IT managers who I have had the honor to know for decades through many job changes (both theirs and my own). It has been fun and rewarding to watch their careers and their responsibilities grow. Some are now retired or have moved on to non-IT fields and some are still running around fixing things for their companies. I wanted to celebrate the many men and women who have contributed to our industry and so here are some of their stories, and my thanks to having their contributions once again.  Let the celebrations begin!

David Goodman is working for Build Consulting and has been in the non-profit field since we first met when I brought one of my test servers to the Guggenheim Museum in NYC 30 years ago. His first IT employer was working for a small object-oriented compiler vendor in the late 1980s.

Jerry HertzlerJerry Hertzler began his career as an engineer at McDonnell Douglas back in 1998. He left there and started in IT for the Campus Crusade for Christ as a network engineer, where he still works and has supported many of their local chapters around the world. We met when I was doing a column for Infoworld back in the mid-1990s where I would hook up a vendor with a new product with an organization that wanted to upgrade to the product. (Think of an HGTV makeover but for nerds.) The vendor agreed to provide the product for free as long as I could write about the experience. The resulting article can be found here: Campus Crusade gets VG’ed, “I guess that was our first major purchase, getting additional VG hubs.”

Gayle Barton got first job in tech with Xerox in 1973, learning how to program in COBOL and being part of an early in-house training program there after getting a BA in economics. Her last job before retiring in 2019 was the interim CIO at Springfield (Mass.) College. Along the way she held other collegiate IT and CIO positions. We met when I spoke at a collegiate IT conference at my alma mater Union College.   

Mark Lillie started his career as a salesman at ComputerLand. Back then he sold Texas Instruments PCs, the Xerox Star and the Osborne. “Those turned out to be less than ideal choices,” he recalled. He went on to have a career in healthcare IT, ending up as Director of Customer Services for a software company. We met at a conference, and I came to speak when he was at Blue Cross/Blue Shield of Connecticut’s IT department. “The mainframe guys were incredulous that I knew you personally!”

Adam KuhnAdam Kuhn got his start in selling copiers and memory typewriters. He realized early on that he wasn’t the greatest salesman but recognized his love of tech. He got his first IT job working in a trade association in DC and has risen through the ranks where today he is Director of IT for a financial services-related trade association. “You met me early in my career and saw my potential,” he said. My favorite story was when his company removed their IBM mainframe back in 1995.

Don Berliner’s first employer was an early IT consultancy and he continues to help a local non-profit to better manage the services they provide their clients. We met in person a few years ago after corresponding for decades and found that we both got the same graduate degree in Operations Research, along with other similarities in our career paths.  

John Cronin got his start as an engineer at Monsanto, where he led a team that implemented the company’s first large-scale LAN and got Windows to run reliably across it. Later on, he worked as an IT architect for IBM even though his time there was unsatisfactory. “My biggest financial decisions were during my engineering days.  Our “small” projects were $10 to 20M, which by comparison many people had $1M IT projects. My approach was from my engineering days where you developed a deep understanding of the technology you were using and knew whether it would really work or not.  In engineering, failure is never an option but in IT, project failures are quite common and I actually killed my first three IT projects because the tech wouldn’t work.” While we didn’t meet until later in his career, he served as one of Infoworld’s IT advisory board members when I was writing for them. 

Terry Evans operated an IBM 402 accounting machine that used punch cards way back at Barden’s Pest Control, eventually moving into the PC era, and retired from the City of Long Beach as the Manager of the Data Center and Network Services. “The PC changed my professional life and has certainly withstood the test of time.” While at the city, he put in ESRI’s Geographical Information System, which was their first installation for a SoCal government.

Sam Blumenstyk started out with Arthur Anderson back in 1974 and just recently retired as the Technology Operations Manager for the NYC-based law firm Schulte Roth & Zabel, where he worked for many years. I wrote about his exploits several times, including this 1993 article for Computerworld. A mutual favorite of both of ours was a series I did for VAR Business called “Sam’s SAN Diary,” where he kept track of the first SAN put in at his law firm around 2003. “This gave me a lot of vendor visibility.” I wrote another article for Infoworld in 1995 which chronicled his work for one of his client agencies for the NYC government and his early exposure to the multiuser Citrix product.

Erica Wilson began as an IT Analyst at Anheuser-Busch and now is the VP of Global Security & Privacy Risk Management at the Reinsurance Group of America. We met many years ago when we both served on the advisory board for the cybersecurity program at Fontbonne University. She counts her greatest accomplishment being recognized for her career by the St. Louis Business Journal’s 40 under 40. “It is great to see how authentication has evolved. Long ago, we had hardware key fobs for MFA. At one company, we had a full-time staffer who was dedicated to managing these tokens. This would never happen today!”

In my next post, my OG crew talks about some of their more memorable early IT purchases.

Qualys annual user conference live blogging

Qualys’ annual security conference returned to a live-only event this week at the Venetian Hotel in Las Vegas, and the keynote addresses started things off on a very practical note… about selling coconuts, toasters, and carbon monoxide detectors. The first two keynotes featured speeches from both Shark Tank celebrity businessman and CEO of Cyderes, Robert Herjavec, and Qualys’ President and CEO, Sumedh Thakar. Both spoke around the similar theme of qualifying and quantifying digital cyber risks.

I am doing near-time blogging of their show, and this was the first of a series of posts.

The second post was a recap of the first day’s events, and included highlights from some of their customers and product team as they took a deeper dive into TotalCloud.

The third post profiled the special launch of the Qualys Threat Research Unit, showing some of its research and how it compiles threat intel and works with various industry bodies to share this data.

The next post highlights some of Qualys’ customers who came to the event to tell some of their stories about how their companies have benefitted from their products.

My final post recaps the second day of the conference sessions and some of the more interesting aspects of various Qualys products.