Avast blog: Helsinki becomes the first city to employ new open-source data trust network

A novel experiment in deploying large-scale trusted data networks has begun in Helsinki, the capital of Finland. A variety of city services have been linked together using the open-source MyData Global solution, it was announced earlier this month. This puts city at the forefront of how it gathers data from its citizens and how it stores and uses the data. The goal is to give each person control over how their data is shared with various city agencies.

In this blog post for Avast, I  examine the announcement and its significance for the rest of us and what it means for our own data privacy.

Book review: Honey Girl by Morgan Rogers

The characters in this novel are smitten with love and don’t know how to process their feelings, thanks to a number of missteps throughout their childhood. The cast are mostly black or brown lesbians, which adds a nice dimension to those of us who would like to read novels of these characters. I found myself immediately warming to the opening premise: two women vacationing in Vegas get drunk and then married despite having just met. And while the situation could easily have degraded into a bad “Hangover” spin-off, the book remains true to their characters and brings us deeply into their world. The couple is an interesting pair: a recently minted astronomy PhD and a radio talk show host who reminded me of Allison Steele of my youthful days listening to WNEW-FM. The book will challenge you to think about love and loss and conflict and reconciliation, and I highly recommend it. You can buy Honey Girl here.

FIR B2B podcast episode #145: GREG NESS IS A ‘FRACTIONAL CMO.’ WHAT THE HECK DOES THAT MEAN?

Greg Ness has a long track record of helping nurture tech startups to success. Now he’s a “fractional CMO” dividing his time between diverse emerging companies like DigitSecSmartStory Technologies and NetBeez.

Greg has made startups his speciality over the past 20 years, including full-time rose as VP marketing at Vidder, Cloudneeti, Vantage, Redline Networks and CloudVelox.  The concept of a fractional CMO is an interesting one because it allows startups to purchase just enough marketing resources without having to commit to a full-time position. Ness brings a cadre of domain experts with him in a package he calls “go-to-market-as-a-service.”

Working for several companies concurrently means he can quickly cross-pollinate great ideas and also nip potentially bad marketing decisions in the bud. In this podcast, we discuss why marketing needs for startups differ from those of established companies. You can’t just transplant tactics that work for big firms; you need to rethink your tools and techniques to fit each company’s circumstances.

Greg is more comfortable with technology topics than a lot of tech CMOs that Paul and David have met. His Archimedius blog reflects his insatiable curiosity about all things tech and his 20 years in Silicon Valley. In this interview he talks about how he balances his work load among multiple clients, what tech entrepreneurs most often do wrong and what the best ones have in common.

You can listen to our 24 min. interview here.

Avast blog: FDA appoints its first medical device cybersecurity director

  1. The FDA has appointed Kevin Fu its first Acting Director of Medical Device Cybersecurity in the Center for Devices and Radiological Health. This center has several bodies, including the CyberMed Safety Board, the Digital Health Center of Excellence and other offices. Fu is an interesting choice: he’s most recently an associate professor of computer Science at the University of Michigan, and has previously held major management roles in the private sector. Fu was credited for establishing the field of medical device security beginning with a 2008 IEEE paper on defibrillator security and founding the non-profit research collaborative Archimedes Center for Medical Device Security. I interview him about his agenda, along with linking to various draft policy efforts the agency is working on to improve cybersec for IoT medical devices.

You can read my blog post here.

On becoming a digital nomad

I am getting close to hitting the pandemic wall. Like many of you, I have been trying to be safe, following the rules, limiting my social contacts. Not getting on planes, going to any f2f meetings or even driving very much. I think last year my wife and I put a grand total of 6,000 miles on our car. So here is my current fantasy: becoming a digital nomad and living in some foreign country.

It is very ironic, this fantasy, because to some extent I already am a digital nomad, just without any of the nomadic travels. I have had my own freelance writing and speaking business now for several decades, but always have had a nearby office. (Mine is across the street from my home, but it could be anywhere in the world). Yet all my work is done for clients remotely. In some cases, I haven’t ever met some of them f2f. I was talking about this with my accountant, who lives just a few miles away. She and I have worked together for more than a decade but have never physically met.

In years past, I was semi-nomadic: I did a fair amount of travel to industry events, to speak at conferences, or to work with my clients at their offices. But now, thanks to the pandemic, that is all off the table. There is also an upside to the pandemic though: some companies have loosened their remote work restrictions and no longer care where in the world you work, just as long as you have the connectivity, the tools, and the time zones that you consider part of your workday firmly in place. This last issue is important: if your employer expects to find you at your desk or online at a certain time, you need to structure your day accordingly, wherever in the world you might be.

If you are considering becoming a digital nomad, you might want to study up on how to make the transition, as well as to figure out where in the world the Global You HQ will set up shop. Now is certainly the time to think about this, especially as many countries are trying to make it easier for nomads to settle – in some cases for years or more. Here are two resources that have the most current info on which countries are offering this arrangement, one from GodSaveThePoints and one from TravelOffPath. The list is somewhat fluid, as countries are changing the rules and evolving their Covid restrictions often at the same time. You can see some countries have placed income requirements: they want to attract nomads who have resources and income to come, and who will continue to work and earn their livings there. If you are just starting to think about becoming a digital nomad, there are dozens of blogs that describe the process, such as this one on TwoWanderingSoles.

In the past, pre-pandemic, nomads usually worked in a country under the radar, using 90-day tourist visas. You can still do this, if you understand that when the time is up, you literally must pack your bags and get out of Dodge. You can then find your next post and take up another 90-day residency. But that can get tiresome. And it could be risky: in these Covid times, you might not be able to get on any flights and then you would be in trouble when you try to leave on an expired visa. So that is where the digital nomad visa comes into play. Actually, the name is somewhat misleading, because it really is a temporary residency permit for an extended period of time.

I spoke to Bryan Cooley, who is a serial tech entrepreneur that I met when he was living in St. Louis. He has lived in various places around the world and now spends half the year in Manila as a permanent resident. He has spent at least a week in more than 130 countries and dozens where he has lived at least a month. I asked Bryan about his Internet connectivity, and he told me it has never been an issue. “I have had better connectivity than back in the US, even in some very remote areas.” Certainly, Covid has disrupted his travel plans: for example, even though he is a permanent resident in the Philippines, under current rules he can’t return if he leaves during the pandemic. He is looking into getting residency in Australia. He feels the digital nomad visas are mostly marketing efforts: “There are so many people traveling and going where they want to live. It has been going on for a long time. These programs are very limited in terms of numbers.”

A tech writer colleague of mine, Sharon Fisher, decided to go nomadic last fall, and has been to both Aruba (from October to January) and is now in Bermuda with her partner. I asked her how she ended up in these two places. She said that first she examined if Americans could enter the country, how their Covid cases were being handled, and what kind of broadband internet was available. Part of her Covid research was in understanding how onerous their quarantine protocols were. “We didn’t mind testing and staying home for a while, but we didn’t want to have to each pay $5000 to be sequestered for 14 days in a specific hotel on arrival.”

Next, they looked at the AirBnB situation, and so far they have had great experiences with the hosts they stayed at. They also need to have a close time zone to US operations: “we looked at Saipan (an island in the middle of the South Pacific) but that meant having to work in the middle of their night,” she told me.

Her biggest issues so far were groceries, transportation and bandwidth. “Food is more expensive than we anticipated, milk and produce in particular. Rental cars in Aruba were expensive but necessary. There are no rental cars in Bermuda, so we take the bus. Internet has been fine in the AirBnBs, including streaming video, with two people using the Internet just about constantly.” They also have T-Mobile cellular coverage which enables international data roaming but they eventually bought local SIM cards in Aruba.

What about her travel in the time of the Covid? “Ironically, it’s actually kind of been easier because Covid has reduced the number of choices we’ve had to make, and everyplace is less crowded. But the hardest part about traveling now is the existential question of ‘should we be doing this?’ The people in Aruba were very appreciative that some travelers were still coming, because of how dependent their economy is on tourism. Also, both countries have had much lower incidences of Covid than where we were in the US, and people seem to take it far more seriously. We personally have been much safer in these countries than we would have been in the US, and we have taken all the steps we can to ensure that the people in the other countries are safe as well. We realize what a privilege we have, and we appreciate it.”

If you are thinking about becoming a nomad, here are a few more points that I want to make. First, learn as much about the expat culture of your target destination. There is a difference between expats – people from elsewhere who intend to live there for the long haul – and nomads, who might not want to stick around or who want to travel as part of their newfound freedom. Bryan mentioned these communities might not be everyone’s cup of tea: “there are a lot of nomads who don’t really know what they are doing.”

Second, look at places that are specifically focusing on startups, such as Madeira Their website offers links to coworking places, long-term housing rentals, and other aspects of their support for digital nomads. Yes, the number of people that will be accepted to this program is small, and Americans can’t yet travel there — but it represents an interesting step in the nomad field. Next, don’t forget about your digital entertainment. If you expect your streaming services to deliver the same programming you have gotten in the US you might want to experiment with various VPNs. Also, understand the Covid vaccination program at your destination. Sharon mentioned that her “current plan is to stay in Bermuda through March, return to the US, get vaccinated, then see what options we have. If we aren’t yet able to get vaccinated, we will likely stay in Bermuda until we can. So far as I know we can stay for up to a year.”

Finally, learn about the changes that the EU has in store for its visa requirements in the near future. That could influence how your plans evolve once we are finally out of the pandemic.

Network Solutions blog: How sandbox security helps prevent malware attacks

Sandbox security is complementary to honeypots. It usually involves a special VM that is kept in isolation from the rest of your network resources. Its sole purpose is to be a miniature laboratory to observe malware behavior. Security researchers have been using such sandboxes to analyze malware for many years. Because the sandbox is a controlled environment, its code can be dissected line by line without worrying about potential harm to other computers.

You can read my post on Network Solutions’ blog here, where I talk about its evolution and some of the online sources of sandboxes that can be used for testing for the presence of malware. Sandboxes also play a key role in the escalating war of obfuscation and detection evasion by malware.

The aftermath of the SolarWinds attacks

It has been almost two months since the hacks surrounding SolarWinds’ Orion software were first revealed. We have learned a lot about the sloppy security practices at that company and its far-reaching consequences. Here are some of the takeaways for your own business security.

  1. SolarWinds was first breached in September 2019, yet evidence wasn’t found until last December, when the company issued two patches for its Orion network monitoring tool (the first attempt wasn’t completely successful). All of this is sadly typical for many breaches.
  2. The first major attack was called Sunspot, which then led to three further malware injections called Sunburst, Teardrop and Raindrop. These latter efforts were backdoor attacks that were used to penetrate more than 18,000 customer networks. Trustwave found additional vulnerabilities most recently, although these haven’t yet been exploited by any attackers.
  3. It wasn’t just Orion customers that were affected. CISA said last week that 30% of organizations breached did not have any Orion software installed. One of its customers was Fireeye and its own hacking tools were stolen as a result of the intrusion. Another security firm, Malwarebytes, isn’t an Orion customer but was hacked through similar means.
  4. The news about the attacks happened during a leadership transition. Sudhakar Ramakrishna became the CEO of SolarWinds at the beginning of this year and posted this update on what went wrong. My colleague Joe Panettieri lays out what should be his first priorities.
  5. If you are looking for a nice summary of best practice recommendations for SolarWinds by the consultants that are now working to fix their software development processes, check out this piece by CyberSecurity Dive.
  6. The attackers most certainly were Russian state-based, although there is new evidence that Chinese state-based attackers have also penetrated two US government agencies using similar malware.

Avast blog: Understanding the circle of digital certificate trust

If you recall the scene in Meet the Parents where the characters played by Robert De Niro and Ben Stiller discuss the “circle of trust,” then today’s blog will resonate with understanding of how your own digital circles of trust are constructed. Recently,  Google decided to ban Spanish CA Camerfirma after repeated operational violations. The ban will come into effect with the launch of Chrome version 90, scheduled for release in mid-April. What this means for you, and how digital certificates are used in your daily computing life, are explained in my blog post for Avast here. 

Resolving the issues between remote work and enterprise security

I had the opportunity to be the guest on the White Bull video webcast series recently. I spoke about how to understand the conflicts between working from home and keeping your enterprise secure, understanding what the differences are between zero trust networks and multi-factor authentication, how the idea of a secure perimeter has changed over the years, and other practical suggestions about managing and protecting passwords. The webcast was about 50 minutes:

FIR B2B podcast episode #144: The future of virtual events

While we’ve all been staying home and being virtual, Paul has done some original research and I have written this white paper for Network Solutions on helpful tips and tricks for IT pros that are involved in supporting virtual events.

The results of Paul’s informal census is that folks can’t wait to get back to F2F. We all have been in our pandemic bubbles for far too long and the urge to have human contact and serendipitous hallway meetings is a big reason to return to the rubber chicken circuit. But we’ve all learned a lot in the meantime about what makes virtual events successful. At its heart, you are putting on a live TV show with a very small staff to handle the production. You need to plan accordingly on the mixture of live and pre-recorded segments and figure out what tech you are going to use, including the video conferencing and the event management tool. (The two are different and you should understand the differences, which I explain in my paper.)

But virtual events have their purposes, including creating content that can be archived and used for marketing purposes long after the last attendee has disconnected. Unlike physical events, this content can be helpful in bringing in new customers and supporting new marketing campaigns, as well as supporting existing customers with FAQs, for example. And they can be very cost effective to produce, since you aren’t picking up huge travel and event hosting fees.

Listen to our 17 min. podcast here: