What is Networking?

Networking is the action or process of interacting with others to exchange information and develop professional or social contacts. Networking is a lifestyle process that has become more common, especially with the enhancement of social media. There are hundreds of networking tips and tricks that will drive you to a successful career.

How to Network Effectively

Creating your network could be as simple as getting the contact information of your educators, or work colleagues, or creating a social media account. Use social media platforms, especially LinkedIn, to broaden your connections and touch base with old classmates, friends, family, etc.  You may even find a job that a connection works at, in which case you may want to ask for a referral from that connection. When creating your “image”, be sure to act professional or appropriate in public environments because you never know who you will meet.  You will also want to update your resume and profile with relevant information about your life. Lastly, attending local networking events can get you to meet connections and friends that might take you far in life.

Networking Mistakes You Should Avoid at All Costs

When you are creating an image of yourself, never lie. Lying can not only create a new image of you to the “connections” you made but it can truly hurt your career. If you proceed to lie to someone who holds a vast network, the word can travel. It is always a great thing to be curious and ask questions but when meeting someone for the first time whether it is random or planned, don’t ask too many questions. Do not ask questions or speak about their personal life unless they direct the conversation that way. If the connection is like family to you then the mistakes would change but you should still never impose on their personal business or ask too much of them. Be respectful of their time. This statement is so simple yet so serious. There is a time and a place for everything in life and if you keep asking or taking up the useful time of this person, they may not want to network with you any longer. You need to understand that everyone has a personal life and there is a time and place for business talk. Do not overstep those boundaries and you will make it far in the networking world!

The Importance of Networking in Your Career and How You Can Get Started Today

Networking could be such a vital tip for people at all different stages of their careers. Whether you are still in college, starting your career, or ending your career, networking is always valuable. You can start today with a simple conversation on the train, or airport/plane, or by creating a social media account. There are people in the world waiting to meet you and they don’t even know it yet. Networking works in mysterious ways and you never know who you can meet.

For more information on similar topics check out:

http://www.cyberjobcentral.com/blog

https://hbr.org/2021/10/easy-networking-tips-for-the-networking-haters

https://www.skillsyouneed.com/ips/networking-tips.html

We have seen a mass migration of data and applications form local datacenters to the public cloud.  Now while the cloud is not perfect it has a lot going for it.  The positives include an elastic, resilient and fault tolerant architecture. The cons are that its highly configurable and requires the proper controls, monitoring and service architecture to make it secure.  

So there are several questions that security leadership must confront and ignoring the cloud is no longer feasible.  Here are some questions to reflect on before engaging with infrastructure, application and DevOps teams.

  1. Do we have an overall strategy and approach to secure Cloud (SaaS, PaaS and IaaS)?
  2. Do we leverage multifactor authentication for all Cloud services. If so, are governance gates in place to prevent shadow cloud?
  3. How do we inventory and track cloud assets? Who are the owners, are we tagging resources?
  4. Are all of the cloud logs being monitored and what anomalies are we alerting on?
  5. Are our cloud or multi-cloud configurations monitored for compliance and for over exposed access or permissions?
  6. How are vulnerabilities discovered and managed in our cloud computing environment?  Do we leverage golden images for virtual machines?  Do we patch or replace vulnerable assets?
  7. Who manages the cloud account and subscriptions and what is the default security policies and overall security governance for new cloud accounts?
  8. Do we have an encryption standard for the cloud?  Where are keys stored, HSM?  What aren’t we encrypting and why? 
  9. How are privileged accounts managed? Where are the sensitive passwords stored, how often are they rotated.  How are runtime secrets secured? PIM vs PAM
  10. How is our cloud networking secured, zero trust, remote access, firewalls,  Internet Egress, URL filtering and remote browser isolation
  11. How are IAM resource policies provisioned and how many resources contain star (*) permissions?
  12. Do we have centralized WAF / DDOS / CDN / DNS services in place for cloud services?
  13. How do we secure API’s and do we have an API gateway with proper security controls and governance?
  14. How are we controlling access to SaaS solutions and are we monitoring for sensitive data loss or exfiltration? Think CASB.
  15. How is data in transit secured and how are certificates, PKI managed for cloud endpoints?
  16. Does our threat intelligence cover the cloud?  Are SecOps actively engaged to investigate cloud based incidents and events?
  17. Does our GitHub type accounts contain any sensitive information? How do we know?
  18. How are code vulnerabilities identified, risk prioritized and remediated?  Do we leverage static, dynamic, open source code scanning or a bug bounty program?
  19. What is the strategy for cloud security services such as, big data analytics, Kubernetes, Docker, Serverless, microservices and IOT to name a few.
  20. Does our CI/CD pipeline have security gates. How can security shift left and prevent inferior code and configurations before deployment?

Part of the misconception surrounding cloud security has been the preoccupation of the underlying hardware, hypervisor and shared public hosting.  This centered around hosting compliance reports and certifications generated by cloud vendors (AWS, Azure, Google) essentially saying they run a tight compliant ship.  They in fact don’t mix their clients peanut butter and chocolate.  These are critically important but should not be confused with securing the highly configurable cloud services and understanding the shared responsibility model.  We should be able to stipulate that AWS, Azure and Google can run a datacenter better than most and better than most governments.  The vulnerable pieces of the puzzle are, how data and services are configured and how anomalies are monitored.  Errors or omissions of the smallest variety can expose sensitive data and lead to a breach.

Where should we start.  There is only one place to start and it’s with the security organizational design.   Cyber cloud security must be more decentralized and work closely with developers, platform engineers and architects.  This has been traditionally the role of a cloud security architect and this is appropriate for smaller or early adopters of public cloud.  Larger and more mature cloud consumers need security in the trenches.  This has brought about a relatively newer function called “DevSecOps”.  Ideally, (cloud, security and enterprise) architects set the overall strategy, controls framework and evangelize the security design and requirements.  This new functional group of (DevSecOps) security engineers help DevOps work through the security design and best practices.  The goal is to create the proper feedback loops so the security gates can be adjusted to emerging challenges to their adoption.  This shifting to the left, allows security to Continually Improve and Continuously Deliver at birth rather than security as a painful expensive afterthought.  This investment has to start at the organizational level, bring security to the trenches and security will continually improve.

By Mike Donovan