Author Archives: Alexa Magdalenski

Greater Washington’s Cyber Talent is Unmatched

November 28th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy - (Comments Off on Greater Washington’s Cyber Talent is Unmatched)

1021Capital Cybersecurity Summit Logo 3We continue to share content from our inaugural Capital Cybersecurity Summit that took place on Nov. 2-3, 2016 at The Ritz-Carlton, Tysons Corner.

The Summit’s engaging Force Multipliers to Future Cybersecurity Panel explored the Greater Washington Region’s unparalleled cybersecurity talent and the cyber workforce gaps that exist in the region. US Cyber Challenge National Director Karen Evans, MACH37 Managing Partner Rick Gordon, MITRE Innovation Area Lead for Cybersecurity Dr. George Roelke and In-Q-Tel Executive Vice President and Director of Cyber Reboot Teresa Shea participated in the panel. Virginia Tech’s Hume Center for National Security and Technology Director Dr. Charles Clancy moderated.

Dr. Clancy opened the discussion by asking panelists what they thought was the region’s biggest cybersecurity opportunity. All panelists agreed – the region’s cyber talent and expertise are unmatched anywhere. Gordon shared that because of its cyber talent, Greater Washington is at the “center of mass” when it comes to cyber innovation, is able to compete on a global level and offer high cyber investment returns.

Shea stressed that entrepreneurs are flocking to the region to join its cyber movement, driven by their passion to solve cyber problems. Shea also noted that the region has some of the top cyber thought leadership, which is helping to fuel cyber investment and recruitment in the region.

The conversation dove deeper into the region’s cyber hiring gaps and strategies needed to combat those gaps. Some key points from the discussion:

  • By 2020, there will be a 1.5 million shortfall of cybersecurity professionals in the U.S.; this cyber hiring gap requires new recruitment promotion tactics
  • New, customized cyber training and job pathways must be created; not all cyber professionals will have the same educational and professional backgrounds. As the business and communications sides of cyber evolve today, not all cyber positions are created the same
  • The opportunity for personal growth in the cyber field, especially in the Greater Washington region, is tremendous; a personalized approach to promoting different cyber career paths is required to recruit the best talent

Dr. Clancy asked panelists which new college cybersecurity courses they think should be required today. Here are their suggestions:

  • Reverse engineering coding
  • Technology for the liberal arts
  • Mandatory cybersecurity training
  • Experiential learning

In promoting the region’s unique cyber assets, especially its talent, the panelists agreed that a fundamental public relations shift is needed. No longer is cybersecurity in the region strictly entrenched in the federal government. Cyber providers in the region are solving a vast range of problems across the public and private sectors for global clients.

As illustrated by the panelists, cybersecurity culture is in its infancy, especially in the Greater Washington region, and its evolution will be extremely exciting to watch – and shape.

Force Multipliers 1 Force Multipliers 2

Check out the full Capital Cybersecurity Summit photo gallery

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Capital Cybersecurity Summit Highlights: Investment Capital for Cybersecurity

November 16th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy - (Comments Off on Capital Cybersecurity Summit Highlights: Investment Capital for Cybersecurity)

1021Capital Cybersecurity Summit Logo 3Throughout the coming weeks on the NVTC blog we’ll be sharing content from our inaugural Capital Cybersecurity Summit that took place on Nov. 2-3, 2016 at The Ritz-Carlton, Tysons Corner.

One of the Summit’s highlights was the Investment Capital for Cybersecurity Panel, which focused on how to raise sufficient capital to fund promising cyber technologies and applications. The discussion featured Crosslink Capital Venture Partner Matt Bigge, Bessemer Venture Partners Vice President Sunil James, Blackstone CISO Jay Leek and Paladin Founder and Managing Partner Michael Steed. Raymond James Managing Director and Co-Head of Technology & Services Stefan Jansen moderated.

Jansen’s opening question for the investor panelists, “What does it take for cybersecurity startups to matter?” brought to light two themes that emerged throughout the panel: (1) to attract and maintain investors, promising cyber businesses must be inherently committed to innovation; (2) the human capital side of cyber startups and the teams that drive them are as important as the technologies themselves for investors.

Steed shared that he looks to invest in cyber companies that are disruptive in the cyber space and filling a void that solves a distinct cyber problem. James noted that his organization looks for a vitality in startups – energy for innovation that inspires engagement in all ranks of the organization and is infectious.

Bigge noted that his most successful cybersecurity investments have been made in organizations with strong founding teams that are passionate about solving their customers’ problems. Leek agreed, stating that investing in a company’s management team is just as important as the technology itself. Leek encouraged promising cyber businesses to take a deeper look into the efficiency of their operations, a critical factor for investors.

Some of the other noteworthy investment factors panelists shared included:

  • The importance of a quality and diversified revenue base for cyber startups
  • Rising cyber businesses must be able to provide ROI for their products and services after their first year
  • Cyber startups should have the ability to pinpoint opportunities for expansion within their existing customer base

View the full video from the Investment Capital for Cybersecurity Panel below and stay tuned for more Capital Cybersecurity Summit content here on the NVTC blog!

Investment Capital for Cybersecurity Panel Video: 

Check out the Capital Cybersecurity Summit photo gallery!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

8 Things to Consider Before Selecting a Dedicated Server

November 16th, 2016 | Posted by Alexa Magdalenski in Guest Blogs | Member Blog Posts - (Comments Off on 8 Things to Consider Before Selecting a Dedicated Server)

leaseweb-logoThis NVTC guest blog post is written by Marc Burkels, manager of dedicated servers at LeaseWeb. LeaseWeb, an NVTC member company, is an Infrastructure-as-a-Service (IaaS) provider offering dedicated servers, CDN and cloud hosting on a global network. LeaseWeb recently exhibited at the Capital Cybersecurity Summit on Nov. 2-3, 2016.

Let’s say you want to become the new Facebook. Believe it or not, I regularly run into people who have this ambition. The number one question these new Mark Zuckerbergs ask me is which server they need.

It is always a challenge to convince them to not rush into anything. Instead, I have them sit down and tell me what they really want. Since many companies switch servers within a few months after buying and this is always time consuming (not to mention the costs), it is certainly worth your while to think well before you decide. What is the service you want to deliver? What is your workload? Does it involve large databases?

I always discuss the following 8 things to help people decide on the right hosting provider and hardware configuration of a dedicated server:

1. Business impact of downtime

What is the business impact of potential failure of your hosting environment? One of the first things to consider when selecting a dedicated server is how to deal with potential downtime. In a cloud environment, the setup of the cloud protects you against hardware failures. With a dedicated server, you know you are not sharing resources with anyone else. But since there is always a single point of failure in one server, you need to decide whether you are able to accept potential downtime – if you do not have the option to scale to multiple dedicated servers.

2. Scalability of your application

Scalability is another important issue when choosing a dedicated server. How well does your application scale? Is it easy to add more servers and will that increase the amount of end users you can service?

If it is easy for you to scale, it doesn’t matter whether you use a dedicated server or a virtual solution. However, some applications are difficult to scale to multiple devices. Making sure a database is running on multiple servers is a challenge since it needs to be synchronized over all database servers. It might even be easier to move the database to a server that has more processing capacity, RAM and storage. Moving to a cloud environment – where you can clone a server, have a copy running in production and can add a load balancer to redirect traffic to multiple servers – could also be a good option for you.

3. Performance requirements of your server

What are your performance requirements? How many users do you expect and how many servers do you potentially need? Several hardware choices influence server performance:

Processor/CPU

Generally , you can choose the amount of processors and cores in a server. It depends on the application you are running whether you will benefit from more cores (but any multi-threaded application will benefit from more cores, for instance web servers or database servers). Consider also the performance of the core defined in clock speed (MHz): some processors have a better turn-around time with less cores and more GHz per core. The advice on which processors and how many cores to choose will ideally come from someone who is managing the application or the vendor of the software. Of course, they need to also take into account the expected amount of users.

RAM

The faster the CPU and the more cores it has, the more RAM options are available to you. If you are unsure about your RAM needs, choose a server that allows you to add RAM if needed since this is relatively easy. The ranges of RAM choices, especially with double processors, are enormous.

The size of your server is important when choosing RAM, as is the latest technology. Current generation servers use DDR4-technology, which could have a positive effect on database performance. DDR4 is priced interestingly nowadays, since it is the standard.

Hard Drives

Choose a RAID set-up for your hard drives, so you are well protected against the failure of a single hard drive. Your system will still be up and running – with some performance loss – until the hard drive is replaced.

The larger the server, the more hard drive options you have. SATA drives stand for high volume but relatively low performance. SAS performs twice as well as SATA, but has a higher price and lower capacity. SAS has been succeeded by SSD, which is 50 to 100 times faster than SATA.

4. Load balancing across multiple dedicated servers

If your application can scale across multiple dedicated servers, a form of load balancing where end users are split across all available servers- is necessary. If you are running a website and traffic is rising, at some point you will need to use multiple web servers that serve a multitude of users for the same website. With a load balancing solution, every incoming request will be directed to a different server. Before doing this, the load balancer checks whether a server is up and running. If it is down, it redirects traffic to another server.

5. Predictability of bandwidth usage

The requirements in bandwidth naturally relate to the predictability of data traffic. If you are going to consume a lot of bandwidth but predictability is low, you could choose a package with your dedicated server that has a lot of data traffic included, or even unmetered billing. This is an easy way of knowing exactly how much you will be spending on the hosting of your dedicated server.

6. Network quality

As a customer, you can choose where a dedicated server is placed physically. It is important to consider the location of your end user. For instance, if your customers are in the APAC region, hosting in Europe might not be a sensible choice since data delivery will be slow. Data delivery also depends on the quality of the network of the hosting provider. To find out more about network quality, check a provider’s NOC (Network Operation Center) pages and test the network. Most hosting providers will allow you to do this.

7. Self-service and remote management

To which degree are you allowed to manage your server yourself? If you are running an application on a dedicated server, you probably have the technical skills and the knowledge to maintain the server. But do you have access to a remote management module? Most A-brand servers are equipped with remote management modules. Providers can allow you secure access to that module.

A remote management module can also help if you are in a transition from IT on premise to a hosted solution (perhaps even a private cloud solution). It can be an in-between step that will leave existing work structures intact and ease the transition for IT personnel, since they will still be able to manage their own software deployments and the customized installation of an operating system.

8. Knowledge partner

And last but definitely not least: make sure your hosting provider involves his engineers and specialists when trying to find a solution tailored to your needs. A true knowledge partner advises on best practices and different solutions. This may involve combining different products into a hybrid solution.

The above will probably give you a good idea of what to consider before renting a dedicated server. If you are looking for specific advice or need assistance, please feel free to contact the LeaseWeb team. They can help you find the solution that is right for you.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

The Week’s Top Cybersecurity Headlines

October 27th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy - (Comments Off on The Week’s Top Cybersecurity Headlines)

1021Capital Cybersecurity Summit Logo 3Leading up to our Capital Cybersecurity Summit NEXT WEEK on November 2-3, 2016, we’re sharing a weekly roundup of some of the top cybersecurity stories. Here are the last week’s top headlines. Tweet us interesting cyber articles at @NOVATechCouncil.

National Cyber Response Plan + Cybersecurity Strategies:
DHS Races to Get Obama’s Signature on Cyber Response Plan   NextGov

Good Cybersecurity Doesn’t Try to Prevent Every Attack   Harvard Business Review

Why the Auto Industry Is Tapping a Boeing Executive to Lead Its Cybersecurity Group   Fortune

DDoS Attack:
Hobbyist hackers probably caused Friday’s Internet meltdown, researchers say   Washington Post

Cybersecurity Meets Privacy Concerns:
Is Facebook’s Facial-Scanning Technology Invading Your Privacy Rights?   Bloomberg Technology

AI + Cybersecurity:
As Artificial Intelligence Evolves, So Does Its Criminal Potential   The New York Times

Want to learn more about NVTC’s 2016 Capital Cybersecurity Summit and register? Click here or watch the video below. #CapitalCyber

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Rethinking How We Hire Cybersecurity

October 25th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy | Guest Blogs - (Comments Off on Rethinking How We Hire Cybersecurity)

Doug Logan, chief technologist at US Cyber Challenge and CEO of Cyber Ninjas, is the author of our latest cybersecurity guest blog post on new approaches to cybersecurity hiring and retaining top cybersecurity talent. US Cyber Challenge’s National Director, Karen Evans, will be speaking on the Force Multipliers to Future Cybersecurity panel at the 2016 Capital Cybersecurity Summit on Nov. 2-3, 2016.


us cyber challenge logoWith over 209,000 vacant cybersecurity jobs in the U.S and job postings up 74% over the last 5 years; it is an understatement to say that cybersecurity is a growth field. Yet with my work with the US Cyber Challenge, I am routinely told by some of America’s best and brightest that they’re having difficulty finding a job. Once a person reaches the six month mark in a cybersecurity role, recruiters will call like crazy. Getting that initial experience is another story. If we’re going to secure our companies and our country, this is a problem we need to solve.

Traditional hiring practices suggest that we find people who have performed the job function in the past. By this measure, studies have shown that fewer than 25% of cybersecurity applicants are qualified to perform the job functions. I’ve actually had even less optimistic results with less than 10% of candidates qualified. In many cases this is despite certifications, or even similar past job experience. The resource pool is simply not large enough to readily find skilled candidates; and those who are skilled are extremely expensive. I’d like to suggest a different approach: hire the inexperienced and train them.

Time and time again I’ve been surprised at how quickly smart, passionate, but inexperienced individuals out-perform more experienced but “normal” candidates. On average I find that the right candidates learn about twice as fast as your typical candidate. This means that at six months in, my passionate candidate is functioning at the one year experience level; and that one year in, they already function at the equivalent of two years of experience. At this pace it does not take long before they surpass those with more experience; and best of all, home-grown talent is more loyal and won’t typically jump ship. But how do you find this talent?

The best way I’ve found to find smart, passionate, individuals who are interested in cybersecurity is taking a look at those candidates who find the time to learn cybersecurity topics even though they are not required to. This is often showcased in resumes that are littered with self-study topics related to the field, or with participating in one of the many cybersecurity competitions available. This list includes Cyber Aces, Cyber Patriot, the US Cyber Challenge and the National Collegiate Cyber Defense Competition. If you want to check out a site that specializes in showcasing this type of talent, this is why the site CyberCompEx was created.

Unlike the inflated prices of experienced cybersecurity professionals, truly entry-level candidates can typically be picked up at a fraction of the cost. However, with this discount in salary you should be planning on spending a good $5,000-$10,000 the first year on investing in their training. In addition, you should be sure to review their performance at the six month mark and bump their pay appropriately at that time. While home-grown talent is less likely to jump ship, you always need to be in the ball park of their current worth.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Modernizing Government Technology

October 20th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy | Events | Guest Blogs - (Comments Off on Modernizing Government Technology)

Jack Huffard, president, COO and co-founder of Tenable Network Security, discusses the latest legislation on legacy IT in the federal government in his NVTC guest blog post. Huffard will be participating on the Collaborating for Cyber Success Panel at NVTC’s Capital Cybersecurity Summit on November 2-3, 2016.


jack-huffard-2015-2-webIn government IT, the old adage “if it works, don’t fix it” no longer applies. While legacy systems may still technically be working, they can harbor risky vulnerabilities without vendor support, regular security updates or patch management. This point hit home for many in May when a report from the Government Accountability Office revealed that the country’s nuclear arsenal was still controlled by a system with an 8-inch floppy disk.

More recently, the House Oversight and Reform Committee released its report analyzing the OPM Data Breach that exfiltrated personally identifiable information (PII) of over 4 million government employees and over 21 million more cleared individuals. One of the report’s key recommendations was to modernize existing legacy federal information technology assets to help prevent another such egregious attack.

The Modernizing Government Technology Act of 2016

Earlier this year, to address this urgent situation, two bills were introduced in Congress to help modernize government IT systems – the MOVE IT Act and the IT Modernization Fund. Both bills have since been combined into the Modernizing Government Technology Act of 2016 (the MGT Act). This Act would create individual funds for government agencies and a broader centralized fund to which agencies could apply for financing modernization efforts. The bill states that the funds could be used “for technology related activities, to improve information technology, to enhance cybersecurity across the Federal Government.”

Details of the MGT Act

More specifically, MGT stipulates several areas in which modernization funds can be used, including:

  • Replacing existing systems that are outdated and inefficient
  • Transitioning to cloud computing (using the private sector as a model)
  • Enhancing information security technologies

The Act states that the government currently spends almost 75% of its IT budget (which now totals over $80 billion) on operating and maintaining legacy systems, leaving little left over for modernization efforts. Not only are these systems subject to failure, but as they get older and older, they present greater and greater security risks as well. So it is good to see that the Act encourages not only the simple replacement of agencies’ IT systems, but the addition of cybersecurity technology. Regardless of which new technology is chosen – on-premises, virtual, or cloud-based – there is also a pressing need for better information security solutions for government infrastructures, as evidenced by recent agency breaches.

MGT is unique and different than previous proposals because it does not appropriate funds. Rather, it enables agencies to transfer monies – that they have saved by retiring legacy systems and moving to newer technologies – into individual IT working capital funds. They could then reinvest those funds over the next three years for other modernization initiatives, avoiding the “use it or lose it” cycle.

The Act also calls for a general government-wide IT Modernization Fund. This centralized fund would be overseen by the General Services Administration (GSA) and an IT Modernization Board in accordance with guidance from the Office of Management and Budget. Agencies would apply, and present business cases for access to the funds to modernize their legacy IT infrastructures. The centralized fund would then be replenished with savings from those modernization initiatives.

The 8-member IT Modernization Board would include the Administrator of the Office of Electronic Government, a GSA official, a NIST employee, a DoD employee, a DHS employee, and three tech-savvy federal employees.

Moving forward in the 21st century

The MGT Act was introduced by Rep. Will Hurd (R-Tx.) who is one of the few members of Congress with a computer science degree. It was co-sponsored by Rep. Gerry Connolly (D-Va.) in a welcome display of bipartisan collaboration. The House passed the bill at the end of September 2016. It is now up to the Senate to act on the bill. Prospects for passage are encouraging, and this bill would be a good step towards updating legacy IT systems, strengthening cybersecurity and embracing 21st century technologies.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This Week’s Top Cybersecurity Headlines

October 19th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy - (Comments Off on This Week’s Top Cybersecurity Headlines)

1021Capital Cybersecurity Summit Logo 3Leading up to our Capital Cybersecurity Summit on November 2-3, 2016, we’ll be sharing a weekly roundup of some of the top cybersecurity stories. Here are the last week’s top headlines. Tweet us interesting cyber articles at @NOVATechCouncil.

IoT:

As cyberthreats multiply, hackers now target medical devices  CNBC

Leaky IoT devices help hackers attack e-commerce sites   CIO

Election:

Connolly: cybersecurity at stake in election  FCW

Government:

U.S. CISO wants to lean on freelance hackers to improve .gov security  FedScoop

CIA Prepping for Possible Cyber Strike Against Russia  NBC

General:

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth   Motherboard

 

Want to learn more about NVTC’s 2016 Capital Cybersecurity Summit? Click here or watch the video below.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

25 Ways to Make the Most Out of Your NVTC Membership

October 18th, 2016 | Posted by Alexa Magdalenski in About NVTC | Membership - (Comments Off on 25 Ways to Make the Most Out of Your NVTC Membership)

NVTC provides members with many valuable benefits and programs. The best way to realize the full value of your membership investment is to take advantage of all your membership benefits. Here are 25 ways to make the most out of your NVTC membership.

1.       Take advantage of NVTC’s inclusive membership. All employees of member companies can participate as members. Strengthen your membership roster by engaging more employees in NVTC’s events, committees and programs.

2.       Join a committee. NVTC’s committees focus on specific industries or interests and offer increased brand exposure, leadership, presentation, panel and professional development opportunities, as well as professional development for your employees. NVTC committees include Small Business & Entrepreneur, Big Data & Analytics, Data Center & Cloud Infrastructure and more!

3.       Attend NVTC Signature Events like TechCelebration, Titans and NVTC’s Capital Cybersecurity, Capital Data and Capital Health Tech Summits. NVTC’s Signature Events draw hundreds of top technology executives and feature well-known and relevant speakers from all industry sectors. If you want exposure and the best networking, our events are where you need to be!

4.       Post FREE job listings and receive FREE access to USTechVets.org, a database of more than one million Veteran resumes through the NVTC Veterans Employment Initiative (VEI). NVTC also provides resources and training to promote best practices in Veteran recruitment, training and retention, connections with the region’s academic institutions.

5.       Network on LinkedIn! Did you know NVTC has a LinkedIn Group? Share your organization’s thought leadership, start a discussion and network with your tech industry peers 24-7. Join the group today! You’ll also want to follow NVTC’s LinkedIn Company Page.

 6.       Enhance your organization’s public policy advocacy efforts. NVTC is front and center in Richmond to advocate for issues that are important to members and to advance a pro-business, pro-technology agenda. NVTC’s full-time advocacy team can offer counsel on your policy objectives and help you connect to policymakers.

7.         Take advantage of incumbent worker funding available to NVTC members. NVTC member companies with less than 250 employees can save up to 90 percent of the cost of industry-recognized IT and cybersecurity training and certification courses through the Incumbent Worker Training Initiative of Northern Virginia.

 8.       Promote and brand your business through NVTC’s sponsorship and advertising opportunities. Reach thousands of technology decision-makers or target a very specific market or industry sector. Contact Yolanda Lee at ylee@nvtc.org to create your personalized advertising/sponsorship plan.

 9.       Put your business on the Techtopia Maps. For more than 17 years, the NVTC Techtopia Map has been our way of “branding” Northern Virginia and the National Capital region as a premiere technology corridor. Sign up today to ensure that your company is represented among other key players in the technology community.

 10.       Utilize NVTC’s searchable member directory. NVTC members have access to a detailed online business-to business directory to help you find business contacts and potential partners. Offering complete contact information of all other NVTC members, the members-only directory is one of the most valuable tools in your membership.

11.   Participate in NVTC’s Tech Talent Initiative (TTI). Leverage your organization’s efforts to recruit, hire, retain and upskill your workforce and expand your connections to the academic community through NVTC’s TTI. Access TTI’s resource portal to learn how you can participate in NVTC’s workforce research efforts and assistance opportunities.

 12.   Expand your company’s communications outreach by utilizing NVTC’s communications resources. By updating your organization’s expertise on your member profile, NVTC can help connect you to reporters who contact us for stories. You can also submit your news for publication on the member news section of the NVTC website.

 13.   Contribute an NVTC guest blog post and showcase your organization’s unique expertise.

 14.   Hire an intern through the VEI Scholars Summer Internship Program. NVTC member companies can provide student Veterans from 14 NVTC member colleges and universities with professional mentoring and meaningful work-based experiences by participating in the Scholars program.

 15.   Highlight your organization in the monthly Member Spotlight section on the NVTC website and eNewsletter.

 16.   Stay informed about NVTC and the latest tech industry news and trends by reading NVTC’s The Voice of Technology magazine and NVTC’s weekly member eNewsletter.

 17.   Read the NVTC daily news summary in your inbox and keep up to date on the biggest technology articles of the day from all major and trade publications.

 18.   Access NVTC’s members-only Resource Library that offers a comprehensive collection of webinars, podcasts, articles and other publications developed by NVTC and its members.

 19.   Recruit on NVTC’s job board. NVTC offers a job board for NVTC members to post positions and for applicants to apply.

 20.   Start saving! NVTC Member Advantage program provides members with money saving member-exclusive discounts on a variety of valuable products and services while facilitating mutually beneficial business relationships between NVTC member companies.

21.   Take advantage of discounted health screenings. NVTC members get an exclusive discount on a comprehensive physical health exam offered through Inova Health System’s Executive Health Screening Program.

22.   NVTC members get access to preferred pricing and special discounts on select Insperity HR solutions, including Workforce Optimization, Workforce Synchronization, Payroll Services, Time and Attendance, Organizational Planning, Recruiting Services, Expense Management and Financial Services. Insperity, Inc. is a leading provider of human resources and business performance solutions.

23.   Participate in NVTC’s exclusive RiskNet and BeneNet discount programs and get reduced rates on insurance and employee benefit programs for companies of all sizes.

24.   Save on office supplies at Office Depot. As a member, you will be able to enroll in the discount program to enjoy incredible savings on office supplies, ink and toner, paper, and coffee and break room essentials.

25.   Access exclusive savings at Convene, Tysons! Convene is a tech-friendly event space featuring floor-to-ceiling windows in every room and contemporary designs that impress the most discerning guests.

Not a member yet? Fill out our membership application!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

The Future of Cybersecurity Is an Integrated Platform

October 13th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy | Guest Blogs - (Comments Off on The Future of Cybersecurity Is an Integrated Platform)

We’re thrilled to share our latest cybersecurity guest blog post written by Rick Howard, chief security officer at Palo Alto Networks. Howard will be sharing his expertise at the Capital Cybersecurity Summit on November 2-3, 2016 on the CISO Sidebar panel.


Rick Howard HeadshotIn today’s cybersecurity landscape, where attacks are increasing in number and sophistication, the network defense model developed over the past 20 years has become overwhelmed. Commonly referred to in cybersecurity circles as the “Cyber Kill Chain,” the model uses what was originally a military concept to help network defenders find a cyber attack and fix any damage it caused and then track, target and engage with the cyber attacker.

Over time, cyber adversaries’ capabilities grew. Soon, they were routinely finding ways to circumvent the Cyber Kill Chain model. This happened for several reasons:

  • Too many tools for defenders to manage. As network defenders struggled to keep up with evolving cyber attackers, more security tools were implemented on the network, and the man-hours spent ensuring those tools were operating correctly and analyzing the data they provided quickly became a burden with which most network defense teams couldn’t keep up.
  • Too much complexity for security. As new security tools were added, the complexity of the network grew. The more complex the network, the easier it is for network defenders to make a mistake that can expose the network to cyber attacks.
  • Too much wasted time. As vendors launched new security tools, customers entered into a kind of arms race in which they were constantly evaluating new “best of breed” security products against each other to determine which was the most effective. These evaluations could take months, with more time and money wasted after a decision was made in order to remove legacy security tools and replace them with new ones, and then train teams on how to use them effectively. It was a process that became more complex – and expensive – every year as cyber threats evolved and new tools were developed to address them.
  • Too inefficient at crossing the last mile. Cyber attackers often leave clues when they penetrate a network’s defenses, which are called “indicators of compromise.” Once an indicator is found, network security vendors develop prevention and detection controls that address the indicator and deploy them to customers—a process the industry has referred as “crossing the last mile.” But when an indicator affects multiple products from different vendors, or a new indicator of compromise is discovered, keeping track of the status of each tool and whether or not that tool has the most updated controls installed becomes a logistical nightmare.

Much of the complexity that currently overwhelms the Cyber Kill Chain model can be solved with an integrated security platform. “Platform” is a buzzword many vendors use, but I define it as a way to combine tools that network defenders have previously implemented as point solutions from different vendors into a platform built and maintained by one vendor. The “secret sauce” is that integration – when the platform components work together – makes each component more effective as a result of its integration with the others and it makes the network easier to defend by reducing the number of tools to be managed.

More advanced security platforms have the additional ability to automate the deployment of prevention and detection controls, making the process to cross the last mile much less labor-intensive. By replacing an ad hoc collection of independent, patched-together tools with a well-integrated, automated security platform, the problems described above become much simpler to resolve or disappear altogether. Partnering with one vendor gives network defenders leverage in terms of contract negotiations. They can use longer term contracts to get significant discounts from the vendor and, because of that, they can insist on creative fulfillment models that are advantageous to themselves in defending their networks.

The challenge for automated security platform adoption is primarily cultural. Network defenders are familiar with the best-of-breed security tool model, and many see the constant evaluation of new tools as a sort of “survival of the fittest” contest that ensures they’ll find the best tool for their network. It will take a lot of education and mind-changing, a process that may require support from an organization’s board of directors or C-suite, to ensure it happens. But it’s a change that needs to happen in order to protect our way of life in this digital way more effectively and efficiently in the future.


Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

The Week’s Top Cybersecurity Headlines

October 12th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy - (Comments Off on The Week’s Top Cybersecurity Headlines)

1021Capital Cybersecurity Summit Logo 3Leading up to our Capital Cybersecurity Summit on November 2-3, 2016, we’ll be sharing a weekly roundup of some of the top cybersecurity stories. Here are the last week’s top cyber headlines. Tweet us interesting cyber articles at @NOVATechCouncil.

NSA Contractor arrested; charged with stealing top secret info  Cyber Scoop

How did the Feds Get past Yahoo’s encryption? Yahoo!  Wired

Which country has the most malware-infected devices?  CNBC

Johnson & Johnson warns of insulin pump hack risk  USA Today

Hackers used the IoT to create an unprecedented DDoS attack—Now what?  IOT Journal

Federal cybersecurity workforce should be more than just IT degrees  Federal News Radio

Want to learn more about NVTC’s 2016 Capital Cybersecurity Summit? Click here or watch the video below.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS