Articles From Steve Kaelble
Filter Results
Article / Updated 09-05-2023
The modern cloud environment is enabling game-changing innovation — that’s clear. Mobile devices have an app for virtually anything, Internet of Things technologies are dazzling users, widely dispersed workers are collaborating more effectively than ever, countless things are now available “as a Service,” and the list could go on forever. But with the growth, sprawl, and speed of cloud development, many organizations’ cloud-enabled software development life cycles are increasingly at risk, with an ever-expanding attack surface and the danger of missteps. Over the next few years, the vast majority of cloud data security breaches — most the result of misconfigurations and coding mistakes — will be totally preventable with detection tools aiming to try to catch issues before they turn into nightmares. But these helpful detection tools can create an unhelpful avalanche of alerts that overwhelm security and development teams and get in the way of real cloud security efficiency. How can you successfully use the detection tools you have in place in order to figure out which alerts matter most to your business and then quickly fix them before you find yourself with gaps that could be exploited? In this article, you take a look at some of the main pain points in cloud security remediation today and what can be done. Experiencing the Big Pain Points Today’s engineering teams have created vast continuous-integration pipelines that tap into code repositories, continuous-integration platforms, and tools for testing, orchestration, and monitoring. They all live within and across cloud platforms, so things are speedy and efficient. That’s great for business but a nightmare when it comes to keeping data secure in the cloud because everything from applications to developers to production environments are more distributed and complex than they used to be in the good old datacenter days. This situation creates seven pain points: Overlapping tools with duplicate alerts: Many effective security tools exist, but because the attack surface is so broad and complex, those tools overlap one another. A single event can trigger alerts in several different detection tools, and you don’t have a unified view into what the concerns are. Too many false alarms: The problem of alert overload from multiple tools is worsened by false positives that are then multiplied. In many cases a single root cause is at the heart of multiple different issues, along with multiple alerts — even from within the same product. Auto-scaling containers in the cloud can also auto-scale the alert load, unfortunately. Too few hours in the day for the security team: The blizzard of information makes it less likely that your security team will be able to keep up. They may spend a massive amount of time manually investigating threats and prioritizing risks, and by the time they’ve figured that out, there’s not enough bandwidth left for strategic issues. Difficulty finding the right fixer: An architecture based on microservices means a lot of folks are working independently, as individuals or distributed engineering teams, developing and releasing services on their own. That makes it more challenging to figure out who has an action item. Lurking shadow pipelines and exploitable secrets: Cloud container technologies let your developers spin up applications so quickly that the security team sometimes doesn’t even know they exist. Without a way to see “code to cloud,” you may not be aware of shadow DevOps activities and exploitable secrets. Not enough context on problem: The code owner, once identified, often must dig into each issue from scratch. There may be little or no context to help figure out the cause and solution. One-off solutions to zombie problems: After the fix has been devised, it may be implemented in a bespoke, one-off way. With no centralized view and no automation, there’s no guarantee that a problem that gets fixed today won’t crop up again tomorrow. Building Sustainable Cloud Security As your teams struggle with these pain points in cloud network security, take comfort in the fact that a certified cloud security professional can, indeed, deliver sustainable cloud security remediation. Here’s a four-point wish list of what a solution must be able to do: Map and visualize: Your solution must paint a great picture of the code-to-production pipeline and all its resources. It should create a heat map showing how code moves through the pipeline and where along the path the security issues are arising. Deduplicate: Your solution must be able to normalize and deduplicate the vast number of alerts that your detection tools are ringing. It should do this by comparing details about code flaws and misconfigurations to trim the list into unique alerts. Find the root cause and the owner: For every unique issue, you need to know the root cause, the code owner, and the configuration drift. You need all the context you can get, including issue severity, exploitation, and relationships. By correlating information from code and cloud resources, you can cut out a lot of manual work. Streamline the fix: Regardless of the alert source, the cloud provider, the configuration, or the language in which the code is written, a sustainable solution needs to aggregate and make sense of the data to recommend fixes on the most critical issues. And preferably, it should be able to auto-generate those fixes. How Dazz Fits into the Picture The Dazz Remediation Cloud is a cloud security solution that tackles issue remediation as a data problem. Its agentless, SaaS platform uses patented artificial intelligence (AI), data correlation, root-cause analysis, and automation capabilities to help resource-constrained security teams quickly prioritize and fix the vulnerabilities that matter most in collaboration with their engineers. Here’s how it works: Graphing the pipeline: Dazz automatically gathers a wealth of information by way of its API connections to all critical points in the code-to-cloud process. It maps everything into a pipeline graph that connects all the dots, documenting every path that code follows from development to cloud deployment, and every resource that touches it along the way. Contextualizing security: Because it has created a big picture from multiple sources, the Dazz Remediation Cloud can analyze and backtrack each security issue to its source and eliminate duplicates. Dazz receives an alert from a cloud security tool, determines the specific cloud resource that caused the security issue, and traces the cloud resource back to the pipeline used to deploy it. Dazz figures out which vulnerable artifact was deployed and what triggered its build. Automating root cause analysis: Dazz Remediation Cloud uses a root-cause analysis engine to automate the next steps of investigating and prioritizing cloud security issues. It continuously ingests security risks and automatically investigates them. It quickly discerns the identity of code owners, a root cause context, and a fix suggestion. Dazz can determine how exploitable a code vulnerability is, which developer is responsible for the fix, where in the software development life cycle to make the fix — and perhaps most important, how to ensure you’re taking care of the root cause once and for all. Tapping the remediation knowledge base: Dazz suggests fixes by tapping into a remediation knowledge base. It’s generated by using threat intelligence, program analysis, and AI. Behind the scenes, it automatically tests thousands of new options of fixes for emerging vulnerabilities and builds a template to suggest the best remediation steps for whatever security issues it’s bringing to your attention. Adopting solid governance and reporting: Dazz builds in its own set of best-practice policies for pipeline governance. As part of its proactive monitoring, it’s continually on the lookout for violations and unapproved practices, and it facilitates reporting that your risk and compliance team will greatly appreciate. The solution helps users adopt best practices such as standard cloud configurations, right-sized privileged access, and full auditing. By understanding the top remediation pain points and how you can begin to address them, your remediation nightmares can turn into soothing dreams with well-connected, automated solutions for a secure cloud. Download Cloud Security Remediation For Dummies, Dazz Special Edition, today, and discover how to start creating sustainable cloud security remediation.
View ArticleArticle / Updated 07-05-2023
You make your best hiring decisions when you use objective data about a job candidate’s thinking style, behavioral traits, and interests. Sure, a candidate’s experiences and how they perform in interviews are meaningful, but those aspects are far more prone to unconscious bias. To ensure you and your organization align with industry best practices, a validated hiring and selection tool with data-driven insights is essential. Just know that you may be a bit biased, and it’s likely you’re not even aware of some of your biases. Pretty much everyone has what are known as unconscious biases — stereotypes and attitudes that are impacted by past experiences, even things people have forgotten. In the context of hiring and selection, unconscious bias can lead your organization to inadvertently overlook great candidates. It can also derail efforts to create a diverse and equitable workforce. What is unconscious bias? Unconscious bias refers to automatic associations anyone may make involving characteristics such as race, age, gender, disability, height, weight, accent, beliefs derived from prior experiences, even college attended — and how those associations impact interactions with others in those groups. Confirmation bias: The tendency to see information as validating a preexisting belief Affinity bias: The tendency to favor individuals who share your beliefs, experiences, or appearance Halo/horns effect: The tendency to take a look at just one specific trait and end up seeing the person’s overall character as positive or negative These biases may be hidden so well in a person’s automatic actions that they’re not easy to even recognize, much less do something about. But unconscious biases get in the way of hiring diverse, qualified candidates. How to reduce the bias Bias isn’t inherently right or wrong — it’s a normal part of the way our brains interpret patterns and associations. But you need to pay more attention to what your unconscious brain is up to. Many companies offer workforce training on recognizing and dealing with biases. To create a more inclusive and welcoming environment, it’s vital for everyone on the team to be aware of their own biases and work to keep them from impacting how they interact with colleagues and customers. Training and other awareness-raising efforts are not a complete solution, however. There may also be structural issues that open the door to bias. Hiring processes are among those corporate structures that enable bias. How prevalent is unconscious bias? Research and surveying by PXT Select reflect just how prominent this issue is. In one survey, about nine out of ten respondents identified hiring and selection as the number-one organizational process that could be affected by unconscious bias. Recruitment, promotion, and succession planning are potential trouble spots, too, along with interviewing and résumé screening. That’s why it’s so important to create structured, data-driven hiring processes. That includes always using clearly defined hiring criteria, tapping into assessments and other rich sources of data, conducting structured interviews, and including interviewers with diverse backgrounds. Structured processes help hiring managers select the best candidates and reduce the impact of unconscious bias. For example, the data-focused assessments provided through PXT Select yield numerical projections about candidate job fit, steering clear of potentially biased judgments. They also allow interviewers to prepare in a structured manner that’s less likely to be impacted by bias. How do I learn more about unconscious bias? To learn more about how to combat bias in the hiring process, download our free e-book Hiring Successfully For Dummies, PXT Select Special Edition.
View ArticleArticle / Updated 01-06-2023
Making the right hiring choice is essential for your organization because making the wrong one can be downright disastrous. What is job fit? Your goal should be to hire the right person for the job to be done — this concept is known as job fit. Job fit is the ideal approach for selecting a candidate and includes matching their skills and personal characteristics to those needed to excel at a particular job. Without job fit, it is much less likely the person will find the job fulfilling. When a person is not fulfilled in their role, it leads to disengagement, low satisfaction, poor performance, and ultimately, turnover. What is the cost of a bad hire? The cost of hiring poorly can be staggering. The U.S. Department of Labor estimates that the cost of a bad hire could amount to 30 percent of a first-year salary. For managerial roles, that cost could be up to 50 percent. A bad hire may mean mediocre job performance, poor productivity, or low accuracy. Add in the time wasted on onboarding and coaching the bad hire, plus the cost of onboarding a replacement. You may also see negative impacts on relationships with clients and brand reputation. A bad hire can also torpedo employee engagement, which, in turn, can lead to costly turnover of other key contributors. How is the job fit approach different than traditional approaches? Hiring is more of a guessing game if you’re going about it with inadequate data. If you’re counting on the traditional tools of a résumé and an interview or two, you’re likely to end up relying too much on intuition. The job-fit approach is your ticket to hiring confidently. Seeking job fit means exploring each candidate’s innate talents, behavioral tendencies, and interests in the context of the job for which they’re being considered. You’re exploring: Whether the candidate can do the job How well the candidate will do the job Whether the candidate will enjoy the job All of these job-fit factors can actually be measured more objectively than you may realize. That’s the approach taken through the PXT Select solution. How can you achieve job fit? The process of achieving job fit begins with creating a performance model for the job. A performance model is a picture of the ideal candidate, setting targets for measurable characteristics of thinking style, behavioral traits, and interests. Then you assess each applicant through computerized adaptive testing (CAT). That results in fit scores to all of the areas spelled out in the performance model, as well as an overall fit percentage to the role. How will obtaining job fit help me? You can imagine how valuable this kind of data can be in comparing one candidate to another. It also can help you find a better role for a candidate who is great in many ways but not the best fit for a particular job. The PXT Select reports also help during the interview process by generating suggested questions based on the candidates’ responses. Through job fit, not only are you better equipped to replicate your top talent, but you also gain insights for discovering the next generation of leaders. Employee retention, talent mobility, promotions, and business succession all are selection processes, and job fit can facilitate these processes. Developing existing talent is particularly important in times of labor shortages. The more your organization looks inward for talent, the more successful you’ll be in any labor marketplace. Job fit is a powerful tool to enable that success. How can I learn more about job fit? To read more about job fit, replicating top talent, and finding the next generation of leaders for your organization, download Hiring Successfully For Dummies, PXT Select Special Edition.
View ArticleArticle / Updated 01-06-2023
The basic aim of the hiring process is to find and select the best fit for the job to be done — a concept known as job fit. Job fit is determined by how closely an individual’s innate talents, behavioral tendencies, and interests align with those predictive of success in a particular role. Essentially, job fit helps you determine if someone can do the job and if they will find fulfillment in the job. But before you can know for sure if they can do the job or if they will find it fulfilling, you need to identify what talents, behaviors, and interests are typical for success in that role. What you really need to accomplish this is a performance model. What is a performance model? The performance model is your recipe for hiring successfully and avoiding all the adverse outcomes that result from a bad hire. The performance model outlines the most desirable traits, which are then used to compare against candidates for the job. There are a few ways to create performance models, but perhaps the most important is the alignment of key stakeholders in the organization on what they need to see from this job What does a performance model measure? A résumé and an interview can inform you about a candidate’s background and experience. What’s missing, though, is objective data indicating how well an individual can do a job and how fulfilling it will be for them. That’s where your performance model steps in, helping you tie individual performance to business strategy by spelling out the required thinking style, behavioral traits, and interests. What cognitive characteristics are assessed through the performance model? Thinking style measures four cognitive characteristics: Verbal skill gauges how a person communicates with others. Verbal reasoning gets into how the person uses words to create relationships between concepts, process messages, and draw conclusions. Numerical ability has to do with numerical calculations. Numerical reasoning explores how a person uses numbers and calculations to solve problems. What behavioral traits are assessed through the performance model? Behavioral traits indicate what a candidate is like on the job. The PXT Select, for example, measures nine behaviors and delivers a fit score comparing how closely aligned a candidate is to the role. Behavioral scales are specific to each job because job requirements are unique and may require a person to lean more one way or the other in one or more of the following areas: Pace: Steady or urgent Assertiveness: Unassuming or forceful Sociability: Reserved or outgoing Conformity: Strong-willed or compliant Outlook: Skeptical or trusting Decisiveness: Deliberate or bold Accommodation: Steadfast or agreeable Independence: Reliant or autonomous Judgment: Intuitive or factual Why are a person’s interests important to factor in the performance model? Interests are also an essential component of the performance model. Interests help predict motivation and potential satisfaction with a given job. The more the person’s interests align with the job’s requirements, the more they will enjoy it. This is critical because we know that people who are happier in their jobs are more productive, more effective, and more engaged. The PXT Select approach considers six interests to help determine job fit: creative, enterprising, financial/administrative, people service, mechanical, and technical. How to build a performance model You can build a performance model by assessing your existing top performers in the role to identify what makes them stars. You then use what you learned from the data to hire others with similar DNA. Building performance models this way is referred to as replicating or cloning top performers. Replicating top performers is among the most effective methods of building performance models because it uses people in the role within the organization who are experiencing success. If you don’t have a big enough sample size of existing stars in that role or you’re recruiting for a completely new position, it isn’t a problem. PXT Select has a library of performance models for many different roles created using O*NET occupational data and other proven methods for creating customized models. How to use assessment results to find the right candidate After you have the performance model to find who you’re looking for, the next step is to assess candidates and identify the best fit. Assessment results offer objective data on how each candidate fits the job requirements and how they compare with one another. Still, selection assessments should never be used as your only tool for hiring. An individual’s prior experience and how they present themselves in the interview should be given equal consideration in any hiring decision. An effective selection tool should also give hiring managers resources and information to enhance and assist during the interview process. PXT Select reports provide you with suggested interview questions to help you focus on areas where things may not be so straightforward or other challenge areas identified in the data. The bottom line is that a performance model is the best way to compare candidates consistently, helping you make unbiased and equitable hiring decisions. PXT Select goes even further by providing you tools (unique reports) for onboarding, coaching, and even up-skilling (sales and leadership) your workforce. How can I learn more about performance models and hiring top talent? To learn more, download Hiring Successfully For Dummies, PXT Select Special Edition.
View Article