Heartbleed: Vulnerability, Discovery and Mitigation

1

When news of Heartbleed broke, Internet users were advised to change all their online passwords as a precaution, and enterprise IT security teams scrambled to neutralize the immediate threat by applying a patch. But like many serious conditions, the real danger posed by the Heartbleed bug is longer term and much more quiet than the initial hoopla caused upon its discovery. What makes this particular difficult to combat is that we only know that data was exposed, it is not yet known how much of it has been compromised. It’s like the preverbal “snake in the grass”; we know it is there, we just don’t know when it is going to strike. Eventually, we’ll hear about some real-world consequences worthy of being front-page news.

While security-sensitive developers and users are enacting the limited quick-fixes like; patching the security flaw and changing passwords, the larger issue is that most companies haven’t properly catalogued the technology they’re using to manage traffic to both in-house applications and purchased software. Knowing where to start requires an organization to thoroughly document the technologies it has deployed, where they are implemented, and for what purpose they are used? After the short-term remedies are applied, the long-term rehabilitation, a meticulous cataloging of technology deployments, will have to get underway in order to lessen the effects of future attacks on a company’s systems.

Because the Heartbleed bug is embedded in the open source (OpenSSL) cryptography library that is used by a sizeable percentage of the Web’s secure Web servers, millions of people have been potentially affected. Even on closed, proprietary platforms, serious breaches will occur, often because people are lax about applying patches to known security vulnerabilities. But the bug is a major challenge for financial institutions. A server powering a customer portal for leaving feedback on customer service might not collect highly sensitive information, whereas a compromised online banking application that collects usernames and passwords used to access accounts poses a huge risk. A catalog detailing what open source code was used to build every application and where it is deployed would give an IT team the tools they need to prioritize the cleanup.

Now that the period of discovery of the Heartbleed bug is past, a time of investigating the vulnerabilities and applying mitigation will continue. Fixing Heartbleed will not be cheap, some experts say the cleanup costs, including patching systems and reissuing digital certificates, could run to hundreds or even thousands of dollars per server. Implementing effective solutions will require leadership and on-going commitment from the very top of the organization.

The Talent Shortage is No Joking Matter

Talent pinned on noticeboard

As the “Greatest Show on Earth” begins their 2014 season, circus folk fear a national clown shortage is on the horizon. It appears that membership at the country’s largest trade organizations for the jokesters has plunged over the past decade as declining interest, old age and higher standards among employers align against Krusty, Bozo and their crimson-nosed colleagues. But the lack of wannabe Bozos has yet to hurt the big top at the “Greatest Show on Earth.” In a pre-empted maneuver, the 95-year-old Ringling Bros. and Barnum & Bailey Circus have implemented a more rigorous hiring process to find just the right jester. As a result of the more challenging tryouts, just 11 clowns out of 14 who were selected from 531 applicants to attend a rigorous 14-day boot camp at the Ringling Bros. Clown College last year were offered jobs with the world-famous circus. There’s no goofing around at the training where clowns get the chance to learn the fine points of floppy shoes and wildly colored wigs from veteran performers.

But in the more stressful environs of the high tech business arena, the shortage of qualified talent is no laughing matter and many companies are implementing renewed strategies in order to deal with chronic short falls in required skillsets necessary to maintain their organizations operational goals and objectives. As resources tighten many organizations are borrowing a tactic from the funny business and facing the challenge of making the most of who they already employ. Forward-thinking companies are finding new ways to invest in staff education.

To secure hard-to-fill positions with talented individuals, 50% of employers are looking to recruit and train workers who lack experience in their field and 31% are planning to provide cross-training to current employees. Nearly 41% of companies are reporting that they have implemented internal programs to help alleviate the skills gap, including on-the-job training and sending employees back to school. Many other employers are beginning to realize the importance of in-house courses, accelerated degree programs, and trade-specific credentials. The accelerated online masters programs at Gwynedd Mercy, for instance, show how education is being built around an adult’s full time working schedule. Such flexible programs are allowing organizations to retain their staff productivity while grooming potential leaders, or molding top talent into more qualified positions.

Internal continuing education and skills training programs were once a common staple in many large corporations benefit packages. Many narrowed in scope or were eliminated in recent employee generations. As a result this has led many companies to rely on local universities, community colleges and technical schools to take the responsibility of providing them with skilled graduates with number quantitative expertise just as the business world went from a linear and data-driven place to a global, free-form, constantly shifting environment.

We now seem to have come full circle.  It’s a new day in the talent marketplace and companies that continue to clown around and simply complain are likely to fail. The best solution to a talent shortage or gap in skills may already be on the payroll.

Looking for the Total Package

Soft skills concept on white

A new international survey is showing that soft skills are more desirable over innovations and technology.  A survey of 500 professionals, conducted by Hyper Island and called “Tomorrow’s Most Wanted”, is revealing that employers value personality far more than technical chops, even for higher-skilled roles.

Roughly 78 percent of those surveyed said “personality” was the most desirable quality in employees, beating out “cultural alignment” (53 percent) and “skill-set” (39 percent) by considerable margins. What particular skills were most valued? Drive (14 percent), creativity (12 percent), and an open mind (11 percent) topped the list.

“Personality, not competence, is the determining factor of who’s going to get the most attractive jobs among tomorrow’s recruits,” said Hyper Island CEO Johanna Frelin. “There is a growing desire for talent with a unique combination of skill and flexibility; people who can collaborate, adapt quickly, and are enjoyable company, but also have the drive to get things done. All those traits boil down to a personality that is essential for businesses operating in an ever-changing digital landscape. Thus, specific competence is less important.” Getting the benefits from specific tech or creative competencies increasingly comes down to applying those skills as well.

The findings are great news for those with the golden combination of personality and skills. Already in huge demand, they’re unlikely to see their prospects dim anytime soon. The takeaway for business owners is less of a celebration and more of a challenge. It could be time to revamp the hiring process to put more of a focus on not only hard skills but the ability to work with other humans to apply them. Some of the other soft skills employers are looking for in addition to technical savvy are:

  • The ability to be a team player.
  • Flexibility and being able to adapt to changing requirements.
  • Effective communication skills.
  • Problem solving skills and resourcefulness.
  • Creative thinking.
  • Motivation.
  • Exceptional work ethic.

As more companies chase the top talent, soft skills will continue to grow in importance. While hard skills are teachable, it is the elusive, inherent soft skills that can often mean the difference between success and failure in today’s high tech companies.

Will Test and Game-Play Data Reveal the Best Candidate?

TestBrittni Daron jumped through a lot of hoops before she landed her job as a solution consultant at Oracle. At the tech giant she endured weeks and months of phone interviews, in-person interviews, mock presentations, personality tests and technical tests for both the skills she claimed to have and those she didn’t. This might sound a little ridiculous, but it’s not unusual. Companies are utilizing spelling quizzes, math exams and oddball brainteasers and even SAT scores to create big reserves of data on job seekers in an attempt to improve their chances of hiring the perfect employee.

These days, companies have become more intently focused on who they hire. The average length of the job-interview process has nearly doubled from 12 days in 2009 to 23 days in 2013, according to an analysis by Glassdoor, a website where users rate employers.  At the same time, many employers are also trying to become more cost-effective as cost rise for new hires with the technical skill-sets that are in greatest demand. Identifying those candidates that have the necessary qualifications quickly and effectively promises significant savings to hiring and retention. Three-quarters of the nation’s wealth is in the form of human capital; the talent and training of workers offers far more value to the overall economy than anything else.

But there are those who are advising caution about becoming too reliant on all the big data that is generated by all the game playing and testing. The idea that a video game or a fancy test could, in one fell swoop, better and more cheaply match people to their jobs is a seductive one, but it could also screen out entire classes of workers. Millennials might be totally cool with playing a video game but some very qualified older workers might balk. In addition, in an economy where work processes and necessary requisite skills change very quickly, it’s not clear that yesterday’s correlation is a helpful predictor of whether an applicant will be a high performer tomorrow, said John Sullivan, an H.R. consultant and management professor at San Francisco State University. In the end, the quality of the tools and the results they produce can call into question the real value of the data to the selection process.  Do they really measure the things we want them to measure? Can the more creative game players manipulate the system? Does the process lead to a hiring system that “clones” existing resources at the expense of creativity and fresh perspectives?

Human beings still beat computers at detecting soft skills, like empathy, the ability to work with others, personal motivation and ambition. Relying on our tools to aid and assist us in gaining knowledge to make better decisions is not new and will produce better results, but expecting the tool to produce a simple scientific algorithm to make the best decision most likely will not.

Plug the Leaks before Filling

Plugtheleak

Even in this time of economic challenges and high unemployment, companies are struggling with talent shortages and retention of their best and brightest employees within their organization. With so much focus on recruiting skilled candidates for open positions, companies are failing to effectively create an environment that encourages existing, key employees to stay the career course. The process resembles the filling of a bucket from the top while the contents run-off through holes in the containers bottom, if the leaks aren’t plugged first the act of filling is a never ending drain of time, effort and money. A persistent loss of key people to an organization can be significant to a company’s bottom line.

A recent LinkedIn’s Exit Survey questioned 7,530 LinkedIn members across the US, Australia, Canada, India and the UK who recently changed jobs. The results indicated that 85% of the workforce is either looking to make a job change or are open to researching relevant opportunities. The United States took second position in the survey results with a 10.3 percent rate of voluntary and preventable turnover. When professional employees were asked what compelled them to make a change of employers, they listed their reasons in order of importance: Greater opportunities for advancement; better leadership from senior management; and better compensation and benefits. It is particularly telling and noteworthy that more money and benefits are not always the priority when seeking a solution to undesirable employee turnover.

While every successful organization recognizes the importance of conducting employee entrance interviews, orientations and exit interviews, relatively few conduct “stay meetings” with key employees, inside or outside the context of regular performance reviews.  This oversight can lead management to make erred assumptions about the underlying reason for turnover. Stay meetings should be conducted with all key personnel once a year within a close time frame. Being proactive is important, waiting for a good employee to become disengaged before adequately addressing the issues may be too late to avoid their loss to the organization. Putting these meetings on a schedule can ensure that employee satisfaction is continually being monitored. Stay meetings will provide an outline of exactly how to drive the success of the company on a talent level. Experts have found that many of the same positives and negatives will be reported by the majority of employees. You want these employees to stay and you want to attract more like them. Collecting information on exactly how to achieve both of these goals is important to maintaining a stable and skilled workforce.

Solving many of organizations most perplexing and energy draining problems doesn’t always require “rocket science” solutions but the problem solving process should always begin with first understanding the causes. Stay meetings are an inexpensive and effective method to consistently drive workforce improvement and the critical feedback they produce will permit management to avoid costly turnover and unwanted loss of their most skilled talent.