Need for security-professionals in Norway

Yes, it's been an often-discussed topic in Norwegian media in later years:

"Lack of security-professionals."

Well, as commented in this (Norwegian) article, BY a security-professional; there seems to be a lack of security-oriented IT professionals, but, not because they aren't there at all. They are. What is seriously lacking in this scenario, is competence in recruiting firms looking for this kind of competence. Always has been.

Computer-security is not a fixed-set field, AT ALL. Even though a lot of so-called "professionals" seem to be stuck on the idea that it is.

Serious professionals wanting to work in this field on the other hand, are (often) painfully aware of what it actually entails to do so:

• constant refreshing on networking- / computing- / vulnerability-security in IT
• vulnerability-monitoring of often-used software in the company
• a simple awareness of the fact that: nobody is ever 100% secure

Computer-security is a weight-battle; does the securing of something vulnerable affect normal operations? Or, is the fix / security-measure absolutely needed for normal operations? These are everyday obstacles a security-professional has to deal with on a regular basis, so they have to be quite flexible on expanding their knowledge-base, and often.

These points are often completely missed by recruiters. They don't look for ability / knowledge / flexibility, they often tend to only look at academic degrees (preferably multiple(!)), gender, published articles / blog-posts and other non-related (and often quite unrealistic) demands for the position(s) in question.

Then, they complain about not finding any candidates for their outrageous requirements.

Seriously, re-define your demands / requirements to a more realistic degree, maybe you'll find a competent person to do the job. But you most certainly will NOT find the dream-candidate with the kind of demands currently set as standard.

when PIGS FLY!!

"After 43 years, this is the first day that we are announcing, and will be distributing, a custom Linux kernel," Microsoft President Brad Smith said

http://www.businessinsider.com/microsoft-azure-sphere-is-powered-by-linux-2018-4?r=US&IR=T&IR=T

Yeah, well, OSS / Linux won...

8Bitdo NES30 Pro

8Bitdo is a company specializing in custom retro game-controllers (gamepads). Their motto is: "Everything Old Is New Again".

Recently I picked up a pair of NES30 Pro editions. Not too expensive either for what you get. A pro-grade game controller (ergo: can handle some abuse) made for use with practically ANY retro (and even today's) game-systems!

Compatible with: Linux (desktop+RPi3), Mac OS X, Windows, Nintendo Switch, Android and iOS!

Everything I've tested them on functions as advertised, and even some that weren't listed! Easily paired through bluetooth or connected with USB 2.0.

Best thing: its firmware can even be upgraded through desktop-Linux!

Meltdown/Spectre + BSD

https://malcont.net/2018/01/dont-like-meltdown-spectre-releated-bugs-handled/

"Serverless Architecture"

Serverless computing refers to the concept of building and running applications that do not require server management. It describes a finer-grained deployment model where applications, bundled as one or more functions, are uploaded to a platform and then executed, scaled, and billed in response to the exact demand needed at the moment.

http://www.zdnet.com/article/servers-we-dont-need-no-stinkin-servers/

If you are an administrator, serverless architecture may be something to look into ASAP, as well as Functions-as-a-Service (FaaS) ;)

DevOps + Development

DevOps is not easy.

As software transitions from a monolithic to a microservice architecture, organizations are adopting DevOps practices to accelerate delivery of features to customers and improve their experience.

Jumping into continuous testing without the right infrastructure, tools, and processes can be a disaster.

Continuous testing plays an important role to achieve the fastest quality to market. Continuous testing requires several levels of monitoring with automated triggers, collaboration, and actions. Here’s what is required:

• Automatic Test Triggers to execute tests as software transitions from various stages – development / test / staging / production
• Service Health Monitoring to automate feedback on failures
• Test Result Monitoring to automate feedback on failures
• Identifying Root Cause of Failure and analyzing test results

As one can imagine this takes a hell of a toll on DevOps-personnel.

It is one of the most challenging fields today. Simply because it requires a deep understanding of the right principles, processes and practices that the DevOps philosophy is bringing to the IT world.

Because that is what it is: a philosophy.