DXCTechTalk

so shifting to #NOOPS will never be "done" but easier with livestock vs. pets... livestock is today in a #SRE world IMHO

.@DXCTechnology i don't know that I'd want a fully automated Service Desk. There are some tech issues that need to be addressed with a real person. #DXCTechTalk

@HHigginsDXC when is the last time that you wanted to talk to one of your subscription providers - e.g. spotify, iCloud...

@HHigginsDXC I think this is where the balance of people and machines comes in -- figuring out the optimal way for people and machines to collaborate. Per @JerryAOverton

@HHigginsDXC I think most of us want a similar UX to what we get with everyday apps & services, where there often isn't a help desk at all (never mind a 'real person')

@cpswan Right. Mostly people want fast fixes to problems, whether they do it themselves or someone or some bot does it for them.

@DanHushon Yesterday... Stage10 :)

@HHigginsDXC only because it didn't work like it should #overduehomework

@DanHushon That's the key. Ease of use. As a user, we shouldn't have to read pages of tech jargon. I just want to plug and play.

@DanHushon In today's digital world, I know we all need to be digital but how "techie" do we need to be?

@HHigginsDXC ... I saw @stroker on earlier, we should ask him... me : in a digital world, we must all possess digital skills.

@DXCTechnology actively shares what it sees in the security landscape with other partners... zero days, real/potential threats and in the future we will be talking about detection models that can be "trained" by companies since the "flow" of every client is dif.

Starts with risk assessment and then into specific tooling requirements eg encryption

Most enterprise have been migrating for some time from EDI to Secure APIs with SAML Authentication and Encryption for Data-in-Motion. Sensor and sensitivity data flowing from partners into Data Lakes is a key concern today...

@cnokkentved this problem of information flow past corporate boundaries is important in #ecosystem plays... how are you seeing companies like @immuta having an impact?

So its a significant area fo the security team to be engaged from the outset. And then to be monitoring. There is a lot of regulation in or coming that deals with this - GDPR being the most well known

@DanHushon @cnokkentved You're talking/asking about @ImmutaData

@DanHushon not heard of that yet, as most companies are modernizing basic stuff like Identity & Access Mgmt, Data-In-Motion Encryption and APIs. We are seeing a lot of applications of #blockchain for Active Ingredients in #LifeSciences and #Food industries lately

yes, thanks...

@immutadata is applying ML to flow data across trading partners to "automate" the appropriate reg/policy/rule enforcement to enable lower friction/risk ecosystems to emerge

Here is some usful tips/guidance https://www.ncsc.gov.uk/collection/supply-chain-se...

@DanHushon there are a lot of solutions emerging in the application of AI in Integrated Risk Mgmt space. Looks like #immutadata efforts to create a machine-readable regulatory format to allow for direct embedding of AI/ML algorithms into the disseminated datasets will be an edge.

it's not typical terminology, but I expect it points towards psychological safety and continuous learning

I go back to #SRE, "reliability engineering" which could probably be "resiliency" engineering... since we all produce and consume information to live our lives and do our jobs, we need to think about provenance, value / utility and act accordingly

Its a great point. And yes, I think there really is. In one particular significant cyber incident, essentially the business lost most of their IT. It was the quick reaction of the employees and importantly, the willingness to help that averted real disaster

we don't leave our cars / houses unlocked, wallet unattended... but it's harder to manage the best practices in business... we need easy button - think that ML/AI will help #SmartWorkplaces

So a cultural issue as well - having people who are prepared to be curious, to get involved in their own continuous improvement and who feel invested in their business can make a huge difference.

@markhughessec I like the curious... and would add "action oriented" if you see something broken, you fix it - or work with others to ensure it is #ExtremeOwnership

the usual thing of 'DevOps' is a reorg (not just a tool you buy, or a new hire)

#DevOps also a culture... cannot just shift/assign risk... #ExtremeOwnership?

security is not supposed to be an afterthought, but rather embedded in the development culture of any enterprise or government organization. So #DevSecOps for building threat & vulnerability resilient code needs to become part of the DNA business technologies

yes and the merging of the dev/sec/ops cultures breaks down traditional org silos thus @cpswan's comments

another issue is the 100:10:1 ratio that's normal for dev:ops:sec staffing levels. Sec is thin on the ground and hence needs lots of leverage