Tag Archives: Veteran

Atlassian CISO Adrian Ludwig shares DevOps security outlook

BOSTON — Atlassian chief information security officer and IT industry veteran Adrian Ludwig is well aware of a heightened emphasis on DevOps security among enterprises heading into 2020 and beyond, and he believes that massive consolidation between DevOps and cybersecurity toolsets is nigh.

Ludwig, who joined Atlassian in May 2018, previously worked at Nest, Macromedia, Adobe and Google’s Android, as well as the U.S. Department of Defense. Now, he supervises Atlassian’s corporate security, including its cloud platforms, and works with the company’s product development teams on security feature improvements.

Atlassian has also begun to build DevOps security features into its Agile collaboration and DevOps tools for customers who want to build their own apps with security in mind. Integrations between Jira Service Desk and Jira issue tracking tools, for example, automatically notify development teams when security issues are detected, and the roadmap for Jira Align (formerly AgileCraft) includes the ability to track code quality, privacy and security on a story and feature level.

However, according to Ludwig, the melding of DevOps and IT security tooling, along with their disciplines, must be much broader and deeper in the long run. SearchSoftwareQuality caught up with him at the Atlassian Open event here to talk about his vision for the future of DevOps security, how it will affect Atlassian, and the IT software market at large.

SearchSoftwareQuality: We’re hearing more about security by design and applications security built into the DevOps process. What might we expect to see from Atlassian along those lines?

Ludwig: As a security practitioner, probably the most alarming factoid about security — and it gets more alarming every year — is the number of open roles for security professionals. I remember hearing at one point it was a million, and somebody else was telling me that they had found 3 million. So there’s this myth that people are going to be able to solve security problems by having more people in that space.

And an area that has sort of played into that myth is around tooling for the creation of secure applications. And a huge percentage of the current security skills gap is because we’re expecting security practitioners to find those tools, integrate those tools and monitor those tools when they weren’t designed to work well together.

Adrian LudwigAdrian Ludwig

It’s currently ridiculously difficult to build software securely. Just to think about what it means in the context of Atlassian, we have to license tools from half a dozen different vendors and integrate them into our environment. We have to think about how results from those tools flow into the [issue] resolution process. How do you bind it into Jira, so you can see the tickets, so you can get it into the hands of the developer? How do you make sure that test cases associated with fixing those issues are incorporated into your development pipeline? It’s a mess.

My expectation is that the only way we’ll ever get to a point where software can be built securely is if those capabilities are incorporated directly into the tools that are used to deliver it, as opposed to being add-ons that come from third parties.

SSQ: So does that include Atlassian?

Ludwig: I think it has to.

SSQ: What would that look like?

Ludwig: One of the areas that my team has been building something like that is around the way that we monitor our security investigations. We’ve actually released some open source projects in this area, where the way that we create alerts for Splunk, which we use as our SIEM, is tied into Jira tickets and Confluence pages. When we create alerts, a Confluence page is automatically generated, and it generates Jira tickets that then flow to our analysts to follow up on them. And that’s actually tied in more broadly to our overall risk management system.

We are also working on some internal tools to make it easier for us to connect the third-party products that look for security vulnerabilities directly into Bitbucket. Every single time we do a pull request, source code analysis runs. And it’s not just a single piece of source code analysis; it’s a wide range of them. Is that particular pull request referencing any out-of-date libraries? And dependencies that need to be updated? And then those become comments that get added into the peer review process.

My job is to make sure that we ship the most secure software that we possibly can, and if there are commercial opportunities, which I think there are, then it seems natural that we might do those as well.
Adrian LudwigCISO, Atlassian

It’s not something that we’re currently making commercially available, nor do we have specific plans at this point to do that, so I’m not announcing anything. But that’s the kind of thing that we are doing. My job is to make sure that we ship the most secure software that we possibly can, and if there are commercial opportunities, which I think there are, then it seems natural that we might do those as well.

SSQ: What does that mean for the wider market as DevOps and security tools converge?

Ludwig: Over the next 10 years, there’s going to be massive consolidation in that space. That trend is one that we’ve seen other places in the security stack. For example, I came from Android. Android now has primary responsibility, as a core platform capability, for all of the security of that device. Your historical desktop operating systems? Encryption was an add-on. Sandboxing was an add-on. Monitoring for viruses was an add-on. Those are all now part of the mobile OS platform.

If you look at the antivirus vendors, you’ve seen them stagnate, and they didn’t have an off-road onto mobile. I think it’s going to be super interesting to watch a lot of the security investments made over the last 10 years, especially in developer space, and think through how that’s going to play out. I think there’s going to be consolidation there. It’s all converging, and as it converges, a lot of stuff’s going to die.

Go to Original Article

Microsoft advances Microsoft Software & Systems Academy expansion goals with Quantico ribbon-cutting ceremony – Microsoft on the Issues

Microsoft set a vision to empower transitioning military service members and the veteran community with the opportunity to receive relevant training that could lead to meaningful careers. On Monday, the company held its ribbon-cutting ceremony for the opening of Microsoft Software & Systems Academy (MSSA) on Marine Corps Base Quantico. With the program’s growing availability, service members from coast to coast will be able to participate in technical training and career development. MSSA Quantico will focus specifically on meeting the growing demand for cybersecurity professionals.

The ceremony, which was held at the National Museum of the Marine Corps, started with welcoming remarks from Col. Joseph M. Murray, Commander, Marine Corps Installations National Capital Region – Marine Corps Base Quantico, Virginia. Other speakers included U.S. Rep. Rob Wittman; Dr. Barry Butler, president of Embry-Riddle Aeronautical University (ERAU); Marc Langlois, senior director, Department of Navy at Microsoft; and Brig. Gen. Kurt W. Stein, director of Marine and Family programs, Headquarters Marine Corps.

Barry Butler, Embry-Riddle Aeronautical University president, delivers remarks at Quantico
Dr. Barry Butler, president of Embry-Riddle Aeronautical University, delivers remarks at the ribbon-cutting ceremony for the Microsoft Software and Systems Academy (MSSA) at Quantico on Jan. 8, 2018.

“Your courage. Your dedication to others. Your ability to work together as a tight knit team. Your adaptability and accountability – these are qualities you have developed in the most challenging of environments,” said Marc Langlois, senior director, Department of Navy at Microsoft, speaking to the first cohort of students for MSSA Quantico.

“MSSA Quantico Cohort A, we don’t just think you are ready to learn. We know you are ready.”

Rep. Wittman also spoke to the group about the importance of programs like MSSA to train our transitioning service members and veterans.

“What a great combination of innovation and creation from the private side to the public side, who are putting that together for the betterment of our nation… [MSSA] is the first step of many steps of developing this skill set that exists here in the Marine Corps.”

The Quantico campus is the first of four scheduled MSSA launches in early 2018 on the Eastern Seaboard, and will complete Microsoft’s 2015 goal of opening nine regions servicing 14 bases. In the months ahead, Microsoft will open MSSA programs at Camp Lejeune, Naval Station Norfolk, and the Jacksonville Community Campus (near Naval Air Station Jacksonville and Naval Station Mayport).

Marine Corps Sgt. Maj. Ronald Green speaks with Rep. Rob Wittman
Marine Corps Sgt. Maj. Ronald Green, left, speaks with Rep. Rob Wittman following the ribbon-cutting ceremony for MSSA at Quantico on Jan. 8, 2018.

Since launching MSSA in November 2013 at Joint Base Lewis-McChord in the state of Washington, Microsoft has worked with education partners ERAU and St. Martin’s University to create a successful and proven model for reskilling our nation’s heroes and preparing them for meaningful careers in technology. This cornerstone of the DoD Skillbridge program helps the industry overall, helps veterans and helps our country build a stronger workforce to compete on the world stage. In the past four years, the company has grown its hiring partner network to more than 240 companies, including Dell, Expedia, Accenture, Capgemeni and the Department of Defense, with an average starting salary of $70,000.

To learn more about MSSA at Quantico, visit military.microsoft.com/mssa.

Marine Corps Base Quantico ceremonial platoon presents the colors
The Marine Corps Base Quantico ceremonial platoon presents the colors during the ribbon-cutting ceremony for MSSA at Quantico on Jan. 8, 2018.

Tags: Education and Jobs, military, MSSA, veterans

Radiology AI and deep learning take over RSNA 2017

CHICAGO — As the medical imaging world debates whether machines are supplanting humans, veteran radiology AI thinker Curtis Langlotz, M.D., offered what is becoming a widely held view of the profession’s technology future.

“To the question, will AI replace radiologists, I say the answer is no. But radiologists who do AI will replace radiologists who don’t,” Langlotz, professor of radiology and biomedical informatics at Stanford University School of Medicine, said to a packed hall at the RSNA 2017 conference.

The setting was a scientific panel during the 103rd Scientific Assembly and Annual Meeting of the Radiological Society of North America, held at the McCormick Place conference center.

RSNA show vigorous in its second century

RSNA, with more than 54,000 members from around the world, annually stages what is the biggest healthcare conference and exposition on the continent. This year, the event attracted some 50,000 attendees, with nearly half of them medical imaging professionals, and 667 exhibitors — mostly vendors.

In addition to artificial intelligence and various forms of machine learning, RSNA 2017 was more deeply immersed than ever before in value-based imaging, the pursuit of quality over volume, as the U.S. healthcare system moves in that direction.

The RSNA 2017 exposition floor at the McCormick Place conference center in Chicago.
The RSNA 2017 exposition floor at the McCormick Place conference center in Chicago.

Deconstructing PACS

Also as strong as ever were picture archiving and communications systems (PACS) and vendor-neutral archive (VNA) technologies and systems for storing and viewing complex medical images, including the increasingly popular strategy of “deconstructing PACS” — stitching together parts of PACS from various vendors.

But radiology AI and deep learning — a subset of machine learning that uses advanced statistical techniques to enable computers to improve at tasks with experience — were probably the hottest topics at RSNA 2017.

Indeed, Langlotz’s session — and dozens of other panels on AI, deep learning and machine learning in radiology and other imaging-intensive specialties — drew overflow crowds.

Radiology AI excitement and reality

To the question, will AI replace radiologists, I say the answer is no. But radiologists who do AI will replace radiologists who don’t.
Curtis LanglotzM.D., professor of radiology and biomedical informatics at Stanford University School of Medicine

“We’re definitely right in the eye of the storm of the hype cycle,” Rasu Shrestha, M.D., chief innovation officer at University of Pittsburgh Medical Center, told SearchHealthIT on the busy “technical exhibition,” or show, floor. “Having said that, that hype is being driven by an immense amount of hope. Could AI and machine learning solve for the complexities of healthcare?”

Langlotz acknowledged that radiology AI has already been through a number of hype-bust cycles in recent decades, but his work and that of colleagues at the Mayo Clinic and The Ohio State University, among others, shows that AI and machine learning have made dramatic progress.

Luciano Prevedello, M.D., division chief for medical imaging informatics at The Ohio State University Wexner Medical Center, said at the same deep learning session that “from 2014 to 2015 is when the algorithms started surpassing the human ability to classify” medical image data.

Experts say AI can aid imaging now

The radiology AI and deep learning experts said the software technologies, which require supercomputer-level computing power, can help radiologists and other imaging professionals on a practical basis.

For example, today, AI and deep learning can help physicians more efficiently produce images, improve quality of images, triage and classify images, serve in computer-aided detection of medical problems, and perform automated report drafting, Langlotz said.

As for value-based imaging, one radiology IT expert, Jim Whitfill, M.D., chief medical officer at Innovation Care Partners, a physician-led accountable care organization in Scottsdale, Ariz., said radiologists have opportunities to benefit financially from value-based care if they take on financial risk as ACOs do.

Value-based care and imaging not going away

During a panel on ACOs and value-based care, Whitfill noted that despite recent moves by the administration of President Donald Trump to trim several value-based care programs, federal healthcare officials are still behind the healthcare reimbursement approach, which Whitfill said has firm supporters.

“It’s absolutely critical that radiologists bring their talent around leadership, information technology and the larger healthcare system to bear as organizations begin to make this shift” toward value-based care, Whitfill said.

In an interview, Whitfill said one of the biggest technological advances in medical imaging that will help in the move toward value-based area is enterprise imaging.

“Historically we’ve been very focused on radiology in the PACS system,” Whitfill said. “But now, organizations are not only adding cardiology images, but also ophthalmology images, dermatology images and others, so we’re seeing a revolution in terms of the imaging platforms moving all these images into one place.”

Microsoft’s Margo Day: A History of Passion for Tech and Learning

Margo Day is an industry veteran with 33 years experience in the technology business. Roughly half of that time has been at Microsoft, where she currently serves a VP of U.S. Education.

You might think that someone who has spent that long in the tech sector would be on cruise control, waiting for their time to escape – but nothing could be further from the truth with Margo. She has a palpable and infectious enthusiasm for her job, and her impact can be seen in the successes of both young people and educators alike.

I was lucky enough to spend some time with Margo at the ISTE conference last summer in San Antonio, and I asked her about her role at Microsoft as well as her vision for Microsoft’s role in education. Margo explained, “I’m totally energized. The world of tomorrow is so different than the world of today. As adults, we really have this remarkable responsibility to be part of the team ─ when I say “team,” I mean it’s everyone, not just Microsoft. We can truly come alongside and transform the learning environment in K-12 so that we are preparing our students for a tomorrow that looks totally different than what we were prepared for today.”

“Microsoft is an enterprise company. Meaning, we’re one of the top technology companies, one of the top global companies. We bring a vast number of resources and solutions that understand education institutions are enterprises in and of themselves. We want to empower and infuse the learning environments with interesting and creative things to spark creativity in students’ minds.”

I asked Margo about her personal journey, and whether she could have imagined as a child that she would be in the position she is in today. She shared a poignant story about a special teacher who made her believe in reaching for the stars:

“I’m actually an introvert. I grew up in a large family, and I’m one of the younger kids. I had a feeling of ‘I think I’ve got something in me but is anybody really noticing?’ “

“I had a third-grade teacher named Mrs. Belzvick. She saw something in me that I always hoped somebody would. She figured out that I was good at math and that I was logical. She wanted me to be the person that did the volcano experiment in front of all of the parents and the school because she wanted to help me break out of my shell. She did it through something she knew I was good at. She knew I was an introvert, so she gave me a pathway.”

Margo continued her remembrance with a look back at 1977 – her senior year in high school. An influential adult in her life approached her and planted a seed of possibility:

“ ‘You know something, I think that computers in technology are going to set the world on fire. Do you want to learn how to code?’ ”

“There were three or four of us that got together. We learned how to code midrange computer systems. I still remember the first little program that I wrote on Datapoint language and Database stuff and I thought, ‘I can actually create something.’ ”

“It’s one of these things where, as a kid, it’s in there innately. I believe creativity and potential are inside absolutely everybody. But it takes all of us to bring it out. Would I have imagined then the world that I’m in today? No. But I did imagine what the next step beyond might be. And early on I had people who helped me understand what that might look like and be.”

The future of education and technology is wide open. The world of our children and even their children’s children will be facing incredible opportunities of information sharing that we could not have imagined as kids. With people like Margo leading the charge, positive changes are sure to continue at a blistering pace.

About Margo Day:

Margo Day is vice president of U.S. Education for Microsoft Corp. She is responsible for the U.S. Education strategy and sales to K–12 and higher education customers across the U.S.

She has been at Microsoft since 2001, holding previous roles of Vice President, West Region SMS&P and Vice President, US Partners. She was a 2014 Circle of Excellence, Platinum Club Founders award winner, 2006 Microsoft Most Inspirational Woman award, and in 2012 was nominated for the Anita Borg Women of Vision Social Impact Award.

Follow Margo Day on Twitter.

Further Reading:

L.A. Biz – Mattel’s Hot Wheels teams with Microsoft on educational STEM initiative

eWeek – Microsoft Word’s New Learning Tools Sharpens Students’ Reading Skills

Vanguard – How Microsoft is boosting digital learning in schools with new tools, services

Additional Reading:

Thought leaders in sustainable education

Venture capital interested in education funding

Promoting ecological empathy in school design

About Rod Berger, PsyD.

Dr. Rod Berger is President and CEO of MindRocket Media Group. Berger is a global education media personality and strategic influencer featured in The Huffington Post, Scholastic, AmericanEdTV, edCircuit, EdTechReview India and Forbes.

Audiences have enjoyed education interviews with the likes of Sir Ken Robinson, Arne Duncan, Randi Weingarten, Sal Khan along with leading edtech investors, award-winning educators, and state and federal education leaders. Berger’s latest project boasts a collaboration with AmericanEdTV and CBS’s Jack Ford.

Follow Dr. Rod Berger on Twitter.

A CIO vision of ‘indiscriminate computing’

Veteran IT executive David Giambruno has put a name to the future of enterprise computing: He calls it “indiscriminate computing,” or the ability to move compute, applications or any other IT asset anywhere in a secure environment.

His CIO vision is to turn all of IT into a service and replace clunky and cumbersome IT infrastructure with containers, APIs and microservices. It’s a cloud-based approach he’s been refining during stints as a CIO at Revlon, Tribune Media and, most recently, Shutterstock Inc.

By eliminating the friction in IT infrastructure, Giambruno said product and development teams will be able to move faster and capitalize on the one competitive advantage companies can’t win without in a rapidly changing business environment: speed to market.

SearchCIO caught up with Giambruno at the recent MIT Sloan CIO Symposium when he was still CIO at Shutterstock. He announced this week on social media that he’s since left the stock image company and is seeking a new position. The conversation provided a window into Giambruno’s IT philosophy.

This Q&A has been edited for brevity and clarity.

What will the IT organization of the future look like?

David Giambruno: For me, the goal would be to have my organization be much more forward-facing, to have automated the back-end infrastructure so it operates as a service for the company, and that my team focuses on enabling the product and development teams to go faster.

In your CIO vision, do certain IT departments or job titles disappear?

Giambruno: You will always need some capability. I think we will transform into a much more data-driven IT organization — supporting the absorption and the synthesis of data, and marrying that data to our infrastructure. So from all of our different technology investments — from AI [artificial intelligence] to automation — [we will use] that data to drive our user experience from the infrastructure. How is it going to shape out? I would say IT people will morph into a much more data-intensive environment.

David Giambruno, former CIO at Revlon, Shutterstock and Tribune Media, talks indiscriminate computing.David Giambruno

Will that mean IT becomes more embedded in the business?

Giambruno: This is my personal belief: The relationship between my organization and business segments — whether it is marketing or sales — is to continuously enable them to have more capability. Again, do it faster, cheaper, better, but while enabling more and more capabilities — figuring out how they attack markets, helping identify what applications or what needs they have, getting [those applications] in and helping the business get the most value out of those investments as fast as possible. 

How important is the hybrid cloud, which aims to integrate disparate systems together so they work as one machine, to the future IT workplace?

Giambruno: Two pieces of that: One is, historically, I’ve always believed in this idea of indiscriminate computing — my ability to move my compute, my apps, whatever I want to anywhere in any fashion based on either a performance or a financial set of metrics. So, if I have more users in Japan [and] we’re going after that market, I should be able to make sure my user experience is great in that market, whichever cloud it is. One of the keys to that is containerization, which gives you the ability to move between clouds. That’s our vision. We’re probably in step one of doing that. It’s going to be an iteration, but I do think that is going to be the absolute endgame.

How do containers, APIs and microservices fit together to make this CIO vision work?

Giambruno: The API tells the infrastructure what to build. The containers hold the microservices. It’s that ability to destroy and create and move [services] quickly that allows you to add capacity, change capabilities on the fly based on the code. It’s the ability to create that universe with a click of a mouse and a set of instructions. One of the interesting things about containers is you don’t get drift, so you always know where you are. So, it’s the ability with a high degree of precision to say, ‘OK, we want to deploy this feature and functionality,’ and to know you don’t get drift in that world. And, again, to be able to blow [features and functionality] to one region, to [multiple] regions and scale up and down, as well as sideways.