We’re pleased that Forrester Research has identified Palo Alto Networks as a leader in The Forrester Wave™: Automated Malware Analysis, Q2 2016. As part of the report, Forrester evaluated WildFire based on criteria in the categories of current offering, market presence, and strategy.
Automated malware analysis is a necessity in the security stack, providing visibility into targeted attack vectors and creating tailored threat intelligence to generate what Forrester calls “highest fidelity” alerts.
Palo Alto Networks takes automated malware analysis several steps further by broadening the scope of threat intelligence and extending its preventive capabilities. As part of our Next-Generation Security Platform, WildFire identifies — and helps prevent — malware attempting to traverse the network, infect endpoints, and make its way to cloud environments.
We have often heard these pearls of wisdom during our formative years: “Play nice. If you don’t play nice, no one will want to play with you.” “You have to be nice.” “Be a nice girl.”
Unfortunately, many of us (myself included) suffer from what I’m calling the “Nice Syndrome.” Merriam-Webster dictionary defines nice as pleasing and agreeable. Nice was rewarded, reinforced and subsequently internalized, leading to:
Putting other’s needs before your own
Over apologizing
Consistently asking for permission
Denying your own power
Not asking for what you want or need
Tolerating too much negativity
Being overly patient
In the workplace, we continue to be nice. We don’t rock the boat. We play nice even when it means denying one’s self. We sacrifice self and wait for our reward. Unfortunately, the rules we learned as girls no longer apply as women in the workplace. We instead work extra hard, do the work of others, deny ourselves lunch or breaks. We put work first, our families second, and ourselves last.
How then can we break this nice cycle without being labeled a witch or worse? How can we vanquish our misplaced guilt when we no longer play nice? We do this through: 1) language; 2) prioritization; and 3) building our brand.
Never Underestimate the Power of Words
Words create our reality and give us and others a blueprint for interacting with us. Women often use touchy-feely language that lacks self-confidence. These phrases include: “Maybe we could…”; “I was thinking we might…”; “How about…” Instead use more assertive language: “I believe it would be best to…”; “I propose that we…”; “It is my understanding that …”
Stop Putting Work Ahead of Everything Else
Many women of my era are referred to as the “sandwich” generation. We juggle careers, families and caring for elderly family members. We put ourselves so far down the list that we do not recognize our own needs. By playing nice, women put their needs on hold or lower their expectations. They deny their own power. Let go of the beliefs that you are powerless and that standing up for yourself is selfish. Rethink what power means. You have more power than you allow yourself to use. To reclaim your power, start by saying “no” to unreasonable requests. Express yourself in more empowered ways by stating, “I choose to…” which ties back to creating your reality. Take small steps for yourself, such as:
Taking lunch breaks
Taking short walks outside
Establishing set start/stop times, and sticking to them
Taking time for exercise
Taking meditation or yoga classes
Getting regular massages or facials
Build Your Brand
We all know brands that are synonymous with a product, such as Coke or Kleenex. What is your name synonymous with? Once you determine that it will inform you of your brand. It is what sets you apart from others. What is your unique story? It is said that “If you don’t build your image (brand), someone else will.” What are you really good at? Build your unique story.
Appearance is also a big part of your brand. The saying goes, “Never dress for the job you have; dress for the job you want.” Look at successful women. What style of clothes, hair, make-up and jewelry do they favor? I am not advocating a complete makeover, but maybe wear a blazer to important meetings or dress up your blouse and slacks with a scarf.
Also, observe how successful women speak. Do they use a lot of touchy-feely language? What is the pitch of their voice? Your presentation skills communicate your brand. Are you confident in front of a group? Do you talk at an acceptable rate or speak rapidly? Do you use crutch words like “ah,” “um,” and “you know?” Do you over explain or apologize when presenting? Do you use words to minimize importance or ask for permission? Do you speak too softly or at too high of a pitch? Does your voice pitch up at the end of a statement? If you struggle in any one of these areas, I suggest Toastmasters International, which offers a cost-effective communication development course that moves at your own pace.
Do you, like me, suffer from Nice Syndrome? How have you broken through this syndrome? Share your success and struggles in the comments section below.
Today, 28 April, just happens to be International Girls in Information and Communication Technologies (ICTs) Day. The goal of the event is to create a global environment that empowers and encourages girls and young women to consider careers in the growing field of ICTs. For more information click here.
Pam Nigro, MBA, CISA, CGEIT, CRISC, CRMA, DTM; Senior Manager, Internal Controls and Risk Management; Blue Cross Blue Shield of Illinois; Vice President, ISACA Chicago Chapter
The evolution of software has made possible things we never dreamed. With software upgrades come new competencies and capabilities, better security, speed, power and often disruption. Whenever something new enters an existing ecosystem, it can upset the works.
The cadence of software upgrades in large organizations is typically guided by upgrade policies; the risk of disruption is greater in large organizations—which is the chief reason large companies lag up to two versions behind current software releases. They take a wait-and-see approach, observe how the early adopters fare with software upgrades and adopt as a late majority.
A proper upgrade process involves research, planning and execution. Use these top 10 principles to establish when and why to upgrade:
1. What’s driving the upgrade? Software upgrades addressing known security vulnerabilities are a priority in the enterprise. Usability issues that impact productivity should also be addressed quickly.
2. Who depends on the legacy software? Identifying departments that depend on legacy software allows IT to schedule an upgrade when it has the least impact on productivity.
3. Can the upgrade be scheduled according to our policy? Scheduling upgrades within the standard upgrade cycle minimizes distraction and duplication of effort. Change control policies formalize how products are introduced into the environment and minimize disruption to the enterprise and IT.
4. Is the organization ready for another upgrade? Just because an organization needs a software upgrade doesn’t mean it can sustain that upgrade. Upgrade and patch fatigue are very real. Consider the number of upgrades you’ve deployed in recent months when deciding whether to undertake another one.
5. What is the upgrade going to cost? Licensing costs are only one part of the total cost associated with software upgrades. Services, staff time, impact to other projects, tech support for associated systems and upgrades for systems that no longer work with the new platform must also be included in the total cost.
6. What is the ROI of the upgrade? Software updates that defeat security vulnerabilities are non-negotiable—security itself is the ROI. Non-security related upgrades, however, must demonstrate their value through increased productivity or improved efficiency and reduced costs.
7. How will the customer be impacted? Consider all the ways an upgrade could impact customers and make adjustments before the upgrade begins. Doing so ensures you mitigate any potential issues before they happen.
8. What could go wrong? Since your goal is to increase performance, not diminish it, draft contingency plans for each identified scenario to readily address performance and stability issues, should they arise.
9. What level of support does the vendor provide? Once you understand what could go wrong during the upgrade, look into the level of support the vendor provides. Identify gaps in coverage and source outside resources to fill in as needed.
10. What’s your recourse? No one wants to think about it, but sometimes upgrades do more harm than good. In the event something goes wrong and you need to revert to a previous software version, can you?
Recently, the Center for Cyber Safety and EducationTM released the results of the Children’s Internet Usage Study. The study contrasted the self-reported online behaviors of U.S. kids in grades 4-8 with their parents’ perceptions of their behavior. The findings were surprising and could be a cause for concern for many parents, as it shows that children are spending more time online, including late into the evenings, than their parents were aware. The children indicated they visit sites they know they are not supposed to, and engage with strangers despite warnings from parents. A few of the survey results are below:
40 percent said they connected with or chatted online with a stranger.
30 percent texted a stranger from their phone.
21 percent spoke to a stranger by phone.
15 percent tried to meet with a stranger they first encountered online.
11 percent met a stranger.
6 percent revealed their home address.
53 percent access the Internet for reasons other than homework seven days a week.
49 percent have been online at 11 p.m. or later on a school night.
33 percent have been online at midnight or later.
David Shearer, CEO of (ISC)² and the Center for Cyber Safety and Education said, “We are grateful to Booz Allen Hamilton, a valued partner over the years, for supporting this important initiative to raise parents’ awareness about the types of risky activities their children are engaging in online. Concerning findings such as these only reinforce the need for educational programs like Safe and Secure Online to help parents play an active role in preventing risks.”
In response to the survey results, the Center updated their Safe and Secure Online program, a leading free education program that teaches families and educators how to be safer online. Certified security expert members of (ISC)² contribute to the development of the program and all members are encouraged to share this information with their families and community. The free education program can be accessed in English at http://www.SafeAndSecureOnline.org. The program materials will be translated into other languages (Spanish, French, German, Portuguese and more) throughout the next few months.
In the U.S., April 28 is ‘Take Your Child to Work Day’ when children accompany their parents to the workplace. The (ISC)² headquarters office will be educating young visitors on how to stay safe online in hopes that children will become more cautious in the future and treat online strangers like they would real-world strangers.
Last year I attended an international risk management conference and was quite shocked by one of the sessions I attended. One of the presenters said, “ERM’s job is to protect the balance sheet.” Enterprise risk management (ERM) is a function that must address all types of risk, not just financial risk.
Monetizing risk and normalizing risk are two of the biggest problems risk practitioners face. Monetizing and normalizing risk makes it very easy to report risk exposure and risk treatment cost but obscures the true risk impact. When risk impact is obscured or under valued, it causes decision makers to make very poor decisions. This is especially true for safety risk where poorly managed risk events can lead to loss of life.
When asked this question, many people’s response will be “Human life is priceless.” Unfortunately, the desire to monetize risk impact has given rise for the need to quantify the value of human life. The international standard for the value of human life is $50,000. The Stanford Graduate School of Business conducted research awhile back that indicates the actual value of human life is $129,000. Anyone who has lost a loved one would likely argue that these values are woefully inadequate.
Monetizing risk impact causes these values to be used by decision makers to make decisions about what safety guards are worthwhile and cost effective. Consider a safety risk event that has a risk impact of $2.5 million and the risk treatment cost is $4.4 million. Many decision makers would simply accept this risk because the treatment cost is nearly twice the potential impact, and it doesn’t make economic sense to spend $4.4 million to save $2.5 million.
There would likely be a very different outcome if this risk event was presented to decision makers as a safety risk event that could cause 50 people to lose their lives and the risk treatment cost is $4.4 million. I would like to think that decision makers would choose to spend the $4.4 million to save 50 lives. Please note, 50 lives multiplied by the international standard value of human life of $50,000 is $2.5 million. As you can see, monetizing risk impact can dramatically change the equation.
ERM’s job should be much broader than simply protecting the balance sheet. ERM’s job is to manage all types of risk including budget risk, schedule risk, quality risk, safety risk, reputation risk and mission risk.
Mayo will present How Culture Affects ERM at EuroCACS 2016 30 May – 1 June in Dublin.
Footnote 1 Kingsbury, K. (2008, May). The Value of a Human Life: $129,000. Time.
Joseph W. Mayo, President, J.W. Mayo Consulting Services
