The innovation lab was launched earlier this month, seeking to use AI technology to transform the process of drug discovery and development. The lab has been formed by the alliance of four pharmaceutical giants – AstraZeneca, Merck, Pfizer and Teva – alongside Amazon Web Services and Israel Biotech Fund. The model is based on that of German independent research institute BioMed X.
AION Labs will create and invest in early-stage start-up teams focused on AI and computational biology in drug discovery and development, offering resources and mentorship to develop new tech that meets the most acute and significant challenges in the pharmaceutical industry.
Its first call for applications, launched this week, seeks to identify global research talent for new startup company in field of De Novo Computational Design of Therapeutic Antibodies.
Search for computational biologics and biomedical scientists
Therapeutic antibodies are well established life-saving drugs. Discovery of existing therapeutic antibodies relies on immunization or in-vitro selection from large, pre-defined libraries with limited sequence space coverage. Selecting a drug candidate from billions of potential antibody sequences is laborious and expensive and, in many cases, fails to identify functional antibodies.
But AION notes that recent advances in protein structure prediction, artificial intelligence (AI) algorithms, and increased availability of experimentally determined antigen-antibody structures present a ‘unique opportunity’ for AI-driven antibody discovery.
It is inviting computational biologists and biomedical scientists at academic and industry research labs worldwide to propose the development of a next-generation general computational platform for the design of high-affinity and biophysically well-behaved antibody binders directed towards epitopes of choice, starting from an antigen structure or antigen sequence as an input.
The lab’s pharma partners will provide a wealth of data for model training and their expertise in setting specifications and evaluating the outcome. Original ideas that go far beyond the current state-of-the-art are being encouraged.
Candidates are invited to submit a competitive project proposal. Shortlisted candidates will be invited to a five-day innovation boot camp in Rehovot. With the support of experienced mentors from the pharma, tech and VC industries, the winning team of scientists will be trained and guided during a fully-funded incubation period of up to four years towards becoming an independent startup.
Further details can be found via AION’s website; and interested candidates are invited to apply before December 12, 2021.
Nintendo ‘Advanced Wars 1+2: Re-Boot Camp’ Remake to be Delayed to Spring 2022 | More Time for ‘Fine Tuning’
Urian B., Tech Times
One classic game that has been extremely popular, especially for the GameBoy advanced console, was expected to have its own remake. Nintendo, however, has announced that the “Advanced Wars 1+2: Re-Boot Camp” remake is now being delayed to the Spring of 2022.
Nintendo ‘Advanced Wars 1+2: Re-Boot Camp’
According to the story by Engadget, Nintendo has just reportedly delayed the “Advance Wars 1+2: Re-Boot Camp.” The company is now expected to release the game’s remake in Spring of 2022 instead of the originally expected Dec. 3.
Although the initial plan to release the game in December 2021 could have been quite an interesting addition for a Christmas release, the new release date is something else. Although there might not be that many events in Spring 2021, this might not really be a problem for the classic game.
Delay for ‘Advanced Wars’ to Spring 2022
The previous announcement was for Dec. 3 but the new release date is said to happen sometime in Spring 2022. The game was described as needing just a little more time in order for it to get “fine tuning.” One problem that the new Nintendo Switch OLED is reportedly suffering from is screen burn-in.
Nintendo initially announced the Switch title all the way back during its own E3 Direct back in June. The remake is said to bundle up certain “reimagined” versions of “Advance Wars” as well as “Advance Wars 2: Black Hole Rising.” Check out other upcoming Nintendo Switch games October.
Classic Game Boy Advance Games
Both games were reportedly long considered classics of the massive tank turn-based tactical strategy genre, which initially appeared on the Game Boy Advance in 2001 and 2003. Intelligent Systems is reportedly best known for its work on the Fire Emblem franchise, yet another massive success. Intelligent Systems was reportedly known as the lead developer for both titles.
Nintendo of America tweeted out that players will finally be able to battle with Andy & friends sometime soon. The developer also thanked players for their patience. Although it’s been a while since there has been any development on the game or the franchise, fans are now pleased with the remake of this classic game.
Orange Star Army
As per the official Nintendo page, players will command an army in the classic strategic, turn-based combat as a particular tactical adviser for the Orange Star Army. The website notes that players’ expertise is needed to move land, air, and even naval units all across the battlefield.
Players will be able to take down enemy squads and even capture towns and bases to secure victory and keep the peace. Players will reportedly be keeping an eye on the whole game-changing terrain and weather as they will lead others to a number of units all across different maps.
This article is owned by Tech Times
Written by Urian B.
ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.
CISA has announced awards of $2 million to two organizations training underserved communities in cybersecurity.
The funding will go to NPower and CyberWarrior, two programs helping to train veterans, military spouses, women and people of color for cybersecurity positions. These are the first awards of their kind handed out by CISA.
CISA Director Jen Easterly said addressing the cyber workforce shortage requires the agency to proactively seek out, find and foster prospective talent from nontraditional places.
“CISA is dedicated to recruiting and training individuals from all areas and all backgrounds with the aptitude and attitude to succeed in this exciting field,” Easterly said. “It’s not just the right thing to do; it’s the smart thing to do — for the mission and the country. We’re best positioned to solve the cyber challenges facing our nation when we have a diverse range of thought bringing every perspective to the problem.”
The organizations are targeting communities with high unemployment as well as those who are underemployed and underserved in both rural and urban areas.
CISA explained that they are looking to support programs that benefit communities and populations that may not have access to training programs centered around cybersecurity.
CISA, CyberWarrior and NPower will work with them to “develop a scalable and replicable proof of concept to successfully identify and train talented individuals around the country.
They noted that the effort will help address the “staggering” shortage of cybersecurity talent facing the country.
“CyberWarrior is honored to take part in the Cybersecurity Workforce Development and Training Pilot for Underserved Communities,” said Reinier Moquete, founder of the CyberWarrior Foundation.
“Working with CISA and other stakeholders, our 28-week bootcamp program will train persons from underserved populations for a career in cybersecurity. We encourage prospective students, employers and workforce stakeholders to reach out and join us in building opportunities for these individuals.”
According to CISA, the three-year program seeks to establish a cybersecurity pathways retention strategy while also providing entry-level cybersecurity training and hands-on professional development experience through apprenticeships.
Bertina Ceccarelli, CEO of NPower, said her organization’s cybersecurity program offer young adults and veterans the opportunity to advance their careers and deepen their specialties.
“This is particularly important for individuals coming from underrepresented communities that systemically lack access to those specialized skills,” Ceccarelli said. “We are honored for the support from CISA, which will enable NPower to expand our reach to trainees across the country.”
The award is part of a larger effort by CISA and other agencies to diversify the cybersecurity industry. On Friday, Easterly, NSA cybersecurity director Rob Joyce and Institute for Security and Technology CEO Philip Reiner handed their Twitter accounts over to three Black women, who spoke about their experiences in the tech industry while urging other women of color to join in.
CISA has also created a CYBER.org initiative and Cyber Education and Training Assistance Program to promote cybersecurity among young people.
Sololearn raises $24M for its bite-sized, Duolingo-like mobile-first coding education app – TechCrunch
Drive Capital led the round, with participation from past backers from Sololearn’s previous $1.2 million Series A round in 2016 (Learn Capital and Prosus Ventures).
Of note, Drive Capital was co-founded by two alums from Sequoia out of Columbus, Ohio, with a mission to focus on founders outside of the “usual” hubs. That’s precisely what they have done here: Sololearn comes from Yerevan, Armenia, which has produced a lot of engineering talent, but interestingly not as many startups. (PicsArt, which is also HQ’d in San Francisco, may the biggest name to come out of there.)
Sololearn was founded and is currently led by Yeva Hyusyan, who tells me that the impetus for the company came out of a previous project (a startup accelerator) she worked on while working for Microsoft in the country.
One side effort to that was a coding bootcamp they put together to help upskill would-be entrepreneurs. The bootcamp took on a life of its own eventually, with tech companies in the country, and specifically the capital city, approaching Hyusyan to source interesting candidates for jobs, and soon after to take and train people in specific areas on behalf of the tech companies themselves. In the process, the accelerator started building tools that could be used outside of the classroom. Through all of that, Hyusyan said she realised that there was an opportunity in itself to focus just on this. And thus Sololearn was born.
Now I know what you must be thinking at this point: Aren’t there already dozens, maybe hundreds, of decent online coding courses and tools out in the market already? Why fund Yet One More?
Key to what Sololearn is doing is that it has taken a realistic approach: On mobile, people want short bursts of content, so coding education on that platform should follow from that. The “lessons” such as they are come in bite-size engagements, which can be run through in minutes if needed. Its target users are equally distributed among those who are focused on learning deeply about coding, and nontech people who are trying to learn some specific skills for their jobs, and she said that both have taken to the format.
“Everyone was critical about the idea of learning coding on a mobile screen, so we built a compiler a few years ago,” she said. “But believe me, the younger generation prefers to code on mobile. It’s as normal as a desktop. You’d be amazed at the thousands of lines of code they put together, all on a phone.”
The Duolingo-like approach to the curriculum was further followed by the fact that there are no formal “teachers”, but if people need help they can turn to others in the Sololearn community. Helpers are incentivized, Hyusyan said, “because they learn and they get recognition from the community.”
“The best helpers are community influencers, experts that work with us for free and basically help everyone out. They are our best and most influential members,” she added.
The formula seems to have worked. Sololearn is adding between 200,000 and 300,000 new users every month, she said, with active users up 300% over last year. The 21 million people who are already using the platform essentially gravitated to it by word of mouth. (That will surely change now that Sololearn has raised this big round…)
The potential audience is a massive one. “Billions will need to re-skill in the next 10 years,” Hyusyan said, with the implication being that Sololearn (and others like it) will take on that re-skilling role. “We think the era of institutional learning is over. No one institution, not even a consortium, could cope with that demand.”
With the company also seeing a lot of traction for learning in platform-specific languages, such as C# and Swift for Apple iOS, Kotlin for Android and Go for Google cloud computing, it will be using the funding to continue expanding into more languages, but also more learning tailored to specific job categories.
With Duolingo and other bite-sized content players seeing huge growth, that speaks to a lot of potential in the educational realm, and with Sololearn specifically.
“Sololearn provides bite-sized habit-forming instruction at scale, a warm and supportive community, and amazing user-generated content,” said Masha Khusid, partner at Drive Capital, in a statement. “And with Sololearn bringing that same proven approach to a subject matter with such a profound impact on millions of peoples’ financial futures, it’s particularly exciting and rewarding to be their Series B lead.”
Of all the arts, dancing is the one I appreciate least. When I read the Arts section of the New York Times, I unfailingly skip all stories on dance without fear of feeling uninformed. Chalk it up to my bottom-quartile dance skills, or to the fact that I once flunked out of a ballroom dance class for failing to dance in a clockwise direction. But my supercilious attitude to dancing is the primary (but by no means sole) reason I find Footloose (i.e., small town passes anti-dancing ordinance, rebellious teenager from Chicago stages uprising) totally hilarious.
In the annals of dance, only one has been truly forbidden, and not by ordinance. Just a few years after Kevin Bacon dance-liberated Bomont, the Lambada – a sensual dance from Northern Brazil – swept the globe as “the forbidden dance.” Dance-lovers everywhere couldn’t resist its forbidden fruit and danced the Lambada through the end of Reagan-Bush.
Kids, nothing important happened in the late 80s and early 90s that wasn’t foreshadowed by Footloose.
In the annals of coding bootcamps, only one is on its way to forbidden status. Lambda School – not named for the forbidden dance, but rather the Greek letter and CS term – is having a tough go of it. Last week, Inside Higher Education reported Lambda is being sued by former students for falsely advertising an 80% job placement rate. In April, Lambda laid off 65 employees. Last year, it was the subject of a withering New York Magazine attack questioning Lambda’s value to students and breaking the news that it had partnered with a company owned by a banker known as the grandfather of collateralized debt obligations (CDOs). Lambda also had the displeasure of tangling with both the California Bureau of Private Postsecondary Education (BPPE) and Department of Financial Protection and Innovation (DFPI): an alphabet soup of regulatory headaches.
On the surface, it’s hard to see what’s not to like about Lambda School. After a year in which thousands of accredited higher education institutions demanded that students borrow tens of thousands of dollars to pay for online courses, Lambda’s no tuition / income share agreement (ISA) model for online courses appears positively virtuous. Plus, rather than ad hoc remote courses, Lambda’s coding courses are expressly designed for online learning.
Dig deeper, though, and it’s clear why Lambda has become a target. The company raised $122M from dozens of Silicon Valley investors like Google Ventures and Ashton Kutcher at a valuation in excess of $200M. And Lambda’s voluble founder, Millennial poster boy Austen Allred, is a college dropout and Y Combinator grad previously best known for sharing every waking thought – mostly about stuff happening in Silicon Valley – with his 167,000 Twitter followers. Tweets from Lambda executives like “if you don’t think Lambda is at least a $100B company you don’t understand the American economy” haven’t helped.
Will Lambda become Lambada School: The Forbidden Coding Bootcamp? It’s an important question not just for Lambda, its thousands of students, and Demi Moore’s ex, but also Lambda imitators popping up around the world and policy makers seeking new models to close the skills gap. It would be awfully convenient if all we needed to do was launch lots of Lambdas and tweet more.
Austen and Lambda have gotten many things right. First, Lambda adroitly recognized that closing the skills gap requires a vertically integrated model including admissions, learning, and a “job finder,” and that “school is only a tiny part of the engine.” Second, Lambda determined that the best measure of student success is an applicant’s performance on pre-coursework. Other postsecondary programs and employers would do well to adjust their application processes accordingly.
Lambda is also doing a good job trying to reduce friction by eliminating tuition from the equation. Why don’t millions of Americans run out and get the digital skills employers desperately need? The first barrier is cost of training and concomitant financial risk. So ISAs can smooth the path to upskilling for millions. Lambda has further tried to reduce education friction by fronting living expenses in return for a longer ISA.
Critiques of Lambda’s ISAs are misplaced. Lambda has been unfairly attacked for ISAs that could cost graduates $30k. Leaving aside that most online master’s programs are priced at least at this level, Lambda’s share only reaches $30k at salaries over $100k – a trade most prospective students would gladly make. (Grads making $50k will share $17k over several years.) And don’t get overexcited about Lambda selling ISAs to investors, including the grandfather of CDOs. Bootcamps typically remain on the hook via a risk-sharing formula. So Lambda won’t make any money unless its ISAs pay off. Moreover, in the very unlikely event risk isn’t shared for one cohort, the only way Lambda will be able to sell ISAs for its next cohort is if the current cohort produces a satisfactory return for investors. So regardless of who ultimately holds the ISA, Lambda must remain focused on placement and remuneration. Which explains why Austen tweets constantly about employment outcomes of Lambda graduates – annoying for sure, but a big improvement over your garden variety postsecondary leader with no earthly idea.
Notwithstanding, Lambda has flaws that are likely to prove forbidding. David Perell, another inveterate tweeter who calls himself “The Writing Guy” (which I guess makes me the “Guy Who Writes About The Writing Guy” – a solemn responsibility I may think deeply about at some point) is merely the latest in a 25-year-long line of self-proclaimed education experts to predict that the Internet changes everything about higher education e.g., online courses will have “Hollywood-level production budgets,” “teaching will become an extremely lucrative profession.” It’s Silicon Valley thinking like this that leads to theoretically scalable, high gross margin, online-only education models like Lambda, and that led the New York Times to call 2012 “The Year of the MOOC” (allowing me to call MOOCs “The Spice Girls of higher education” and fulfill a lifelong dream of quoting “zigazig ha!”).
I understand why Austen and his investors really, really, really wanna love online-only upskilling. But MOOC completion rates still hover around 5%. Asynchronous online training programs, like those offered by Microsoft and Google, aren’t much better. Online bachelor’s programs are almost always well under 50%. With few exceptions, only motivated students who have already learned how to learn can upskill successfully in a 100% online environment (and they’ll probably find their economic way regardless). The last time Lambda disclosed its completion rate (80%) was over three years ago. The sound of crickets as Lambda has scaled makes it hard to believe completion hasn’t fallen significantly.
In addition, survey after survey indicate employers view soft skills as essential and also hard to find, particularly among candidates with the requisite technical skills. How are Lambda students building essential soft skills like teamwork, communication, organization, creativity, adaptability, and punctuality in an online-only environment? Notwithstanding that some portion of the instructional day is synchronous (guided project and standup meeting), if Lambda graduates have the soft skills employers are seeking, it’s almost certainly the result of attracting students who already have these skills in the first place.
Online-only upskilling can work if it’s selective or deployed within an enterprise (selective by definition i.e., no employers are “open hiring” in the way that many education and training programs are open enrollment). Onground coding bootcamps operating online programs at a much smaller scale have reported achieving comparable outcomes. But Lambda’s plan was to grow to 10,000 students this year (on its way to becoming a $100B company). And that means less screening, not more. With an unselective online-only model seeking to scale rapidly, Lambda is likely to end up somewhere between (free) MOOCs and (costly) for-profit online universities, which – given its ISA model – sounds about right.
All these challenges pale in comparison with Lambda’s most serious problem: getting graduates good jobs. The lawsuit alleges that while Lambda was advertising an 80% placement rate, executives knew (and wrote a memo about how) the placement rate was closer to 50%. (Yet another reason not to be like “The Writing Guy”.) This makes more sense. By definition, new pathways like Lambda are unknown quantities for employers. They can grow rapidly (and sustainably) if they have a model for overcoming employers’ abundant and understandable fear of the unknown (i.e., high cost of a bad hire, high churn) – one that literally places students in jobs. But tweeting and praying that graduates find work is not a viable strategy for scaling a new pathway.
The challenge of placing graduates in good jobs is exacerbated by numerous and increasingly complex requirements. As I’ve noted, employers are throwing everything but the kitchen sink into job descriptions. Jobs with 30-50 skill requirements – many digital – are hard to get for graduates of Lambda’s full stack Web development program. The sad truth for Lambda is that America doesn’t have tens of thousands of open jobs for newly minted bootcamp grads fresh off a one-size-fits-all online curriculum. The skills gap is most acute for combinations of discrete technologies: not level 1 digital skills, but level 3 or 4 employer-specific tech stacks. And Lambda doesn’t take students to level 3 or 4. As such, an online bootcamp hoping to scale a uniform curriculum to tens of thousands of students may work at cross purposes to the goal putting graduates into good first jobs, or — at best — is only the first step in a training sequence. So a fair price is probably closer to Codeacademy’s $240 than Lambda’s $30k.
You’d think that Silicon Valley – font of all technology – would understand this. But the Bay Area has a bad habit of confusing and conflating everything (including – apparently – human capital development) with scalable, high gross margin software. And that means blissful ignorance, wishful thinking, or both.
Another problem is that it’s very hard for Lambda to have a good interface with employers. Few schools do. For colleges and universities, the proximate cause is negligence. But for motivated last-mile training providers like Lambda, the problem is that employers aren’t responsive to the entreaties of a single school or bootcamp – not even one with 10,000 students, not even one with Ashton Kutcher. This means even if Lambda were willing to sacrifice scale and high gross margins, it’s hard to strike deals to custom-train for Google or any other employer.
There is a shortcut here: misrepresentation. Up until the New York Magazine attack, Lambda had prominently featured Google on its homepage as a destination for Lambda graduates. How many Lambda had Google actually hired? One. (Now Google is listed as one of many employers that have hired Lambda grads.) Beware the specter of the FTC, which pried a $191M settlement from University of Phoenix for similar tactics.
Despite the many things it’s doing right, without a course correction (pivot in Silicon Valley-ese), Lambda is on its way to having a for-profit college problem (sans squandering of taxpayer dollars). Talented entrepreneurs like Austen should leaf through an unabridged history of fast-growing education businesses that don’t deliver on promises to students. The paradox of job placement from a scalable, high gross margin online-only model risks taking last-mile training to a dark place. And that’s not right, because without regard to margins or profits (many models will be nonprofit, or government-subsidized), employer-centric last-mile training models like apprenticeship have the potential to rekindle socioeconomic mobility in the U.S.
While I remain an admirer of Austen’s entrepreneurial verve and commitment to employment outcomes, it’s Lambda’s basic dance move that has it on the verge of being forbidden: if you’re asking students to take any financial risk at all to upskill for jobs where there is a skill gap – i.e., where there are willing payors for that upskilling (employers) – you have an unimaginative business model. And in Silicon Valley, that’s the cruelest dance of all.
CISA’s grant for cyber talent development. State governments as security models for US Federal agencies. Cybersecurity metrics. An international effort takes down REvil.
At a glance.
- CISA’s grant intended to develop cyber talent.
- State governments as security models for US Federal agencies.
- A call for better cybersecurity metrics.
- An international effort takes down REvil.
CISA puts $2 million toward honing cybersecurity talent in nontraditional communities.
The Cybersecurity and Infrastructure Security Agency has announced it is awarding $2 million to two organizations, NPower and CyberWarrior, to support their cybersecurity training programs for diverse populations. The award is part of CISA’s initiative to find new talent in underserved communities. CISA Director Jen Easterly explained “Addressing the cyber workforce shortage requires us to proactively seek out, find, and foster prospective talent from nontraditional places…We’re best positioned to solve the cyber challenges facing our nation when we have a diverse range of thought bringing every perspective to the problem.” For a three-year pilot program, CyberWarrior and NPower will establish a 28-week cybersecurity bootcamp aimed at creating a cybersecurity pathways retention strategy, offering entry-level cybersecurity preparation, providing apprenticeships that allow firsthand experience, and alleviating the cybersecurity workforce shortage. The announcement is concurrent with the third week of CISA’s Cybersecurity Summit, themed “Team Awesome: The Cyber Workforce.”
US CISO looks for positive models in state and local government.
At this week’s Michigan Cyber Summit, US federal chief information security officer Chris DeRusha stated that the federal government should look to state governments for guidance. As StateScoop reports, prior to his current role, DeRusha served as chief security officer for the state of Michigan from 2018 to 2020, and in his remarks he referenced several of the programs he worked on during his term, saying they should serve as examples of what the federal government can accomplish, and he referred to the Michigan State Police’s cyber crime unit as “one of the most sophisticated” units of its kind. As the Federal CISO, DeRusha will be tasked with implementing US President Biden’s executive order, issued in May, which establishes breach reporting mandates and cybersecurity standards for federal contractors, and expands cybersecurity logging protocols for federal agencies.
US CSC recommends metrics for assessing cybersecurity progress.
As Just Security explains, the US Cyberspace Solarium Commission (CSC) has proposed the establishment of a Bureau of Cybersecurity Statistics (BCS), a statistical agency with the role of collecting and analyzing data related to US cybersecurity efforts. In August, the CSC published its 2021 Annual Report on Implementation, which detailed how the recommendations of the initial March 2020 report had been implemented thus far. However, without clear metrics, it’s difficult to measure how fruitful these endeavors have been. The goal of the BCS would be to establish such metrics in order to better assess the success of security policies. The bipartisan Defense of United States Infrastructure Act also recommends the creation of a BCS as part of its efforts.
Law enforcement takes a piece out of REvil.
Reuters reported late yesterday that REvil’s difficulties in reestablishing itself, including its loss of keys and loss of control over its servers, were due to a concerted effort by law enforcement, intelligence, and military agencies, with the cooperation of private security companies, to knock the gang offline.
One feature of the operation appears to have been the compromise of REvil’s backups, an aspect of the operation some who commented found ironic, given the attention ransomware gangs try to pay to backups. A representative of the US National Security Council said only, Computing says, “a whole of government ransomware effort, including disruption of ransomware infrastructure and actors.”
So, “whole of government,” which implies both civilian and military agencies and organizations, but also an allied action. The operation was also international, with participation by other unspecified but “like-minded countries.” Thus an international consensus against ransomware gangs may be showing practical results.
Chuck Everette, Director of Cybersecurity Advocacy at Deep Instinct, hopes the operation against REvil sets a precedent, and that it will have a deterrent effect against other gangs:
“Up until today, there were a lot of unknowns and speculations around what likely happened to take REvil offline earlier this week. Since REvil’s reappearance in September, it had been reported they’ve had difficulties gaining new affiliates. Because of this, they’ve raised their commissions (upwards to 90%) in hopes to entice new affiliates and new recruits to their RaaS offerings. This story started earlier this week when it had been reported that messages were left by REvil member ‘0_neday’ explaining that somebody hijacked their domains and credentials for their payment and data leak blog sites, had set a trap for him, and he was done and leaving. A malware researcher reported later that the REvil domain was accessed again later in the day using the key belonging to the REvil member ‘Unknown,’ who has been missing since July and some thought was possibly deceased. That was until today–the speculation is over. It was revealed that US officials reportedly worked with the private sector and other unnamed countries to disrupt and take over REvil’s operations to shut them down for good.
“We have seen this type of involvement from the U.S. government before. The Colonial pipeline response and disclosure that the bitcoin ransom was paid in the attack had been partially recovered due to the U.S. government involvement. The next example would be the media coverage around the arrest of two ransomware suspects apprehended in Ukraine with the assistance of the U.S. government during a multicounty and law enforcement joint effort to take down these ransomware gang members and to seize financial, physical, and virtual assets.
“The hope is that the actions the U.S. government has taken against these ransomware criminal gangs will set a precedent for other countries and the gangs themselves that governments will no longer stand by idly and allow these 21st century cyber mafia gangs to operate without impunity. Hopefully a clear message is being sent that running a ransomware business is not worth the risks any longer. With REvil being taken off-line, this can definitely be counted as a benefit for those in the cybersecurity defense area. The one thing to note here is there are plenty of other ransomware criminal gangs ready to step in and take back over the areas vacated by REvil. We can only hope that this government assisted shutdown will have a negative impact on the operations of the other gangs due to fear of it happening to them as well.”
The operations does seem to have spooked at least one prominent criminal competitor of REvil, namely DarkSide. Security firm Profero told the Record that DarkSide early this morning began shifting assets around 107 Bitcoin (that’s approximately $6.8 million) into other, smaller, alt-coin wallets. Omri Segev Moyal, CEO and co-founder of Profero. told the Record, “Basically, since 2AM UTC whoever controlled the wallet started to break the BTC into small chunks. At the time of this writing, the attackers split the funds into 7 wallets of 7-8 BTC and the rest (38BTC) is stored in the following wallet.”
It’s worth emphasizing, that, whatever industry’s involvement was, and apparently at least three firms contributed, the effort was duly organized and led by Government organizations. We heard from Doug Lubahn, Vice President of Threat Intelligence at BlackFog, who cautions the private sector against getting too frisky too soon against ransomware gangs:
“Under the Computer Fraud and Abuse Act of 1986, the private sector is ‘prohibited from unauthorized access of computer systems.’ This puts all offensive cyber activities in the hands of the government. Sometimes this is worked around by civilians acting as hackers and buyers of dark web offerings, using that information to lead to identifying the cybercriminal, then directly confronting the hackers. This practice is very risky and can lead to very bad final outcomes. In today’s high profile high dollar ransomware attacks, there is often a connotation of state-sponsored involvement, and any proactive private sector ‘hack back’ can lead to further attacks by the nation-states. There is also the risk of a private sector cyber action causing significant damage to an ongoing cyber investigation. At this point in time in our cyber realm, it is still best to work with your local FBI or State Police cyber team or your area Infragard Team and report your cyber attacks as soon as you can. The most important thing is for the private sector to establish a relationship with area cyber investigators and then report any incidents or suspicious attacks ASAP. I am not aware of any ‘formal’ U.S. sponsored hack back attacks. However, just as an FYI there was a bill introduced in June this year to authorize the study of amending the 1986 Computer Fraud & Abuse law and allow DHS to study the feasibility of allowing US government agencies ‘to take proportional actions against hackers/attackers.’ The bill has not made it to committee yet.”
Steve Moore, chief security strategist at Exabeam, wrote to point out what he considered some interesting points about the operation against REvil:
“There are a couple of interesting themes in this event. The first is time. Second, this incident illustrates the complexity and difficulty of coordinating a criminal group takedown. Offensive talents ranging from cybersecurity intelligence to traditional police work, specifically, those with arrest powers were used. Finally, the timing must be perfect; remember, many criticized the FBI for not releasing the decryption keys sooner; I attribute this back to timing – not tip their hand to the adversary.
“As described by those close to the situation, the most recent actions are that two people had the keys to enable Tor hidden services. Did REvil have an OpSec failure that allowed one of these two leaders to be arrested? Was something accidentally shared that connected the investigative team to the real identities of the criminals? Did this accident enable the infrastructure takedown we’ve witnessed? Hopefully, this will all be shared one day soon.”
With technology continuing to permeate each and every aspect of our lives, a growing number of consumers are looking to become a web developer. Whether you are a recent university graduate or are in the process of switching vocations, web development has undergone a rapid surge in popularity in recent years. Continue reading to find out how to become a web developer in 2021.
Familiarise yourself with the basics
Choose a specialisation
If you have familiarised yourself with the basics of web development, you must now choose a specialisation. Just as online casinos concentrate on a particular speciality of online gaming, such as online slots UK NetBet, web developers are no different. You must choose between becoming a front-end developer, a back-end developer, or a full-stack developer. A front-end developer tends to focus on the needs and wants of the client and any apps or websites that they may interact with. A back-end developer, on the other hand, puts their skills to good use by working on servers and databases. Finally, a full-stack developer is familiar and equipped to operate within both niches of web development if and when need be.
Curate a portfolio
If you have familiarised yourself with the basics of web development and chose a specialisation, you must practice as much and as often as you can. By curating projects in your spare time or whilst at work, you can build a portfolio that will showcase your individual talents to the people that really matter. If you are invited to interview for a position, an employer is unlikely to progress with your application if you are unable to present them with physical evidence of your work. When it comes to becoming a web developer, a portfolio can be the difference between you securing your dream role and landing back at square one.
If you are looking to become a web developer, there are a number of steps you must follow. By familiarising yourself with the basics, choosing a specialisation, and curating a portfolio, you can prove you are not only interested in entering into the web development industry but are serious when it comes to climbing the ranks and growing and developing within your chosen niche. As with any major career change, it pays to be prepared.
Africa will become an innovation hotbed in the next five years as an influx of developers turns the continent into a “world-leading start-up ecosystem,” according to Gartner.
The analyst predicts that a 30% increase in developer talent in Africa, which has in recent years seen an influx of venture capital funding, will see the region evolve into a software development powerhouse rivalling Asia by 2026.
A number of African nations have established innovation hubs in an effort to attract coders and tech talent to the region, and draw investment from overseas.
This includes Kenya’s $1 billion tech ecosystem – dubbed ‘Silicon Savannah’ – which continues to attract entrepreneurs, investors and technologists from Africa and further afield.
“In the next three years, there will be nearly 900,000 professional developers across Africa enabled by the rise of informal education channels,” said Gartner. “As this market continues to grow, global investors will reduce their venture investment in China in favour of this emerging market.”
The analyst’s forecast was part of a series of strategic predictions put forward at Gartner’s IT Symposium/Xpo 2021 Americas.
Daryl Plummer, research vice president at Gartner, said the disruption caused by the pandemic and ongoing uncertainty meant organizations and wider industries should be “prepared to move in multiple strategic directions at once,” particularly when it came to innovation and digitization, as well as fundamental changes to the workforce.
As such, Gartner predicts a shift to more autonomous styles of working over the next three years as organizations adopt remote and hybrid-working models.
In particular, the analyst said just under a third (30%) of corporate teams will operate without a boss by 2024 as company structure moves away from having decision-making made at the centre and towards “peer-to-peer network-based decision making that reduces bottlenecks and saves time in a hybrid-working environment.”
Removing the traditional manager role could be a logical route to improving efficiency, said Plummer. “The role of the manager as the commander-and-controller of work is a major impediment in an era where business agility requires team empowerment and autonomy,” he added.
“Planning, prioritising and organising work efforts still must happen, but it is essential to decouple ‘management’ from the traditional ‘manager’ role to reap the benefits of business agility and hybrid work.”
Gartner analyst, John Kostoulas, stressed that while the traditional manager role might fade away, it was not “primarily a reduction in force exercise.”
Kostoulas told ZDNet: “Managers possess valuable skills that can maximize the performance of teams in other roles than the boss; they can transition into coaching, talent acquisition or capability development roles. Career paths are required to transition managers into individual – or rather, team – performers.”
Further research-based predictions made by Gartner:
- By 2024, a cyberattack will so damage critical infrastructure that a member of the G20 will reciprocate with a declared physical attack.
Cyberattacks have historically been treated by nations as crime. However, increasingly severe attacks will prompt military involvement, said Gartner.
- By 2025, synthetic data will reduce personal customer data collection, avoiding 70% of privacy violation sanctions.
Data generated using artificial intelligence (AI) techniques, known as synthetic data, will put pressure on organizations to reduce the risk of privacy violations and ensure resiliency.
“Synthetic data makes AI truly prophetic, as it can represent future alternative realities, not just the past that the real data reflects,” said Plummer. “Using high-quality and high-volume synthetic data is a powerful way to understand humans at scale.”
- By 2024, 40% of consumers will trick behaviour-tracking metrics to intentionally devalue the personal data collected about them, making it difficult to monetise.
Tech-savvy consumers are increasingly undermining companies’ efforts to track them, such as providing false credential details or clicking on ads they aren’t interested in to manipulate and confuse algorithms.
“Whether motivated by privacy and security concerns, exposure to misinformation or desire for personal monetary gain, consumers are aiming to devalue the behavioural data companies have come to rely upon,” said Plummer.
As someone who builds integration products, I spend a lot of time researching industry and technology trends while speaking with analysts, engineers, architects, target customers, and my product peers. This work inevitably drifts my point of view into some version of “what’s happening now, what is likely to happen over the course of the next few years, and what is my role in guiding the industry to the best possible future?” This article intends to provide a synthesis of the most impactful ideas over the past year and their influence on my go-forward thinking as a connectivity Product Manager. I hope you enjoy the reading and look forward to your thoughts in the comments.
APIs become a part of internet fabric
To some students of modern technological history, the “connectivity” part of the internet looked very different just a few decades ago. By “connectivity,” I mean APIs, protocols such as HTTP, and agreed-upon architectural patterns that unlock data. As a result, technology professionals speak about “legacy modernization” projects to expose old technology silos that would otherwise remain hidden from the digital lifeblood of the business. These so-called digital transformation projects often relied on XML-RPCs to enable integrations with mainframes while the new digital era brought standards such as REST, GraphQL and Web of Things.
While established companies invest in new APIs to support digital transformation projects, early startups build on top of the latest technology stacks. This trend is turning the Internet into a growing fabric of interconnected technologies the likes of which we’ve never seen. As the number of new technologies peaks, the underlying fabric — otherwise known as the API economy — fuels the market to undergo technology consolidations with the historic-high number of acquisitions.
There are two interesting consequences of this trend. The first is that all of this drives the need for better, faster, and easier-to-understand APIs. Many Integration-Platform-as-a-Service (iPaaS ) vendors understand this quite well. Established iPaaS solutions, such as those from Microsoft, MuleSoft, and Oracle, are continually improved with new tools while new entrants, like Zapier and Workato, continue to emerge. All invest in simplifying the integration experience on top of APIs, essentially speeding the time-to-integration (a level of growing importance when it comes to business agility). Some call these experiences “connectors” while others call them “templates.” But in the end, the leading integration minds are actively invested in this area.
The second consequence is well-defined, protocol-based connectivity. Looking at the world of REST ー a well-accepted architectural style defined in Roy Fielding’s dissertation ー we see that REST APIs dominate the scene with well-established specification standards such as the OpenAPI Specification (previously known as Swagger). Not only do these protocols enable industry-leading iPaaS solutions to agree on what the next world of connectivity will look like, they also set the foundation for new experiences — often referred to as innovation — to evolve. More technologies just keep emerging, offering visualization and transformation products that understand these standards while bringing more users into the world of connectivity.
I am excited about the potential of this space and its ability to define the fundamental building blocks of the future internet with APIs as the centerpiece of its fabric.
Breaking silos with indexed search and browser-like API discovery
Moving from specialized tools and standards to a simple API discovery layer means that any employee who can write queries and logic flows will also be able to build full-fledged applications and customer-facing experiences. Many leading analysts are now seeing this dynamic as more APIs are consumed by less-technical departments like marketing, finance, sales, and HR.
I see this trend further evolving in two major forms. The first of these is universal API search and discovery. Many of us are using Google to search for information, and “Googling” endpoints (the addressable location of an API) and data shouldn’t be any different. This means more tools will evolve, but the approach we take will be fundamentally different; instead of manually documenting new endpoints with references and API portals, we can start indexing new APIs dynamically based on their machine readable descriptions. Using techniques similar to Google crawler tactics that discover publicly available web pages, more users will have access to all publicly available endpoints and the data.
The second form involves how we explore those APIs and the data they contain. Today, many developers start by searching for an API portal, finding a relevant SDK, and sampling an API’s capability with API-consumption tools like Postman. Less-technical users, however, turn to low-code/no-code solutions that bridge the technical gap by demystifying API access (a skill typically reserved for software developers). It’s interesting to think about what will change as we evolve the underlying foundation of those protocols and standards. I believe that we’re soon to see more browser-like discovery tools, where webpages are replaced by endpoints and information is replaced by data. In this world, users can search, query, play, and plug the data instead of worrying about API technicalities like URIs, endpoints syntax, query parameters, etc.
Looking ahead, what I find most exciting about this development is that we will see the creation of new digital capabilities that are closer to the end user and are much faster to build. These innovations also trigger a need for enterprise professionals to see the bigger picture of how it all connects, while product leaders and CIOs must pay closer attention to inconsistencies in the customer experience or potential compliance, privacy, and security issues.
Productizing connectivity: protocols vs. connectivity as a service
More than ever before, users demand access to data. Yet many existing solutions are too complex, too expensive, or too heavy. This creates a technology vacuum that will be filled in the following ways. On one hand, integration professionals like me will continue to advance connectivity standards. Optimization for ease-of-consumption, particularly by non-developers, will lead to a new API consumption layer, so that less-technical experiences can evolve on top of it.
On the other hand, new business cases will be made for creating agile API-facade-as-a-service solutions. As more users demand faster time-to-market while taking scalability, availability, and security for granted, more startups will emerge to address the need. We’re already seeing new entrants involving productivity infrastructure as a service by Nylas and a unified API from Kloudless that connects over 150 SaaS solutions through a single canonical model. All of this makes it easier than ever before to build and maintain connections with external systems.
As we’re advancing on each front, I suspect that the industry will first need to agree on common architectural patterns as we build new solutions around them.
Data is the new endpoint in security
Data breaches are trending up, with a record of 1,767 publicly reported breaches in the first six months of 2021. Our most common attempts at securing data focus on protecting the infrastructure that provides access to it: endpoints. Although this approach makes sense for some organizations, as we shift more infrastructure to the cloud where the infrastructure is far less within their control, securing that infrastructure becomes more problematic. We add more users into the mix who can now search, query, and share data with their favorite apps, and we have a recipe for disaster.
To stay ahead of these trends, we first need to change our mindset. Instead of protecting endpoints in the new digital world, we must protect the data. This space is full of interesting innovations with new encryption and tokenization standards that further propagate the zero-trust model. This trend is also recognized by new startups that are building businesses around the idea of protecting data with encrypted data vaults and use-cases ranging from securing PII to offering HIPAA-compliant encrypted data stores.
Regardless of how we evolve our new API layers, at the core of the “secure” approach will be our ability to discover and work with sensitive data.
The bottom line
We are still “rounding first base” in terms of defining the next generation connectivity layer and understanding what kinds of businesses can be built on top of it. As APIs are already in the center of many digital transformations, we’re clearly seeing a trend of simplifying API consumption with low-code/no-code solutions that bring more users to create pluggable enterprises. It’s fulfilling to think of a world where everyone can contribute to improving the business.
Anton Kravchenko is Director of Product at MuleSoft, a Salesforce Company. If you are thinking about or building products or protocols that touch on any of these ideas, he would love to hear from you.
Security Innovation Announces Free, 30-Day Web AppSec Professional Development Bootcamp for Cybersecurity Awareness Month
Recognizing the work of Cybersecurity Professionals with an Opportunity to Grow their Skills with a Live-Action Cyber Range Event and 35+ Online Courses
WILMINGTON, Mass., Oct. 21, 2021 (GLOBE NEWSWIRE) — Security Innovation, an authority in software security assessments and training, is offering free registrations to a 30-day Web AppSec Bootcamp to recognize Cybersecurity Career Awareness Week. This week, a new part of Cybersecurity Awareness Month from the Cybersecurity and Infrastructure Agency (CISA), aims to raise awareness of career opportunities in cybersecurity.
As part of ongoing efforts to broaden and diversify the cybersecurity workforce, Security Innovation is offering free registration to the CMD+CTRL Security Bootcamp. The 30-day professional development experience combines hands-on, instructor-led hacking with more than 35 courses on the 2021 OWASP Top 10 threats and attacker techniques. The Bootcamp is a relevant, flexible and convenient way for cybersecurity professionals to enhance their skills and earn up to 13 CPEs.
“Security Innovation is committed to the growth and diversification of the cybersecurity workforce,” says Ed Adams, CEO. “This special Bootcamp is an opportunity to recognize the dedicated professionals in the field and to raise awareness of the career possibilities for those looking to enter the cybersecurity workforce.”
The upcoming Bootcamp, starting on October 28th, features:
Live CMD+CTRL Cyber Range Event: This four-hour, interactive event is led by expert instructors. Participants of all levels will learn new skills as they think like an attacker looking for 35 challenges in a real, vulnerable web application. SQL injection, cryptography, and parameter tampering are among the many skills participants will develop in this hands-on, engaging experience. This cloud-based experience requires no special tools or skills to participate.
OWASP Top 10 Online Courses: Access more than 30 on-demand courses focused on the 2021 OWASP Top 10 vulnerabilities. Accessible courses are about 12 minutes each with weekly themes to master parameter tampering, SQL injection, cross-site scripting, and more. Additional courses are included in the Bootcamp to address the three new vulnerabilities in the recently announced OWASP Top 10 for 2021.
Reporting and CPEs: Detailed reporting to share with bosses and earn CPEs for industry re-certifications. Earn certificates of completion for the cyber range, individual courses, and the entire Bootcamp.
The complimentary CMD+CTRL Bootcamp training resources are award-winning educational and training content designed specifically for software development and deployment professionals. This blended approach to learning is proven to build skills that stick, so professionals make the most of their limited time to dedicate to personal development.
Reserve your free registration today: https://get.securityinnovation.com/free-bootcamp/
About Security Innovation
Security Innovation is a pioneer in software security. Since 2002, organizations have relied on their assessment and training solutions to make the use of software systems safer in the most challenging environments – whether in Web applications, IoT devices, or the cloud. The company’s flagship product, CMD+CTRL Cyber Range, is the industry’s only simulated Web site environment designed to build the skills teams need to protect the enterprise where it is most vulnerable – at the application layer. The company has a long-standing commitment to supporting the diversification of the cybersecurity workforce by bringing meaningful, hands-on training to women and underrepresented populations. For more information, visit www.securityinnovation.com or connect with us on LinkedIn or Twitter.
Marketing Communications Director