Tag Archives: security

The next big step – Tom Cope

Hello, Its me Tom.C back with another blog post. So you may be wondering where I’ve been since my last blog post? You maybe sitting there in your arm-chair asking yourself “Cave what kind of tests are theses? am I in danger?” well let me answer that question with a question: “Why am I now talking about Portal 2?” No. No, back on topic. The reason why I’ve not written a blog post for so long is because I’ve been at Oxford. Or to me more precisely, Oxford university. Let me explain:

About a year ago I finished my apprenticeship here at IBM. After a month I was encouraged to pursue further education to develop my skills in Security. After looking through various courses my Dad suggested that I should try a part-time Uni course. After some research I found Oxford do a Part time Master Degree course in Software and Systems Security. It covers all sort of topics such as agile software development, embedded systems, ethical hacking, social engineering. The full nine yards and the best part is it’s all part-time. In order to complete the masters you have to do ten modules. Four in software and six in security, then a dissertation at the best. So I applied!

So how does it work? Well first you book the courses you want to do from a calendar. Each course takes place at Oxford University in the Computer Science building, so I tend to stay at Oxford for the week I am taking a module. There are lots of places you can stay and Oxford is a great place with lots to do. A month before you a due to start you are sent a care package with various details of the prerequisites to the course. In the case of the Java module it was a Book on “OOP Design” and I had to read the first six captures.

Then you move on to the courses themselves. Each course is five days where you get to learn about your chosen topic. The classes are really interesting and quite practical. Everyone in the class is also working part-time so you are all working on the same level. The classes are quite relaxed, if you have to take a phone call you can dip out of the class and there are regular tea breaks. At 12:00 everyone goes for lunch which is a cooked meal at the college. The food is amazing!

The class increases in difficulty over the week. On the Friday everything comes to a close and you are handed the assignment. The assignments can be anything; make an application, write an essay or both! You have some time to read it through and ask any questions you may have. Then its back home to start the assignment. You have six weeks, which may sound like a long time but when you are working full-time it goes by quite quickly.

Hows it going so far? Quite well. It’s a lot of work. There have been many long nights in order to keep up but I find it really enjoyable. You learn so much and at the end of the assignment you can look back and be proud of what you have achieved. So far I have completed three modules. Java OOP which is a prereq for the Software side of the course. Embedded software systems which was very interesting since I did electronics at A level. Embedded systems are everywhere. Writing software for them is a whole different world. To think that a millisecond delay could cost a life in an air bag system really makes you think about how reliable and safe your code is. Most recently I have completed the “Concurrent System” course which was all about “Erlang”. A really cool language with a “Let it crash approach” (it’s better than it sounds) and was by far the hardest module so far.

How does this work with IBM? Well IBM requires each employee to complete 40 hours of training a year (which is quite cool). My Oxford work equates to about three weeks a year. So I end up taking one as education leave and two as holiday. My project is great because they are very flexible and they don’t mind me taking the time off.

I have completed three courses so far all in software engineering. Now I am moving into the more security related ones. Next up is; Security Principles, Trusted Computer Infrastructure, Secure Programming and Cloud Security. All of which I am really looking forward too.

The big question that remains is would I recommend it? The answer would be YES! It is definitely hard work, lots of hard work and it can be hard juggling work, Oxford and a social life but at the end of it I will have a Master’s degree and that’s something to write home about.

-That was me Tom.C see you in the next one.

Advertisements

CAMSS? Just another acronym?

CAMSS. It’s another acronym. Does it look familiar to you? Doing a Google search for ‘CAMSS’ will mostly yield results related to IBM as this is our ‘keyword’ for the future direction the company is taking. Yet, IBM are not the only company diverging and investing in the CAMSS space. Many other global technology corporations such as Microsoft, Amazon, Accenture and HP are also heading in a similar direction. However not many people understand just what these initiatives are.

I currently work on account which is the other side of the country to my home town, and any trips back require a number of hours on public transport. I thought one day, whilst I was bored and had just finished an IBM quiz on Cloud, to maybe do an experiment and see who else on the commute would know about cloud, analytics, mobile, social or security. While I think there may be a select few who would understand, the majority of people will probably look at me funny and some would probably tell me to go away. Don’t worry, I didn’t actually go around asking people that, it was the end of a long week of work and I just went to sleep!

If you’re not that sure about CAMSS (Cloud, Analytics, Mobile, Social and Security) then be glad you have our blog. I will cover briefly what each initiative is, and how it ties in to the work we do to improve the way our clients and people in general work.

Cloud

When we talk about cloud, we don’t talk about things being put on to actual clouds, but keep the metaphor in mind as it is probably the easiest way to explain Cloud to someone who is not necessarily in the know. When a company is looking to upgrade their existing infrastructure, maybe to support a new project or keep up with business demand or growth, a company will probably start costing how much it would be to buy all the networking gear and hire professionals who are able to install the new network. Many companies will probably outsource this work to a reputable company. While this means that company will have their own infrastructure, it is often very costly and, to keep their systems secure and running smoothly, they will likely have to upgrade in the next five (or less) years. So how does a company keep up with demand and technology without having to fork out money every number of years? Turn to the Cloud. Companies like IBM offer Cloud solutions using the latest hardware which can dynamically assign resources depending on the demand from a client. So in the example of an online retailer, Summer can be quiet and the Cloud infrastructure can be scaled down (saving the customer money) and once Christmas hits, more resources can be assigned to cope with the new demand. This is an example of Infrastructure as a Service. You also have Platform as a Service and Software as a Service for hosting singular or a variety of different applications in the Cloud.

Analytics

Data is everywhere. An average person working a 9 to 5 job likely wakes up and checks the latest news or their favourits websites on their phone, eats their favourite cereal or breakfast, washed with certain hygiene products, drives a certain car to work, takes a certain route and when they get to work accesses certain websites or does online shopping buying certain quantities of different products. How much data could you gather from that person based on the above scenario? The same applies to businesses in terms of customer demand, current trends, buying habits, preferred products and financial predictions, for instance when the company is likely to make or lose money. All these data points are useful and Analytics can be utilised to provide a company with useful insights into how their business is operating and can assist in making informed business decisions.

Mobile

In these times, you will struggle to find a person who doesn’t own a mobile phone and smartphone use is ever on the rise. If you were a company looking to improve your web or user experiences for your customers, then it would make sense to go mobile. After all, people are always busy moving around, less people are confined to a desk with one computer for their whole life and much more work is being done on commutes with smartphones or tablets (or other similar devices). A lot of companies and online websites already do a lot of work to make their business experience more mobile. For example, on this Apprentice blog, we’ve done a lot of work this year to make our website more accessible for a range of different users which includes utilising a mobile version of the site and allowing authors to create and edit content on smartphones and tablets (I am writing this article on the bus while on the way to work!). You only need to look at the sheer amount of companies who have a mobile site and initiatives such as Apple Pay to see how seriously companies are taking mobile.

Social

As I type this, Facebook has recently announced that they are celebrating one billion active users online at any one time. Just think on that for a sec, one billion active users with a social media account, that’s 1/7 of the worlds population online at any one time, 1/7 of the worlds population with social media accounts and of those accounts, the average Facebook user has 338 friends (Six Degrees of Seperation Theory anyone?). Companies know the sheer power of social media and are utilising it in many ways such as word of mouth advertising, encouraging users to share experiences of their products, targeted advertising based on a users likes and preferences (again, back to analytics here) as well as Twitter accounts which provide a means of customer service support or providing latest updates (especially useful in terms of transport). Essentially, social media brings customers and companies closer together and the power of communication and human socialising shouldn’t be underestimated.

Security

Increasingly, we are hearing in the news of scandals in terms of data breaches and hacks being performed on major or sensitive websites. (Quite recently, the hacking of Ashley Madison has got quite a few high profile people hot under the collar!). How do these data breaches happen? It’s quite simple: security simply was not good enough. While it’s good to have an amazing infrastructure, servicing customers effectively over social media, a good mobile experiences, it would all amount to nothing if all that customer information was illegally accessed and shared to the wrong person just because of inadequate security. The cost to a company of data breaches is highly significant and has caused companies to go bankrupt from the legal costs associated with compensation for loss of customer data.

I hope this article goes a way to clear up what we mean by ‘the CAMSS agenda’ and clarifies why companies like IBM have chosen to guide business direction toward these initiatives. Once again, I look forward to posting to you again soon. – Craig

 

What on earth is CAMSS? – Avtar Marway

Well, in short… CAMSS stands for ‘Cloud Analytics Mobile Social Security’. These are the five key strategies that IBM have in order to help their clients and be essential to the world. So how have these already helped?

Cloud

Like a normal cloud, which stores water, one of the offerings of IBM’s cloud is to allow storage of their client’s information, data and services. Rather than buying their own data storage, clients can use IBM’s Cloud to store their data and information which means they do not have to worry about it

Analytics

Do you ever think what happens with all the data we collect? The millions of data that is collected through the little things we ignore in life? By using Analytics, we are able to analyse the data we collect in order to make smarter cities and a smarter planet. So an example of this is by using traffic lights. Don’t you just hate it when you’re at a red traffic light at a junction, where there are no cars and no pedestrians waiting to cross? By using the data that is collected by traffic lights, analytics can be used to make these traffic lights smarter and better to the adapting world that we are in.

Mobile

Are you reading this from your mobile? If you are, then that’s one of the big things that mobiles are able to do. Mobile is a huge part of society today and are a big part of our lives. This is due to the growth in technology over the years which has allowed companies such as banks to integrate their services into the mobile industry. IBM helps its clients with Mobile by undertaking activities such as creation, management and testing of their mobile-ready applications. For example, if a bank were to have a new app, IBM could help to create this app, test the app on mobile devices so that when the bank releases the app, there are no problems and customers are satisfied with the application as well as it’s functionality.

Social

How often do you see the Twitter or Facebook symbol on the website of a business? The majority of businesses now link their business with Facebook, Twitter, YouTube etc. in order to increase the social aspect of their business. IBM help to develop offerings and assets around the use of social media. IBM can analyse the data that a business’ social aspect collects. For example, say one of IBM’s clients had a twitter account where customers tweet the company. IBM could use the tweets that have been sent to their client to find out what a lot of their customers are tweeting and then use this information to help their client. For example, if tweets were about low customer satisfaction, then IBM could help the client with this problem. All this is done because the client went social.

Security

Without Security, you would have no money, I would have no money, and there would be mass mayhem all over the world. Security is very important – especially with the growth in technology. This is because if security is breached, all kinds of information can be leaked. Remember when Sony was hacked? And the bank details of many PlayStation users were held by the hackers? Imagine if your bank details were breached, how would you have felt? IBM helps to implement high levels of security to their clients. For example, if a client uses the IBM cloud, the information and data they keep inside the cloud is protected within IBM’s security platforms. IBM have done many demonstrations to display how good our security offering is.

I hope you have enjoyed this blog, and have understood what CAMSS is. If you require more information about any of these or about anything relating to IBM as well as the apprenticeship scheme, feel free to contact me on Twitter (@AvtarMarway), LinkedIn (Avtar Marway) or email me (AvtarMar@UK.IBM.COM).

See you soon!

CAMSS – Impact on working on a Public Sector Project

CAMSS – Cloud, Analytics, Mobile, Security and Social, is the key strategy for IBM, and one that we must all take into consideration and follow as much as possible. However, as within my role as Change Manager on a Public Sector project, this is not always easy. In this post, I’ll look at some of the challenges that are faced when trying to implement all of the 5 strategies within a large Public Sector project.

In the Public Sector, Security is the most important aspect of CAMSS, as you would likely expect. Ensuring that all data and applications serviced by the project are kept safe and secure is at the heart of the clients expectations, so following this is the most important thing that we as a project team can do. As a Change Manager it is important to ensure that any data we are looking after is kept secure, as well as any changes that we are managing has no security implications for the applications. As seen in the news in the past, there have been numerous virus vulnerabilities so it has been important to act quickly to ensure these do not affect any of the systems that we are monitoring and looking after.

Keeping security as the main focus for the project has often meant that some of the other CAMSS strategies are not able to be implemented as effectively, but it is important for the project to continue to look for areas to progress within the remainder of the five strategies. As the project takes on new accounts, they have tried to move these onto the Cloud, where they are now hosted. In some cases, it is not possible to do the need to be extra resilient, but as new smaller accounts are incorporated into the programme, they are being hosted on a highly secure cloud network.

Each project faces different challenges, whether it is a public sector project or not, so it is important to remain at the height of the CAMSS focus where possible, and if needed keep a high focus on one particular area of the strategy.

CAMSS: Security – Thomas Cope

And so you’re back from outer space, I just walked in to find you here at my Blog Post. Hmmm doesn’t really work does it? Anyway Hello, it’s me Tom.C back with another blog. Firstly congrats for reading this far. I’m sure you saw “CAMSS” and thought “What on earth is that?” Well CAMSS is IBM’s strategy. It stands for Cloud, Analytics, Mobile, Social and Security. In this post I am going to cover the Security aspect of the CAMSS agenda as it is a sector I currently work in and one I am trying to move more into.

So what is security? Now that’s a big question and some might say it includes confidentiality, integrity and availability. However, others would say authentication, authorization and audit or even “it’s to make sure my bank transfer gets to the other end safely”. They would all be right. Security is making sure the “data”, whether that be physical assets, banking information or personal files, are safe. It is an extremely problematic area where billions of pounds are invested.

So what does this mean for you? Well, if you’ve been reading the news recently all sorts of different attacks and data breaches are happening every day. At any point down the wire your data could be exposed, altered or stolen. Let’s take an example. You are at home on your banking app and you’ve just sent £100 pounds to your friend to pay them back for the steak dinner you had. What could go wrong? Well firstly you’re using a phone. Are you sure there’s no malware on it? Is it your phone or has someone cloned it after you took it in for repair? You are most likely using the WIFI but how do you know you are connected to your access point or an attackers with the same name? They could even be on your home network having cracked the password long ago because you didn’t change the default one, giving them opportunity to intercept traffic and divert money to their bank account. OK then, say the transfer got to the bank fine, how do you know they aren’t hidden away on a server? You may thank this a bit blown out of the water but all of the examples I have given have happened in real life and I’ve done one of them!!

So what do I do in the Security sector? It’s a massive area and I’ve only been exposed to a small portion of it. I work primarily on Identity and Access Management (I&AM) which grants or denies access to certain resources. That could be access to run a command on a Linux server or allowing someone to access the server room. I work with different IBM technologies to achieve this; TDS (LDAP), TAM, Webseal etc. I also work on Security Gateways such as IBM’s Datapower which act as customisable firewalls which follow business rules such as “You’re only allowed to transfer £1,000,000 in one transaction”. Finally I also work in Public Key Infrastructure (PKI) which is a system where Keys and Certificates are managed and created (which can get very complicated very quickly).

Why is it an emerging technology and why is IBM focusing on it? Security is huge and everyday thousands of attacks are taking place to gain access to critical data. Over the years attacks have gotten more and more complicated leading to sophisticated attacks and recently the “secure” software like SSL has proven to be not so secure after all, leading to a large need for good security measures.

In my opinion there is a big “Security explosion” on the horizon. That could be a virus, network attack, malicious APP or something completely new: a turning point where everyone sits down and completely rebuilds information security from the ground up.  Before security was an afterthought but next it will be the first thought that crosses your mind whether you’re a developer manager or consumer. No one wants their data stolen or manipulated so lets put a stop to it!

So I hope that explains IBM’s CAMSS Security in a Nutshell. It’s me Tom.C signing off till next time.

Key Career Considerations – Ryan McManus

In this blog I will be sharing an insight into what factors I will be taking into consideration when setting my aspirations/ career goals/ path.

I should have set some specific aims and goals and have planned my full career out, but I haven’t.  Whether this is because I feel like it is impossible due to the fast moving industry I am in or whether it is a time consuming exercise that will be done and then not followed… I am not sure.

I am still an apprentice and every role I do, every person I speak to, every friend I make could change my career path instantly. Therefore I am taking every day as it comes and putting my full effort in to every task I compete.  I feel that if I don’t put in sufficient effort at this stage of my career, I will miss opportunities to get noticed, learn and most importantly, Network.  I am an apprentice and will take every opportunity to ensure I have as many career paths open to me as possible.

I am not planning to go through the whole of my career without long term goals. I think when my apprenticeship is over I will have to think very hard about the career path I would like to follow.  There are a few things below that will help me determine what my goals and aspirations will be and what career path I will take.

Key Career considerations:

What am I best at – For me, the top factor which will determine my career path and influence what I want to achieve is my skill set. Always play to your strengths. I am not talking about specific things here but high level areas like am I technical or client facing, am I good at sales etc.

Where is the money at – I am not going to hide it, money does drive me. I will have to balance where I want to end up and how far I want to climb; with how much that role impacts my social life/ family (when I have one!).  I will consider whether my industry is where the money lies, whether people at the same level ln the same sort of job are earning the same sort of wage.

Hours– What hours will I have to work in the career path I have taken?  Career paths with constant weekends or nights may be a factor that I will have to take into consideration.

How easy is it to climb – I like responsibility, I like to climb higher to gain more skills and experience. I will be looking for a career path that allows me to grow/ transform and looks to be the future career path for growth and opportunity, not just the one that appears to be doing the best currently.

What is the future – As mentioned above, I will have to think about if the career path or a similar career path will likely to be successful in 20 years’ time. It’s not the end of the world if it isn’t as people change within industries all the time but if you are an expert in the same industries for many years then other career factors like money may be easier to reach.

Job security – I will be looking at how secure my job is likely to be based on the path I choose and how high I want to climb.

 

Long/ short term factors:

Location – My career planning will probably not dive that deep, but in terms of roles –  the location of the roles will be a huge factor to where my career ends up. Do I want to work abroad – will my company enable me to work abroad, do I want to work in a City, do I want to be in a particular location etc.

Mobility – At the moment mobility is not an issue; I work away in different locations and away from home 5 days a week. However when I settle down and have a family, will being mobile start to affect my decisions in my career planning?

Social – The job I’m in, the responsibility I have, the location I am in, the people I work with. Does it offer what I want in social terms? What I am after now may not the case 20 years down the line. I like to go out at night, have meals, socialize with other apprentice/ graduate/ colleagues, play football,  play golf, play badminton etc.

Atmosphere and working environment – When trying to enjoy the role and job you are in – the place you work and the people you are working with. If you don’t enjoy where you work and the types of people you are around then your job satisfaction could be severely impacted.

Social:

I want to go travelling around Europe.  – I need a job with good pay and that will support that ambition.

I want to go skiing in 2016 – I need a job that will allow me to have time off in a particular time of the year.

I need to save for a nice car and a new house – I need a job that pays a fair amount of money for the job I do and the value I add.

 

My key ambition and aspiration is to climb in a company to gain more knowledge/ experience,  get more responsibility and as a result earn more money, whilst at the same time ensuring I enjoy life to the full! I am sure that the things mentioned above will be big factors while trying to achieve that aspiration.

I am a firm believer that you should work to live and not live to work!

Hope this blog helped!

2015: The Final Hurdle – Tom Cope

Hello, It’s me Tom.C. I’ve been on this Earth for 19 years and retrospectively that’s not a long time, but damn where have the last 2 years gone. The IBM apprenticeship is three years in length and this year; 2015 will be my last on the program. In September I’ll be thrown into the business to move on to bigger and greater things. That leaves me with ~15,897,609 seconds… ~15,897,608, ~15,897,607. I should really stop over thinking this and start making the most of it. My resolutions for 2015! Everyone’s got them so I would like to share mine with you.

Firstly I would like to complete some certifications. I am currently a Certified Redhat System Administrator (which was by far one of my favourite courses) and I would like to get my Certified Redhat System Engineer. The course is booked, so now all I’ve got is the exam (wish me luck). Next up is the CompTIA Security+ Qualification. Security+ is an industry recognised certification which covers everything from encryption to network security. It’s all done from this cool website which adapts based on how you answer the questions, which is great because you can skip over the stuff you already know and go for the new interesting parts first. I’m about half way there and then I can go for that exam.

Working in a security role really changes your outlook on IT, I always find myself thinking of new ways to bypass security measures. So much so I found a security hole in one of my scripts! I wrote a simple bash script to exploit this hole and voila it worked! I then rewrote a section of the script to defend against this type of attack. I found the whole experience quite fun. I was talking to the project SME and showing him how I performed the exploit and he said I should think about becoming a PEN tester, who’s job it is to do what I just did. Find security holes on a project and write a report about them, so the business can help patch the issue. He recommended I go on a Ethical Hacker course and if I pass I would get a “Certified Security Testing Associate (CSTA) qualification” which is approved by “CREST”. I was all in for that so I sent of a course request and I was approved today. I’m really looking forward to it.

Next up learning. I would like to try some Windows based technologies this year. It’s all well and good falling in love with the soft glow of a black and green command line but sometimes you’ve got to close Putty and use a GUI. I use IBM’s TDS (now re-named to SDS) which is a type of LDAP server. Think of it like a massive phone book, you can quickly search for someone’s name and get their number. But in my case, quickly search for their username and check their password. Windows has its own version called Active Directory or AD for short. Because everyone use’s Windows as their work station I have done some work integrating AD into Redhat Linux so that you don’t need to keep re-typing your password to access a Linux box. Good fun but I would really like to learn more about AD, it looks really cool.

Another point on my New Year’s Resolutions is Social media. IBM has a real focus on “Growing a Social Presence”, so I want to do the same.  If you’ve ever been interested in connecting with me here how:

  • Twitter – @copethomas : My various 140 char comments about work, life and my desk cactus.
  • LinkedIn : My Jobs within IBM, Qualification and (hopefully more) Certifications
  • My Website tomcope.com : Built from scratch in the Style of a Old Fashion terminal screen

I hope to work on my “Social Presence” writing more blogs etc. You can find my blogs on my Linkedin.

My Final resolution is one a bit closer to me. I am continuously making things at home. Arduino Robots, Minecraft Mods and applications in Java/C++. Most of these get back benched and placed in the dark abyss knows as “The Archive” (a black hole folder on my desktop). Sounds a lot like a Doctor Who episode checking… nope not there but “Temple of Secrets” or “The Ark in Space” are cool names. My point is I never truly finish a project, either I’m to paranoid about “perfection” or I think of some other project and go “oooh lets do that!”. Then the current project gets thrown into the folder and the cycle continues. The only exception to this is my “Conference Call Bingo” game. Which I made in a weekend. I have now published this game and you can find a blog post about it on my Linkedin. I want to do more projects like that and share them. So that’s my final resolution, more projects and more sharing. If I do get another project out I will be sure to post it on LinkedIn, here and my personal website.

So there we have it. My plan for 2015. To think it took 2940 sec to write this. Which leaves me with ~15894667 sec to complete the ABOVE! As I said got to stop thinking (or writing) about it and get on with it. So that was me Tom.C, see you in the next one!