Tag

skills

Browsing

Lately I’ve been thinking a lot about what to do. There are a couple of reasons for this.

First, doing it well is a prerequisite for developing any credible expertise in any kind of computer science or engineering discipline. With the right mental toolset, you can bootstrap knowledge of any subject matter you might need.

Second, in my experience, it is the aspect of computer science and engineering that gets the least attention. There is a real influx of online training resources. But most of them cut the nuts and bolts right in order to acquire a basic qualification with software tooling to qualify someone for the job. This is understandable up to a point. If you’ve never programmed before, the skill you immediately feel lacking is programming language use. In such a situation, it is natural to attack him directly.

But while it’s not as exciting as rolling up your sleeves and saying “hello” to that world, taking the time to learn, and how to solve problems that can’t be solved by hard coding, will in the long run. Running will pay.

Will outline what I have found to be the most essential cognitive skills contributing to engineering success.

Your harshest critic should be your thinking

The primacy of critical thinking is such a clichéd aphorism that most of the people I inspire to investigate become addicted to it. This should not lead anyone to mistakenly believe that it is not inevitable, however.

Part of the problem is that it is easy for those who advocate critical thinking to assume that their audience knows what it is and how to do it. Ironically, this notion itself can benefit by going through some critical thought.

So, let’s go back to basics.

Wikipedia defines critical thinking as “the analysis of available facts, evidence, observations, and arguments for decision-making”. What do the words carrying the most weight mean here? “Fact,” “evidence,” and “observation” are related, because they all try to establish in their own way what we believe to be true.

“Facts” are usually first (usually) proven by other people whose understanding we trust. “Evidence” is made up of specific measured results listed by you or other trusted persons. “Observations” refer to those made by the critical thinker himself. If these, too, were events that others (and not theorists) had witnessed, how would this be meaningfully different from “evidence”?

The “logic” is weird here, but for good reason. That’s where “thinking” (logic in particular) really starts to do its heavy lifting. “Logic” describes how the thinker makes rational determinations that point to additional knowledge based on the interplay of facts, evidence, and observations.

The most important word of the definition is “decision”. Critical thinking is not necessarily related to trying to prove new truths. Critical thinking only requires that consideration of all of the foregoing yields some overall idea of ​​what is under consideration.

These decisions are not absolute, but may be probabilistic. As long as the result is that the entity being considered has been “judged” and the decision holds for all available information (not just the one that leads to the desired conclusion), then the critical thinking exercise is complete. It is done.

medical procedure

I doubt if that’s what most people mean when they say “critical thinking”. What really matters, however, is whether you practice critical thinking yourself. Funny enough, the way to evaluate whether you think critically… is to think about it critically. Meta, I know, but you have to go there.

In fact, what we’ve just done in posing these questions is a kind of critical thinking. I have my own penchant for critical thinking, which is to ask, “Why is X like this?” As I understand it, what elements acted upon, or must have acted on, X, and are those elements manifesting or producing the effect in other ways I suspect? This is helpful because it acknowledges that nothing exists in a vacuum, which helps ensure that you account for all available facts, not just obvious facts.

With a working understanding of the practice of critical thinking, get into the habit of using it to sieve reasonably valid reality from perceived reality. Try not to believe anything to be true until you have verified it through this process. Does the given statement match with the other facts you have on the matter? Is it appropriate? Does it make sense given the context?

I don’t need to tell you how valuable working with a computer is. I shouldn’t because now you (if not before) are able to figure it out for yourself.

try before you cry

This is something that has appeared in my other pieces, but which deserves to be reiterated here in the interest of completeness.

We all need help sometimes, but your coworkers will expect you to try to solve the problem yourself first. Time is a scarce resource, so they want to know that they are spending their time wisely. Got you a google search away giving the same answer, probably not so. Also, if you’ve tried to solve it yourself, the person helping you can pick up where you left off. This lets them rule out a number of possible causes that take time to test.

You also never know whether your fellow engineers will be available or knowledgeable enough to help when you need it. What if you’re the only one who knows anything about the project you’re working on? Or what if you’re on such a tight deadline that you can’t wait for a response? Develop dependable problem-solving habits, because that’s what you ultimately have.

What exactly does it mean to be a troubleshooting process. Write down step-by-step basic diagnoses for the major types of problems you’re facing. Then run whatever diagnostics apply.

Prepare a list of reliable reference materials and consult them before asking questions. For each event it sends you to the user manual, keep track of where you saw it, and what was and wasn’t. Then, when it’s time to ask for help, compile the results of your diagnosis and excerpts from reference material, and present everything to whomever you ask. They will appreciate that you did.

Learn Skills, Not Factoids

Like every field, there are certainly facts you should remember. For example, your life as a developer will become easier if you memorize the syntax of conditional statement blocks in your go-to language.

Yet it is not as important as acquiring the skill set. For example, if you remember the syntax of your regular programming languages, you can go decently far. But what if you need to learn a module or an entirely new language that formats things differently? If instead you know what you need from reliable sources, it may take longer, but you will get the right answer no matter what software or language you are using.

The iterative and incremental design paradigm for software development is an example of a skill.

Here, “incremental” is related to modularity. This prompts the developer to break the overall project down into the smallest possible pieces, with each piece doing only one thing and operating as independently as possible (ideally not at all). Then the developer’s task is simply to build each piece one by one.

The “iteration” element means that the developer continues to build, edit, and test any component that works cyclically until it can work on its own. Till then no one is moving forward. It not only uses any language or builds an application, but also works completely beyond the scope of a computer.

This design philosophy is just one example of how a skill serves engineers better than a rote process, but many others exist. Figure out what your discipline needs are and feel comfortable using them.

Stop by the Bakery, You’ll Need Breadcrumbs

Write down everything Since writing notes is cheaper than ever, no one can stop you. If you prefer digital, basically you are free to write as much as you want. Open a word processor and see for yourself. If notebooks are your thing, a few bucks at an office supply store and you’re set.

Reading notes is also cheaper in terms of time spent than trying to find something on the web over and over again. There’s no reason for you to look at something twice as long as it hasn’t changed since the last time. It’s tempting to assume that you’ll remember something or don’t need it anymore. Don’t. If you do this, you will eventually be wrong, and it will take unnecessarily time to find it again.

Your notes are also the only place where you can customize what you learn to suit your needs. The web has no shortage of answers, but they may not be exactly what you need. If you take notes, you can improve your use case before recording the information.

The real trick with Notes is to have an organizational system. The only way to write things down is if you can’t find them again. Even if you’re an avid note taker, try a few note-taking techniques until you find one you like.

step up to the starting block

When running, you set yourself up for victory or defeat in your training. If you haven’t trained diligently, working extra hard won’t make any difference when the competition starts. That said, you still have to put it into practice on the track.

The cognitive skills I discussed are not even training, but your coach’s fitness regimen. I certainly don’t have an Olympic coach, but that doesn’t beat anyone. Training is now in your hands.

Government organizations and educational institutions, in particular, are increasingly in the crosshairs of hackers as serious web vulnerabilities continue to rise upwards.

Remote code execution (RCE), cross-site scripting (XSS), and SQL injection (SQLi) are all top software offenders. All three keep rising or hovering around the same alarming numbers year after year.

RCE, often the end target of a malicious attacker, was the main cause of the IT scam in the wake of the Log4Shell exploit. This vulnerability has seen a steady increase since 2018.

Enterprise security firm Invicti last month released its Spring 2022 AppSec Indicator report, which revealed Web vulnerabilities from more than 939 of its customers worldwide. The findings come from an analysis of the Invicti AppSec platform’s largest dataset — which has more than 23 billion customer application scans and 282,000 direct-impact vulnerabilities discovered.

Research from Invicti shows that one-third of both educational institutions and government organizations experienced at least one incident of SQLi in the past year. Data from 23.6 billion security checks underscores the need for a comprehensive application security approach, with governments and education organizations still at risk of SQL injection this year.

Data shows that many common and well-understood vulnerabilities in web applications are on the rise. It also shows that the current presence of these vulnerabilities presents a serious risk to organizations in every industry.

According to Mark Rawls, President and COO of Invicty, even well-known vulnerabilities are still prevalent in web applications. To ensure that security is part of the DNA of an organization’s culture, processes and tooling, organizations must gain command of their security posture so that innovation and security work together.

“We’ve seen the most serious web vulnerabilities continue to grow, either stable or increasing in frequency, over the past four years,” Ralls told TechNewsWorld.

key takeaways

Rawls said the most surprising aspect of the research was the rapid rise in incidence of SQL injections among government and education organizations.

Particularly troubling is SQLi, which has increased frequency by five percent over the past four years. This type of web vulnerability allows malicious actors to modify or change the queries an application sends to its database. This is of particular concern to public sector organizations, which often store highly sensitive personal data and information.

RCE is the crown jewel for any cyber attacker and is the driver behind last year’s Log4Shell program. This is also an increase of five percent since 2018. XSS saw a six percent increase in frequency.

“These trends were echoed throughout the report’s findings, revealing a worrying situation for cybersecurity,” Rawls said.

Skill gap, lack of talent included

Another big surprise for researchers is the increase in the number of vulnerabilities reported from organizations that scan their assets. There can be many reasons. But the lack of software trained in cyber security is a major culprit.

“Developers, in particular, may need more education to avoid these errors. We have noticed that vulnerabilities are not being discovered during scanning, even in the early stages of development,” Rawls explained.

When developers don’t address vulnerabilities, they put their organizations at risk. He said automation and integration tools can help developers address these vulnerabilities more quickly and reduce potential costs to the organization.

Don’t Blame Web Apps Alone

Web apps aren’t getting any less secure per sec. It’s a matter of developers being tired, overworked and often not having enough experience.

Often, organizations hire developers who lack the necessary cyber security background and training. According to Rawls, with the continuing effort towards digital transformation, businesses and organizations are digitizing and developing apps for more aspects of their operations.

“In addition, the number of new web applications entering the market every day means that every additional app is a potential vulnerability,” he said. For example, if a company has ten applications, it is less likely to have one SQLi than if the company has 1,000 applications.

apply treatment

Business teams – whether developing or using software – require both the right paradigm and the right technologies. This involves prioritizing a secure design model covering all base and baking security in the pre-code processes behind the application architecture.

“Break up the silos between teams,” Rawls advised. “Particularly between security and development – ​​and make sure organization-wide norms and standards are in place and created universally.”

With regard to investing in AppSec tools to stem the rising tide of faulty software, Ralls recommends using robust tools:

  • Automate as much as possible;
  • Integrate seamlessly into existing workflows;
  • Provide analysis and reporting to show evidence of success and where more work needs to be done.

Don’t overlook the importance of accuracy. “Tools with low false-positive rates and clear, actionable guidance for developers are essential. Otherwise, you waste time, your team won’t embrace the technology, and your security posture won’t improve,” he concluded.

partially blind spot on play

Rall said critical breaches and dangerous vulnerabilities continue to expose the organizations’ blind spots. For proof, see Log4Shell’s tornado effects.

Businesses around the world scrambled to test whether they were susceptible to RCE attacks in the widely used Log4j library. Some of these risks are increasing in frequency when they should go away for good. It comes down to a disconnect between the reality of risk and the strategic mandate for innovation.

“It is not always easy to get everyone on board with security, especially when it appears that security is holding individuals back from project completion or would be too costly to set up,” Rawls said.

An increasing number of effective cyber security strategies and scanning technologies can reduce persistent threats and make it easier to bridge the gap between security and innovation.