Will cybersecurity-related enforcement efforts by the U.S. Department of Justice increase in the coming years?  The answer is yes.  How do we know?  Two reasons.  First, DOJ has been telling us to expect increased efforts, both generally and specifically as to cybersecurity.  Second, they have backed up their words with action.

As a general matter, U.S. Attorney General Merrick Garland and Deputy Attorney General Lisa Monaco, have been explicit that they are prioritizing the investigation and prosecution of financial and corporate malfeasance.  Early last year, for example, AG Garland told the American Bar Association that he “had seen the Justice Department’s interest in prosecuting corporate crime wax and wane over time.  Today, it is waxing again.” His remarks reinforced those of DAG Monaco in the fall of 2021, when she announced the Biden administration’s intention “to better combat corporate crime.”

In addition to remarks like these, in October 2021 the DAG issued one memorandum and, in September 2022, a second memorandum, announcing revisions to corporate criminal enforcement policies, which apply very nearly across the entire Department and, as explained in further detail, include significant policy changes that favor stronger corporate enforcement.

More specific to cybersecurity, DOJ late last year entered uncharted waters when it tried, and the jury convicted, Uber’s former Chief Security Officer, on charges of obstruction of proceedings of the Federal Trade Commission and misprision of felony, in connection with his attempted cover-up of a 2016 hack of Uber.  The case represents what is believed to be the first federal prosecution of a corporate executive for the handling of a data breach.

It is not just criminal cases; it is civil case as well.  In a noteworthy development, DOJ announced in late 2021 its “Civil Cyber-Fraud Initiative,” seeking to hold accountable individuals or entities that put U.S. information or systems at risk.  Though the initiative, DOJ made clear its intention to utilize the False Claims Act (FCA) to pursue cybersecurity-related cases against government contractors, subcontractors, and grant recipients.  The FCA is the U.S. federal government’s primary civil tool to combat fraud against the government, as it imposes financial liability on persons and companies (typically federal contractors and subcontractors, to include Medicare, TRICARE, and Medicaid health care providers) who defraud governmental programs.  In essence, DOJ is sending a message that it will not be afraid in certain circumstances to pursue even victims of cybercrime.  As part of this initiative, DOJ last year announced significant settlements in two False Claims Act cases (Aerojet Rocketdyne and Comprehensive Health Services) related to cybersecurity deficiencies or misrepresentations, and more are expected.

This year continues to challenge most businesses. As we enter Q2, lingering issues of recession, inflation, supply chain problems, and talent shortages highlight how digital modernization remains critical to the success of our member organizations. Here are five technology trends to not only help you combat these issues but also propel your company forward on your digital modernization journey.

Full-stack Development

One of the most important trends I am monitoring is the increasing emphasis on full-stack development. With the rapid pace of technological change, it is increasingly important for companies to maintain a team of developers proficient in a wide range of technologies. This includes both front-end and back-end development.

Cybersecurity

As organizations continue to digitize their operations and rely more heavily on technology, the risk of cyber-attacks increases. Businesses need to invest in advanced cybersecurity measures to keep their systems and data safe.

DevOps

DevOps is proving to be another significant trend this year. It will be essential for companies to have a strong DevOps culture in place to ensure that new features and updates are delivered quickly and with high quality.

AI

From chatbots and virtual assistants to autonomous vehicles and drones, Artificial Intelligence and robotics are already having a massive impact on industries like manufacturing, transportation, and healthcare. As these technologies continue to evolve, businesses will need to invest in hiring AI and robotics experts to stay competitive.

Snowflake

Snowflake is a data warehousing platform that allows businesses to store, process, and analyze substantial amounts of data in the cloud. As organizations persist in generating massive quantities of data, Snowflake, or similar platforms, is a technology that is essential in order for companies to grow.

If you are a technologist looking to stay ahead of the curve in 2023 and beyond, then look no further than Technology First. Here you will gain perspective on the latest trends through conferences, newsletters, special interest forums, and Peer Groups. We gather to share thoughts, ideas, opinions, plans, and solutions in a collaborative environment. The IT community is better when we work together. Connecting, strengthening, and championing members are the reasons Technology First exists. Please join me and get more involved in the organization this year. There are numerous ways to make a difference: volunteer for a committee, speak at one of our Peer Groups, and/or bring your team to events. Together, we can ensure our businesses are prepared for the challenges ahead for the rest of 2023.

Dayton, Ohio, and the wider Montgomery County has seen its share of tragedy during the opioid epidemic. Ohio has been one of the 10 worst-affected states in America, and the Dayton region has seen Ohio’s worst fatality rates from drug overdose^[1]. While a hospital or emergency room can treat an acute incident for a patient with a substance use disorder (SUD), the longer fight against relapse is often waged by other organizations. The Community Outreach Actions Team (COAT) was specifically created in Montgomery County to address the grave opioid situation. The Public Health Quick Reaction Team (QRT) seeks to identify at-risk individuals and get them enrolled in treatment. The efforts of this community collaboration saw overdose deaths fall from 566 in 2017 to 289 in 2018, a decrease of 59%^[2]. 

The Montgomery County Emergency Room Overdose Notification (MC-ERON) system has enabled Dayton’s Alcohol, Drug Addiction and Mental Health board, and Public Health – Dayton and Montgomery County to provide outreach services to residents who experienced an emergency hospital visit due to a drug overdose, since 2018. MC-ERON generates a daily list of patient health and contact information that can be used to mobilize outreach efforts that would minimize the risk of further overdoses and deaths. However, MC-ERON did not prioritize, nor indicate, which patients are at a higher risk for additional overdoses or death. To overcome this limitation, the MC-ERON risk-stratification model is designed to estimate a patient’s risk score based on their demographic information, health history, and previous drug-related encounters with law enforcement and the health system, then assign a priority level to that patient based on the score. The risk score is then used to bin patients into four risk ‘priority levels’ which is provided to outreach personnel to contact the most at-risk patients. By comparing newly discharged overdose patients to those who previously died in-hospital, risk stratification scores can be calculated and included in the daily notifications to ADAMHS and PHDMC’s QRT.

The MC-ERON Risk-Stratification model has been deployed to PHDMC peer outreach specialists since 2019, with high overall model performance (AUC in the range of 0.82 to 0.85). Since deployment, individuals who died during or after the overdose encounter were scored as "high-risk" or "high-priority". Those that died during their hospital visit would not have benefited from outreach after their overdose; however, these patients highlight that the scores reflect the level of risk. For the patients who died after the encounter, this data suggests they would have been accurately prioritized for outreach services.

Despite these analytical successes, the MC-ERON Risk stratification algorithm represents a mismatch between problems faced by users and the ultimate solution. For peer outreach specialists, by the time the QRT is activated, the individual is already in crisis and at risk; therefore, the individual's precise "risk" is less valuable than the information provided along side the score. 

The MC-ERON Risk-Stratification model was created before Ascend had a robust user focus. While the model and insights are valuable for PHDMC epidemiologists, the target users- the peer outreach specialists - find the most value in the contextual data features that accompany the actual predicted "risk score”. This mismatch between problem and solution has limited the impact of the Risk-Stratification model, and possibly limited the impact that machine learning could make on an urgent community problem. For example, peer outreach specialists are looking for ways to identify individuals that would most benefit from their intervention. For example, a model that could identify the likelihood of an individual to seek treatment, or identifying those individuals experiencing substance "abuse" vs "use" as those who are "using", rather than "abusing", may benefit from more sustained outreach to address addiction and chronic use.

Not understanding the context of the problems faced by a user can lead to gaps and missed opportunities when creating a predictive model. Upfront discovery is key to understanding the business and user needs to build the right predictive model that addresses problems within the current systems. Always keeping the user's needs top of mind will deliver the highest value to the business and the end user of your analysis.

^[1] https://journals.stfm.org/familymedicine/2018/june/bowman-2018-0131

^[2] https://www.mcohio.org/2018%20Community%20Overdose%20Action%20Team%20(COAT)%20Annual%20Report.pdf

• I’ve never been much for New Year’s resolutions. Instead, I like reviewing the previous year’s accomplishments, challenges, and outcomes. This year, I used an assessment wheel to evaluate different areas of my life:

• • Career
  • Fun and recreation
  • Money and finances
  • Physical environment
  • Personal growth
  • Health and wellness
  • Friends, family, and significant others

• As I considered all the aspects of the wheel, specifically regarding career, it helped me think about my:
  

• • Skills
  • Talents
  • Work environment
  • Opportunities for growth
  • Current commitments  

• All great things to think about! Which led me to pulling down a book from my shelf, “How Women Rise,” by Sally Helgesen and Marshall Goldsmith. I read this book several years ago and absolutely LOVED it! The authors recognized women “face specific and often different roadblocks from men as they advance in the workplace”. So, as you look back on your 2022, and specifically your career, how are you feeling? Do you feel stuck?

  Helgesen and Goldsmith ask these questions:

• • Do you feel something is preventing you from moving forward or from leading the life you’re supposed to be living?
  • Do you feel unable to break through circumstances that are conspiring to hold you down?
  • Do you feel as if your contributions are not recognized or appreciated?
  • Do you feel the people around you have no idea what you’re capable of achieving?

If you answered yes to most of these questions, then this book is for you! If, like me, you are wondering how to become unstuck, then reading this book will help you uncover the habits that hold you back from rising to your full career potential.

For a more gender-neutral point of view, read “What Got You Here, Won’t Get you There,” by Marshall Goldsmith with Mark Reiter. This book is a broader stroke on the question, “What is holding you back?”

I hope you unearth the habits that no longer serve you. I believe leaving them behind will get you further down your path to success. Please connect with me and let me know how you got unstuck.

You’ve got this! Together anything is possible!

It has been my pleasure on behalf of the Strategic Ohio Council for Higher Education (SOCHE) to collaborate closely with Melissa Cutcher and Technology First for many years. Some of our earliest collaborations were through Cin-Day Cyber and Career Adventures Camp. As the President of SOCHE, my focus is on leading our organization in collaborating with K-12 districts, colleges, universities, and industry to transform the economy through education and employment. This mission focus has resulted in sitting in many meetings at tables with Technology First.

SOCHE’s workforce development mission set has led us to many collaborative initiatives with Technology First and its many members.  This regular engagement between our organizations has led us to recognize the need for closer organizational alignment and I’m very excited that Technology First has asked me and SOCHE to the inner circle through their Board of Directors.  Our organizational missions at SOCHE and Technology First are very closely aligned and have led us to work on the same project on multiple occasions. 

Through SOCHE’s work on Technology First’s Board of Directors, we hope to increase our work together and further align our work for the benefit of workforce development of information technology professionals across the region, while we work together to build upon our region’s existing economic development prowess. Close relationships through SOCHE’s 22 College and University members and Technology First’s members can only help our region become the premier location for professionals in IT as well as for businesses who are looking for a new home. 

Our region has the workforce needed for the future with over 400K college and university students and close to 15K High School students. Our next generation of working Daytonians is already here in our region and it is our job to show them the pathway to great careers. We can make this happen through our engagement in our schools as well as by encouraging our students to spend time in our companies learning about our many different industries. Over the next few years as we manage decreasing numbers of students in each of our schools it is imperative for all businesses to engage and ensure that we are assisting all students to achieve their potential with at least a high school diploma and potentially a post-secondary certification or degree. I look forward to working with all of you to continue to make the Dayton region a great place to live, work and play!

It’s no secret that finding and keeping talent in the Information Security space continues to be challenging for organizations. 

 We must continue to think differently about how we recruit and retain talent, what resources we utilize, and how we engage in the community.

Why Developing your teams is critical to building a robust security program:

Things for consideration in building a training program:

Finding Talent:

For the Ohio Information Security Conference, ReynCon will present “Building a Cybersecurity Culture: It’s Time to Think Differently About Training.” Join us at Sinclair Conference Center at 10:45 am on 03/01/23

The United States' communication supply chain is a critical infrastructure that enables the country's economic and national security. However, it is also a vulnerable target for foreign adversaries looking to exploit weaknesses and gain access to sensitive information. In this article, we will discuss the importance of protecting the US communication supply chain and the steps that can be taken to do so.

One of the biggest threats to the US communication supply chain is the potential for foreign adversaries to introduce malicious hardware or software into the system. This can be done through various methods, such as compromising manufacturing processes or infiltrating supply chains. Once in place, these malicious components can be used to steal sensitive data, disrupt communications, or even gain control of critical infrastructure.

It is essential to take a multi-layered approach to Cybersecurity. Implementing network segmentation is one of the best ways to protect networks from foreign interference. This involves dividing a network into smaller segments, each with its own security controls. This makes it more difficult for attackers to access sensitive data and systems.

Another way is to be sure you have a good inventory of your network. What's operating on your network? Remember the CIS Controls and the two most important controls. Know your hardware and know your software. You can't mount any defense or response if you don't see what you have. 

TikTok, the popular social media app known for its short-form videos, has become a household name in recent years. While the app has been praised for its creativity and entertainment value, it has also raised concerns about its potential security risks. 

Another threat of TikTok is the potential for foreign interference. The app is owned by Chinese company ByteDance, which has been accused of censoring content and spreading disinformation. This has led to concerns about the app's ability to influence public opinion and political campaigns. How do you mount a defense against TikTok?

To protect the US communication supply chain, it is essential to implement strict security measures throughout the entire process, from the design and development phase to the final deployment. This includes conducting thorough background checks on suppliers and vendors and performing regular security assessments and penetration testing on all components of the system.

Another critical step is to increase the use of secure communication technologies, such as end-to-end encryption and security protocols. This can help protect against eavesdropping and other forms of cyber espionage. It's also important to have incident response plans in place so that organizations can quickly respond to any security breaches or disruptions.

The US government can also play a key role in protecting the communication supply chain by implementing regulations and standards for the industry. This includes setting guidelines for the design, development, and deployment of communication systems, as well as providing funding for research and development of secure technologies.

In addition, it is important to have international collaboration and information sharing in order to address the global challenges of the communication supply chain. The US government can work with other countries and international organizations to share information about threats and best practices and to coordinate efforts to protect critical infrastructure.

In conclusion, protecting the US communication supply chain is essential for ensuring the country's economic and national security. By implementing strict security measures, increasing the use of secure technologies, and working with the government and international partners, organizations can better defend against the threats of foreign adversaries and ensure the integrity of the communication supply chain.

I'll be speaking at the Ohio Information Security Conference in March and will go into more detail on how to protect and respond to these and future threats.

The Author: Shawn Waldman is the founder and CEO of Secure Cyber Defense in Moraine OH. Shawn has created one of the only local firms that 100% focuses on Cybersecurity and has built its own Security Operations Center. Shawn is a subject matter expert and thought leader on Cyber and speaks at conferences globally on the topic.

Connect, Strengthen, Champion, and a Partridge in a Pear Tree

We were torn between writing you an annual report or an end-of-the-year holiday newsletter. You know the type: That yearly three-page single spaced book full of family highlights that falls out of your best friend from high school’s glitter encrusted Christmas card.

Instead, we chose to give you a Top 12 List of 2022 in Review. You’re welcome!

January – We kicked off the year helping you get organized with a member-to-member benefit session with Organization Solutions. Our Peer Groups for Infrastructure/Cloud and Women for Technology began their new year’s programming together. We saw the birth of a workforce subcommittee in conjunction with Montgomery County Educational Service Center. We finished off the month hosting our annual CIO Forecast Panel.

February –February’s main event was the annual Digital Mixer held at Wright State University. Over 140 students and employees connected to explore career possibilities. Women 4 Technology had a fascinating conversation around The Great Resignation.

March – If it’s March, then it’s all about the Ohio Information Security Conference. Over 300 people  gathered at Sinclair Conference Center to share knowledge of the latest cybersecurity threats and strengthen their processes.

 

April –Executive Director, Melissa Cutcher, represented Technology First at a workshop to teach web development at the Innovation Hub in the downtown Dayton Arcade building. We were back in person for a Tech Forum addressing staffing challenges & labor shortages in the IT community with Cassie Barlow, Doug McCollough, Chad Bridgman, and Matt Coatney.

May – May saw the Peer Groups in full swing  championing data analytics and cybersecurity. We ventured down south to Mason for some Tech Thursday networking. Executive Director, Melissa Cutcher, participated in an OCEA panel discussion.

June – Women 4 Technology squeezed over 25 participants into Warped Wing’s Springboro location for a Meaningful Networking session. Members enjoyed a Dayton Dragons’ game courtesy of our annual partners altafiber and ATC. Executive Director, Melissa Cutcher, represented Technology First at a two-day workforce development retreat with Montgomery County Educational Service Center.

July – Given the success of the Springboro event, Women 4 Technology ventured down the road to Fretboard Brewing Company in Cincinnati to offer another Meaningful Networking session to our members.

August – Peer Groups for IT Leaders, Infrastructure/Cloud, Cybersecurity, and Data Analytics all met to learn new or different approaches, validate thoughts, and expand on their existing practices. Technology First partnered with The Circuit for a fun night of IT networking in Hamilton at Municipal Brew Works.

September – We enjoyed supporting some members participating in the COMSPARK conference. We also had a wonderful turnout at the annual Golf Outing benefitting the Technology First Scholarship Fund. You helped us raise almost $7000 to award qualified, regional college students!

October – We are happy a few members of the Board of Directors were able to witness Executive Director, Melissa Cutcher, receive the Jeanne Porter Career Achievement Award from Women in Business Networking at their annual gala. Congratulations, Melissa, so well-deserved! We stopped by SOCHE’s 55^th Anniversary lunch to congratulate them. This month provided members the opportunity to volunteer at the Girl Scouts of Western Ohio’s Cyber Challenge. AND we celebrated Technology First’s 25^th Anniversary! We were honored to receive a proclamation from the State of Ohio from Lt. Governor, Jon Husted.

November – More volunteer opportunities this month through the Dayton Metro Library’s Career Adventure Days and The Girl Scouts of Western Ohio’s STEM Career Fair. And, of course, we gathered with 400+ IT professionals from all over the state for our 16^th Annual Taste of IT conference at Sinclair Conference Center. We ended the day with the 9^th Annual Leadership Awards where we recognized 11 categories of exceptional IT talent from the Dayton region.

December – Since this month just started, here’s a preview instead of a review. We will close out 2022 with these Peer Group meetings: IT Leaders, Data Analytics, Cybersecurity, Infrastructure/Cloud, and Women 4 Technology. Please join us!

Thank you for connecting, strengthening, and championing the best-connected IT community in the Dayton region!

#UniteDaytonTech

One of the biggest mistakes that data teams often make is jumping straight to developing a solution and not spending enough time with the people who will be using them and understanding their true goals.

Sometimes these goals, and the challenges to reaching them, are easy to identify. This is usually true if a data scientist is already working in the problem space or is already integrated into the business processes.

However, many data scientists operate as an outside consultant who is brought in to help drive strategic goals. This can lead to misunderstanding the problem and creating a solution that doesn’t live up to stakeholder expectations.

Or worse — creating the wrong solution.

A data team’s first instinct is often to begin with understanding the data. However, they first need to understand the people involved in the problem and who want a solution to it.

We can have all the data in the world but if we do not know how users or stakeholders interact with it and understand it in their terms, we cannot possibly make a solution that is going to fully solve their problem.

But you’re in luck! There is a framework you can use to help overcome this risk before even seeing any data. This framework is design thinking - a growing trend within data science long used in product development. Empathizing with your stakeholders is the first step to better understanding the problem they are trying to solve.

A simple way to start gaining empathy is by conducting interviews with your stakeholders, leadership, and team leads. You’ll be surprised by what you will learn by spending an hour (or more) in one-on-one meetings.

Importantly, you’ll learn how they are doing the work today. You’ll also begin to learn the language, jargon, and methods that these people use and where they see the gap. Ultimately, you want to gather their ideas on how they would want to use a solution if they had a magic wand to make everything better.

You also want to understand how leadership is currently driving business goals and figure out how a solution could contribute to those outcomes. And if it doesn’t contribute to the business goals, is it something that the stakeholders really want or need?

Data science is a collaborative effort between you and those using your solution. Success starts by fostering a deep interest in the people for whom these solutions are built.

 

Ascend is a socially impactful technology company that provides data driven products and consulting services to help organizations solve complex community health problems.

For Taste of IT, as part of the Developer/Data Analytics track, Ascend Innovations will be presenting 'Keeping Humans in the Loop: Human-Centered Design in Data Science and Analytics'. Join us in Room 122 at 3:40p.m.

The ever-expanding digital footprint of modern organizations is causing business owners to rethink their security technology stack to address sophisticated new threats. To better manage cyber risk, businesses are evolving and reframing security practices in preparation for the changing cybersecurity landscape. Unfortunately, managing risk is getting more complex every day. Bad actors have adopted their own organizational structure complete with HR, recruiting, training, finance, operations, and development teams. And worse? They use the same tools that the IT community knows and loves.

Some of the go-to-market strategies for cyber criminals involve outsourcing, brokering software, and forming partnerships with other vendors. The web of cyber connectivity that has been woven is extraordinary and has evolved into a professional ecosystem that allows them to attack with impunity. As a result, stronger risk management practices are needed now more than ever. The National Institute of Standards and Technology (NIST), indicates that 93 percent of intentional breaches in 2021 were financially motivated, with only six percent of reported incidents attributed to espionage.

So how do organizations protect themselves against such an intricate ring of cybercrime on a global scale?

 

The Cost of Cyberattacks on a Global Scale

Globally, the average cost of a data breach increased by 10 percent in 2021, reaching $4.3 million, up from $3.8 million in 2020, according to a recent data breach report conducted by IBM and the Ponemon Institute. The U.S. has continually ranked at the top of the list for costs, increasing from $8.6 million in 2020 to $9 million in 2021. With the cost of breaches on the rise, it’s no surprise that spending on security technology is on the rise as well.

Worldwide spending on information security and risk management technology and services is expected to skyrocket in the next few years. According to a Venturebeat cybersecurity forecast, Gartner predicts end-user spending for the information security and risk management market will grow from $172 billion in 2022 to $267 billion in 2026, attaining a compound annual growth rate (CAGR) of 11 percent. Many businesses are seeking outside aid and partnering with IT consulting firms and cybersecurity experts to help them gain a better understanding of the solutions and services landscape.

Build a Defensible Cybersecurity Posture

A sound security strategy provides unified and reliable protection of your assets from potential threats. Today, every business is vulnerable to attack, not just major global brands, and the consequences of being unprepared can be catastrophic. That’s why along with the constant changes in the cybersecurity landscape, there has to be a continuous change in mindset.

The dialogue around security has evolved as shown below:

1. Organizations ask, “What if we are targeted?”
2. Organizations ask, “Are we ready for when they attack?”
3. Organizations are now asking, “Assuming we’ve already been compromised and don’t know it yet, how can we beef up our cybersecurity posture?”

As the digital footprint of organizations expands, centralized cybersecurity control becomes obsolete. If you’re not looking into encrypted network traffic, you won’t have security. This shift in mindset is the fundamental principle that drives the concept of zero trust.

Zero Trust: What and Why You Need It to Protect Your Business

Protecting the modern business requires a new approach to security, and many are turning to zero trust. A cloud-native zero-trust platform is built on a proxy-based architecture that sits between the user and the Internet to provide secure access with full SSL inspection at scale. The core concept of zero trust is simple: Assume everything is hostile and always verify. In a zero trust architecture, a resource’s network location isn’t the biggest factor in its security posture anymore. Your data, workflows, and services are protected by software-defined micro-segmentation, enabling you to keep them secure anywhere; in your data center or in distributed hybrid and multi-cloud environments.

All data must be protected everywhere—on-premises, in the cloud, in SaaS applications, as it travels on the network, etc. To provide the best possible security, organizations should have all their different layers of defense working together while leveraging the cloud, so that when an issue in any layer is uncovered, the rest of the layers will be informed for total protection.

The painful reality is that all organizations are under attack—whether opportunistic or targeted—and the cybersecurity landscape is continually changing while the attack surface increases and the perimeter dissolves. The new paradigm in security is simple: assume the bad guys are in the system and plan accordingly.

The above submission is compliments of ATC’s Tech Advisor series. Advanced Technology Consulting (ATC) specializes in digital transformation in four core areas; voice, network, cloud, and cybersecurity. In 2023, ATC will be a Technology First annual partner for five years running. For Taste of IT, ATC will be presenting on “SASE, The Edge, and Zero Trust” and exhibiting in booth #11.