Having all of these connected devices that don’t live under one network expands the attack surface that security teams need to worry about. This is especially true when you’re talking about remote or hybrid work, explained Ev Kontsevoy, CEO of Teleport, which is a company that provides tooling that enables users to remotely access computing resources. 

Kontsevoy explained the perimeters in internet and application security terms are breaking apart completely, in two major ways. One is the type of perimeter that exists around your data center, where your equipment like servers or computers actually live, and the second type of perimeter is the office itself, which is where all the employees who work there sit and need access to data and applications. This is where technology like firewalls come in, Kontsevoy explained.  

“That’s the traditional approach that now makes no sense whatsoever,” said Kontsevoy. “And the reason why it doesn’t make sense is because computers themselves are not in the same data center anymore. So we’re now doing computing globally.”

RELATED CONTENT:
How these companies help organizations with DevSecOps
A guide to DevSecOps tools

Kontsevoy used the example of Tesla. What is Tesla’s perimeter? Tesla deploys code to each of its charging stations, data centers, and cars. “Tesla deploys into planet Earth … Most organizations, they’re moving into the same direction. So computing itself is now becoming more and more global. So the notion of a perimeter makes no sense in a data center,” said Kontsevoy. 

Conversely, no one is sitting in an office anymore. “Now, we have engineers, contractors, auditors, and interns, all sitting in different parts of the world, using computers that might not necessarily be company computers,” said Kontsevoy. “They can borrow an iPad from their partner to do a production deployment, for example. For that reason, traditional security and access solutions are just no longer applicable.”

According to Jeff Williams, chief technology officer at application security company Contrast Security, this idea of a perimeter had been dismantled long before COVID. In fact, he says people had a misguided sense of security in a perimeter that didn’t actually exist. 

“Once any one computer inside the perimeter gets compromised then there’s what’s called the soft, chewy center where there’s nothing inside to prevent an attacker from moving around and doing whatever they want,” said Williams. “So the best strategy for a long time — since way before COVID — has been to really sort of consider your internal infrastructure as the same as your external infrastructure and lock it down.”

According to Williams, development machines are traditionally not very locked down and developers generally have the privileges to download any tools they need. 

“They’re running, honestly, thousands of pieces of software that come from anywhere on their machines, all the libraries that they use run locally, all the tools that they use run locally, typically with privilege, and any of that code could potentially compromise the security of that company’s applications. So it’s something that DevSecOps programs really need to focus on,” said Williams.”

Williams also believes the current speed at which DevOps teams want to move isn’t really compatible with the old way of doing security. For example, scanning tools, which have been around for over a decade, aren’t very accurate, don’t run very quickly, and don’t really work well with modern applications because they don’t work on things like APIs or serverless. 

In order to move fast, companies will need to abandon these older tools and move on to the new ones, if they haven’t already. Interactive Application Security Testing (IAST) and Runtime Application Self Protection (RASP) are two newer technologies that work fast and are part of developers’ normal pipelines. 

“As the developers write their code, they can get instant accurate feedback on what they’re writing,” said Williams. “And that allows them to make those fixes very quickly and inexpensively, so that the software that comes at the end of the pipeline is secure, even if they’re moving at very high speed.”

Lack of automation and integration becomes even more problematic 

The act of actually working remotely doesn’t seem to make it harder for DevSecOps teams to work together. According to software supply chain security company Sonatype’s CTO Brian Fox, certainly, companies need to get tools that will make collaboration easier in a distributed setting, but he believes the core of DevSecOps remains the same.

However, when a company goes remote, one of the first things that happens is the touch points that could cover up a lack of automation no longer exist, Sandy Carielli, principal analyst at Forrester explained.

“You don’t have those situations where you can walk to the next cube over and get a sign off from someone on the security or legal team … So as you started to have more people forced to go remote, the importance of having better integration of security tools into the CI/CD pipeline had better automation and better handoffs so that everything was integrated, and you could have sign offs in tool stage gates, all of that becomes a lot more important,” she said.

According to Carielli, implementing tools that enable automation and integration between different security tools is a high priority. 

Asynchronous DevSecOps

A new thing that has sprung up for remote teams is the notion of asynchronous communication, where individuals are not necessarily communicating in real time with their coworkers. They might send someone a message and then have to wait a little bit for a response. 

DevSecOps is also becoming a bit asynchronous, according to Guy Eisenkot, VP of product and co-founder of Bridgecrew by Prisma Cloud, which provides security automation. 

“I think three years ago, we may have not even had the tooling, but now we can just ping each other on Slack,” said Eisenkot. You know, ask the developer, ‘Hey, did you intentionally commit this password? Or this access key into your code repository? Was that intentional?’ And the response can come in in a conversational manner and come in at any hour of the day. So I think the position for security has changed pretty drastically with how well connected we are and how we’re much better at async communication.”

Now there’s a much stronger emphasis on when you should be available and when you’re expected to be responsive. 

Remote-first mindset tooling helps developers think about security

The tooling that companies have had to invest in to stay successful when remote has also had benefits for security, according to Eisenkot.

Employers and managers have been much more deliberate about the type of tooling they put on developers’ machines, allowing for more control of the linting and securing tooling they have locally, Eisenkot explained. 

“Not only are we kind of protecting them with remote endpoint detection, but we can also now force them to use or enforce the usage of security tooling directly on the employees endpoint, which is something that I think was expedited by the fact that we’re no longer in the office and everybody had to now apply to the same type of corporate policy on their on their work computers,” said Eisenkot.

Embedding security into development tooling is now easier than ever

In addition to the fact that remote tooling is making it easier to enforce security, there’s also something to be said about the fact that it’s getting easier and easier to embed controls into the development pipeline.

As an example, Eisenkot explained that both its source control management and shipping pipelines are more accessible than they used to be and are controlled remotely using publicly accessible APIs. 

He believes development organizations should now find it much easier to incorporate things like secret scanning, open source package scanning, image scanning, and code scanning directly into the developer’s initial commit review process. 

“Some of these in the past were just not accessible. So the fact that this tooling was much cheaper, most of it is actually open source, but much more accessible through those public APIs. I think that’s where I would start by scanning either directly on developers’ individual workstations, that would be through extensions and IDs, and then implement stronger and stricter controls on source control management,” said Eisenkot. 

The fact that it’s easier than ever to place security controls on developers’ machines is extra important these days, since supply chain attacks are becoming more and more common. According to Sonatype’s Fox, attackers no longer want to get their malware into a shipped product, they want to get it into part of the development infrastructure. 

“And once you understand that, you can’t look at perimeter defense in terms of application security the same way anymore because it moves all the way left into development,” said Fox. 

Security as coaches to developers rather than ultimate authority

Another interesting thing that’s been happening in DevSecOps is that the role of security is changing. In the past security was more like a bottleneck, something that stood in the way of developers writing and pushing out code fast, but now they’re more like coaches that are empowering the developers to build code and do security themselves, said Contrast Security’s Williams.

It used to be that the Sec part of DevSecOps was like the central authority, or the judge. If they determined code wasn’t secure, it got sent back to the development team to fix. 

“DevSecOps, when you do it right, is bringing development and security together so that they can have a common goal. They can work and they can sort of agree on what the definition of done is. And then they can work together on achieving that goal together,” said Williams.

When DevSecOps is done wrong, it’s more like trying to fit a square peg into a round hole, Williams said. Companies try to take their existing tools, like scanners that take a long time to run, and put them into their already existing DevOps pipelines, and it just doesn’t work. 

“Usually, it doesn’t produce very good results. It’s trying to take your existing scanners that take a long time to run and don’t have very good results, and just kind of wedge them in or maybe automate them a little bit. But it’s not really DevSecOps; it’s really just trying to shove traditional security into a deficit DevOps pipeline,” said Williams.

According to Williams, there are three key processes that companies need to have in place in order to have a successful DevSecOps organization. First, they need a process around code hygiene to make sure that the code the developers are writing is actually secure. Second, they need a process around the software supply chain in order to make sure that the libraries and frameworks that are being used are secure. Third, they need a process to detect and respond to attacks in production. 

“If development and security can come together on those three processes and say ‘hey, let’s figure out how we can work together on those things. Let’s get some tools that are a little more compatible with the way that we build software,’ that will help get them moving quickly in development,” said Williams. “And then in the production environment get some monitoring, that’s a little more up to date than just something like a WAF, which is a kind of firewall that you have to keep tailoring and tuning all the time.”

Traditional challenges to DevSecOps remain

According to Sonatype’s Fox, the main challenge companies are facing when it comes to DevSecOps is understanding the components in their software. Log4j is a great example of this, since if you look at the download statistics from Maven Central, around 40% of the downloads are still of the vulnerable version. 

“And that can’t be explained,” said Fox. “A lot of times, you can explain why people are not upgrading or doing things because well, the vulnerability doesn’t apply to them. Maybe they have mitigation controls in place, maybe they didn’t know about it otherwise, and so they didn’t know they needed to upgrade. For the most part, none of those things apply to the Log4j situation. And yet, we still see companies continuing to consume the vulnerable versions. The only explanation for that is they don’t even know they’re using it.” 

This proves that many companies are still struggling with the basics of understanding what components are in their software.

According to Fox, automation is important in providing this understanding. 

“You need a set of tools, a platform that can help you precisely understand what’s inside your software and can provide policy controls over that, because what is good in one piece of software might be terrible in another piece of software,” said Fox. “If you think about license implications,  something that’s distributed can trigger copyright clauses and certain types of licenses. Similar things happen with security vulnerabilities. Something run in a bunker doesn’t have the same connectivity as a consumer app, so policy controls to then have an opinion about whether the components that have been discovered are okay in their given context is important. Being able to provide visibility and feedback to the developer so they can make the right choices up front is even more important.”

According to Bridgecrew by Prisma Cloud’s Eisenkot, if you look back on the big supply chain-related security incidents over the last six to eight month, it’s apparent that companies have not properly configured the correct code ownership or code review process in their source control management.

He explained that those two things would make any source code much more secure, even in small development organizations.

Developer education is key

Eisenkot emphasized that developer education and outreach is still one of the most crucial points of DevSecOps, at the end of the day.  

It’s important to implement controls and checkpoints in the tooling, but he also believes the tooling should be thought-provoking in a way that it will empower developers to do out and educate themselves on security best practices. 

“Eventually, lots of tooling can point to a vulnerable package or a potentially exploitable query parameter,” said Eisenkot. “But not every tool will be able to provide actionable advice, whether that’s a documentation page or an automatically generated piece of code that will save the developer the time needed to now learn the basic fundamentals of SQL injection as an example.” 

Executive Order on improving Cybersecurity in the U.S.

Last spring, President Biden signed an executive order related to improving cybersecurity. As part of this order, the government will solicit input from the private sector, academia, and others to “develop new standards, tools, best practices, and other guidelines to enhance software supply chain security,” according to the National Institute of Standards and Technology (NIST). 

These guidelines will include criteria for evaluating software security, criteria for evaluating security practices of developers and software suppliers, and tools and methods for demonstrating that products are following secure practices. 

“They’ve demanded that organizations be more transparent,” said Contrast Security’s Williams. “They put out minimum testing guidelines, and NIST is implementing these standards. They’re even investigating the idea of having software labels, so that when you go to your bank, or you buy software from somewhere, you’ll see a label that says, hey, here’s the details about security that you need to know. Kind of like everything else in this world has labels, like Energy Star and your car and your drugs and your Cheerios box has a label and your movies and your records. Everything has labels because they work. They fix economic problems in the market. And that’s going to happen to software over the next few years, which I think is exciting. It’ll make it much better for consumers to know that the software they’re using is trustworthy.”

The post Security perimeter is no more as attack surface continues to expand appeared first on SD Times.

Some workers were able to thrive in a remote setting, while others felt isolated and struggled to keep up a balance between their work and home lives.

Last year saw the availability of life-saving vaccines, so companies were able to start having the conversation about what to do next. Should they keep everyone remote? Should they go back to working in the office full time? Or should they do something in between? Enter hybrid work, which offers a mix of the two.

A Fall 2021 study conducted by Google revealed that over 75% of survey respondents expect hybrid work to become a standard practice within their organization within the next three years. 

Thus, two years after the world abruptly shifted to widespread adoption of remote work, we are declaring 2022 “The Year of Hybrid Work,” as workers and companies attempt to regain some sense of normalcy, improve work/life balance, and reconnect with coworkers while still retaining some of the benefits of hybrid work.

Typically, hybrid work implies that employees spend some days of the week working from home and some days working in the office. For example, when Google’s CEO Sundar Pichai revealed the company’s hybrid work plan back in May 2021, it involved working in the office three days a week and working remotely the other two days.  

The plan might look different for every company. Some companies took advantage of having their workforce remote by downsizing their office space to save money. For those companies, the hybrid working plan might involve “hot desking,” which is when a desk is shared by more than one person on different days. 

“Hot desking is a term that’s been around even pre-pandemic days for different sales type workers or people who would be more like a road warrior or weren’t always based out of the same office,” said Aaron Nush, technology services architect at SoftwareONE. “Some of those types of processes or theories that we saw pre-pandemic are starting to come back a little bit, where somebody can reserve one out of X number of workspaces, and they can sit down and have a keyboard, monitor, mouse, a desk, phone, or whatever they need; they just kind of plug in their laptop and start going.”

Nush predicts that even when companies switch to a hybrid work model, there will still be a lot of demand from employees to stay remote where it’s feasible. So it’s important for companies to slowly make the transition back to the office, otherwise there might be more pushback from employees, Nush explained. 

Employees who feel as though they’ve been able to do their job well remotely might question the company on what the benefit of going back or the rationale behind certain decisions around hybrid work. 

However, Nush also added that a lot of the push for hybrid work is being driven by employees, not companies. Because of the current job market and the “Great Resignation,” employees have a lot of power right now. 

“It’s an interesting time to see organizations be receptive of that and try to work towards that common goal of let’s navigate through this kind of uncharted area together and at the end of the day identify what’s going to make this all successful and get where we need to go,” said Nush.

The benefits of hybrid work

There are a lot of benefits to remote work — no commute, more flexibility in the day, fewer distractions and interruptions — but for many there are also a lot of downsides, like social isolation, lack of motivation, and difficulty maintaining a good balance between their work and personal lives. 

According to Lara Owen, senior director of Global Workplace Experience at GitHub, the main benefit of hybrid work is that it offers employees the flexibility to work in the style that suits them best. People that thrive in an office setting could go into the office everyday, people who really do well working at home can continue doing that, or people could opt for a mix of the two. “I prefer the hybrid model of work because of this flexibility – it encourages and allows for employees to work in the way that works best for them, which can result in greater creativity and happier employees,” said Owen.

Another benefit of this flexibility is that recruiting efforts can be opened up because geographical constraints can be removed and companies can appeal to people with different working needs, such as working parents or caregivers. 

“This opens up your talent pool to a wider, more diverse group,” Owen said. 

Transitioning from full remote work to hybrid work

Even for workers who have spent their entire working career — perhaps even decades — in an office, after two years of working from home, the switch back could be difficult. Workers have gotten used to certain things while working remotely, and teams have started using different tools to communicate and organize their work.

In order to ensure a smooth transition back, Nush recommends taking advantage of those tools that had been used for remote communication, especially if not all members of a team will be in the office at the same time. 

JJ Yu, product designer at digital transformation firm Rise8, believes that UX design — and more specifically human-centered design — is the key to successfully implementing a hybrid work model. One mistake she sees a lot of companies making is that they are looking to the Big Five companies and applying the same practices, but it’s important for employers to actually empathize with their employees. 

“I think that in itself is quite the biggest hurdle to make out of that entire process is: are these employers willing to empathize with their employees?” Yu said. 

She also pointed out that there isn’t a silver bullet to this. “There is no right answer,” said Yu. “I think there’s just a better or worse decision to be made.”

Yu believes the first step a company can take to solve the challenges of returning to the office is to actually take the time and listen to their employees and their needs. 

Communication from leadership is key

According to a McKinsey study from April 2021, a lot of workers are feeling like their company’s plans for returning to the office aren’t being communicated well. 40% of respondents said they have not heard any communication regarding the company’s plans, 32% have received vague communications about a plan, and only 32% feel that a plan has been well-communicated to them. 

Not knowing what the plans are is causing a lot of workers unnecessary concern and stress. 47% of respondents said they were feeling anxious as a result, and loss of productivity from poor mental health can be as high as $1 trillion per year, according to McKinsey, which highlights the need for clear return-to-work plans. 

This also contributes to burnout, which results from long-term stress. While McKinsey feels these numbers might be an underestimate, 49% said they were at least somewhat burned out, with 10% of U.S. developers feeling burned out to a “very-high degree.”

“Burnout is especially pronounced for people feeling anxious due to a lack of organizational communication. These employees were almost three times more likely to report feeling burned out. The obvious recommendation for organizational leaders: share more with employees, even if you’re uncertain about the future, to help improve employee well-being now,” McKinsey wrote in the report. 

Challenges of working in a hybrid setting

Even though Owen believes the main benefit of hybrid work is flexibility, that should not be misconstrued as it being easy. 

“The success of hybrid teams hinges on a leader’s ability to make strategic investments and decisions to support dispersed teams, foster a positive company culture across geographies, and empower employees regardless of whether they are in the office or at home,” said Owen.

One challenge Owen has faced at GitHub is getting the right tone with their communication. Setting clear guidelines and expectations is important, but sometimes tone can get lost in written communication. Because of this, it’s important to find the right balance between asynchronous and synchronous engagement, she said. 

Another challenge for companies is not losing sight of their employees’ experiences. Even when some workers are in the office, don’t forget about your dispersed workers. According to Owen, companies that don’t accommodate dispersed workers could lose out on their talent, and managers without training on managing dispersed teams are likely not maximizing productivity. 

On the flip side, it’s important to support those who are in the office. This means investing in tools and technologies that can help on-site workers collaborate with their remote coworkers, such as well-lit, camera-ready “phone booths.”

Another challenge, according to Sagi Gidali, co-founder and CPO at cybersecurity company Perimeter 81, is that there can be a limited timeframe for communicating with coworkers across different time zones. For example, if everyone is working from 9-5 in their local time zones, that gives people from Los Angeles and New York City a five-hour window of synchronous communication every day instead of eight. This might not seem like a big deal, but if the West Coast employee runs into an issue at 3 PM, the East Coast employee would have already ended their day by that point.

“We try to have as much overlap in our schedules as reasonably possible and many team members also make an effort to stay online a bit later to do so,” said Gidali.

Asynchronous tooling is key to connecting employees – wherever they are

Companies that have already been working remotely already know the power of technology in facilitating collaboration. 

As an example, at GitHub, they have an intranet site called The Hub, which pulls information from Slack, email, and GitHub, and acts as a central source for that information. GitHub itself also has a number of features that the company uses internally, such as GitHub Issues, which are a way to converse with contributors and manage projects. One benefit they’re found from using Issues is that it allows work to progress throughout the day without teams needing to constantly connect, Owen explained.

“These records serve as a resource for historical decision-making, knowledge preservation, and snapshots of progress. The ability to capture and share important discussions asynchronously leads to a culture where everyone can do their work in the way that works best for them — driving higher quality, increased productivity, and happier employees,” said Owen.

Turn the clock back on bad habits 

According to Nush, there are some lessons to be learned from the initial push to remote work back in 2020, which was hastily done at many companies. 

“When people quickly had to pivot overnight from working in an office to working from home, a lot of them didn’t have laptops,” said Nush. “They were working on a desktop or something that was still sitting at that office. So a lot of organizations were instructing their workers to use a home computer, sometimes go out to their local electronics store and buy one off the shelf and use that to connect to the environment. And they were really just trying to scrounge and do whatever they needed to do to get back to work.”

As you might imagine, a lot of bad habits came from this. According to Nush, now a lot of organizations are looking back and realizing that they should be working to undo some of those. 

Workers must be vaccinated to return to the office at many companies

One of the main reasons that hybrid work is even an option is that vaccines for COVID-19 are now available. But even though they are available, not everyone has chosen to get one. 

According to the New York Times’ interactive COVID-19 dashboard, only 61% of Americans were fully vaccinated as of Dec. 15, 2021. This varies by state; 70.5% of all New Yorkers are fully vaccinated, only 64.9% of Californians are fully vaccinated, and in Georgia, 50.1% of the total population is fully vaccinated. 

Most of the big tech companies — Google, Meta (previously Facebook), Microsoft, Netflix, and Twitter — all require that employees be vaccinated before returning to the office.  

Google recently made headlines when CNBC reported that it has obtained an internal Google memo that notified employees to upload their vaccine documentation by Dec. 3 and that those who didn’t comply with the vaccine guidelines would be placed on paid administrative leave for 30 days starting on Jan. 18. If they still haven’t complied at the end, they would be placed on unpaid personal leave for up to six months, and then terminated. 

While many companies may be making internal decisions to require vaccines to keep their employees safe, the Biden administration has also been a driving force behind some requirements. In November, it announced new OSHA rules that would require companies with 100 or more employees to either be fully vaccinated or be tested weekly. Under this rule, employers also need to provide paid time for workers to get vaccinated and require unvaccinated employees to wear a face mask. 

How will the omicron variant impact hybrid work plans?

For many companies, hybrid work has remained a fantasy throughout much of 2021. Back-to-office dates kept being announced, then pushed back, and pushed back again, and so on. And with the emergence of the omicron COVID-19 variant and stricter regulations, we might see those dates continue to be pushed back. 

Google had been planning to return workers to the office in January 2022, but it pushed that date back in early December. Ford Motors also announced a delay in returning workers to the office as a result of the omicron variant.

According to Perimeter 81’s Gidali, hybrid work is an ideal model for handling these unexpected issues, such as COVID-19 variants, or even a bad flu season. When one of these issues arises, it’s easy for employees to switch back to working remotely since they are already set up for that. 

Before the COVID-19 pandemic, it was common for employees to feel like they had to still come into the office even when they were sick, but the events of the last couple of years and a flexible hybrid working model can help reduce or eliminate that pressure. 

How low-code will help facilitate the return to the office and boost morale

Last year, we declared that 2021 would be the year of low-code solutions. Low-code helps increase innovation, reduce development costs, and improve productivity, all of which were a necessity in early 2020 when companies moved from the office to remote work. 

Now low-code is helping with the move to hybrid working models too. 

According to Deb Gildersleeve, CIO at low-code platform Quickbase, low-code can also help improve employee morale and thus avoid some turnover from The Great Resignation. 

“Low-code and no-code allow the people who are able to think up what processes should be to then build it out for themselves, and that is really empowering,” said Gildersleeve. Rather than needing to wait on others to complete a workflow or process, workers can be empowered to complete their portion of the process, and others can do the same. “t’s not a matter of, oh, I can’t do my thing until they email me this. It puts the power of fixing that problem and improving their day, in their own hands.” 

Employee experience is a huge part of whether employees decide to stay at a company or leave it. Anything a company can do to make sure the employee experience is positive will work towards better retention of talent. 

“If you’re sitting there and you’ve got issues, and you’re just waiting on somebody else’s to-do list to get them solved, that’s frustrating,” Gildersleeve said. “And that might be a frustration that could build over time, and it might be the tipping point for you to take that phone call from the next company … There’s no perfect job, but when you have the ability to improve your day to day, I think that’s what really makes people want to stay with a company.”

The post 2022: The year of hybrid work appeared first on SD Times.

For many, this is a new practice that requires trial and error in order to find the most efficient remote management strategy. Even then, project managers and employees find themselves battling new challenges. According to Bill Palombi, head of product at the dataflow automation organization Prefect, these hardships vary depending on what stage a company is at in terms of growth. 

“I would say the most substantial challenge by far is onboarding people and gelling different teams together,” Palombi said.  “The processes that you need to be successful [remotely] simply change as a company grows.” 

According to Palombi, the struggle with onboarding teams remotely is compounded by the fact that team members and managers, or even team members and other team members, struggle to form a solid relationship without meeting in person. “Particularly, those informal ties within an organization are sometimes hard to develop with a remote team… when everybody is in the same workspace, there’s a propensity to lean on more informal ways of doing things,” he said. Without those informal bonds and methods that in-person work offers, project managers overseeing remote teams must leverage certain tools that are well suited for collaboration. 

Palombi believes that any kind of task and project management software that allows managers and team members to keep track of in-progress tasks, has become an essential part of managing teams remotely.  “There’s a tool that we use to capture tasks, assign those tasks to people, and then use that task… as a point to share status updates relevant to the completion of the task,” he said. These types of tools can be a huge benefit to project managers as they not only allow for a certain level of collaboration, but also the tracking of different team members’ work.

Another struggle Palombi highlighted was that of the mental health and the home life of team members and managers alike. “I don’t know that it’s any more important now [to offer mental health resources] than it always has been, but I do think that is it getting more attention,” he began, “We have a lot of informal conversations at Prefect that act as opportunities for those with challenges to come forward.” Creating an environment where team members feel comfortable going to their managers with personal problems that can have an effect on their work is more important now than ever. 

Ahva Sadeghi, co-founder and CEO of Symba, a women-founded tech startup that helps organizations streamline the management of their talent development programs, also emphasized the importance of forming this personal connection with employees when managing teams remotely. According to Sadeghi, the major challenges of managing a remote team can be broken up into two aspects: clear communication and mental health support. “One aspect is managing the workload, the workflow and communication,” she said. “It’s about making sure that project managers are in touch with their team, that there are clear expectations, and that their team is well suited to deliver on projects.” 

She explained that this can be harder to accomplish in a remote setting as managers no longer have full access to their team members. According to Sadeghi, without the option to knock on someone’s door and see how they are doing with the work they are assigned, managers can be left feeling slightly out of touch with how things are going. 

However, Sadeghi said the solution to this problem is striking the right balance between being overbearing and being too hands off. “It’s been challenging for some of these project managers whether they are overstepping and creating a micromanaging environment or if they’re not giving enough direction and their employees and teams feel lost,” she said. 

The next challenge Sadeghi highlighted was that of the mental health of team members working remotely, specifically during the pandemic. “I think the second biggest challenge is definitely around mental health because not only have we been in a remote setting where we don’t have a lot of the culture and experiences that we had in a workplace setting, but going through the pandemic we find ourselves isolated from other aspects of our social environment,” she explained. 

Throughout the pandemic, millions of people around the world found themselves disconnected from their friends and family. This social detachment paired with a remote work environment can leave people feeling alone, putting a strain on their mental health. According to Sadeghi, there are some ways organizations can combat this. She said, “The first thing is really treating your employees and team as people rather than just employees.” 

For project managers and team leaders operating in a remote setting it can be easy to fall into the trap of viewing team members as employees only. One way Sadeghi thinks organizations can prevent this is by hosting regular mental health check-ins with team members. Having this culture in place and making your employees feel heard and cared for will undoubtedly improve their experience and by extension, their work.

One tip Sadeghi had for project managers trying to make these mental health check-ins as effective as possible was her “red, yellow, green” system. “This is one thing that we do where we just ask how their doing and they categorize their feelings into either red, yellow, or green,” she explained, “red meaning things are on fire, I need to stop what I’m doing and I need to focus on something else. Yellow meaning I’m struggling with things, or green meaning I’m doing really great.” Having simplified terms for team members to express their feelings to their managers makes them feel supported throughout this challenging time. “This allows us to really understand and support our remote team,” Sadeghi said. “You can really create space for those feelings and see if certain employees need to take a step away or would benefit from a mental health day.” 

Sadeghi believes that offering employees the option to take a day to focus on getting back in the right headspace will help to avoid burnout, and this does not just go for employees but managers and team leaders as well. “One other thing that’s really important as a manager is to take your own paid time off and encourage people to sign off when the day is done; that really sets a tone for the organization,” she said. Burnout and fatigue are struggles for everyone. As a project manager working remotely, taking care of your own mental health and well-being will inevitably have a domino effect on team members. This will create a culture of inclusivity and care, ultimately leading to the production of better work as well as a healthier and happier work environment.

Another challenge of working from home is setting boundaries around working hours. According to Sadeghi, “It is so important to respect peoples hours. “If someone is working from 8 to 5, as a manager, you have to be sure not to reach out to them before or after those hours unless it is incredibly urgent.” This works to help team members accomplish a better work/life balance when working from their own homes. Without a separate work setting, it can be difficult for an employee to set those boundaries and differentiate their personal time from their working time. As a remote manager, helping team members find that boundary becomes an incredibly important aspect of the job. 

In that same vein, Sadeghi believes that working hours should be used methodically and meetings should be scheduled in a way that allows for the most productivity. “You have to make sure you’re scheduling efficient meetings that are mindful of everyone’s time,” she began. “Knowing the right people are there and knowing when to leverage certain communication tools will save people’s time in the end.” 

Sadeghi also stressed the importance of letting team members know that their hard work is valued in the organization. “I think in this remote setting it’s so important to give kudos or shoutouts to different teams,” she said. Sadeghi uses this in her own organization and she believes that having this model of positive reinforcement and employee recognition helps to set a positive tone. Showing team members that you appreciate their work gives them a feeling of pride and accomplishment and will, in turn, lead to more commendable work in the future. Having open communication pathways to express both positive and constructive feedback offers organizations a level of transparency that will help them thrive.

With this transparency, Sadeghi said that another struggle of managing a remote team can be staying on top of the work each person is assigned. “I think that it’s really important to have a structure within your team,” she began, “One thing we do is design OKRs to understand what the objective is and what key results we hope to accomplish with each task.” 

Sadeghi believes that as a manager, especially one working remotely, it is essential to know what is on every team member’s plate to ensure that the workload is being evenly divided. This is another place where she cites her “red, yellow, green” method, but in a professional way. “As a good manager you have to understand how you’re delegating tasks,” she said. “And beyond that, you have to ask your team for feedback; another part of that ‘red, yellow, green’ thing is the professional side.” This offers team members a way to let their manager know if they feel overloaded with tasks and projects. 

One-to-one meetings ‘powerful’

Hazim Macky, vice president of engineering for the cryptocurrency platform Coinme, believes that the most effective way to manage a team remotely is through personalized one-to-one meetings with team members.

“I think in general that one-to-one meetings are a very powerful tool for any leader,” Macky said. “It is an opportunity for both the leader or the manager and the employee to connect on so many levels.” 

Unfortunately, this personal connection between managers and their employees can seem unattainable in the remote working world we now live in. According to Macky, one-to-one meetings might be the solution for the disconnect that many companies are facing because they allow employees and managers to personally share expectations and work on plans for growth and development. 

When working remotely, it can sometimes be difficult to find motivation and intention to put behind different tasks. The same goes for the practice of one-to-one meetings in a remote setting. “This type of meeting is a great tool for any manager to have in their toolkit, however, there needs to be intentionality to back it up,” Macky said. He placed an emphasis on the effectiveness of these types of meetings for both the employee and the manager — both parties need to leave the meeting feeling as if they got something out of it and that it was a productive use of time. This becomes especially important when managing a team remotely because face time with your employees becomes more rare. 

This leads to the question of how to conduct one-to-one meetings remotely in the most effective way possible. Macky’s strategy for this is to schedule one-to-one meetings not as a method to get updates on certain projects, but rather as an avenue to invite open communication and form a trusting relationship between manager and employee. 

According to Macky, shared understanding is an important place to start. “They come from a ground of understanding, meaning that the manager understands what the employee wants to address,” he explained. “What are the expectations? How does the employee want the manager to behave? Do they want suggestions or do they want the manager to merely listen and hold a space for them?” For a manager, taking this time to hear employee feedback and understand their experience within the organization can be just as important for company growth and overall progress as hearing about updates on different projects. 

“There is a great opportunity with one-to-ones for the manager to see how they can best provide support for their employees during this challenging time,” Macky said. He placed an emphasis on the effect of COVID-19 on the mental health of the masses and how employees’ struggles in that regard may negatively affect their work, especially when that work is being conducted remotely. “It is important to create the environment to really let the employees know that they are heard,” he said. “If needed, the manager can offer some resources that either the company provides or that I just want you to know about.” Macky said this is oftentimes uncharted territory for managers, as they most likely have never had a need to be exposed to or trained in mental health services prior to the past year. Now, in the remote work setting, addressing these concerns becomes a more pertinent issue than ever before. 

When an employee is granted this kind of one-on-one, open communication, it also helps to build company loyalty, something that can be challenging to accomplish in a remote setting. According to Macky, using one-to-one meetings to let your employees know that you care about them as people rather than just as workers will motivate them to work harder and boost company morale. “Letting the employee know that they’re heard and being listened to [by the manager] is a powerful tool,” he said. “It creates a culture of inclusivity and belonging within the organization that I think every company should be striving for.” 

90% of project teams working remotely

According to the new Global Trends in Project Management 2022 report, nearly 90% of project teams are working remotely in multiple locations. Of those surveyed, 48% reported that they operate in multiple locations within the same country while 39% said that their teams function in multiple different countries.

 It was also revealed that only 26% of respondents are working with an established project or work methodology, such as agile or waterfall. Meaning, that there are many scattered teams operating without a uniform method in their organizations. 39% reported that they use a combination of Agile and Waterfall, 18% used many different styles within a single project, and 17% operate with no established methodology at all. 

When it comes to managing remote hybrid teams, there are many challenges for a leader to consider. According to the survey, the number one challenge these teams find themselves faced with is poor cross team collaboration. 26% of respondents reported that their organization struggled with this while operating remotely, meaning that many organizations are still learning to successfully accommodate hybrid teams. In addition to this, respondents reported that organizations also faced challenges such as outdated or ill-suited processes, overall difficulty working in a remote environment, and ineffective scheduling. 

In an attempt to try and mend these issues, 50% of organizations operating remotely use scheduled meetings as the primary way to collaborate within the team while 25% reported that they use chat or email to foster team communication. In terms of tracking project progress, 29% of those surveyed reported that they also use in-person or virtual meetings in this way while 20% use project management software to stay up to date with projects, and lastly, 13% said they utilize spreadsheets. 

In a hybrid work environment, project managers also find themselves facing the issue of balancing the wide range of skill sets displayed across team members. This becomes a bigger problem when many of those expected to manage projects in the remote environment were never formally trained in project management. According to the survey, almost 30% of respondents reported that they were not specifically hired to be a project manager, however, they consistently find themselves in these kinds of leadership roles. In addition, nearly 30% of those surveyed also said that they never participated in a formal management certification program.

The post Managing remote teams appeared first on SD Times.

Balancing the needs and desires of your developers while still ensuring the work gets done well is no easy task, but the challenge of creating a healthy hybrid team is well worth it. As a leader, how do you manage these varied circumstances while ensuring everyone is treated fairly? What can you do to ensure that employees in the office remain in sync with their remote colleagues? And how do you manage everyone’s stress levels – your own included – during this transition?

Identify the challenges

Research and experience have shown that hybrid teams in software development face a few major challenges – ensuring equity between in-office and remote employees, managing seamless collaboration, and maintaining culture. 

Managing remote workers and in-person workers requires different approaches and communication methods, and managers must be aware of the ways in which proximity bias can impact the way their hybrid teams work – and what they can do to keep the bias at bay.

Proximity bias is one of the biggest challenges any hybrid team leader should be aware of. People who are in the office may be perceived as being more productive because they are more visible, while remote workers who do amazing work are left to languish in the background. Those working in the office may get better projects because they’re top of mind for managers and team leaders, and junior team members working in-person may receive more hands-on support without even asking for it.

The most efficient and effective method of conveying information to and within a development team has traditionally been in-person, but in the hybrid world, teams must remain connected even when they are physically separate. In offices, developers often rely on overhearing conversations or swinging by each other’s desks to chat about a project and while information conveyed in this ambient manner is important, it is crucial to adopt a hybrid-friendly approach for those in the office as well as at home. 

Bringing some playfulness into an otherwise monotonous workday can have very positive effects for hybrid teams. In-office employees can socialize more easily during breaks or around the water-cooler, while remote employees are left out of those conversations. Leaders will need to create, foster and nurture culture with their teams working in multiple places.

Beating back the bias

So we know that proximity bias is one of the worst parts of hybrid work, but how do you combat it within your own software development team? While every team – and thus every workable solution – is going to look a bit different, there are some solutions managers can implement to ensure the playing field remains level no matter where the work is done.

First, intentionally and consistently check in with every team member. Get a daily pulse on their work, and how they are doing, through asynchronous mechanisms – whether that’s a daily email, a team virtual standup on Slack, or using dedicated asynchronous check-in tools– and schedule recurring, real-time touchpoints through team meetings and face-to-face individual calls (even if it’s via Zoom).

Second, establish the precedent that everything must be written down. Even an FYI about an in-person conversation can go a long way to ensuring that your remote team members are kept in the loop and don’t feel isolated. Written records of all employees’ work, whether it’s done remotely or in the office, also helps diffuse unconscious bias during performance reviews.

Finally, be intentional about the culture you’re building. Office camaraderie and culture aren’t the same things, and if you rely on the former, your remote employees will feel left out and marginalized because they’re not in the “in crowd.” Use the “one remote, all remote” policy for meetings, even if several attendees are in the same room, by having everyone attend via their own video chat. It’s imperative that you make sure there is a conscious and consistent effort made to bring remote employees into the fold and to level the playing field.

Is your hybrid team healthy?

It can be challenging to suss out if your hybrid team is in good shape, but there are a few obvious tells. If you observe all members of your team feeling connected and comfortable with one another, and if you know that everyone feels like they have the information they need to do their jobs well – and the work gets done on time with no delays – there’s a good chance your team is in great shape.

And when in doubt? Ask. Use regular anonymous surveys to check the pulse of your remote and in-person team members. If there’s an issue, address it, and move forward knowing that you’ve done your part to make your hybrid team as healthy as can be.

The post Creating healthy hybrid development teams appeared first on SD Times.

There are many benefits and disadvantages to this transformation, and one element of this change is the concept of a virtual interviewing and hiring process when onboarding new employees. The idea of interviews via video calls can seem daunting to both employers and employers alike, but the truth is that digital hiring is quickly becoming the new normal. 

Eric Riz, founder of verified data platform Empty Cubicle, says that while seeking out and hiring employees online is not necessarily a new concept, the push for all companies to adopt this practice is stronger now more than ever. “The expectations and the demands on the businesses have become a lot harder. Where organizations had a specific regimented process of how long it would take for an individual to get hired, that has now been modified,” explained Riz. This modification has been fast-tracked with in-person interviewing and hiring not being an option over the last year and a half. 

RELATED CONTENT: Developers reflect on challenges, feelings about remote work in pandemic year

An interview process that may have taken two rounds in an in-person format could very well take three or even four while conducting interviews online, because it is harder to get a solid read on candidates while viewing them through a screen. On top of this, some companies that may have favored a more old-fashioned approach to hiring have had to make this shift rather quickly, making it challenging to navigate through this new hiring process.

Not knowing what to expect

In the pre-pandemic world, employers and job seekers knew what to expect going into an interview. Dressing in business casual attire and expecting a firm handshake at the start of the interview was a familiar approach to hiring, but today that is no longer the case. Not only do employers now have to be sure that the candidate being interviewed is right for the job, they also have to ensure that the interviewee is the right person to function effectively through digital means. 

“An expectation that everyone knows and uses the technology appropriately, whether they’re using Teams or Hangouts or Zoom or anything else, it means that the hiring [expectation] on the employer’s side has been increased,” Riz said. This shouldn’t come as a surprise; employers expect to have to train new hires on the ins and outs of the business, but when they also have to go through how to effectively use online platforms for everyday tasks, the length of that training process can be extended, making that candidate less desirable. Finding a candidate who is somewhat tech savvy is playing a more important role in the hiring process because businesses that used to use minimal tech to run their day-to-day operations are now becoming increasingly reliant on it. 

Another aspect of online interviewing is that of verifying the credentials of the candidate. Before COVID, when interviews would take place in person, an employer could easily tell that the answers being given by the interviewee were their own words and experiences. However, when viewing someone through a screen, it is hard to tell what information they have access to right in front of them. “As I’m sitting here in my home office I have four screens in front of me, and you’re on one of them,” he began, looking at me through the computer monitor. “If I put you on another screen and I had a bunch of technical details on the screen in front of me… and I literally read somebody else’s resume… and it looks like I’ve got all of the answers… but the reality is I’m none of that, I’m just sort of a good talker.” 

Verification a challenge

This is an important aspect of the new normal that people may have glossed over: verifying interviewee details. When interviewing via video call, employers run the risk of candidates telling them what they know they want to hear because they now have the option to look up answers to questions or reference somebody else’s experience during the interview. Back before the pandemic, when interviewing took place in person, this was not a huge concern. If for any reason the employer had a feeling the interviewee may be lying on their resume, asking them a question relating to a topic they claim to be proficient in will clear up any confusion. Unfortunately, in a digital setting, verifying this information is not an easy task and it is something employers today, particularly in the technology field, always have to consider when hiring a potential employee.

Another way that COVID-19 has redefined the way companies hire is the added option of prompted video interviews. This is when a hiring manager will take a video asking multiple interview questions — or in the case of developers, to change some functionality in a code snippet in Java, as an example —  and then a candidate will have a set amount of time to finish the test, or think of an answer and record a video in response. Verification of interviewee background becomes a problem as it is easier for the applicant to fabricate past professional experience. In an in-person interview setting, the interviewer can see that the applicant is not looking up answers during the interview; while in pre-recorded interviews, it is challenging to tell what are genuine answers and what is the result of a Google search done prior to answering. This can lead to an underqualified candidate making it past the first round of the interview process and thus wasting company time with a second interview. 

According to Riz, this kind of pre-recorded prompted interviewing also poses a whole different set of obstacles on the interviewee’s side, “I think that you’re testing people… the whole idea of an interview is to have a conversation and create a rapport.” Taking away the personalization of a live interview can make the candidate feel trapped and trigger something similar to a fight-or-flight response resulting in unnecessary panic, Riz said. 

The added time pressure this method of interviewing has can also cause the interviewee to speak too quickly out of fear that the allotted time will run out and, therefore, lead to miscommunication. “If I’m the candidate… and their rapid-firing questions at me that I have to answer in a specific period of time, it changes the whole dynamic,” Riz explained. This shift in dynamic will inevitably have an effect on the way questions are answered. Therefore, it has the power to completely alter the trajectory of an interview. Riz continues, “I’m being tested which means I’m going to emotionally and psychologically respond differently… and you’re not going to get a true response that’s reflective of the individual.” When interviewees feel this kind of pressure, even the most well prepared and qualified candidates may not be answering to the best of their ability. 

Vaccine requirements

A new issue facing employers a year and a half into the pandemic is the question of vaccines, especially while hiring new employees. While a company may not be able to require a vaccine to be hired, they can certainly place restrictions on who can and cannot enter the workplace. “Organizations are going to be able to say, ‘I’m sorry but people who have or haven’t had ABC [vaccine] can’t come on site because we can’t risk it,’” Eric Riz, founder of the verified data platform Empty Cubicle, stated. “As a business owner, you have to look out for your people.” This becomes a factor in the hiring process because of the added layer employers now have to struggle with. If the most qualified candidate opted not to get vaccinated against COVID-19, is hiring them and placing them in a remote setting, while the majority of other employees are in office, worth it? This also becomes an awkward new aspect to the interview process that has to be addressed. An employer bringing up the topic of vaccines in an interview may derail what could have been a positive conversation beforehand. 

The topic of vaccines affects potential employees as well. It has the power to limit the job prospects of those who chose not to get vaccinated, depending on whether or not they are comfortable with or even offered the option of working remotely. Ultimately, the decision falls to the employer of whether or not they want to allow unvaccinated employees into the office.   

The issue of vaccines rolling out in many places has also caused the number of people applying for jobs to increase back up to a manageable level. Joe Militello, chief people officer at PagerDuty, said that over the last six months since the vaccines have been introduced, the number of people applying for jobs has risen dramatically. “I would say the vaccinations are playing a huge part in it because that’s what is reducing the COVID rates in many parts of the world,” Militello said. 

However, because the vaccines are not accessible everywhere and there are still those who will opt not to get it, the fight for hiring managers is far from over. The effects of the pandemic will likely still be seen in the interviewing and hiring process for the foreseeable future. On top of vaccinations, Militello also attributed the recent spike in job applicants to the fact that resignations have been rising consistently and the fact that job seekers are looking for a change in their daily lives. Whatever the reason, the workforce is seeing an upward trend that will hopefully continue in the coming months. 

Riz also spoke about the technical process of onboarding new employees, both before and after the coronavirus pandemic. He said that while the process has been altered, the baseline of hiring still remains the same. “There’s a whole life cycle and process behind hiring and while that’s been disrupted, it hasn’t changed from a technical level,” he said.

This is to say that everything that went into seeking out and interviewing new prospective employees hasn’t changed much at its core. Both before and after COVID, the deeper level of the hiring process involves setting a new employee up with a desk and the correct software and the knowledge needed to thrive within the company. Employers still deal with all of those same struggles, albeit in a different way and to a different degree amid the pandemic. 

In the midst of all the chaos surrounding interviewing and hiring under today’s circumstances, Riz’s main advice to job seekers today is to take a very well-thought-out approach to the job hunt. “I would say right now… assess and analyze your situation and perspective much more and try to create a plan or path for yourself not with hard goals but with soft goals that can be modified based on the world’s conditions,” is his advice.  

Cultivating culture in a remote workforce

One of the most important and yet overlooked aspects of hiring for remote work due to the pandemic is the issue of company unity and morale. According to Joe Militello, chief people officer at PagerDuty, it is without a doubt challenging to cultivate employee loyalty while operating in a remote format. He said, “That sense of belonging… it’s one thing to think ‘yeah I can operate independently because I have access to technology and I’m a responsible human being,’ but it’s also about that emotional connection to the company.” This connection can be difficult to manifest in a setting where all employees are not working together. This also affects the way an interviewee may feel about the company in the first place. 

Back when the majority of interviews took place in an in-person setting, when the applicant entered the workspace, they could feel the energy of the people around them. Oftentimes, they would be able to tell based on feeling alone if the environment was a good fit or not. With this no longer being an option in most workplaces, it can be nearly impossible to gauge the loyalty of current employees unless the applicant were to reach out to a member of the team personally. Not having this sense of team spirit and shared camaraderie among employees can prove to be difficult for both employers and prospective candidates. 

In terms of creating employee loyalty, employers can struggle and job candidates can find their issues in terms of feeling out the environment and people they will be working with if hired for the position. “They can do the job, but in six months if they don’t identify with the company and they don’t feel like they belong there, they’re going to leave,” Militello said. According to Militello, employers now have to work even harder to ensure that the work environment is positive and fosters employee connection, whether that happens remotely or otherwise.

Shannon Hogue, global head of solutions engineering at Karat, pointed out that  the elimination of geographic constraints that comes along with remote hiring gives potential employees greater freedom. She believes that candidates who are interviewing and working remotely now have the option to go through many more job postings than what would have been available to them in a company that requires reporting to an office. This allows for them to then choose the one that speaks to them the most and not be limited by the locations of the company. 

“Work is hard, startups are hard, tech is tough especially for… under-represented communities. It’s a tough place to be and so if you don’t believe in the mission, if you don’t truly believe that you’re making a difference… it’s really easy to move on to the next thing,” She explained. 

Since the beginning of the pandemic and the shift towards remote hiring and working, doors have opened for job applicants to find positions that mean more to them because of the absence of a geographic requirement. She added, “If you want to retain folks, you need to make sure that they believe in your mission.” This may very likely be the key to developing employee loyalty in a remote working world. When an employee is working for a company they love in a position that makes them feel fulfilled, the issue of turnover and loyalty can become obsolete. 

This is one of the most positive impacts the pandemic has had on hiring and interviewing for both job seekers and employers. Hogue continued, “Do I think that they are going to get uncomfortable with having a lot of options? Absolutely not! In fact the more options the better. It means that we are going to start seeing the best diversity in thought and in talent with the best companies.” Here, she explained why this new universal remote hiring is beneficial on both sides of the spectrum. Employers are gaining more diverse and informed points of view to enrich their companies while employees are getting the opportunity to gain a more filled-out view of the job options and companies available to them nation and even worldwide. Having the access to these different companies and cultures provides access to a diversity pipeline that is fairly new to the hiring world, she said.   

The post Hiring amid COVID-19 appeared first on SD Times.

This is according to the new 2021 Network Security Report conducted by the cybersecurity and managed security services provider Trustwave which is based on scans of millions of servers worldwide. 

“The number of machines connected to the Internet and vulnerable to issues that were actively being exploited in the wild was staggering. Some of the CVEs had patches released over 2-3 years back. It is always alarming to see those types of stats around vulnerable devices,” Prutha Parikh, senior security research manager at Trustwave SpiderLabs, told SD Times. 

One of the most common and serious breaches occurred due to unpatched VPN vulnerabilities. A major attack due to this issue was the Pulse Secure Connect Arbitrary File-Reading vulnerability, which was originally patched in April 2019, but was then accessed through REvil ransomware that gained access to the currency exchange Travelex’s network through this flaw.

A major new source of vulnerabilities was video conferencing platforms. One such malicious practice was “Zoom Bombing,” in which videoconferences are hijacked by disruptive trolls. Also, there were reports of a wormable, zero-click vulnerability in Jabber, which received a critical in severity rating and was patched by Cisco.

“Some trends like video conferencing software vulnerabilities saw a spike with distributed workforce last year. This was primarily because these applications were designed for ease of use rather than keeping security in mind. As these solutions continue to mature, there may be a slight drop in that trend. But, we will continue seeing a rise in cloud security issues and possibly more sophisticated supply chain attacks despite workforces returning to a hybrid model,” Parikh added. 

The third major vulnerability trend involves Windows vulnerabilities, notably a critical vulnerability dubbed “Curveball” or “ChainofFools,” Windows 10 and Windows Server 2016/2019 along with many applications. This vulnerability made it possible for malicious actors to spoof certificates that rely on Windows CryptoAPI for signature validation.

Other Windows vulnerabilities included the wormable vulnerabilities SMBGhost or EternalDarkness and SIGRed. A major privilege escalation vulnerability named ZeroLogon surfaced which exploited the Netlogon Remote Protocol (MS-NRPC).

Parikh said that a major reason why these vulnerabilities exist is that organizations fail to prioritize vulnerabilities based on their environments since they are often unaware of which vulnerabilities pose the most risk. Also, server-side patching brings challenges like downtime of production systems as well as the possibility of breaking existing functionality, resulting in more reluctance from teams when it comes to remediation. 

“Organizations should identify their most critical assets and accelerate patch management for these critical systems like VPNs and cloud interfaces. Automation is key to achieving continuous monitoring of vulnerabilities and remediation. Applying other security best practices like least privileged access, zero trust solutions, and scalable MFA can also aid in prevention. Comprehensive security includes both a proactive and reactive approach, so detection and response are as important as preventative measures in dealing with attacks,” Parikh added.

The post Report: Remote work created vulnerabilities in systems designed for in-office workforce appeared first on SD Times.

As many organizations look to transition to a hybrid remote work culture, development leaders are wondering if it will be possible for their teams to maintain effectiveness when working outside of the office long-term. Agile teams are inherently self-organizing and adaptive to change, but application technical professionals must maintain a strong team culture of close collaboration, feedback loops and dynamic interaction to stay effective in a remote environment. 

RELATED CONTENT: Developers reflect on challenges, feelings about remote work in pandemic year

To maintain a successful and efficient remote work team, software development leaders can champion six best practices:

1. Review the situation

First, review your remote team situation. Because we have lost the benefits of colocation, where constant interaction, easy pairing and water cooler conversations aid teamwork, we need to address collaboration in other ways. 

Set the tone in a remote environment by arranging a video conference with your team to outline how you communicate and collaborate when working remotely, evolve your team culture to solve remote challenges and adapt the way you work. Hold another video conference with your product owner to align the team on the product, vision and strategy. These video conferences help empower a team by agreeing to new ways of working and reinforcing purpose.

Every problem is a people problem — or at least, it has a people solution. Evaluate the degree to which your team possesses the essential skills for working together in a remote environment, which should include complex problem-solving abilities, critical thinking skills, creativity, flexibility and strong judgement. 

2. Engage as a team and focus on culture

Remote working is a skill that requires time and effort to develop. Video conferencing is a great way to engage with your team, but how many times have you been in a video conference with your camera off, your microphone muted, checking your email or even making a cup of tea? 

Reinforce simple rules for video conferencing etiquette, including:

• Be present. If you do not feel the meeting has value for you, decline the invite. If you do attend, be attentive and leave your camera on.
• Be human. Don’t be concerned that your children, significant other or pets will invade your picture. Welcome this, as it shows that you’re human and face the same challenges as everyone else. Stay on mute if you’re worried about interruptions. 
• Be part of the team. If it’s a team call, don’t mute it. Team members want to hear feedback. Keep team lunches or after-work drinks on the schedule to maintain team culture — and leave your camera and microphone on, eat on the call and invite your family around to say hello.

Culture is frequently viewed as a barrier to effective collaboration, and this becomes more challenging when working remotely. Here are a few ways to improve your remote work culture:

• Facilitate a short team workshop to evaluate your company’s values and align work to those values. 
• Act in a manner you would like to see. Culture is what you say and what you do. 
• Agree on values and a team charter to guide conduct and provide behavioral nudges. 
• Demonstrate personal cultural leadership by committing to following these guiding values every day. 

3. Maintain momentum 

As development teams, we must continue to deliver value while working remotely, and this may require some process tinkering. Make adjustments at every phase of the software development life cycle to be inclusive, build trust and ensure that everyone is heard.

We sometimes forget that the reason we do the work is to solve a problem for our end users. Working remotely adds another barrier between product teams and the people they support. 

To address this, we must refocus on helping the people who use our products to solve their problems. Get closer to your customers, understand the work they wish to accomplish and help them to achieve it.

4. Foster openness and transparency 

We must build trust in our remote teams based on mutual understanding and respect. Encourage openness with weekly remote lunch events and virtual coffee breaks. Discuss everyday life, build empathy, form connections, and be clear on your intentions and reasoning. 

Fostering transparency builds trust, which enables team members to take risks, admit mistakes, rely on each other and improve together. Be understanding and empathetic when working with your team, but don’t value politeness over progress. Challenge behaviors that conflict with your remote working agreement and highlight potential issues early. Communicate openly, using reply-all on team emails and raising questions in your collaboration tool so everyone can contribute.

While remote, we must also continue to validate our work with real customers. Fast feedback is essential to enable agile teams to make rapid decisions and focus on the right features. Without in-person user testing, we must rely on technology solutions. Video calls, surveys and usability testing are all ways to receive quick feedback. Everyone on the remote team should be involved with user testing to create a shared understanding and a better product experience.

5. Leverage technology 

Effective remote teamwork requires close collaboration over multiple open channels with individuals skillfully moving between technology tools. Developing good communication and collaboration habits is a great start, but remote development teams must create a shared virtual space to succeed. 

Match collaboration tools to desired behaviors to create a common toolset, form a sense of community and maintain trust through team connection. Identify tools that can support the way your team works while prioritizing face-to-face interactions. Technology is rarely the answer, but it does provide the right platform to enable conversations. 

Shifting to cloud-hosted development environments can also increase the team’s agility and resilience through flexible, shared and always-available environments. Fully cloud-hosted development environments offer code, build, test and debug capabilities. Teams that have already moved to a cloud-hosted development environment are realizing their value in a remote workplace.

6. Evolve your remote team practices

The agile process is built on the three pillars of the empirical process: transparency, inspection and adaption. We must use these to continually evolve our working practices to improve the outcomes we produce for our customers. 

Disruptive change is stressful. Keep communication lines open, schedule one-on-ones, check in on people — but most of all, be kind to yourself and others. Your process modernization must be matched by a change to the way you organize your work. Your customers are unlikely to care about your process or product — they are more concerned about resolving their challenges and getting their jobs done. Your product is more likely to succeed if it aligns with their values and provides the best way to achieve their goals. 

These six best practices of the remote team framework can help you reassess how to help remote employees remain effective. This framework has proven successful in supporting remote product development teams and improving how they operate.

Gartner analysts will further discuss application innovation and software engineering strategies at the Gartner Application Innovation & Business Solutions Summit 2021 taking place virtually May 26-27 in the Americas.

The post Analyst Watch: Succeeding as a remote Agile team appeared first on SD Times.

Remote-work first versus remote-work friendly
Remote hiring used to refer to offshore talent or a specific employee arrangement; a team really wanted to hire a candidate based in Los Angeles, for example, and might extend an offer knowing they wouldn’t have a formal office space. These remote employees faced similar frustrations and challenges — conversations would happen around the office that they would miss, sometimes people would forget to add a Zoom link, or documentation wasn’t great and remote individuals would miss important details. In the last year or so, many companies have transformed their teams to be remote-first out of necessity and in doing so have expanded their horizons geographically in terms of where they might recruit. Thinking outside of physical office locations for talent acquisition opens up huge new pools of talent, particularly outside the U.S. where the tech talent gap is severe. For example, next-door neighbor Mexico graduates over 130,000 computer science graduates annually, easily dwarfing the estimated 65,000 graduates in the U.S. In the very recent past, nearshore or offshore employees would struggle to be participative in an office culture that wasn’t remote-friendly (let alone remote-first). Our collective new attitude (and accidental remote work experiment from COVID) should mean that even when we do return to physical offices, we will be more cognizant of remote individuals and teams. Partnering with teams in Mexico, a country with many English speakers, excellent computer science programs, and compatible time zones, should feel substantially less risky than before.

Hire for potential & train for expertise
Education is the secret weapon of many large and fast-growing companies. This has certainly been true for my company Wizeline — our teams were able to hire more than 300 employees in a single month in 2020 due to our well-structured new hire education programs. While trained over 10K students last year via our free community-based Wizeline Academy programs, but one of our most impactful talent programs has been paid apprenticeships. Apprenticeship programs (as well as paid internships) provide structure for assessing prospective candidates while also providing targeted education to level up any missing skillsets. We primarily leverage paid training programs for our hardest-to-hire roles, like data engineering, and searched for candidates with just a few years of engineering experience but were motivated to gain expertise in a new field. Before converting to a full-time role, apprentices follow a structured path that includes mentorship, coursework, and real work experience. I was proud to see that these programs not only added predictability to how we hired, but they enabled us to make a bigger impact on our local communities. For example, our Site Reliability Engineering apprenticeship program had gender parity with 12 out of 24 participants that identifying as women. Beyond capacity and scale, continuous education is a critical move for companies who want to keep their workforce responsive to disruption or change. Launching reskilling programs can encourage fluidity between departments and allow for upward mobility for more junior employees, which should positively affect retention and likely also employee satisfaction. 

Commit to creating more opportunities for more people
Low or no-cost education programs can be a powerful tool for bringing more opportunities to underrepresented groups and expanding your hiring pool simultaneously. Encourage your teams to make a serious commitment to making education programs equitable and set goals for broadening access. Diversity and inclusion initiatives can be great opportunities to involve your customers and partners. Last fall, Wizeline was thrilled to partner with Amazon Web Services to provide 398 free cloud certifications (from more than 2,000 applications) for women in Latin America. By comparison, Wizeline certified 150 employees last year in cloud programs, so more than doubling that figure for women in our community was only financially and logistically possible with the enthusiastic support of a partner. 

The tech industry moves quickly, and the shortage of technical talent is not a new phenomenon. However, the last year has taught us that companies can be adaptable to new ways of working. Many leaders have shifted their mindset around office culture, physical work locations, flexible and remote work, and new employee onboarding. Companies can diversify their talent pools by taking a hard look at their education offering – both internally and for prospects – and aligning it with the skill sets they need most. Developing and executing a layered tech talent strategy is hard work, but the increasingly digital world will need all of us to stay on our toes and think creatively.

The post The battle for tech talent will require a plan (and a plan B) appeared first on SD Times.

At the start, some developers struggled with remote work, while others thrived. Initial struggles included setting up and getting used to a distributed environment for the first time, feeling isolated from co-workers, and balancing work and home life — especially for those with young children when normal childcare options weren’t there or they had to help their kids with remote schooling alongside working their normal job. 

Benefits included the ones normally associated with working from home: increased productivity, more free time due to not having a commute, and the convenience of not having to go anywhere. 

RELATED CONTENT: How you organize your development teams matters

One year later, the benefits might have remained the same, but the negatives have compounded themselves for some. Those feeling isolated from coworkers at the start of the pandemic are now dealing with the mental toll of having been isolated not only from coworkers for a full year, but also from family and friends. 

“A couple days in a month or a week, no problem, but forever? Well, that just requires a lot more intention from yourself, your team, and your coworkers,” said Anthony Tran, software engineer  at Rollbar, a company that provides a continuous improvement platform. 

In fact, a survey released by Harness in August—5 months into remote working—revealed that 12% of developers were less happy in their roles than they were pre-pandemic. 

There are some who either didn’t like or struggled with working from home at the start, but have changed opinions over time as they’ve gotten more used to it and experimented and figured out things that worked for them. 

“During the beginning of the pandemic it was a struggle to stay motivated at home, there were so many distractions that it made it difficult work,” said Tyler Corwin, a developer at digital marketing company Figmints. “I was still able to hit all of my deadlines, but I didn’t get the same drive to get things done as I did while I was still in the office.  After the first month things got much better as my time management and organization got better.” For example, one thing he started doing was creating “fallback” tasks that he could work on while he waited on answers from his teammates on Slack or email. “This kept me working more efficiently and it’s something that I’ll continue to do even after we resume work back at the office,” Corwin said. 

Corwin added that while at the start he struggled with motivation, communication with team members, and keeping his kids from running into his workspace, now that the vaccine is here, he finds himself not wanting to return to the office five days a week. 

Maxime Basque, a developer at Unito, said that working remotely has been more good than bad. “While I do miss the camaraderie and things like being able to just ask something to someone directly without going the async route, as a generally anxious person I feel a lot calmer these days; not wasting 1h+ in transport every day, being able to concentrate with no distractions when I need to, having almost full control over my schedule, not having to think about lunch, etc. Eliminating the small things that caused a lot of stress were really beneficial for me,” he said.

Daniel Valdivia, an engineer at Kubernetes-native object storage company MinIO, appreciated the extra time he was able to spend with his family. “As the father of a 2-year-old, it has been awesome to get as much time as I have had with my child at such a young age.” 

Sachin Goyal, a principal engineer at Rollbar, also has had mostly positive experiences with working remotely. “I was able to use my time much more efficiently. Cutting down commute, lunch, and room-hopping is a huge time saver. Apart from that, I spent much more time with my 2-year-old and my wife,” he said. The one complaint he has, like many, is not being able to see colleagues regularly. 

Goyal feels that his team and manager have been very accommodating throughout this time. For example, since his daughter’s daycare is closed, he and his wife plan their day and meetings around making sure one of them is always with their daughter, and his company allowed him to have a more flexible schedule. “The ability to work at flexible hours is a huge benefit for me. Open communication was really helpful. Clearly stating the accommodations I wanted from my team and my manager and working with them to create a win-win was actually a ‘win’ for all us,” Goyal said.

Tran also noted that his managers have put in a lot of effort in trying to make remote work a positive experience, such as having lunch meetings on working efficiently and ergonomically, Zoom hangouts with trivia, group yoga, or playing whatever the latest popular Internet game was. “Also, I’d like to emphasize being candid with my managers and coworkers at Rollbar and sharing that I was losing motivation and focus, and feeling distant from the company and team was very helpful because they related that this was a common symptom of working remote and being able to share that, we were able to put more events/meetings/activities in place to help mitigate this feeling,” Tran said. 

Rico Pamplin, a lead process engineer at Lincoln Financial Group, also sees positive steps being taken by management to ensure employees are doing okay. “My manager also heavily promotes maintaining a healthy work/life balance and we have scheduled 1:1 sessions to ensure our professional requirements aren’t overstepping the personal ones.” He said that one way he ensures he’s maintaining his work/life balance is scheduling activities that require him to leave his workspace, because otherwise he’s found himself with days where he’s gotten super focused on a project and then suddenly realized it was 10 pm. 

As more people get vaccinated, many companies are in the process of discussing what that means for future plans, whether that means fully reopening offices, staying fully remote, or adopting a hybrid model. 

Valdivia said that for most of his career he’s been in a physical office and preferred it—because he doesn’t feel that the collaborative process of problem solving on a whiteboard translates to Zoom meetings, and in-person conversations can help build relationships that advance your career—but now has begun to rethink his views and see the value in a hybrid model. “I think it can recharge you, allow for deep work and add a few hours a week of family time without negatively impacting your productivity or the culture.” 

Basque said his company, Unito, will be adopting a hybrid model once the pandemic ends, where employees will be able to work from home two to three days per week. “The company believes this will allow us to maintain our strong culture, foster collaboration, but also adapt to the new reality and new needs of the team.”

Pamplin also sees the value in a hybrid model. “Now that I’ve been remote for a while, the luster has worn off a bit, but I definitely wouldn’t want to go back to primarily working in an office. I don’t mind the cubicle setting occasionally, but to do my job effectively it’s not a necessity, especially given that most of what I do is virtual, and my team is geographically distributed.”

The post Developers reflect on challenges, feelings about remote work in pandemic year appeared first on SD Times.

According to the company, working remotely is not just about connecting work, it’s about making sure people feel and stay connected. With its updates, Atlassian looked at how to make sure work is visible to colleagues, how to foster social connections, and how to enable teams to express themselves. 

RELATED CONTENT: 
14 remote working mistakes that your team could be making
Hiring in a remote-first world

“Each of these areas is equally important in the success of virtually working well together. It’s not just creating content; it’s also about seeing the writer behind it to keep us all connected,” Natalia Baryshnikova, head of product management for the Confluence Experience Group, wrote in a post. 

The new updates include providing more ways to customize your workspace with the ability to add color, a page cover image or emojis into your content. This could help team members express their personality, which is especially important in a remote environment where team members may have never met each other in person before, the company explained. 

Smart links have also been added to display content in its native format for more informative visuals. Other updates include being able to schedule work or content at the right time, to the right people; and the ability to convert pages into blogs. 

“This new era of work isn’t written in stone, but we know it will require more than content creation alone to get things done and keep teams feeling the same connection they did in the office. In the next year, we’ll be supporting more types of content to continue making work more visual and further place Confluence at the center of organizations like yours,” Baryshnikova wrote. 

The post Atlassian updates Confluence to better support remote work appeared first on SD Times.