Getty Images
Technology companies aren’t always cutting-edge; sometimes they pull from practices as old as the 13th century. Some vendors—from Google to IBM to Meta to Microsoft—adopt a similar professional arrangement as an aspiring tanner or shipbuilder of old: the apprenticeship.
While today’s apprenticeships offer an easier entry into a profession (no degree required), companies must also focus on ways of preventing apprentices from wanting to exit—like mentoring and demonstrating a clear career path.
The best retention strategies, according to Amy Kardel, senior VP of strategic workforce relationships at the trade association CompTIA, demonstrate professional possibilities for an apprentice. “There should be no dead ends,” she said.
Steering the apprenticeship. Modern apprentices often train on-the-job while earning wages and taking courses.
Nicole Turner, SVP of technology hubs at Mastercard, began her career as an apprentice at the New York City Department of Education. “Having that exposure, having that network, having that advice and counsel that I [got] from the executives helped to shape me at a very young age,” said Turner, who has worked at Mastercard since 2005.
Mastercard also has a structured apprenticeship program. The company recently partnered with New York’s LaGuardia Community College to offer early-career opportunities for students with cybersecurity training.
Barrier to exit. Not everyone has the financial and social capital to take the traditional pathway of a four-year degree into a job, said Lisa Lewin, CEO at General Assembly (GA), which enrolls individuals in a 10-to-13-week coding “bootcamp” geared toward an employer’s specific needs.
“Apprenticeships really open the aperture of people from all walks of life: women, people of color, returning parents, veterans, all kinds of folks who don’t always have great access to these career pathways,” Lewin told IT Brew.
Read more here.—BH
Do you work in IT or have information about your IT department you want to share? Email [email protected].
|
|
Let’s be real: Demonstrating security and compliance can be time-consuming, tedious, and straight-up expensive. But proving trust is essential to closing customers and deepening relationships.
Fortunately, Vanta’s here to help. Their trust management platform automates up to 90% of the work for the most sought-after compliance standards (including SOC 2, ISO 27001, and GDPR), saving you significant time and money.
Even better: They’re hosting an upcoming live product demo webinar on Tuesday, March 14, where in-house experts will walk you through:
- why more and more companies are asked to regularly demonstrate how they safeguard customer data
- how Vanta can save you over 400 hours in the compliance process and help you prove trust at lower costs
- how to reduce risk for your business in or outside of an audit period without slowing down your team
Start making compliance work for you.
|
|
MULTIFACTOR AUTHENTICATION
|
Francis Scialabba
Twitter owner Elon Musk announced the site would no longer allow users to use the platform’s SMS 2FA to secure their accounts, unless they purchased a Twitter Blue subscription by March 20—effectively paywalling a basic security feature.
Musk blamed the change on fraud, saying telecoms around the world collectively defraud Twitter $60 million a year with spam SMS requests. The reaction wasn’t pretty—as BuzzFeed reported, most users who weighed in on the matter on Twitter were frustrated by the change. Twitter has struggled since Musk took over the site in 2022, and the removal of SMS 2FA struck some as a “desperate” move to raise revenue by making free users’ experience worse.
Subscription-free Twitter users, however, will still be able to use third-party authenticator apps or physical security keys as 2FA methods to secure their accounts. While any type of 2FA is preferable to using a password alone, other methods are considered more secure than SMS, which is vulnerable to SIM-swapping and eavesdropping. Experts who spoke with IT Brew disagreed on whether the move would prove harmful, though all took Musk at his word that the primary motivation for the switch was financial.
Vittorio Bertocci, chief architect at Okta, told IT Brew that the infrastructure necessary to run SMS 2FA can be complicated, as it’s a “multi-party affair” involving the customer, the identity management provider, and SMS/mobile operators across the planet. Billing is particularly thorny, he said, as factors like the cost of each text or who is responsible for preventing fraud depend on contractual specifics and the location of each party.
Keep reading here.—TM
Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.
|
|
Defend against devious domains. Shady entities are always lurkin’, but have no fear: CIS’s Malicious Domain Blocking and Reporting Plus (MDBR+) never sleeps. Using custom allow/deny lists, off-network protection, and a cloud-based management portal, CIS’s modern web protection advances your cybersecurity—pronto. Take that, hackers. Try it out.
|
|
Gorodenkoff/Getty Images
The Department of Defense is investigating after a security researcher revealed that a US Special Operations Command (USSOCOM) server was left open to the internet for at least two weeks in February.
During that time, anyone with the server’s URL could access three terabytes of internal communications, according to TechCrunch. The leak was discovered by Anurag Sen, a security researcher known for discovering vulnerabilities and revealing them to affected companies and organizations.
Sen told CNN that anyone with the IP address of the server could have accessed the troves of data. It’s unclear if anyone other than Sen did, however.
It isn’t the first time Sen has discovered a leak: Last November, he alerted Amazon that data from the company’s Prime Video platform was leaking online. He told IT Brew at the time that the privacy measures in place were “not up to security standards.”
As TechCrunch reported, the data contained in the DOD leak includes years of internal emails and, notably, a completed SF86 security clearance questionnaire containing personal health information.
Despite the severity of the leak, TechCrunch noted that the accessible information did not appear to be classified. The military secured the server after TechCrunch alerted them to the breach, following intel from Sen.
In an email to reporters from TechCrunch and CNN, USSOCOM spokesperson Ken McGraw appeared to downplay the danger of the leak, and emphasized that the breach was an isolated incident.
“The only information we can confirm at this point is no one hacked US Special Operations Command’s information systems,” McGraw said.—EH
Do you work in IT or have information about your IT department you want to share? Email [email protected].
|
|
Francis Scialabba
Today’s top IT reads.
Stat: 100 million daily active users. That’s the (low) threshold Bing has crossed since rolling out new AI features. (Engadget)
Quote: “Everybody is agitated…There’s a lot of value to be won or lost.”—Erik Brynjolfsson, economist at the Stanford Institute for Human-Centered Artificial Intelligence, on Silicon Valley’s reaction to generative AI (the New York Times)
Read: Gigi Sohn, the Biden administration’s nominee for an open FCC slot, is withdrawing her nomination. (Ars Technica)
Inquiring minds: Want to know more about the worlds of science, history, travel, and tech? Check out Curiosity Stream and browse the deepest collection of the best documentaries ever. Start watching with 25% off.*
*This is sponsored advertising content.
|
|
-
Twitter is banning accounts responsible for abusing DMCA takedowns.
-
Even DuckDuckGo is getting in on the AI game.
-
Google Groups, which is still popular with some formal methods communities, has been left to die.
-
VMware is using containerization to improve virtual desktops and apps.
|
|
Check out the IT Brew stories you may have missed.
|
|
|