Blue MountainData SystemsTech Update

SummaryJuly 2017

For CTOs, CIOs & CISOs

Visit Blue Mountain Data Systems https://www.bluemt.com

For CTOs, CIOs & CISOs

Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue

Mountain Data Systems Blog. We hope you will visit our blog for the latest information.

You can also receive these updates via email. Click here to subscribe.

Here’s the summary of the Daily Tech Updates for July 2017. Hope the information and ideas prove

useful.

Best,

Paul Vesely

President and Principal Architect

Blue Mountain Data Systems Inc.

Network Security

Network Security

PRODUCTS: The 10 Coolest Network Security Products Of 2017 (So Far). Security vendors are continuing to step up their game when it comes to network security technologies as customers face an ever-rising tide of threats. The year so far has seen vendors launching new capabilities to help customers respond to the more advanced threats facing their businesses, as well as expand beyond traditional perimeter technologies. Those advancements have included capabilities around artificial intelligence, the Internet of Things, advanced threat protection, cloud security and more. While 2017 is far from over, here are 10 security offerings that have stood out so far in network security. Read more[CRN.COM]

Network Security

TUTORIAL: Passive Python Network Mapping. Do you know what’s running on your networks that you don’t know about? In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing devices against network security threats. Read the rest[SEARCHSECURITY.TECHTARGET.COM]

MAC MALWARE: Creepy FruitFly Mac Malware Spies on Its Victims. Mac users beware: Law enforcement agents are investigating malware that’s been affecting Mac computers. The malicious code appears to be purely for targeted surveillance, according to Forbes. The malware, called FruitFly, allows hackers to jump into webcams of affected computers and take screenshots. The malware also has the capability to take over the entire computer, according to CBS Sacramento. Find out more[TOPTECHNEWS.COM]

Network Security

IoT: New RiskSense Service Detects IoT and OT Network Security Threats/Vulnerabilities. RiskSense, Inc., the pioneer and market leader in pro-active cyber risk management, today announced it has expanded its RiskSenseAttack Surface Validation capabilities beyond networks, Web applications, and databases to Internet of Things (IoT) devices and Operational Technology (OT) networks to provide a holistic view of an organization’s cyber risk exposure. Read more[DARKREADING.COM]

Encryption

Encyption

FEDERAL GOVERNMENT: Suing to See the Feds’ Encrypted Messages? Good Luck. The conservative group Judicial Watch is suing the Environmental Protection Agency under the Freedom of Information Act, seeking to compel the EPA to hand over any employee communications sent via Signal, the encrypted messaging and calling app. In its public statement about the lawsuit, Judicial Watch points to reports that EPA staffers have used Signal to communicate secretly, in the face of an adversarial Trump administration. But encryption and forensics experts say Judicial Watch may have picked a tough fight. Delete Signal’s texts, or the app itself, and virtually no trace of the conversation remains. “The messages are pretty much gone,” says Johns Hopkins crypotgrapher Matthew Green, who has closely followed the development of secure messaging tools. “You can’t prove something was there when there’s nothing there.” Find out more[WIRED.COM]

Encyption

WHY: We Need to Encrypt Everything. Many major websites already encrypt by default. Here’s why encryption and multifactor authentication should be everywhere. Find out more[INFOWORLD.COM]

NEWS: Make Encryption Ubiquitous, Says Internet Society. The Internet Society has urged the G20 not to undermine the positive role of encryption in the name of security, claiming it should provide the foundation of all online transactions. Find out more[INFOSECURITY-MAGAZINE.COM]

Encyption

FBI: $61M to Fight Cybercrime, Encryption in Trump Budget Proposal. President Donald Trump’s budget blueprint for the federal government proposes a $61 million increase for the FBI and Justice Department in fiscal 2018 to better track terrorist communications and combat cybercriminals. Find out more[FEDSCOOP.COM]

Encyption

ENCRYPTION: Usage Grows Again, but Only at Snail’s Pace. Deployment pains and problems with finding data in the corporate maze are being blamed for business’ lack of interest in crypto. Read more[ZDNET.COM]

ATTACKS/BREACHES: The Long Slog To Getting Encryption Right. Encryption practices have improved dramatically over the last 10 years, but most organizations still don’t have enterprise-wide crypto strategies. Read the rest[DARKREADING.COM]

Encyption

ENTERPRISE: Keeping the Enterprise Secure in the Age of Mass Encryption. How can businesses ensure enterprise security in a world with mass encryption, given Mozilla’s revelations recently that over half of webpages loaded by Firefox use HTTPS. Find out[INFORMATION-AGE.COM]

READ: Encryption Won’t Stop Your Internet Provider From Spying on You. Data patterns alone can be enough to give away what video you’re watching on YouTube. A 2016 Upturn report sets out some of the sneaky ways that user activity can be decoded based only on the unencrypted metadata that accompanies encrypted web traffic—also known as “side channel” information. Read more[THE ATLANTIC.COM]

Databases

Databases

SECURITY: End-to-End Encryption is Key to Securing Government Databases. If the Internal Revenue Service’s Data Retrieval Tool had used end-to-end encryption from the start, the federal government may have been able to avoid a privacy breach that ultimately occurred over the past year. Read more[NEXTGOV.COM]

STATES: State Election Officials Fear Feds Are Making Security Worse. Secretaries of state are concerned about not just the federal government’s request for voter information but also the information they’re not getting about election security breaches. Read more[GOVTECH.COM]

Databases

MICROSOFT: SQL Server Diagnostics Extension for SQL Server Management Server. Microsoft has been on a rapid clip of releasing new SQL Server focused products and plugins as they also continue to move strongly forward with their scale-out to Linux and continued leadership in cloud data with Azure SQL Database and Azure SQL Warehouse. The newest release is the SQL Server Diagnostics extension within SQL Server Management Studio. Find out more[SQLMAG.COM]

OPEN SOURCE: MySQL Tops Database Rankings. MySQL remains the world’s most popular open source database while MySQL skills are by far the most in-demand among recruiters, according to the latest rankings of popular databases. Read more[DATANAMI.COM]

More About Blue Mountain

BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.

Federal Tech

Federal Tech

TECH: A Tool That Can Keep Federal Data Centers Safe Amid Cloud Chaos. It is known that the federal government has a love/hate relationship with data centers. First embraced as an efficient way to handle advanced government networks, they eventually grew out of control, leading to wasted resources, overlapping capacities and a loss of visibility as to what government was paying for in their data centers. The Federal Data Center Consolidation Initiative was created in 2010 to try and reverse the historic growth of federal data centers, with the Data Center Optimization Initiative more recently replacing it, but with similar goals. Read more[NEXTGOV.COM]

Federal Tech

TECH: Federal CIOs Weigh in on Why Tech Talent Should Go Government. Government has struggled to recruit talent lured away from D.C. by high Silicon Valley salaries and the promise of bureaucracy-free “disruption.” But it is a situation that every federal CIO faces. In her recent congressional hearing, for example, Small Business Administration CIO Maria Roat told the House Small Business Committee that one way she’s seeking to strengthen her office is by attracting and retaining more IT talent. Read the rest[FEDSCOOP.COM]

Federal Tech

QUESTION: Should Other CIOs Be Concerned About What Happened to Treasury’s Bhagowalia? Sonny Bhagowalia, the Treasury Department’s chief information officer since October 2014, has been moved out of his position and put on detail to the Bureau of Fiscal Service. Find out more[FEDERALNEWSRADIO.COM]

BLOG: A Golden Age in Federal Technology Procurement. The National Institute of Standards and Technology’s (NIST) benchmark for encryption modules has seen recent innovation, opening the playing field for competition. Read more[AFCEA.ORG]

State Tech

State Tech

SURVEY: Cybersecurity Concerns May Keep One in Four Americans from Voting. Cybersecurity concerns may prevent one in four Americans from heading to the polls in November, according to a new survey by cybersecurity firm Carbon Black. The company recently conducted a nationwide survey of 5,000 eligible US voters to determine whether reports of cyberattacks targeting election-related systems are impacting their trust in the US electoral process. The results revealed that nearly half of voters believe the upcoming elections will be influenced by cyberattacks. Consequently, more than a quarter said they will consider not voting in future elections. Read more[HSTODAY.US.COM]

State Tech

ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is centralizing IT operations under Alaska’s newly created Office of Information Technology. But consolidating IT in a sprawling state like Alaska offers challenges not found in other environments, says the state’s new CIO Bill Vajda. Read the rest[GCN.COM]

ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter State IT. Jim Purcell wasn’t expecting a call from Alabama’s new governor, Kay Ivey, and he certainly wasn’t expecting her to ask him to head up the Office of Information Technology (OIT) – but that’s exactly what happened last week. Find out more[GOVTECH.COM]

State Tech

ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of Illinois, sought to become the nation’s first Smart State – a process that required reorganizing its 38 IT departments into one, improving government services, and finding new sources of innovation to apply to its revenue model. Within 18 months, Illinois rose in national rankings from the bottom fourth of state governments to the top third. Read more[ENTERPRISERSPROJECT.COM]

Electronic Document Management

Electronic Document Management

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest[FEDTECHMAGAZINE.COM]

Electronic Document Management

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more[PCMAG.COM]

Security Patches

Security Patches

GOOGLE: Patches Critical ‘Broadpwn’ Bug in July Security Update. Google released a security patch that addresses a critical vulnerability dubbed “Broadpwn” found in millions of Android devices that could allow remote attackers to execute code on targeted devices. Read more[THREATPOST.COM]

WINDOWS XP: Microsoft Releases New Windows XP Security Patches, Warns of State-Sponsored Cyberattacks. Microsoft issued a “highly unusual” patch for Windows XP last month to help prevent the spread of the massive WannaCrymalware. At least 75,000 computers in 99 countries were affected by the malware which encrypts a computer and demands a $300 ransom before unlocking it. Microsoft stopped supporting Windows XP in April 2014, but the software giant is now taking the unprecedented move of including it in the company’s Patch Tuesday round of security updates. Read more[THEVERGE.COM]

Security Patches

MICROSOFT OFFICE: Microsoft Releases 15 Office Patches for July, but Some June Bugs Still Stink. Microsoft has shipped a fix for the bugs introduced by last month’s patches to Outlook 2010. Dubbed KB 4011042, the fix appears to be a non-security patch that fixes bugs created by a security patch—a red flag for many advanced patchers. Microsoft released a “fix” that was supposed to take care of this group of bugs on June 27, 2017—KB 3015545—but quickly pulled the patch when it started crashing 32-bit versions of Outlook 2010. Thus, this week’s non-security update KB 4011042 is a fix for a bug in a bug fix for a botched security patch. Find out more[COMPUTERWORLD.COM]

Security Patches

LINUX: Don’t Panic, but Linux’s Systemd Can Be Pwned Via an Evil DNS Query. Systemd, the Linux world’s favorite init monolith, can be potentially crashed or hijacked by malicious DNS servers. Patches are available to address the security flaw, and should be installed ASAP if you’re affected. Read more[THEREGISTER.CO.UK]

CIO, CTO & CISO

For the CIO, CTO & CISO

CIO: Is a Cabinet-Level CIO the Future of Government I.T.? The push to purge out-of-date, unsecure IT systems from the federal government has a least one White House adviser wondering whether services should be consolidated into a single agency. Read more[NEXTGOV.COM]

CTO: HHS Taps Former Louisiana Health Official for CTO Post. Bruce Greenstein, a private-sector executive with public-sector experience at the state and federal levels, is the new chief technology officer at the Department of Health and Human Services. Read more[FCW.COM]

CIO, CTO & CISO

CISO: CISOs Believe CEOs are Breaking Security Rules. A report from the security vendor Symantec has found three-quarters of CISOs believe their CEO has broken internal security protocols. Find out more[ZDNET.COM]

STATES: Virginia’s Cybersecurity Training Program for Veterans Begins Producing. The first graduates of a program designed to ameliorate the state’s cybersecurity talent shortage are now testing for credentials that could place them in the workforce. Read more[STATESCOOP.COM]

Penetration Testing

Penetration Testing

GSA: Wants Info on Crowdsourced Security & Penetration Testing Sources. The General Services Administration‘s Technology Transformation Service has kicked off a search for potential industry sources of crowd-sourced security and penetration testing services. Read more[BLOG.EXECUTIVEBIZ.COM]

TECH: 18F is Looking for Crowdsourced Penetration Testing Systems to Hit login.gov. The General Services Administration’s 18F digital team is making strides in developing the open-source login.gov, a single sign-on for government services, and is now looking to do some penetration testing. Read the rest[FEDSCOOP.COM]

Penetration Testing

ETHICAL HACKING: At WPI, a Search for Computer Vulnerabilities. Unlike cybercriminals, ethical hackers intentionally break into companies’ computer networks and report the vulnerabilities they discover. Businesses can then make changes to prevent future security liabilities. As more information becomes digital, hacking becomes a greater threat. In 2016, more than 188,000 residents in Massachusetts were affected by a digital security breach, according to the Massachusetts Office of Consumer Affairs and Business Regulations. To reduce the likelihood of a data breach, companies increasingly rely on cyber security defenses, creating an increased demand for ethical hackers. Find out more[TELEGRAM.COM]

Penetration Testing

FYI: Why Offering Bug Bounties Will Be Widespread, Even in Government. Coordinated vulnerability disclosure programs, often called “bug bounty” programs, will become much more widely adopted over the next few years. Here’s an exclusive interview with Marten Mickos, a leading cyber industry expert, to explain why bug bounties are growing fast – and how your organization can benefit. Read more[GOVTECH.COM]

Open Source

Open Source

CLOUD: How Google Turned Open Source Into A Key Differentiator For Its Cloud Platform. Open source software has come of its age. Today it’s impossible to think of a platform company that doesn’t have an open source strategy. Even Microsoft – a company that once compared open source to cancer – has embraced it fully. Of course, we have companies like CloudBees, Red Hat and Docker that built highly successful business models with OSS. But when it comes to cloud platform vendors, the story is slightly different. Read more[FORBES.COM]

Open Source

BREVENT: Open Source Alternative to Greenify, Works Without Root. A popular application called Greenify works by letting the user “hibernate” an application when it’s not in use. If you haven’t had a good experience with Greenify in the past, or maybe you’re just looking for an alternative, consider an open source application called Brevent. Read more[XDA-DEVELOPERS.COM]

GSA: What’s Coming in Data.gov’s Next Revamp. The code behind Data.gov is due for modernization. Currently the site runs on an open source platform called CKAN, but on a version that has been superseded. Developers have had to customize the code to keep using the older version, but developers are looking to more fully embrace an open source solution without relying on custom code. Find out more[FCW.COM]

Open Source

FIVE LESSONS: How to Be Smart About Open Source. Open source is everywhere in government, but many agencies still struggle with the specifics of choosing, contracting for and contributing to open-source software projects. Here are five fundamental lessons from open-source advocates in government and industry. Read more[GCN.COM]

Business Intelligence

Business Intelligence

DISCOVER: 7 Forces Driving Modern Business Intelligence Growth. The number of organizations embracing business intelligence platforms continues to grow, but more focus is being placed on business-led, agile analytics and self-service features rather than IT-led system-of-record reporting. That is the finding of a recent study by Gartner, which looked at market trends in business intelligence and analytics overall, and differences between traditional BI investments and modern BI. Find out more[INFORMATION-MANAGEMENT.COM]

GOOGLE: The AI Talent Race Leads Straight to Canada. America’s biggest tech companies are remaking the internet through artificial intelligence. And more than ever, these companies are looking north to Canada for the ideas that will advance AI itself. Find out more[WIRED.COM]

Business Intelligence

READ: The Unmistakable Conviction of Visual Business Intelligence. Visual business intelligence represents the summation of BI’s time-honored journey from the backrooms of IT departments to the front offices of business analysts and C level executives alike. It seamlessly merges the self-service movement’s empowerment of the business via user-friendly technology with the striking data visualizations servicing everything from data preparation to analytics results. Find out more[KMWORLD.COM]

NGA: Looks to “Reinvent security’ with Fast-Churn Cloud Architecture. To better protect the nation’s intelligence networks, the National Geospatial-Intelligence Agency is moving most of its IT operations to the cloud and looking to “reinvent security” in the process. Jason Hess, the NGA’s chief of cloud security, wants to take advantage of cloud’s flexibility to tear down the agency’s IT architecture and rebuild it every day so that would-be attackers will confront a confusing operating environment and enjoy limited time-on-target. Find out more

[GCN.COM]

Operating Systems

Operating Systems

WINDOWS 10: Is Windows 10 an Operating System or an Advertising Platform? Windows 10 has certainly gotten its share of lumps since it was released. Some users really liked it, while other detested the changes made by Microsoft. Windows 10 has proven to be a great example of beauty being in the eye of the beholder. One writer at BetaNews recently wondered if Windows 10 was an operating system or an advertising platform. Find out more[INFOWORLD.COM]

Operating Systems

MOBILE: Android is Set to Overtake Windows as Most Used Operating System. After more than eight years in the hands of consumers, Android is poised to overtake Windows as the most used operating system in the world. This measurement comes by way of web analytics firm StatCounter, which follows trends in worldwide web traffic. Microsoft Windows holds the slimmest of margins over Android, and they could trade positions very soon if current trends continue. Find out more[EXTREMETECH.COM]

Operating Systems

PERSONAL TECH: Just What Was in That iOS System Update? When you get the notice of a software update for iOS, there’s usually a link to read about the security content of the update. But where does Apple officially tell you about all other things that change in these upgrades? Find out more[NYTIMES.COM]

LEARN: The Best Alternatives Operating Systems. For most people, the only operating systems they know of are Windows, macOS, Android and iOS. However, there are other operating systems you can consider. Here’s a list of six alternative operating systems for your review. Find out more[HACKREAD.COM]

Incident Response

Incident Response

BREACH RESPONSE: Incident Response Reconsidered. Many security leaders argue over whether their incident response posture needs to be proactive or reactive. But Rsam CISO Bryan Timmerman says it isn’t either or – that organizations need both. Here’s why. Read more[GOVINFOSECURITY.COM]

HHS: Officials Say WannaCry Cybersecurity Response Shows Value of HCCIC. Senators questioned whether the Department of Health and Human Services’ cyber command center is duplicating DHS efforts. Read more[FEDTECHMAGAZINE.COM]

Incident Response

GAO: More Needs to Be Done to Address IoT Security Vulnerabilities, GAO Says. The Internet of Things presents great opportunities for the private sector and federal agencies, but a lack of consensus on security protocols invites threats. Find out more[FEDTECHMAGAZINE.COM]

CYBERSECURITY: If You’re Going to Set a Cyber Trap, Don’t Do This. If you go to a conference, be wary of charging stations for mobile devices. If you’re an agency setting up a cyber sting, be sure to follow the rules. Read more[NEXTGOV.COM]

Cybersecurity

Cybersecurity

CITIES: As Cities Get Smarter, Hackers Become More Dangerous. This Could Stop Them. As governments create smarter cities, they need cybersecurity measures built from the ground up – or they risk costly data breaches which could compromise the privacy of their citizens. Find out more[CNBC.COM]

FEDERAL GOVERNMENT: Looking to the Feds for Help in Fighting Cybercriminals. Cybercriminals are unrelenting in their attacks on state and local government computer networks, which contain detailed personal and business information —such as birth certificates, driver’s licenses, Social Security numbers and even bank account or credit card numbers — on millions of people and companies. Now, state and local officials are hoping Congress will give them some help in fending off the constant threat. Find out more[GCN.COM]

Cybersecurity

INSURANCE: How AIG’s Cyber Security Gamble Could Pay Off. American International Group (AIG) has recently begun offering personal cyber security insurance plans to individuals. The company appears to be riding a wave of individuals’ fears about losing online data or having their bank accounts emptied, and should find success with wealthier customers who have a lot to lose. But it remains to be seen whether ordinary consumers will come to regard cyber security insurance as a necessary expense. Find out more[FORTUNE.COM]

Cybersecurity

NIST: Must Audit Federal Cybersecurity Because DHS Isn’t, Hill Staffer Says. A senior House science committee staffer Friday defended controversial legislation expanding the authorities of the government’s cybersecurity standards agency, saying it’s necessary because other agencies aren’t stepping up to the job. The bill, which passed the committee nearly entirely with Republican support earlier this month, would direct the National Institute of Standards and Technology to audit agencies’ cyber protections within two years, giving priority to the most at-risk agencies. Find out more[NEXTGOV.COM]

Cybersecurity

STATES: Rhode Island Names First State Cybersecurity Officer. Mike Steinmetz brings a wealth of public- and private-sector experience to the Ocean State, where he will serve as the first cybersecurity officer. Read more[GOVTECH.COM]

MANAGEMENT: NASCIO Midyear 2017 – Cybersecurity, Agile Take Center Stage. Mitigating hacking attacks, implementing more nimble procurement methods and more will be explored at this year’s National Association of State Chief Information Officer’s Midyear Conference. Read the rest[STATETECHMAGAZINE.COM]

Cybersecurity

WHY: You Must Build Cybersecurity Into Your Applications. One of the largest changes underway in the way we create software is that cybersecurity is no longer an afterthought, but instead is being built into every application. The challenge many companies face is how to keep up and make sure the software they create is just as safe as the products they buy. Find out[FORBES.COM]

NETWORKS: Trump’s Cybersecurity Mystery: 90 Days In, Where’s the Plan? An executive order was shelved without explanation, and a promised cybersecurity report hasn’t materialized. Read more[NETWORKWORLD.COM]

Cybersecurity

SECURITY: Greg Touhill’s Cyber Advice – Think Like a Hacker. DHS aims to get ahead of cybersecurity adversaries via automation tools, but the former U.S. CISO recommends a change of mindset as well. Read more[FEDTECHMAGAZINE.COM]

OPINION: Here’s Why Agencies Shouldn’t Give Up on Firewalls. There has been a lot of talk lately about the death of the security perimeter for computer networks, which is an especially sensitive topic for the federal government that helped to create the concept. Everyone seems to think it’s now impossible within cybersecurity to draw a line and keep bad guys on one side and authorized users on the other. Read the rest[NEXTGOV.COM]

Cybersecurity

ENTERPRISE: Keeping the Enterprise Secure in the Age of Mass Encryption. How can businesses ensure enterprise security in a world with mass encryption, given Mozilla’s revelations recently that over half of webpages loaded by Firefox use HTTPS. Find out[INFORMATION-AGE.COM]

COMMENT: Securing the Government Cloud. What many government network defenders have forgotten is that security in a cloud environment is a shared responsibility. The cloud provider secures the internet and physical infrastructure, but the cloud customer is responsible for protecting its own data. FedRAMP and third-party certifications assure that the cloud provider is doing its part. But it is ultimately up to customers to ensure they’re taking steps to prevent, detect and respond to cyber adversaries during the attack lifecycle. Read more[FCW.COM]

Project Management

Project Management

GUIDE: Scrum Agile Project Management: The Smart Person’s Guide. Here’s a go-to guide on scrum, a popular agile project management framework. You’ll learn scrum terminology, how to use the methodology in software and product development projects, and more. Find out more[TECHREPUBLIC.COM]

TOOLS: 7 Project Management Tools Any Business Can Afford. There’s no shortage of project management solutions for mid-size and large businesses. Startups, though, have limited budgets and simply can’t afford high-priced project management software. Here are seven affordable options. Find out more[CIO.COM]

Project Management

RISK: Open Source Project Management Can Be Risky Business. Learn how open source code is a huge factor in mitigating risk. Find out more[OPENSOURCE.COM]

FEDERAL GOVERNMENT: Get on the Same Platform, CIO Council Urges. Taking a government-as-a-platform approach to IT service delivery by leveraging cloud-supported solutions can help modernize and digitize federal agencies, according to a new report from the CIO Council. Find out more[GCN.COM]

Project Management

FITNESS TRACKING: Weight Loss On Your Wrist? Fitness Trackers May Not Help. Fitness trackers remain wildly popular, but do they make us fit? Maybe not, according to a study that asked overweight or obese young adults to use the tiny tracking tools to lose weight. Read the rest[NPR.ORG]

Application Development

Application Development

INDUSTRY INSIGHT: 4 Steps to Agile Success. There’s a noticeable shift toward agile development taking place within the federal government. Driven by a need for accelerated application development and meeting internal customers’ needs on the very first attempt, agencies like the General Services Administration and Department of Homeland Security have begun to move away from traditional waterfall project management frameworks and toward iterative, agile frameworks like scrum. Read more[GCN.COM]

Application Development

IT MODERNIZATION: 3 Strategies for Building Successful Agile Teams. Is the federal government truly ready to embrace agile software development? Successful agile environments do not start with technology; they start with creating the right team. This can be harder than it may first appear, because agile challenges preconceived norms of how federal IT teams should be structured and the way they approach projects. Agile teams are typically a combination of individual contributors (particularly those from development and quality assurance backgrounds) who rarely work together but must now collaborate to achieve common goals. Read the rest[NEXTGOV.COM]

ENTERPRISE: Air Force Intelligence Unit Goes Agile. The US Air Force is determined to get more agile to produce applications that can be useful in times of conflict. Find out more[INFORMATIONWEEK.COM]

Application Development

PEOPLE & CAREERS: Sloughing Off the Government Stereotypes. What are CIOs doing to lure millennials into government IT? Government CIOs across the board are being forced to confront the retirement wave that’s about to decimate their ranks. But does the next generation of IT pros want the jobs their parents and grandparents are leaving behind? Read more[GOVTECH.COM]

Big Data

Big Data

TRENDS: 5 Trends Driving Big Data in 2017. The ways companies are using data is changing, marking the advancement of tools and the investment from executive leadership of forecasting more parts of the business. To touch on the changing Big Data market, here are five major trends: Read more[CIODIVE.COM]

INVESTING: Warren Buffett’s Disarmingly Simple Investment Strategy, Explained by Big Data. In a fascinating new book, a former Google data scientist offers a whole chapter about his brief misadventures in trying to apply big data – what we know from massive amounts of Internet searches – to investing. There is also an interesting analysis as to why Warren Buffett seems to always win big at investing. Essentially, the data say, it’s because he’s a positive guy. Read the rest[MARKETWATCH.COM]

Big Data

TECH: Big Oil Turns to Big Data to Save Big Money on Drilling. In today’s U.S. shale fields, tiny sensors attached to production gear harvest data on everything from pumping pressure to the heat and rotational speed of drill bits boring into the rocky earth. The sensors are leading Big Oil’s mining of so-called big data, with some firms envisioning billions of dollars in savings over time by avoiding outages, managing supplies and identifying safety hazards. Find out more[REUTERS.COM]

Big Data

LEARN: 3 Massive Big Data Problems Everyone Should Know About. Today, Big Data gives us unprecedented insights and opportunities across all industries from healthcare to financial to manufacturing and more. But, it also raises concerns and questions that must be addressed. The relentless changes to technology and Big Data are keeping everyone on their toes, and the reality is that organizations and tech departments, government agencies, consumer protection groups and consumers are struggling to keep up. For me, there are 3 Big Data concerns that should keep people up at night: Data Privacy, Data Security and Data Discrimination. Read more[FORBES.COM]

508 Compliance

508 Compliance

STATE & LOCAL GOVERNMENT: Prepare Now for Upcoming Website Accessibility Mandates. Is your local government website designed and organized in a way that makes finding information easy or even possible for citizens with visual, auditory, cognitive or other disabilities? Federal mandates calling to remove barriers that prevent interaction with or access to websites by people with disabilities are a growing concern for government agencies. New rules on Americans with Disabilities Act website compliance will be issued in 2018, and existing guidelines — such as ADA, Web Content Accessibility Guidelines (WCAG) 2.0 and Section 508 —increasingly are being enforced. Read more[GCN.COM]

508 Compliance

EGOV & DIGITAL STANDARDS: Website Accessibility – Why There’s Still Work to be Done on Government Portals. While there are many tools for disabled individuals to utilize computers and mobile devices (e.g., screen readers for the blind), there are still major challenges that stem from how content is provided. So what issues do individuals with disabilities face when accessing websites? According to SachinPavithran, chair of the U.S. Access Board and director of the Utah Assistive Technology Program, much of it comes down to how information is presented. “The bigger problems are that a lot of these websites have a lot of information,” he said. “Even though you can access it, the way the information is laid out could create a barrier because it’s hard to navigate due to the structure. That’s one of the biggest barriers right now: how information is laid out.” Read the rest[GOVTECH.COM]

508 Compliance

FED TECH: 7 Steps to Ensure Your Site Meets Citizen Expectations. Citizens today expect their digital interactions with government to be as straightforward and compelling as those on commercial applications and devices. To meet these new citizen expectations, government agencies need to look at their digital properties and ask themselves some tough questions. Here is a short checklist to ensure your agency is delivering an optimal digital experience for a public audience. Find out more[NEXTGOV.COM]

508 Compliance

ACCESSIBLE ANALYTICS: What Companies Lose by Ignoring Digital Accessibility. Without a digitally accessible business, you will lose out on customer opportunities. You also risk fines, legal fees, and brand damage due to noncompliance with accessibility laws, such as Section 508 of the US Rehabilitation Act, which requires that technology used by federal agencies be accessible, and the 21st Century Communications and Video Accessibility Act, which mandates that accessibility laws enacted in the 1980s and 1990s adapt to new digital, broadband, and mobile capabilities. Meeting the needs of all abilities has become a must-have instead of a nice-to-have. Read more[DATA-INFORMED.COM]

Mobile Applications

Mobile

JOBS: How RMAD Tools Affect IT and Mobile Developer Jobs. Professionals who use rapid mobile app development tools don’t need to know how to code, but these products don’t take job opportunities away from mobile app developers. Read more[SEARCHMOBILECOMPUTING.TECHTARGET.COM]

ENTERPRISE: A New Generation of Enterprise Mobile App Development –Welcome to RMAD 3.0. With the mass-market availability of these more ‘comprehensive’ RMAD 3.0 solutions, enterprises are beginning to adopt technology that for many years they were skeptical of or adverse to. For those that haven’t embraced RMAD 3.0 yet, a recent study found that more than a third of companies are considering doing so. With momentum at its back, RMAD 3.0 seems poised to become the enterprise mobile app development solution that even the most skeptical organisations can trust. Here’s what you need to know. Read the rest[APPSTECHNEWS.COM]

Mobile

MOBILE WEB: FCC, FEMA and SSA Retool Their Digital Services To Meet Rising Expectations. How is federal IT changing to appease citizens who demand more responsive and consumer-grade tech services? Find out more[FEDTECHMAGAZINE.COM]

MOBILE SECURITY: How to Secure Your Agency’s Increasingly Mobile Workforce. Millennials expect increasingly remote working opportunities, but governments need to ensure that smart home tech isn’t making government networks vulnerable to attack. Read more[STATETECHMAGAZINE.COM]

Programming & Scripting Development Client & Server-Side

Programming & Scripting Development Client & Server-Side

JAVASCRIPT: 10 JavaScript Concepts Every Node.js Programmer Must Master. JavaScript can be a boon if used with care – or a bane if you are reckless. Following structured rules, design patterns, key concepts, and basic rules of thumb will help you choose the optimal approach to a problem. Which key concepts should Node.js programmers understand? Here are 10 JavaScript concepts that are most essential to writing efficient and scalable Node.js code. Read more[INFOWORLD.COM]

JAVA: 7 Reasons Java Is Not Heading to Retirement. Three billion devices currently run on Java, according to Oracle, the billion-dollar computer tech corporation that champions the platform. But even with its worldwide popularity, skeptics challenge the ability for Java to retain its predominance. However, arguments for modernization don’t always translate into “out with the old and in with the new.” Read the rest[FEDERALNEWSRADIO.COM]

Programming & Scripting Development Client & Server-Side

PYTHON: The Python Programming Language Grows in Popularity. Stack Overflow’s recently released Trends solution shows Python has grown 14.3% from 2015 and 2016. According to the Python Software Foundation (PSF), “Python is being used in a variety of ways. Many computer programming languages have a niche area that they serve. For example, Bash scripts focus on operating system tasks, while Ruby focuses more on web development. It seems like Python is used in every domain – system operations, web development, deployment, scientific modeling, etc etc. There is no other language that is so versatile.” Find out more[SDTIMES.COM]

SWIFT: Apple Launches a Curriculum for Schools Teaching Swift. Apple has launched a curriculum for schools teaching app development using the company’s beloved Swift programming language. Now available on the iBooks store, the ‘App Development with Swift’ curriculum is a full-year course designed by Apple’s engineers and educators which aims to help students get started with various elements of app design. Read more

[DEVELOPER-TECH.COM]

Programming & Scripting Development Client & Server-Side

JAVASCRIPT: Chrome Makes Surfing Faster with JavaScript Upgrades. Chrome version 59 has brought back its focus on improving the browsing experience through speed rather than the interface. On Android there are noticeable improvements to load times over its predecessor. The improvement is a result of the optimisation of the JavaScript engine that lets faster loading of pages alongside bringing down the consumption of memory. Google has been tweaking the metrics inside JavaScript for around two months to better the real-world quantification. Read more[DEVICEMAG.COM]

Programming & Scripting Development Client & Server-Side

JAVA: Java is Alive and Well in Federal IT. Mark Twain famously stated, “The report of my death was an exaggeration” — a quote that can also apply to the Java programming language. Java’s impending death has been discussed, blogged about and ruminated on for many of its two-plus decades of existence. Yet not only has it persevered, one could say it’s thriving. And that’s good news for federal agencies. Read the rest[GCN.COM]

PHP: Speeding up MySQL Data Imports. Advice on how to best load large amounts of external data into MySQL database(s) as efficiently as possible. Read more[DATABASEJOURNAL.COM]

Programming & Scripting Development Client & Server-Side

PYTHON: Creating Neural Networks in Python. Artificial neural networks are machine learning frameworks that simulate the biological functions of natural brains to solve complex problems like image and speech recognition with a computer. Packages for coding neural networks exist in most popular programming languages, including Matlab, Octave, C, C++, C#, Ruby, Perl, Java, Javascript, PHP and Python. Python is a high-level programming language designed for code readability and efficient syntax that allows expression of concepts in fewer lines of code than languages like C++ or Java. Two Python libraries that have particular relevance to creating neural networks are NumPy and Theano. Find out more[ELECTRONICS360.COM]

Cloud Computing

Cloud Computing

INDUSTRY PERSPECTIVES: When Clouds Break: the Hidden Dangers of Cloud Computing. Today’s companies are often faced with the complex decision of whether to use public cloud resources or build and deploy their own IT infrastructures. This decision is especially difficult in an age of mounting data requirements when so many people expect limitless access and ultra-flexibility. For these reasons, cloud computing has become an increasingly popular choice for many organizations –though not always the right choice. Read more[DATACENTERKNOWLEDGE.COM]

EXPLANATION: What Cloud Computing Really Means. Cloud computing has evolved beyond basic SaaS, IaaS, and PaaS offerings, as the cloud matures to become the engine of enterprise technology innovation. Read more[INFOWORLD.COM]

Cloud Computing

INVESTING: What Is the ISE Cloud Computing Index? Cloud computing has taken the technology sector by storm, making it possible for major enterprises to gain access to cutting-edge data analytics and storage capacity without building out a huge in-house technology infrastructure framework. Many of the companies that have helped their clients establish their presence in the cloud have performed quite well for investors, and the ongoing trend toward coming up with new technologies makes it likely that cloud computing companies will remain strong. The ISE Cloud Computing Index provides a handy benchmark for investors to use to track the budding industry, and you can even invest in an ETF that offers direct exposure to the index to let you take advantage of its future potential for growth. Find out more[FOOL.COM]

Cloud Computing

MANAGEMENT: Cloud Computing Consuming Greater Share of IT Budgets. Total spending on IT infrastructure products, including servers, enterprise storage systems, and Ethernet switches, for deployment in cloud environments will increase 12 percent year over year in 2017 to $40.1 billion, according to a report from International Data Corp. Public cloud data centers will account for the majority of this spending (61 percent) and will grow at the fastest rate year over year (14 percent). Off-premises private cloud environments will represent 15 percent of overall spending and will grow 12 percent year over year, IDC said. Read more[INFORMATION-MANAGEMENT.COM]

Announcement

Announcement

Blue Mountain Data Systems DOL Contract Extended Another Six MonthsThe Department of Labor has extended Blue Mountain Data Systems Inc. contract DOLOPS16C0017 for 6 months for network administration and application support.

U.S. Dept. of Labor, Employee Benefits Security Administration1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity

IT Security | Cybersecurity

PETYA: Cyber-attack was About Data and Not Money, Say Experts. The Petyamalware variant that hit businesses around the world may not have been an attempt to make money, suspect security experts. The malicious program demanded a payment to unlock files it scrambled on infected machines. However, a growing number of researchers now believe the program was launched just to destroy data.Experts point to “aggressive” features of the malware that make it impossible to retrieve key files. Read more[BBC.COM]

OPINION: Why Cybersecurity Should Be The Biggest Concern Of 2017. Professional hacker Cesar Cerrudo believes most technology is vulnerable and can be hacked. Some experts predict that by 2020 there will be 200 billion connected things. Cars, planes, homes, cities, and even animals are being connected. As technology becomes more and more deeply integrated into our lives, Cerrudo believes our dependence on technology makes us vulnerable if technology fails. Read more

[FORBES.COM]

IT Security | Cybersecurity

SECURITY THINK TANK: Patching is Vital and Essentially a Risk Management Exercise. How should organisations address the need to keep software up to date with security patches without it costing too much or being too labour intensive? Find out more[COMPUTERWEEKLY.COM]

MICROSOFT: Windows 10 Fall Creators Update – What’s Coming on the Security Front. Microsoft will be adding a number of new security features to Windows 10 Fall Creators Update, but for Enterprise and Windows Server users only. Read more[ZDNET.COM]

From the Blue Mountain Data Systems Blog

Personal Techhttps://www.bluemt.com/personal-tech-daily-tech-update-october-28-2016

IT Managementhttps://www.bluemt.com/it-management-daily-tech-update-october-27-2016

Business Intelligencehttps://www.bluemt.com/business-intelligence-daily-tech-update-october-26-2016

Incident Responsehttps://www.bluemt.com/incident-response-daily-tech-update-october-25-2016

From the Blue Mountain Data Systems Blog

Security Patcheshttps://www.bluemt.com/security-patches-daily-tech-update-october-24-2016/

BYODhttps://www.bluemt.com/byod-daily-tech-update-october-21-2016/

Databaseshttps://www.bluemt.com/databases-daily-tech-update-october-20-2016/

Operating Systemshttps://www.bluemt.com/operating-systems-daily-tech-update-october-19-2016/

From the Blue Mountain Data Systems Blog

Encryptionhttps://www.bluemt.com/encryption-daily-tech-update-october-18-2016/

Cloud Computinghttps://www.bluemt.com/cloud-computing-daily-tech-update-october-17-2016/

Programming & Scriptinghttps://www.bluemt.com/programming-scripting-daily-tech-update-october-14-2016/

Incident Responsehttps://www.bluemt.com/incident-response-daily-tech-update-october-13-2016/

From the Blue Mountain Data Systems Blog

Cybersecurityhttps://www.bluemt.com/cybersecurity-daily-tech-update-october-12-2016/

Big Datahttps://www.bluemt.com/big-data-daily-tech-update-october-11-2016/

Mobile Applicationshttps://www.bluemt.com/mobile-applications-daily-tech-update-october-7-2016/

Cloud Computinghttps://www.bluemt.com/cloud-computing-daily-tech-update-october-6-2016/

From the Blue Mountain Data Systems Blog

Open Sourcehttps://www.bluemt.com/open-source-daily-tech-update-october-5-2016/

CTO, CIO and CISOhttps://www.bluemt.com/cto-cio-ciso-daily-tech-update-october-4-2016/

Programming & Scriptinghttps://www.bluemt.com/programming-scripting-daily-tech-update-october-3-2016/

From the Blue Mountain Data Systems Blog

Feds Report Mixed Responses to Shared Serviceshttps://www.bluemt.com/feds-report-mixed-responses-to-shared-services

Federal Employees Are Not Security Expertshttps://www.bluemt.com/federal-employees-are-not-security-experts

Survival Guide for Network Administratorshttps://www.bluemt.com/survival-guide-for-network-administrators

DBaaS: OpenStack Trove Changes DB Managementhttps://www.bluemt.com/dbaas-openstack-trove-changes-db-management

From the Blue Mountain Data Systems Blog

Help Wanted: Certified Cybersecurity Professionalshttps://www.bluemt.com/help-wanted-certified-cybersecurity-professionals

Cyber Threat Intelligence Integration Center Previewhttps://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/

Cloud Moves in 1-2-3https://www.bluemt.com/cloud-moves-in-1-2-3/

Change Management for Disaster Recoveryhttps://www.bluemt.com/change-management-for-disaster-recovery/

From the Blue Mountain Data Systems Blog

Jeffersonian Advice For C-Suite Career Advancementhttps://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/

Ways To Survive The “Mobile-Pocalypse”https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/

Microsoft Cloud Services Receive FedRAMP Authority to Operatehttps://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-to-operate/

Hiring Pentesters? Here Are 10 Things You Need to Knowhttps://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-know/

From the Blue Mountain Data Systems Blog

Home Router Malware Alerthttps://www.bluemt.com/home-router-malware-alert/

Threat Model Deconstructionhttps://www.bluemt.com/threat-model-deconstruction/

Business Email Scam Nets $214 Millionhttps://www.bluemt.com/business-email-scam-nets-214-million/

How to Prevent Unauthorized Software from Taking Over Your Organizationhttps://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

From the Blue Mountain Data Systems Blog

Digital Marketing Predictions for 2015https://www.bluemt.com/digital-marketing-predictions-for-2015/

SDN: Network Administrator’s Friend or Foe?https://www.bluemt.com/sdn-network-administrators-friend-or-foe/

Mobile Payments: A Must for Federal Agencieshttps://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/

Soft Skills Are A Must-Have For Careers In IThttps://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

From the Blue Mountain Data Systems Blog

Security Risks Most Prevalent in Younger Workershttps://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/

The Security World’s Maturationhttps://www.bluemt.com/the-security-worlds-maturation/

Data Breach Concerns Keep CISOs Up At Nighthttps://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/

Personalized Govt Equals Instant Gratification for Citizenshttps://www.bluemt.com/personalized-govt-equals-instant-gratification-for-citizens/

From the Blue Mountain Data Systems Blog

People-Centric Securityhttps://www.bluemt.com/people-centric-security/

Pentagon Tries BYOD To Strike Work/Life Balancehttps://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/

Open Source Model Considered for MS Windowshttps://www.bluemt.com/open-source-model-considered-for-ms-windows/

Open Internet: To Be or Not to Be?https://www.bluemt.com/open-internet-to-be-or-not-to-be/

From the Blue Mountain Data Systems Blog

Malware Stays A Step Ahead Infecting One Third of Websiteshttps://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-websites/

Machine-Generated Data: Potential Goldmine for the CIOhttps://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-cio/

Government Legacy Programs: Reuse vs. Replacementhttps://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/

It Takes a Whole Village to Protect Networks and Systemshttps://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-systems/

From the Blue Mountain Data Systems Blog

Governance For the CIOhttps://www.bluemt.com/governance-for-the-cio/

Help Desk Consolidation – Lessons Learnedhttps://www.bluemt.com/help-desk-consolidation-lessons-learned/

One Year Later, Companies Still Vulnerable to Heartbleedhttps://www.bluemt.com/one-year-later-companies-still-vulnerable-to-heartbleed/

Federal Projects Cultivate Worker Passionhttps://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US

Blue Mountain Data Systems Inc.

Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes.

Read more about our experience here:>> http://bluemt.com/experience

Recent Experience

U.S. Dept. of LaborEmployee Benefits Security Administration

1994 to Present

Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT

Paul T. VeselyFounder, President, CEO and Principal Architect

Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.

CONTACT US

Contact Us Today to Discuss Your Next IT Project

HEADQUARTERS

366 Victory DriveHerndon, VA 20170

PHONE 703-502-3416

FAX 703-745-9110

EMAIL

paul@bluemt.com

WEB

https://www.bluemt.com