For CTOs, CIOs & CISOs Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue Mountain Data Systems Blog. We hope you will visit our blog for the latest information >> https://bluemt.com/blog/

1. Tech Update Summary
July 2016
Blue Mountain Data Systems

3. For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

4. For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for July 2016. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

5. Network Security

6. Network Security
MICROSOFT: Microsoft Issues Windows 10 Preview Build, Patches Critical Flaws.
With less than a month to go until the release of the Windows 10 Anniversary
Update, Microsoft put out a new build that fixes a number of bugs in Windows,
Office, Edge and other applications. In addition, Microsoft’s Patch Tuesday release
featured 11 updates for vulnerabilities, including six rated as “critical.” Read the
rest
[TOPTECHNEWS.COM]
CISCO: Unveils Three DNA Network Security Technologies. Cisco has announced
three new technologies for its Digital Network Architecture (DNA) solution to
enable network engineers, application developers, channel partners, and IT
customers to embed improved and simplified security within their network
infrastructure layer: Umbrella Branch, Stealthwatch Learning Network License, and
Meraki MX Security Appliances with Advanced Malware Protection (AMP) and
Threat Grid. Find out more
[ZDNET.COM]

7. Network Security
SWIFT: Seeks Stronger Network Security. Swift is turning to outside help as it looks
to improve security on its network following a number of hacking incidents. It has
engaged cyber security firms BAE Systems and Fox-IT, and created a Forensics and
Customer Security Intelligence team, as it wants to investigate security incidents
“within customer environments”. Read more
[BANKINGTECH.COM]
MICRO-SEGMENTATION: Tempered Networks Simplifies Network Security.
Tempered Networks’ Marc Kaplan explains how micro-segmentation simplifies the
network, makes firewalls easier to manage and improves network security. Read
the rest
[NETWORKWORLD.COM]

8. Encryption

9. Encyption
FEDERAL GOVERNMENT: John McCain Threatens to Subpoena Apple CEO Tim Cook
to Talk Encryption with Feds. “We now find ourselves at what is a complete
impasse [in the encryption debate], and it is time I urge for congress to step in and
break that impasse,” said one former assistant attorney general. Read the rest
[FEDSCOOP.COM]
GOOGLE: Testing a Chrome Browser that Adds Post-Quantum Encryption. In a truly
forward-thinking move, Google is getting serious about the effort to future-proof
internet security: users of the tech giant’s test-phase browser, Chrome Canary, can
start testing a so-called post-quantum cryptographic technology aimed at making
users immune from next-next-generation cryptographic attacks. Find out more
[EXTREMETECH.COM]

10. Encyption
EMAIL: Simple Security – How Gmail, Mailvelope, and Virtru Make Encrypted Email
Easier. Encrypting your email is a great step towards more secure communication.
Gmail, Mailvelope, and Virtru can help streamline your encrypted email efforts.
Read more
[TECHREPUBLIC.COM]
OPINION: An Encryption Commission Is A Waste Of Time. Members of Congress
are looking to create an encryption commission that would “get the answers we
need” on the issue of encryption and digital security. Will this really help? Read the
rest
[GIZMODO.COM]

11. Databases

12. Databases
MICROSOFT: SQL Server Data Tools (SSDT) Now Supports Developing Databases
Using Always Encrypted. Microsoft recently announced that SQL Server Data Tools
(SSDT) now supports developing databases using Always Encrypted. Always
Encrypted is a feature designed to protect sensitive data, such as credit card
numbers or national identification numbers (e.g. U.S. social security numbers),
stored in Azure SQL Database or SQL Server databases. Always Encrypted allows
clients to encrypt sensitive data inside client applications and never reveal the
encryption keys to the Database Engine (SQL Database or SQL Server). Read the
rest
[MSPOWERUSER.COM]

13. Databases
SPECIALIZED: Terabyte Terror: It Takes Special Databases to Lasso the Internet of
Things. Non-relational databases can help take the pain out of corralling swarms of
sensor data. IoT sensors produce a massive amount of data. This volume and
variety of formats can often defy being corralled by standard relational databases.
As such, a slew of nontraditional, NoSQL databases have popped up to help
companies tackle that mountain of information. Find out more
[ARSTECHNICA.COM]
MySQL: Building a Web UI for MySQL Databases in Plain Java. Learn how to
connect MySQL databases from Java web applications, from creating classes,
implementing the UI, and running the application. Read more
[DZONE.COM]

14. Databases
NIST: NIST Database Goes Ballistic. The ability to match a bullet with the gun that
fired it has been a forensic staple for law enforcement for almost 150 years, but
the National Institute of Standards and Technology is hoping to juice the old
capability with 21st century big data. Read more
[FCW.COM]

15. More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

16. Security Patches

17. Security Patches
MICROSOFT: July 2016 Patch Tuesday: Microsoft Releases 11 Security Updates, 6
Rated Critical. For July, Microsoft released 11 security bulletins, six of which were
rated critical due to remote code execution (RCE) vulnerabilities. Read the rest
[NETWORKWORLD.COM]
ANDROID: Android Security Bulletin Features Two Patch Levels. The frail world of
the Android ecosystem has taken some hits in the past week with the disclosure of
a full disk encryption bypass vulnerability and the arrival of the HummingBad
malware. Find out more
[THREATPOST.COM]

18. Security Patches
ADOBE: Adobe Deploys Security Update to Fix 52 Vulnerabilities in Flash. Some
of the critical flaws could lead to remote code execution on your PC. The update
includes Flash security fixes across the Microsoft Windows, Apple Mac, Linux,
and ChromeOS operating systems, as well as the Google Chrome, Microsoft
Edge, and Internet Explorer 11 browsers. Read more
[ZDNET.COM]
INTEL: Intel Patches Local EoP Vulnerability Impacting Windows 7. Intel issued an
important security patch Monday for a vulnerability that could allow hackers to
execute arbitrary code on targeted systems running Windows 7. The bug, located
in Intel’s HD graphics Windows kernel driver, leaves affected systems open to a
local privilege escalation attacks that could give criminals the ability take control
of targeted systems. Read more
[THREATPOST.COM]

19. CIO, CTO & CISO

20. For the CIO, CTO & CISO
CTO: Census Seeks CTO. The Census Bureau is looking for a new chief technology
officer. In the midst of the bureau’s 2020 technology push — an ambitious overhaul
that watchdogs are monitoring closely — the agency posted its official CTO job
listing on July 11. The posting comes three weeks after Avi Bender, who had served
as Census CTO since 2010, moved to the National Technical Information Service.
The next CTO will serve under another newly arrived leader — CIO Kevin Smith,
who joined the bureau in June. Read the rest
[FCW.COM]
THREE THINGS: Every CISO Should Know. To reduce their organisation’s attack
surface – and improve their team’s ability to detect, react, respond and recover –
CISOs should keep three things in mind. Read the rest
[INFORMATION-AGE.COM]

21. CIO, CTO & CISO
CIO: Execs From Outside IT Win Key CIO Jobs. Pressure to fulfill business goals
forces companies to look for different breed of IT leaders. Eli Lilly & Co. this week
reverses a long history of naming chief information officers with deep enterprise
technology experience as Aarti Shah, a 22-year veteran at the drug company,
takes the helm. But her appointment barely ranks as an outlier as Lilly and other
companies look outside the traditional technology ranks for executive talent that
boards and chief executives can hold accountable for business objectives. Read
the rest
[BLOGS.WSJ.COM]

22. CIO, CTO & CISO
CTO: IRS’s Top Techie Leaves Citing Lapsed Critical Pay Authority. The IRS is losing
its chief technology officer, Terry Milholland, due to a lapse in a 1998 statute that
allowed for a higher pay band for select positions at the tax agency, according to
Commissioner John Koskinen. In a June 29 email to staff, Koskinen said
Milholland is the latest IT executive to leave since the Streamlined Critical Pay
Authority — part of the IRS Restructuring and Reform Act of 1998 — expired in
2013 without a congressional vote to renew. Find out more
[FEDERALTIMES.COM]

23. For the CIO, CTO & CISO
CIO: FDIC Was Hacked by China, and CIO Covered It Up. Problems uncovered after
employees walk off job with thousands of SSNs on flash drives. A report published
by the House Committee on Science, Space and Technology today found that
hackers purported to be from China had compromised computers at the Federal
Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor
malware was installed on 12 workstations and 10 servers by attackers—including
the workstations of the chairman, chief of staff, and general counsel of the FDIC.
But the incidents were never reported to the US Computer Emergency Response
Team (US-CERT) or other authorities and were only brought to light after an
Inspector General investigation into another serious data breach at the FDIC in
October of 2015. Read more
[ARSTECHNICA.COM]

24. CIO, CTO & CISO
CISO: Brown University Offers Ivy League CISO Creds. Freshly minted CISOs as
well as other mid-career professionals with a need for a broad grounding in
cybersecurity can get an advanced degree in the topic through a new program at
Brown University. The Executive Master in Cybersecurity, set to launch in
October, is a 16-month program to instruct students in technology, law and
policy, human behavior, and leadership-skills development. “What the industry is
crying out for is interdisciplinary training,” says Alan Usas, the program director.
Read more
[NETWORKWORLD.COM]

25. CIO, CTO & CISO
FEDERAL CIO: 4 Ways Government Agencies Can Improve Their Cybersecurity
Fundamentals. Responding to the OPM breaches, Federal CIO Tony Scott
initiated a month-long Cybersecurity Sprint calling on all agencies to evaluate
and address security problems. This program yielded some positive results,
including immediate improvements in authentication practices. Federal civilian
agencies increased their use of strong authentication practices for privileged and
unprivileged users by 30 percent during the sprint. Read more
[ABOUT.BGOV.COM]

26. For the CIO, CTO & CISO
CISO: What Is IDaaS? A CISO Clears Up Confusion Around the Definition of Cloud
IAM. Identity and access management-as-a-service, also known as IDaaS or cloud
identity and access management (IAM), has become a hot topic among CISOs over
the past few years. Alas, confusion about the cloud-based service still exists; even
the most basic question is left unanswered or answered incorrectly. With so much
uncertainty and inaccuracy existing around the definition of IDaaS, it seemed fitting
to tap into the expertise of a security thought leader and early adopter of IAM-as-a-
service. Joseph Burkard, a CISO for a global health care organization, delivers a
complete definition of IDaaS and discusses how his choice of a cloud IAM vendor
reflects this definition. Read more
[SECURITYINTELLIGENCE.COM]

27. Penetration Testing

28. Penetration Testing
RISK STRATEGY: 8 Reasons You Need A Security Penetration Test. One of the
biggest challenges in IT security is determining whether the tools and
configurations you have in place are giving your organization the level of security
you require. Here’s how penetration testing can help. Read the rest
[INFORMATIONWEEK.COM]
VULNERABILITIES: Hacking A Penetration Tester. How even a pen test conducted
by a security pro can be hacked by a determined attacker looking for a way to its
target. Find out more
[DARKREADING.COM]

29. Penetration Testing
CYBERWAR: The DNC Hack and Dump Is What Cyberwar Looks Like. Elections are
critical infrastructure that should be hands-off for governments. What occurred
with the recently disclosed breach of the Democratic National Committee
servers, and the dumping of stolen data on a WordPress site, is more than an act
of cyber espionage or harmless mischief. It meets the definition of an act of
cyberwar, and the US government should respond as such. Read more
[ARSTECHNICA.COM]
SECURITY FLAWS: Necessity is the Mother of the ‘Rugged DevOps’ Movement.
No matter how good your perimeter security is, experts agree: Your system has
been breached, whether you know it or not. The costs of security flaws –
cybersecurity expert Joe Franscella calls them “The Five Horsemen of the
Internet Apocalypse: Scam, Extortion, Embarrassment, Theft and Death” – are
enormous. So why don’t we consider security a first-class citizen in DevOps?
Read more
[SDTIMES.COM]

30. Open Source

31. Open Source
RED HAT: Red Hat Wants To Repeat The Magic of Linux With Containers. With
enterprise workloads slowly moving to the public cloud, and containers
becoming first class citizens of the datacenter, the battleground is quickly
shifting to the cloud and containers. Traditional infrastructure players are facing
a huge challenge. The changing dynamics of the market are forcing Red Hat to
relook at its strategy. Read the rest
[FORBES.COM]
MICROSOFT: Project Malmo AI Platform Goes Open Source. The system, now
available to all, uses Minecraft to test artificial intelligence protocols. Formerly
referred to as Project AIX, the platform has been developed in order to give
startups a cheap, effective way to test out artificial intelligence programming
without the need to build robots to test commands and comprehension with
physical subjects. Find out more
[ZDNET.COM]

32. Open Source
STORAGE: Why Object Storage Is Eating the World. Traditionally, web
applications use file systems and databases to store user data. This is simple to
manage, as web applications generate structured data by accepting text input in
forms, and saving the input to a database. However, times are changing; with the
advent of social media, cloud storage, and data analytics platforms, increasing
quantities of unstructured data are being pushed onto the Internet. Read more
[OPENSOURCE.COM]

33. Open Source
SECURITY: What IoT Can Learn From Open Source. In 2014, a study by Hewlett-
Packard found that seven out of ten IoT devices tested contained serious
security vulnerabilities, an average of twenty-five per device. In particular, the
vulnerabilities included a lack of encryption for local and Internet transfer of
data, no enforcement of secure passwords, and security for downloaded
updates. The devices test included some of the most common IoT devices
currently in use, including TVs, thermostats, fire alarms and door locks. Given
that Gartner predicts that 25 billion smart devices will be in use by 2020, no one
needs to be a prophet to foresee a major security problem that will make even
the security problems of the basic Internet seem insignificant. Read more
[DATAMATION.COM]

34. Incident Response

35. Incident Response
VIDEO: Incident Response: Trade-offs Under Pressure. John Allspaw provides a
glimpse into how other fields handle incident response, including active steps
companies can take to support engineers in those uncertain and ambiguous
scenarios. Examples include fields such as military, surgical trauma units, space
transportation, aviation and air traffic control, and wildland firefighting. Read more
[INFOQ.COM]
LISTEN: HSAC Wants DHS Cross-Sector Cybersecurity Plan. The Homeland Security
Department and Homeland Security Advisory Council are exchanging summer
homework, respectively asking for recommendations for the presidential transition
and a plan for coordinating cross-sector cybersecurity responses. Read the rest
[FEDERALNEWSRADIO.COM]

36. Incident Response
COLLABORATION: Technology Gives Police and Public Safety Agencies the Upper
Hand. Cities put common IT infrastructure to work in the ongoing effort to prevent
and reduce criminal activity. When a suspicious person or activity happens at
Newburgh, N.Y.’s City Hall, police are notified directly. City employees can push a
button to silently page the nearby police department in an emergency, one of many
new features available since the city upgraded its communications infrastructure,
adding new IP phones, paging and emergency notification software on top of a new
Cisco Systems phone system. Read more
[STATETECHMAGAZINE.COM]

37. Incident Response
HAVE A PLAN: The Importance of a Cyber Incident Response Plan and the Steps
Needed to Avoid Disaster. With two-thirds of the UK’s big businesses being hit with
a cyber-attack in the past year, it’s absolutely crucial for businesses to know how to
respond and deal with the aftermath. A study conducted last year revealed that
more than half of organizations lack the capability to gather data from across their
environment, or coordinate centralized alerts to the business about suspicious
activity. Read the rest
[INFO-SECURITY.COM]

38. Program Management

39. Program Management
MICROSOFT: Microsoft Launches Planner, a Project-Management Tool Part of
Office 365. Microsoft has launched Office 365 Planner, a new project-
management tool for teams. The company will be rolling out Planner worldwide
to Office 365 users, including Office 365 Enterprise E1–E5, Business Essentials,
Premium, and Education subscription plans. The Planner tile will appear in your
Office 365 app launcher, meaning Office 365 admins don’t need to take any
action. Read more
[VENTUREBEAT.COM]

40. Program Management
NASA: When Project Management Really is Rocket Science: A Lesson from NASA.
A recent GAO assessment of major NASA projects shows that 18 of the
organization’s biggest projects received very positive reviews – with project
management receiving credit for some of that success. What has proven to be
extremely effective for NASA is utilizing standards and adapting tools and
processes to the needs of the agency, while satisfying considerations of such
leading practices as EVM, project costing, baseline establishment and blending
of engineering disciplines into projects. Read the rest
[FEDERALTIMES.COM]

41. Program Management
ADVICE: 6 Ways to Be a Better Project Manager. Project management is a
complex — and critical — function. Here are six pieces of advice to help project
managers improve their craft. Find out more
[CIO.COM]
IT CAREERS: What’s Going On with IT Hiring? Analysts have been generally
cautious this year about IT hiring trends. Although the unemployment rate for IT
professionals is about half the national average of 4.7%, said CompTIA, some
analysts use terms ranging from “modest” to “pre-recession” to describe IT
hiring. Read more
[COMPUTERWORLD.COM]

42. Search Technology

43. Search Technology
SOLR: Solr 6.0 and Graph Traversal Support. One of the new features that are
present in the recently released Solr 6.0 is the graph traversal query that allows you
to work with graphs. Having a root set and relations between documents (like
parent identifier of the document) you can use a single query to get multiple levels
of joins in the same request. Here's how this new feature works both in old
fashioned Solr master/slave as well as in SolrCloud. Read more
[DZONE.COM]
OPEN SOURCE: Has Open Source Become the Default Business Model for Enterprise
Software? SpliceMachine's decision to open-source its product has become the
latest reminder that -- in emerging technology markets -- open source is
increasingly the rule, not the exception. Read the rest
[ZDNET.COM]

44. Search Technology
GOOGLE: Releases Search Tools to Simplify the Voter Registration Process. Google is
continuing its efforts to encourage people to vote in this November’s presidential
election in the United States. With Google’s most recent update, it will provide
information directly in the search results about how you can register to vote in your
state. The update can be triggered by typing “register to vote” in the search bar.
Google will then return detailed state-by-state information about how to vote,
including the general requirements and voter registration guidelines. Read more
[SEARCHENGINEJOURNAL.COM]

45. Search Technology
CONNECTOR FRAMEWORKS: How Do I Connect Thee? Let Me Point the Ways.
Finally, for content repositories and other sources of searchable data, there are also
connector frameworks, such as Apache ManifoldCF, that facilitate the connection
between the repositories and various destinations (primarily search servers).
Support for a wide variety of repositories, such as Documentum, Alfresco,
Sharepoint, etc. is already available. Other custom connectors may also be similarly
developed. On the other side, search servers such as ElasticSearch and Apache Solr
are supported, amongst others. Read the rest
[INFOWORLD.COM]

46. Agile Application Development

47. Agile Application Development
AGILE DevOps: A Path to the Common Ground of Productivity. Best of breed
analytics solutions must bridge the gap between data science and production to
unify development and deployment into an agile methodology. With that in mind,
Florian Douetteau, CEO of Dataiku, has put together an interesting guidebook that
discusses how to achieve that level of synergy to build a data project that embodies
the ideologies of agility. Read more
[GIGAOM.COM]
PROJECT REQUIREMENTS: Blueprint’s Storyteller Auto-Generates User Stories for
Agile Teams. Blueprint is trying to solve one of the biggest problems it sees in the
agile industry: user stories. According to the company, too often teams
misunderstand project requirements, which result in costly delays and revisions. To
solve this, Blueprint is launching Storyteller, a new solution designed to auto-
generate high-quality user stories and acceptance criteria. Read the rest
[SDTIMES.COM]

48. Agile Application Development
CONTRACTING: Agile Software Development Brings New Contracting Issues.
Creating software using an agile software development (“ASD”) methodology is not
a new concept, but it is rapidly gaining popularity among software developers
based on the notion that ASD yields workable code sooner and in a more efficient
manner. However, traditional “waterfall” software development approaches do not
easily lend themselves to contracting under an ASD approach. Read more
[LAW360.COM]
EPA: How Agile Development Aids FITARA Compliance. As chief information officer
of the Environmental Protection Agency, Ann Dunkin is charged with modernizing
the IT infrastructure of the 15,000-person strong office. In a recent interview,
Dunkin spoke about the progress that EPA is making in reforming its IT acquisition
process and the challenge of shifting from legacy systems to agile development.
Read the rest
[FEDERALTIMES.COM]

49. BYOD

50. BYOD
EXEC TECH: BYOD is Evolving for a Cyber-Conscious Age. Kimberly Hancher, former
CIO at the Equal Employment Opportunity Commission, helped craft the White
House BYOD policy in 2012. That document outlines a broad set of guidelines that
agencies can use to establish the proper parameters for mobile access. Yet four years
later, she said, there aren’t enough clear policies at federal agencies. “I don’t think
most agencies are really undertaking the effort and due diligence to address BYOD
policy,” she said. “They’re just sort of letting people do whatever they can get away
with, and very few agencies have actually put formal policies in place.” Read the rest
[FCW.COM]

51. BYOD
USERS: Don’t Mess with iOS 10 or Android Nougat Betas. There’s a lot of interest in
the beta releases of iOS 10 and Android Nougat, and while most people are free to
explore the new platforms, BYOD users should hold off from testing them. Find out
more
[ZDNET.COM]
ENTERPRISE: The BYOD Evolution: Three Common Approaches. It has become a way
of life for employees to bring personal devices to work, whether or not your
organisation has a BYOD policy. Employees want the ability to use their own phones,
tablets and laptops at work, without losing ownership or control of those devices.
But this should raise some red flags for a company’s IT and security teams. The
modern issues with BYOD have gone beyond just basic user-privacy issues, to the
serious security and compliance matters that need to be addressed to ensure IT
ecosystems are not vulnerable. Read more
[APPSTECHNEWS.COM]

52. BYOD
INDUSTRY INSIGHT: Balancing Mobility with Security: What Government Can Do. The
consumerization of IT is not only changing the way employees work, it’s changing
their expectations of government IT. Employees look to their agencies to provide
modern IT services, interfaces and capabilities — most of which have historically
been the responsibility of IT departments. The trouble is that accommodating the
mobility demands of today’s users presents a fundamental security challenge to IT
teams used to retaining control of every system, app and network under their
purview. How do IT teams balance the demands of flexible and secure mobility,
accommodate users’ preferences and modernize their IT environments? Here are a
few considerations. Read the rest
[GCN.COM]

53. Big Data

54. Big Data
INFORMATION MANAGEMENT: How to Make Big Data Work for SMEs. Big data for
SMEs is all about joining up various sources of data and using it to improve
productivity and profitability. With accessibility via the cloud, big data enables
smaller business to take advantage of the tools that were previously only available
to larger corporates. Big data is basically a repository of information drawn from
different silos and joined up to make it work more effectively for the business.
Here are five key steps on how SMEs can maximise their existing data to make it
big. Read the rest
[INFORMATION-AGE.COM]
STUDY: One-Third of Big Data Developers Use Machine Learning. A recent Evans
Data report shows that 36 percent of developers working with big data and
analytics are also using machine learning. Find out more
[EWEEK.COM]

55. Big Data
HEALTHCARE: Managing Big Data in Healthcare. Life sciences companies have too
much information – manually collected, logged and stored to adhere to the highest
quality standards. Digital analytics can funnel just the right information for risk
management. Read more
[AUTOMATIONWORLD.COM]
ROUNDUP: Watson, WebEx Mashup, Hadoop Summit. IBM Watson gets close with
Cisco WebEx to improve collaboration. Hortonworks rolls out updates and initiatives
at Hadoop Summit. MapR offers an update to please admins. MongoDB Atlas goes
live with a managed cloud-based MongoDB service. Read more
[INFORMATIONWEEK.COM]

56. Mobile Applications

57. Mobile Applications
SURVEY: Companies Want Mobile Apps Without Spending Much on Development.
The enterprises engaged in the communications space are increasingly recognizing
the perks having a sophisticated mobile app platform, with 42 percent of
companies expanding their spending on mobile app development, by an average of
31 per cent in 2016. However, the companies are averse to spending much on it, as
a recent survey by Gartner revealed that the average proportion of the overall
application development budget allocated to mobile is only 10 per cent, which is
actually a 2 percent decline from last year. Read the rest
[CIOL.COM]

58. Mobile Applications
IBM: Revamps MobileFirst Development Platform for the Cloud. IBM further
strengthened the ties between its enterprise mobile app development platform and
the cloud with MobileFirst Foundation 8.0, an enterprise middleware that provides
cloud-based Mobile Back-end-as-a-Service (MBaaS) for enterprise mobile apps,
along with many other associated products and services to round out the
development/deployment lifecycle. Find out more
[ADTMAG.COM]

59. Mobile Applications
AMAZON: AWS Mobile App Development Tools Target Device Lifecycle. AWS is a
major player in mobile app development with a variety of end-to-end tools. But it’s
not the only option, as Google and other MBaaS providers seek their market share.
Read more
[SEARCHAWS.TECHTARGET.COM]
FILEMAKER 15: How to Make Mobile Apps with FileMaker 15. The business world is
full of inventories, catalogs and other lists that sit in spreadsheets or databases that
would be more useful if you could take them out of the office. With FileMaker Go
and FileMaker WebDirect, you can. Read the rest
[CIO.COM]

60. Personnel Management

61. Personnel Management
WORKFORCE: Millennials Want to Stay, If Government Grasps the New Reality. Many
“millennials” in government say their agencies haven’t yet understood what makes
them tick. And their generation isn’t drastically different than the ones that have
come before it. Though a majority of federal employees under the age of 35
indicated their interest in staying within the federal government, many millennials
said their decision depends on several different factors. Read the rest
[FEDERALNEWSRADIO.COM]
OPM: Office of Personnel Management Hires First CISO. Following one of the largest
data breaches on record, the Office of Personnel Management hires a chief
information security officer. The new CISO is Cord Chase, former senior adviser on
Cyber and National Security to the White House and Office of Management and
Budget, and technology head and engineer at the U.S. Department of Agriculture.
Find out more [GOVTECH.COM]

62. Personnel Management
DOD: The 4 Big Takeaways from Ash Carter’s New Push for Military Personnel
Reform. The plan to overhaul the military personnel system that Defense Secretary
Ash Carter announced Thursday would end the “one-size-fits-all” promotion system
for military officers and clear the way for far more diverse options in military career
tracks. Read more
[MILITARYTIMES.COM]
FEDERAL CIVIL SERVICE: Report Says Top Civil-Service Rank Needs Urgent Boost. The
Senior Executive Service, the highest rank of the nation’s federal civil service, carries
a certain prestige. But that is not enough to convince many lower-ranking employees
that the status is worth the headache. Read more
[WASHINGTONPOST.COM]

63. Programming & Scripting Development
Client & Server-Side

64. Programming & Scripting Development
Client & Server-Side
JAVA: How Oracle’s Business As Usual Is Threatening to Kill Java. Oracle’s silence
about Java EE has brought developer community distrust to a fever pitch. Read the
rest
[ARSTECHNICA.COM]
JAVASCRIPT: Blocking JavaScript Can Stop Some Windows Malware. Email
attachments are probably the most common mechanism for infecting a Windows
computer. As potential victims get wise to the tried and true infection schemes,
bad guys have a relatively new wrinkle — the attached malicious file is JavaScript.
JavaScript, or more correctly in this case, JScript files, are plain text files that end in
“.js.” Find out more
[COMPUTERWORLD.COM]

65. Programming & Scripting Development
Client & Server-Side
jQUERY: Long-awaited jQuery 3.0 Brings Slim Build. The jQuery team has unveiled
the long-awaited 3.0 release, bringing a new slimmed-down option as well as
major new features, improvements, and bug fixes. Read more
[INFOQ.COM]
RUBY-ON-RAILS: Ruby on Rails-style Development Comes to Apple’s Swift. The
Swifton framework shares the model-view-controller development pattern with
Rails. Read more
[INFOWORLD.COM]

66. Cloud Computing

67. Cloud Computing
IaaS: Infrastructure as a Service Cloud Computing Revenue to Surge by 2020.
Infrastructure as a service (IaaS) cloud revenue is expected to triple to $43.6 billion
by 2020, up from $12.6 billion in 2015, according to research firm IDC. The
projection, which equates to a compound annual growth rate of 28.2 percent over
five years, is based on the number of enterprises ditching on-premises hardware for
the public cloud. Read the rest
[ZDNET.COM]
MICROSOFT: Azure Cloud Wins a High-Profile New Customer – GE. General Electric is
making its Predix industrial software platform available on Microsoft’s cloud. The
move isn’t entirely new for GE — its Predix platform was already available on
Amazon and Oracle’s clouds. But it’s an important step for Microsoft, which wants to
establish itself as the favored partner for big business. Find out more
[CNBC.COM]

68. Cloud Computing
SERVERLESS COMPUTING: What Serverless Computing Really Means. For
developers, worrying about infrastructure is a chore they can do without. Serverless
computing merely adds another layer of abstraction atop cloud infrastructure, so
developers no longer need to worry about servers, including virtual ones in the
cloud. Read more
[INFOWORLD.COM]
IBM: Tests Secure Cloud Blockchain Service. IBM is beta-testing a new high-security
service plan for IBM Blockchain, with dedicated infrastructure for each customer.
Until now, it has offered only a starter cloud service for developers who want to
experiment with blockchain technology. That service runs in a multitenant cloud,
with infrastructure shared among hundreds of blockchains. The new service plan is
still cloud-based, but “you get your own resources dedicated to you,” said IBM Vice
President for Blockchain Technologies Jerry Cuomo. Read more
[COMPUTERWORLD.COM]

69. Business Intelligence

70. Business Intelligence
TOOLS: 12 Ways to Empower Government Users With the Microsoft Business
Intelligence (MBI) Stack. One way to mitigate the risks of budgetary constraints is
to discontinue the habit of relying on IT resources for small tasks that users can
either do themselves or with limited assistance. Your agency’s use of Microsoft
Business Intelligence (MBI) tools and reporting services may hold the key to
advancing your organization’s return on investment as well as gain much needed
autonomy for your users. Read the rest
[BLUEMT.COM]
DATABASES: SQL Server 2016 Stretch Database: What Can It Do? When Microsoft
released SQL Server 2016, the release was accompanied by a slew of advanced
features heavily tailored to make data more malleable and useful for business. In
that light, one of the most exciting features of SQL Server 2016 is the Stretch
Database feature. Find out more
[ENTERPRISEAPPSTODAY.COM]

71. Business Intelligence
AMAZON: How Amazon Echo Could Serve as Your New Business Analyst. Picture
this. You’re meeting with your board of directors. Someone requests more details
about a sales forecast. Instead of booting up a laptop computer to dig up those
numbers, you address the question verbally to an Amazon Echo device sitting
alongside the other conference room gadgetry. Moments later, it responds with the
appropriate data, allowing the meeting to continue uninterrupted. That scenario is
being tested among a handful of companies that use data analytics software from
Sisense, a New York-based company. Read more
[FORTUNE.COM]

72. Business Intelligence
SOFTWARE: The Two Main Pitfalls of Business Intelligence As We Know It. Business
Intelligence, or as it’s more commonly known as in today’s lexicon “BI,” is one of the
first things that pops into professionals’ minds when anything data-related in the
workplace is brought up. Whether you’re on the information technology side of the
business or a P&L owner, the answer to any information problem is to typically
throw a BI solution at it. Here’s a look at two primary reasons why business
intelligence is soon-to-be extinct in the emerging technology landscape. Read more
[CIO.COM]

73. IT Security | Cybersecurity

74. IT Security | Cybersecurity
NIST: Plans Cybersecurity Framework Update. Winter 2017 Revision Would Refine,
Clarify Provisions. The National Institute of Standards and Technology plans to
update its 2-year-old cybersecurity framework late next year, says Matt Barrett,
program manager. Read the rest
[GOVINFOSECURITY.COM]
PHYSICS: In Cybersecurity, It’s Physics to the Rescue. As computing technology
evolves, how will cybersecurity need to change to keep up? Find out more
[FEDSCOOP.COM]

75. IT Security | Cybersecurity
FEDERAL AGENCIES: For Federal Agencies, a Deluge of Data Requires Security –
Everywhere. Data security is a paramount concern for federal agencies no matter
how and where their information is stored. Read more
[FEDTECHMAGAZINE.COM]
RANSOMWARE: New York Takes Bold Steps to Tackle Ransomware. As ransomware
threats increasingly target state and local IT systems, Sen. Chuck Schumer calls for a
unified and coordinated defense. Read more
[STATETECHMAGAZINE.COM]

76. IT Security | Cybersecurity
FDIC: Why the FDIC Is Updating Its Cyber Security Policy After This Data Breach. The
U.S. Federal Deposit Insurance Corporation is updating cyber security policies after a
2015 data breach in which a former employee kept copies of sensitive information
on how banks would handle bankruptcy. FDIC Chairman Martin Gruenberg said he
made personnel changes after receiving a report in 2013 informing him that he had
not been fully briefed about the major compromise of the regulator’s computers by
a foreign government in 2010 and 2011. Read more
[FORTUNE.COM]

77. IT Security | Cybersecurity
BLIND SPOTS: Cybersecurity Blind Spots: Mitigating Risks and Vulnerabilities.
Technical blind spots certainly present major information security challenges to
CISOs and their teams, as the complexities of monitoring encrypted traffic and
updating SAP software and other legacy applications can be daunting tasks. But
there are other cybersecurity blind spots that involve more amorphous and less
technical concepts such as enterprise risks. Here’s how security experts overcome
these challenges. Read the rest
[SEARCHSECURITY.TECHTARGET.COM]
CAREERS: Feds to Hire 3,500 Cybersecurity Pros by Year’s End. Last October, the U.S.
government began hiring 6,500 new cybersecurity IT professionals. It has hired
3,000 so far, and plans to hire another 3,500 by January 2017, the White House has
reported. Read more
[COMPUTERWORLD.COM]

78. IT Security | Cybersecurity
THREAT PREVENTION: Context-Rich And Context-Aware Cybersecurity. An adaptive
threat-prevention model is quickly replacing traditional, unintegrated architectures
as security teams work to achieve a sustainable advantage against complex threats.
Read the rest
[DARKREADING.COM]

79. From the Blue Mountain Data Systems Blog
Three-Dimensional Governance for the CIO
https://www.bluemt.com/three-dimensional-governance-for-the-cio
7 Reasons to Take Control of IT Incidents
https://www.bluemt.com/7-reasons-to-take-control-of-it-incidents/
Breach Mitigation Response Time Too Long, Survey Says
https://www.bluemt.com/breach-mitigation-response-time-too-long-survey-
says/
Six Tactics for Cyberdefense
https://www.bluemt.com/six-tactics-for-cyberdefense/

80. From the Blue Mountain Data Systems Blog
Feds Report Mixed Responses to Shared Services
https://www.bluemt.com/feds-report-mixed-responses-to-shared-services
Federal Employees Are Not Security Experts
https://www.bluemt.com/federal-employees-are-not-security-experts
Survival Guide for Network Administrators
https://www.bluemt.com/survival-guide-for-network-administrators
DBaaS: OpenStack Trove Changes DB Management
https://www.bluemt.com/dbaas-openstack-trove-changes-db-management

81. From the Blue Mountain Data Systems Blog
Help Wanted: Certified Cybersecurity Professionals
https://www.bluemt.com/help-wanted-certified-cybersecurity-professionals
Cyber Threat Intelligence Integration Center Preview
https://www.bluemt.com/cyber-threat-intelligence-integration-center-preview/
Cloud Moves in 1-2-3
https://www.bluemt.com/cloud-moves-in-1-2-3/
Change Management for Disaster Recovery
https://www.bluemt.com/change-management-for-disaster-recovery/

82. From the Blue Mountain Data Systems Blog
Jeffersonian Advice For C-Suite Career Advancement
https://www.bluemt.com/jeffersonian-advice-for-c-suite-career-advancement/
Ways To Survive The “Mobile-Pocalypse”
https://www.bluemt.com/ways-to-survive-the-mobile-pocalypse/
Microsoft Cloud Services Receive FedRAMP Authority to Operate
https://www.bluemt.com/microsoft-cloud-services-receive-fedramp-authority-
to-operate/
Hiring Pentesters? Here Are 10 Things You Need to Know
https://www.bluemt.com/hiring-pentesters-here-are-10-things-you-need-to-
know/

83. From the Blue Mountain Data Systems Blog
Home Router Malware Alert
https://www.bluemt.com/home-router-malware-alert/
Threat Model Deconstruction
https://www.bluemt.com/threat-model-deconstruction/
Business Email Scam Nets $214 Million
https://www.bluemt.com/business-email-scam-nets-214-million/
How to Prevent Unauthorized Software from Taking Over Your Organization
https://www.bluemt.com/the-cios-guide-to-happy-end-users-2/

84. From the Blue Mountain Data Systems Blog
Digital Marketing Predictions for 2015
https://www.bluemt.com/digital-marketing-predictions-for-2015/
SDN: Network Administrator’s Friend or Foe?
https://www.bluemt.com/sdn-network-administrators-friend-or-foe/
Mobile Payments: A Must for Federal Agencies
https://www.bluemt.com/mobile-payments-a-must-for-federal-agencies/
Soft Skills Are A Must-Have For Careers In IT
https://www.bluemt.com/soft-skills-are-a-must-have-for-careers-in-it/

85. From the Blue Mountain Data Systems Blog
Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

86. From the Blue Mountain Data Systems Blog
People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

87. From the Blue Mountain Data Systems Blog
Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

88. From the Blue Mountain Data Systems Blog
Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

89. ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

90. Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

91. MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

92. CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com