Anyone who has seen me on a panel about technology talent or innovation (or even seen me sitting in the audience when there’s a mic nearby) will know I have strong views on how and where the capital markets (and other areas of the financial services industry, I’m sure) are going wrong in trying to attract and retain tech staff. This is not about offering individuals the ability to wear a pair of jeans to work—a shift in mindset and even policy is required.
As the sun rises on 2019, it will also be shining on a new equities exchange application. The launch of Members Exchange (MEMX), founded by a consortium of nine financial services firms, was announced this week, and according to the press release, it will apply for U.S. Securities and Exchange Commission (SEC) approval in early 2019. Given the IEX exchange application approval and the public fights between the incumbent exchanges and their members, the introduction of a new exchange application should be no surprise. There are already 13 exchanges and over 45 equity alternative trading systems (ATSs) operating in the U.S.; MEMX will make number 14.
First, there were just usernames. Then came usernames and passwords. Then came multifactor authentication (MFA), which requires something you know, such as a username and password; something you have, such as a one-time password token; or something you are, such as biometrics using your fingerprint or a retina scan. Now frictionless identity access management (IAM) is the “soup du jour” as companies work to make MFA more effortless for the end user. Many of the chief information security officers with whom I've spoken attribute the lack of MFA adoption in the enterprise and in web applications to the amount of friction it causes for the end user.
Bugs, also referred to as software vulnerabilities, are flaws that can be abused to cause a system or software to have unintended behaviors that disclose sensitive information, negatively impact availability, or provide unauthorized access. These bugs are what malicious hackers use to successfully achieve their after-action goals in a long kill chain of steps. Thus, the life cycle of a vulnerability to active exploitation can be described as starting with vulnerability researchers’ or malicious hackers’ discovery of a bug in a software or application, and if the bug is found by a malicious hacker, the active exploitation of the bug in the "wild" until the manufacturer or developer creates a fix or patch that renders the exploit ineffective.
I've seen a lot of board rooms over the last 18 years and have met with boards of directors for companies with as few as 100 employees and companies with as many as 50,000 employees. In every one of these meetings, I've been asked the inevitable, arguably rhetorical question, "Are we secure yet?"