The document summarizes James Stanger's presentation at SACON International 2020 about emerging technologies and their impact. It discusses how ambient computing is being driven by advances in context-aware computing, AI/ML, and the movement of data between individuals, environments, machines, and cloud/edge infrastructure. It also outlines some of the key emerging tech categories and challenges around data/information management, connectivity of smart devices, and applying AI/ML to customer-centric solutions. Common issues with implementing emerging tech like shadow IT and lack of security are also addressed.

1. SACON
SACON International 2020
India | Bangalore | February 21 - 22 | Taj Yeshwantpur
Surfing today’s emerging tech: A policy-based approach
James Stanger, PhD
CompTIA
Chief Technology
Evangelist
@jamesstanger

2. SACON 2020
Ambient computing – a wave that’s already here
• Context-aware computing – “Presencing 2.0”
• Intelligent tech monitors people (AI & ML)
• Information you generate and use moves from:
• Individuals to edge / cloud / data center
• Environment to environment
• Machine to machine
• Part of the 4th industrial revolution
• The result?
• Hyper-personalization - customer focus
• Data analytics and business intelligence
• Control (?)

3. SACON 2020
Emerging tech categories generating this wave through
2023
The above revenue drivers are also the building blocks of the ambient computing
world

4. SACON 2020
Data / information has become the critical skill area

5. SACON 2020
Unprecedented connectivity of (smart) things
• How is this data connected to
emerging tech?
• How do we process this data into
information?
ICS
DCS
SCADA
OT
IoT
Sensors / actuators / radios
Gateway Data
AcquisitionEdge
AIData center
Storage
Application
Network
ServerML

6. SACON 2020
IoT / OT and next steps: Customer
experience (CX)
• The next steps are to:
• Transform “emerging tech” into
customer-centric solutions
• Make the architecture more efficient
How do we apply
AI
and ML IoT?
How do we turn this
into a customer-
focused solution?
What about
serverless /
edge?Should we do
this?

7. SACON 2020
Cloud – finally being used
• After much talk, we’re seeing
actual adoption over the past 5 years
• Another part of the “4th industrial
revolution”
• Azure vs. Alibaba vs. AWS, and so forth:
It depends on your business model
• Where do charges occur?
• Data in and out
• Services used
• Integration experience is at a premium
• We need workers that can convert
technical speak into business terms and
make decisions

8. SACON 2020
Surprises in the cloud space
• Two major surprise providers:
• VMWare (Dell)
• Red Hat (IBM)
• Why?
• Visualization: Can manage
multiple environments / providers
• Network management: Using SD-WAN to route IoT device traffic
• Abstraction layer: Helps avoid vendor lock-in
• Customer focus: History of creating useful services
• Emerging tech: Ability to integrate new solutions, including AI
and blockchain

9. SACON 2020
5G and emerging tech
• 5G – it’s finally here (mostly)
• Capturing data where it is generated
• Edge – microclouds, mini data centers
• Cloud
• More devices to support
• The good, the bad, and the ugly of 5G
Good
Connectivity
Speed
Edge
capability
Bad
Tampering
Eavesdropping
Monitoring
Attack surface
DDoS
Ugly
Privacy
Traffic QoS
Trust models

10. SACON 2020
AI / ML finds its place: automation
• AI is often used as a subset of
automation
• The use of tech to automatically:
• Launch, under conditions
• Respond to situations
• Improve itself (and other “things”)
• Communicate with other
machines and other people
• But now, it’s all about the
intelligence of things.
Automation
Artificial
Intelligence
Machine
Learning Deep
Learning
KubernetesDocker

11. SACON 2020
Common realities when implementing emerging tech
• Shadow IT / Bring Your Own IT
• Skipping steps in the software development
or platform deployment cycle
• Not managing devices properly
• No encryption
• No or poor authentication
• Rapid deployment of new technologies
workers don’t fully understand
• Organizations receiving data that they
aren’t properly securing

12. SACON 2020
• Because companies have at least two different perspectives
• Information Technology (IT)
• Business leaders
Why does shadow IT exist?
IT says shadow
IT is:
BAD
Business says
shadow IT is:
GOOD

13. SACON 2020
The risks of shadow IT
Customer
dissatisfactio
n
Loss of
information
integrity
Non-
compliance
Cost
overrunsPerformanc
e issues

14. SACON 2020
The result?
• Upstream issues
• Privacy issues
• Penalties (e.g., GDPR, HIPAA)
• Loss of consumer confidence
• Attacks
• Ransomware, credential harvesting
• DDoS
• Social engineering
• Forms of “technical debt”
• Organizations often can’t fix
problems that they
have created by using IoT, Cloud,
and other solutions
• Security workers are asked to fix this problem
Toxic IT?
Code
Complexity Monoculture
s

15. SACON 2020
An applied example

16. SACON 2020
So, who is responsible?

17. SACON 2020
• IT workers
need to
solve
these issues
• They have
the best
perspective
Complexity: The primary reason for increased sales cycles

18. SACON 2020
• The industry has
moved from mere
detection to issues
involving:
• Privacy
• New ways of
investigating
risk
• Selective attack
surface reduction
Critical areas within cybersecurity

19. SACON 2020
• Most companies
can state a clear business
case
• But, the details
remain a
problem
• IT workers
are needed
to manage
these factors
ethically
Issue Where IT can help
Customer
Confusion
Clarify product capabilities (e.g., AI, BI). Find
creative solutions. Help make the customer
comfortable.
Risk
aversion
The technical and business risks. Act as liaison. Help
ensure privacy concerns are addressed.
Budget
constraints
Provide accurate information concerning cloud-
based services.
Inhibiting factors for using emerging tech

20. SACON 2020
• Learn your business!
• This isn’t a technical issue
• Focus on how information flows
in your organization
• Cloud-based assets
• Enterprise / installed
• It requires:
• The ability to breakdown IT silos
• Communication with business
units
• Ability to analyze multiple sources
• Formal documentation
• Network diagrams
Adopting a policy-driven approach to “surf” emtech
problems
Asset
discovery
Articulate
risk level
Identify
policy
Evaluate
compliance
to policy
Change
managemen
t policy
Continuou
s
monitoring

21. SACON 2020
• We need data / business
intelligence analysts
• Turn data into information
• Identify trends
• We also need security analysts
• Moving from detection
to prevention
• Threat modeling
• Threat feed interpretation
• Cloud-aware pen testing
The need for analysts
• Can’t secure 100% of the
company
• Focus on critical resources (the
25%)

22. SACON 2020
Threat hunters
▪ Profiling specific
attacks
▪ Can provide
characteristics
and context
▪ Situational
awareness
▪ Provides focus
▪ Can also use
threat feeds
Learn how the
organization
communicates
Identify resources
essential to the
organization
Investigate attack techniques
hackers will try that specific to
your organization’s resources
Proactively investigate –
monitor and analyze
Recommend security controls

23. SACON 2020
• SolarWinds Service Desk
• SysAid
• ImmuniWeb Discovery
• SolarWinds Network |
Performance Monitor
• Qualys
• Many open source tools
Asset discovery applications

24. SACON 2020
The indispensable IT worker
▪ Having only tech skills isn’t
enough
▪ Workers need a combination of
human and tech skills
• Emotional
intelligence
• Presentation skills
• Complex reasoning
• Writing
• Categorizing and
summarizing
• Anticipating issues
• Complex
reasoning
• Conditional
thinking
• Multi-vendor
situations
• Integration
Ethics: An increasingly important ski

25. SACON 2020
Cloud Seeding: A
Cloud Computing
Tutorial (CompTIA)
The Skills needed to combat today’s cybersecurity
threats (RSA)
Automated Pen Testing
(Admin Magazine)
Two sides of the same coin: Pen testing and
security analytics
What’s hot in network certifications
(NetworkWorld)
Escaping the Cybersecurity Metrics Matrix
(CompTIA)
Private Eye: Open source tools for automated
pen testing Admin Magazine
Thoughts about the help desk
(YouTube)
The Hunt for the Meaning of the Red team
(CompTIA)
The Internet of
Things (IoT) and
Technical Debt: Why
It Matters
(CompTIA)
James Stanger, PhD
jstanger@comptia.org
+1 (360) 970-5357
Twitter: @jamesstanger
Skype: stangernet
My CompTIA hub:
https://certification.comptia.org/it-career-news/hub/James-Stanger
Thank You!
Latest articles and blog entries:
Putting AI and ML to work (CompTIA)
What is the difference between IT security and
cybersecurity? (CompTIA)
Observations at RSA San Francisco 2019
(CompTIA)
Moving to the
Cloud:IT
Infrastructure and
Cybersecurity skills
required (CompTIA)
Where the Wild
Things Are:
Investigating
Browser-based
Brute Force Attacks
(November, 2019,
Admin Magazine)
How Technical Debt
Can Damage
Business
Agility and
Competitiveness
(ITPro, UK)