Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 3

Cybersecurity & Technical Debt

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Morning, everybody. How you doing today on this episode of the show. We're going to talk about technical debt and how it's impacting your customers and your security Now if you're not aware of what technical debt is it's the term that refers to all of the bugs all of the design decisions all of the old code and architectures that are eventually weighing down your product or service moving forward.

Okay. So essentially when you build out a new feature you need to make trade-offs and as those trade-offs sort of age. They gather challenges is they make it more difficult to move forward their very much like financial debt. That's the analogy there that you're making decisions you're making trade-offs and at some point somebody's going to come and collect now, you're probably wondering why is Mark talking about technical debt This Is Us channel is a series of video is dedicated to privacy and security.

Well, it's going to get weird for a second and then it's can all come back around so please I was reading an article on a CBC news about the ccts the commission for complaints about television and Telco something rather. It's a commission here in Canada where people who are unhappy with their service about internet about mobile or TV can complain to try to get some sort of remediation when they haven't been able to go to the customer service.

I'm from the provider now much like a lot of countries here in Canada everything sort of Consolidated. So you go to the one company can give you internet cell phone as well as TV. So no shock to anybody this commission gets a lot of complaints. In fact, that was the whole point of this article is a complaint are up somewhere north of 44% in the last few months.

When you dig into a lot of these complaints about the technical service services are good stats about the clarity. And a massive amount about billing issues being promised to pay one thing and having bills for others in this bring this up is that actually reminded me I now I have contracts with two of the biggest providers here in Canada.

And anytime I've dealt with either of them. I am baffled by how old and Byzantine their billing back ends are inevitably they've got three or four different screens and they tell me what gold is one user interface is really just plastered over the old command line interface and sometimes I have to call somebody else was a different interface back into the system.

There is a mess and that holds true with any Telco or any ISP or mobile provider that I've really dealt with. I'm across the world a lot of the backend Billing System is our ragtag at faster, a slap together and they're very much neglected. Now. The reason for that is that as long as they're collecting some Revenue hopefully the accurate Is around Revenue there often overlooked because if you have a limited set of engineering resources and all companies do have a limited set of resources.

You were going to divert them towards delivering new functionality or keeping production systems up very rarely is the Billing System a high priority. So totally makes sense from an engineering perspective around and we can set up new training for the support staff, you know, and that's why you end up with these people who have sort of this at magical knowledge or they say well if you had your code XYZ here and you put one two three in this field, then you can actually get the price that you promise the customer to be displayed I missed that in the other thing and that's a clear example of technical deck but it's one that's being worked around more often than not with people instead of actually addressing that debt and I thought that was really interesting is that did this didn't come up in any of the discussions around the rising complaints with the service providers was the fact that their billing cyst.

Is there a wiley outed that and it's extremely difficult Wiley out of date and in huge amounts of technical debt, and it's very difficult to justify making an investment there when they're trying to roll out 5G to everybody when they upgrade their internet speeds to match fiber-to-the-home things like that.

What does this have to do with security but has everything to do with security because security issues security vulnerabilities rise from unpredictability in code and a lack of General code quality. So as you see a rising technical debt, you're going to see in equivalent or a larger rise in security vulnerabilities insecurity issues now unlike technical debt in the case of the service providers it again throw customer service people out and the impact is potentially Financial Hazard scene with a rise of complaints in their customers when it comes to security issues.

That's an increase in risk and it's often an overlooked increase in risk, and I think that's where things get really really interesting because if you go around and talk to security team almost none of them. Talk about technical data system, you know, every time we were talking about it, they have an excuse but they're not actively involved in the discussions about paying down technical debt and refreshing old systems Now give me 100% understand is extremely difficult to divert resources.

That could be forging A New Path forward to something that the customer will never see but my argument here and the evidence from the commission is a customer's do see if they do see it in a way that you're not tracking related to the technical debt because if you go back to this idea the service providers in the complaints and billing and the complaints and dealing with her back and systems that's totally outside of IDs purview that's dealt with call time for the call center is set with customer service.

I guarantee you it does not link back to it and internal engineering resource is the core of the problem is that you are with one arm of the organization making decisions saying still processing bills where another area in this case custom. Services lose their bloody Minds we have the same thing going on with security as well because security is not involved with the application in the engineering resources when they're making decisions around paying technical debt.

We're not making the proper risk evaluation near and organizations are continue to increase their risk without fully being aware of it. What do you think? Let me know hit me up online at Marquette NCAA in the comments down below and as always by email me at Mark n. C a i look forward to chatting with you about technical debt, and we'll see you on the next episode of the show.

Morning, everybody. How you doing today on this episode of the show. We're going to talk about technical debt and how it's impacting your customers and your security Now if you're not aware of what technical debt is it's the term that refers to all of the bugs all of the design decisions all of the old code and architectures that are eventually weighing down your product or service moving forward.

Okay. So essentially when you build out a new feature you need to make trade-offs and as those trade-offs sort of age. They gather challenges is they make it more difficult to move forward their very much like financial debt. That's the analogy there that you're making decisions you're making trade-offs and at some point somebody's going to come and collect now, you're probably wondering why is Mark talking about technical debt This Is Us channel is a series of video is dedicated to privacy and security.

Well, it's going to get weird for a second and then it's can all come back around so please I was reading an article on a CBC news about the ccts the commission for complaints about television and Telco something rather. It's a commission here in Canada where people who are unhappy with their service about internet about mobile or TV can complain to try to get some sort of remediation when they haven't been able to go to the customer service.

I'm from the provider now much like a lot of countries here in Canada everything sort of Consolidated. So you go to the one company can give you internet cell phone as well as TV. So no shock to anybody this commission gets a lot of complaints. In fact, that was the whole point of this article is a complaint are up somewhere north of 44% in the last few months.

When you dig into a lot of these complaints about the technical service services are good stats about the clarity. And a massive amount about billing issues being promised to pay one thing and having bills for others in this bring this up is that actually reminded me I now I have contracts with two of the biggest providers here in Canada.

And anytime I've dealt with either of them. I am baffled by how old and Byzantine their billing back ends are inevitably they've got three or four different screens and they tell me what gold is one user interface is really just plastered over the old command line interface and sometimes I have to call somebody else was a different interface back into the system.

There is a mess and that holds true with any Telco or any ISP or mobile provider that I've really dealt with. I'm across the world a lot of the backend Billing System is our ragtag at faster, a slap together and they're very much neglected. Now. The reason for that is that as long as they're collecting some Revenue hopefully the accurate Is around Revenue there often overlooked because if you have a limited set of engineering resources and all companies do have a limited set of resources.

You were going to divert them towards delivering new functionality or keeping production systems up very rarely is the Billing System a high priority. So totally makes sense from an engineering perspective around and we can set up new training for the support staff, you know, and that's why you end up with these people who have sort of this at magical knowledge or they say well if you had your code XYZ here and you put one two three in this field, then you can actually get the price that you promise the customer to be displayed I missed that in the other thing and that's a clear example of technical deck but it's one that's being worked around more often than not with people instead of actually addressing that debt and I thought that was really interesting is that did this didn't come up in any of the discussions around the rising complaints with the service providers was the fact that their billing cyst.

Is there a wiley outed that and it's extremely difficult Wiley out of date and in huge amounts of technical debt, and it's very difficult to justify making an investment there when they're trying to roll out 5G to everybody when they upgrade their internet speeds to match fiber-to-the-home things like that.

What does this have to do with security but has everything to do with security because security issues security vulnerabilities rise from unpredictability in code and a lack of General code quality. So as you see a rising technical debt, you're going to see in equivalent or a larger rise in security vulnerabilities insecurity issues now unlike technical debt in the case of the service providers it again throw customer service people out and the impact is potentially Financial Hazard scene with a rise of complaints in their customers when it comes to security issues.

That's an increase in risk and it's often an overlooked increase in risk, and I think that's where things get really really interesting because if you go around and talk to security team almost none of them. Talk about technical data system, you know, every time we were talking about it, they have an excuse but they're not actively involved in the discussions about paying down technical debt and refreshing old systems Now give me 100% understand is extremely difficult to divert resources.

That could be forging A New Path forward to something that the customer will never see but my argument here and the evidence from the commission is a customer's do see if they do see it in a way that you're not tracking related to the technical debt because if you go back to this idea the service providers in the complaints and billing and the complaints and dealing with her back and systems that's totally outside of IDs purview that's dealt with call time for the call center is set with customer service.

I guarantee you it does not link back to it and internal engineering resource is the core of the problem is that you are with one arm of the organization making decisions saying still processing bills where another area in this case custom. Services lose their bloody Minds we have the same thing going on with security as well because security is not involved with the application in the engineering resources when they're making decisions around paying technical debt.

We're not making the proper risk evaluation near and organizations are continue to increase their risk without fully being aware of it. What do you think? Let me know hit me up online at Marquette NCAA in the comments down below and as always by email me at Mark n. C a i look forward to chatting with you about technical debt, and we'll see you on the next episode of the show.