Now, to be able to go through 13000 cases (each with multiple documents), each member of this hypothetical team will need to process 928 cases. How many can they process per day?

The relevant metric here is number of documents per case. On average, a trained reviewer is going to do about 2 docs a minute, or 120 docs an hour. Keep in mind, that is for a typical privilege review. They may be able to do it even faster if all they are doing is verifying redactions.

and search using OCR. But these cant be redacted as easily.

There are plenty of systems out there that can perform keyword searches and redact accordingly once the originals have been OCR'd.

First paragraph should read

"Progress is being made to address those concerns, and companies who can deliver successful SOLUTIONS are trying ..."

Jeez I need to do a better job of proof-reading.

Should read "Progress Being Made in Renewable Energy Storage"

Yes, the recession is already starting. It is going to be another 8-12 months before it starts getting major press coverage, but companies are already cutting back on CapEx in general, and IT CapEx in particular.

You will notice it accelerating when Merger and Acquisition (M&A) activities start picking up.

Especially if you can get into Federal Contracting, the money is good

This is an interesting perspective. I just interviewed someone in the DC area who is looking to get out of Federal contracting because their perception is that it is getting harder to find stable work.

Now granted, I ended up passing on the person because their skills were not up to par and that might very well explain their challenge with finding work.

Is there a specific skill set that you find is in demand among Federal contractors?

I did not realize that. Thanks for the heads up.

Who the fuck are you to come on and assassinate someone else's character who you have not even met, and whose work product you have never seen?

At least you had the dignity to post with a legitimate account instead of as AC.

I have to wonder what is so wrong with your own character, that you are so threatened by the potential competence of a complete stranger, that you have to take to defaming them in order to re-enforce whatever impoverished view of the world you have adopted for yourself.

It seems to me like you have had some bad past experiences that you are still projecting into the now. Hopefully you find your way out of whatever pathetic, asshole infested farce of a career that you seem to be stuck in.

There are better solutions for that, like Ghostery.

I manage a technical team in a medium sized corporation (~3000 employees). Our primary offerings are SaaS based applications and we are on board with all of the buzzword trends from the last few years; virtualization, cloud, flash storage, blah blah blah. Our environment is fairly small with 60 UCS servers at two sites (full SRDF/A replication between them) running ~1500 VMs.

One of my guys is an engineering rock star. He can pick up any language given a week or two to sit down with it. On top of that he is an excellent systems administrator, DBA, networking guy and project manager. Retention is a constant challenge because there are very few engineers who excel in so many different areas.

The technologies that we are working with are widely deployed. We could be implementing them somewhere else and making the same money. At a high level, we are just infrastructure plumbers. We could care less about the applications. Our purpose is to make sure that they are stable and that they perform well. With my particular employee, he keeps coming to work because we give him the opportunity to work with the latest technologies and the ability to leverage them to make his, and everyone else's, lives easier.

The two things that keep this team together are money, and the leeway to continually improve things. We have had a lot of territorial disputes with various teams over their inability to effectively manage infrastructure at scale. In many ways, they are scared of losing their jobs and are resistant to adopting better ways of doing things. We win those battles one at a time, but continually fighting them gets lame.

In that regard, I think that the author of the article is on point with the observation that good engineers need to believe that they are involved in setting the direction of how the office, and most importantly, operations, will develop. There are too many companies who need good engineers, and not enough good engineers to go around. Therefore good engineers will choose to work for companies where they can do things "the right way". Life is too short to put up with organizations who are slow to adopt new technologies and better ways of doing things.

...A ZONE OF LAWLESSNESS!!@11!!1!11!!1!

Your move Uncle Sam.

Give up yours first, and then maybe we can talk about what Apple and Google are up to.

Are you sure about that? My understanding is that the insurance company will only pay up to the level of coverage that you have. Anything beyond that is still your liability.

SAML repository for authentication so that we can treat it as much as possible like an extension of our general security stance with password attempt monitoring, rate throttling and attack blocking, user lockout, etc.

You sir, sound like you know what you are doing.

Do you ever have attempts coming back from any of your vendors?

Or is the vendor simply passing data back to you about when accounts from your site are used in failed logon attempts to the cloud apps, via whatever their presentation layer is?

A typical SaaS vendor has numerous clients, all with varying levels of sophistication in their password and identity management procedures.

As if the need to ensure tenant isolation does not put enough pressure on the architects, they also have to worry about how well their customers are securing their own staff. The smart ones are doing Federation for predictable data transfers, and two-factor to secure the application layer. Even then, the legal people still make them sign disclaimers that ultimately, data breaches due to compromised credentials are the responsibility of the authorized bearer of the credentials.

It sucks to have to secure a slew of web servers, especially for those who have to run LOB apps on Windows platforms. VDI is being used pretty heavily on that front prevent information leakages. It's cheaper to spin up a session for them via a webpage, than it is to trust that their client is secure. Not to mention easier to maintain and troubleshoot. Staff can shunt the user to a clean session, shadow it, hold the user's hand through whatever.

On the plus side, with a good cloud provider, when your datas get pwnt, it is replicated somewhere else. Maybe even on tape in some cold, humidity controlled warehouse. Because no matter how good security is, sooner or later, it will get compromised.

At that point though, it is all about RTO/RPO which is outside the scope of security. BTW even with LTO6, restore rates from cold storage still blow.