Friday, October 31, 2014

Saying Goodbye to the People’s Mayor

MassTLC and the entire technology community are deeply saddened by the passing of Boston Mayor Thomas M. Menino. A true urban mechanic and people’s mayor, he had a profound impact on the destiny of the city he loved over the course of his 20-years in office. In 2013, MassTLC recognized the Mayor’s contributions in front of 700+ tech and innovation leaders at a gala celebration with the following remarks which still ring true today:

“Perhaps the Mayor’s most visible legacy to the growth of the tech sector is the revitalization of the South Boston Waterfront.  Through the Innovation District initiative, the Mayor has transformed 1,000 acres of the South Boston waterfront into an urban environment that fosters innovation, collaboration, and entrepreneurship.

In the three years since the initiative began, the former industrial enclave is bursting with development.  It is attracting a host of leaders in the tech space, including Enernoc, Apperian, LogMeIn and a many others.  This growth is spread across a diverse range of companies in different sectors and at different scales.

It has added over 4,000 jobs in over 200 new companies, with technology companies contributing 30% of new job growth.  Greentech + life sciences have contributed 16% of new jobs in these sectors.

Many more companies have announced plans to join the Innovation District community, and are expected to add another 2500+ jobs to the neighborhood.

The Mayor’s impact on the tech sector goes well beyond the Innovation District.  Through the Office of New Urban Mechanics, the Mayor and his team have been leaders in developing innovative and customizable public services – created in partnership with citizens using new information technologies and smartphone apps.  The Office of New Urban Mechanics is a unique Boston IT agency seeking inventive ideas from citizens and developing them through government/community partnerships.

A recent report by Harvard’s Berkman Center for Internet and Society recognizes that “the City of Boston's strategy to put citizen engagement and participation at the center of its efforts, has drawn attention to the potential power of collaboration and technology to transform citizens' connections to their government and to each other.”

That strategy extends across Boston’s government functions. Public-works employees have piloted a new project called City Worker, to help municipal staff provide quick, on-demand services. Boston Public Schools just rolled out a new app to track the location of your child’s school bus. The city has led the nation on interesting tech partnerships – an example being the first city to engage with Code for America (CfA).  A nonprofit, CfA has been called the ‘Peace Corps for Geeks’ and is working to change the way cities work through technology and public service.

The City of Boston’s open government strategy has significantly enhanced civic engagement, improved policy, and improved the City’s ability to manage its operations.

The City’s Data Portal has become a de facto place for Boston’s municipal data.  The portal offers Boston residents better access to the performance, processes and people of City government than ever before.  The open data has helped support cutting edge research on the best ways to tackle urban problems.

Because of his leadership, the City of Boston has been at the forefront of municipal innovation nationwide.” 

It is with sadness and gratitude for your years of dedication that we say goodbye, Mayor Menino.

Friday, October 24, 2014

2014 MassTLC Security Conference

Check out Storify for more conversations about the inaugural MassTLC Security Conference!

On October 22, 2014, MassTLC welcomed more than 250 attendees to the first Security Conference; Building Security InTo an Insecure World. This full-day event, spearheaded by many leading security visionaries and experts, included an in-depth look at the current landscape of cybersecurity threats, new types of attacks on modern infrastructure, how to reduce risk, prepare for and respond to security breaches, and how to work with c-suite leadership on managing your company’s cybersecurity strategy.

Secretary Greg Bialecki, Secretary of Housing and Economic Development began the day with a look at the unique capabilities and resources that Massachusetts has as a state to lead the security industry, a theme echoed in the following keynote panel.

Deputy Program Manager Michael Howell of the Office of the Program Manager, Information Sharing Environment in Washington, D.C., Supervisory Special Agent Kevin Swindon of the Federal Bureau of Investigation and Gerald Beuchelt, Chief Security Officer of Demandware kicked off the opening keynote panel on the State of Cybersecurity and Information Sharing Organizations. It’s no longer a matter of if you will be breached, but when – information sharing is a critical component in addressing the complex standards and threat environment, and a critical component of an information security strategy.

The complexities of managing security within an organization was explored in a deeper dive in the next session,  Who Owns Security, with speakers Jigar Kadakia, Chief Information Security and Privacy Officer, Partners Healthcare and Chris Wysopal, Co-Founder and CTO of Veracode, led by moderator Mark Steinhoff, Director at Deloitte & Touche, LLP. The Target breach has taught us that information assets are as valuable as physical and capital assets, and security is not just an issue for CIOs anymore – it’s everybody’s responsibility. However, ROI can make security a difficult sell to corporate leaders. Relevant metrics, the use of red/yellow/green coding systems for sensitive data protection and dashboards are useful in communicating with the Board and corporate leaders, as is the identification of your organization’s “crown jewels” and agreement on what risk is acceptable and what is not when protecting the crown.

Breakout sessions covered a look at Security in the Supply Chain (aka “Supply Chain is the New Black,” attributed to speaker in that session Edna Conway, Chief information Security Officer, Supply Chain, at Cisco) – a critical factor in nearly every organization’s security strategy and management that is often overlooked until it’s been breached. Joined by Josh Brickman, Director of Security Evaluations at Oracle and Sally Long, Executive Director of the Open Group, this panel looked at the nuances of managing your supply chain security.

Edna shared a four-step best practice for managing the massive network of Cisco supply chain partners and product IDs handled across the portfolio, which is a network of 1.2 million people that touch the product along the supply chain. Crystalize what is important – for Cisco, that best practice is Counterfeit, Taint, Misappropriation of IP and Embedding Security in times of Disruption. Deploy across all members of the supply chain, and keep a score card of third party providers to monitor their performance. It's all about process, it's relentless and it's persistent. But you need to do that: Protect, Detect, and Innovate, to ensure a secure supply chain.

For more information on the Security in the Supply Chain session and issues and other considerations, check out Iron Mountain’s blog post by John Boruvka, Vice President of Iron Mountain’s Intellectual Property Management business unit.

In the concurrent breakout session on Mobile Security, Caleb Barlow, Vice President of Mobile Security for IBM, and Brian Milas, Chief Technology Officer at Courion, provided insight into just how critical your organization’s employees and their ubiquitous mobile devices are to your overall security strategy, and issues that require significant attention in today’s BYOD/BYOA environment. Your mobile phone knows everything about you, which is why there has been a huge jump in mobile malware targeting your and your company’s information. Key security strategies to implement include 1) protect the content (including devices, applications, and transactions); 2) Prevent exportation of corporate data; 3) Use explicit design mechanisms to detect malware, and 4) Incorporate smarter transactions – use fingerprint technology, location velocity and other features to identify possible intrusions or attacks. Identity and access management are also critical in on premise and in the cloud. Permissions are the key to sensitive data -- both protection and exfiltration. Security concerns cannot be allowed to slow down innovation in mobile.

The Security Intelligence session echoed the complexity of the corporate IT environment created by a “bring your own everything” world (devices, applications, cloud, infrastructure). Attackers are increasing in sophistication in using this expanded attack surface to compromise and breach networks.  The situation has increased the overall need for security intelligence amongst IT security organizations inside companies of all sizes.  The role of security intelligence is evolving and changing, including gathering external threat intelligence and understanding your own networks exposures and activity that may indicate a compromise. Moderator Paul Roberts of the Security Ledger led speakers Seble Assefa, Federal Reserve Bank of Boston, Eric Cowperthwaite of Core Security, Inc., Mark Jaffe of Prelert and Rich Perkett of Rapid7 through a discussion commenting on various approaches for leveraging analytics for modern advanced threats to get better security intelligence.

Helmed by Jim Flynne of Carbonite and Max Weinstein of Sophos. Security for the Rest of Us offered a look on protecting the “4Cs” at your small business – Computers, Credentials, Content, Connections and at small business security, and the various tools of the trade used for each.

With the requirement to focus on security for all businesses, how can you sell your product within an environment and leave your customer feeling well, secure, with their choice? Andy Ellis of Akamai, and Andrew Kenney and Bryan House of Acquia shared about their strategies for Selling Security as a process – beginning with the design and testing of the products, to sales approaches to a variety of people within the organization to which you are selling, and the importance of developing a role as a thought leader in sharing information, fixes, update on security threats and analysis.

Security in the Cloud with Ron Zalkind of CloudLock, Jim O’Neill of Hubspot and Piyum Samaraweera of Sophos delved into security considerations within a cloud environment that differ from a non-cloud environment, including human dynamics, the speed at which transactions move, etc. As SaaS environments grow and infrastructure is being outsourced more frequently to larger providers who can theoretically manage security needs more successfully, threats are moving to the application level – BYOA provides the next cloud security challenge. Users love the freedom that is brought from the cloud, but now need to be a huge part of the security defenses.

In the midst of how to address today’s security challenges in the cloud, mobile and more, where is the industry headed in the future? What’s next? Speakers Greg Dracon of .406 Ventures, Kevin O’Brien of Conjur, Inc. and Sam Bisbee of Threatstack discussed the future of Innovating in Information Security. We’ve seen how getting security wrong can bring down organizations. What our panel finds is that security is now front and center in most organizations, about business enablement, and CISO/CSO decisions are drawing more attention. Big data is important, but small data can also be an integral part of maintaining an organization’s security.

The conference closed with an energetic and insightful keynote by Bruce Schneier, security industry luminary and Chief Technology Officer at Co3 Systems, on the Future of Incident Response and a look at the economic and psychological forces within the security field and incident response (IR). Bruce sees three security trends in the pipeline: 1) less control to cloud and mobile, 2) more sophisticated hacks, and 3) more government involvement. Security is combination of 1) protection, 2) detection and 3) response. We need response because protection and detection aren’t perfect. By leveraging the OODA cycle of observe, orient, decide, and act, this session covered how to optimize response efforts, and crucial strategies to maintaining IT security in the coming decade. 

Thank you to our Platinum Sponsors: Oracle and Sophos.

Monday, October 20, 2014

Established Tech Companies Along 495

With so much attention on Cambridge’s Kendall Square and Boston’s Innovation District, it’s easy to forget that there are many exciting and successful tech companies outside of the metropolitan area.  One particularly vibrant tech region is the 495 corridor.  The towns along 495 house many MassTLC members ranging from emerging startups to longstanding enterprises that helped found the Massachusetts tech economy decades ago.  These companies employ thousands of people, with a large concentration focused on software development. 

Here are the MassTLC members along 495: 

In addition to the many established tech companies on 495, various incubators that support innovation and emerging startups are also located in the area, including:

MassTLC is committed to supporting and growing the tech community on the 495 corridor.  Our next event in the area is entitled The Latest Trend for Agility and Rapid Development: DevOps and will be held at IBM’s Littleton facility on November 12th.  Spread the word to your colleagues who might be interested in attending. 
We also have a challenge for you:  Help us strengthen a community that is crucial to the Massachusetts tech economy by sending us your ideas for other topics or events that you would like to see.  Please send them to me at

Finally, if your company is a member of MassTLC and you’re located on 495 but were left off of this list, it’s time for us to update our CRM. Please contact me to make sure that we have all of your up to date information.

Wednesday, October 15, 2014

MassTLC & UMass Lowell NERVE Center Reception

Members from the local robotics community came together on October 14th to celebrate the Massachusetts and New England Robotics EcoSystem and share their technology.  The event was held at the New England Robotics Validation and Experimentation (NERVE) Center at the University of Massachusetts, Lowell, and kicked-off the start of RoboBusiness 2014, an international robotics trade show.

This event included live demonstrations from robotic arms and actuators to telepresence robots and an exoskeleton.

Veteran Gene Laureano shows off his new walking skills after being paralized from the waste down since 2001 and being wheelchair bound for 12 years.

The program included welcome remarks by MassTLC CEO Tom Hopcroft and Linda Thayer, partner at Finnegan, the event and MassTLC robotics cluster sponsor, introduced Julie Chen, Vice Provost of research at UMass Lowell.  A New England robotics ecosystem map was presented to Dr. Holly Yanco, director of the NERVE center and long-time supporter of the MassTCL robotics cluster. 

Linda Thayer, Julie Chen, Holly Yanco and Tom Hopcroft point to a star on the map indicating where the NERVE center is located.

An online version of this map can be found at

Thank you to our event host:

Thank you to our event sponsor:

Friday, October 10, 2014

Mastering Product Innovation - the Summit

Thanks to all who were able to join us October 9th for the Mastering Product Innovation summit.  Attendees walked away with valuable ideas and skills to take back and create an innovation culture of your own. Check out the Storify below for a recap of the discussion, links to all of Blade Kotelly’s references and links to shared presentations.

 Mastering Product Innovation

Special thanks to our platinum sponsors InterSystems and SafeNet and gold sponsor Raytheon.