Quote for the day:
"The most difficult thing is the decision to act, the rest is merely tenacity." -- Amelia Earhart
Veterans are an obvious fit for cybersecurity, but tailored support ensures they succeed

Both civilian and military leaders have long seen veterans as strong candidates
for cybersecurity roles. The National Initiative for Cybersecurity Careers and
Studies, part of the US Cybersecurity and Infrastructure Security Agency (CISA),
speaks directly to veterans, saying “Your skills and training from the military
translate well to a cyber career.” NICCS continues, “Veterans’ backgrounds in
managing high-pressure situations, attention to detail, and understanding of
secure communications make them particularly well-suited for this career path.”
Gretchen Bliss, director of cybersecurity programs at the University of Colorado
at Colorado Springs (UCCS), speaks specifically to security execs on the matter:
“If I were talking to a CISO, I’d say get your hands on a veteran. They
understand the practical application piece, the operational piece, they have
hands-on experience. They think things through, they know how to do diagnostics.
They already know how to tackle problems.” ... And for veterans who haven’t yet
mastered all that, Andrus advises “networking with people who actually do the
job you want.” He also advises veterans to learn about the environment at the
organization they seek to join, asking themselves whether they’d fit in. And he
recommends connecting with others to ease the transition.
The 6 disciplines of strategic thinking

A strategic thinker is not just a good worker who approaches a challenge with
the singular aim of resolving the problem in front of them. Rather, a
strategic thinker looks at and elevates their entire ecosystem to achieve a
robust solution. ... The first discipline is pattern recognition. A foundation
of strategic thinking is the ability to evaluate a system, understand how all
its pieces move, and derive the patterns they typically form. ... Watkins’s
next discipline, and an extension of pattern recognition, is systems analysis.
It is easy to get overwhelmed when breaking down the functional elements of a
system. A strategic thinker avoids this by creating simplified models of
complex patterns and realities. ... Mental agility is Watkins’s third
discipline. Because the systems and patterns of any work environment are so
dynamic, leaders must be able to change their perspective quickly to match the
role they are examining. Systems evolve, people grow, and the larger picture
can change suddenly. ... Structured problem-solving is a discipline you and
your team can use to address any issue or challenge. The idea of
problem-solving is self-explanatory; the essential element is the structure.
Developing and defining a structure will ensure that the correct problem is
addressed in the most robust way possible.
Why Vendor Relationships Are More Important Than Ever for CIOs

Trust is the necessary foundation, which is built through open communication,
solid performance, relevant experience, and proper security credentials and
practices. “People buy from people they trust, no matter how digital
everything becomes,” says Thompson. “That human connection remains crucial,
especially in tech where you're often making huge investments in
mission-critical systems.” ... An executive-level technology governance
framework helps ensure effective vendor oversight. According to Malhotra, it
should consist of five key components, including business relationship
management, enterprise technology investment, transformation governance, value
capture and having the right culture and change management in place. Beneath
the technology governance framework is active vendor governance, which
institutionalizes oversight across ten critical areas including performance
management, financial management, relationship management, risk management,
and issues and escalations. Other considerations include work order
management, resource management, contract and compliance, having a balanced
scorecard across vendors and principled spend and innovation.
Shadow Testing Superpowers: Four Ways To Bulletproof APIs

API contract testing is perhaps the most immediately valuable application of
shadow testing. Traditional contract testing relies on mock services and
schema validation, which can miss subtle compatibility issues. Shadow testing
takes contract validation to the next level by comparing actual API responses
between versions. ... Performance testing is another area where shadow testing
shines. Traditional performance testing usually happens late in the
development cycle in dedicated environments with synthetic loads that often
don’t reflect real-world usage patterns. ... Log analysis is often overlooked
in traditional testing approaches, yet logs contain rich information about
application behavior. Shadow testing enables sophisticated log comparisons
that can surface subtle issues before they manifest as user-facing problems.
... Perhaps the most innovative application of shadow testing is in the
security domain. Traditional security testing often happens too late in the
development process, after code has already been deployed. Shadow testing
enables a true shift left for security by enabling dynamic analysis against
real traffic patterns. ... What makes these shadow testing approaches
particularly valuable is their inherently low-maintenance nature.
Rethinking technology and IT's role in the era of agentic AI and digital labor

Rethinking technology and the role of IT will drive a shift from the
traditional model to a business technology-focused model. One example will be
the shift from one large, dedicated IT team that traditionally handles an
organization's technology needs, overseen and directed by the CIO, to more
focused IT teams that will perform strategic, high-value activities and help
drive technology innovation strategy as Gen AI handles many routine IT tasks.
Another shift will be spending and budget allocations. Traditionally, CIOs
manage the enterprise IT budget and allocation. In the new model, spending on
enterprise-wide IT investments continues to be assessed and guided by the CIO,
and some enterprise technology investments are now governed and funded by the
business units. ... Today, agentic AI is not just answering questions -- it's
creating. Agents take action autonomously. And it's changing everything about
how technology-led enterprises must design, deploy, and manage new
technologies moving forward. We are building self-driving autonomous
businesses using agentic AI where humans and machines work together to deliver
customer success. However, giving agency to software or machines to act will
require a new currency. Trust is the new currency of AI.
From Chaos to Control: Reducing Disruption Time During Cyber Incidents and Breaches

Cyber disruptions are no longer isolated incidents; they have ripple effects
that extend across industries and geographic regions. In 2024, two
high-profile events underscored the vulnerabilities in interconnected systems.
The CrowdStrike IT outage resulted in widespread airline cancellations,
impacting financial markets and customer trust, while the Change Healthcare
ransomware attack disrupted claims processing nationwide, costing billions in
financial damages. These cases emphasize why resilience professionals must
proactively integrate automation and intelligence into their incident response
strategies. ... Organizations need structured governance models that define
clear responsibilities before, during, and after an incident. AI-driven
automation enables proactive incident detection and streamlined responses.
Automated alerts, digital action boards, and predefined workflows allow teams
to act swiftly and decisively, reducing downtime and minimizing operational
losses. Data is the foundation of effective risk and resilience management.
When organizations ensure their data is reliable and comprehensive, they gain
an integrated view that enhances visibility across business continuity, IT,
and security teams.
What does an AI consultant actually do?

AI consulting involves advising on, designing and implementing artificial
intelligence solutions. The spectrum is broad, ranging from process automation
using machine learning models to setting up chatbots and performing complex
analyses using deep learning methods. However, the definition of AI consulting
goes beyond the purely technical perspective. It is an interdisciplinary
approach that aligns technological innovation with business requirements. AI
consultants are able to design technological solutions that are not only
efficient but also make strategic sense. ... All in all, both technical and
strategic thinking is required: Unlike some other technology professions, AI
consulting not only requires in-depth knowledge of algorithms and data
processing, but also strategic and communication skills. AI consultants talk
to software development and IT departments as well as to management, product
management or employees from the relevant field. They have to explain
technical interrelations clearly and comprehensibly so that the company can
make decisions based on this knowledge. Since AI technologies are developing
rapidly, continuous training is important. Online courses, boot camps and
certificates as well as workshops and conferences.
Building a cybersecurity strategy that survives disruption

The best strategies treat resilience as a core part of business operations,
not just a security add-on. “The key to managing resilience is to approach it
like an onion,” says James Morris, Chief Executive of The CSBR. “The best
strategy is to be effective at managing the perimeter. This approach will
allow you to get a level of control on internal and external forces which are
key to long-term resilience.” That layered thinking should be matched by
clearly defined policies and procedures. “Ensure that your ‘resilience’
strategy and policies are documented in detail,” Morris advises. “This is
critical for response planning, but also for any legal issues that may arise.
If it’s not documented, it doesn’t happen.” ... Move beyond traditional
monitoring by implementing advanced, behaviour-based anomaly detection and
AI-driven solutions to identify novel threats. Invest in automation to enhance
the efficiency of detection, triage, and initial response tasks, while
orchestration platforms enable coordinated workflows across security and IT
tools, significantly boosting response agility. ... A good strategy starts
with the idea that stuff will break. So you need things like segmentation,
backups, and backup plans for your backup plans, along with alternate ways to
get back up and running. Fast, reliable recovery is key. Just having backups
isn’t enough anymore.
3 key features in Kong AI Gateway 3.10

For teams working with sensitive or regulated data, protecting personally
identifiable information (PII) in AI workflows is not optional, it’s essential
for proper governance. Developers often use regex libraries or handcrafted
filters to redact PII, but these DIY solutions are prone to error,
inconsistent enforcement, and missed edge cases. Kong AI Gateway 3.10
introduces out-of-the-box PII sanitization, giving platform teams a reliable,
enterprise-grade solution to scrub sensitive information from prompts before
they reach the model. And if needed, reinserting sanitized data in the
response before it returns to the end user. ... As organizations adopt
multiple LLM providers and model types, complexity can grow quickly. Different
teams may prefer OpenAI, Claude, or open-source models like Llama or Mistral.
Each comes with its own SDKs, APIs, and limitations. Kong AI Gateway 3.10
solves this with universal API support and native SDK integration. Developers
can continue using the SDKs they already rely on (e.g., AWS, Azure) while Kong
translates requests at the gateway level to interoperate across providers.
This eliminates the need for rewriting app logic when switching models and
simplifies centralized governance. This latest release also includes
cost-based load balancing, enabling Kong to route requests based on token
usage and pricing.
The future of IT operations with Dark NOC
From a Managed Service Provider (MSP) perspective, Dark NOC will shift the way
IT operates today by making it more efficient, scalable, and cost-effective.
It will replace Traditional NOC’s manual-intensive task of continuous
monitoring, diagnosing, and resolving issues across multiple customer
environments. ... Another key factor that Dark NOC enables MSPs is
scalability. Its analytics and automation capability allows it to manage
thousands of endpoints effortlessly without proportionally increasing
engineers’ headcount. This enables MSPs to extend their service portfolios,
onboard new customers, and increase profit margins while retaining a lean
operational model. From a competitive point of view, adopting Dark NOC enables
MSPs to differentiate themselves from competitors by offering proactive,
AI-driven IT services that minimise downtime, enhance security and maximise
performance. Dark NOC helps MSPs provide premium service at affordable price
points to customers while making a decent margin internally. ... Cloud
infrastructure monitoring & management (Provides real-time cloud resource
monitoring and predictive insights). Examples include AWS CloudWatch, Azure
Monitor, and Google Cloud Operations Suite.