Daily Tech Digest - October 31, 2018

When designing an AI product, always keep in mind that the machine learning will have the worst consequences. Therefore, the “go back” solution under the worst results is usually as important as, and often more important than the design under the best results. Once the user has a disappointing, frustrated mood, they will easy to give up this feature or even the entire product, and it is difficult to deal with. Therefore, a more important principle is that if you have insufficient confidence in machine intelligence, please choose a “go back” solution for the user when designing the product. How to clearly communicate to the user the benefits of artificial intelligence and how to provide elegant solutions for errors that may arise at any time is a challenge for designers. ... All of the “intelligent” products on the market have a long way to go before true intelligence. At this stage, the most important thing for artificial intelligence products is to build user trust, perhaps starting with small tasks such as accurately forecasting the weather, playing the correct music, and setting the alarm clock the user wants.

Passion For Banking Innovation Fueled By Fintech, Big Tech Disruptors

To be competitive in the changing financial marketplace, banks and credit unions must provide mobile and online banking solutions that exceed peoples’ expectations. While consumers are increasingly satisfied with basic digital services provided by most traditional institutions, there are higher expectations around how institutions must help people reach their financial goals. Meeting higher digital banking expectations could provide a way for banks and credit unions to monetize financial solutions, much as Amazon provides a higher, monetized option with Amazon Prime. The key will be to actually provide an enhanced level of value that digital consumers crave. Unfortunately, while financial institutions hold a massive amount of consumer data, very few draw insights from that raw material — certainly not in a way that significantly improves the customer experience. Without a differentiated experience, the door is open for those organizations that can combine advanced technologies with real-time insights and contextual messaging and engagement.

Welcome to the City 4.0

Applied to cities, digitalization can not only improve efficiency by minimizing the waste of time and resources, but it will simultaneously improve a city’s productivity, secure growth, and drive economic activities. The Finnish capital of Helsinki is currently in the process of proving this. An early adopter of smart city technology and modeling, it launched the Helsinki 3D+ project to create a three-dimensional representation of the city using reality capture technology provided by the software company Bentley Systems for geocoordination, evaluation of options, modeling, and visualization. ... The three-dimensional mesh created by Bentley’s reality modeling software is linked to the IoT-enabled infrastructure components via Siemens’ cloud-based IoT operating system called MindSphere. Thus the city’s underlying infrastructure layer, such as energy, water, transportation, security, buildings, and healthcare, provides data that is fed into a common data layer in order to enable analytics and preventive as well as prescriptive measures. MindSphere is capable of managing huge quantities of data.

The Bitcoin White Paper's Birth Date Should Give Us All a Scare

The bitcoin paper was initially greeted with skepticism by the handful of people who actually read it, and even after Bitcoin was operationalized on January 3, 2009, it was largely ignored for the first year of its existence. Bitcoin hardly got off to an auspicious start. However, Bitcoin steadily attracted more use and interest, and a growing group of people began to see that the innovation created by Satoshi's solution to the long bedeviling 'double-spending problem' in computer science could also serve as a cornerstone for creating a new and better financial system. As I suggested in 2014, regulatory reform would fail to fundamentally address the root causes of the financial crisis and other problems embedded in traditional finance. Regulations enacted in the wake of a crisis are too often easily rolled-back once the waters have calmed, and it can be difficult to sustain over time the momentum of social movements focused around obtuse subjects like financial system reform.

Crash Course: SAML 101 and Identity Federation (With Ping Identity)

Crash Course: SAML 101 and Identity Federation (With Ping Identity)
Single sign-on allows users to input their credentials once and have it apply to all relevant applications. More specifically, federated identity uses single sign-on to establish employee and user identity, and then—as the user attempt to access applications—the solution transparently and securely shares their credentials with the application. This allows users and employees to skip the usual log-in step and enjoy a seamless digital workplace experience. SAML is part of this standards-based identity federation. SAML alleviates log-in issues by enabling single sign-on and the secure exchange of authentication and authorization information between security domains. At its most basic, when a user attempts to access a service provider with an identity federation solution, the federation software creates a SAML authentication request and delivers it to the appropriate identity provider. The identity provider authenticates the user and creates its own SAML assertion representing the user identity and attributes.

Why businesses must take a strategic view of automation

To drive automation initiatives, Capgemini said business leaders need a bold vision and a clear roadmap to build momentum and bring the organisation behind them. The report stated: “Automation is a technology solution to business transformation, and hence both business and technology leadership should be engaged actively from day one. Automation needs to be tackled as an end-to-end strategic transformation programme as opposed to a series of tactical deployments. “Also, to maximise the benefits and ROI [return on investment] of automation investments, it is essential that processes and business models are standardised and optimised before they are enabled by automation, robotics, and artificial intelligence.” Capgemini also urged businesses to consider establishing a centre of excellence for automation to help drive change across the business.

Emotet malware gang is mass-harvesting millions of emails in mysterious campaign

Ever since last summer, Emotet has been growing, and growing, and growing --both in capabilities and in the number of victims it has infected. The malware has become so ubiquitous nowadays that the US Department of Homeland Security has issued a security advisory over the summer, warning companies about the threat that Emotet poses to their networks. The danger comes from the fact that Emotet has a multitude of smaller modules that it downloads once it gains an initial foothold. Some of these modules, such as its SMB-based spreader that moves laterally throughout networks, can wreak havoc inside large organizations. Furthermore, Emotet also never comes alone, often dropping even more potent threats, such as the TrickBot infostealer, remote access trojans, or, in the worst case scenarios, even ransomware. Notorious is the case of the city of Allentown, where an Emotet infection has spread in every corner of the city's network and downloaded even more malware, and, in the end, the municipality decided to pay nearly $1 million to rebuild its infrastructure from scratch.

Right-to-repair smartphone ruling loosens restrictions on industrial, farm IoT

farmer tractor
The new ruling may not give farmers ownership of their farming data, but at least they now have the right to ignore the DRMs and fix their own machines — or to hire independent repair services to do the job — instead of paying “dealer prices” to the vendors’ own repair crews. Per Motherboard, the new ruling “allows breaking digital rights management (DRM) and embedded software locks for ‘the maintenance of a device or system … in order to make it work in accordance with its original specifications’ or for ‘the repair of a device or system … to a state of working in accordance with its original specifications.’” From my perspective, this is indeed a win, but far from a complete victory. Farmers still aren’t allowed to hack into their own tractors to turn them into drag racers (that might be fun to watch!), but at least they can do whatever they need to do in order to make sure the machines aren’t falling down on the job.

Medical Device Security Best Practices From Mayo Clinic

"Because of the way that some of these devices are built so well, from a physical standpoint, you can use some of these machines for 10 or 20 years," he says in an interview with Information Security Media Group. "We're going to have to figure out how we can manage the software over that lifespan as well and make sure that that stays secure." If that cannot be done, he says, "we're going to have to figure out some way to be able to just box things off into a separate area where we've got them isolated, we've increased the monitoring of them and are able to use a lot of other compensating controls." Everyone is looking for a silver bullet - an easy solution to device security, he acknowledges. "We have companies all the time calling us trying to sell us a whole box of silver bullets. But it's going to take a combination of user education - so that people who use these devices on patients have a better cybersecurity awareness - and healthcare delivery organizations implementing compensating controls and having good security practices, as well as the vendors having security by design."

Cybersecurity culture: Arrow in CIOs' quiver to fight cyberthreats

The companies that we've seen successfully change their culture have someone who owns [cybersecurity] culture," Pearlson said after a talk at the SIM Boston Technology Leadership Summit held at Gillette Stadium in Foxborough, Mass., on Tuesday. "Their job is to make sure that the word and the behaviors and the values and the attitudes and the beliefs are adjusted and informed." An important piece of advice: The executive tasked with fostering a cybersecurity culture should be separate from the chief information security officer, because the CISO has a much bigger portfolio, Pearlson said. Pearlson, along with MIT Sloan colleagues Matt Maloney and Keman Huang, gave CIOs at the SIM event a glimpse into their recent research on cybersecurity, which includes learning as much as they can about how attackers interact on the dark web and how to defend against strikes that target weaknesses in people and software.

Quote for the day:

"Challenges in life always seek leaders and leaders seek challenges." -- Wayde Goodall

Daily Tech Digest - October 30, 2018

How to craft effective data science job descriptions
“Recruiters often write things like, ‘Must have a technical degree, three years of experience, and deep knowledge of Apache Hadoop.’ This is a mistake, even if you really want someone with these attributes,” Bartram says. “For a high-skill role like data science, the goal is to convince applicants who might be on the fence that your company and your role are interesting and worth their time.” This is especially important not just because the market is so hot, but because, Nicholson says, “A lot of the necessary skills are industry- and company-specific. Organizations use different languages, prefer certain vendors’ tech stacks and specific proprietary tools, so that is up to the hiring teams to know which ones.” Instead focus on the mission of your company, what the role will accomplish, and any technical details of the exciting problems candidates will get to solve, Bartram says. “For data science in particular, it can work great to write about the interesting data sets that the candidate will have access to — data science candidates love to geek out over cool data sets,” he says.

Wexflow: Open source workflow engine in C#

Wexflow is a high performance and extensible workflow engine with a cross-platform manager and designer. The goal of Wexflow is to automate recurring tasks without user intervention. With the help of Wexflow, building automation and workflow processes become easy. Wexflow also helps in making the long-running processes straightforward. Wexflow aims to make automations, workflow processes, long-running processes and interactions between systems, applications and folks easy, straightforward and clean. The communication between systems or applications becomes easy through this powerful workflow engine. Wexflow makes use of Quartz.NET open source job scheduling system that is used in large scale entreprise systems. Thus, Wexflow offers felixibility in planning workflow jobs such as cron workflows. ... Wexflow provides a GUI for managing workflows that can be installed on a Linux system. To run Wexflow on Linux, Wexflow server must be installed on a Windows machine. Wexflow provides a self hosted web service that allows to query Wexflow Engine.

Understanding mass data fragmentation

cloud data warehouse
For most companies, data isn’t the fuel that powers digital transformation — it’s the biggest obstacle because of something I’m calling mass data fragmentation (MDF), which is a technical way of saying that data is currently scattered all over the place and unstructured, leading to an incomplete view of data. Data is fragmented across silos, within silos and across locations. Adding to the problem is that most companies have multiple copies of the same data. Some data managers have told me that about two-thirds of their secondary storage is comprised of copies, but no one knows which copies can be kept or deleted, forcing them to keep everything. If bad data leads to bad insights, then fragmented data will lead to fragmented insights, which can lead to bad business decisions. Digital natives such as Amazon and Google are data-centric and architected their infrastructure to avoid the MDF issue. This is why those businesses are agile, nimble and always seem to be at the forefront of market transitions. They have access to a larger set of quality data and are able to gain insights that other companies can’t.

Three keys to a cybersecurity culture that will stick

When it comes to cybersecurity, though, businesses are faced with a classic conundrum: How much money and resources should be spent on something that hasn’t – and may never have – happened? It’s easy to blame your employees for being susceptible to spear phishing attempts, but if they weren’t given proper training to spot them, then the fault lies elsewhere. And that’s just the tip of the iceberg. According to a recent ISACA/CMMI survey on cybersecurity culture, more than 70 percent of companies have specific policies in place for password management, automated device updates and device security, as well as employee training and proper communication workflows in place. However, only 40 percent of respondents say that their organizations’ efforts to create a culture of cybersecurity with substantial employee buy-in have been more than moderately successful. ... The most common support request at that time was for us to allow people to use their old passwords again – because people didn’t want to have to come up with a new one for each site they log into.

Cyber security – why you’re doing it all wrong

Let’s start with strategy – the overarching mission. How many organisations have such a thing? A few. How many are built through business engagement? Even fewer. Security strategy is generally written from a position of prejudice and as a means of gaining budget to mature the organisation’s posture. For a strategy to be sound, it should be preceded by a warts-and-all look at the effectiveness and maturity of the as-is position and a clear line of sight of where it needs to get to. This requires a deep understanding of the business within which security operates, alongside measuring the effects of the myriad security jigsaw pieces across the organisation. This almost never happens. If it did, security teams would recognise that investment needs to be made primarily and almost solely on fixing the crap that is already there. How can this be? Well, let’s go through some of the jigsaw pieces that just about every organisation will have in its security picture.

Software and beer: What open source and craft brewing have in common

Just as IBM and Microsoft want to cash in on the mainstreaming of open source, global giants of the beer industry want to tap into the hottest growth segment of their market. Not surprisingly, there has been significant consolidation over the past few years. But if you look at a bottle or can or go on the website of Ballast Point, you won't see any mention of the company being part of the Constellation Brands empire. Nor will you see that Goose Island is one of 100+ bands owned by ABInBev. The craft brewing industry has its fair share of angst about whether brewers that are no longer independent realty fit the category. There's a lot of concern that the power of global giants will push distributors away from independent brands. In the same way, were GitHub or Red Hat to be viewed as captive subsidiaries of Microsoft and IBM, much of their value proposition would evaporate. It could lead to forking, such as what happened with MySQLafter Oracle acquired its parent, Sun Microsystems. Admittedly, the IBM/Red Hat Deal has another value proposition for IBM that drove it to pay roughly a third of its market cap that went beyond the pure open source angle: the inclusion of OpenShift, that could make IBM, a distant challenger in the public cloud

While phishing campaigns traditionally are synonymous with email, social media is also a popular medium for using fraudulent information and lures to convince victims to click on a link to input credentials or download malware-embedded files. These attacks can be very targeted, such as Iranian-linked Cobalt Gypsy, which has created fake personas to connect with individuals in the Middle East and United States. Once the connections are made, over time, individuals are convinced to download malicious files onto corporate computers. These kinds of social media-enabled attacks have doubled in the last year, and are proving an effective way to steal financial information and credentials, or to deploy malware. Given the limited resources required and the potential for high returns, nation-state tactics are diffusing out to criminal groups as well. Today’s criminal phishing campaigns are much more sophisticated than the scams of yesteryear

Outsourcing, like most business technology processes, benefits from human input to provide insight and context, which will help SMEs to see real value in a managed service contract. This requires the right forums to be in place, such as a monthly service report reinforced by regular meetings. These might look at issues such as whether SLAs have been set correctly. On paper, the outsource provider may not be meeting some of them, but open, face-to-face discussions bring an understanding of why this is the case. A four-hour SLA to set up a new user may not be achievable for complicated roles that require complex access rights, for example. Appropriate communications resolve this, rather than leave a series of SLA red flags. SMEs are often faced with situations where everything is a priority, such as client relationships, IT, human resources (HR) and marketing. Therefore, it can make more sense to consider a more advisory or consultative IT security service to help senior management to understand what is important for their organisation, and to gain an external perspective on what good looks like.

Careful planning is key to mitigate the risks of moving to the cloud

There is no "one size fits all" set of methods to manage risks in the cloud. The risks are unique to each environment and use case. When your organization has a specific use case, your team can build controls around it. Develop your own cloud control framework based on those identified security risks. Consider current applicable regulations as you do—including SOX, PCI, PII and GDPR. For guidance, look at previous risk models and at best practices on cloud risks. Be alert to control overlap when developing your framework to avoid multiple controls addressing the same risk. Leverage your cloud service provider and internal risk/security experts to mitigate these risks as part of your overall migration plan. Finally, never underestimate the value of identifying your risks, or the time it will take to do it right. Cloud service providers, such as Amazon Web Services, take a "building blocks" approach by providing tools that can help you gain compliance in the cloud, but they do not manage compliance directly. Furthermore, the same cloud service providers make it exceedingly simple for individual teams to begin their migrations independent from the organization.

21% of all files in the cloud contain sensitive data

cloud contain sensitive data
Cloud services bring a momentous opportunity to accelerate business through their ability to quickly scale, allowing businesses to be agile with their resources and provide new opportunities for collaboration. Cloud services like Box and productivity suites like Office 365 are used to increase the fluidity and effectiveness of collaboration. However, collaboration means sharing, and uncontrolled sharing can expose sensitive data. ... To secure sensitive data in cloud storage, file-sharing and collaboration applications, organizations must first understand which cloud services are in use, hold their sensitive data, and how that data is being shared and with whom. Once organizations have gained this visibility, they can then enforce appropriate security policies to prohibit highly sensitive data from being stored in unapproved cloud services and provide guardrails that prevent noncompliant sharing of sensitive data from approved cloud services, such as when data is shared with personal email addresses or through an open, public link.

Quote for the day:

"Your first and foremost job as a leader is to take charge of your own energy and then help to orchestrate the energy of those around you." -- Peter F. Drucker

Daily Tech Digest - October 29, 2018

OpenStack Foundation releases software platform for edge computing

OpenStack Foundation releases software platform for edge computing
StarlingX is based on key technologies Wind River developed for its Titanium Cloud product. In May of this year, Intel, which owns Wind River, announced plans to turn over Titanium Cloud to OpenStack and deliver the StarlingX platform. StarlingX is controlled through RESTful APIs and has been integrated with a number of popular open-source projects, including OpenStack, Ceph, and Kubernetes. The software handles everything from hardware configuration down to host recovery and everything in between, such as configuration, host, service, and inventory management services, along with live migration of workloads. “When it comes to edge, the debates on applicable technologies are endless. And to give answers, it is crucial to be able to blend together and manage all the virtual machine (VM) and container-based workloads and bare-metal environments, which is exactly what you get from StarlingX,” wrote Glenn Seiler, vice president of product management and strategy at Wind River, in a blog post announcing StarlingX’s availbility.

3 best practices for improving and maintaining data quality

Poor data quality makes extensive impact on business including wrong product delivery, off the mark forecasts, inadequate planning, rework, poor customer experience and loss of reputation. Most of the factors affecting data quality are the defining elements such as accuracy, completeness and consistency. In the case of healthcare services, for example, inaccurate patient information and health records lead to adverse health outcomes. For retail business, inconsistency in the customer contact details not only creates delivery issues and customer complaints but also misses marketing opportunities. For all data, validity is always crucial. If data is not validated against the defined parameters such as format, range, and source, it is as good as absent. Depending on the urgency and critical nature of the operations, other factors specific to industries may become equally important. ... Finally, with no ambiguity, overlap or duplication, reliability of data across all sources is absolutely essential for high data quality.

British Airways data breach worse than thought

“It demonstrates that enterprises still do not have in place robust enough security to protect their back-end systems and databases, or the measures in place to identify these attacks in real time and cut them off as soon as abnormal activity is detected. “It is not beyond the means of organisations, especially those that process and manage such sensitive and critical information, to put in place tools that can analyse and detect threats or the exfiltration of data over a significant period of time.” This was especially important, said Carter, because it would then put the onus on affected customers to notify their financial services providers for any fraud they may become a victim of. LogRhythm vice-president and Europe, Middle East and Africa (Emea) managing director, Ross Brewer, added: “If I were BA, I would be very worried about the impact both breaches will have on the company’s reputation. The fact that both data breaches have taken place in the past six months is extremely worrying – and very embarrassing for the airline.

3 Keys to Reducing the Threat of Ransomware

Wouldn't it be more sensible to pay for a third-party review of security hygiene and posture, and bolster it wherever it's lacking, including penetration testing? Why rebuild? Maybe there was something wrong in the IT architecture, or the systems were outdated and needed replacement. Maybe the fear of something being left behind that might cause reinfection was too much to bear. We may never get the full story, but we do know the enormous cost of rebuilding these systems. As a CIO, I experienced numerous attempted ransomware attacks and several instances of server encryption, or attempted encryption, where we were able to take servers out of rotation. Fortunately, ransomware then was not what it is now, and though we were attacked our backups were not affected. Luck wasn't the only reason we were able to recover so quickly. We used good cyber hygiene and best practices to reduce the hacking threat. We also took snapshots of our infrastructure every 30 minutes, with full backups nightly. We always recovered with minimal data loss.

China has been 'hijacking the vital internet backbone of western countries'

The research duo says they've built "a route tracing system monitoring the BGP announcements and distinguishing patterns suggesting accidental or deliberate hijacking." Using this system, they tracked down long-lived BGP hijacks to the ten PoPs --eight in the US and two in Canada-- that China Telecom has been silently and slowly setting up in North America since the early 2000s. "Using these numerous PoPs, [China Telecom] has already relatively seamlessly hijacked the domestic US and cross-US traffic and redirected it to China over days, weeks, and months," researchers said. "While one may argue such attacks can always be explained by normal' BGP behavior, these, in particular, suggest malicious intent, precisely because of their unusual transit characteristics -namely the lengthened routes and the abnormal durations." In their paper, the duo lists several long-lived BGP hijacks that have hijacked traffic for a particular network, and have made it take a long detour through China Telecom's network in mainland China, before letting it reach its intended and final destination.

How to protect your organization from insider threats

Modern DLP solutions are intelligent data loss prevention systems, combining multiple disciplines including user activity monitoring, behavior analytics, and forensics in order to increase the effectiveness of a DLP implementation. These comprehensive DLP solutions allow for broader and more capable oversight to be implemented that can analyze user behavior, assign risk scores, and take action based on a complex set of user activities and data access. With human behavior-driven data loss prevention, organizations have emphasis on user activity monitoring and the ability to define and then dynamically update risk scores for different types of users. Leveraging machine learning and artificial intelligence to identify the anomalies, DLP can take action based on users’ behavior. Insider threats and DLP are a hot topic of conversation between at board meetings. This is a positive trend as it ensures visibility at the board level to the risks associated with insider threats and the urgency of a comprehensive DLP strategy to minimize data exfiltration risk. 

PoC Attack Leverages Microsoft Office and YouTube to Deliver Malware

According to a Cymulate analysis posted on Thursday, the team found that it’s possible to edit that HTML code to point to malware instead of the real YouTube video. “A file called ‘document.xml’ is a default XML file used by Word that you can extract and edit,” Avihai Ben-Yossef, CTO at Cymulate, explained to Threatpost. “The embedded video configuration will be available there, with a parameter called ’embeddedHtml’ and an iFrame for the YouTube video, which can be replaced with your own HTML.” In the PoC, the replacement HTML contains a Base64-encoded malware binary that opens the download manager for Internet Explorer, which installs the malware. The video will seem to be legitimate to the user, but the malware will unpack silently in the background. “Successful exploitation can allow any code execution – ransomware, a trojan,” Ben-Yossef said, adding that detection by antivirus would depend on the specific payload’s other evasion features. Obviously, the attack would work best with a zero-day payload.

Machine Learning Becomes Mainstream: How to Increase Your Competitive Advantage

Machine learning is a part of predictive analytics, and it is made up of deep learning and statistical/other machine learning. For deep learning, algorithms are applied that allow for multiple layers of learning more and more complex representations of data. For statistical/other machine learning, statistical algorithms and algorithms based on other techniques are applied to help machines estimate functions from learned examples. Essentially, machine learning allows computers to train by building a mathematical model based on one or more data sets. Then those computers are scored when they may make predictions based on the available data. So when should you apply machine learning? ... With the right machine learning strategy, the barriers to adoption are actually fairly low. And, when you consider the reduced TCO and increased efficiency throughout your business, you can see how the transition can pay for itself in very little time. As well, Intel is dedicated to establishing a developer and data science community to exchange thought leadership ideas across disciplines of advanced analytics.

1 threat intelligence feeds hand swiping tablet mobile device
The US NVD is slow; the media gap between a vulnerability becoming public and appearing on the list is seven days. China’s NVD is quicker to upload public vulnerabilities, but has been accused of altering data to hide government influences. The Russian NVD, run by the country’s Federal Service for Technical and Export Control of Russia, misses many vulnerabilities and is slow with what it does publish. Good threat intelligence is more than a list of vulnerabilities. Instead of relying on NVDs alone to power your vulnerability scanning, companies should look to other sources to supplement their threat intelligence operations. According to a study by Tenable, over a third of vulnerabilities have a working exploit available on the same day of disclosure, giving hackers days or more of unfettered opportunity to attack. By broadening the scope of your intelligence gathering, you can close the window of opportunity for cybercriminals and gain a richer set of data with which to defend yourself.

Services are everywhere, if we only have the lens to see them. Regrettably, we often notice them only when they are dissatisfying. Not long ago, I “discovered” an internal service in my organization: my team created a presentation to give to leadership, so we wanted it to look polished. Unfortunately, none of us had visual-design chops, so we requested someone from our design team to help. The reply was “Is there a due date?”. We didn’t have a deadline (yet), but we also had no idea when our understandably busy colleagues would be able to turn it around. This is clearly a (design) service for internal customers who have an idea of what makes it fit for their purpose. In this case, it was a reliable turnaround time. We all make requests of individuals and teams all the time. But without a mutual exchange of information -- for example, expected delivery speed -- we’re going to pad our requests with extra time or fake deadlines. 

Quote for the day:

"Added pressure and responsibility should not change one's leadership style, it should merely expose that which already exists." -- Mark W. Boyer

Daily Tech Digest - October 28, 2018

Sophia shared several messages with the president and responded to what he was saying. Sophia’s structural framework includes a camera that looks for visual cues such as facial expressions when deciding when to keep a conversation moving. The humanoid, whom Hanson Robotics gave an Audrey Hepburn look for this leg of the trip, started the conversation by telling Aliyev how she had obtained an ASAN visa at Baku airport and described Baku’s architecture. Sophia praised Aliyev for championing the ASAN initiative; “Your visit here [at the ASAN complex dedication] underscores the special attention you are giving to e-governance and the innovation ecosystem.” The visit mainly underscored two things; firstly that the ASAN agency is harnessing the electronic and cyber worlds to make citizens’ lives better, and secondly, it further shows Hanson Robotics is capable of making a robot whose artificial intelligence can not only help it learn tasks — like cleaning — but also have robust conversations with humans.

It’s banking Jim, but not as we know it

A completely different FinTech world had also emerged out of Asia, and many suddenly woke up to the fact that they hadn’t even been looking. By way of example, in 2018, Alipay and WeChat Pay EACH processed more dollars in a month through their apps than PayPal processes in a year. China has seen an explosion of online mobile payments, rising from $5 trillion in 2016 to $15.5 trillion in 2017 and predicted to boom to $45 trillion in 2020. Compare this to the USA and you see a quiet revolution, and it is not just about Alibaba and Tencent, but the whole FinTech scene emerging from Asia, Africa and South America. This FinTech scene began without the blinkers of big bank thinking, and has created wholly integrated internet finance on mobile apps, or superapps, seamlessly. ... Banks should feel duly threatened by FinTech 3.0 because they are control freaks by nature, who partner with no one unless they have to. For a big bank to about face and start to become an open market collaborator is a huge cultural change and, in the meantime, the challenger banks are actively building their ecosystems. FinTech 3.0, which starts around now and will play through 2025, will be the most interesting of these three phases as yes, it truly does disrupt banking.

Enterprise Architecture Governance: A Holistic View

Enterprise Architecture Governance is a practice encompassing the fundamental aspects of managing a business. It involves firm leadership, a complete knowledge of organizational structure, a confident direction, and the enablement of effective IT processes to promote an enterprise’s strategies. However, if distilled into just one area, the objective of EA Governance is to harmonize the architectural requirements of an enterprise into an understandable set of policies, processes, procedures and standards—all of which to ensure an organization’s visions and standards are aligned with actual business requirements. It is not an academic discipline detached from present reality, nor is it based on speculations of what is and what is not occurring. EA Governance is an integral part of deploying and maintaining business strategies. And in many ways, it is a never-ending job. Without EA Governance, an organization is likely to tumble into a web of non-standardized technology, bad product purchases or development, and monolithic architectures.

Designing Organisations with Purposeful Agile

If we think of organisations as a living system, similar to an individual human being, I like to define the culture of an organisation as its "unconscious" part. The first thing needed to change any culture is to become aware of the installed one. This is a very difficult piece. People love to do things rather than observe what things they do, and how they do them. Revealing the installed culture may be one of the most difficult parts to get to the 3rd stage. There is no change that can happen if there is no space for change. Usually the "change space" is filled with our common beliefs and mental models that make us behave the way we behave and make decisions the way we do. An example of creating space for change is working on managers’ agenda, making them available for their teams. It enables listening to the way the organisation operates and seeing what emerges. Freeing the busy agendas allows change to take place and helps us sense and grow awareness of the "installed culture".

Enterprise Agility Through Enterprise Architecture

Understanding Enterprise Architecture capabilities is a very important aspect while driving this transformation as it supports the representation of the business and IT aspects of the enterprise and their inter-relationships and dependencies. Enterprise Architecture is depiction of the target structure for organizations processes. It describes how business goals are realized by business processes, and how this business processes can be better served through technology. It has a critical role and is a strategic tool in addressing how business aligns well with the IT teams for addressing the changing business needs (changes from both business process and technology perspective); how the complexity in handling these challenges can be simplified by breaking down further into multiple aspects to tackle them; to deal with the dependencies between various upstream and downstream systems of various portfolios/LOBs by taking an abstraction view at each layer.

Behavioral Economics & Enterprise Architecture (2): Enterprise Architecture

The promise of enterprise architecture is that it helps improve decision making. Typically, the role of the enterprise architect is to advise and enable other stakeholders to make better decisions. Therefore, Enterprise Architecture – more than anything else – is a social discipline, in that it demands social skills and interaction in order for practitioners to successfully engage with stakeholders and change their behavior.  Not surprisingly, enterprise architects are more effective in steering decisions when they consider that they are dealing with Humans. And Humans, as we’ve explained in our previous blog, can be irrational, na├»ve and impulsive. By taking these biases into consideration and making choices as easy as possible for decision makers, architects can dramatically increase the likelihood of getting their point across and ultimately help deliver better business outcomes for the organization. Here, we present some principles to get you started.

How to build your enterprise architecture using the cloud

Due to the risks and implications of cybercrime and data breaches, many businesses are opting for a security-first tenet – and rightly so. The emphasis will be making sure that data is as secure as possible, both while in transit and during storage. In addition, all workloads may need to be authorised by the security team prior to deployment. Some companies operate on a zero-trust basis with their cloud service provider, retaining control of all encryption keys (e.g. managing key rotation, storing keys on an HSM, etc.). Others operate on a total trust basis, relying on the cloud provider's own enterprise-grade security processes to keep data secure. Whichever level of trust you employ depends on a variety of factors, such as your security approach and your familiarity with the cloud provider you’re using. The importance of prioritising tenets cannot be understated. If done correctly, they will help you to frame your policies, procedures and standards, building an enduring foundation for your enterprise architecture.

How to Build a Secure API Strategy for the API Economy

APIs could expose a company’s transactional systems to the outside world in unprecedented ways. Systems of record are not intended to be available publicly. As such, development teams must test, test, and retest APIs stringently before release. Once developers embed an unsecured API into an enterprise's applications, it can infiltrate and reduce that organization’s overall security posture. Some enterprises have hundreds of consumer-facing web applications, and each of those websites could have anywhere from five to 32 vulnerabilities — that’s a staggering risk of exposure. Sometimes, developers mistake the capabilities of API management tools and expect them to solve all API security challenges. API management tools do provide security policies that work at the perimeter, but not all of them play a role in securing the business logic that serves up the API. For this, developers need to treat APIs as yet another form factor for their applications and ensure that adequate attention is paid to securing them.

Edge Computing: The Driving Force in New Architecture Innovation

Every edge computing project starts with collecting data from IoT devices, sensors or mobile users, and the success of the project depends on ability to transform the data and into actionable intelligence while delivering a return on investment. Initial deployments start with connecting gateway-class devices to IoT devices/sensors at the edge and performing most of the data processing in the server class infrastructure in a backend data center or cloud. Gateways perform the data collection, aggregation, and filtering, and send the useful data for processing to a centralized cloud or data center. As we see larger scale deployments and more devices (e.g. smart factories, oil & gas, connected vehicles), server class infrastructure will move closer to edge to enable data processing and decision making at scale with lower latency. These servers may reside on-premise at the edge location where sensors and gateways are located or they may reside at a central office or micro-data centers between the edge location and backend centralized cloud.

How This Blockchain Innovation Could Impact Billions

Athman Ali, CEO of impact investing firm 1000 Alternatives, has partnered with Everest to address some of the economic challenges facing people and countries in Sub-Saharan Africa. The partnership was originally focused on reducing transportation costs in the region—cut costs of transport and the cost of almost everything else will fall, too. “We have since deepened our partnership to position the Everest platform for use by innovators, incubation hubs and social entrepreneurs to spur innovations in the various areas that 1000 Alternatives focuses towards achieving positive social impact,” Ali says. The expanded relationship now includes another area with the potential to impact people in dramatic ways. “Legal identity, land titles tracking and documentation of ownership and transfers of assets remain a big challenge in African countries,” Ali says. “Opportunities to use the blockchain platform to improve services in education, health and livelihoods is another set of opportunities.”

Quote for the day:

"Nobody in your organization will be able to sustain a level of motivation higher than you have as their leader." -- Danny Cox

Daily Tech Digest - October 27, 2018

EA can play an important role in defining the strategy of the business itself, rather than coming into the picture when the strategy has been written out at a corporate level and then look for the implications of that strategy for IT or technology, data or processes. Enterprise Architects by the nature of what they do have the capability to understand the customer’s point of view. So far, they’ve understood the challenges and needs of the internal stakeholders. If they take this skill outside the business, they’ll also be able to capture what the customer wants from an end-to-end journey point of view. Once that is established, other elements like organization, process, data, and technology can facilitate realizing the goal. Enterprise Architects are good at connecting the dots. That’s why they should be interested in polishing Design Thinking skills and positioning themselves in discussions closer to the consumer. ... Whatever organization we work for, it’s all about people. The people who work for that organization and the people these organizationsare here to serve. If the focus is toward people, we can Design Think the Digital Enterprise for Business Transformations – either today or for tomorrow.

A Brief History of High-Performing Teams by Jessica Kerr

Kerr presented the term "Symmathesy," first proposed by Nora Bateson, derived from Sym, meaning together, and Mathesie, meaning learning. While originally coined to describe ecologic systems that are constantly changing, the term can be applied more generally. A system is not the sum of its parts – that would be an aggregate. Rather, the parts of a system are the sum of their past interactions. Kerr argues that a software system is even more of a symmathesy than these historical examples. It's not simply the software team, but also includes the customers, as well as the running software, the database, the hardware, and all the tools the team uses. These parts all interact with each other and create mutual learning, making the team, and its members, grow and evolve. Participating in such an environment requires showing up to work with your whole self, prepared to be part of the living system. Kerr says this is why adopting such a mindset is so hard. Beyond thinking about yourself or just your team, you have to think much more broadly, ab your organization, division or company as a whole, creating bridges to other teams where necessary.

Visa B2B Connect is a distributed ledger-based platform, which aims to provide financial institutions with a simple, fast and secure way to process cross border business-to-business payments globally. B2B Connect’s digital identity feature tokenizes an organization’s sensitive business information, such as banking details and account numbers, giving them a unique identifier that can be used to facilitate transactions on the platform. In preparation for the commercial launch next year, Visa is expanding partnerships to add additional functionality to the B2B Connect platform. As part of the B2B Connect platform, Visa is integrating open source Hyperledger Fabric framework from the Linux Foundation with Visa’s core assets. This will help provide an improved process to facilitate financial transactions on a scalable, permissioned network. The work between Visa and IBM will enable Visa’s mutual financial institutional clients and ecosystem to maximize the network.

Addressing third-party cyber risk is challenging and significant. For larger organisations, procurement decisions are usually made without input from those responsible for cyber security, and such agreements can provide access to critical systems via open application programming interfaces (APIs) and other interaction mechanisms. Supplier relationships are also overwhelming without a standard process to manage cyber risk when the relationship is via an arms-length contractual arrangement. Many organisations are struggling to address their internal network security issues and have not sufficiently considered the risks beyond their own network. But third-party cyber security risk is too significant and too dangerous an issue for board members to continue to overlook. Current regulatory initiatives including the Networks and Information Systems (NIS) Directive and GDPR require organisations to take responsibility for ensuring that external suppliers have implemented adequate cyber security measures.

This time it’s personal: the financial industry is banking on AI to better serve customers

Man hand using online banking and icon on tablet screen device in coffee shop. Technology Ecommerce Commercial. Online payment digital and shopping on network connection. All on tablet screen are design up.
If fintech stood alone, I don’t think banks would rush to evolve. Financial institutions probably won’t lose much sleep over fintech in the next three to five years. ... Many tech companies see fintech and startups as enablers to get into finance. All of a sudden those enablers become very powerful, very quickly, and that’s a big misconception of the financial market. These tech companies, however, don’t want to become banks. For them, it’s about adding value for their customers. If you can give a customer multiple fintech services, then they’re more likely to choose the convenience of your platform. ... We’ve seen large financial institutions show that it’s possible to manage their legacy operations and daily business, while at the same time, almost separately, fostering a more agile startup mentality for transformation. New business ventures mean that this startup mentality must be separated which, of course, also means that more money has to be spent.

The Four Building Blocks of Transformation

The conventional response is a transformation initiative — a top-down restructuring, accompanied by across-the-board cost cutting, a technological reboot, and some reengineering. Maybe you’ve been through a few such initiatives. If so, you know firsthand how difficult it is for them to succeed. These efforts tend to come in late and over budget, leaving the organization fatigued, demoralized, and not much changed. They don’t take into account the fundamentally new kinds of leverage available to businesses that have emerged in the last 10 years: new networks, new data gathering and analysis resources, and new ways of codifying knowledge. Successful transformations may be relatively rare, but they do exist — and yours can succeed as well. A transformation, in this context, is a major shift in an organization’s capabilities and identity so that it can deliver valuable results, relevant to its purpose, that it couldn’t master before. It doesn’t necessarily involve a single major initiative; but the company develops an ongoing mastery of change, in which adaptability feels natural to leaders and employees.

AI vs. Algorithms: What's the Difference?

Artificial intelligence vs algorithms, a digital technology concept background with the word versus in the middle
According to Mousavi, we should think of the relationship between Algorithm and AI as the relationship between “cars and flying cars.” “The key difference, is that an algorithm defines the process through which a decision is made, and AI uses training data to make such a decision. For example, you can collect data from thousands of driving hours by various drivers and train AI about how to drive a car. Or you can just code it [to say] when [it] identifies an obstacle on the road it pushes the break, [or] when it sees a speed sign, [it] complies. So with an algorithm, you are [setting] the criteria for actions,” he explained. On the other hand, Mousavi said that with AI you, “would not tell the computer what to do because AI determines [what action to take based on the] data that says this is what people almost always do.” ... As it turns out, AI is also known for adopting unsavory behaviors, failing to discern political, social, and at times, even objective correctness from incorrectness. “AI invariably places women

9 data management and security jobs of the future

“The theory behind junk data is often wrong, and we need to fix it,” the authors write. “Data that has not been used by anyone in the past 12 months, has no foreseeable use as initially imagined, and isn’t necessary for regulatory purposes, can still be turned into insights. Just like food waste is a carbon that can be used to produce green energy, data waste is still meaningful if cleaned.” “In this role, you’ll apply analytical rigor and statistical methods to data trash in order to guide decision-making, product development and strategic initiatives. This will be done by creating a ‘data trash nutrition labeling’ system that will rate the quality of waste datasets and manage the ‘data-growth-data-trash’ ratio.” ... “The National Cyber Security Center (NCSC) is seeking a new type of cyber agent, one that not only can defend our national infrastructure but also, if necessary, undertake an offensive against our nation’s adversaries,” the authors say.  To be considered for this critical role, you must display an excellent track record of cyber hacking, ‘grey-hat-focused’ software development or distributed denial of service attack experience.

How FIs Are Combating Increasingly Sophisticated Attacks

One of the biggest challenges for banks is the sheer amount of attack methods. FS-ISAC officials have seen fraudsters use a wide, and expanding, range of techniques. These attacks are not just growing in number, though — they’re becoming more adept at wreaking havoc. “Cybercriminals remain a threat, particularly those who steal money, because they go after banks and their customers — companies like retailers,” Nelson said. “The number of different attacks has really increased over time, and they’re more sophisticated. There’s more malware and more variance emerging all the time.” The ever-growing list of cyberattack methods, paired with the surge in digital transactions, means that banks and FIs that want to avoid becoming the latest victim of cybercrime need to invest in systems that can detect cyberattacks. Modern fraud prevention solutions are built around new, emerging tools and technologies, like machine learning (ML) and artificial intelligence (AI).

Next-Gen Autonomous System Design Made Easier With DDS and ROS

For those unfamiliar, ROS(Robot Operating System) is an open-source software framework for developing robot software applications. It started as an open-source project in 2007, and is a mainstay in robotics research because of its ease-of-use and open-source hackability. As a result, it has grown to include tools for 3D simulation and visualization, route planning, pose estimation and support for nearly every type of robotic arm, actuator, gripper, etc. While the tools in ROS are impressive, the performance and scalability of ROS itself could not keep pace with the needs of next-gen robotics applications, such as autonomous vehicles, multi-robot swarms and operating in distributed environments. ROS was designed to control a single robot from a desktop Linux environment, but these new applications required real-time performance with safety-critical implications, and potentially to operate in a distributed environment with limited memory and unreliable networking.

Quote for the day:

"Structure is more important than content in the transmission of information." -- Abbie Hoffman

Daily Tech Digest - October 25, 2018

Digital channels can provide an effective gateway to emotionally connect an organization to its consumers. Technology companies that are consumers’ favorite brands not only have best-in-class digital capabilities; they also do a superior job integrating digital and physical environments and integrating both strategically to foster an emotional connection. Amazon’s digital prowess allows customers to discover, research, and buy products in minutes, while enabling its physical supply chain to deliver the goods most efficiently. Merging the physical with the virtual/digital is key to superior customer experience: putting the “real in digital and digital in real.” According to our survey, consumers are more likely to increase use of digital channels (both online and mobile) if banks increase security, provide more real-time problem resolution, and allow for more regular banking transactions to be handled digitally. On the other side, adding digital self-service screens at brick-and-mortar locations, or being able to connect with a bank representative virtually will increase consumers’ likelihood to use branches.

DevSecOps An Effective Fix for Software Flaws

Veracode judges the duration of a flaw based on how many times the same issue shows up in a scan after its initial discovery, Eng says. "If the flaw shows up three, four, five times, we can see that this was discovered in January, and you scanned it every month, and it's still there in May—then in June it goes away. So you assume that to mean that they closed it after four months," he explains. Eng's use of "months" as the time scale for remediation is not arbitrary. According to the Veracode research, more than 70% of all flaws were still present a month after initial discovery, and nearly 55% had not been remediated after three months. In fact, while roughly a quarter of all code flaws were dealt with inside 21 days, another quarter were still open issues after a year. The length of time from discovery to fix varied according to the flaw's severity — but not very much, Eng says. Based on a scale that rates the most severe issues a 5 and the least severe a 1, he explains, "We expected the fives to be fixed the fastest and then the fours, threes, twos, but it wasn't like that."

Cathay Pacific under fire over breach affecting 9.4 million passengers

Brian Vecci, technical evangelist at Varonis, said that as insiders and external actors get more sophisticated, organisations must be able to do a better job of detecting suspicious activity quickly and reducing the time it takes to investigate an incident. “Months went by between when this attack was apparently noticed and when investigators figured out sensitive data might have been stolen, and then almost half a year passed before it was announced,” he said. “That is unacceptable and highlights just how far behind the eight ball most organisations are when it comes to threat hunting and incident response.” The data breach includes 860,000 passport numbers, about 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) that were accessed, although the airline claims no passwords were compromised. Breached data also includes passenger names, nationalities, dates of birth, telephone numbers, email and physical addresses, passport numbers, identity card numbers and historical travel information – all extremely valuable to cyber criminals for identity theft, phishing and fraud.

The US pushes to build unhackable quantum networks

The QKD approach used by Quantum Xchange works by sending an encoded message in classical bits while the keys to decode it are sent in the form of quantum bits, or qubits. These are typically photons, which travel easily along fiber-optic cables. The beauty of this approach is that any attempt to snoop on a qubit immediately destroys its delicate quantum state, wiping out the information it carries and leaving a telltale sign of an intrusion. The initial leg of the network, linking New York City to New Jersey, will allow banks and other businesses to ship information between offices in Manhattan and data centers and other locations outside the city. However, sending quantum keys over long distances requires “trusted nodes,” which are similar to repeaters that boost signals in a standard data cable. Quantum Xchange says it will have 13 of these along its full network. At nodes, keys are decrypted into classical bits and then returned to a quantum state for onward transmission. In theory, a hacker could steal them while they are briefly vulnerable.

Technology risks: What CIOs should know and steps they can take

CIOs should ensure that any new technology is only accessible to those who absolutely need it for their job, OpenVPN's Dinha recommended. Any access point should utilize two-factor authentication to keep hackers from taking control with brute-force attacks, and CIOs should educate their teams to make sure they understand technology risks and their role in protecting the company's data and privacy, he said. "Have a clear policy on how cybersecurity is managed with each individual piece of new technology and educate everyone on the best practices," Dinha said. When developers are creating AI or task automation, CIOs should be wary of what shortcuts their teams take and what "Band-Aids" are being deployed, SiteLock's Ortega said. One major concern is to ensure that AI has access only to the data necessary to complete its assigned task, she explained. "Taking a proactive approach and instilling a culture of security awareness stops convenience from becoming dangerous, keeping sensitive data safe at every level," Ortega said.

How 802.11ax Improves the Experience for Everyone

istock 926538832
In 802.11ax OFDMA, the access point assigns client traffic to sub-channels, not just for the downlink but also for the uplink. The new ‘trigger frame’ mechanism allows the access point to poll clients to discover what traffic they wish to send on the uplink. When it collects the trigger frame responses, it designs a schedule and sends it to clients in another trigger frame. Clients then construct frames according to their instructions, setting data rates, transmit levels and sub-channels, and transmit data frames back to the access point. The other multi-user mechanism in 802.11ax is multi-user MIMO. This uses the same trigger-frame control protocol as OFDMA, improving on 802.11ac. Multi-user MIMO is itself a complex protocol, requiring sounding packets to determine multipath conditions and group MIMO clients, all under the control of the access point. At any moment, the access point can choose to use traditional single-user transmissions, or multi-user, with OFDMA or MIMO. This opens new dimensions in traffic management.

Bridging the IT Talent Gap: Find Scarce Experts

The technology industry's unemployment rate is well below the national average, forcing companies to compete aggressively for top talent. When presented with a range of recruitment strategies by a recent Robert Half Technology questionnaire — including using recruiters, providing job flexibility and offering more pay — most IT decision makers said they are likely to try all approaches in order to land the best job candidates for their teams. ... Look beyond the typical sources, suggested Art Langer, a professor and director of the Center for Technology Management at Columbia University and founder and chairman of Workforce Opportunity Services (WOS), a nonprofit organization that connects underserved and veteran populations with IT jobs. "There is a large pool of untapped talent from underserved communities that companies overlook," he explained. Businesses are now competing in a global market. "New technology allows us to connect with colleagues and potential partners around the world as easily as with our neighbors," Langer said. "Companies hoping to expand overseas can benefit from employees who speak multiple languages."

Scaling Agile in a Data-Driven Company

Agile is, first of all, a mindset: practicing Agile is not being Agile. Changing and evolving the organization's mindset was not easy. Understanding and assimilating the values and principles of the Agile Manifesto requires exercise, practice, patience and a continuous work with people and on the company culture. Aspects such as micro-management and the continuous push on the teams were part of our daily life, and only with continuous coaching and on-the-job training we managed to bring out the value and the trust of an empowered and autonomous team. Also the interpretation of the roles of Product Owner and Scrum Master were very difficult at the beginning: the PO was often focused more on “How to do” instead of “What to do”, while the Scrum Master who came from Technical Leaders often did not focus on their role as facilitators/ Servant Leaders. It was important to understand the essence of the two roles in Scrum. An Agile transformation is first of all a cultural transformation, then it also becomes a process change; the process is the child of culture. 

U.S. state banking regulators sue government to stop fintech charters

A body of U.S. state banking regulators on Thursday sued the federal government to void its decision to award national bank charters to online lenders and payment companies, saying it was unconstitutional and puts consumers and taxpayers at risk. The Conference of State Bank Supervisors (CSBS) said it had filed a complaint in the U.S. District Court for the District of Columbia against the Office of the Comptroller of the Currency (OCC) over its plan, announced in July, to issue bank charters to financial technology firms. “Common sense and the law tell us that a nonbank is not a bank. Thus, CSBS is calling on the courts to stop the unlawful, unwarranted expansion of powers by the OCC,” John Ryan, CSBS president and CEO said in a statement. Fintech firms have long pushed for national bank charters to let them operate nationwide without needing licenses in every state, a process they say can impede growth and boost costs. OCC spokesman Bryan Hubbard did not immediately respond to a request for comment. The regulator has previously said it would vigorously defend its authority to grant the charters.

Defense, security and the real enemies

intro cyber attack maps
Recognize the dangers presented by these countries at all levels of government. This is one of the times where party affiliation or stances on issues do not matter. We need to take the agencies and people we’ve empowered with H.R. 1616 - Strengthening State and Local Cyber Crime Fighting Act of 2017, and Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, both of which have been signed by President Trump, and make actual protection the national priority. The latter bill is very comprehensive and provides an excellent start as to what companies should be doing.  We need to plan to protect what we deploy as part of how we implement technology and plan to keep the technology as current as possible and most importantly well-protected with an engaged team. We make it easy for Moscow, Beijing or Pyongyang when we don’t protect ourselves. Many of these successful attacks take advantage of long-standing security holes to devastating effect.

Quote for the day:

"Before you are a leader, success is all about growing yourself. When you become a leader, success is all about growing others" -- Jack Welch