Daily Tech Digest - November 12, 2020

The Ever-Expanding List of C-Level Technology Positions

In decades past, it was relatively uncommon for IT leaders to be part of the top tier of executive management. Even those who held the title of chief information officer (CIO) often reported to someone other than the chief executive officer (CEO). But digital transformation has changed that. As enterprises seek new ways of doing business, CIOs have begun playing a bigger role in directing the overall strategy of the business. Several different surveys have found that more than half of CIOs now report to CEOs, and many CEOs list their CIOs as one of their most trusted advisors. ... However, while they might not be ascending to the top job, IT leaders are finding more opportunities to join the executive team. The twin trends of digital transformation and the rise of big data analytics has led many enterprises to create new C-level positions directly related to technology. In fact, some industry analysts have begun to wonder if organizations have created too many new C-level technology roles. Some are forecasting that in the years ahead enterprises might be re-vamping their org structure to cut back on these new C-level positions. But for now, IT leaders seem to have more opportunities to fill C-level roles than ever before.


Applying Lean and Accelerate to Deliver Value: QCon Plus Q&A

It is important to understand that delay degrades the economic value of what we deliver - there is a cost to delays, and it can be significant. Think about the loss of opportunity or revenue if a software product is delivered late, especially in a highly competitive market segment. Delays also slow down feedback, which makes it harder to adapt to new information. You can also incur significant risk of outages or customer turnover if features are delivered late. With this in mind, just as we spend so much time optimizing and tuning the latency and throughput of our software systems, we should spend time to optimize and tune the latency and throughput of our development process. It turns out when you look at the math and dynamics of product delivery pipelines, the biggest contributor to delay is letting queues back up. Unlike in manufacturing, these queues are invisible in software development, so it is important that we make an effort to make them visible, and then address them quickly and aggressively. Two powerful ways to reduce queues are limiting work in progress and keeping your batch sizes small.


Banking Trojan Can Spy on Over 150 Financial Apps

The Kaspersky researchers first came across the Ghimob Trojan in August while examining a Windows campaign related to another malware strain circulating in Brazil. "We believe this campaign could be related to the Guildma [Brazilian banking Trojan] threat actor for several reasons, but mainly because they share the same infrastructure," according to the report. "It is also important to note that the protocol used in the mobile version is very similar to that used for the Windows version." Unlike other types of Android-focused malware, the Ghimob Trojan does not disguise itself as a legitimate app that is hidden within the official Google Play Store. Instead, the fraudsters attempt to lure victims into installing a malicious file through a phishing or spam email that suggests that the recipient has some kind of debt, according to the report. The message includes an "informational" link for the victim to click on, which starts the malware delivery. The malicious link is usually disguised to appear as either a Google Defender, a Google Doc or a WhatsApp Updater, according to the report. If opened, it installs the Ghimob Trojan within the device. The malware's first step is to check for any emulators or debuggers which, if found, are terminated.


How to stress-test your business continuity management

“You really need to be in a position to mitigate against any potential risks both before a system is live, and afterwards, so there are no nasty surprises. End to end testing of every platform, both independently and in terms of its integration with the wider network of systems, is therefore critical. However this needs to be balanced against the need to deliver with speed and certainty – so strong automated testing should be seen as a standard component of your production systems. “This will usually be provided by an independent quality assurance specialist. At Expleo we actually automate this process for clients to account for the complexity and speed of the technology and release cycles. Automated testing not only safeguards quality, but also adds value by providing immediate speed and efficiency gains. “First, ML cuts through the testing workload and sieves the data at scale, surfacing the highest-priority test cases. Then, AI analyses this data in real-time, so we can respond to risks before they become issues. This is used as the basis for predictive analysis – so you can predict where risk is going to emerge and mitigate it in the most cost effective way.”


What's next for AI: Gary Marcus talks about the journey toward robust artificial intelligence

Marcus points out this is a really deep deficiency, and one that goes back to 1965. ELIZA, the first expert system, just matched keywords and talked to people about therapy. So there's not much progress, Marcus argues, certainly not exponential progress as people like Ray Kurzweil claim, except in narrow fields like playing chess. We still don't know how to make a general purpose system that could understand conversations, for example. The counter-argument to that is that we just need more data and bigger models (hence more compute, too). Marcus begs to differ, and points out that AI models have been growing, and consuming more and more data and compute, but the underlying issues remain. Recently, Geoff Hinton, one of the forefathers of deep learning, claimed that deep learning is going to be able to do everything. Marcus thinks the only way to make progress is to put together building blocks that are there already, but no current AI system combines. ... A connection to the world of classical AI. Marcus is not suggesting getting rid of deep learning, but using it in conjunction with some of the tools of classical AI. Classical AI is good at representing abstract knowledge, representing sentences or abstractions. The goal is to have hybrid systems that can use perceptual information.


Passage of California privacy act could spur similar new regulations in other states

The COVID-19 crisis has derailed a lot of legislative activity across the country, making it difficult to get a solid sense of where privacy initiatives are headed. “The challenge you're going to find is that post-pandemic most of the state legislatures said anything that's not COVID related is not being considered,” Stockburger says. After the pandemic recedes from its urgent priority status, many states could kick new legislative efforts into gear. “Next year, that's when you're going to see big new developments and introductions,” he says. ... Another question that remains is whether the federal government will step in to create a more consistent privacy law framework. In the past, Silicon Valley giants stood staunchly opposed to the stringent provisions of the CCPA and sought a national privacy law to preempt and water down the CCPA’s requirements. However, their resistance has weakened over the past several years. “At the federal level, there's just a real challenge in getting any type of omnibus legislative efforts pushed through,” Stockburger says. “That’s been a challenge since probably 2016 when the Democrats got whooped in the midterms, and since then, we've had divided Congress.”


5 Things We’ve Learned from Digital Transformation in the Last 5 Years

While mobile offerings may have been a luxury five years ago, they are now an indispensable channel. Many organizations previously viewed mobile services as a nice-to-have, or as an offering geared towards a younger generation of tech-savvy consumers. However, now that contactless operations are the norm, offerings that incorporate mobile capture and mobile onboarding are a must-have for meeting the needs of the new digital-first consumer. From check deposits to application submissions, mobile services can go a long way in providing convenience, accessibility and ease. Organizations that embrace mobile capabilities and seamlessly connect them with back-end systems are well-positioned to enhance the customer experience and improve customer retention. Five years ago, it wasn’t uncommon for an organization’s process discovery methods to be defined by one-on-one interviews, firsthand observations and manual analysis. It was typical for business leaders to map out processes via post-it notes — what used to be referred to as “walking the wall.” Now, however, organizations are turning to machine learning and predictive analytics to discover and analyze their processes in a more accurate way.


DDoS Protection for Workloads on AWS with GWLB & DefensePro VA

There are many ways to deploy DefensePro VA with AWS Gateway Load Balancer to achieve north-south and/or east-west inspection. AWS Gateway Load Balancer adheres to multiple deployment use cases and network architectures. The AWS Gateway Load Balancer provides the VPC Endpoint Service, which allows customers to mimic on-prem networking paradigms, such as hub-and-spoke, across different VPCs and accounts. Customers can create a VPC dedicated to DDoS inspection where a group of DefensePro appliances is deployed with a Gateway Load Balancer. By utilizing AWS Ingress Routing, customers have full control of traffic routing to and from the DDoS inspection VPC. The following network topology illustrates a simplified deployment of DefensePro VA in a dedicated DDoS inspection VPC. There are two VPCs: the Customer VPC, which is Internet-facing, and DDoS-Inspection VPC. The Customer VPC has two Availability Zones for high availability of applications instances. Each zone includes an AGWe (end-point service) that steers traffic to/from the Gateway Load Balancer located in the DDoS-Inspection VPC. A group of DefensePro VAs is deployed in the DDoS Inspection VPC, spanning two Availability Zones, for high availability.


Does Your Business Need a Digital Transformation?

Because a digital transformation inevitably involves new systems, processes, and skills, it can be daunting for many leaders and teams. Embracing new technology involves a willingness to disrupt current processes and to develop new ones. This can be uncomfortable and challenging, and it’s important for leaders to acknowledge that from the outset. For many businesses, a digital transformation means completely rethinking systems and processes in order to embed technology throughout them. From the start, leadership teams need to be willing to make these major changes in order to take advantage of new tools. ... Perhaps the most important thing you can do is to prepare your team. Whenever there are major changes, leaders should expect some pushback. It’s important to anticipate and proactively address this issue to ensure that your team is ready and supportive of upcoming changes. A simple way to prepare your team is by being transparent about the planning process, goals, and anticipated shifts. Involving them in the process as much as possible will lead to increased buy-in and engagement from all levels of your team.


Stop thinking of cybersecurity as a problem: Think of it as a game

Companies can’t afford large-scale cyberattacks at any time, but especially right now. The pandemic has caused consumers who may have lost significant income to be picky with their purchases and investments. Companies need to be focused on retaining customer relationships so that they’ll weather the pandemic, and a take-down of the network could undercut customer trust in unrecoverable ways. But many companies won’t take action. They may view their older systems as good enough to ride the wave to the other side of the pandemic, and once there, they’ll go back to what they had used before, unprepared for the next attack. They may get through, but nothing will have changed — things will not go back to how they were, and you will no longer be able to rely on systems that protected a pre-COVID world. Now, there’s an opportunity to huddle up, form a new strategy, and go on the offensive. The pandemic can be an opportunity for businesses to take a look at their vulnerabilities, map their attack surface, and take appropriate actions to secure and strengthen their systems.



Quote for the day:

"Leadership is familiar, but not well understood." -- Gerald Weinberg

No comments:

Post a Comment