The role of the CIO was to deploy technology efficiently to support the company’s strategies and plans. The role of the CPO, as inherited from pure technology companies, is to develop and maintain a deep understanding of the customer and market and guide the delivery of products to best meet and monetize their needs, and do so ahead of any and all competition. The traditional CIO derives the why and what from other parts of the organization and supplies the how. Transitional versions of the CIO and the CDO and other neologisms may start to encroach on the what. But the true CPO drives the why and what—and the how if they also have engineering, or collaborates on the how with a CTO or head of development if not. Does this sound broad, even encroaching on CEO territory? Well, yes. It’s no accident that former product chiefs are the new CEOs of Google and Microsoft. So what does that mean for you if you are in an IT organization? Well, first, while your organization may or may not change the actual title to CPO from CIO, it’s important for your career to recognize when the definition of their job becomes that of what a CPO would do in a “pure” software company.
Stanford psychologist Carol Dweck’s popular work on growth suggests that people hold one of two sets of beliefs about their own abilities: either a fixed or a growth mindset. A fixed mindset is the belief that personality characteristics, talents, and abilities are finite or fixed resources; they can’t be altered, changed, or improved. You simply are the way you are. People with this mindset tend to take a polar view of themselves—they consider themselves either intelligent or average, talented or untalented, a success or a failure. A fixed mindset stunts learning because it eliminates permission not to know something, to fail, or to struggle. Writes Dweck: “The fixed mindset doesn’t allow people the luxury of becoming. They have to already be.”2 In contrast, a growth mindset suggests that you can grow, expand, evolve, and change. Intelligence and capability are not fixed points but instead traits you cultivate. A growth mindset releases you from the expectation of being perfect. Failures and mistakes are not indicative of the limits of your intellect but rather tools that inform how you develop. A growth mindset is liberating, allowing you to find value, joy, and success in the process, regardless of the outcome.
With insider threats accounting for the largest majority of cyberattacks, SMBs need to get to the root of the problem — human behavior. Inspiring change begins with raising awareness. To do this effectively, SMBs must first reflect on their business as a whole. This means identifying every “weak point” and addressing every potential impact the business could suffer if those weak points were targeted. For instance, many SMBs operate across supply chains, which include various virtual and physical touchpoints. Because of this, if one section of the supply chain were to get hit by a cyberattack, the entire system could come crumbling down. By gathering and sharing this information in consistent organizationwide training sessions that inform and entertain, SMBs can empower their staff with deeper threat awareness and help improve their individual security posture. ... SMBs should consider bringing on external experts to regularly analyze their IT infrastructure. This will ensure that they have an unbiased opinion to the business’ needs and the strongest protection possible. Coupled with this, SMBs should regularly conduct internal security audits to better understand where hidden back doors exist across their organization.
The new generation of care robots do far more than just manual tasks. They provide everything from intellectual engagement to social companionship that was once reserved for human caregivers and family members. When it comes to replicating or substituting human connection, designers must be intentional about what outcomes these robots are designed to achieve. To what degree are care robots facilitating and maximizing emotional connection with others (a personified AI assistant that helps you call your grandchildren, for example) or providing the actual connection itself (such as a robot that appears as a huggable, strokable pet)? Research suggests that an extensive social network offers protection against some of the intellectual effects of aging. There could also be legitimate uses for this kind of technology in mental health and dementia therapy, where patients are not able to care for a “real” pet or partner. Some people might also find it easier to bond or be vulnerable with an objective robot than a subjective human. Yet the risks and externalities of robots as social companions are not yet well understood. Would interacting with artificial agents lead some people to engage less with the humans around them, or develop intimacy with an intelligent robot?
Research teams from energy giant ExxonMobil and IBM have been working together to find quantum solutions to one of the most complex problems of our time: managing the tens of thousands of merchant ships crossing the oceans to deliver the goods that we use every day. The scientists lifted the lid on the progress that they have made so far and presented the different strategies that they have been using to model maritime routing on existing quantum devices, with the ultimate goal of optimizing the management of fleets. ... Although the theory behind the potential of quantum computing is well-established, it remains to be found how quantum devices can be used in practice to solve a real-world problem such as the global routing of merchant ships. In mathematical terms, this means finding the right quantum algorithms that could be used to most effectively model the industry's routing problems, on current or near-term devices. To do so, IBM and ExxonMobil's teams started with widely-used mathematical representations of the problem, which account for factors such as the routes traveled, the potential movements between port locations and the order in which each location is visited on a particular route.
In addition to migrating workloads to public clouds, companies also started demanding a cloud-like experience in their data centers. This includes consumption-based pricing and the flexibility to scale usage and add services on demand. “And what we’re now doing is bringing extreme flexibility, simplicity, and agility to the network security and software firewalls,” Gupta said. “So that’s why we’re reinventing yet again how customers buy these software firewalls and security subscriptions. And I hope that the industry will adopt that model and make it easier for customers.” However, other leading firewall vendors already adopted similar consumption-based licensing approaches. Fortinet, Forcepoint, and Check Point rolled theirs out last year. Fortinet’s programs aim to give its virtual firewall customers more flexibility in how they consume those products and security services, said Vince Hwang, senior director of products at Fortinet. ... “They can allocate the points to any virtual firewall size and type of security services in seconds without incurring a procurement cycle. These virtual firewalls and security services can be used on any cloud and anytime. Customers can manage their consumption through a central portal available through Fortinet’s FortiCare service.”
Advancements in artificial intelligence have led to the development of automated decentralized finance strategies to replace the role of traditional fund managers, monitoring the market to identify the best risk-adjusted assets to deliver investment returns. Rocket Vault Finance leverages these advanced artificial intelligence predictive analysis tools and machine learning algorithms to develop data-driven, intelligent, and automated investment strategies to minimize losses and maximize gains. They consistently achieve over 100% APY returns for stablecoin capital and avoid managing multiple crypto assets over a range of liquidity mining, staking, or other defi platforms, reducing fees and risk. Rocket Vault Finance is free to use for retail investors holding the platform’s RVF tokens, with paid services on offer to institutional investors, providing an automated hybrid alternative to riskier yield farming projects and traditional market returns. Several other projects are also contributing to the rapidly growing Indian blockchain ecosystem, expanding the value proposition as a result.
As the threat landscape evolves, security providers have to be always on their toes, and businesses have to adopt a more unified approach to cyber risk management. Some of the biggest challenges that security and risk management leaders face are the lack of a consistent view at a micro and macro level, the ability to prioritise what’s most critical, and maintaining transparency across the organisation when it comes to cybersecurity. “SAFE is built on the premise of these challenges and our ability to provide realtime visibility at both a granular IP level and at an organisational level across people, process, technology, cybersecurity products, and third parties brings a completely new approach to enterprise cyber risk management,” says Saket Modi, Co-founder & CEO, Safe Security, a cybersecurity platforms company. ... Growing at a mindboggling 450 per cent, WiJungle, another AI-based security startup uses AI for automation at the network level and threat detection and analysis. The NetSec (network security) vendor offers a solution for office and remote network security.
The DevSecOps manifesto says that the reason to integrate security into dev and ops at all levels is to implement security with less friction, foster innovation, and make sure security and data privacy are not left behind. Therefore, DevSecOps encourages security practitioners to adapt and change their old, existing security processes and procedures. This may be sound easy, but changing processes, behavior, and culture is always difficult, especially in large environments. The DevSecOps principle's basic requirement is to introduce a security culture and mindset across the entire application development and deployment process. This means old security practices must be replaced by more agile and flexible methods so that security can iterate and adapt to the fast-changing environment. ... Clearly, the biggest and most important change an organization needs to make is its culture. Cultural change usually requires executive buy-in, as a top-down approach is necessary to convince people to make a successful turnaround. You might hope that executive buy-in makes cultural change follow naturally, but don't expect smooth sailing—executive buy-in alone is not enough. To help accelerate cultural change, the organization needs leaders and enthusiasts that will become agents of change.
The escalating prevalence of web shells may be attributed to how simple and effective they can be for attackers. A web shell is typically a small piece of malicious code written in typical web development programming languages (e.g., ASP, PHP, JSP) that attackers implant on web servers to provide remote access and code execution to server functions. Web shells allow attackers to run commands on servers to steal data or use the server as launch pad for other activities like credential theft, lateral movement, deployment of additional payloads, or hands-on-keyboard activity, while allowing attackers to persist in an affected organization. As web shells are increasingly more common in attacks, both commodity and targeted, we continue to monitor and investigate this trend to ensure customers are protected. In this blog, we will discuss challenges in detecting web shells, and the Microsoft technologies and investigation tools available today that organizations can use to defend against these threats. We will also share guidance for hardening networks against web shell attacks. Attackers install web shells on servers by taking advantage of security gaps, typically vulnerabilities in web applications, in internet-facing servers.
Quote for the day:
"Change the changeable, accept the unchangeable, and remove yourself from the unacceptable." -- Denis Waitley