Daily Tech Digest - April 26, 2021

Technology, Management or Data? How To Choose Your Career

Dr Sarkar stated, “Given the current job landscape, the methods of pursuing degrees and programs are evolving and getting digitised. Let’s take a look at a couple of examples, such as MTech Programs and MBA Programs. Classically, they are about depth in specific branches. Now, an MTech program or MBA program no longer includes only the core disciplines, rather, it has become a fusion of important disciplines required to solve real-time problems.” “Therefore, even if you are trying to think of yourself as going through the technology route, doing an MTech program, you will probably end up doing a fair amount of business applications using data, given the kinds of projects and courses. Similarly for an MBA program, you will go beyond the core disciplines and you will also use data and technology. The traditional programs are evolving to fit today’s workplace,”he added. At present, data holds a special place among organisations. This is one of the reasons why data is embedded within the current programs. The deployment of data is done through technology, for instance through cloud-based applications, he said.

Connected medical devices brought security loopholes mainstream

First, when it comes to firmware updates, it is advisable to initiate an orchestrated process that ensures only authorized administrators can make changes to the device and that the update is applied properly. An update failure should trigger an alert so the device can be otherwise secured or replaced by another device. Second, for patients, cybersecurity leaders must give clear instructions on how to install and configure the device as well as the home network. This will translate into proper operation and a secure connection to transmit encrypted data from patient to doctor. One potential solution is to tailor the device connection type. For example, peer-to-peer connections bypass the public cloud to deliver encrypted information between user and device. Third, for devices, strong authentication with public key schemes is a must. Similar to what is used by online banks, public key authentication uses cryptographic keys to identify and authenticate peers instead of a username and password. Using cryptographic keys for authentication has the advantage that they are practically impossible to brute-force crack and do not require the user to remember anything.

Clean Code for Data Scientist

The number one reason, from my experience, is the nature of our work being “high-risk”. Meaning, when we write the first line of code in the script, we usually don’t know what will happen with it — Will it work? Will it be in production? Will we use it ever again? Is it worth anything? We might end up spending much of our time on risky POCs or one-time data explorations. In those cases, writing the neatest time-consuming code might not be the right way to go. But then, this POC we wrote in a sketchy fashion turns into an actual project, it even gets to production, and its code is a mess! Sounds familiar? Used to happen to me all the time. ... What’s common to all code writers out there is the time aspect. Writing clean code costs more time in the first place since you need to think twice before writing any line of code. We’re always pushed or encouraged to get things done, fast, and it might come at the expense of our code. Just remember — getting things done fast, while in a hurry, can come to bite you later when you’re dealing with bugs on a daily basis. Your time spent writing clean code will for sure pay for itself in the time saved on bugs.

Stop using your work laptop or phone for personal stuff

In the age of remote work, it's easier than ever to blur the lines between our personal and professional tech. Maybe it's sending personal texts or emails from your work phone, editing personal documents or photos on your work laptop, or joining a virtual happy hour with friends from your work tablet. None of these actions may sound like a particularly risky activity, but as a former "IT guy" I'm asking, nay pleading, with you to stop doing them. At least the potentially more hazardous activities, such as storing personal data on your work machine or storing sensitive company data on your personal devices. Do it for the security of your employer. But more importantly, do it for the safety, privacy and wellbeing of yourself, your family and friends. Cybersecurity incidents can have serious negative consequences for both your employer and you. And even if an actual security breach or data leak doesn't occur, you could be reprimanded, demoted, fired, sued or even criminally prosecuted. Take the case of former CIA director John M. Deutch.

The cyber security mesh: how security paradigms are shifting

Without a doubt, the cyber security teams in your business are finding themselves in an increasingly complex situation. The adoption of the cyber security mesh has been effectively accelerated by several drivers, including digital initiatives and the opportunity to take advantage of IoT, AI, advanced analytics and the cloud. These drivers, along with the demand for increased flexibility, reliability and agility, have led more and more businesses to adopt a cyber security mesh. This distributed cyber security approach offers a much-needed chance for increased reliability, flexibility and scalability. ... Ultimately, the continued breakdown of the traditional technology stack with elevated virtualisation of services means the way organisations look to protect themselves is set for an upgrade. Effective cyber security is about being able to match and marry your protection to the circumstances in the world around it. As a society, as technology and even government policy begins to change, so will your points of exposure. Of course, the past year has seen an acceleration in these changes, and this has demonstrated that businesses should be as prepared for the unlikely as they are for the likely, which is exactly what a robust cyber security plan should look like.

Best practices  - code review & test automation.

Doing test automation is about writing code. Test automation code can be easily treated as “second-class citizens”. As it’s not delivered to customers, development is often less formalized and may lack the scrutiny and quality practices otherwise applied in the organization. Lately, I’ve been doing lots of code reviews. ...  All of the reviews exclusively cover end-to-end test automation: new tests, old fixes, config changes, and framework updates. I adamantly believe that test automation code should undergo the same scrutiny of review as the product code it tests because test automation is a product. Thus, all of the same best practices should be applied. Furthermore, I also look for problems that, anecdotally, seem to appear more frequently in test automation than in other software domains. Code review is a very important phenomenon in the SOFTWARE development process. Made popular by the open-source community, it is now the standard for any team of developers. If it is executed correctly, the benefit is not only in reducing the number of bugs and better code quality but also in the training effect for the programmer.

What You Might Not Realize About Your Multi-Cloud Model

It’s common knowledge in the tech world that the vast majority of organizations shifting to public cloud are adopting a mix of hybrid and multi-cloud operating models as part of their cloud strategy. In response, all three of the major cloud providers, including Amazon, Microsoft, and Google, are expanding their service offerings for this positioning. Correspondingly, the market is seeing an uptick in customers that are using these hybrid and multi-cloud environments. According to a recent Gartner research statistic, over 80% of enterprises characterize their strategy as multi-cloud. This can run the gamut from organizations deploying a combination of providers to create a multi-cloud network to firms implementing five or more unique public cloud environments. In reality, while these organizations think they are operating in a multi-cloud environment, they are simply operating “multiple clouds.” This is more than just semantics: Multiple cloud does not equal multi-cloud. And not understanding the nuances may leave a lot on the table when it comes to a CIO managing enterprise IT.

Shift Left: From Concept to Practice

Because developers work with code and in Git, it is logical to apply security controls in Git. Looking at secrets leaks, shifting left means automatically detecting secrets in the code and allowing the different members of the SDLC to collaborate. Remediating secrets leaked in Git repositories is a shared responsibility among developers, operations, and application security (if the secret is exposed in internal code repos) or threat response (if the secret is exposed externally). The processes depend on the organization's size, culture, and how it splits responsibilities among teams. They all need one another, but developers are on the front line. They often know what the leaked secret gives access to. However, they can't always revoke the secret alone because it might affect production systems or fellow developers using the same credentials. Also, it's not only about revoking; it's also about redistributing (rotating), which falls under operations' responsibilities. While remediating, it is also important to keep security professionals' eyes on the issue. They can guarantee that proper remediation steps are followed and guide and educate developers on the risks.

Agile management: How this new way of leading teams is delivering big results

Porter says BP's initial implementations of Agile have helped the company to embed its working processes into various areas of the business. He says the benefits of an Agile way of working are clear. "'It's really liberating' is what we're hearing from the various pilots and work that has started already," he says. "So we're seeing that play out in the broader BP and getting some really good indications back from where we have used Agile in the past and what's coming at us as we embed our design throughout the organisation." The introduction of Agile leadership isn't without its challenges. As managers empower their teams, so they stop being involved in the minutiae of decision-making processes. Get Agile management wrong and there's the possibility for chaos and anarchy. Good Agile managers don't use command-and-control approaches to manage their staff, but they do focus on fostering accountability. Porter says BP wants to avoid diluting the devolved decision-making processes that Agile encourages. Teams at the company are typically organised into small groups of between 10 and 20 people, depending on the organisational context.

How to Prioritize Your Product Backlog

Your product backlog should be a list of all the product-related tasks your team needs to complete, including the division of responsibility and the time frame. The problem is that the list is not intended to be conclusive. It needs to be flexible and will change according to the other things that are happening. For example, a hotshot product release by a competitor may mean you need to release a product update earlier than expected to compete, meaning everything else gets pushed back. Even events such as attending conferences (virtual or in-person) may mean that teams may prioritize sales and marketing visible tasks in an effort to connect with new customers. But the problem occurs when tasks keep getting pushed below the list, and the product manager struggles to maintain momentum to review and organize all the tasks in preference and priority. An effective product backlog list needs to be well structured, organized to be easily read and understood, and arranged to meet the company's strategic needs.

Quote for the day:

"Strong leaders encourage you to do things for your own benefit, not just theirs." -- Tim Tebow

No comments:

Post a Comment