7 secrets of successful vendor negotiation
Intentionally withholding critical information is also a terrible tactic.
“Vendors and prospects do this all the time, and it never works,” Plato notes.
For example: not having the funds necessary to acquire and deploy a technology
and expecting the vendor to somehow provide a solution. “It’s unfair to waste a
salesperson’s time if you’re not ready to purchase,” Plato states. The reverse
is also true for vendors, he notes. “Don’t tell a customer you can meet their
expectations when you cannot,” IT negotiations aren’t all that much different
from any other type of business bargaining, observes Dmitry Bagrov, managing
director of software development firm DataArt UK. “All negotiations rely on
basic principles that are universal, and one of the most basic and most often
forgotten is that the contract should be profitable for both sides.” Squeezing a
vendor for an unprofitable rate or any other unrealistic consideration will only
result in an unhappy partner that may then look to increase its margin by
supplying inflated estimates, inferior resources, and other types of
corner-cutting. Bagrov cautions IT leaders not to fall for the old Hollywood
bromide: “It’s not personal; it’s business.”
New Microsoft Sysmon report in VirusTotal improves security
Whether you’re an IT professional or a developer, you’re probably already using
Microsoft Sysinternals utilities to help you manage, troubleshoot, and diagnose
your Windows systems and applications. The powerful logging capabilities of
Sysinternals utilities became indispensable for defenders as well, enabling
security analytics and advanced detections. The System Monitor (Sysmon) utility,
which records detailed information on the system’s activities in the Windows
event log, is often used by security products to identify malicious activity.
The new behavior report in VirusTotal includes extraction of Microsoft Sysmon
logs for Windows executables (EXE) on Windows 10, with very low latency, and
with Windows 11 on the roadmap. This is the latest milestone in the long history
of collaboration between Microsoft and VirusTotal. Microsoft 365 Defender uses
VirusTotal reports as an accurate threat intelligence source, and VirusTotal
uses detections from Microsoft Defender Antivirus as a primary source of
detection in its arsenal. Microsoft Sysinternals Autoruns, Process Explorer, and
Sigcheck tools integrate VirusTotal reports, and VirusTotal itself uses Sigcheck
to report details on Windows portable executable files.
Top tips for growth and success as a developer
The niche role of developers and the specialisation of their skillsets can often
lead to isolation. Individuals may not necessarily collaborate with others on
the same project, leaving them unaware of how the whole project was completed
from start to finish. In contrast, a more collaborative approach, where
individuals are encouraged to share ideas and actively work together on tasks
can have a multitude of benefits. Not only does it provide a greater
understanding of the project management aspect of developer projects, but it
allows developers to gain insight, through the expertise of others, into code
they may never have written before. ... While skilling up on new technologies is
always good, developing your “soft” skills is equally important for your future
career prospects. Open source gives you the chance to progress a range of these
skills, such as communication, teamwork, and problem-solving. Even the most
skilled developers can benefit from open source, where they can learn new skills
and form important peer networks.
Database Testing Made Simple, Efficient and Fast
If you involve a database in your Java test suite, make sure it’s a
containerized one. The Testcontainers framework takes care of the simplicity
requirement. It adds the much-needed abstraction layer around Docker to
provision, start and tear down a container of your database during the test
suite lifecycle. And it does it with minimum boiler plate, keeping your tests
readable. ... An efficient suite of tests does not target the same
functionality twice. However, to some degree it’s unavoidable that generic
code is called multiple times. Imagine a simple query to fetch a user record.
This will be invoked in multiple test scenarios. Throughout the entire test
run it may be called fifty times whereas its functionality needs to be
validated only once. This is wasteful. Imagine a test that validates the
unhappy paths in the snippet below. We want to catch the proper exceptions for
an unknown member, unknown movie, user too young and maximum number of rentals
exceeded. Every subsequent scenario repeats more queries until it throws its
expected exception.
How to right-size edge storage
Edge data centers are generally small-scale facilities that have the same
components as traditional data centers but are squeezed into a much smaller
footprint. In terms of capacity, determining edge storage requirements is
similar to estimating the storage needs of a traditional data center, however
workloads can be difficult to predict, says Jason Shepherd, a vice president
at distributed edge-computing startup Zededa. Edge-computing adopters also
need to be aware of the cost of upgrading or expanding storage resources,
which can be substantial given size and speed constraints. "This will change a
bit over time as grid-based edge storage solutions evolve, because there will
be more leeway to elastically scale storage in the field by pooling resources
across discrete devices," Shepherd predicts. A more recent option for
expanding edge-storage capacity independently from edge-compute capacity are
computational storage-drive devices that feature transparent compression. They
provide compute services within the storage system while not requiring any
modifications to the existing storage I/O software stack or I/O interface
protocols, such as NVMe or SATA.
Smartphone counterespionage for travelers
If you’re deemed a target worthy of espionage, the IMSI catcher may even be used
to install malware on your device. Such malware can take complete control of
your phone, granting spies access to the contents on it, the communications from
it and even its cameras and microphones. IMSI catchers have been detected at
airports throughout the world, including in the United States. But really, they
can be located anywhere, including at chokepoints like train stations and
shopping centers as well as in the vicinity of hotels typically frequented by
foreign travelers. If you’re lucky enough to avoid an IMSI catcher, you can
still be monitored by local intelligence through the cell network alone. This is
especially true in countries where the cellular infrastructure is state-owned.
At the very least, spies will have access to your real-time location and the
metadata of your calls. As with IMSI catchers, the cell network can also be used
to deliver malware to your device, typically through a malicious carrier update
that happens behind the scenes. The end result is that if you’re traveling to a
foreign country, especially one that’s hostile to your home country or known to
engage in economic espionage, you have to assume that your smartphone will be
compromised at some point.
DevOps: 3 skills needed to support its future in the enterprise
While the future looks promising for DevOps experts, much will depend on how
DevOps engineers are leveraged to transform how work gets done. For instance,
DevOps engineers must continually strive to break down silos while also moving
away from traditional development, deployment, and waterfall builds that
inhibit the velocity of scalable, qualitative, and reliable software. In a
pandemic and post-pandemic world, organizations are modifying their operating
plans and must deal with a distributed workforce. IT teams must also consider
automation and unbundling previously existing complexities such as siloed
development and operations teams. Everything-as-code, hybrid cloud operating
models, and automated workflows will be top priorities for every DevOps team.
Digital services must excel across all organizational functions in order to
delight customers. Meanwhile, organizations will continue to focus on how to
increase revenue while reducing costs. Experience, processes, effectiveness,
utilization, quality, and speed are the levers for improvement.
CISA Leader Backs 24-Hour Timeline for Incident Reporting
Wales' support for a 24-hour timeline aligns with the Senate Select
Intelligence Committee's Cyber Incident Notification Act of 2021 - sponsored
by Sens. Mark Warner, D-Va., Marco Rubio, R-Fla., and Susan Collins, R-Maine.
The bill would require federal agencies, federal contractors and organizations
that are considered critical to U.S. national security to report security
incidents to CISA within 24 hours of discovery. Per the bill, companies that
do not report an incident within 24 hours could face a maximum financial
penalty equal to 0.5% of the previous year's gross revenue. The measure,
however, allows for exceptions to the penalty. Another provision would allow
organizations to anonymize personal data when they report a breach - to
encourage victims to report incidents without revealing sensitive data. Some
cybersecurity experts have said that it's unrealistic to expect organizations
to report incidents within 24 hours of discovery because they need more time
to properly assess an attack and determine if it meets the criteria for
notification.
The best approach to AI assistants and process automation for your business
For firms to harness the full potential of AI assistants and process
automation, an effective approach is to consider how closely the two are
intertwined. We’ve seen from experience that one of the most effective and
logical methods of implementing AI and automation is to introduce digital
assistants into their existing customer services, where they can be used to
capture and create a log of conversations. Presently, many companies’ customer
services are constrained by the availability of their employees to man
phonelines or speak to customers in person, which can be a challenge outside
of normal working hours. Digital assistants help to remove the customer
services gap by offering a 24/7 solution with which consumers can share their
questions and issues whenever they need to, safe in the knowledge that the
enquiry will be logged and prioritised accordingly. This is not to suggest
that digital assistants should be viewed as a replacement to human engagement
with customers – a survey conducted by Dutch tech firm Usabilla found that 55%
of people still like to speak with a human customer service agent on the
phone.
Takeoff: What Software Development Can Learn from Aviation
As with pilots practicing how to react to an engine outage, we regularly practice how to react to a database outage. Once a month two of our engineers are randomly selected to run a database outage drill. We present them with the scenario that one of the databases on our staging system has crashed and needs to be restored from a backup. In this scenario they are the only people available and need to get the database up and running as soon as possible. We learned pretty quickly that these drills are enormously helpful. They give our people the confidence that if something like this actually happens, they won’t have to guess (or find some documentation on) what the next move could be, but can rely on their experience. It also greatly improved our documentation and tooling which apart from being helpful in an emergency, has given us a better overview of our system landscape. We can already see that when performing the drill for the second or third time, our engineers are a lot more relaxed. They know what to do and what to expect.
Quote for the day:
"When leaders are worthy of respect,
the people are willing to work for them. When their virtue is worthy of
admiration, their authority can be established." -- Huananzi
No comments:
Post a Comment