Daily Tech Digest - April 25, 2022

How to avoid compliance leader burnout

Just as a CISO will be held responsible for a security breach, even if the incident was unforeseeable, a compliance leader is considered responsible for all aspects of compliance: getting the appropriate certifications and reports, making sure the company passes its audits, etc. But if traditional methods of compliance are used, the compliance leader has no actual oversight on whether those controls are running. For example, the compliance team may set up controls over user access, but if one control owner forgets to run their control, the resulting failure will likely be blamed on the compliance leader. ... Data-oriented compliance that automatically pulls data from primary sources can sift through a vast volume of data and give an early signal if it senses a problem that needs to be looked at by a security person or engineer. This makes it less likely that a compliance leader will be blindsided by a long-running failure to implement a control. When a control is built into processes that a department is already running, it’s less likely to be overlooked by that department—since the control is part of a process that’s operationally important to the company.

Simplify Cloud Deployment Through Teamwork, Strategy

Liu suggests that when striving for simplification, IT organizations should recognize that simplification of architectures is complex and can be disruptive. That means it’s important to identify the most opportune time that works for the whole organization. “When simplifying, don’t just think about components like network switches or storage,” she says. “If you focus on moving or simplifying one component, your simplification can invite a lot more complexity. Think about simplifying whole infrastructure solutions. Align at the solution- or service-level first.” Stuhlmuller advises that enterprise cloud teams should educate themselves on how networking is done, not only in their primary cloud, but in all public clouds. This allows them to develop a multi-cloud network architecture that will keep them from having to re-architect when – inevitably -- the day comes when the business requires support for a second or third public cloud provider. “Cloud teams supporting enterprise scale businesses discover that building with basic constructs quickly increases the complexity and requires resource intensive manual configuration,” he says.

Most Email Security Approaches Fail to Block Common Threats

Digging into where email defense breaks down, the firms found that, surprisingly, use of email client plug-ins for users to report suspicious messages continues to increase. Half of organizations are now using an automated email client plug-in for users to report suspicious email messages for analysis by trained security professionals, up from 37 percent in a 2019 survey. Security operations center analysts, email administrators, and an email security vendor or service provider are the groups most commonly handling these reports, although 78 percent of organizations notify two or more groups. Also, user training on email threats is now offered in most companies, the survey found: More than 99 percent of organizations offer training at least annually, and one in seven organizations offer email security training monthly or more frequently. “Training more frequently reduces a range of threat markers Among organizations offering training every 90 days or more frequently, the likelihood of employees falling for a phishing, BEC or ransomware threat is less than organizations only training once or twice a year,” according to the report.

Why private edge networks are gaining popularity

For edge computing to gain large-scale adoption across enterprises, APIs need to provide an abstraction layer that alleviates the intensive work of having developers write code to communicate with each system in a tech stack. Abstraction layers save developers’ time and streamline new app development. Alef’s approach looks at how they can capitalize on stable APIs to protect developers from dealing with complex tech stacks in getting work done. Edge device processors are getting more intelligent. The rapid gains in chip processor architectures make it possible to complete data capture, analytics and aggregated at the endpoint first before sending the result to cloud databases. In addition, endpoint devices’ growing intelligence makes it possible to offload more tasks, freeing up network latency in the process. ... All businesses need real-time data to grow. Small gains in visibility and control across an enterprise can deliver large cost savings and revenue gains. It’s because real-time data is very good at helping to identify gaps in cost, customer, revenue and service processes.

Deep Science: AI simulates economies and predicts which startups receive funding

Applying AI to due diligence is nothing new. Correlation Ventures, EQT Ventures and Signalfire are among the firms currently using algorithms to inform their investments. Gartner predicts that 75% of VCs will use AI to make investment decisions by 2025, up from less than 5% today. But while some see the value in the technology, dangers lurk beneath the surface. In 2020, Harvard Business Review (HBR) found that an investment algorithm outperformed novice investors but exhibited biases, for example frequently selecting white and male entrepreneurs. HBR noted that this reflects the real world, highlighting AI’s tendency to amplify existing prejudices. In more encouraging news, scientists at MIT, alongside researchers at Cornell and Microsoft, claim to have developed a computer vision algorithm — STEGO — that can identify images down to the individual pixel. While this might not sound significant, it’s a vast improvement over the conventional method of “teaching” an algorithm to spot and classify objects in pictures and videos.

Stack Overflow Exec Shares Lessons from a Self-Taught Coder

As a self-taught developer, Chan describes that life as an entry-level software engineer as “a really big surprise and shock.” Especially given his past experiences in the world of programmer job interviews. He was baffled by his previous experiences interviewing with large companies, finding himself “failing miserably,” he told the podcast audience. Tech interviews, he said, were “where it’s like, ‘I don’t even know what a red-black tree is, so please don’t ask me more interview questions about that kind of thing!'” By contrast, he’d known of Stack Overflow for years, and considered it the home of “some of the best engineers that I could possibly think of.” ... Chan recalled learning what all new managers learn: while you may have been good at your old position, “once you become a manager, the skillset is completely different.” Or, in his case, “You’re no longer working with computers and with code anymore. You’re working with people, right?” There were more conversations, and listening to people — but also a shift in thought. “This is not about code so much anymore,” he said. 

Founders’ Guide To Embedding Corporate Governance In Your Startup

It would do good for founders to have some role models when it comes to governance and read about the practices and philosophies deployed by them. However, they may have to look beyond the startup universe for that because good governance is usually a sustained phenomenon. Companies that have been in business for decades could only qualify for the same. In my view, the Tata Group in general but specifically under the stewardship of JRD Tata has been the epitome of good governance. Some leading IT services companies like Infosys could also be studied. One does not have to look far and toward the West for such role models. Founders will do well to remember that getting an up round (after passing through diligence) is not a validation that they are doing everything right. Many times, investments happen due to prevailing market sentiment and liquidity. This happens in spaces that are hot and market tailwinds compel investors to close transactions faster. However, such times don’t last forever. Often, when a fastidious investor comes in to write a big cheque, such transgressions come to light.

Improving Your Estimation Skills by Playing a Planning Game

When we look at a large, complex task and estimate how long it will take us to complete, we mentally break down the large task into smaller tasks. We then construct a mental story of how we will complete each smaller task. We identify the sequential relationship between tasks, their interconnectedness, and their prerequisites. We then integrate them into a connected narrative of how we will complete the large task. All of these activities are good, and indeed essential for completing any large task. However, by constructing this mental story, we slip out of estimation mode and into planning mode. This means that we focus upon the how-to’s, rather than thinking back to past experiences, of potential impediments and how they may extend the task duration. Planning is a bit like software development, whilst estimation is a bit like software testing. In development, we are trying to get something to work. So, if our initial approach is unsuccessful, we modify it or try something else. Once we have got it to work, we are generally satisfied and move onto solving the next problem.

How to be a smart contrarian in IT

Start with the end user or the most important stakeholders: Do they find the end results intriguing? Have you built a proof-of-concept solution that tests your hypotheses? Can they get some value and provide you with quality feedback from a minimal viable product (MVP)? Don’t over-engineer a solution to a problem that nobody cares about. Let your customers lead you to what matters and do just enough engineering from there. You’ll still need to add standard enterprise features such as security, user experience, and scale, but the goal is to add them to a product your client wants and values. ... Before you try to solve a problem, find out if anyone on your team or at your company has already solved that problem or has experience with it. Explore wikis and forums to see if solutions have been documented privately or publicly. Too often, we fail to ask questions because we don’t want to appear uninformed or unintelligent. Keep in mind that most people enjoy being asked for advice and would welcome the opportunity to answer a question, especially early in the process when they can help you save time and effort. 

Get ready for your evil twin

Accurately replicating the look and sound of a person in the metaverse is often referred to as creating a “digital twin.” Earlier this year, Jensen Haung, the CEO of NVIDIA gave a keynote address using a cartoonish digital twin. He stated that the fidelity will rapidly advance in the coming years as well as the ability for AI engines to autonomously control your avatar so you can be in multiple places at once. Yes, digital twins are coming. Which is why we need to prepare for what I call “evil twins” – accurate virtual replicas of the look, sound, and mannerisms of you (or people you know and trust) that are used against you for fraudulent purposes. This form of identity theft will happen in the metaverse, as it’s a straightforward amalgamation of current technologies developed for deep-fakes, voice emulation, digital-twinning, and AI driven avatars. And the swindlers may get quite elaborate. According to Bell, bad actors could lure you into a fake virtual bank, complete with a fraudulent teller that asks you for your information. Or fraudsters bent on corporate espionage could invite you into a fake meeting in a conference room that looks just like the virtual conference room you always use.

Quote for the day:

"The signs of outstanding leadership are found among the followers." -- Max DePree

No comments:

Post a Comment