While some small firms might to look to hire an IT director on a temporary basis, McCabe says most will want to avoid bringing in a costly consultant. "There's a sliver of venture capital-backed tech companies with a CIO or someone with an equivalent title, but not the vast majority of small firms," she says. For SMB owners and managers who want technology expertise without high fees, McCabe suggests a different route. "I'm a big fan of industry associations and regional technology councils. They can be really great because people in these organisations are in businesses like yours," she says. ... "The challenge for smaller organisations is developing brand and trust," says Bev White, CEO of Nash Squared. "Where there are so many players, how can you stand out from the crowd when few people might know who you are?" Her firm's research suggests twice as many SMBs (23%) as larger corporates (10%) are extremely or very effective at scaling good ideas and stopping poor ideas quickly. SMBs should be on the lookout for novel ways to source technological solutions to business challenges, so go to conferences, attend meetups and take part in specialist events.
One issue when adopting platform engineering is the tendency to build another silo. A good example would be a ticketing system where users can request features or report bugs, the requests go into the platform engineering realm, and are eventually resolved. You can combat this by focusing on enabling users to self-serve their own needs with your portal by providing accurate and relevant documentation, training sessions and pairing with users to solve their problems. Another issue is prioritizing the right things. There are a lot of users from many different parts of your organization, so having a single feature request pipeline for those things users cannot self-serve with a committee deciding on priority is essential to servicing the needs of your organization effectively. Keep your platform team adaptable and not stuck in the past ways of doing things. With the rapid pace of change in IT, it’s hard to keep up. Enablement is one way you can ease the burden on your team, but also allowing your team a consistent amount of time to train on new technologies is another.
There is no doubt that SBOMs should be requested from your software vendors and that you should consider creating SBOMs along with your own developed software. It’s all about the proper storage of the SBOMs so you can be sure they’re recent, searchable and trustworthy and tamper-proof. The benefits and use cases for SBOMs are numerous; they vary across stakeholders who produce, choose and operate software and are amplified when combined. Use cases for SBOMs include better software development, supply chain management, vulnerability management, asset management and high assurance processes. The benefits include reducing cost, mitigating security risk, license risk and compliance risk. But the key is making the SBOM actionable. No developer, no software maintainer or DevOps engineer wants to manually collect the dependencies and produce SBOM documents. It needs to be fully automated within the software build and deployment pipeline and there needs to be a proactive check of where it’s currently running.
Simply throwing people together and expecting them to figure out how to work together like this will most likely result in failure, but that's the point. You want them to fail, not to stop and go back to how things were, but to figure out why they failed. You want them to talk about what is and isn't working and what they can do differently. The problem leadership needs to help these people overcome is the assumption that high-performing people and teams don't fail. So we will do our best to avoid failure at the first signs of it. Leadership must show that failure is a natural by-product of experimentation and that high performers produce and share their failures; not avoid, deny, ignore or distort them, but learn from them. But for people to embrace failure like this, they need high levels of psychological safety, meaning team members can take interpersonal risks and be vulnerable by sharing what they don't know, what they don't understand or mistakes they have made without fear of judgement or that it will affect their prospects negatively.
The root of trust is an essential part of future systems. Google has a tradition of making contributions for transparent and best in-class security, including our OpenTitan discrete security solutions on consumer devices. We are looking ahead to future innovations in confidential computing and varied use-cases that require chip-level attestation at the level of a package or System on a Chip (SoC). Together with other industry leaders, AMD, Microsoft, and NVIDIA, we are contributing Caliptra, a re-usable IP block for root of trust measurement, to OCP. In the coming months we will roll out initial code for the community to collectively harden together. ... To address the challenges of reliability at scale, we’ve formed a new server-component resilience workstream at OCP, along with AMD, ARM, Intel, Meta, Microsoft, and NVIDIA. Through this workstream, we’ll develop consistent metrics about silent data errors and corruptions for the broader industry to track. We’ll also contribute test execution frameworks and suites, and provide access to test environments with faulty devices.
Autonomous machine intelligence is the common goal in both these approaches, but with reinforcement training there is always a human agent driving the working of the machine, while unsupervised learning proposes to learn from observation. Self-supervised learning advocates talk about the inefficiency of trial-and-error methods but uncertainty still remains a major barrier for self-supervised learning. Sergey Levine from Berkeley AI Research recently proposed a solution of combining self-supervised learning with offline-reinforcement learning, that explores the possibility of enabling models to understand the world without supervision and allow reinforcement learning to explore causal understanding of the world, thus expanding the dataset close to infinite. Yann LeCun proposed the World Model in paper in June 2022, which uses a “cost module” in its architecture that measures the energy-cost of an action by the machine. When reinforcement learning is scaled on larger datasets, the reward maximisation also needs further scaling.
Plenty of insurers expect their clients to form their own partnerships. Even if that is not the case, it is advisable to form relationships with security and incident response firms and establish a solid perimeter from the outset. This is particularly true for smaller companies who do not have the resources to support dedicated internal staff. Doing so may even reduce insurance premiums. “It should start at the company level,” suggests Pankaj Goyal, senior vice president of data science and cyber insurance for cyber security firm Safe Security. “How do you think about cyber risks? What are the gaps? What is the financial risk? How much can you mitigate by investing in cyber budgets or cybersecurity products? And then how much risk do you need to transfer?” “The onus is on the client to make sure that they bring in the right expertise. That expertise can be around assessing the risk itself, understanding the gaps, understanding the risks, and figuring out what improvements can be made,” Goyal maintains.
Web2 has fundamentally altered both the web and the sectors that sustain it. With just one click, users may now collect, create, and distribute enormous volumes of data and the Web as we know it today was made possible with the addition of user-generated content and dynamic, interactive websites through Web2. Web3’s expansive acceptability and usage are correlated with those of blockchain, cryptocurrency and cyber security. Blockchains for cryptocurrencies are open ledgers that keep track of and validate all transactions inside a network. Everyone has access to transactions, the involved pseudonymous addresses, and the amounts of money transmitted. Users of blockchain-based systems like Web3 are recognised by their public key and blockchain address, making them pseudonymous. Compared to independent websites hosted on a single server, Web3 uses the immutable ledger of the blockchain to store data. This means that Web3’s use of the blockchain offers more resilience, protection against censorship, and other benefits.
Observability tooling has become critical on the road to digital transformation. As DevOps and cloud, the key enablers of digital transformation, guide us towards ever more federated and distributed processes and systems, incidents become more unpredictable, and observability is our best chance for assuring availability. IT professionals have always dealt with change, but never at the speed of our current digital transformation. ... “Think of the origins of the word ‘observability.’ According to the Oxford dictionary, ‘observe: notice or perceive (something) and register it as being significant.’ The ability to ‘observe’ an application and its related elements provides a proactive opportunity to optimize the data, logs, metrics, traces, etc. in order to predict its performance in real time and contribute to root cause analysis when necessary. Observability not only allows for post-production insight into performance; it requires an intention to build observability into the design and development of applications and infrastructure.
In comes cloud engineering, which, Stratton contends, applies standard software engineering practices and tools across application development, infrastructure and compliance — usually just the first — pursuant to leveraging the cloud effectively. His talk offered how to combine the basics of DevOps’ CALMS — culture, automation, lean, measurement, and sharing — with the foundation of cloud engineering — build, deploy, manage — all with a cloud native mindset. Let’s dive into his breakdown now. ... The manage side of cloud engineering comes down to creating this level of visibility across a development and deployment cycle, with a common vocabulary that connects to business objectives. At this stage, Stratton explains that security is everyone’s job, not just shifting that responsibility on new shoulders. Cloud engineering aims to put controls and process in place to enable, enhance and automate as much as possible, especially around security and compliance, taking the blame away from the individual.
Quote for the day:
"A leader takes people where they would never go on their own." -- Hans Finzel