Daily Tech Digest - November 04, 2022

Can today’s videoconferencing tech evolve into tomorrow’s metaverse?

The market continues to reject headset options for virtual reality (VR), with the largest recent failure being 3D TV, which had relatively light and inexpensive headsets compared to other augmented and VR solutions. There are two ways to approach this, and they aren’t mutually exclusive. One is to eliminate the headset and use a different technology such as “hard light” or LED walls. Another, more likely near-term path is to create headsets that have far broader applicability than current headsets do. This means making them more attractive to wear and providing a compelling secondary use (such as watching video entertainment, privacy and security, and safety). If I want to use a headset because it does something I want, while also being useful for videoconferencing, I’m more likely to try it for collaboration. Right now, despite the hype, the metaverse isn’t real enough to be compelling. And headsets are tied tightly to VR experiences that aren’t going to drive their use en masse. This leads to an imbalance between cost, appearance, and utility.

Fill the cybersecurity talent gap with inquisitive job candidates

Curiosity is also critical when entering the cybersecurity field. Especially for those coming from an atypical background, curiosity can lead to the discovery of solutions that may have otherwise been overlooked. It can help them figure out how hackers think and behave, and influence proactive defense strategies after being able to step into their shoes. Curious minds can further lead to the discovery of additional interests within the many facets of the field, making those individuals more well-rounded cybersecurity professionals. ... Another important quality hiring teams can look for in potential cybersecurity candidates is a strong willingness to learn. This encompasses both tenacity and curiosity: Those who are determined and interested in discovering new information are consistently willing and ready to face new challenges. Cybersecurity can be complex and multifaceted, and those who can be patient and take the time to learn the breadth and depth of the field can be successful in unique ways.

Looking for a remote work job? It's getting harder to find one

"In many ways, employees still hold the power to demand more from their employers when it comes to salary, flexibility and benefits. But this power balance is likely to start levelling out in the coming months," she said. Employees and jobseekers are also bracing for an economic slump, with LinkedIn finding that candidates' confidence in their ability to improve their financial situation has "decreased or remains low" compared with August 2022. Guy Berger, principal economist at LinkedIn, said that while employers could not eliminate uncertainty in the year ahead, they could at least "mitigate it" for employees by putting more effort into supporting employee morale. "Consider relatively low-cost, high-value benefits that you might have overlooked before," said Berger. "Don't underestimate the calm that can follow when you reassure employees that you hear them, and that times aren't tough forever." Indeed, salary isn't the only thing employees care about in their careers: work-life balance, flexible-working arrangements and upskilling all rank highly, LinkedIn found.

Solving the Culture Conundrum in Software Engineering

The role of the software engineer has changed; it is no longer about writing code in isolation without much regard for or knowledge of how it benefits the business. Developers work better when they have clarity about the direct impact their work will have on achieving business goals and on the bottom line. It’s down to business leaders to communicate these challenges and goals (in other words, understand the “why”) to help software developers understand what they’re trying to achieve. But doing so in a way that moves towards a better working culture requires a new approach to building and managing software development teams. The first step is casting aside the negative stereotypes many have of software engineers and celebrating the intellectual and cultural diversity within their teams. Diversity of personnel brings a diversity of personalities, which is crucial to creating more inclusive cultures that accept and welcome all characters with open arms. While this may seem obvious, what is often overlooked is the impact diversity can have on stimulating and increasing innovation.

8 bad communication habits to break in IT

“IT leaders are incredibly talented and well-versed in what they do. They know the problem and solution well, and they’re often eager to point out the features and functionality when fielding questions from the end user. “However, when addressing questions from the business, IT leaders need to take a step back to ensure they’re answering the correct question for the right audience. Failing to do so can lead to confusion and credibility gaps. When you mix technology and business professionals, the way you answer questions may need to shift. Make sure you understand in detail what’s being asked and determine how to answer the question in a way that will make the most sense to them. The more IT leaders listen carefully and ask clarifying questions when needed, the better they’ll become at communicating.” ... “As a profession, technologists don’t have a strong reputation as great listeners. We have a bad habit of hearing and immediately responding, which makes it seem like we’re not listening. “We teach IT professionals the H.E.A.R. model: hear, empathize, analyze, respond. This is especially important when we need to have a difficult conversation, like addressing an idea that isn’t practical ... "

Startups Scratch the Surface of AGI Without Really Understanding It

Researcher and author Gary Marcus has often pointed out how contemporary AI’s dependence on deep learning is flawed due to this gap. While machines can now recognise patterns in data, this understanding of the data is largely superficial and not conceptual—making the results difficult to determine. Marcus has said that this has created a vicious cycle where companies are caught in a trap to pursue benchmarks instead of the foundational ideas of intelligence. This search for clarity pushed a lot of interest into interpretability and the money followed later. Until a couple of years ago, explainable AI witnessed its time in the spotlight. There was a wave of core AI startups like Kyndi, Fiddler Labs and DataRobot that integrated explainable AI within them. Explainable AI started gaining traction among VCs, with firms like UL Ventures, Intel Capital, Light Speed and Greylock seen actively investing in it. A report by Gartner stated that “30% of government and large enterprise contracts will require XAI solutions by 2025”.

Is an Outsourced DPO Function the Answer?

Some DPO duties lend themselves to being carried out by a third party outside the business, such as the volume tasks mentioned above, but for others it will be more appropriate to carry them out in-house. For example, effective data mapping requires an intricate knowledge of the company’s day-to-day business processes that may be difficult to communicate to a third-party provider. Likewise, an internal DPO may find it easier to monitor the company’s ongoing data protection compliance, given their involvement in the organisation’s operations. Businesses may therefore wish to consider a hybrid approach, whereby some DPO functions are contracted to an external provider while certain duties are fulfilled within the organisation. Which processes are outsourced and which processes remain internal will depend on the specific processing activities carried out and where internal capabilities and strengths lie. Experts could also be engaged to work with a business to create an internal privacy framework which is then applied uniformly both internally by staff, and externally by an outsourced DPO function.

How Apiiro leverages application security for the software supply chain

Because cybercriminals look to exploit any vulnerabilities they can find in an organization’s application stacks, both security teams and developers need to be extremely proactive at pinpointing and remediating vulnerable applications and code throughout the software supply chain. Apiiro aims to do this by enabling developers to discover every API, service and artifact to create a software bill of materials (SBOM), as well as to identify exposed secrets, AOPI and OSS vulnerabilities and misconfigurations that increase risk. “The unrelenting demand for next-generation application security solutions has allowed us to deploy our product at scale with leading Fortune 500 customers,” said Idan Plotnik, cofounder and CEO of Apiiro. “Early innovation enables us to grow faster and more efficiently than the competition, and we are building the company for hyper-growth. The combination of our team, business momentum, and support from top-tier investors positions Apiiro to continue to lead a growing industry.”

Key Basic Principles to Secure Kubernetes’ Future

While Kubernetes is designed to be secure, only responding to requests that it can authenticate and authorize, it also gives developers bespoke configuration options, meaning it is only as secure as the role-based access control (RBAC) policies that developers configure. Kubernetes also uses what’s known as a “flat network” that enables groups of containers (or pods) to communicate with other containers by default. This raises security concerns as, in theory, attackers who compromise a pod can access other resources in the same cluster. Despite this complexity, the solution to mitigate this risk is fairly straightforward: a zero trust strategy. With such a large attack surface, a fairly open network design, and workloads sitting across different environments, a zero trust architecture, one that never trusts and always verifies, is crucial when building with Kubernetes. ... All internal requests are considered suspicious, and authentication is required from top to bottom. This strategy helps mitigate risk by assuming threats exist on the network at all times, and so strict security procedures are constantly maintained around every user, device and connection.

Stemming the Security Challenges Posed by SaaS Sprawl

Corey O’Connor, director of products at DoControl, a provider of automated SaaS security, notes that remote and hybrid working models made a significant impact on both SaaS utilization and sprawl. “When they started to gain traction, CIOs responded by allowing the business to use whatever tools necessary to enable the business,” he explains. “This challenged CISOs as well as IT and security teams given the surge in SaaS adoption and utilization.” This created security gaps that needed to be addressed as organizations began to navigate the “new normal” for working environments. “With the workforce now more in a decentralized nature, there's a critical need to centralize security throughout all the disparate SaaS applications meant to drive business enablement,” O'Connor says. Ofek agrees, noting as more organizations adopt hybrid work models, security and IT teams will need to devise new processes, policies, and controls around SaaS applications to allow for secure but easy access--and it starts with visibility.

Quote for the day:

"Don't necessarily avoid sharp edges. Occasionally they are necessary to leadership." -- Donald Rumsfeld

No comments:

Post a Comment