Many CISOs are already unofficially doing the work that comes with the CTrO role, according to Pollard. They are doing customer-facing work, navigating third-party risk management, and focusing on enterprise resilience. “CISOs that spend more time on customer-facing activity, they are at companies that grow faster,” Pollard asserted. “Cybersecurity touches revenue, and security leaders that are able to carve out the time to focus on customer activity help drive hyper growth.” CISOs who are driving growth for their companies are playing an important part on the leadership team, and if they’ve been in the role for a long enough time, it could be time to ask the question “What comes next?” CISOs who have been in their position for 48 months are due for a title-level promotion, according to Pollard. And CTrO is that next step. ... Through his research, Pollard is seeing the CTrO role filled at a number of organizations. Cisco has a chief trust officer. So does SAP. “We're not talking about small, innovative startups. We're talking about goliath businesses that recognize the importance of trust in what they do,” Pollard said.
The regulatory challenges faced by Web3 are currently much fresher, arguably more nuanced and in some cases, urgent. It cannot be regulated as a single entity, as its multitude of use cases demand a multitude of approaches. Specific rules governing the security and availability of systems, finance, archives, identity and IP rights will need to be set. The good news is that policymakers could leverage Web3’s benefits to impose regulation. As it’s based on decentralisation and automation, it’s not far-fetched to imagine the technology being used to enforce and automate taxation, for example. Currently, Web3 platforms like cryptocurrency exchanges or NFT marketplaces aren’t standardised, with inconsistent UX and language used to communicate concepts. Often, these platforms have little or no duty to educate about safety or establish protections, and while platforms like Coinbase and OpenSea do a good job here, it’s far from the norm and scams are still commonplace owing to lack of understanding.
Looking at business outcomes such as sustainability and agility, the partners regard industrial private 5G as an enabler of digital transformation in smart manufacturing to help deliver connected worker applications, mobile asset applications and untethered fixed industrial asset applications. The former are seen as able to increase visibility and intelligence through mobile digital tools, such as analytics, digital twins and augmented reality (AR), while mobile asset applications increase agility and efficiency with autonomous vehicles, such as automated guided vehicles (AGVs) and autonomous mobile robots (AMRs). The consortium’s tests were run according to an established test plan provided by Rockwell Automation with success criteria of zero faults. It outlined a series of test cases to establish reliable Ethernet/IP standard and safety (CIP Safety) I/O connections from a GuardLogix area controller, with a range of requested packet interval (RPI) settings – the rate at which the controller and the I/O exchange data – over the 5G RAN to the FLEX 5000 standard and safety I/O.
The best security experts will tell you that there’s never an easy, or a single solution to protect your intellectual property, and combined measures, protection layers and methods are always required to establish a good protective shield. In this article, we focus on one small layer in source code protection: code obfuscation. Though it’s a powerful security method, obfuscation is often neglected, or at least misunderstood. When we obfuscate, our code becomes unintelligible, thus preventing unauthorized parties from easily decompiling, or disassembling it. Obfuscation makes our code impossible, (or nearly impossible), for humans to read or parse. Obfuscation is, therefore, a good safeguarding measure used to preserve the proprietary of the source code and protect our intellectual property. To better explain the concept of obfuscation, let’s take “Where’s Waldo” as an example. Waldo is a known illustrated character, always wearing his red and white stripy shirt and hat, as well as black-framed glasses.
The appeal and real benefits of having the security systems be the whole network are clearest for smaller and midsized companies. They are more likely to have uniform and relatively simple needs, and also to have thinner staffing. They are more likely to have difficulty affording, attracting, and retaining the talent they need in both security and networking. So, having just one platform to become expert in, one platform to train new staff on or to outsource the management of lets them make the most of the staff they have. The benefits are less clear for larger company. These tend to have more complex environments and requirements, and are less likely to tolerate the risks of monoculture given they are better able to staff for and support a blended ecosystem. So, should security systems be the network? For smaller organizations, it looks viable with the caveats outlined above. For most larger organizations, I think the answer is currently no. Instead, they should focus on making their network systems a bigger part of the security infrastructure.
Creating actionable data and analytics programs to educate employees is one of the most effective ways to bridge the skills gap. We have seen successes with executive-sponsored datathons or when companies gamify their learning experience. We also think it’s important for technical data experts to act as mentors to knowledge workers with domain expertise and guide them through the analytics process. We believe this collaboration between technical experts and domain experts will help organizations achieve breakthroughs with their data faster. Finally, analytics needs to be easy, not complex. Organizations should invest in technologies that move away from being highly dependent on writing code. ... Data and analytics generate ROI in many ways. First are the time savings. Organizations that shift from spreadsheet-based processes save several hours per week, sometimes up to a third of their time per worker – multiply this by all the domain experts and knowledge workers still stuck in spreadsheets and you’ve got some serious time savings. This is just the tip of the iceberg.
Disgruntled employees can sabotage networks or make off with intellectual property and proprietary information, and employees who practice poor security habits can inadvertently share passwords and leave equipment unprotected. This is why there has been an uptick in the number of companies that use social engineering audits to check how well employee security policies and procedures are working. In 2023, social engineering audits will continue to be used so IT can check the robustness of its workforce security policies and practices. ... Cases of data poisoning in AI systems have started to appear. In a data poisoning, a malicious actor finds a way to inject corrupted data into an AI system that will skew the results of an AI inquiry, potentially returning an AI result to company decision makers that is false. Data poisoning is a new attack vector into corporate systems. One way to protect against it is to continuously monitor your AI results. If you suddenly see a system trending significantly away from what it has revealed in the past, it’s time to look at the integrity of the data.
Efforts to achieve sustainability goals can broadly be grouped into several areas: green resources procurement, which includes sustainable energy and water; operational efficiency, which includes the IT value chain, supply chain and other scope 3 emission sources that make up 40% of all greenhouse gas emissions; and end of lifecycle, including circular economy or recycling products to create new ones. For example, data centers and cloud industries tend to focus on green energy procurement (since they use a lot of energy to power data centers) as well as operational efficiency to reduce power usage, according to Abhijit Sunil, a senior analyst with Forrester Research. “Standards are certainly evolving, and more and more organizations are held accountable for their commitments and how they take action towards it,” Sunil said. For example, Sunil noted, government scrutiny will continue to increase, holding more “greenwashers” accountable. Greenwashers are companies that deceptively purport that their products, aims and policies are environmentally friendly.
Roderick believes an overarching theme for the workplace in 2023 will be adjusting how employees work remotely. He says there could be an uptick in surveillance for remote workers that will allow managers to observe productivity, and executives could enforce return-to-office mandates as a reaction to a slowdown in business. ... "The world of work has been through huge changes since the pandemic, and it would be good not to see the positives of this change undone by a recession." Silverglate believes that technology, office redesign, and sustainability will all propel hybrid and remote working in 2023. Video conferencing became a staple in work-from-home practices, but VR is emerging to make the experience more immersive and productive. "When many are in person and a team member needs to be virtual, VR technology can truly reduce the perceived gap between the two, which is one of the largest complaints I've heard about the challenges of traditional video-conferencing technology as it relates to hybrid teams," he says.
The way it goes is that once a developer thinks they are done with coding, they invite other team members to review their work. This is nowadays, typically done by raising a Pull Request and inviting others for a review. But, because reviewers are busy with their own work items and a plethora of other things happening in the team, they are not able to react immediately. So, while the author is waiting for a review, they also want to feel productive, thus they start working on something else instead of twiddling their thumbs and waiting for a review. Eventually, when reviewer(s) become available and provide feedback on the PR and/or ask for changes, the author of the PR is then not available because they are busy with something else. This delayed ping-pong communication can extend over several days/weeks and a couple of iterations, until the author and reviewer(s) converge on a solution they are both satisfied with and which gets merged into the main branch.
Quote for the day:
"How was your day? If your answer was "fine," then I don't think you were leading" -- Seth Godin