The nature of the CISO role will be in flux in 2023
“Today’s CISOs are taking up the mantle of responsibilities that have
traditionally fallen solely to the CIO, which is to act as the primary gateway
from the tech department into the wider business and the outside marketplace,”
said James Larkin, managing partner at Marlin Hawk. “This widening scope
requires CISOs to be adept communicators to the board, the broader business, as
well as the marketplace of shareholders and customers. By thriving in the
‘softer’ skillsets of communication, leadership and strategy, CISOs are now
setting the new industry standards of today and, I predict, will be progressing
into the board directors of tomorrow.” ... “I also feel that over the last eight
to 10 years, the CISO role has become a CISO-plus role – CISO plus engineering,
CISO plus physical security, CISO plus operational resiliency, or CISO plus
product security. As a result, we’ve seen multiple CISOs that have done a great
job with cyber security, fusion centres, SOC and leadership. This has paved the
way for the CISO office to become a business enabler and also a transformational
technology function.”
Addressing Professional Ethical Dilemmas
The problem lies in determining which actions are considered ethical and which
are unethical. Consider the driver waiting at the traffic signal. Would it be
considered ethical if the person drove through while the signal was still red if
they did so in an effort to bring an injured person to the hospital? The same
act, which would normally be considered unethical, can be considered ethical
under different circumstances. Professional ethics are not so different from
this example. Professionals are supposed to engage in ethical behaviors, but
they are not immune to ethical dilemmas such as those described. There is a need
to understand and determine which actions are ethical and which are unethical,
since stakeholders prefer to do business with reputable enterprises that conduct
themselves ethically. An ethical professional helps set the standard for others
within the organization. Professionals have an opportunity to not only inspire
others to do the right thing, but also to consider what kind of people they
themselves want to be. There are various ethical dilemmas that a professional
may encounter.
Mastering the Mesh: Finding Clarity in the Data Lake
Data mastering–or the process of taking new records and linking them to
pre-existing master records that have already been vetted–was one of the
important data quality steps that enterprises traditionally did as part of
loading their data warehouses. However, master data management (MDM) largely
fell by the wayside as the pace of data creation picked up and the “schema upon
read” approach of the data lake took hold. Tamr, which sponsored the 451
Research report, is one of the software vendors trying to bring MDM back and
make it relevant in the big data world. The company, which was co-founded by
Turing Award winner Michael Stonebraker, accepts that relying on humans alone to
power MDM isn’t feasible. Neither is a rules-based approach. But backed by the
pattern-matching and anomaly-spotting power of machine learning, MDM can provide
that critical data quality step that’s needed in today’s big data world without
becoming another bottleneck in the process. ... “Enterprise data needs to be
cleansed and standardized for the data mesh concept to work at its full
potential,” the 451 Research authors write.
Preparations for Quantum Cyber Threat Get a Senate Boost
The Quantum Computing Cybersecurity Preparedness Act largely echoes a national
security memo the administration issued in May laying out deadlines for
agencies to inventory all currently deployed cryptographic systems in order to
prioritize their transition to forms of encryption experts say would be
invulnerable to speedy quantum computers. The National Institute of Standards
and Technology and the National Security Agency are currently developing
standards for the implementation of four quantum-resistant algorithms NIST
announced in July after inviting scientists around the world to submit their
proposals. In anticipation of the algorithms, a January national security memo
granted NSA the power to issue binding operational directives to facilitate
agencies’ migration to the new standards. In addition to reiterating the
administration’s instructions for agencies, including the Office of Management
and Budget, the legislation directs OMB to report annually to Congress on the
migration effort. The reports should outline the administration’s strategy and
projected costs, according to the press release.
How to combat counterfeit network gear
The most obvious sign that a device may be counterfeit is its price. "Too good
to be true is just that," says Lessin. He also urges purchasers to keep a
sharp eye out for small details that counterfeiters often overlook, such as
packaging design and quality, as well as documentation language. Most of the
legitimate networking vendors offer comprehensive tutorial videos showing how
to tell if you're using an authentic product, says Keatron Evans, principal
security researcher at security education provider Infosec Institute. "If you
can't verify something as authentic, you should count it as potentially
counterfeit," he advises. "Trying to do it the other way around, by looking
for signs of counterfeiting, is not as effective because of how rapidly things
change." Unfortunately, for many victims, a bogus component will reveal its
true fake identity only after it has been deployed. "Counterfeits are most
commonly identified when the device fails," says Mike Mellor, vice president
of cybersecurity consulting at managed security services provider Nuspire.
An Introduction to Accelerator and Parallel Programming
Today, when we talk about a hardware accelerator, we are often talking about a
GPU. However, there are myriad different types of accelerators that have
arisen to solve various problems—including deep learning and AI—which utilize
hardware specifically designed to perform large-scale matrix operations, the
heart of DL workloads. In addition, there are hardware-acceleration
technologies built into traditional CPUs like Intel® Advanced Vector
Extensions (Intel® AVX) and Intel® Advanced Matrix Extensions (Intel® AMX).
With the rise of new accelerators, there is always the challenge of how to
program for them. Most accelerators currently available are based on parallel
execution and, hence, some form of parallel programming. ... Parallel
programming is how we write code to express parallelism in any code/algorithm
to get it to run on an accelerator or multiple CPUs. But what is parallelism?
Parallelism is when parts of a program can run at the same time as another
part of the program. Typically, we break this down into two categories: task
parallelism and data parallelism.
5 risks of AI and machine learning that modelops remediates
Data scientists are generally not experts in risk management, and in
enterprises, a first step should be to partner with risk management leaders
and develop a strategy aligned to the modelops life cycle. Wheeler says, “The
goal of innovation is to seek better methods for achieving a desired business
outcome. For data scientists, that often means creating new data models to
drive better decision-making. However, without risk management, that desired
business outcome may come at a high cost. When striving to innovate, data
scientists must also seek to create reliable and valid data models by
understanding and mitigating the risks that lie within the data.” ... When a
tree falls in the forest, will anyone take notice? We know the code needs to
be maintained to support framework, library, and infrastructure upgrades. When
an ML model underperforms, do monitors and trending reports alert data science
teams? “Every AI/ML model put into production is guaranteed to degrade over
time due to the changing data of dynamic business environments,” says Hillary
Ashton
Talent Transformation Strategies for Security Leaders
A cybersecurity workforce with a growth mindset sees challenges as
opportunities to grow, learn and become more resilient and adaptable. The
hybrid work environment prevalent today needs security employees working
toward a common goal that is aligned with broader organizational objectives.
It is the responsibility of security leaders to set the tone at the top and
communicate frequently and effectively with their teams on the vision and
purpose of the organization’s security functions to the broader business and
the value that security unlocks for the business to rapidly scale and expand.
... Security leaders should train their managers to lead and manage teams in
this new hybrid working model and educate the cybersecurity staff to deal with
the impact on security investments, workforce restructuring and work backlog
to meet business requirements. Organizations should build a stronger workforce
by augmenting their internal capacity with external security vendors and
managed security service providers (MSSPs) where required. Managed services
can take the form of outsourcing or co-sourcing models, which can be quick and
effective ways to overcome these challenges.
Cloud-based fingerprint system for UK police nears completion
Known as the Transforming Forensics (TF) programme, the capability is hosted
by the Police Digital Service (PDS), which is aiming to deliver the first full
deployment in March 2023. The PDS said that through access to a digital suite
of tools – housed on the PDS Xchange platform, which is powered by Amazon Web
Services (AWS) – police forensic teams would be able to send fingerprint and
crime scene images in real time, allowing them to identify suspects within
hours instead of days, as well as improve work processes by taking them off
paper and into automated workflows. ... While the UK data protection watchdog
will initially consult with the organisation to advise them on how to make
their operations compliant, it also reserves the right to issue two tiers of
monetary penalties. These include a “standard maximum penalty” of roughly £9m
or 2% of the organisation’s annual turnover, or a “higher maximum” of £18m or
4% of annual turnover. In both cases, the offending organisation will be fined
whichever amount is higher.
Platform Engineering Needs a Prescriptive Roadmap
Fundamentally the problem is that all of these transformations have a massive
people-interaction component, and the bigger and older you are as an
organisation, the more difficult it is to change how people interact, and the
higher up the chain you have to go to create organisational change. Having
spent time at a “webscale” large tech company, a small-to-medium tech company,
and then working for the last decade with a lot of very traditional
enterprises, it’s striking how poor internal communication is inside most
enterprises compared to tech companies. ... Ultimately success requires being
very deliberate about architecting productive team-to-team interactions, with
as few intermediaries as possible, and to focus on the feedback loops between
the producers and consumers of systems. A common mistake I see folks make is
to set an open-ended goal of “collaboration” between teams, with endless
meetings and working sessions, and it turns out this is extremely inefficient
at scale when your consumers outnumber your producers (which they should do in
almost every situation!).
Quote for the day:
"Decision-making is a skill. Wisdom is
a leadership trait." -- Mark Miller
No comments:
Post a Comment