Daily Tech Digest - December 14, 2022

The nature of the CISO role will be in flux in 2023

“Today’s CISOs are taking up the mantle of responsibilities that have traditionally fallen solely to the CIO, which is to act as the primary gateway from the tech department into the wider business and the outside marketplace,” said James Larkin, managing partner at Marlin Hawk. “This widening scope requires CISOs to be adept communicators to the board, the broader business, as well as the marketplace of shareholders and customers. By thriving in the ‘softer’ skillsets of communication, leadership and strategy, CISOs are now setting the new industry standards of today and, I predict, will be progressing into the board directors of tomorrow.” ... “I also feel that over the last eight to 10 years, the CISO role has become a CISO-plus role – CISO plus engineering, CISO plus physical security, CISO plus operational resiliency, or CISO plus product security. As a result, we’ve seen multiple CISOs that have done a great job with cyber security, fusion centres, SOC and leadership. This has paved the way for the CISO office to become a business enabler and also a transformational technology function.”

Addressing Professional Ethical Dilemmas

The problem lies in determining which actions are considered ethical and which are unethical. Consider the driver waiting at the traffic signal. Would it be considered ethical if the person drove through while the signal was still red if they did so in an effort to bring an injured person to the hospital? The same act, which would normally be considered unethical, can be considered ethical under different circumstances. Professional ethics are not so different from this example. Professionals are supposed to engage in ethical behaviors, but they are not immune to ethical dilemmas such as those described. There is a need to understand and determine which actions are ethical and which are unethical, since stakeholders prefer to do business with reputable enterprises that conduct themselves ethically. An ethical professional helps set the standard for others within the organization. Professionals have an opportunity to not only inspire others to do the right thing, but also to consider what kind of people they themselves want to be. There are various ethical dilemmas that a professional may encounter.

Mastering the Mesh: Finding Clarity in the Data Lake

Data mastering–or the process of taking new records and linking them to pre-existing master records that have already been vetted–was one of the important data quality steps that enterprises traditionally did as part of loading their data warehouses. However, master data management (MDM) largely fell by the wayside as the pace of data creation picked up and the “schema upon read” approach of the data lake took hold. Tamr, which sponsored the 451 Research report, is one of the software vendors trying to bring MDM back and make it relevant in the big data world. The company, which was co-founded by Turing Award winner Michael Stonebraker, accepts that relying on humans alone to power MDM isn’t feasible. Neither is a rules-based approach. But backed by the pattern-matching and anomaly-spotting power of machine learning, MDM can provide that critical data quality step that’s needed in today’s big data world without becoming another bottleneck in the process. ... “Enterprise data needs to be cleansed and standardized for the data mesh concept to work at its full potential,” the 451 Research authors write. 

Preparations for Quantum Cyber Threat Get a Senate Boost

The Quantum Computing Cybersecurity Preparedness Act largely echoes a national security memo the administration issued in May laying out deadlines for agencies to inventory all currently deployed cryptographic systems in order to prioritize their transition to forms of encryption experts say would be invulnerable to speedy quantum computers. The National Institute of Standards and Technology and the National Security Agency are currently developing standards for the implementation of four quantum-resistant algorithms NIST announced in July after inviting scientists around the world to submit their proposals. In anticipation of the algorithms, a January national security memo granted NSA the power to issue binding operational directives to facilitate agencies’ migration to the new standards. In addition to reiterating the administration’s instructions for agencies, including the Office of Management and Budget, the legislation directs OMB to report annually to Congress on the migration effort. The reports should outline the administration’s strategy and projected costs, according to the press release.

How to combat counterfeit network gear

The most obvious sign that a device may be counterfeit is its price. "Too good to be true is just that," says Lessin. He also urges purchasers to keep a sharp eye out for small details that counterfeiters often overlook, such as packaging design and quality, as well as documentation language. Most of the legitimate networking vendors offer comprehensive tutorial videos showing how to tell if you're using an authentic product, says Keatron Evans, principal security researcher at security education provider Infosec Institute. "If you can't verify something as authentic, you should count it as potentially counterfeit," he advises. "Trying to do it the other way around, by looking for signs of counterfeiting, is not as effective because of how rapidly things change." Unfortunately, for many victims, a bogus component will reveal its true fake identity only after it has been deployed. "Counterfeits are most commonly identified when the device fails," says Mike Mellor, vice president of cybersecurity consulting at managed security services provider Nuspire.

An Introduction to Accelerator and Parallel Programming

Today, when we talk about a hardware accelerator, we are often talking about a GPU. However, there are myriad different types of accelerators that have arisen to solve various problems—including deep learning and AI—which utilize hardware specifically designed to perform large-scale matrix operations, the heart of DL workloads. In addition, there are hardware-acceleration technologies built into traditional CPUs like Intel® Advanced Vector Extensions (Intel® AVX) and Intel® Advanced Matrix Extensions (Intel® AMX). With the rise of new accelerators, there is always the challenge of how to program for them. Most accelerators currently available are based on parallel execution and, hence, some form of parallel programming. ... Parallel programming is how we write code to express parallelism in any code/algorithm to get it to run on an accelerator or multiple CPUs. But what is parallelism? Parallelism is when parts of a program can run at the same time as another part of the program. Typically, we break this down into two categories: task parallelism and data parallelism.

5 risks of AI and machine learning that modelops remediates

Data scientists are generally not experts in risk management, and in enterprises, a first step should be to partner with risk management leaders and develop a strategy aligned to the modelops life cycle. Wheeler says, “The goal of innovation is to seek better methods for achieving a desired business outcome. For data scientists, that often means creating new data models to drive better decision-making. However, without risk management, that desired business outcome may come at a high cost. When striving to innovate, data scientists must also seek to create reliable and valid data models by understanding and mitigating the risks that lie within the data.” ... When a tree falls in the forest, will anyone take notice? We know the code needs to be maintained to support framework, library, and infrastructure upgrades. When an ML model underperforms, do monitors and trending reports alert data science teams? “Every AI/ML model put into production is guaranteed to degrade over time due to the changing data of dynamic business environments,” says Hillary Ashton

Talent Transformation Strategies for Security Leaders

A cybersecurity workforce with a growth mindset sees challenges as opportunities to grow, learn and become more resilient and adaptable. The hybrid work environment prevalent today needs security employees working toward a common goal that is aligned with broader organizational objectives. It is the responsibility of security leaders to set the tone at the top and communicate frequently and effectively with their teams on the vision and purpose of the organization’s security functions to the broader business and the value that security unlocks for the business to rapidly scale and expand. ... Security leaders should train their managers to lead and manage teams in this new hybrid working model and educate the cybersecurity staff to deal with the impact on security investments, workforce restructuring and work backlog to meet business requirements. Organizations should build a stronger workforce by augmenting their internal capacity with external security vendors and managed security service providers (MSSPs) where required. Managed services can take the form of outsourcing or co-sourcing models, which can be quick and effective ways to overcome these challenges.

Cloud-based fingerprint system for UK police nears completion

Known as the Transforming Forensics (TF) programme, the capability is hosted by the Police Digital Service (PDS), which is aiming to deliver the first full deployment in March 2023. The PDS said that through access to a digital suite of tools – housed on the PDS Xchange platform, which is powered by Amazon Web Services (AWS) – police forensic teams would be able to send fingerprint and crime scene images in real time, allowing them to identify suspects within hours instead of days, as well as improve work processes by taking them off paper and into automated workflows. ... While the UK data protection watchdog will initially consult with the organisation to advise them on how to make their operations compliant, it also reserves the right to issue two tiers of monetary penalties. These include a “standard maximum penalty” of roughly £9m or 2% of the organisation’s annual turnover, or a “higher maximum” of £18m or 4% of annual turnover. In both cases, the offending organisation will be fined whichever amount is higher.

Platform Engineering Needs a Prescriptive Roadmap

Fundamentally the problem is that all of these transformations have a massive people-interaction component, and the bigger and older you are as an organisation, the more difficult it is to change how people interact, and the higher up the chain you have to go to create organisational change. Having spent time at a “webscale” large tech company, a small-to-medium tech company, and then working for the last decade with a lot of very traditional enterprises, it’s striking how poor internal communication is inside most enterprises compared to tech companies. ... Ultimately success requires being very deliberate about architecting productive team-to-team interactions, with as few intermediaries as possible, and to focus on the feedback loops between the producers and consumers of systems. A common mistake I see folks make is to set an open-ended goal of “collaboration” between teams, with endless meetings and working sessions, and it turns out this is extremely inefficient at scale when your consumers outnumber your producers (which they should do in almost every situation!).

Quote for the day:

"Decision-making is a skill. Wisdom is a leadership trait." -- Mark Miller

No comments:

Post a Comment