High cloud bills are rarely the fault of the cloud providers. They are often self-inflicted by enterprises that don’t refactor applications and data to optimize their cost-efficiencies on the new cloud platforms. Yes, the applications work as well as they did on the original platform, but you’ll pay for the inefficiencies you chose not to deal with during the migration. The cloud bills are higher than expected because lifted-and-shifted applications can’t take advantage of native capabilities such as auto-scaling, security, and storage management that allow workloads to function efficiently. It’s easy to point out the folly of not refactoring data and applications for cloud platforms during migration. The reality is that refactoring is time-consuming and expensive, and the pandemic put many enterprises under tight deadlines to migrate to the cloud. For enterprises that did not optimize systems for migration, it doesn’t make much economic sense to refactor those workloads now. Repatriation is often a more cost-effective option for these enterprises, even considering the hassle and expense of operating your own systems in your own data center.
The Cyber Pathways Framework will introduce chartered standards that align with 16 cybersecurity specialties. These job roles that have, until now, been loosely defined will be given specific descriptions and linked to existing qualifications and certifications to see the establishment for the first time of minimum requirements, as called for by the DCMS in its Understanding the cyber security recruitment pool report. On the plus side, this will set a bar to achieve certain roles, helping to standardize role requirements. This could prove helpful in the current climate where the demand for talent is leading to job creep, with job descriptions containing myriad skillsets. And it could prove fundamental in stopping the current job hopping that we’re seeing. But it will also see roles become more rigid, and given that the sector has always grown organically, there will need to be some provision made for the evolution of new roles as and when needed, such as ones involving AI and DevSecOps. Another key pathway proposal is the creation of a register for cybersecurity practitioners, similar to that seen in the medical, legal and accountancy professions, for senior positions.
The threat of the cloud also resonated with Shoolman, who said that “the cloud is all over”. For instance, a lot of Oracle’s business has been taken by cloud service providers. ... More importantly, he says, there is a change in the top five: what was dominated by the likes of IBM, SAP, and Oracle is now highly dominated by AWS, Azure, GCP, etc. The rest 20%, he says, is occupied by ISVs like Redis, MongoDB, and others. All of the big-tech cloud providers have come up with data services similar to those provided by these independent vendors to cater to their business needs. But, recognising that despite being their competition, ISVs have to depend on cloud platforms too to host their services, MongoDB said, “We are in a love-hate relationship with our cloud partners”. When Shoolman was asked if he sees more hyperscalers like AWS, Azure, and GCP coming up in future to meet organisation demands for massive scaling in computing, he said that we are indeed seeing a trend of developing more and more data centres since organisations intend to bring data much closer to the user.
The war, along with the hybrid work models that have been put in place at many companies as a result of the pandemic, prompted corporate directors to carefully consider how their companies might be exposed to cyber risks, said Andrea Bonime-Blanc, chief executive of GEC Risk Advisory LLC, a New York-based firm that advises boards and executives about cybersecurity and risk management. Board awareness of cybersecurity “was already increasing glacially, but I think the Ukraine war has sharpened the minds,” Ms. Bonime-Blanc said. Some boards now rate cyber threats on a par with trade wars and supply-chain problems among risks that could have major impact on companies, said Michael Hilb ... A communication gap between boards and security chiefs means neither side is as effective as needed to govern cybersecurity, said Yael Nagler, chief executive of Yass Partners, a consulting firm focused on aligning security leadership. Directors sometimes fail to understand core threats, Ms. Nagler said. “They’re not shy people but when it comes to cyber, they feel like they’re asking dumb questions,” she said.
Another Forrester prediction that may directly impact developers is their forecast that enterprise business leaders, not IT, will direct more than 40% of the API strategies. That goes against conventional wisdom that IT drives the API strategy, Gardner noted. “APIs have transcended from being just pure application or infrastructure APIs. There [are] now business APIs, there [are] ones that take advantage of data and take advantage of transactions, and essentially, enable the data economy,” he said “It’s not an IT conversation anymore. IT will make sure it stays secured and locked down and make sure that it’s tightly woven with everything else, but the business leader decides which ones are the most beneficial.” API strategy is even becoming a board-level topic, as board members and C-level leaders have grasped that APIs can be a central part of the business strategy, he said. That makes sense because the greatest value of APIs comes when organizations use them to create new products, business models, and channels, according to
Coding will never account for 100% of your time. Even junior ICs will have meetings to attend and non-coding tasks to complete. As you progress the IC ranks to senior and beyond, the non-coding work will grow. Apart from attending meetings, I’ve highlighted below a few prominent responsibilities that fall under this work. ... Begin doing this at any time, and never stop. No one is “not experienced enough” — even new hires can begin by filling in any conceptual gaps or “gotchas” they encountered while onboarding. ... Software engineering teams will always face skills gaps. You will lack some cross-functional support like a project or program manager, product designer, etc. As such, you may need to develop the skills of an adjacent role, like project management, to set deadlines and perform other duties associated with overseeing a project’s completion. ... As you gain experience no your team, you’ll be asked to onboard new hires including mentoring junior devs. Being a mentor will improve your communication skills and bolster your promotion packet.
The AI Act may also run into enforcement challenges. The regulation will apply mainly to companies or other entities developing and designing AI systems — not to public authorities or other institutions that use them. For example, a facial recognition system could have vastly different implications depending on whether it’s used in a consumer context (i.e., to recognize your face on Instagram) or at a border crossing to scan people’s faces as they enter a country. “We are arguing that a lot of the potential risks or adverse impacts of AI systems depend on the context of use,” said Karolina Iwanska, a digital civic space advisor at the European Center for Not-for-Profit Law in the Hague. “That level of risk seems different in both of these circumstances, but the AI Act primarily targets the developers of AI systems and doesn’t pay enough attention to how the systems are actually going to be used,” she told me. Although there has been plenty of discussion of how the draft regulation will — or will not — protect people’s rights, this is only part of the picture.
Many ransomware-wielding attackers are expert at preying on their victims' compulsion to clean up the mess. Hence victims often face a menu of options: Pay a ransom for a decryptor, and you'll be able to unlock forcibly encrypted data. Pay more, and your name gets deleted from the list of victims on a ransomware group's data-leak site. Pay even more and you get a promise that whatever data they've stolen - or already leaked - will be immediately deleted. Of course, many victims will feel the impulse to do something, anything, for the illusion that they can belatedly protect stolen data and salvage their reputation. That impulse is understandable. But it's not only too late, but also being used against them by extortionists. Psychologically speaking, criminals don't hesitate to find the levers that will compel a victim to act - as in, give them money. Most ransomware groups' promises are bunk, and most of all anything they guarantee that a victim cannot verify. Unfortunately, seeing victims pay for data-deletion promises isn't new.
One of the paths is architecture. “These roles are highly technical and are focused on designing, building, and integrating the foundational components of applications or systems,” Blackwell says. “This would include roles like technical/application architect, solution architect, or enterprise architect.” ... The move into devops is another common path for software developers. These positions are also highly technical, says Blackwell, and are focused on optimizing the tools, processes, and systems to build, test, release, and manage high-quality software in complex or high-availability environments. Devops roles include release manager, engineer, and architect. ... A third path is leadership. “Roles in this area require both good people skills and good technical skills,” Blackwell says. “And each, in their own way, is responsible for ensuring that teams have what they need to succeed, whether technical, process, tools, or skills.” Roles on the leadership path include scrum master, technical project manager, product manager, technical lead, and development manager.
The power of positive thinking is real, and yet, when taken too far, it can result in an inability, or even unwillingness, to see outcomes that don’t conform to rosy expectations. More than once, we’ve encountered managers who, when confronted with data that showed a favorite feature of an important stakeholder had no value to customers, ordered the development team to suppress that information so the stakeholder would not "look bad." Even when executives are not telling teams to do things the team suspects are wrong, pressure to show positive results can discourage teams from asking questions that might indicate they are not on the right track. Or the teams may experience confirmation bias and ignore data that does not reinforce the decision they "know" to be correct, dismissing data as "noise." Such might be the case when a team is trying to understand why a much-requested feature has not been embraced by customers, even weeks after its release. The team may believe the feature is hard to find, perhaps requiring a UI redesign.
Quote for the day:
"Effective team leaders realize they neither know all the answers, nor can they succeed without the other members of the team." -- Katzenbach & Smith