The four qualities of resilient teams
The first quality is team confidence, or the belief that the team can handle
just about anything that comes its way. Team confidence, the authors note, isn’t
really the sum of a lot of individual confidence, for swollen egos don’t benefit
the team. The goal is collective and mutual confidence. And not too much,
because overconfidence undermines success. “Moderately high confidence offers a
healthy balance of confidence and caution,” the authors write. To build team
confidence, managers are urged to make goals and processes clear, empower the
team by encouraging members to participate in decision-making, cheer successes,
and provide useful feedback during struggles. The second quality is having the
foresight to create a teamwork road map, or a plan that “reflects the extent to
which all team members know what their own roles and responsibilities are, and
the extent to which they agree on what all other team members’ roles and
responsibilities are. Team members may even know how to perform one another’s
roles so that at any point, one person can step in for another.”
What is zero trust? A model for more effective security
Removing that implicit trust takes time, according to experts, and most
organizations are far from accomplishing that objective. “It’s a journey of
change,” says Chalan Aras, a member of the Cyber & Strategic Risk practice
at Deloitte Risk & Financial Advisory. Zero trust is also a collection
of policies, procedures, and technologies. Organizations that want to implement
an effective zero-trust strategy must have an accurate inventory of assets,
including data. They must have an accurate inventory of users and devices as
well as a robust data classification program with privileged access management
in place, Valenzuela says. Other components include comprehensive identity
management, application-level access control, and
micro-segmentation. Another important element is user and entity behavior
analytics, which uses automation and intelligence to learn normal (and therefore
accepted and trusted) user and entity behaviors from anomalous behaviors that
shouldn’t be trusted and therefore denied access.
Will ChatGPT make low-code obsolete?
Unlike technologies of the past which typically automate or speed-up a
repetitive process (manufacturing, logistics, transportation etc.), ChatGPT does
something entirely new – enhancing the creativity of the user. While we can
debate whether this is true creativity or not, ultimately if the outcome is the
same, is it not still creative? Think of how ChatGPT could help a software
developer crack a particularly challenging piece of code, or how it could
optimise existing code. It can also help developers be more creative by reducing
the repetitive/boring part of their jobs so they can focus on the parts they
love, leaving them more time to flex their creative muscles. Going beyond the
developer use case, and ChatGPT has the ability to democratise coding itself by
providing a way for non-coders to develop applications themselves – in much the
same way that low-code promises, but on steroids. This “democratisation of IT”
promises a new wave of innovation by enabling organisations to create new
processes without the new to engage with IT at all. ChatGPT could achieve the
same outcome as low-code but in half the time.
SBOMs should be a security staple in the software supply chain
NIST's standard includes multiple elements, from the software component used and
its supplier to version numbers and access to the component's repository.
Version levels must be evaluated against release levels, potential threats
found, and risks determined. "Unwinding large applications, from open-source
operating systems, to in-house developed applications, to third-party
'shrink-wrapped' stacks is fraught with contextual challenges, inventory
methods, and manual verification, all of which are prone to error," Masserini
writes. While the process of identifying and reporting issues is codified, "it
does not address the issue of manually maintaining such an inventory and
consistently validating its contents," he says. Automation must be put into
every step of the process, from generating and publishing SBOMs to ingesting
them – and then bring vulnerability remediation into their current app security
programs without having to adopt new workflows, Lambert says. There are other
considerations. SBOMs deliver a lot of information, but organizations need to
decide how they're going to use it.
Digital twins could be the key to successful automation
The primary advantage of the digital twin is that it evolves as automation
evolves. As a result, if any changes are applied to the automation in the RPA
platform, those same changes are reflected in the twin, ideally in real-time
or at least near real-time. Operational metrics are also accessible and
displayed where the twin resides so that it can be monitored and continuously
improved. Beyond changes and operational metrics, a digital twin in automation
enables an organization to compile accurate documentation and detailed audit
trails for the entire automation estate and maintain it in a single,
centralized repository. Doing so not only addresses the problem of misplaced
or lost process design documents, but also solves one of the major pain points
of automating: An inability to visualize and understand how automations have
changed over time. Maintaining digital twins for all automations in a central
location — regardless of the RPA platform in which they are designed, deployed
and orchestrated — vastly improves automation standardization, governance and
visibility.
Stepping up: Becoming a high-potential CEO candidate
Stanford University economics professor Nicholas Bloom, who’s spent his career
researching CEOs, describes the reality he’s observed: “It’s frankly a
horrible job. I wouldn’t want it. Being a CEO of a big company is a
hundred-hour-a-week job. It consumes your life. It consumes your weekend. It’s
super stressful. Sure, there’re enormous perks, but it’s also all
encompassing.” Reinforcing the point, Microsoft CEO Satya Nadella describes
the job as “24/7.” His late mentor Bill Campbell, who had been a CEO three
times and was an influential coach to several technology industry leaders,
would often remind him, “No one has ever lived to outwork the job. It will
always be bigger than you.” Many CEOs secretly agree that the best job in the
world is actually the one right below the CEO. There the spotlight burns less
brightly, yet the opportunities to make a difference are great, as are the
rewards. Without the right motivations and expectations, not only will you
find that the effort required to be CEO outweighs any personal gain, but you
will also be less likely to succeed. As CCHMC’s Fisher puts it,
Enterprise IT moves forward — cautiously — with generative AI
The technology also needs human oversight. “Systems like ChatGPT have no idea
what they’re authoring, and they’re very good at convincing you that what
they’re saying is accurate, even when it’s not,” says Cenkl. There’s no AI
assurance — no attribution or reference information letting you know how it
came up with its response, and no AI explainability, indicating why something
was written the way it was. “You don’t know what the basis is or what parts of
the training set are influencing the model,” he says. “What you get is purely
an analysis based on an existing data set, so you have opportunities for not
just bias but factual errors.” Wittmaier is bullish on the technology, but
still not sold on customer-facing deployment of what he sees as an early-stage
technology. At this point, he says, there’s short-term potential in the office
suite environment, customer contact chatbots, help desk features, and
documentation in general, but in terms of safety-related areas in the
transportation company’s business, he adds, the answer is a clear no.
Career paths for devops engineers and SREs
Solving business challenges today requires multidisciplinary teams and
integrated solutions. If you enjoy problem-solving, shift to other
organizational roles and develop broader perspectives on what’s required to
deliver end-to-end solutions. One opportunity for developers is to shift to
data science and machine learning roles. Tiago Cardoso, a product manager at
Hyland, says, “Career paths for developers have become much more flexible and
individualized, and I’m seeing a lot of new developer roles appearing, such as
data engineers, ML engineers, ML architects, and MLops engineers. He adds,
“Common career paths for those in devops and SREs include positions such as
systems administrator, infrastructure engineer, and cloud architect.” ...
Architect roles and responsibilities vary considerably from one organization
to another, but successful architects are more than just technical experts.
Architects scale their expertise by helping agile teams learn, apply, and
create self-organizing standards around using technology to deliver business
solutions.
Zero-Day Vulnerabilities Can Teach Us About Supply-Chain Security
Writing, testing and validating whether a fix will resolve a vulnerability can
take trial and error. By definition, zero-days don’t have a patch, meaning it
can often be days before developers can even begin the process of patching
their applications. Furthermore, software needs to go through QA cycles before
a true fix is identified. This is why security controls are necessary for
blocking malicious activity before it reaches runtime. Additionally,
developers must analyze their software development life cycle (SDLC) and
augment it before a vulnerability is announced. An asset or application
inventory should be a mandatory component so that when a vulnerability is
disclosed, organizations know who owns the application and who to contact. ...
Securing third-party or commercial-off-the-shelf software is one of the
biggest cybersecurity challenges facing every organization. Unfortunately,
most vendors don’t disclose the components and libraries that make up their
software, making it difficult for organizations to know whether a
vulnerability affects them once it’s disclosed.
Five Factors That Turn CISOs into Firefighters
When a CISO is referred to as a “firefighter,” it typically means that they
are spending a significant amount of time responding to security incidents and
putting out fires rather than being able to focus on proactively preventing
those incidents from occurring in the first place. Here are some reasons why a
CISO may become a firefighter: 1. Lack of resources: A CISO may not have
sufficient resources (e.g., budget, staff, or technology) to implement a
comprehensive cybersecurity program effectively. This can lead to security
incidents that require a reactive response. 2. Insufficient risk management: A
CISO may not have a robust risk management program in place, which means that
security incidents are more likely to occur. Without proper risk management, a
CISO may be caught off guard by security incidents and have to react quickly
to mitigate the damage. 3. Lack of security awareness: Employees may not be
properly trained on cybersecurity best practices, which can lead to security
incidents such as phishing attacks or malware infections. ...
Quote for the day:
"Different times need different types
of leadership." -- Park Geun-hye
No comments:
Post a Comment