Daily Tech Digest - March 29, 2023

9 Qualities of a Successful CTO

No one expects CTOs to be fortune tellers, but they do need to have a strong sense of what’s going on in the technology marketplace. A good CTO anticipates what is likely to come along in terms of new products, features, and challenges to address.You can be the best technologist and strategist in the world, but it won’t matter if you are unable to communicate those strategies in a way that speaks to your audience. “To excel as a CTO, it is essential to have a keen ability to identify technology trends ahead of the curve,” says Aron Brand, CTO of CTERA, a provider of cloud-based products. “A successful CTO is always on the lookout for the latest advancements in technology, having a deep understanding of the industry and anticipating future developments,” Brand says. “This allows them to make informed decisions about which technologies to invest in and which to avoid. They have the foresight to see the big picture and understand the long-term impact of their decisions, while also considering the immediate needs of the organization.”

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

According to OpenAI’s investigation, the titles of active users’ chat history and the first message of a newly created conversation were exposed in the data breach. The bug also exposed payment-related information belonging to 1.2% of ChatGPT Plus subscribers, including first and last name, email address, payment address, payment card expiration date, and the last four digits of the customer’s card number. This information may have been included in subscription confirmation emails sent on March 20 and it may have also been displayed in the subscription management page in ChatGPT accounts on the same day. OpenAI has confirmed that the information was exposed during a nine-hour window on March 20, but admitted that information may have been leaked prior to March 20 as well. “We have reached out to notify affected users that their payment information may have been exposed. We are confident that there is no ongoing risk to users’ data,” OpenAI said in a blog post.

5 ways to tell you are not CISO material

By definition, a CISO's role is to manage cyber risk. That involves assessing and managing risk across the enterprise and making choices based on those assessments. If you are not able to make risk-based decisions or have a hard time figuring out how to prioritize threats — particularly in high-pressure, high-stress situations — you probably want to steer clear of the CISO role. The same is true if you have a tendency to avoid taking responsibility for your decisions and actions. The CISO role is not for individuals who are averse to taking responsibility for an action they might advocate or implement, according to Chris Pierson, founder and CEO of Blackcloak. "If you approach things from the perspective of a CYA, adversarial, or risk avoidance mentality then you may decrease your ability to partner with others to achieve a combined mission or goal," Pierson tells CSO. "Being someone who cannot tolerate, or own risk, may impact your ability to operate effectively and turn off other people to partnering with you."

Being Responsible for Data

There are four possibilities listed in the article for what could happen, and I find them fascinating from a data analysis standpoint. Essentially a ruling against tech companies could shape how many of these companies process data in the future. While we might like to ensure these companies do not promote harmful content, think about this from the data analysis view? Do you want these companies to moderating how they provide results? Would this mean that we need to more carefully craft our search terms? In the context of tremendous floods of information, we often depend on Google, Bing, or some search algorithm to distinguish among the various meanings of words to bring back results relevant to us. At the same time, we might wish that everyone got the same results from the same search terms. Separate from the results, what about related results, or suggested items that might be related. I find the quality of these can vary for me, but often there is something "sponsored" or "I might like" that is helpful to me. Or just interesting. 

How CISOs Can Reduce the Danger of Using Data Brokers

"Due to the increasing regulatory compliance framework regarding data collection notice and consent, there are data brokers that have huge subsets of their data that is not 'clean' and they cannot make reps and warranties about it to third parties that want to leverage that data," says Sean Buckley, an attorney with law firm Dykema who specializes in data privacy issues. "The risk to the data broker circles back to whether their data is 'clean' and whether they can prove it if necessary." ClearData CISO Chris Bowen argues that data tracking is critical when dealing with purchased files, but it can also prove quite difficult — even impossible — if the organization didn't tag it sufficiently from the beginning. "You need to closely track where the data lives and where it flows," Bowen says. "You need to tag the source of each field in the database. You need consistent links through petabytes of data, structured and unstructured." Most security executives are not comfortable with this approach because dataflow analysis is outside of their usual remit, he adds.

Unlocking Digital Business Transformation Success

It is often misunderstood that technology is at the heart of digital transformation. Although technology could create exponential possibilities in the current digital economy, it is really the transformation part—the journey an organization takes with its ecosystem of people—that creates the solid foundation to accelerate these opportunities. Buy-in is essential for achieving long-term sustained success in the context of digital business transformation, where initiatives may be complex and significantly impact the business. There are a few inventive strategies that can successfully gain people’s buy-in and influence them to change both their attitudes and behaviors. To start, trust and empathy are the foundational components that lay the groundwork for buy-in and effective collaboration, and it is at the center of digital transformation strategies. The role of the leadership team shifts from being directive to one that promotes a safe, open and trustworthy environment. Another key element in engaging the human element for transformation is to focus on adding value.

UK DPDI bill seeks to reform GDPR - here's what you need to know

"Clarifications around legitimate interests, scientific research and automated decision making are bound to make it easier for companies to explore the potential of new technologies and AI without worrying about the risk of technical non-compliance with rules that lack clarity," he told TechRadar. From a user's perspective, the proposal is said to also be advantageous in coping with the issues of the so-called "pop-up fatigue." The term describes the act of consumers clicking away their rights of privacy in order to escape repetitive and annoying cookies. "But users will probably see little practical differences. Cookie consents will still be needed for many advertising-related cookies (and many businesses may adopt a single EU-level approach). This is at least until browser based controls are more developed," said Patrikios ... "The DPDI Bill is a power grab by the government that will undermine data rights in the UK. The bill weakens data subjects rights and corporate accountability mechanisms, politicizes the ICO, and expands the Secretary of State’s powers in numerous, undemocratic ways," said Abigail Burke

Why a College Degree is No Longer Necessary for IT Success

“Some the most talented, brilliant technical professionals I know … who are currently leading top tech research roles and holding executive positions at prestigious organizations, do not have degrees,” she says. “Smart organizations recognized their talent; their success speaks for itself.” With many IT skills, including software development and data science, it’s important for learners to gain hands-on experiences where they're practicing and applying their skills in real-time, observes Mike Hendrickson, vice president of tech and dev products at educational technology firm Skillsoft. “Many online learning platforms provide interactive, flexible training solutions that meet people where they are, whether they're learning independently or within their organization.” Hendrickson believes that online training can be far more efficient than a four-year college program. “Another benefit is this training can be tailored to company-specific or industry-focused content and solutions, so learners can practice and apply their skills to real work environments and scenarios,” he explains.

6 ways to avoid and reduce data debt

Like technical debt, data debt is easier to identify after its creation. Data debt often requires teams to refactor or remediate the issues before building data pipeline improvements or new analytics capabilities. Implementing best practices that minimize new data debt is harder, especially when teams can’t predict all the future analytics, dashboarding, and machine learning use cases. Michel Tricot, cofounder and CEO of Airbyte, says, “Debt is not bad. However, debt needs to be repaid, which should be the focus because important decisions will be made with the data.” ... “Data observability is when you know the state and status of your data across the entire life cycle,” says Grant Fritchey, devops advocate at Redgate Software. “Build this kind of observability when you set up a dataops process to know if and where something has gone wrong and what’s needed to fix it.” Grant also says that data observability helps communicate data flows to business users and establishes an audit trail to support debugging and compliance audits.

The Role of Human Resources in Cybersecurity

Developing an effective cybersecurity awareness training program requires a balance between providing enough information to be useful and not overwhelming. Human resources’ expertise with employees through the years is an invaluable resource for creating cybersecurity training programs that are engaging and frequent (but not too frequent). The CIO, on the other hand, is an essential partner in training employees on cybersecurity. The CIO’s role is to work with the human resources department to ensure their technology needs are met and help guide them to more effective solutions. The CIO is also a partner for employee recruitment, hiring and retention, especially for IT and security professionals. The CIO can affect organizational change by partnering with human resources and IT to develop an integrated cybersecurity awareness training program for employees of all technical proficiencies. Building upon HR’s close connection with every employee, the CIO can lead the way in building a culture of cybersecurity.

Quote for the day:

"Leadership is the wise use of power. Power is the capacity to translate intention into reality and sustain it." -- Warren Bennis

No comments:

Post a Comment