From CDO to CTIO – what tech leader job titles really mean, and who calls the shots
Like CDOs, Chief Technology Officers are very much on the rise. Particularly
in technology companies themselves and in start-ups, you are likely to find a
CTO at the head of the ship rather than a CIO, and this is also the case in
many legacy businesses who are aiming to transform themselves into
technology-led organisations: the emphasis on technology in the title better
reflects the wider brief of today’s digital leader. So, the CTO role is very
much ‘of our times’. There again, the CTO could also be a number two to the
CIO who leads all of technology, architecture and/or software engineering. ...
Hybrid roles have been very much on the rise recently, especially at the top
end. Instead of having ‘just’ a CIO or CDO or CTO, Chief Technology &
Information Officers are becoming more common. It’s a role that combines
accountability for IT with technology/product delivery. The CTIO will act as
an internal advisor to the Board on information strategy, infrastructure and
systems as well as being the leader in new product development with an eye to
the future and a horizon-scanning mindset.
CIOs must evolve to stave off existential threat to their role
Already under pressure to accelerate digital transformation, CIOs now often
find their voices drowned out by LOB executives who are heavily involved in
making technology decisions, according to the report. This trend could leave
CIOs vulnerable to decreased influence over the corporate technical agenda, or
pushed into a secondary C-suite role. ... To ward off LOB heads from their
turf, Linus Lai, chief analyst and digital business research lead at IDC A/NZ,
says CIOs must be able to demonstrate to other members of the C-suite how
their actions and decisions directly boost the bottom and top lines. CIOs
should also build stakeholder relationships within LOBs and leverage business
relationship managers to better serve customer-facing organizations. “CIOs
will have to ensure effective joint business outcomes from IT and LOBs by
delivering strategic digital business advice and enabling effective upwards
communication. They must initiate a critical review of sourcing practices to
manage the supplier ecosystem to maintain architectural goals and spending
targets ...
These Experts Are Racing To Protect AI From Hackers
Concerns about attacks on AI are far from new but there is now a growing
understanding of how deep-learning algorithms can be tricked by making slight
-- but imperceptible -- changes, leading to a misclassification of what the
algorithm is examining. ... "Data poisoning can be one of the most powerful
threats and something that we should care a lot more about. At present, it
doesn't require a sophisticated adversary to pull it off. If you can poison
these models, and then they're used widely downstream, you multiply the impact
-- and poisoning is very hard to detect and deal with once it's in the model,"
says Slater. If that algorithm is being trained in a closed environment, it
should -- in theory -- be reasonably well protected from poisoning unless
hackers can break in. But a bigger problem emerges when an AI is being trained
on a dataset that is being drawn from the public domain, especially if people
know this is the case. Because there are people out there -- either through a
desire to cause damage, or just to cause trouble -- who will try to poison the
algorithm.
5 strategies to manage cybersecurity risks in mergers and acquisitions
In tech deals where technology is the target’s product or an important part of
it, cybersecurity is a particular focus, said Philip Odence, general manager
of Black Duck Audit Business at Synopsys, who specializes in due diligence in
M&A transactions. As such, the acquiring company must determine if the
target company has designed security into its software. If not, the acquiring
company is buying into a bunch of unplanned future remediation work to
address, he says. “As excessive problems will mean a heightened chance of
getting breached, the buyer might want some portion of funds to be escrowed
against such an eventuality,” Odence says. “It’s also not highly unusual for
valuation to be negotiated if software is significantly not up to industry
norms.” Buyers don’t expect perfection, but if there are more than an expected
number of issues to address, the buyer’s perspective on the deal might change,
Odence says. It’s rare for due diligence discoveries to kill a deal, but they
could impact deal terms, timing, or valuation.
The Anatomy of a Comprehensive Penetration Test
The goal of a penetration test should be to deliver a blueprint for achieving
an improved security posture so these organizations can be set up for success.
This means including best practices for fixing any issues where specific
implementation details are not known by the pentester. It doesn’t stop with
just a list of diagnoses for vulnerabilities. A complete inventory of all
assets should also be included, with detail on the asset type, IP address, and
geolocation information. This will provide visibility into how large an
organization’s attack surface is and allow teams to understand which issues
should take priority when multiple are found. No asset or resource should be
considered “out of scope” when conducting a penetration test. This includes
not only the web application itself, but also any external resources that it
relies on, including API servers and third-party integrations. Developers may
claim that since they didn’t create those resources they shouldn’t be on the
hook to secure them, but the organization still needs to be accountable
because it is using them.
The Art Of Letting Go: How Data Minimization Can Improve Cybersecurity And Reduce Cost
One of the biggest challenges organizations face when it comes to implementing
data minimization is determining what data is necessary to keep and what can
(or should) be disposed of. With the vast amount of data generated and
collected every day, it can be overwhelming to know what data you have in the
first place, what’s important (or critical or sensitive or regulated) and what
data can—or should—be discarded. By reducing the amount of data stored,
organizations can decrease their risk of data breaches and improve regulatory
compliance. Data minimization can also streamline data management processes,
leading to increased efficiency and cost savings. So, how does one begin the
process of data minimization? It all starts with knowing your data.
Organizations need to have a clear understanding of what data they are
collecting, how sensitive it is and how it is being used. This can help
identify unnecessary data—often called redundant, obsolete or trivial (ROT)
data—that can be safely disposed of.
Five steps to champion a data product strategy
Treating data like a product gives more structure to the ownership, processes,
and technology needed to provide the organisation with access to clean,
curated, continuously-updated data. So, the data product becomes a
consumption-ready set of high-quality, trustworthy, accessible data that can
be applied to solve genuine business challenges. In short, it’s the best
version of data available to service a defined purpose and achieve a desired
outcome for the business. ... The first step once your strategy is signed off
is to develop a minimum viable data product (MVDP). Start small so you can
release quickly, before iterating and delivering further capabilities. Each
release of your data product should offer a little more value. This will help
drive adoption, as well as showing returns which will help you secure any
additional funding or resources required. Success will of course also depend
on your LOB partners understanding how to use the data product as part of
their existing working processes. It is rare that adding a new process will be
widely and successfully adopted.
Preventing artificial deception in the age of AI
Managing the concerns without stifling the potential of AI is the key
challenge facing regulators across the world. The US has chosen a hands-off
approach, encouraging private sector investment and prioritising AI research
and development. China has opted for a centralised system focused on economic
development and societal governance. The EU has focused more on regulation
emphasising transparency, accountability, and protection of human rights. This
includes proposed new regulations to establish standards for AI development
and deployment, including strict rules for high-risk AI applications and
biometric data usage, aiming to build trust in AI through transparency and
accountability while ensuring safety and ethical considerations. The UK has
adopted what it is calling a pro-innovation approach by enabling current
regulators to determine how best to adapt existing regulation to the deluge of
AI development and progress using a set of common principles. Whichever
approach is adopted, a new regulatory mindset will be required to keep up with
the pace of change.
12 ways IT leaders can build business buy-in
Modern CIOs know to speak in business terms and leave the tech jargon behind.
But those who are truly intertwined with their business unit colleagues are
speaking not only about strategy but key components of it: growth, revenue,
profit margin, and so on. As Kande explains, “The business is asking for
technology to deliver business outcomes: Are we selling more products and
services? Do we have [for example] more visibility into manufacturing or
supplies?” ... Another approach Juliano uses to ensure IT and business are in
lockstep as they advance organizational objectives is to identify and
highlight shared goals. For him, that means in part articulating IT’s piece of
initiatives as well as demonstrating IT’s commitment to co-owning success —
and, if things don’t go right, co-owning failure, too. “Your IT deliverables
should be 100% part of the business’ strategic goals,” he says. “But if you’re
making plans and you’re not seeing that there’s a clear IT objective, then
you’re reducing your chance of successes and I’d question why you’re not part
of that execution. So get your name on those goals so you are seen as a
co-deliverer. Make sure your name is primary or secondary owner.”
Digital transformation: How to teach the language of change
While the CIO or CTO is often the first ambassador for a digital
transformation, they need close collaboration from their peers to be
successful. Those who oversee the processes and the people in the organization
must work closely with the CEO to transform all three legs to keep the stool
upright. That means the entire C-Suite – chiefs of operations, HR, finance,
marketing, communications, and others – must be able to speak the language of
digital transformation fluently. It will take some work. The CEO, along with
the CTO/CIO, will need to teach their peers what digital transformation is all
about and how to make it happen. Then they all need to share a common vision,
a shared commitment, and a deep sense of accountability for the success of the
digital transformation. ... Anyone who has undergone a digital transformation
knows that it is one of the most significant undertakings an organization can
face. It reaches into every corner of the business, from operations to
customer satisfaction to employee culture. And it sets the tone for the next
transformation, whenever that may be.
Quote for the day:
"Not all readers are leaders, but all
leaders are readers." -- Harry S. Truman
No comments:
Post a Comment