3 things that make a CIO-CFO dream team
A study conducted by Gartner, detailed in the report “CIOs: Improve How You
collaborate With Your CFO,” found that when CFOs are asked how well their most
senior IT executive understands the impact of technology on finance, more than
half indicate that their IT counterparts are lacking in this area. But
surprisingly few companies choose CIOs for their financial skills. “Financial
knowledge is not something clients typically ask for when recruiting a CIO,”
says Thistle. “However, the CIO will be expected to understand and manage IT
costs and budgets, both Capex and Opex.” ... “Even when there is a CFO of IT,
the person at the top, the CIO, still needs to understand finance,” he says.
“Most CIOs don’t have the benefit of a background in finance. I’ve never met a
CIO who went into IT to manage money, yet that’s what they have to do. They
have to run IT like a business within a business.” The biggest challenge is
not getting a handle on cost, but on value. CIOs can easily show cost on a
general ledger. But estimating the future value of technology is more art than
science. Investment decisions need to be driven by business outcomes that can
be measured and, ideally, monetized.
‘Shadow’ AI use becoming a driver of insider cyber risk
“People don’t need to have malicious intent to cause a data breach,” said Ray.
“Most of the time, they are just trying to be more efficient in doing their
jobs. But if companies are blind to LLMs accessing their back-end code or
sensitive data stores, it’s just a matter of time before it blows up in their
faces.” Insider threats are thought to be the underlying reason for almost 60%
of data breaches, according to Imperva’s own data, but many are still not
properly prioritised by organisations since a not insignificant number of them
are simply cases of human error – a recent study by the firm found that 33% of
organisations don’t perceive insiders as a significant threat. Ray said trying
to restrict AI usage inside the organisation now was very much a case of
shutting the stable door after the horse had bolted. “Forbidding employees
from using generative AI is futile,” said Ray. “We’ve seen this with so many
other technologies – people are inevitably able to find their way around such
restrictions and so prohibitions just create an endless game of whack-a-mole
for security teams, without keeping the enterprise meaningfully safer.”
Generative AI may help make 'low-code' more 'no-code' - but with important caveats
AI will ultimately serve "as a way to enable low-code and no-code
environments," says Leon Kallikkadan, vice president of technology at Atrium.
"I also think that as other partnerships can come onboard it will make
low-code and no-code more of a possibility. I believe it will be a phased
approach whereby as you, the human developer builds it, an AI component will
start creating a vision or future step. The long-term possibilities depend on
how deep the integration is, but yes, it can go that far to become a low-code,
no-code environment." No and low-code solutions may be a good fit for
non-technical users. "Low code is more geared towards non-coders," says Jesse
Reiss, CTO of Hummingbird. "It provides organizations with the ability to
reimagine business processes without obtaining steep IT expertise. This is
crucial for small- to medium-sized businesses, especially during the ongoing
labor challenge where they can be short-staffed or do not have the resources
to support business operations." Generative AI is more suitable for
development work requiring high-level expertise, experts state.
Top Issues Architecture Leaders Need to Address in 2023
Over the next five years, leaders need to be aware that the architect resource
shortage will not improve. Resources may be unavailable in the marketplace as
you look to refill your bench. Today, there are 10 to 20 open positions for
every available architect looking for a job, and the future job market looks
bleak. This resource shortage means architecture leaders will either need to
develop the skills and experiences internally or they will need to look at how
they utilize technology to do more with fewer people, and most probably a
combination of both. If you’re looking to do more with less or training new
architects, determine now how to maintain the tribal knowledge of your senior
architects. ... Most of today’s architects analyze in Excel or the standalone
modeling tools they work in. When architects are only looking at a minimal set
of information, they are missing the broad operational data available across
the organization, which are found in systems like CMDB, CRMs, ERPs, HR
solutions, and facility management systems to gather critical operational data
about what’s going on in terms of manufacturing processes, business processes,
org structures, costs, and more.
SEC notice to SolarWinds CISO and CFO roils cybersecurity industry
The move by the SEC will make CSOs more individually accountable for
cybersecurity, said Agnidipta Sarkar, a former CISO of pharmaceuticals company
Biocon. "Though it doesn’t mean that the CISO has been charged, it is a new
milestone. From today onwards, CISOs will increasingly be made accountable for
the decisions they take or did not take," Sarkar said. However, attributing
blame solely to the CISO or CFO might not always be fair or accurate, said
Ruby Mishra, CISO at KPMG India. "In order to manage cybersecurity
effectively, the organization adopts a multilayered approach involving various
stakeholders and departments. Holding the CISO or CFO solely responsible for a
cyberattack may overlook the collective responsibility," Mishra said. ...
"Before issuing the notice, the SEC may have considered a variety of factors,
including specific circumstances, and legal frameworks, or may have
demonstrated negligence if CISO failed to implement adequate security
measures, neglected SEC policies, guidelines, and practices, or ignored known
vulnerabilities," Mishra said.
3 Initiatives CISOs Can Take for Their Security and Resilience Journey
Businesses can help reduce the risk of a data breach by creating the right
cyber defense and recovery plans. This comprehensive strategy should include
the following: A risk assessment of the IT environment’s threat landscape; An
incident response plan that defines in detail the procedures to follow after a
breach; A business continuity plan that outlines how to recover from a
breach as quickly and gracefully as possible. According to the U.S. Department
of Defense, “zero trust” means that organizations should “never trust, always
verify” (DOD CIO, 2022). Rather than granting indiscriminate access to
applications, devices, and other IT assets, businesses should give users only
the resources they need when they need them. In a zero-trust approach, all
users, devices, and applications are treated as potentially compromised, with
the organization’s defenses locked down accordingly. Techniques may include
strict access controls, multifactor authentication (MFA), and monitoring user
activities. Certified CISOs should act to define a zero-trust strategy that
aligns with the organization’s IT governance and compliance requirements.
Proxmox 8: New Features and Home Lab Upgrade Instructions
Proxmox VE (Proxmox Virtual Environment) is an open-source server
virtualization management solution allowing users to manage virtual machines,
such as Windows or Linux machines and Linux containers. It’s based on the
Debian Linux distribution and combines two virtualization technologies, KVM
(Kernel-based Virtual Machine) and LXC (Linux Containers), managed through a
web-based interface. The Proxmox platform is used in virtual environments to
improve efficiency and ease management tasks. It allows users to deploy,
manage, and monitor virtual machines (VMs) and containers, network settings,
storage systems, and more, all from a single, integrated platform. Proxmox
also provides high-level features like live migrations of VMs without
downtime, high availability, or automated backups, making it a robust choice
for managing virtual environments, whether for small businesses or larger
enterprises. Its open-source nature allows for active community involvement
and provides a cost-effective solution for virtualization needs.
Secret CSO: Dan Garcia, EnterpriseDB
It’s important to surround yourself with people who are there to support you
and push you to be the best that you can. Having a strong support system is
vital. Along the way I had many mentors, some who played an important role for
where I was at the time. Mandy Andress who is the CISO at Elastic, provided me
with my opportunity within Security Operations at MassMutual and I’ll always
be grateful for that chance. ... Balance. Information security is one of the
few areas within the business that cuts through multiple departments,
functions, skill sets, and problems that need attention. Finding the balance
of where to spend your time and resources can be challenging, but it’s an
important thing to get right in order to most effectively solve organisational
problems. ... Hiring within information security will always be challenging.
We’re not just looking for technical skills, but also an individual’s
experience, their past organisations’ security posture, and how those
companies approached processes and program structure.
Inside the race to build an ‘operating system’ for generative AI
The operating-system analogy helps to illustrate the magnitude of the change
that generative AI is bringing to enterprises. It is not just about adding a
new layer of software tools and frameworks on top of existing systems. It is
also about giving the system the authority and agency to run its own process,
for example deciding which LLM to use in real time to answer a user’s
question, and when to hand off the conversation to a human expert. In other
words, an AI managing an AI, according to Intuit’s Srivastava. Finally, it’s
about allowing developers to leverage LLMs to rapidly build generative AI
applications. This is similar to the way operating systems revolutionized
computing by abstracting away the low-level details and enabling users to
perform complex tasks with ease. Enterprises need to do the same for
generative AI app development. Microsoft CEO Satya Nadella recently compared
this transition to the shift from steam engines to electric power. “You
couldn’t just put the electric motor where the steam engine was and leave
everything else the same, you had to rewire the entire factory,” he told
Wired.
A Perfect Wave: Event Driven Business Architecture
In general, in traditional IT data used to be hidden behind fortified castle
walls. Access was difficult and the main purpose was to store the data
securely. This is changing. Nowadays, modern IT has started to act as a
nervous system ensuring that data is made available asap where it is needed,
and that it can be used immediately to gain an advantage based on fully up to
date information. Let’s have a quick look three customer citations that
describe very well why customers move to Event Driven Business Architecture:
“We need to move at the speed of business“, Scott, IT, Fortune 500 customer,
translating to: everything has become so much faster and we need to be able to
support our business; “We want our ERP to be a team player“, Derrick, Fortune
500 customer, translating to: player skills don’t just add up in a team sport,
they multiply. This is why your ERP talking to your SuccessFactors talking to
your Ariba in real time is so important. It adds lots of value; “It’s a sin“,
Alex, Automotive Supplier, translating to: it is a sin not to use your
business data. Don’t just hide it and lock it away so that nobody can use it
like it is often still done
Quote for the day:
"There is no substitute for
knowledge." -- W. Edwards Deming