The Value of a Virtual Chief Information Security Officer
The value of vCISO services extends beyond technical expertise. It plays a vital
role in raising awareness of various security incidents, threat detection and
fostering a culture of cybersecurity within your organization. Through employee
training and education programs, they empower your staff to identify and
mitigate potential risks, ultimately strengthening your overall information
security program and your security posture. Additionally, a vCISO helps you
navigate the complexities of incident detection and incident response, and
breach management. In the unfortunate event of a security incident, they can
provide immediate support, guiding you through the necessary steps to contain
the breach, minimize damage, and restore operations swiftly. This proactive
approach to incident management and managed detection can save your business
valuable time, money, and reputation. Lastly, a vCISO keeps a vigilant eye on
the evolving cybersecurity landscape, constantly monitoring emerging threats,
vulnerabilities, threat intelligence, and regulatory changes.
Engineering as Art: Embracing Creativity beyond Science
Spending years gaining experience and refining skills may constrain our
imagination, creativity, and focus. Cultivating a "Beginner's Mind" suggests
that embracing this mindset can lead to acquiring new abilities, making wiser
choices, and fostering empathy. The essence of a Beginner's Mind lies in
liberating ourselves from preconceived notions about the future, thus reducing
the risk of stress or disappointment. Adopting a beginner's mindset proves
beneficial for artists, allowing them to overcome creative blocks, initiate
fresh ideas, and break free from self-imposed limitations. However, this mindset
is broader than artists; engineers and less creative individuals can also
benefit from it. Through years of dedicated practice and execution, our minds
unconsciously develop recurring patterns, transforming them into mental
shortcuts, rules, and best practices. I’ve had success getting into a beginner’s
mindset over the years by avoiding pre-judgment when learning new technologies
and working with a beginner in the domain.
AI as the next computing platform
In all its forms, AI is powerful because it spots and leverages patterns. This makes it a tool aiding one of humankind’s greatest cognitive skills. Pattern insight is the basis of the scientific method and the servicing of markets — our society’s twin cornerstones of innovation. For example, pattern-spotting AI is core to understanding how proteins fold, and it’s how a generative AI service trains on an LLM, deciding what to write next. Whether it’s humans or machines searching for patterns, and increasingly it will be both, the quality of the outcome depends on the quality of the data, to a point with rich, diverse and above all accurate data may be the single greatest driver of success. Serving this need will be a big business in the growth of the AI platform. Like its predecessors, the capabilities of the AI platform will improve, to a point where both employees and customers will expect accurate and timely information, more efficient use of resources, and personalization that changes depending on the context of the moment. Thus, it is a business not just of one pattern, but an intersection of several, at new levels of complexity and risk management.
Software services industry in transition
The companies share one problem as a common denominator: How do they transform
their business model to address AI-enabled changes that seem to be moving at the
speed of light? Especially in the last 6-9 months, ChatGPT has captivated global
attention with its AI potential. ChatGPT, an AI Chatbot, acts like a human
assistant answering questions based on human prompts. The tool is transforming
the ideation and creative process in industries as diverse as advertising,
marketing, and engineering. Another tool, GitHub Copilot, has revolutionised the
field of AI-assisted code development by providing coding support in major
software languages. Likewise, Databricks has released an AI tool that accepts
English as input and outputs the needed code. These tools are available today
for anyone to use. Customer service, which has long been supported by the Indian
Business Process Outsourcing (BPO) industry, is already witnessing chatbots,
touted as “the next big thing in technology”, being increasingly deployed in
place of human agents.
Three Horizons of Your API Journey
APIs are designed and developed as part of the application and architecture
planning process to integrate tightly with underlying systems, infrastructure
and backend or data applications. This approach emphasizes the importance of
well-defined, well-documented and reusable APIs with the goal of deploying them
as the foundation for scalable and interoperable systems. ... These governance
practices ensure consistent API design, security, versioning and life-cycle
management across the organization, enabling efficient collaboration and
integration with external stakeholders. Ideally, much of this is automated with
baseline schemas set for API creation and policy types for different APIs
classes. Because the API stack is flexible and loosely coupled, this horizon
stage is where the platform ops team should evaluate new technologies that could
help their organization improve their API systems — new formats like GraphQL,
generative AI tools for automated and updated documentation and languages like
Denon that generate API-friendly code out of the box.
Composable Enterprise – An Enterprise Architect View
By definition, composable enterprise focuses on modularity. Modularity means
being able to recompose and compose the IT landscape. It is achieved by
organizing data into small, discrete units used to create new data sets faster
and effortlessly. Composable enterprise moves away from single, large, and
complex applications to decoupled business procedures. These modular business
procedures are modified into workflows for particular purposes and integrated
across the organization’s technology stack. ... Once you have understood the
ecosystem, it’s time to assess the composability need and identify the scope.
Specifically, focus on areas that need composability the most. Ask questions
such as “Where do I need a faster time-to-market?” Use the inventories generated
in the first step, including value streams, customer journeys, and business
capabilities. This will help you assess and determine where to improve
time-to-market and efficiency. As a result, you can prioritize your
composability efforts in those areas to optimize speed-to-market.
6 interview questions for agile tech leads
A tech team lead’s responsibilities can vary significantly across organizations
and teams, with some expecting tech leads to be hands-on coding with the team,
while others expect them to function as a solutions architect. Simon Metson, VP
of engineering at EDB, recommends using a straightforward test to evaluate
coding skills. “We use a simple, and deliberately so, coding test prior to the
interview,” he says. “The resulting app, which should take an hour or two to
complete, gives us something to discuss in the interview and assess how the
candidate codes, solves problems, and communicates.” Metson says the test isn’t
just about technical chops, and is more about how the candidate plans for
scalability. “The question I like to ask is, how they’d scale out the
application so that instead of running for one person, it’s used by millions.
That’s a good test of how they approach complexity, what technologies they’re
familiar with or interested in, and how they think about teams and crossing
organizational boundaries.
Agile Planning With Generative AI
Generative AI will eventually impact the entire DevOps life cycle from plan to
operate. I started as a developer but have been a product manager for most of my
career; for me, the ‘Holy Grail of DevOps’ would be one where product managers
(PMs) and business analysts (BAs) were able to define a future state of a
business process and press a button to deliver it without any developers,
designers or testers involved. This dream is not practical in the near term and
is not really desirable in the long term, either. PMs and BAs are good at
understanding the needs of users and translating them into features but aren’t
interaction designers. ... So my dream is to build a team where the BAs can
define the changes and a small team of very talented architects and interaction
designers can realize those changes in 10% of the time it takes today without
requiring a large team to implement the details. This is similar to what has
happened in manufacturing where robots and numerically controlled machines are
able to do the heavy lifting with the help of operators.
Has Microsoft cut security corners once too often?
It seems all but certain that the cybersecurity corner-cuttings that happened in
the China attack were done by some mid-level manager. That manager was confident
that opting for a slight cost reduction would not be a job risk. Had there
been a legitimate fear of getting fired or even just having their career
advancement halted, that manager would have not chosen to violate security
policy. The sad truth, though, is that the manager confidently knew that
Microsoft values margin and market share far more than cybersecurity. Think of
any company you believe takes cybersecurity seriously, such as RSA or Boeing.
Would a manager there ever dare to openly violate cybersecurity rules? If this
is all true, why don’t enterprises take their business elsewhere? This brings us
back to the “you can’t get fired for hiring Microsoft” adage. If your enterprise
uses the Microsoft cloud — or, for that matter, cloud services at Google or
Amazon — and there’s a cybersecurity disaster, chances are excellent senior
management will blame Microsoft.
Workplace monitoring needs worker consent, says select committee
While the government said in its AI whitepaper that it would empower existing
regulators – including the HSE – to create tailored, context-specific rules that
suit the ways AI is being used in the sectors they scrutinise, the Ada Lovelace
Institute said in July 2023 that, because “large swathes” of the UK economy are
either unregulated or only partially regulated, it is not clear who would be
responsible for scrutinising AI deployments in a range of different contexts.
Responding to the connected technologies report, Andrew Pakes, deputy general
secretary of Prospect Union, said that although the monitoring of employees
through various devices is becoming increasingly commonplace, regulation is
lagging well behind implementation. “These are important recommendations from
the Culture, Media and Sport committee report and would go some way to
identifying the true scale of the issue, through government research, and
catching up with the reality of worker surveillance. In particular, it is vital
that workers are fully informed and involved in the design and use of monitoring
software and what is being done with the data collected,” he said.
Quote for the day:
“When people go to work, they shouldn’t
have to leave their hearts at home.” -- Betty Bender
No comments:
Post a Comment