Daily Tech Digest - August 08, 2023

The Value of a Virtual Chief Information Security Officer

The value of vCISO services extends beyond technical expertise. It plays a vital role in raising awareness of various security incidents, threat detection and fostering a culture of cybersecurity within your organization. Through employee training and education programs, they empower your staff to identify and mitigate potential risks, ultimately strengthening your overall information security program and your security posture. Additionally, a vCISO helps you navigate the complexities of incident detection and incident response, and breach management. In the unfortunate event of a security incident, they can provide immediate support, guiding you through the necessary steps to contain the breach, minimize damage, and restore operations swiftly. This proactive approach to incident management and managed detection can save your business valuable time, money, and reputation. Lastly, a vCISO keeps a vigilant eye on the evolving cybersecurity landscape, constantly monitoring emerging threats, vulnerabilities, threat intelligence, and regulatory changes.

Engineering as Art: Embracing Creativity beyond Science

Spending years gaining experience and refining skills may constrain our imagination, creativity, and focus. Cultivating a "Beginner's Mind" suggests that embracing this mindset can lead to acquiring new abilities, making wiser choices, and fostering empathy. The essence of a Beginner's Mind lies in liberating ourselves from preconceived notions about the future, thus reducing the risk of stress or disappointment. Adopting a beginner's mindset proves beneficial for artists, allowing them to overcome creative blocks, initiate fresh ideas, and break free from self-imposed limitations. However, this mindset is broader than artists; engineers and less creative individuals can also benefit from it. Through years of dedicated practice and execution, our minds unconsciously develop recurring patterns, transforming them into mental shortcuts, rules, and best practices. I’ve had success getting into a beginner’s mindset over the years by avoiding pre-judgment when learning new technologies and working with a beginner in the domain.

AI as the next computing platform

In all its forms, AI is powerful because it spots and leverages patterns. This makes it a tool aiding one of humankind’s greatest cognitive skills. Pattern insight is the basis of the scientific method and the servicing of markets — our society’s twin cornerstones of innovation. For example, pattern-spotting AI is core to understanding how proteins fold, and it’s how a generative AI service trains on an LLM, deciding what to write next. Whether it’s humans or machines searching for patterns, and increasingly it will be both, the quality of the outcome depends on the quality of the data, to a point with rich, diverse and above all accurate data may be the single greatest driver of success. Serving this need will be a big business in the growth of the AI platform. Like its predecessors, the capabilities of the AI platform will improve, to a point where both employees and customers will expect accurate and timely information, more efficient use of resources, and personalization that changes depending on the context of the moment. Thus, it is a business not just of one pattern, but an intersection of several, at new levels of complexity and risk management.

Software services industry in transition

The companies share one problem as a common denominator: How do they transform their business model to address AI-enabled changes that seem to be moving at the speed of light? Especially in the last 6-9 months, ChatGPT has captivated global attention with its AI potential. ChatGPT, an AI Chatbot, acts like a human assistant answering questions based on human prompts. The tool is transforming the ideation and creative process in industries as diverse as advertising, marketing, and engineering. Another tool, GitHub Copilot, has revolutionised the field of AI-assisted code development by providing coding support in major software languages. Likewise, Databricks has released an AI tool that accepts English as input and outputs the needed code. These tools are available today for anyone to use. Customer service, which has long been supported by the Indian Business Process Outsourcing (BPO) industry, is already witnessing chatbots, touted as “the next big thing in technology”, being increasingly deployed in place of human agents.

Three Horizons of Your API Journey

APIs are designed and developed as part of the application and architecture planning process to integrate tightly with underlying systems, infrastructure and backend or data applications. This approach emphasizes the importance of well-defined, well-documented and reusable APIs with the goal of deploying them as the foundation for scalable and interoperable systems. ... These governance practices ensure consistent API design, security, versioning and life-cycle management across the organization, enabling efficient collaboration and integration with external stakeholders. Ideally, much of this is automated with baseline schemas set for API creation and policy types for different APIs classes. Because the API stack is flexible and loosely coupled, this horizon stage is where the platform ops team should evaluate new technologies that could help their organization improve their API systems — new formats like GraphQL, generative AI tools for automated and updated documentation and languages like Denon that generate API-friendly code out of the box.

Composable Enterprise – An Enterprise Architect View

By definition, composable enterprise focuses on modularity. Modularity means being able to recompose and compose the IT landscape. It is achieved by organizing data into small, discrete units used to create new data sets faster and effortlessly. Composable enterprise moves away from single, large, and complex applications to decoupled business procedures. These modular business procedures are modified into workflows for particular purposes and integrated across the organization’s technology stack. ... Once you have understood the ecosystem, it’s time to assess the composability need and identify the scope. Specifically, focus on areas that need composability the most. Ask questions such as “Where do I need a faster time-to-market?” Use the inventories generated in the first step, including value streams, customer journeys, and business capabilities. This will help you assess and determine where to improve time-to-market and efficiency. As a result, you can prioritize your composability efforts in those areas to optimize speed-to-market.

6 interview questions for agile tech leads

A tech team lead’s responsibilities can vary significantly across organizations and teams, with some expecting tech leads to be hands-on coding with the team, while others expect them to function as a solutions architect. Simon Metson, VP of engineering at EDB, recommends using a straightforward test to evaluate coding skills. “We use a simple, and deliberately so, coding test prior to the interview,” he says. “The resulting app, which should take an hour or two to complete, gives us something to discuss in the interview and assess how the candidate codes, solves problems, and communicates.” Metson says the test isn’t just about technical chops, and is more about how the candidate plans for scalability. “The question I like to ask is, how they’d scale out the application so that instead of running for one person, it’s used by millions. That’s a good test of how they approach complexity, what technologies they’re familiar with or interested in, and how they think about teams and crossing organizational boundaries.

Agile Planning With Generative AI

Generative AI will eventually impact the entire DevOps life cycle from plan to operate. I started as a developer but have been a product manager for most of my career; for me, the ‘Holy Grail of DevOps’ would be one where product managers (PMs) and business analysts (BAs) were able to define a future state of a business process and press a button to deliver it without any developers, designers or testers involved. This dream is not practical in the near term and is not really desirable in the long term, either. PMs and BAs are good at understanding the needs of users and translating them into features but aren’t interaction designers. ... So my dream is to build a team where the BAs can define the changes and a small team of very talented architects and interaction designers can realize those changes in 10% of the time it takes today without requiring a large team to implement the details. This is similar to what has happened in manufacturing where robots and numerically controlled machines are able to do the heavy lifting with the help of operators.

Has Microsoft cut security corners once too often?

It seems all but certain that the cybersecurity corner-cuttings that happened in the China attack were done by some mid-level manager. That manager was confident that opting for a slight cost reduction  would not be a job risk. Had there been a legitimate fear of getting fired or even just having their career advancement halted, that manager would have not chosen to violate security policy. The sad truth, though, is that the manager confidently knew that Microsoft values margin and market share far more than cybersecurity. Think of any company you believe takes cybersecurity seriously, such as RSA or Boeing. Would a manager there ever dare to openly violate cybersecurity rules? If this is all true, why don’t enterprises take their business elsewhere? This brings us back to the “you can’t get fired for hiring Microsoft” adage. If your enterprise uses the Microsoft cloud — or, for that matter, cloud services at Google or Amazon — and there’s a cybersecurity disaster, chances are excellent senior management will blame Microsoft.

Workplace monitoring needs worker consent, says select committee

While the government said in its AI whitepaper that it would empower existing regulators – including the HSE – to create tailored, context-specific rules that suit the ways AI is being used in the sectors they scrutinise, the Ada Lovelace Institute said in July 2023 that, because “large swathes” of the UK economy are either unregulated or only partially regulated, it is not clear who would be responsible for scrutinising AI deployments in a range of different contexts. Responding to the connected technologies report, Andrew Pakes, deputy general secretary of Prospect Union, said that although the monitoring of employees through various devices is becoming increasingly commonplace, regulation is lagging well behind implementation. “These are important recommendations from the Culture, Media and Sport committee report and would go some way to identifying the true scale of the issue, through government research, and catching up with the reality of worker surveillance. In particular, it is vital that workers are fully informed and involved in the design and use of monitoring software and what is being done with the data collected,” he said.

Quote for the day:

“When people go to work, they shouldn’t have to leave their hearts at home.” -- Betty Bender

No comments:

Post a Comment