Daily Tech Digest - October 13, 2023

Meet the New DevSecOps

AI-powered DevSecOps for the enterprise merges AI capabilities that evolved separately until now:AI-powered software delivery workflows enable software delivery processes to automate large-scale programs like app modernization and cloud migrations. AI-based code governance helps developers use code-assist and other generative AI tools to speed up the writing, checking and optimizing of traditional code. Predictive intelligence applies machine learning algorithms to data across the entire software development and delivery life cycle (SDLC) so managers gain earlier software delivery insights in order to forecast capacity, foresee risks and respond to changes. The reality is that when AI solutions are implemented — often in piecemeal fashion among smaller teams — they add to the clutter of siloed and fragmented tools, methods and processes that will eventually bite back on the short-lived perception of “progress.” A truly systemic approach to DevSecOps that merges and leverages AI capabilities at scale is one of the most important adjustments an enterprise can make for a lasting advantage in today’s AI-augmented world.


Navigating Data Management At a Strategic & Tactical Level

In Mexico, the biggest challenge is determining the part of the data management strategy to focus on first. Some data integration strategies seek to purchase technology in the hope that it will solve all their problems. However, it is essential to first organize the data before attempting to solve everything in a single move or through a single technology. Before developing a Master Data Management (MDM) strategy, companies must first sit down and identify what they want from it. The data strategy should come from the top of the organization because it will require a cultural shift to implement it correctly. ... Having technological expertise alone is not enough to help the client capitalize on the collected data. Alldatum focuses on the human side of technology, which is sometimes overlooked. We want to help clients extract value from information because if they succeed in their data strategies, their company will grow and they will make better decisions. If they make better decisions, there will be more job opportunities, which will positively impact the country's economy.


The impact of artificial intelligence on software development? Still unclear

It's common for experts to suggest these days that AI will deliver significant boosts to software development and deployment productivity, along with developer job satisfaction. "So far our survey evidence doesn't support this," the report's authors, Derek DeBellis and Nathen Harvey, both with Google, state. "Our evidence suggests that AI slightly improves individual well-being measures -- such as burnout and job satisfaction -- but has a neutral or perhaps negative effect on group-level outcomes such as team performance and software delivery performance." These flat findings are likely due to the fact that we're still at the early stages of AI adoption, they surmise: "There is a lot of enthusiasm about the potential of AI development tools, as demonstrated by the majority of people incorporating at least some AI into the tasks we asked about. But we anticipate that it will take some time for AI-powered tools to come into widespread and coordinated use in the industry."


Quantum risk is real now: How to navigate the evolving data harvesting threat

The real emphasis of HNDL threats is on high-value, long-term data assets like trade secrets or intellectual property, which are passively harvested from large-scale data access points rather than personal WiFi hotspots. In essence, if a device is likely to possess important actionable information of near-term value, it’s more likely to be attacked immediately rather than be subjected to a longer-term HNDL strategy. Given the sensitive nature of the data at stake — from personal information to state secrets — the HNDL risk poses a severe threat. ... Understanding quantum security is essential in mitigating the risk of HNDL attacks. Once asymmetric encryption, which is currently not quantum-safe, is broken, session keys and symmetric keys will be exposed. Therefore, mitigation involves either using quantum-secure encryption or eliminating the transmission of encryption keys altogether. It’s essential to clear up a common misconception: While Advanced Encryption Standard (AES) is often touted as quantum-safe, the security of AES often hinges on the RSA mechanism — a type of asymmetric encryption — used to distribute its keys, which is not quantum-safe.


What is a data architect? Skills, salaries, and how to become a data framework master

Data architects are senior visionaries who translate business requirements into technology requirements and define data standards and principles, often in support of data or digital transformations. The data architect is responsible for visualizing and designing an organization’s enterprise data management framework. This framework describes the processes used to plan, specify, enable, create, acquire, maintain, use, archive, retrieve, control, and purge data. The data architect also “provides a standard common business vocabulary, expresses strategic requirements, outlines high-level integrated designs to meet those requirements, and aligns with enterprise strategy and related business architecture,” according to DAMA International’s Data Management Body of Knowledge. ... The data architect and data engineer roles are closely related. In some ways, the data architect is an advanced data engineer. Data architects and data engineers work together to visualize and build the enterprise data management framework. The data architect is responsible for visualizing the “blueprint” of the complete framework that data engineers then build.


How Agile Teams Can Improve Predictability by Measuring Stability

The stability metric, Ψ, is a really simple calculation that can be done on the back of an envelope. It has two inputs: the arrival rate, λ, and the service rate, μ. The arrival rate is the number of PBIs added to a system in a period of time. The service rate, μ, is the number of PBIs successfully done by the team in the same period of time. With these two inputs you can calculate the dimensionless Ψ by just dividing the service rate by the arrival rate. When Ψ is less than one, the system is unstable; when it is greater than one, it is stable, and when it is equal to one it is optimally stable. When Ψ is equal to one, the average arrival rate is equal to the average service rate and Little’s law applies. In this state, the backlog is neither growing nor shrinking over time and the average time an item will spend before it is done can be calculated by dividing the total number of items in the system, L, by the arrival rate, λ. When Ψ is less than one, then items are arriving faster than they can be dealt with and the backlog is growing.


DarkGate Operator Uses Skype, Teams Messages to Distribute Malware

Trend Micro's analysis showed that once DarkGate is installed on a system, it drops additional payloads. Sometimes those are variants of DarkGate itself or of Remcos, a remote access Trojan (RAT) that attackers previously haveused for cyber-espionage surveillance and for stealing tax-related information. Trend Micro said it was able to contain the DarkGate attacks it observed before any actual harm came to pass. But given the developer's apparent pivot to a new malware leasing model, enterprise security teams can expect more attacks from varied threat actors. The objectives of these adversaries could vary, meaning organizations need to keep an eye out for threat actors using DarkGate to infect systems with different kinds of malware. While the attacks that Trend Micro observed targeted individual Skype and Teams recipients, the attacker's goal clearly was to use their systems as an initial foothold on the target organization's networks. "The goal is still to penetrate the whole environment, and depending on the threat group that bought or leased the DarkGate variant used, the threats can vary from ransomware to cryptomining," according to Trend Micro.


Managing a Freelance Data Science Team

Freelance data scientists are a unique breed. They combine the technical skills of a data scientist with the entrepreneurial mindset of a freelancer. They are highly self-motivated, disciplined, and adaptable, able to navigate the uncertainties of freelance work while maintaining a high level of professional expertise. In terms of technical skills, freelance data scientists typically have advanced degrees in fields like statistics, computer science, or data science, and have a deep understanding of machine learning algorithms, statistical modeling, data visualization, and programming languages like Python and R. They are also adept at using data science tools and platforms like Hadoop, Spark, and Tableau. However, what sets freelance data scientists apart is their ability to operate independently. They are comfortable with remote work, adept at managing their time, and capable of maintaining strong relationships with clients. They are also often more up-to-date with the latest industry trends and technologies, as they need to constantly upskill to remain competitive.


Researchers: The Future of AI Is Wide, Deep, and Large

In their research, the team considered the relationship between deep and wide neural networks. Using quantitative analysis, they found that deep and wide networks can be converted back and forth on a continuum. Using both will give a bigger picture and avoid bias. Their research hints at the future of machine learning, in which networks are both deep and wide and interconnected with favorable dynamics and optimized ratios between width and depth. Networks will become increasingly complicated, and when dynamics reach the desired states, they will produce amazing outcomes. “It’s like playing with LEGO bricks,” said Wang. “You can build a very tall skyscraper or you can build a flat large building with many rooms on the same level. With networks, the number of neurons and their interconnection are the most important. In 3D space, neurons can be arranged in myriad ways. It’s just like the structure of our brains. The neurons just need to be interconnected in various ways to facilitate diverse tasks.”


Why we need to focus AI on relationships

Granted, you also need to onboard the AI to make sure employees trust the tool and will use it. This can be problematic, given that many employees fear that AI will replace them. A Harvard Business Review article provided guidance on how to do this properly, suggesting that the AI be set up to succeed following known successful procedures first and then advancing the interaction as the employee becomes comfortable with the tool. In other words, you start by making the AI into an assistant that enhances and helps the employee, then allow it to become a monitor/mentor as it provides real-time feedback on how the employee is interacting with others in the company. The next phase is the coach, where the AI becomes proactive and able to provide more detailed feedback at times of the employee’s choosing, with the final phase being that the AI becomes a teammate, able to autonomously do things on behalf of the human/AI team. During this evolution of the personal AI, the employee trains the AI and the AI trains the employee, so they become two parts of a more productive team.



Quote for the day:

"Leadership is absolutely about inspiring action, but it is also about guarding against mis-action." -- Simon Sinek

No comments:

Post a Comment