Daily Tech Digest - February 18, 2024

Remote Leadership Strategies for Sustained Engagement

The leaders foresee a future where AI and collaboration technologies continue to reduce the friction of remote working and increase collaboration in the virtual world. “With the release of solutions such as Apple Vision, this will be the start of truly immersive remote leadership and collaboration that is both inclusive and focussed on employee wellbeing,” Boast says. “All this said, I hope we continue to make an effort to meet in person periodically to refresh and renew connections.” For Ratnavira, leaders have a critical role in fostering trust, continuous communication, and feedback, which is key to unlocking the full potential of a remote workforce and building high-performance teams. “A culture-first organization intuitively figures remote work because there is a lot of trust placed in individuals and investment made in their overall growth,” says Sambandam. Remote work models have proven that success can thrive in this transformative approach. “What was once the ‘new normal’ is now etched into the fabric of our operations,” he adds. “This isn’t a temporary shift; it’s a paradigm shift with no point of return.”

The Rise of Small Language Models

Small language models are essentially more streamlined versions of LLMs, in regards to the size of their neural networks, and simpler architectures. Compared to LLMs, SLMs have fewer parameters and don’t need as much data and time to be trained — think minutes or a few hours of training time, versus many hours to even days to train a LLM. Because of their smaller size, SLMs are therefore generally more efficient and more straightforward to implement on-site, or on smaller devices. Moreover, because SLMs can be tailored to more narrow and specific applications, that makes them more practical for companies that require a language model that is trained on more limited datasets, and can be fine-tuned for a particular domain. Additionally, SLMs can be customized to meet an organization’s specific requirements for security and privacy. Thanks to their smaller codebases, the relative simplicity of SLMs also reduces their vulnerability to malicious attacks by minimizing potential surfaces for security breaches. On the flip side, the increased efficiency and agility of SLMs may translate to slightly reduced language processing abilities, depending on the benchmarks the model is being measured against.

Why software 'security debt' is becoming a serious problem for developers

Larger tech enterprises appear to be the most likely to have critical levels of security debt, according to the report, with over three times as many large tech firms found to have critical security debt compared to government organizations. The flaws that make up this debt were found in both the first-party code and third party application code taken from open source libraries, for example. The study found nearly two-thirds (63%) of the applications scanned had flaws in the first-party code, compared to 70% that had flaws in their third-party code. ... Eng’s advice for reducing security debt caused by flaws in first party code is to better integrate security testing into the entire software development lifecycle (SDLC) to ensure devs catch issues earlier in the process. If developers are forced to carry out security testing before they can merge new code into the main repository, this would go a long way in reducing flaws in first party code, Eng argued. But, Eng noted, this is not how the majority of businesses operate their development teams. “The problem is not every company is doing security testing at that level of granularity. 

Mythbust Your Way to Modern Data Management

Enterprises often believe there is one path for data compression. They may think that data compression is done exclusively in software on the host CPU. Because the CPU does the processing, there is the risk of a performance penalty under load, making it a non-starter for critical performance workloads. In the same way, the data pipeline within your organization is unique and tailored to your requirements, and architecting how data flows offers plenty of options. Data compression can be done in many ways, and the outcomes of choosing how and where compression should be processed can lead to benefits that cascade throughout the architecture. ... How can you improve the overall cost of ownership of your infrastructure? How can you increase storage and performance while decreasing power consumption? How can you make the data center more sustainable? When organizations try to solve these sorts of problems, data compression may not immediately leap to mind as the answer. Data compression doesn’t get more attention because organizations simply aren’t thinking about it as a problem-solving tool. This becomes clear when you look at search trends related to data and see that “enterprise data compression” is orders of magnitude lower down the results than something like “data management.”

Want to be a data scientist? Do these 4 things, according to business leaders

"You have to try new tech continuously," he says. "Don't hesitate to use generative AI to help you complete your job. Now, you can write code by saying to a model, 'Okay, write me something that does this.' So, be open -- embrace the tech. I think that's important." Martin says that he's not your typical chief data officer (CDO). Rather than just focusing on leadership concerns, he still gets his hands dirty with code -- and he advises up-and-coming data talent to do the same. "It's important if you want to get ahead that you understand what you're doing and that you're playing with tech," he says. "It gives me an edge, especially in mathematics and data science. I know about statistics, and I can build models myself." ... "While we can talk about math expertise, which is important because you need some level of academic capability, I think more important than that, certainly when I'm recruiting, is that I'm looking for the rounded individual," he says. "The straight A-grade student is great, but that person might not always be the best fit, because they've got to manage their time, they need to interact with the business, and they need to go and talk with stakeholders from across the business."

The best part of working in data and AI is the constant change

AI and analytics is such a vast field today that it gives people the freedom to chart their own course. You can choose to deep dive into an area of data – such as data governance, data management, data privacy, or become a data scientist working with ML models. You can take on the more technical roles of data engineering, data architecture, or take a more holistic advisory role in consulting the client on their end-to-end data and AI strategy. You can choose to work for a consulting firm like Accenture and help solve problems for clients across industries or be part of an organisation’s internal data teams. The field of AI and analytics offers many career paths and is only going to grow as we head towards a future underpinned by data and AI. ... While technical skills underpin many roles in the space and should be developed consistently, logical reasoning, strategic thinking, industry knowledge etc, play an important part as well. My advice is to build a network of mentors and peers who can be your guides in your career journey. The support and wisdom of those who have walked this path before can be invaluable. But, equally, trust your unique perspective and voice. Your diversity of thought is a strength that will set you apart.

A quantum-safe cryptography DNSSEC testbed

In the context of the DNS, DNSSEC may no longer guarantee authentication and integrity when powerful quantum computers become available. For the end user, this means that they can no longer be sure that when they browse to example.nl they will end up at the correct website (spoofing). They may also receive more spam and phishing emails since modern email security protocols rely on DNSSEC as well. Fortunately, cryptographers are working on creating cryptographic algorithms resistant to quantum computer attacks — so-called quantum-safe cryptographic algorithms. However, those quantum-safe algorithms often have very different characteristics than their non-quantum-safe counterparts, such as signature sizes, computation time requirements, memory requirements and, in some cases, key management requirements. As a consequence, those quantum-safe algorithms are not drop-in replacements for today’s algorithms. For DNSSEC, it is already known that there are stringent requirements when it comes to, for example, signature sizes and validation speed. But other factors, such as the size of the zone file, also have implications for the suitability of algorithms.

Someone had to say it: Scientists propose AI apocalypse kill switches

In theory, this could allow watchdogs to respond faster to abuses of sensitive technologies by cutting off access to chips remotely, but the authors warn that doing so isn't without risk. The implication being, if implemented incorrectly, that such a kill switch could become a target for cybercriminals to exploit. Another proposal would require multiple parties to sign off on potentially risky AI training tasks before they can be deployed at scale. "Nuclear weapons use similar mechanisms called permissive action links," they wrote. For nuclear weapons, these security locks are designed to prevent one person from going rogue and launching a first strike. For AI however, the idea is that if an individual or company wanted to train a model over a certain threshold in the cloud, they'd first need to get authorization to do so. Though a potent tool, the researchers observe that this could backfire by preventing the development of desirable AI. The argument seems to be that while the use of nuclear weapons has a pretty clear-cut outcome, AI isn't always so black and white. But if this feels a little too dystopian for your tastes, the paper dedicates an entire section to reallocating AI resources for the betterment of society as a whole.

Cloud mastery is a journey

A secure foundation is required for developing an enterprise’s strong digital immunity. This entails various aspects like safeguarding against hackers, disaster recovery strategies, and designing robust systems. Enterprises employ the defense-in-depth approach for protection against hackers. It means that every element of an IT environment should be built robustly and securely. For this, a few practical strategies include employing AI-powered firewalls, System Information Event Management, strong identity authentication, antivirus tools, vulnerability management, and teams of ethical hackers for simulated attacks. The cloud can be a powerful asset for building backup systems and disaster recovery plans. These are critical to combat potential data center failures caused by an event like a storm, fire or electrical outage. Focusing on resilience is equally important and extends beyond robust software. Resiliency means addressing every possible failure and threat in securing and maintaining the availability of systems, data and networks. For example, failures in services like firewalls and content distribution networks might be rare but are plausible. 

It’s Time to End the Myth of Untouchable Mainframe Security.

It is critical for mainframe security to re-enter the cybersecurity conversation, and that starts with doing away with commonly held misconceptions. First is the mistaken belief that due to their mature or streamlined architecture with fewer vulnerabilities, mainframes are virtually impervious to hackers. There is the misconception that they exist in isolation within the enterprise IT framework, disconnected from the external world where genuine threats lurk. And then there’s the age factor. People newer to the profession have relatively little experience with mainframe systems when compared to their more experienced counterparts and will tend to not question their viewpoints or approaches of their leaders or senior team members. This state of affairs can’t continue. In the contemporary landscape, modern mainframes are routinely accessed by employees and are intricately linked to applications that encompass a wide array of functions, ranging from processing e-commerce transactions to facilitating personal banking services. The implications of a breach can’t be overstated. 

Quote for the day:

"When you do what you fear most, then you can do anything." -- Stephen Richards

No comments:

Post a Comment