Daily Tech Digest - March 07, 2024

3 Key Metrics to Measure Developer Productivity

The team dimension considers business outcomes in a wider organizational context. While software development teams must work efficiently together, they must also work with teams across other business units. Often, non-technical factors, such as peer support, working environment, psychological safety and job enthusiasm play a significant role in boosting productivity. Another framework is SPACE, which is an acronym for satisfaction, performance, activity, communication and efficiency. SPACE was developed to capture some of the more nuanced and human-centered dimensions of productivity. SPACE metrics, in combination with DORA metrics, can fill in the productivity measurement gaps by correlating productivity metrics to business outcomes. McKinsey found that combining DORA and SPACE metrics with “opportunity-focused” metrics can produce a well-rounded view of developer productivity. That, in turn, can lead to positive outcomes, as McKinsey reports: 20% to 30% reduction in customer-reported product defects, 20% improvement in employee experience scores and 60% improvement in customer satisfaction ratings.

Metadata Governance: Crucial to Managing IoT

Governance of metadata requires formalization and agreement among stakeholders, based on existing Data Governance processes and activities. Through this program, business stakeholders engage in conversations to agree on what the data is and its context, generating standards around organizational metadata. The organization sees the results in a Business Glossary or data catalog. In addition to Data Governance tools, IT tools significantly contribute to metadata generation and usage, tracking updates, and collecting data. These applications, often equipped with machine learning capabilities, automate the gathering, processing, and delivery of metadata to identify patterns within the data without the need for manual intervention. ... The need for metadata governance services will emerge through establishing and maintaining this metadata management program. By setting up and running these services, an organization can better utilize Data Governance capabilities to collect, select, and edit metadata. Developing these processes requires time and effort, as metadata governance needs to adapt to the organization’s changing needs. 

CISOs Tackle Compliance With Cyber Guidelines

Operationally, CISOs will need to become increasingly involved with the organization as a whole -- not just the IT and security teams -- to understand the company’s overall security dynamics. “This is a much more resource-intensive process, but necessary until companies find sustainable footing in the new regulatory landscape,” Tom Kennedy, vice president of Axonius Federal Systems, explains via email. He points to the SEC disclosure mandate, which requires registrants to disclose “material cybersecurity incidents”, as a great example of how private companies are struggling to comply. From his perspective, the root problem is a lack of clarity within the mandate of what constitutes a “material” breach, and where the minimum bar should be set when it comes to a company’s security posture. “As a result, we’ve seen a large variety in companies’ recent cyber incident disclosures, including both the frequency, level of detail, and even timing,” he says. ... “The first step in fortifying your security posture is knowing what your full attack surface is -- you cannot protect what you don’t know about,” Kennedy says. “CISOs and their teams must be aware of all systems in their network -- both benign and active -- understand how they work together, what vulnerabilities they may have.”

AISecOps: Expanding DevSecOps to Secure AI and ML

AISecOps, the application of DevSecOps principles to AI/ML and generative AI, means integrating security into the life cycle of these models—from design and training to deployment and monitoring. Continuous security practices, such as real-time vulnerability scanning and automated threat detection, protection measures for the data and model repositories, are essential to safeguarding against evolving threats. One of the core tenets of DevSecOps is fostering a culture of collaboration between development, security and operations teams. This multidisciplinary approach is even more critical in the context of AISecOps, where developers, data scientists, AI researchers and cybersecurity professionals must work together to identify and mitigate risks. Collaboration and open communication channels can accelerate the identification of vulnerabilities and the implementation of fixes. Data is the lifeblood of AI and ML models. Ensuring the integrity and confidentiality of the data used for training and inference is paramount. ... Embedding security considerations from the outset is a principle that translates directly from DevSecOps to AI and ML development.

Translating Generative AI investments into tangible outcomes

Integration of Generative AI presents exciting opportunities for businesses, but it also comes with its fair share of risks. One significant concern revolves around data privacy and security. Generative AI systems often require access to vast amounts of sensitive data, raising concerns about potential breaches and unauthorised access. Moreover, there’s the challenge of ensuring the reliability and accuracy of generated outputs, as errors or inaccuracies could lead to costly consequences or damage to the brand’s reputation. Lastly, there’s the risk of over-reliance on AI-generated content, potentially diminishing human creativity and innovation within the organisation. Navigating these risks requires careful planning, robust security measures, and ongoing monitoring to ensure the responsible and effective integration of Generative AI into business operations. Consider a healthcare organisation that implements Generative AI for medical diagnosis assistance. In this scenario, the AI system requires access to sensitive patient data, including medical records, diagnostic tests, and personal information. 

Beyond the table stakes: CISO Ian Schneller on cybersecurity’s evolving role

Schneller encourages his audience to consider the gap between the demand for cyber talent and the supply of it. “Read any kind of public press,” he says, “and though the numbers may differ a bit, they’re consistent in that there are many tens, if not hundreds of thousands of open cyber positions.” In February of last year, according to Statista, about 750,000 cyber positions were open in the US alone. According to the World Economic Forum, the global number is about 3.5 million, and according to Cybercrime magazine, the disparity is expected to persist through at least 2025. As Schneller points out, this means companies will struggle to attract cyber talent, and they will have to seek it in non-traditional places. There are many tactics for attracting security talent—aligning pay to what matters, ensuring that you have clear paths for advancing careers—but all this sums to a broader point that Schneller emphasizes: branding. Your organization must convey that it takes cybersecurity seriously, that it will provide cybersecurity talent a culture in which they can solve challenging problems, advance their careers, and earn respect, contributing to the success of the business. 

Quantum Computing Demystified – Part 2

Quantum computing’s potential to invalidate current cryptographic standards necessitates a paradigm shift towards the development of quantum-resistant encryption methods, safeguarding digital infrastructures against future quantum threats. This scenario underscores the urgency in fortifying cybersecurity frameworks to withstand the capabilities of quantum algorithms. For decision-makers and policymakers, the quantum computing era presents a dual-edged sword of strategic opportunities and challenges. The imperative to embrace this nascent technology is twofold, requiring substantial investment in research, development, and education to cultivate a quantum-literate workforce. ... Bridging the quantum expertise gap through education and training is vital for fostering a skilled workforce capable of driving quantum innovation forward. Moreover, ethical and regulatory frameworks must evolve in tandem with quantum advancements to ensure equitable access and prevent misuse, thereby safeguarding societal and economic interests.

The Comprehensive Evolution Of DevSecOps In Modern Software Ecosystems

The potential for enhanced efficiency and accuracy in identifying and addressing security vulnerabilities is enormous, even though this improvement is not without its challenges, which include the possibility of algorithmic errors and shifts in job duties. Using tools that are powered by artificial intelligence, teams can prevent security breaches, perform code analysis more efficiently and automate mundane operations. This frees up human resources to be used for tackling more complicated and innovative problems. ... When using traditional software development approaches, security checks were frequently carried out at a later stage in the development cycle, which resulted in patches that were both expensive and time-consuming. The DevSecOps methodology takes a shift-left strategy, which integrates security at the beginning of the development process. This brings security to the forefront of the process. By incorporating security into the design and development phases from the beginning, this proactive technique not only decreases the likelihood of vulnerabilities being discovered after they have already been discovered, but it also speeds up the development process.

How Generative AI and Data Management Can Augment Human Interaction with Data

In contrast with ETL processes, logical data management solutions enable real-time connections to disparate data sources without physically replicating any data. This is accomplished with data virtualization, a data integration method that establishes a virtual abstraction layer between data consumers and data sources. With this architecture, logical data management solutions enable organizations to implement flexible data fabrics above their disparate data sources, regardless of whether they are legacy or modern; structured, semistructured, or unstructured; cloud or on-premises; local or overseas; or static or streaming. The result is a data fabric that seamlessly unifies these data sources so data consumers can use the data without knowing the details about where and how it is stored. In the case of generative AI, where an LLM is the “consumer,” the LLM can simply leverage the available data, regardless of its storage characteristics, so the model can do its job. Another advantage of a data fabric is that because the data is universally accessible, it can also be universally governed and secured. 

Developers don’t need performance reviews

Software development is commonly called a “team sport.” Assessing individual contributions in isolation can breed unhealthy competition, undermine teamwork, and incentivize behavior that, while technically hitting the mark, can be detrimental to good coding and good software. The pressure of performance evaluations can deter developers from innovative pursuits, pushing them towards safer paths. And developers shouldn’t be steering towards safer paths. The development environment is rapidly changing, and developers should be encouraged to experiment, try new things, and seek out innovative solutions. Worrying about hitting specific metrics squelches the impulse to try something new. Finally, a one-size-fits-all approach to performance reviews doesn’t take into account the unique nature of software development. Using the same system to evaluate developers and members of the marketing team won’t capture the unique skills found among developers. Some software developers thrive fixing bugs. Others love writing greenfield code. Some are fast but less accurate. Others are slower but highly accurate.

Quote for the day:

''Perseverance is failing nineteen times and succeeding the twentieth.'' -- Julie Andrews

No comments:

Post a Comment