Daily Tech Digest - April 12, 2024

Architecture is about tradeoffs. It is about spending money on one thing over another. It is about decisions. So when you tell me to develop productivity I think that is a great measure. But I also start wondering about quality. About satisfaction. Is that productivity a measure of one person? Every person? What toolset did they use? The same goes with content generation. An AI image is neat at first? But do we get tired of them? How do I measure the value of human created? Is there profit in that? Order management, electricity use, all of these measures are valuable. So when you hear about an AI business case… do you have a business case? Are the benefits REAL? ... Everything comes with pros/cons and we need a system in place to handle this change rate. This is true of all major human endeavors. Think of child workers during industrialization. Or the horrible cost to humanity of the intensity of urbanization and how it has endangered our planet. Only now are we coming to grips with all of that structural complexity. And even that is going to require decades more commitment. Technology and, specifically, AI is no different. 

The Pitfalls of Periodic Penetration Testing & What to Do Instead

While periodic penetration testing can provide a snapshot of your organization’s security posture, it often fails to account for the dynamic nature of cyber threats. Organizations must continuously test their security measures to effectively mitigate risks to identify and neutralize emerging threats in real-time. Organizations can leverage various approaches and tools to implement continuous cybersecurity testing, such as the Atomic Red Team by Red Canary, an open-source library of tests mapped to the MITRE ATTACK framework that security teams can use to simulate adversarial activity and validate their defenses. These tools can help prioritize and mitigate potential cyber-attacks by automating security testing and providing valuable insights into adversary tactics and techniques. Endpoint security testing and firewall testing are excellent starting points for implementing continuous cybersecurity testing. By simulating phishing emails, running PowerShell commands at endpoints, and monitoring VPN logins at the firewall level, organizations can proactively identify potential vulnerabilities and mitigate them before cyber attackers can exploit them. 

Generative AI Sucks: Meta’s Chief AI Scientist Calls For A Shift To Objective-Driven AI

Unlike current AI, which excels in narrow domains without grasping causality, objective-driven AI would be capable of causal reasoning and understanding the relationships between actions and outcomes. This shift would allow AI to plan and adapt strategies in real time, grounded in a nuanced comprehension of the physical and social world. Objective-driven AI is not just an incremental improvement but a leap toward machines that can truly collaborate with humans, offering insights, generating solutions, and understanding the broader impact of their actions. This vision represents a significant shift towards creating AI that can navigate the complexity of the real world with intelligence and purpose. ... Despite these challenges, LeCun is optimistic about the future, firmly believing that AI will eventually surpass human intelligence across all domains. This conviction is not grounded in wishful thinking but in a clear-eyed assessment of technological progress and the potential for groundbreaking scientific discoveries. However, LeCun also emphasizes that this evolution will not happen overnight or without a radical rethinking of our current approaches to AI development.

Strategies to cultivate collaboration between NetOps and SecOps

Collaborative culture starts at the top. The leaders of these teams need to collaborate and communicate consistently. They cannot have a turf war over each team’s roles and must understand each team’s responsibilities. Whether it’s shadowing a member of the other team for a day or taking opportunities to get to know other teams outside of work, establishing a collaborative culture is an important long-term investment for mutual success. ... AI and automation will blur the lines between these two teams, as projects focused on these elements are ones that can be tackled together. For example, having your vulnerability management tool automatically open tickets for other IT teams can create a feeling that the security team is dumping vulnerabilities over the wall.  ... The SecOps team tends to secure the budget as they take in risks to the company. For instance, if a project is done how does it reduce risks and if the project is not done, what risks does the company retain? The automation and AI tools are using network traffic (packet data) to create workflows/automation and AI tools are using this data to feed into Large Language Models. Both teams can utilize this AI LLM to solve network and security issues.

Down with Detection Obsession: Proactive Security in 2024

Now, as boards of directors and C-suites are expected to be more security savvy, they are asking important risk questions of their CISOs: Given all this spending on finding our problems, are we secure? Are we better off than we were a year ago or two years ago, or three years ago? And few security executives can answer those questions with comfort, because historically they were not focused on addressing risk, they were focused on discovering the risk. As time goes on and the security leader’s role becomes more business-centric, the benefits of taking a more proactive approach to security will continue to grow and shine. For example, the role of vulnerability management in providing improved risk reduction, achieving regulatory compliance, and cost savings. By actively seeking and addressing vulnerabilities, organizations can significantly reduce their overall attack surface, minimizing their chances of security breaches, data leaks and more. Many industries, like health care and financial services, have strict regulations governing the protection of sensitive data.

Agile development can unlock the power of generative AI - here's how

"The beauty of Agile is you see the fruits of your work quicker. You get feedback. And that's true with innovation generally -- the faster you can speed up cycle times, the better." Hakan Yaren, CIO at APL Logistics, said to ZDNET that another benefit of Agile is that it's well-suited to the modern digital environment. Analyst Gartner suggested that 80% of technology products and services this year will be built by people who are not technology professionals. Yaren said Agile -- with its focus on joined-up thinking and cross-business approaches -- is a good fit for the decentralized nature of modern IT. "With AI and cloud, the barriers to entry are becoming lower and people in the business are making IT decisions," he said. "Agile is the right methodology to deal with many of these processes because of the speed of change." However, Yaren has a warning for IT professionals: The complexities you face could increase as more line-of-business employees test emerging technologies. "Trying to connect these solutions, and making sure they're secure, reliable, and you can connect the dots across them, is becoming even more challenging," he said.

The benefits of leveraging hybrid cloud automation

To optimise hybrid cloud architecture, most experts endorse automation, given its flexibility, simplicity and scalability. They believe automation is necessary to draw some of the benefits of the cloud back into the on-premises systems and the hybrid architecture. Automation can ensure a more seamless way for end-users to requisition an organisation’s services, regardless of its location. As more applications move into hybrid and multi-cloud environments, companies can explore several ways to automate manual processes taking place in the cloud. Crucial cloud automation aspects cover deployment, provisioning, compliance, configuration management, scaling, and more. Hybrid cloud automation examples include establishing a network in the cloud and configuring cloud servers. Cloud automation can also be used for managing server capacity, spinning up new environments and resources, configuring software and systems, rolling out software configurations whenever required, taking systems online and offline as needed to balance the load, scaling across data centres, and moving into a public cloud environment when handling front-end web services or high workloads that are on- or off-premises.

Why strategists should embrace imperfection

We’re seeing paralysis as people wait for some kind of equilibrium or stasis to reemerge. Or they get nervous and leap before they look, whether it’s an acquisition or some other move. We wanted to lay out a different path that involves confidently stepping into risk by using a set of six mindsets that we put under the broad heading of imperfectionism. Imperfectionism sounds like a bad thing, but what we mean is accepting the ambiguity of not having perfect knowledge before making strategic moves. ... The kind of uncertainty that we face today really is twofold. One is the type we see in the newspaper, which is economic uncertainty, external shocks like the war in Ukraine. But there’s a much more fundamental kind of uncertainty we face now, which is very rapid technological change. Artificial intelligence, automation, programmable biology, and other disruptions are blurring industry boundaries and what it means to be a competitor in a particular industry. We’re also seeing the rise of supercompetitors like Apple, Amazon, and Google, which can operate across many industry spaces. 

What the American Privacy Rights Act Could Mean for Data Privacy

For companies that collect and monetize consumer data, the APRA could mean making changes to the way they do business. The APRA sets out requirements for issues like data minimization, transparency, consumer choice and rights, data protection, and executive responsibility. “It basically means that now they’re going to be able to collect less data: good for consumers and not so good if you're a company that needs all that data,” Antonio Sanchez, principal cybersecurity evangelist at Fortra, a cybersecurity and automation software company, tells InformationWeek. The draft legislation drills down to data privacy at an operational level. For example, it requires covered entities to appoint a privacy or data security officer or officers. “There is a real sense that a significant part of managing a modern privacy program is not found in the rules themselves but in the operation that gives life to those rules,” says Hughes. If the APRA goes into effect, covered entities will have 180 days to comply with its requirements. Non-compliance after that timeline could be met with enforcement action. 

Data Stewardship Best Practices

Business leaders must understand what makes data stewards successful in order to find the ideal candidates for the role. Johnson outlined some of the characteristics best suited for stewards. Coming from both business and IT: Many times, data stewards do best when they have a background in both technology and line-of-business department work. Johnson referred to them as “purple people” – having skills and experience spanning these two different job positions. Data stewards should be multiskilled, as well as “bilingual” and “bicultural” ... Acting as bridges: Data stewards should be able to translate both simple and complex information and communicate it in written or oral form. Johnson recommended that they also have a good sense of objectivity, distinguishing fact from fiction, and be able to envision what challenges and issues a company might face in the future. Excited by data: Thinking globally and participating in an influence culture, data stewards should get immersed in the ideas surrounding good Data Governance and better data handling. “When you’re talking to somebody, and they get really excited about data and their eyes light up, and they’re all energized and stuff, it’s a good sign – they might be fit for a steward role,” Johnson said.

Quote for the day:

"I find that the harder I work, the more luck I seem to have." -- Thomas Jefferson

No comments:

Post a Comment