Architecture is about tradeoffs. It is about spending money on one thing over another. It is about decisions. So when you tell me to develop productivity I think that is a great measure. But I also start wondering about quality. About satisfaction. Is that productivity a measure of one person? Every person? What toolset did they use? The same goes with content generation. An AI image is neat at first? But do we get tired of them? How do I measure the value of human created? Is there profit in that? Order management, electricity use, all of these measures are valuable. So when you hear about an AI business case… do you have a business case? Are the benefits REAL? ... Everything comes with pros/cons and we need a system in place to handle this change rate. This is true of all major human endeavors. Think of child workers during industrialization. Or the horrible cost to humanity of the intensity of urbanization and how it has endangered our planet. Only now are we coming to grips with all of that structural complexity. And even that is going to require decades more commitment. Technology and, specifically, AI is no different.
The Pitfalls of Periodic Penetration Testing & What to Do Instead
While periodic penetration testing can provide a snapshot of your organization’s security posture, it often fails to account for the dynamic nature of cyber threats. Organizations must continuously test their security measures to effectively mitigate risks to identify and neutralize emerging threats in real-time. Organizations can leverage various approaches and tools to implement continuous cybersecurity testing, such as the Atomic Red Team by Red Canary, an open-source library of tests mapped to the MITRE ATTACK framework that security teams can use to simulate adversarial activity and validate their defenses. These tools can help prioritize and mitigate potential cyber-attacks by automating security testing and providing valuable insights into adversary tactics and techniques. Endpoint security testing and firewall testing are excellent starting points for implementing continuous cybersecurity testing. By simulating phishing emails, running PowerShell commands at endpoints, and monitoring VPN logins at the firewall level, organizations can proactively identify potential vulnerabilities and mitigate them before cyber attackers can exploit them.
Generative AI Sucks: Meta’s Chief AI Scientist Calls For A Shift To Objective-Driven AI
Unlike current AI, which excels in narrow domains without grasping causality,
objective-driven AI would be capable of causal reasoning and understanding the
relationships between actions and outcomes. This shift would allow AI to plan
and adapt strategies in real time, grounded in a nuanced comprehension of the
physical and social world. Objective-driven AI is not just an incremental
improvement but a leap toward machines that can truly collaborate with humans,
offering insights, generating solutions, and understanding the broader impact of
their actions. This vision represents a significant shift towards creating AI
that can navigate the complexity of the real world with intelligence and
purpose. ... Despite these challenges, LeCun is optimistic about the future,
firmly believing that AI will eventually surpass human intelligence across all
domains. This conviction is not grounded in wishful thinking but in a clear-eyed
assessment of technological progress and the potential for groundbreaking
scientific discoveries. However, LeCun also emphasizes that this evolution will
not happen overnight or without a radical rethinking of our current approaches
to AI development.
Strategies to cultivate collaboration between NetOps and SecOps
Collaborative culture starts at the top. The leaders of these teams need to
collaborate and communicate consistently. They cannot have a turf war over each
team’s roles and must understand each team’s responsibilities. Whether it’s
shadowing a member of the other team for a day or taking opportunities to get to
know other teams outside of work, establishing a collaborative culture is an
important long-term investment for mutual success. ... AI and automation will
blur the lines between these two teams, as projects focused on these elements
are ones that can be tackled together. For example, having your vulnerability
management tool automatically open tickets for other IT teams can create a
feeling that the security team is dumping vulnerabilities over the wall.
... The SecOps team tends to secure the budget as they take in risks to
the company. For instance, if a project is done how does it reduce risks and if
the project is not done, what risks does the company retain? The automation and
AI tools are using network traffic (packet data) to create workflows/automation
and AI tools are using this data to feed into Large Language Models. Both
teams can utilize this AI LLM to solve network and security issues.
Down with Detection Obsession: Proactive Security in 2024
Now, as boards of directors and C-suites are expected to be more security savvy,
they are asking important risk questions of their CISOs: Given all this spending
on finding our problems, are we secure? Are we better off than we were a year
ago or two years ago, or three years ago? And few security executives can answer
those questions with comfort, because historically they were not focused on
addressing risk, they were focused on discovering the risk. As time goes on and
the security leader’s role becomes more business-centric, the benefits of taking
a more proactive approach to security will continue to grow and shine. For
example, the role of vulnerability management in providing improved risk
reduction, achieving regulatory compliance, and cost savings. By actively
seeking and addressing vulnerabilities, organizations can significantly reduce
their overall attack surface, minimizing their chances of security breaches,
data leaks and more. Many industries, like health care and financial services,
have strict regulations governing the protection of sensitive data.
Agile development can unlock the power of generative AI - here's how
"The beauty of Agile is you see the fruits of your work quicker. You get
feedback. And that's true with innovation generally -- the faster you can speed
up cycle times, the better." Hakan Yaren, CIO at APL Logistics, said to ZDNET
that another benefit of Agile is that it's well-suited to the modern digital
environment. Analyst Gartner suggested that 80% of technology products and
services this year will be built by people who are not technology professionals.
Yaren said Agile -- with its focus on joined-up thinking and cross-business
approaches -- is a good fit for the decentralized nature of modern IT. "With AI
and cloud, the barriers to entry are becoming lower and people in the business
are making IT decisions," he said. "Agile is the right methodology to deal with
many of these processes because of the speed of change." However, Yaren has a
warning for IT professionals: The complexities you face could increase as more
line-of-business employees test emerging technologies. "Trying to connect these
solutions, and making sure they're secure, reliable, and you can connect the
dots across them, is becoming even more challenging," he said.
The benefits of leveraging hybrid cloud automation
To optimise hybrid cloud architecture, most experts endorse automation, given
its flexibility, simplicity and scalability. They believe automation is
necessary to draw some of the benefits of the cloud back into the on-premises
systems and the hybrid architecture. Automation can ensure a more seamless way
for end-users to requisition an organisation’s services, regardless of its
location. As more applications move into hybrid and multi-cloud environments,
companies can explore several ways to automate manual processes taking place in
the cloud. Crucial cloud automation aspects cover deployment, provisioning,
compliance, configuration management, scaling, and more. Hybrid cloud automation
examples include establishing a network in the cloud and configuring cloud
servers. Cloud automation can also be used for managing server capacity,
spinning up new environments and resources, configuring software and systems,
rolling out software configurations whenever required, taking systems online and
offline as needed to balance the load, scaling across data centres, and moving
into a public cloud environment when handling front-end web services or high
workloads that are on- or off-premises.
Why strategists should embrace imperfection
We’re seeing paralysis as people wait for some kind of equilibrium or stasis to
reemerge. Or they get nervous and leap before they look, whether it’s an
acquisition or some other move. We wanted to lay out a different path that
involves confidently stepping into risk by using a set of six mindsets that we
put under the broad heading of imperfectionism. Imperfectionism sounds like a
bad thing, but what we mean is accepting the ambiguity of not having perfect
knowledge before making strategic moves. ... The kind of uncertainty that we
face today really is twofold. One is the type we see in the newspaper, which is
economic uncertainty, external shocks like the war in Ukraine. But there’s a
much more fundamental kind of uncertainty we face now, which is very rapid
technological change. Artificial intelligence, automation, programmable biology,
and other disruptions are blurring industry boundaries and what it means to be a
competitor in a particular industry. We’re also seeing the rise of
supercompetitors like Apple, Amazon, and Google, which can operate across many
industry spaces.
What the American Privacy Rights Act Could Mean for Data Privacy
For companies that collect and monetize consumer data, the APRA could mean
making changes to the way they do business. The APRA sets out requirements for
issues like data minimization, transparency, consumer choice and rights, data
protection, and executive responsibility. “It basically means that now they’re
going to be able to collect less data: good for consumers and not so good if
you're a company that needs all that data,” Antonio Sanchez, principal
cybersecurity evangelist at Fortra, a cybersecurity and automation software
company, tells InformationWeek. The draft legislation drills down to data
privacy at an operational level. For example, it requires covered entities to
appoint a privacy or data security officer or officers. “There is a real sense
that a significant part of managing a modern privacy program is not found in the
rules themselves but in the operation that gives life to those rules,” says
Hughes. If the APRA goes into effect, covered entities will have 180 days to
comply with its requirements. Non-compliance after that timeline could be met
with enforcement action.
Data Stewardship Best Practices
Business leaders must understand what makes data stewards successful in order to
find the ideal candidates for the role. Johnson outlined some of the
characteristics best suited for stewards. Coming from both business and IT: Many
times, data stewards do best when they have a background in both technology and
line-of-business department work. Johnson referred to them as “purple people” –
having skills and experience spanning these two different job positions. Data
stewards should be multiskilled, as well as “bilingual” and “bicultural” ...
Acting as bridges: Data stewards should be able to translate both simple and
complex information and communicate it in written or oral form. Johnson
recommended that they also have a good sense of objectivity, distinguishing fact
from fiction, and be able to envision what challenges and issues a company might
face in the future. Excited by data: Thinking globally and participating in an
influence culture, data stewards should get immersed in the ideas surrounding
good Data Governance and better data handling. “When you’re talking to somebody,
and they get really excited about data and their eyes light up, and they’re all
energized and stuff, it’s a good sign – they might be fit for a steward role,”
Johnson said.
Quote for the day:
"I find that the harder I work, the
more luck I seem to have." -- Thomas Jefferson
No comments:
Post a Comment