The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed?
“The reason for dissatisfaction is the lack of executive management support,”
says Nikolay Chernavsky, CISO of ISSQUARED, which provides managed IT and
security services as well as software products. He says he hears CISOs voice
frustrations when their views on required security measures and acceptable
risk are dismissed; when the board and CEO don’t define their positions on
those issues; or when those leaders don’t recognize the CISOs work in reducing
risk — especially as the CISO faces more accountability and liability.
Understandably, CISOs shy away from interview requests to publicly share their
frustrations on these issues. However, the IANS Research report speaks to
these points, noting, for example, that only 36% of CISOs said they have clear
guidance from their board on their risk tolerance. Adding to these issues
today is the liability that CISOs now face with the new US Securities and
Exchange Commission (SEC) cyber disclosure rules as well as other regulatory
and legal requirements. That increased liability is coupled with the fact that
many CISOs are not covered by their organization’s directors and officers
(D&O) liability insurance.
How CIOs align with CFOs to build RevOps
CIOs who transition IT from being a cost center to being a driver of
innovation, transformation, and new revenues, can become the leaders that the
new economy needs. “We used to say that business runs technology,” says David
Kadio-Morokro, EY Americas financial services innovation leader. “You tell me
what you want, and I’ll code it and support you.” Now it’s switched, he says.
“I really believe technology drives the business, because it’s going to impact
business strategy and how the business survives,” he adds, and gen AI will
force companies to rethink the value of their organizations to customers.
“Developing and envisioning an AI-driven strategy is absolutely part of the
equation,” he says. “And the CIO has this role of enabling these components,
and they need to be part of the conversation and be able to drive that vision
for the organization.” The CIO is also in a position to help the CFO evolve,
too. CFOs are traditionally risk averse and expect certainty and accuracy from
their technology. Not only is gen AI still a new and experimental technology
that’s evolving quickly but is, by its very nature, probabilistic and
nondeterministic.
Do you need to repatriate from the cloud?
It should be no surprise that repatriation has gained this hype. Cloud, which
grew to maturity during an economic boom, is for the first time under downward
pressure as companies seek to reduce spending. Amazon, Google, Microsoft, and
other cloud providers have feasted on their customers’ willingness to spend.
But the willingness has been tempered now by budget cuts. ... Transitioning
back to on-premises is a heavy lift, and one that is hard to rescind should
things go badly. And savings is yet to be seen until after the transition is
complete. Switching to WebAssembly-powered serverless functions, in contrast,
is less expensive and less risky. Because such functions can run inside of
Kubernetes, the savings thesis can be tested merely by carving off a few
representative services, rewriting them, and analyzing the results. Those
already invested in a microservice-style architecture are already well setup
to rebuild just fragments of a multi-service application. Similarly, those
invested in event processing chains like data transformation pipelines will
also find it easy to identify a step or two in a sequence that can become the
testbed for experimentation.
ONDC’s blockchain is a Made-in-India visioning of global digital public infrastructures
ONDC Confidex is a transformative shift towards decentralised trust. Anchored
in the blockchain’s nativity, this shift promotes a value exchange network of
networks that enables the reuse of continuously assured data that is
traceable, reliable, secure, transparent and immutable. Confidex provides a
transparent ledger that tracks every phase in the supply chain from production
to end consumption. This level of detail not only fosters trust but also
aligns with the broader vision of creating a global standard for ensuring
product history’s authenticity—a core aspect of continuous data assurance. In
the realm of digital transactions, the reliability of data underpins the
foundation of trust. Confidex enables data certainty, making each transaction
verifiable and immutable. This paves the way for friction-free interactions
within digital marketplaces, ensuring that every piece of data holds its
integrity from the point of creation to consumption. The digital economy is
plagued with issues of forgery and duplication. Confidex addresses this
head-on by creating unique digital records that are impossible to replicate or
alter.
How will AI-driven solutions affect the business landscape?
Redmond believes that the tech will quickly become embedded in normal business
practice. “We won’t even think about asking gen AI to draft emails or
documents or to generate images for our presentations.” He’s also looking
forward to seeing how AI-driven video technology plays out, particularly
OpenAI’s Sora. “I know that a lot of people in content generation are nervous
about these tools replacing them, but I don’t think we hire an artist for
their ability to draw, we hire them for their ability to draw what is in their
imagination, and that is where their genius lies,” he says. “I am not sure
that artists will ever stop creating wonderful works, and these technologies
will just enhance that.” Tiscovschi agrees with Redmond’s outlook, stating
that “this is just the beginning”. “We will continuously see more teams of
humans and their AI agents or tools working together to achieve tasks,” he
says. “A human quickly mining their organisation’s IP, automating repetitive
tasks and then collaborating with their AI copilot on a report or piece of
code will have a constantly growing multiplier on their productivity.”
5 Strategies for Better Results from an AI Code Assistant
The first step is to provide the GPT with high-level context. In her scenario,
Phil demonstrates by building a Markdown editor. Since Copilot has no idea of
the context, he has to provide it and he does this with a large prompt comment
with step-by-step instructions. For instance, he tells the copilot, “Make sure
we have support for bold, italics and bullet points” and “Can you use
reactions in the React markdown package.” The prompt enables Copilot to create
a functional but unsettled markdown editor. ... Follow up by providing the
Copilot with specific details, Scarlett advised. “If he writes a column that
says get data from [an] API, then GitHub Copilot may or may not know what he’s
really trying to do, and it may not get the best result. It doesn’t know which
API he wants to get the data from or what it should return,” Scarlett said.
“Instead, you can write a more specific comment that says use the JSON
placeholder API, pass in user IDs, and return the users as a JSON object. That
way we can get more optimal results.”
ESG research unveils critical gaps in responsible AI practices across industries
In light of the ESG Research findings, Qlik recognises the imperative of
aligning AI technologies with responsible AI principles. The company’s
initiatives in this area are grounded in providing robust data management and
analytics capabilities, essential for any organisation aiming to navigate the
complexities of AI responsibly. Qlik underscores the importance of a solid
data foundation, which is critical for ensuring transparency, accountability,
and fairness in AI applications. Qlik’s commitment to responsible AI extends
to its approach to innovation, where ethical considerations are integrated
into the development and deployment of its solutions. By focusing on creating
intuitive tools that enhance data literacy and governance, Qlik aims to
address key challenges identified in the report, such as ensuring AI
explainability and managing regulatory compliance effectively. Brendan Grady,
General Manager, Analytics Business Unit at Qlik, said, “The ESG Research
echoes our stance that the essence of AI adoption lies beyond technology—it’s
about ensuring a solid data foundation for decision-making and
innovation.
Applying DevSecOps principles to machine learning workloads
Unlike in a conventional software development environment with an integrated
development environment (IDE), data scientists typically write code using
Jupyter Notebooks. This takes place outside of an IDE, and often outside of
the traditional DevSecOps lifecycle. As a result, it’s possible for a data
scientist who is not trained on secure development techniques to put sensitive
data at risk, by storing unprotected secrets or other sensitive information in
a notebook. Simply put, the same tools and protections used in the DevSecOps
world aren’t effective for ML workloads. The complexity of the environment
also matters. Conventional development cycles usually lead directly to a
software application interface or API. In the machine learning space, the
focus is iterative, building a trainable model that leads to better outcomes.
ML environments produce large quantities of serialized files necessary for a
dynamic environment. The upshot? Organizations can become overwhelmed by the
inherent complexities of versioning and integration.
Introducing Wi-Fi 7 access points that deliver more
This idea that the access point (AP) can do more than just route traffic is a
core part of our product philosophy, and we’ve consistently expanded on that
over multiple Wi-Fi generations with the addition of location services, IoT
protocol support, and extensive network telemetry for security and AIOps. As
organizations continue to innovate, and leverage applications that require
more bandwidth or more IoT devices to support new digital use cases, the AP
must continue to do more. Delivering solutions that go beyond standards is
part of HPE Aruba Networking’s history and future. Now, with the introduction
of 700 series access points that support Wi-Fi 7, we are doubling IoT
capabilities with dual BLE 5.4 or 802.15.4/Zigbee radios and dual USB
interfaces and improving location precision for use cases such as asset
tracking and real-time inventory tracking. Moreover, we are using both the
resources and the management of the AP to its full potential by delivering
ubiquitous high-performance connectivity and processing at the edge. What this
means is that these access points not only have optimal support for the 2.4,
5, and 6 GHz spectrum but also enough memory and compute capacity to run
containers.
Why Your Enterprise Should Create an Internal Talent Marketplace
Strategically, an internal talent marketplace is a way to empower employees to
be in the driver’s seat of their career journey, says Gretchen Alarcon, senior
vice president and general manager of employee workflows at software and cloud
platform provider ServiceNow, via email. "Tactically, it's a platform driven
by technology that uses AI to match existing talent to open roles or projects
within the organization," she explains. "It provides a more transparent view
of new opportunities for employees and identifies untapped employee potential
based on skills rather than anecdotes." ... A talent marketplace is only as
good as the information it contains, Williamson warns. "Organizations should
emphasize to employees that it's in their interest to keep the skills and
preferences in their profiles up to date," he says. Managers. meanwhile, need
to define the exact critical skills needed to be successful in a particular
job or role. "That information drives recommended opportunities for employees
and increases their chances of being identified by project managers to fill
roles."
Quote for the day:
"Rarely have I seen a situation where
doing less than the other guy is a good strategy." --
Jimmy Spithill
No comments:
Post a Comment