Daily Tech Digest - July 06, 2024

A CISO's Guide to Avoiding Jail After a Breach

The key to avoiding trouble as a security leader, Nall says, is awareness of three things: how government investigations work, how the government interacts with companies during the process, and the incentives companies have to resolve their cases in one way or another. When push comes to shove, for example, companies will be pressured to name and shame individuals. In his proceedings, Sullivan's legal team painted a picture of a company (Uber) trying to rebrand itself, and holding him up as a lamb to the slaughter. "It's very unfortunate because the consequences are faced by one individual, or a few individuals, although the ability to make sure that [an incident] doesn't happen is a community-based effort within organizations," says ArmorCode's Karthik Swarnam, formerly chief information security officer (CISO) of Kroger, DIRECTV, and TransUnion. To avoid being singled out (and because it's good security practice), CISOs should focus on building clear and robust lines of communication that bring other board members into the cybersecurity decision-making process.

How Pearson’s CIO manages technical debt

Keen to address this, Wells and the Pearson technology working group, which includes tech leadership from across the brand’s different organizations, came up with 12 key attributes, including security and maintainability, to rate their technology assets in a consistent way. These tech debt audits provided a clearer picture of where their biggest risks were, which, in turn, allowed them to prioritize what needs to be addressed first. “We developed an algorithm to measure our different applications based on these 12 categories so we can eliminate technical debt via a more strategic and standardized approach,” she says, noting that the goal was to do away with any guesswork and make decisions based on opportunities and potential revenue risks. ... As part of the process, she and her team needed to get the various leaders from across the business on board by making sure they understood that technical debt isn’t just a technology problem. “We really had to communicate that this is a priority, but we couldn’t do so by only talking to them about technology,” she says.

Strategic alignment in the age of AI: The 7 foundations of competitive success

The strategy must align with the capabilities of the organization and the competitive reality of the environment. Such an alignment has never been more important, as artificial intelligence (AI) and other changes disrupt industries and sectors. Before rushing to adopt the latest AI tool, whether it is deep learning or large language models, organizations must assess whether the new tech is strategically aligned. ... Aligning people with the desired strategic position and vision for the organization is critical. In high-performing organizations, employees and members understand their strategic mission and vision and are dedicated to achieving it. They become acolytes of their leaders and passionate advocates for their organizations. They see how their role contributes to the strategy of the organization and execute with a sense of purpose and teamwork. How many of your employees can articulate how your AI efforts advance your strategy? ... In truth, strategic alignment may be rare. If you are fortunate, you can recall a situation where alignment occurred, allowing you and your organization to achieve incredible heights. 

The AI Revolution Will Not Be Monopolized

Open source in AI and machine learning is not just about software, it's about the synergy of code and data. The growing ecosystem of open-source models encompasses everything from code to data and weights, making powerful tools widely accessible. ... The term "large language models" (LLMs) is often used broadly and imprecisely, muddying discussions about their capabilities and applications. The distinction between encoder models and large generative models is therefore very important. Encoder models involve task-specific networks that predict structured data, while large generative models rely on prompts to produce free-form text, necessitating additional logic to extract actionable insights. ... Companies like OpenAI might dominate the market for user-facing products but not necessarily the AI and software components behind them. While user data is advantageous for improving human-facing products, it is less critical for enhancing the foundational machine-facing tasks. Gaining general knowledge doesn't require specific data, which is at the core of the innovation behind large generative models.

CISA Warns Chemical Facilities of Data Theft After Hacker Breached CSAT Security Tool via Ivanti

CISA says that all information in the CSAT tool was encrypted using AES 256 algorithm, and the keys were also inaccessible “from the type of access the threat actor had to the system.” The agency also found “no evidence of credentials being stolen.” However, impacted organizations should assume data theft “out of abundance of caution” and assume that “that this information could have been inappropriately accessed,” the agency said. The agency also stated that even without data theft, the intrusion “met the threshold of a major incident under the Federal Information Security Modernization Act (FISMA),” given the number of individuals and chemical facilities impacted. Subsequently, CISA directed impacted chemical facilities to maintain cyber and physical security measures to prevent potential attacks as a result of the cyber incident. Similarly, CISA encourages individuals who had CSAT accounts to reset their passwords for all online accounts that share the same password to prevent future password spraying attacks.

Autonomous Vehicles Can Make All Cars More Efficient

To illustrate how the technology works, the team installed a traffic signal along the demonstration pathway. Gankov says an actual traffic-light timer from a traffic-signal cabinet was connected to a TV screen, providing a visual for attendees. A dedicated short range communications (DRSC) radio was also attached, broadcasting the signal’s phase and timing information to the vehicle. This setup enabled the vehicle to anticipate the traffic light’s actions far more accurately than a human driver could. ... These autonomous driving strategies can lead to significant energy savings, benefiting not just the autonomous vehicles themselves, but also the entire traffic ecosystem. “In a regular traffic situation, autonomous vehicles operating in ecomode influence the driving behavior of all the cars behind them,” says Gankov. “The result is that even vehicles with Level 0 autonomy use fuel more sparingly.” ... Employing techniques like efficient highway merging were key strategies in their approach to making the most of each tank of fuel or battery charge. 

SyncBack is the best free backup software on Windows and everyone should use it

On top of changing the type of sync or backup you want to perform, SyncBack also has a ton of configuration options for almost everything about how it works. By default, each profile you create is a manual backup, so whenever you want to backup your files, you just run the profile. Even then, if you want to run it on demand, you can create a hotkey to quickly run a specific profile and run it at any time. But if you're a "set it and forget it" type of person, then you can also automate the backups. SyncBack uses the Task Scheduler in Windows to allow you to create a scheduled backup with whatever frequency you prefer. ... Since each profile is only meant to sync one folder, if you want to sync files in completely different locations, you'll need separate profiles, but you can create group profiles so that all the profiles within are run at the same time, rather than sequentially. You can also enable things like compression for files copied, decrypt files when they're copied, change whether you want files to be copied when syncing two folders or if the mismatched file should be deleted, and even enable a rudimentary form of ransomware detection. 

From Scalability to Speed: Generative AI has Put Testing on Steroids

In the past, testing quality has been a big concern, necessitating early integration of QA into the development life cycle. Now, with GenAI, the focus has advanced beyond simply assurance to actively engineering quality. The key distinction lies in the approach — classic AI involves human intervention and manual processes, while GenAI automates and innovates testing methodologies. Consider dealing with requirement quality early in the software development life cycle. Using classic AI, a business analyst might define requirements to cover various interpretations, which may lead to certain ambiguity and potential failures. ... using GenAI is not about replacing the human workforce, but enhancing our capabilities. The shortage of senior automation testers results in a loss in business revenue. However, with GenAI, junior engineers can now harness the power of gen AI-enabled automation, performing tasks with the built-in knowledge of a seasoned architect. Gen AI’s prowess is not arbitrary; it has learned from billions of data points. By combining traditional knowledge with AI capabilities, new solutions bring scalability and speed to testing.

How organisations can thrive with resilience and empathy

While many organisations embrace the value of empathy, they often fall short in delivering it with genuine sincerity. Superficial expressions of empathy without meaningful actions, including consistent recognition, lead to employee dissatisfaction and high turnover rates. However, demonstrating sincere empathy and providing meaningful recognition can be challenging. Leaders sometimes face criticism for being "too considerate," particularly when their decisions appear to benefit employees during setbacks disproportionately. This dynamic can result in empathy fatigue, where the constant demand for empathetic responses and recognition strains HR professionals and leaders. ... Change can only occur when an organisation adopts the principles of nimble resilience and empathy, using them to shape policies, programs, and workplace culture. This approach encourages employees to build relationships, find new solutions, work collaboratively across disciplines, and embrace a forward-thinking perspective. As a result, trust in leaders and team members increases, along with connections to the organisation and its purpose. 

Mind the Gap: The Product in Data Product Is Reliability

The data product concept has been fleshed out in recent years with definitions, reference architectures, and platforms. They consist of … actually, let’s not worry about what data products consist of. At least, not right now. That’s not the important part. Instead, let’s start where we should always start: the consumer. ... Your assurance that its contents are always correct is the most significant distinguishing characteristic of a data product. You provide the ongoing validation, certification, and research so that your users don’t have to. You ensure that the data product is kept current with new arriving data. You continuously monitor its data quality. In addition to content, you must also be concerned with semantics. Changes in the business as implemented in the source systems and propagated through the data may necessitate changes to the data product. ... Technology can facilitate, but technology alone is not remotely sufficient. I’ve seen the data product label slapped on data marts, summary tables, and even raw data with none of the curation or monitoring. 

Quote for the day:

"The only limit to our realization of tomorrow will be our doubts of today." -- Frank D Roosevelt

No comments:

Post a Comment