CTO to CTPO: Navigating the Dual Role in Tech Leadership
A competent CPTO can streamline processes, reduce the risk of misalignment, and offer a clear vision for both product and technology initiatives. This approach can also be cost-effective, as executive roles come with high salaries and significant demands. Combining these roles simplifies the organizational structure, providing a single point of contact for research and development. This works well in environments where product and technology are closely integrated and mature in the product and technology systems. In my role, most of my day-to-day activities are focused on the product. I’m very conscious that I don’t have a counterpart to challenge my thinking, so I spend a lot of time with senior business stakeholders to ensure the debates and discussions occur. I also encourage this in my leadership team to ensure that technology and product leaders are rigorous in their thinking and decision-making. Ultimately, deciding to have one or two roles for product and technology depends on a company’s specific needs, maturity, and strategic priorities. For some, clarity and focus come from having both a CPO and a CTO. For others, the simplicity and unified vision that comes from a single leader makes more sense.
How quantum computing could revolutionise (and disrupt) our digital world
Everything that is encrypted today could potentially be laid bare. Banking, commerce, and personal communications—all the pillars of our digital world—could be exposed, leading to consequences we’ve never encountered. Thankfully, Q-Day is estimated to be five to ten years away, mainly because building a stable quantum computer is fiendishly difficult. The processors need to be cooled to near absolute zero, among other technical challenges. But make no mistake—it’s coming. Sergio stressed that businesses and countries need to prepare now. Already, some groups are harvesting encrypted data with the intention of decrypting it when quantum computing capabilities mature. Much like the Y2K bug, Q-Day requires extensive preparation. This August, the National Institute of Standards and Technology (NIST) released the first set of post-quantum encryption standards designed to withstand quantum attacks. Similarly, the UK’s National Cyber Security Centre (NCSC) advises that migrating to post-quantum cryptography (PQC) is a complex, multi-year effort that requires immediate action.
Transparency is often lacking in datasets used to train large language models
Researchers often use a technique called fine-tuning to improve the capabilities
of a large language model that will be deployed for a specific task, like
question-answering. For finetuning, they carefully build curated datasets
designed to boost a model’s performance for this one task. The MIT researchers
focused on these fine-tuning datasets, which are often developed by researchers,
academic organizations, or companies and licensed for specific uses. When
crowdsourced platforms aggregate such datasets into larger collections for
practitioners to use for fine-tuning, some of that original license information
is often left behind. “These licenses ought to matter, and they should be
enforceable,” Mahari says. For instance, if the licensing terms of a dataset are
wrong or missing, someone could spend a great deal of money and time developing
a model they might be forced to take down later because some training data
contained private information. “People can end up training models where they
don’t even understand the capabilities, concerns, or risk of those models, which
ultimately stem from the data,” Longpre adds.
Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums
Finding the right security technologies for the business is increasingly
important, because ransomware incidents have accelerated over the past few
years, says Jason Rebholz, CISO at Corvus Insurance, a cyber insurer. Attackers
posted the names of at least 1,248 victims to leak sites in the second quarter
of 2024, the highest quarterly volume to date, according the firm. ... "We take
VPNs very seriously in how we price [our policies] and what recommendations we
give to our companies ... and this is mostly related to ransomware," Itskovich
says. For those reasons, businesses should take a look at their VPN security and
email security, if they want to better secure their environments and, by
extension, reduce their policy costs. Because an attacker will eventually find a
way to compromise most companies, having a way to detect and respond to threats
is vitally important, making managed detection and response (MDR) another
technology that will eventually pay for itself, he says. ... For smaller
companies, email security, cybersecurity-awareness training, and multi-factor
authentication are critical, says Matthieu Chan Tsin, vice president of
cybersecurity services for Cowbell.
Cybersecurity for Lawyers: Open-Source Software Supply Chain Attacks
A supply chain attack co-opts the trust in the open-source development model to
place malicious code inside the victim’s network or computer systems.
Essentially, the attacker inserts malicious code, like a foodborne virus, into
the software during its development process, positioning the malicious code to
be unintentionally installed by the end user installing the software within
their network. Any organization using the affected project has unwittingly
invited the malicious code within its walls. Malicious code may already reside
within a newly adopted OSS project, or it could be delivered via an updated
version of a trusted project. The difference between an OSS supply chain attack
and a traditional supply chain attack (e.g., inserting malware into proprietary
software) is that the organization using OSS has access to its entire code at
the outset and throughout its use (and can therefore examine it for
vulnerabilities or otherwise have greater insight into how it functions when
used maliciously). While some organizations may have the resources and
wherewithal to leverage this as a security advantage, many will not.
A Measure of Motive: How Attackers Weaponize Digital Analytics Tools
IP geolocation utilities can be used legitimately by advertisers and marketers
to gauge the geo-dispersed impact of advertising reach and the effectiveness of
marketing funnels (albeit with varying levels of granularity and data
availability). However, Mandiant has observed IP geolocation utilities used by
attackers. Some real-world attack patterns that Mandiant has observed leveraging
IP geolocation utilities include:Malware payloads connecting to geolocation
services for infection tracking purposes upon successful host compromise, such
as with the Kraken Ransomware. This allows attackers a window into how fast and
how far their campaign is spreading. Malware conditionally performing malicious
actions based on IP geolocation data. This functionality allows attackers a
level of control around their window of vulnerability and ensures they do not
engage in “friendly fire” if their motivations are geo-political in nature, such
as indiscriminate nation-state targeting by hacktivists. An example of this
technique can be seen in the case of the TURKEYDROP variant of the Adwind
malware, which attempts to surgically target systems located in Turkey.
AI development and agile don't mix well
Interestingly, several AI specialists see formal agile software development
practices as a roadblock to successful AI. ... "While the agile software
movement never intended to develop rigid processes -- one of its primary tenets
is that individuals and interactions are much more important than processes and
tools -- many organizations require their engineering teams to universally
follow the same agile processes." ... The report suggested: "Stakeholders don't
like it when you say, 'it's taking longer than expected; I'll get back to you in
two weeks.' They are curious. Open communication builds trust between the
business stakeholders and the technical team and increases the likelihood that
the project will ultimately be successful."Therefore, AI developers must ensure
technical staff understand the project purpose and domain context:
"Misunderstandings and miscommunications about the intent and purpose of the
project are the most common reasons for AI project failure. Ensuring effective
interactions between the technologists and the business experts can be the
difference between success and failure for an AI project."
A quantum neural network can see optical illusions like humans do. Could it be the future of AI?
When we see an optical illusion with two possible interpretations (like the
ambiguous cube or the vase and faces), researchers believe we temporarily hold
both interpretations at the same time, until our brains decide which picture
should be seen. This situation resembles the quantum-mechanical thought
experiment of Schrödinger’s cat. This famous scenario describes a cat in a box
whose life depends on the decay of a quantum particle. According to quantum
mechanics, the particle can be in two different states at the same time until we
observe it – and so the cat can likewise simultaneously be alive and dead. I
trained my quantum-tunnelling neural network to recognise the Necker cube and
Rubin’s vase illusions. When faced with the illusion as an input, it produced an
output of one or the other of the two interpretations. Over time, which
interpretation it chose oscillated back and forth. Traditional neural networks
also produce this behaviour, but in addition my network produced some ambiguous
results hovering between the two certain outputs – much like our own brains can
hold both interpretations together before settling on one.
How To Channel Anger As An Emotional Intelligence Strategy
If you want to use anger in a constructive way, you first have to break the
mental stigma that “Anger is bad.” Anger, like all emotions, is an instinctual
response. Rather than label this response as good or bad, it’s more useful to
think of it simply as data. Your emotions offer you data, and you can harness
that data in a number of ways. ... The second half of the battle is to learn
to use your anger with intent. To do so, you have to understand the potential
for anger to hijack your behavior. “[Anger] can also be a negative,” Scherzer
warned in his same interview. “It has been [for me] in the past, where you
almost get too much adrenaline, too much emotion, and you aren’t thinking
clearly.” In other words, Scherzer doesn’t just dial in anger and then see
what happens. He channels it with purpose. Even though he may appear intense
or even hotheaded, his intent is strong. And that intent is what enables him
to harness his anger in a constructive way. ... Since this is a more advanced
emotional intelligence strategy, there are a couple of things you should keep
top of mind. First, if you’re the kind of person whose anger frequently gets
in your way, you should likely focus your time on management strategies, not
this one. Second, you should start by applying this strategy in a lower-stakes
situation.
How to Improve Your Leadership Style With Cohort-Based Leadership Training
Cohort-based learning is rooted in Albert Bandura's social learning theory.
Social interaction improves learning because humans are social creatures by
nature. Hence, we enjoy learning more from interactive, multimedia methods
than passive ones that lack feedback or immediate results. Perspective-taking
and mentalizing in cohorts promote empathy and communication skills, while
emotional resonance and dialogue deepen understanding for all involved. The
accountability that forms in groups encourages commitment and performance.
Community-based learning, feedback, emotional support and real-world
application ignite individual and collective learning. ... The structured
curriculum is designed to cover various aspects of leadership, building upon
previous sessions to provide a comprehensive learning journey. Practical
tools, measurements and models are provided to apply directly to the work
environment. Real-time feedback and consulting during group sessions help
participants tackle specific workplace challenges, allowing for continuous
learning, application and feedback to support their development.
Quote for the day:
“A bend in the road is not the end of
the road unless you fail to make the turn.” -- Helen Keller
.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
