Daily Tech Digest - August 31, 2024

CTO to CTPO: Navigating the Dual Role in Tech Leadership

A competent CPTO can streamline processes, reduce the risk of misalignment, and offer a clear vision for both product and technology initiatives. This approach can also be cost-effective, as executive roles come with high salaries and significant demands. Combining these roles simplifies the organizational structure, providing a single point of contact for research and development. This works well in environments where product and technology are closely integrated and mature in the product and technology systems. In my role, most of my day-to-day activities are focused on the product. I’m very conscious that I don’t have a counterpart to challenge my thinking, so I spend a lot of time with senior business stakeholders to ensure the debates and discussions occur. I also encourage this in my leadership team to ensure that technology and product leaders are rigorous in their thinking and decision-making. Ultimately, deciding to have one or two roles for product and technology depends on a company’s specific needs, maturity, and strategic priorities. For some, clarity and focus come from having both a CPO and a CTO. For others, the simplicity and unified vision that comes from a single leader makes more sense.


How quantum computing could revolutionise (and disrupt) our digital world

Everything that is encrypted today could potentially be laid bare. Banking, commerce, and personal communications—all the pillars of our digital world—could be exposed, leading to consequences we’ve never encountered. Thankfully, Q-Day is estimated to be five to ten years away, mainly because building a stable quantum computer is fiendishly difficult. The processors need to be cooled to near absolute zero, among other technical challenges. But make no mistake—it’s coming. Sergio stressed that businesses and countries need to prepare now. Already, some groups are harvesting encrypted data with the intention of decrypting it when quantum computing capabilities mature. Much like the Y2K bug, Q-Day requires extensive preparation. This August, the National Institute of Standards and Technology (NIST) released the first set of post-quantum encryption standards designed to withstand quantum attacks. Similarly, the UK’s National Cyber Security Centre (NCSC) advises that migrating to post-quantum cryptography (PQC) is a complex, multi-year effort that requires immediate action.


Transparency is often lacking in datasets used to train large language models

Researchers often use a technique called fine-tuning to improve the capabilities of a large language model that will be deployed for a specific task, like question-answering. For finetuning, they carefully build curated datasets designed to boost a model’s performance for this one task. The MIT researchers focused on these fine-tuning datasets, which are often developed by researchers, academic organizations, or companies and licensed for specific uses. When crowdsourced platforms aggregate such datasets into larger collections for practitioners to use for fine-tuning, some of that original license information is often left behind. “These licenses ought to matter, and they should be enforceable,” Mahari says. For instance, if the licensing terms of a dataset are wrong or missing, someone could spend a great deal of money and time developing a model they might be forced to take down later because some training data contained private information. “People can end up training models where they don’t even understand the capabilities, concerns, or risk of those models, which ultimately stem from the data,” Longpre adds.


Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums

Finding the right security technologies for the business is increasingly important, because ransomware incidents have accelerated over the past few years, says Jason Rebholz, CISO at Corvus Insurance, a cyber insurer. Attackers posted the names of at least 1,248 victims to leak sites in the second quarter of 2024, the highest quarterly volume to date, according the firm. ... "We take VPNs very seriously in how we price [our policies] and what recommendations we give to our companies ... and this is mostly related to ransomware," Itskovich says. For those reasons, businesses should take a look at their VPN security and email security, if they want to better secure their environments and, by extension, reduce their policy costs. Because an attacker will eventually find a way to compromise most companies, having a way to detect and respond to threats is vitally important, making managed detection and response (MDR) another technology that will eventually pay for itself, he says. ... For smaller companies, email security, cybersecurity-awareness training, and multi-factor authentication are critical, says Matthieu Chan Tsin, vice president of cybersecurity services for Cowbell. 


Cybersecurity for Lawyers: Open-Source Software Supply Chain Attacks

A supply chain attack co-opts the trust in the open-source development model to place malicious code inside the victim’s network or computer systems. Essentially, the attacker inserts malicious code, like a foodborne virus, into the software during its development process, positioning the malicious code to be unintentionally installed by the end user installing the software within their network. Any organization using the affected project has unwittingly invited the malicious code within its walls. Malicious code may already reside within a newly adopted OSS project, or it could be delivered via an updated version of a trusted project. The difference between an OSS supply chain attack and a traditional supply chain attack (e.g., inserting malware into proprietary software) is that the organization using OSS has access to its entire code at the outset and throughout its use (and can therefore examine it for vulnerabilities or otherwise have greater insight into how it functions when used maliciously). While some organizations may have the resources and wherewithal to leverage this as a security advantage, many will not.


A Measure of Motive: How Attackers Weaponize Digital Analytics Tools

IP geolocation utilities can be used legitimately by advertisers and marketers to gauge the geo-dispersed impact of advertising reach and the effectiveness of marketing funnels (albeit with varying levels of granularity and data availability). However, Mandiant has observed IP geolocation utilities used by attackers. Some real-world attack patterns that Mandiant has observed leveraging IP geolocation utilities include:Malware payloads connecting to geolocation services for infection tracking purposes upon successful host compromise, such as with the Kraken Ransomware. This allows attackers a window into how fast and how far their campaign is spreading. Malware conditionally performing malicious actions based on IP geolocation data. This functionality allows attackers a level of control around their window of vulnerability and ensures they do not engage in “friendly fire” if their motivations are geo-political in nature, such as indiscriminate nation-state targeting by hacktivists. An example of this technique can be seen in the case of the TURKEYDROP variant of the Adwind malware, which attempts to surgically target systems located in Turkey.


AI development and agile don't mix well

Interestingly, several AI specialists see formal agile software development practices as a roadblock to successful AI. ... "While the agile software movement never intended to develop rigid processes -- one of its primary tenets is that individuals and interactions are much more important than processes and tools -- many organizations require their engineering teams to universally follow the same agile processes." ... The report suggested: "Stakeholders don't like it when you say, 'it's taking longer than expected; I'll get back to you in two weeks.' They are curious. Open communication builds trust between the business stakeholders and the technical team and increases the likelihood that the project will ultimately be successful."Therefore, AI developers must ensure technical staff understand the project purpose and domain context: "Misunderstandings and miscommunications about the intent and purpose of the project are the most common reasons for AI project failure. Ensuring effective interactions between the technologists and the business experts can be the difference between success and failure for an AI project."


A quantum neural network can see optical illusions like humans do. Could it be the future of AI?

When we see an optical illusion with two possible interpretations (like the ambiguous cube or the vase and faces), researchers believe we temporarily hold both interpretations at the same time, until our brains decide which picture should be seen. This situation resembles the quantum-mechanical thought experiment of Schrödinger’s cat. This famous scenario describes a cat in a box whose life depends on the decay of a quantum particle. According to quantum mechanics, the particle can be in two different states at the same time until we observe it – and so the cat can likewise simultaneously be alive and dead. I trained my quantum-tunnelling neural network to recognise the Necker cube and Rubin’s vase illusions. When faced with the illusion as an input, it produced an output of one or the other of the two interpretations. Over time, which interpretation it chose oscillated back and forth. Traditional neural networks also produce this behaviour, but in addition my network produced some ambiguous results hovering between the two certain outputs – much like our own brains can hold both interpretations together before settling on one.


How To Channel Anger As An Emotional Intelligence Strategy

If you want to use anger in a constructive way, you first have to break the mental stigma that “Anger is bad.” Anger, like all emotions, is an instinctual response. Rather than label this response as good or bad, it’s more useful to think of it simply as data. Your emotions offer you data, and you can harness that data in a number of ways. ... The second half of the battle is to learn to use your anger with intent. To do so, you have to understand the potential for anger to hijack your behavior. “[Anger] can also be a negative,” Scherzer warned in his same interview. “It has been [for me] in the past, where you almost get too much adrenaline, too much emotion, and you aren’t thinking clearly.” In other words, Scherzer doesn’t just dial in anger and then see what happens. He channels it with purpose. Even though he may appear intense or even hotheaded, his intent is strong. And that intent is what enables him to harness his anger in a constructive way. ... Since this is a more advanced emotional intelligence strategy, there are a couple of things you should keep top of mind. First, if you’re the kind of person whose anger frequently gets in your way, you should likely focus your time on management strategies, not this one. Second, you should start by applying this strategy in a lower-stakes situation.


How to Improve Your Leadership Style With Cohort-Based Leadership Training

Cohort-based learning is rooted in Albert Bandura's social learning theory. Social interaction improves learning because humans are social creatures by nature. Hence, we enjoy learning more from interactive, multimedia methods than passive ones that lack feedback or immediate results. Perspective-taking and mentalizing in cohorts promote empathy and communication skills, while emotional resonance and dialogue deepen understanding for all involved. The accountability that forms in groups encourages commitment and performance. Community-based learning, feedback, emotional support and real-world application ignite individual and collective learning. ... The structured curriculum is designed to cover various aspects of leadership, building upon previous sessions to provide a comprehensive learning journey. Practical tools, measurements and models are provided to apply directly to the work environment. Real-time feedback and consulting during group sessions help participants tackle specific workplace challenges, allowing for continuous learning, application and feedback to support their development.



Quote for the day:

“A bend in the road is not the end of the road unless you fail to make the turn.” -- Helen Keller

No comments:

Post a Comment