Quote for the day:
"We get our power from the people we lead, not from our stars and our bars." -- J. Stanford
Agentic AI — What CFOs need to know
Agentic AI takes efficiency to the next level as it builds on existing AI platforms with human-like decision-making, relieving employees of monotonous routine tasks, allowing them to focus on more important work. CFOs will be happy to know that like other forms of AI, agentic is scalable and flexible. For example, organizations can build it into customer-facing applications for a highly customized experience or sophisticated help desk. Or they could embed agentic AI behind the scenes in operations. ... Not surprisingly, like other emerging technologies, agentic AI requires thoughtful and strategic implementation. This means starting with process identification and determining which specific process or functions are suitable for agentic AI. Business leaders also need to determine organizational value and impact and find ways to evaluate and measure to ensure the technology is delivering clear benefits. Companies should also be mindful of team composition, and, if necessary, secure external experts to ensure successful implementation. Beyond the technical feasibility, there are other considerations such as data security. For now, CFOs and other business leaders need to wrap their heads around the concept of “agents” and keep their minds open to how this powerful technology can best serve the needs of their organization.
5 pitfalls that can delay cyber incident response and recovery
For tabletop exercises to be truly effective they must have internal ownership
and be customized to the organization. CISOs need to ensure that tabletops are
tailored to the company’s specific risks, security use cases and compliance
requirements. Exercises should be run regularly (quarterly, at a minimum) and
evaluated with a critical eye to ensure that outcomes are reflected in the
company’s broader incident response plan. ... One of the most common failures in
incident response is a lack of timely information sharing. Key stakeholders,
including HR, PR, Legal, executives and board members must be kept informed
about the situation in real time. Without proper communication channels and
predefined reporting structures, misinformation or delays can lead to confusion,
prolonged downtime and even regulatory penalties for failure to report incidents
within required timeframes. CISOs are responsible for proactively establishing
clear communication protocols and ensuring that all responders and stakeholders
understand their role in incident management. ... Out-of-band communication
capabilities are critical for safeguarding response efforts and shielding them
from an attacker’s view. Organizations should establish secure, independent
channels for coordinating incident response that aren’t tied to corporate
networks.
Bringing Security to Digital Product Design
We are aware that prioritizing security is a common challenge. Even though it is
a critical issue, most leaders behind the development of new products are not
interested in prioritizing this type of matter. Whenever possible, they try to
focus the team's efforts on features. For this reason, there is often no room
for this type of discussion. So what should we do? Fortunately, there are
multiple possible solutions. One way to approach the topic is to take advantage
of the opportunity of a collaborative and immersive session such as product
discovery. ... Usually, in a product discovery session, there is a proposed
activity to map personas. To map this kind of behavior, I recommend using the
same persona model that is suggested. From there, go deeper into hostility
characteristics in sections such as bio, objectives, interests, and
frustrations, as in the figure above. After the personas have been described, it
is important to deepen the discussion by mapping journeys. The goal here is to
identify actions and behaviors that provide ideas on how to correctly deal with
threats. Remember that when using an assailant actor, the materials should be
written from its perspective. ... Complementing the user journey with likely
attacker actions is another technique that helps software development teams map,
plan, and address security as early as possible.
From Cloud Native to AI Native: Lessons for the Modern CISO to Win the Cybersecurity Arms Race
Today, CISOs stand at another critical crossroads in security operations: the
move from a “Traditional SOC” to an “AI Native SOC.” In this new reality,
generative AI, machine learning and large-scale data analytics power the
majority of the detection, triage and response tasks once handled by human
analysts. Like Cloud Native technology before it, AI Native security methods
promise profound efficiency gains but also necessitate a fundamental shift in
processes, skillsets and organizational culture. ... For CISOs, transitioning
to an AI Native SOC represents a massive opportunity—akin to how CIOs
leveraged DevOps and cloud-native to gain a competitive edge: Strategic
Perspective: CISOs must look beyond tool selection to organizational and
cultural shifts. By championing AI-driven security, they demonstrate a
future-ready mindset—one that’s essential for keeping up with advanced
adversaries and board-level expectations around cyber resilience. Risk Versus
Value Equation: Cloud-native adoption taught CIOs that while there are upfront
investments and skill gaps, the long-term benefits—speed, agility,
scalability—are transformative. In AI Native security, the same holds true:
automation reduces response times, advanced analytics detect sophisticated
threats and analysts focus on high-value tasks.
Europe slams the brakes on Apple innovation in the EU
With its latest Digital Markets Act (DMA) action against Apple, the European
Commission (EC) proves it is bad for competition, bad for consumers, and bad
for business. It also threatens Europeans with a hitherto unseen degree of
data insecurity and weaponized exploitation. The information Apple is being
forced to make available to competitors with cynical interest in data
exfiltration will threaten regional democracy, opening doors to new Cambridge
Analytica scandals. This may sound histrionic. And certainly, if you read the
EC’s statement detailing its guidance to “facilitate development of innovative
products on Apple’s platforms” you’d almost believe it was a positive thing.
... Apple isn’t at all happy. In a statement, it said: “Today’s decisions wrap
us in red tape, slowing down Apple’s ability to innovate for users in Europe
and forcing us to give away our new features for free to companies who don’t
have to play by the same rules. It’s bad for our products and for our European
users. We will continue to work with the European Commission to help them
understand our concerns on behalf of our users.” There are several other
iniquitous measures contained in Europe’s flawed judgement. For example, Apple
will be forced to hand over access to innovations to competitors for free from
day one, slowing innovation.
The Impact of Emotional Intelligence on Young Entrepreneurs
The first element of emotional intelligence is self-awareness which means
being able to identify your emotions as they happen to understand how they
affect your behavior. During the COVID-19 pandemic, I often felt frustrated
when my sales went down during the international bookfair. But by practicing
self-awareness, I was able to acknowledge the frustration and think about its
sources instead of letting it lead to impulsive reactions. Being self-aware
helps me to stay in control of actions and make decisions that align with my
values. So the solution back then was to keep pushing sales through my online
platform instead of showing up in person as I realized that people were still
in lockdown due to the pandemic. Self-recognition is another important
aspect of emotional intelligence. While self-awareness is about recognizing
emotions, self-regulation focuses on managing how you respond to them.
Self-regulation doesn't mean ignoring your emotions but learning to express
them in a constructive way. Imagine a situation where you feel angry after
receiving negative feedback. Instead of reacting defensively or shouting,
self-recognition allows you to take a step back, consider the feedback calmly,
and respond appropriately.
Bridging the Gap: Integrating All Enterprise Data for a Smarter Future
To bridge the gap between mainframe and hybrid cloud environments, businesses
need a modern, flexible, technology-driven strategy — one that ensures they
can access, analyze, and act on their data without disruption. Rather than
relying on costly, high-risk "rip-and-replace" modernization efforts,
organizations can integrate their core transactional data with modern cloud
platforms using automated, secure, and scalable solutions capable of
understanding and modernizing mainframe data. One of the most effective
methods is real-time data replication and synchronization, which enables
mainframe data to be continuously updated in hybrid cloud environments in real
time. Low-impact change data capture technology recognizes and replicates only
the modified portions of datasets, reducing processing overhead and ensuring
real-time consistency across both mainframe and hybrid cloud systems. Another
approach is API-based integration, which allows organizations to provide
mainframe data as modern, cloud-compatible services. This eliminates the need
for batch processing and enables cloud-native applications, AI models, and
analytics platforms to access real-time mainframe data on demand. API gateways
further enhance security and governance, ensuring only authorized systems can
interact with sensitive transactional business data.
How CISOs are approaching staffing diversity with DEI initiatives under pressure
“In the end, a diverse, engaged cybersecurity team isn’t just the right thing
to build — it’s critical to staying ahead in a rapidly evolving threat
landscape,” he says. “To fellow CISOs, I’d say: Stay the course. The adversary
landscape is global, and so our perspective should be as well. A commitment to
DEI enhances resilience, fosters innovation, and ultimately strengthens our
defenses against threats that know no boundaries.” Nate Lee, founder and CISO
at Cloudsec.ai, says that even if DEI isn’t a specific competitive advantage —
although he thinks diversity in many shapes is — it’s the right thing to do,
and “weaponizing it the way the administration has is shameful.” “People want
to work where they’re valued as individuals, not where diversity is reduced to
checking boxes, but where leadership genuinely cares about fostering an
inclusive environment,” he says. “The current narrative tries to paint efforts
to boost people up as misguided and harmful, which to me is a very
disingenuous argument.” ... “Diverse workforces make you stronger and you are
a fool if you [don’t] establish a diverse workforce in cybersecurity. You are
at a distinct disadvantage to your adversaries who do benefit from diverse
thinking, creativity, and motivations.”
AI-Powered Cyber Attacks and Data Privacy in The Age of Big Data
Artificial intelligence significantly increased the capabilities of attackers
to efficiently conduct cyber-attacks. This also increased their intelligence
and the scale of the attacks. Compared to the traditional process of
cyber-attacks, the attacks driven by AI have the capability to automatically
learn, adapt, and develop strategies with a minimum number of human
interventions. These attacks proactively utilize the algorithms of machine
learning, natural language processing, and deep learning models. They leverage
these algorithms in the process of determining and analyzing issues or
vulnerabilities, avoiding security and detection systems, and developing
phishing campaigns that are believable. ... AI has also significantly
increased the intelligence of systems related to malware and autonomous
hacking. These systems gained the capabilities to infiltrate networks,
leverage the vulnerabilities of the system, and avoid detection systems.
Malware driven by AI has the capability to make real-time modifications to its
codes, unlike conventional malware. This significantly increases the
difficulties in the detection and eradication process for the security
software. These difficulties involve infiltration in systems powered by AI,
such as polymorphic malware. It can convert its appearance based on the data
collected from every attempt of cyber-attack.
Platform Engineers Must Have Strong Opinions
Many platform engineering teams build internal developer platforms, which
allow development teams to deploy their infrastructure with just a few clicks
and reduce the number of issues that slow deployments. Because they are
designing the underlying application infrastructure across the organization,
the platform engineering team must have a strong understanding of their
organization and the application types their developers are creating. This is
also an ideal point to inject standards about security, data management,
observability and other structures that make it easier to manage and deploy
large code bases. ... To build a successful platform engineering
strategy, a platform engineering team must have well-defined opinions about
platform deployments. Like pizza chefs building curated pizza lists based on
expertise and years of pizza experience, the platform engineering team applies
its years of industry experience in deploying software to define software
deployments inside the organization. The platform engineering team’s
experience and opinions guide and shape the underlying infrastructure of
internal platforms. They put guardrails into deployment standards to ensure
that the provided development capabilities meet the needs of engineering
organizations and fulfill the larger organization’s security, observability
and maintainability needs.
No comments:
Post a Comment