Daily Tech Digest - May 05, 2025


Quote for the day:

"Listening to the inner voice and trusting the inner voice is one of the most important lessons of leadership." -- Warren Bennis


How CISOs can talk cybersecurity so it makes sense to executives

“With complex technical topics and evolving threats to cover, the typical brief time slot often proves inadequate for meaningful dialogue. Security leaders can address this by preparing concise, business-focused briefing materials in advance and prioritizing the most critical issues for discussion. When time constraints persist, they should advocate for dedicated sessions to ensure proper oversight of cybersecurity matters,” said Ross Young ... When communicating with the board of directors, Turgal advises mapping cybersecurity initiatives to shareholder value. “If the business goal is to protect shareholder value, there is a direct connection to business continuity and increased operational uptime.” To support that, security leaders might increase cyber resilience through containerized immutable backups, disaster recovery and incident response plans—tools that can mitigate brand-damaging attacks and prevent stock price volatility. ... Some of the most productive conversations don’t happen in meetings. They happen over coffee, or on calls with individual board members.​ If possible, schedule one-on-ones with directors to walk them through key risks. Ask what they want to know more about. Find out how they prefer to receive information.​ By building rapport outside the meeting, you’ll face fewer surprises inside it. Your strongest allies in the boardroom are often the CFO and legal chief. 


The great cognitive migration: How AI is reshaping human purpose, work and meaning

Human purpose and meaning are likely to undergo significant upheaval. For centuries, we have defined ourselves by our ability to think, reason and create. Now, as machines take on more of those functions, the questions of our place and value become unavoidable. If AI-driven job losses occur on a large scale without a commensurate ability for people to find new forms of meaningful work, the psychological and social consequences could be profound. It is possible that some cognitive migrants could slip into despair. AI scientist Geoffrey Hinton, who won the 2024 Nobel Prize in physics for his groundbreaking work on deep learning neural networks that underpin LLMs, has warned in recent years about the potential harm that could come from AI. In an interview with CBS, he was asked if he despairs about the future. He said he did not because, ironically, he found it very hard to take [AI] seriously. He said: “It’s very hard to get your head around the point that we are at this very special point in history where in a relatively short time, everything might totally change. A change on a scale we’ve never seen before. It’s hard to absorb that emotionally.” There will be paths forward. Some researchers and economists, including MIT economist David Autor, have begun to explore how AI could eventually help rebuild middle-class jobs, not by replacing human workers, but by expanding what humans can do. 


CISO vs CFO: why are the conversations difficult?

The disconnect between CISOs and CFOs remains a challenge in many organizations. While cybersecurity threats escalate in scale and complexity, senior leadership often fails to fully grasp the magnitude of the risk. This gap is visible in EY’s 2025 Cybersecurity study, which shows that 68% of CISOs worry that senior leaders underestimate the risks. Progress in bridging this divide happens when CISOs and CFOs are willing to meet halfway, aligning technical priorities with financial realities. Argyle realized that to move the conversation forward, he had to change his approach: he stopped defending the technology and started showing the impact. ... Redesigning the relationship between a CISO and a CFO isn’t something that’s fixed over a single meeting or a strong cup of coffee. It takes time, mutual understanding, and open conversations. As Argyle points out, these discussions shouldn’t be limited to budget season, when both sides are already in negotiation mode. To truly build trust and alignment, CISOs and CFOs need to keep the dialogue alive year-round and make efforts to understand each other’s work, long before money is involved. “Ideally, I’d bring the CFO into tabletop cyber crisis simulations and scenario planning,” he adds. “Let them see the domino effect of a breach — not just read about it in a report. That firsthand exposure builds understanding faster than any PowerPoint.”


How to Build a Team That Thinks and Executes Like a Founder

If your team has a deep understanding of what you are trying to accomplish, you can ensure that everyone is rowing in the same direction. It isn't enough to simply share your vision and goals. To really get the team engaged, it's critical that they understand the underlying "why" behind your goals and decisions. One of the best ways to do this is by being as transparent as possible, such as sharing financial data and other key business metrics. This information can help the team understand the bigger picture and connect how their individual roles contribute to the overall success of the company. ... First, stop assigning tasks to your team. Instead, give team members ownership over entire end-to-end processes. This allows them to take full responsibility for the success of this process and help you hold the team accountable for executing it successfully. The best way to do this is by focusing on outcome-based delegation. This provides flexibility and autonomy for the team to figure out the best way to achieve the goal. As a business owner, you don't want the team coming to you for every little decision. ... n many cases, a bad deliverable is a result of miscommunication, unclear direction or not having access to the right resources. The challenge is that many business owners give up when delegation doesn't work the way they hoped the first time. 


Quiet hiring: How HR can turn this trend into a winning strategy

At its heart, quiet hiring is about strategic talent management. It’s a way for organisations to fill skill gaps and meet changing business needs without expanding their workforce in the traditional sense. Instead of hiring full-time employees, businesses tap into existing employees, freelancers, or contractors to temporarily shift roles or tackle specific projects. It’s about working smarter with the talent you already have, and supplementing that with external experts when needed. ... Instead of looking outside the organisation to fill a gap, businesses can move current employees into new roles or give them additional responsibilities. For instance, if a marketing expert has experience with analytics, they might temporarily shift to the data analytics team to support a busy period. Not only does this save the company time and money in recruitment, but it also develops your current team, gives employees fresh opportunities, and fosters an agile workforce. It’s a win-win—employees gain new skills, and organisations can fill critical gaps without the lengthy hiring process. ... The business world is unpredictable, and the ability to adapt quickly is more important than ever. Quiet hiring offers companies the flexibility they need to respond to sudden changes. For example, if demand for a product surges unexpectedly, internal employees can be quickly moved to meet the increased workload, while contractors can be brought in to handle the temporary increase in tasks.


Attack of the AI crawlers

To be fair, it’s not entirely clear that robots.txt directives are legally enforceable, according to Susskind and other attorneys who focus on technology issues. Therefore, if the model makers were arguing that they have the right to violate those requests, that might be a legitimate argument. But that is not what they are arguing. They are saying they abide by those rules, but then many send out undeclared crawlers to do it anyway. The real problem is that they are inflicting financial damage to the site owners by forcing them to pay far more for bandwidth. And it is solely the model makers that benefit, not the site owners. What is IT to do, Susskind asked, when an undeclared genAI crawler “hits my site a million times a day”? Indeed, Susskind’s team has seen “a single bot hitting a site millions of times per hour. That is several orders of magnitude more burdensome than normal SEO crawling.” ... The problem, according to attorneys in this space, is not with establishing monetary damages but with attribution: how to determine who’s responsible for the surging traffic. In such a hypothetical court case, the lawyers for the deep-pocketed genAI model makers would likely argue that plaintiffs’ sites are visited by millions of users and bots from multiple sources. Without proof tying traffic to a specific crawler or tying a crawler to a specific model maker, the model maker can’t be held accountable for plaintiffs’ financial damages.


A Farewell to APMs — The Future of Observability is MCP tools

Initially introduced by Anthropic, the Model Context Protocol (MCP) represents a communication tier between AI agents and other applications, allowing agents to access additional data sources and perform actions as they see fit. More importantly, MCPs open up new horizons for the agent to intelligently choose to act beyond its immediate scope and thereby broaden the range of use cases it can address. The technology is not new, but the ecosystem is. In my mind, it is the equivalent of evolving from custom mobile application development to having an app store. ... With the advent of MCPs, software developers now have the choice of adopting a different model for developing software. Instead of focusing on a specific use case, trying to nail the right UI elements for hard-coded usage patterns, applications can transform into a resource for AI-driven processes. This describes a shift from supporting a handful of predefined interactions to supporting numerous emergent use cases. ... Making observability useful to the agent, however, is a little more involved than slapping on an MCP adapter to an APM. Indeed, many of the current generation tools, in rushing to support the new technology took that very route, not taking into consideration that AI agents also have their limitations.


Knowing when to use AI coding assistants

AI performs exceptionally well with common coding patterns. Its sweet spot is generating new code with low complexity when your objectives are well-specified and you’re using popular libraries, says Swiber. “Web development, mobile development, and relatively boring back-end development are usually fairly straightforward,” adds Charity Majors, co-founder and CTO of Honeycomb. The more common the code and the more online examples, the better AI models perform. ... While AI accelerates development, it creates a new burden to review and validate the resulting code. “In a worst-case scenario, the time and effort required to debug and fix subtle issues in AI-generated code could even eclipse the time it would require to write the code from scratch,” says Sonar’s Wang. Quality and security can suffer from vague prompts or poor contextual understanding, especially in large, complex code bases. Transformer-based models also face limitations with token windows, making it harder to grasp projects with many parts or domain-specific constraints. “We’ve seen cases where AI outputs are syntactically correct but contain logical errors or subtle bugs,” Wang notes. These mistakes originate from a “black box” process, he says, making AI risky for mission-critical enterprise applications that require strict governance.


CISOs Take Note: Is Needless Cybersecurity Strangling Your Business?

"For IT and security teams, redundant and obsolete security tools or measures increase workflows, hurt efficiency, and extend incident response and patch time," he explains via email. "When there's excessive or ineffective tools in the security stack, teams waste valuable time sifting through redundant and low-value alerts, hampering them from focusing on real threats." ... Additionally, excessive security controls, such as overly intrusive multi-factor authentication, can create employee friction, slowing down and challenging collaboration with partners, vendors, and customers, Shilts says. "This often results in employees finding workarounds, such as using their personal emails, which introduces security risks that are difficult to track and manage." ... In general, an organizational security posture, including tools and procedures, should be assessed annually or even earlier if a major change is implemented, Biswas says. Ideally, to prevent conflicts of interest, such assessments should be performed by independent, expert third parties. "After all, it’s difficult for an implementor or operator to be a truly impartial assessor of their own work," he explains. "While some organizations may be able to do so via internal audit, for most it makes sense to hire an outsider to play devil’s advocate."


Machines Cannot Feel or Think, but Humans Can, and Ought To

In a philosophical debate, the question, as it is applied to AI, is: How do we know that AI does not have an experience of the world? The same question could be asked of flowers, animals, stones, and automobiles. In this sense, the question of “other intelligences” is often quite valuable and holds tremendous potential for escaping the capital-focused development of information processing machines. In its most useful form, this approach to “post-humanism” refers to the evolved understanding that humans are not the center of the universe, but exist within a dense network of relationships. This definition of the post-human may pave the way to decentering definitions of “human” that privilege human needs over those of the environment, or even people whom we consider less-than. It may cultivate a deeper appreciation for the complexity of animals and their ecosystems, and, through careful design, might lead to an approach to technological development that considers the interdependencies within systems as connected, not isolated. Have we even started to build a capacity to understand those worlds, to empathize with trees and rivers and elk, to the extent to which we can now fully shift our attention to the potential emotional experiences of a hypothetical Microsoft product? 

No comments:

Post a Comment