Quote for the day:
"Absolute identity with one's cause is the first and great condition of successful leadership." -- Woodrow Wilson
Is AI here to take or redefine your cybersecurity role?
Unlike Thibodeaux, Watson believes the level-one SOC analyst role “is going to
be eradicated” by AI eventually. But he agrees with Thibodeaux that AI will move
the table stakes forward on the skills needed to land a starter job in cyber.
“The thing that will be cannibalized first is the sort of entry-level basic
repeatable tasks, the things that people traditionally might have cut their
teeth on in order to sort of progress to the next level. Therefore, the skill
requirement to get a role in cybersecurity will be higher than what it has been
traditionally,” says Watson. To help cyber professionals attain AI skills,
CompTIA is developing a new certification program called SecAI. The course will
target cyber people who already have three to four years of experience in a core
cybersecurity job. The curriculum will include practical AI skills to
proactively combat emerging cyber threats, integrating AI into security
operations, defending against AI-driven attacks, and compliance for AI ethics
and governance standards. ... As artificial intelligence takes over a rising
number of technical cybersecurity tasks, Watson says one of the best ways
security workers can boost their employment value is by sharpening their human
skills like business literacy and communication: “The role is shifting to be one
of partnering and advising because a lot of the technology is doing the
monitoring, triaging, quarantining and so on.”5 tips for building foundation models for AI
"We have to be mindful that, when it comes to training these models, we're
doing it purposefully, because you can waste a lot of cycles on the exercise
of learning," he said. "The execution of these models takes far less energy
and resources than the actual training." OS usually feeds training data to its
models in chunks. "Building up the label data takes quite a lot of time," he
said. "You have to curate data across the country with a wide variety of
classes that you're trying to learn from, so a different mix between urban and
rural, and more." The organisation first builds a small model that uses
several hundred examples. This approach helps to constrain costs and ensures
OS is headed in the right direction. "Then we slowly build up that labelled
set," Jethwa said. "I think we're now into the hundreds of thousands of
labelled examples. Typically, these models are trained with millions of
labelled datasets." While the organization's models are smaller, the results
are impressive. "We're already outperforming the existing models that are out
there from the large providers because those models are trained on a wider
variety of images," he said. "The models might solve a wider variety of
problems, but, for our specific domain, we outperform those models, even at a
smaller scale."Reduce, re-use, be frugal with AI and data
By being more selective with the data included in language models, businesses
can better control their carbon emissions, limiting energy to be spent on the
most important resources. In healthcare, for example, separating the most
up-to-date medical information and guidance from the rest of the information on
that topic will mean safer, more reliable and faster responses to patient
treatment. ... Frugal AI means adopting an intelligent approach to data that
focuses on using the most valuable information only. When businesses have a
greater understanding of their data, how to label it, identify it and which
teams are responsible for its deletion, then the storage of single use data can
be significantly reduced. Only then can frugal AI systems be put in place,
allowing businesses to adopt a resource aware and efficient approach to both
their data consumption and AI usage. It’s important to stress here though that
frugal AI doesn’t mean that the end results are lesser or of a reduced impact of
technology, it means that the data that goes into AI is concentrated, smaller
but just as impactful. Think of it like making a drink with extra concentrated
squash. Frugal AI is that extra concentrate squash that puts data efficiency,
consideration and strategy at the centre of an organisation’s AI ambitions.
Cyber turbulence ahead as airlines strap in for a security crisis
Although organizations have acknowledged the need to boost spending, progress
remains to be made and new measures adopted. Legacy OT systems, which often lack
security features such as automated patching and built-in encryption, should be
addressed as a top priority. Although upgrading these systems can be costly, it
is essential to prevent further disruptions and vulnerabilities. Mapping the
aviation supply chain helps identify all key partners, which is important for
conducting security audits and enforcing contractual cybersecurity requirements.
This should be reinforced with multi-layered perimeter defenses, including
encryption, firewalls, and intrusion detection systems, alongside zero-trust
network segmentation to minimize the risk of attackers moving laterally within
networks. Companies should implement real-time threat monitoring and response by
deploying intrusion detection systems, centralizing analysis with SIEM, and
maintaining a regularly tested incident response plan to identify, contain, and
mitigate cyberattacks. ... One of the most important steps is to train all
staff, including pilots and ground crews, to recognize scams. Since recent
security breaches have mostly relied on social engineering tactics, this type of
training is essential. A single phone call or a convincing email can be enough
to trigger a data breach.
What Does It Mean to Be Data-Driven?
A data-driven organization understands the value of its data and the best ways
to capitalize on that value. Its data assets are aligned with its goals and the
processes in place to achieve those goals. Protecting the company’s data assets
requires incorporating governance practices to ensure managers and employees
abide by privacy, security, and integrity guidelines. In addition to proper data
governance, the challenges to implementing a data-driven infrastructure for
business processes are data quality and integrity, data integration, talent
acquisition, and change management. ... To ensure the success of their
increasingly critical data initiatives, organizations look to the
characteristics that led to effective adoption of data-driven programs at other
companies. Management services firm KPMG identifies four key characteristics of
successful data-driven initiatives: leadership involvement, investments in
digital literacy, seamless access to data assets, and promotion and monitoring.
... While data-as-a-service (DaaS) emphasizes the sale of external data, data as
a product (DaaP) considers all of a company’s data and the mechanisms in place
for moving and storing the data as a product that internal operations rely on.
The data team becomes a “vendor” serving “customers” throughout the
organization.
AI Needs a Firewall and Cloud Needs a Rethink
Hyperscalers dominate most of enterprise IT today, and few are willing to challenge the status quo of cloud economics, artificial intelligence infrastructure and cybersecurity architectures. But Tom Leighton, co-founder and CEO of Akamai, does just that. He argues that the cloud has become bloated, expensive and overly centralized. The internet needs a new kind of infrastructure that is distributed, secure by design and optimized for performance at the edge, Leighton told Information Security Media Group. From edge-native AI inference and API security to the world's first firewall for artificial intelligence, Akamai is no longer just delivering content - it's redesigning the future. ... Among the most notable developments Leighton discussed was a new product category: an AI firewall. "People are training models on sensitive data and then exposing them to the public. That creates a new attack surface," Leighton said. "AI hallucinates. You never know what it's going to do. And the bad guys have figured out how to trick models into leaking data or doing bad things." Akamai's AI firewall monitors prompts and responses to prevent malicious prompts from manipulating the model and to avoid leaking sensitive data. "It can be implemented on-premises, in the cloud or within Akamai's platform, providing flexibility based on customer preference.Human and machine: Rediscovering our humanity in the age of AI
In an era defined by the rapid advancement of AI, machines are increasingly
capable of tasks once considered uniquely human. ... Ethical decision-making,
relationship building and empathy have been identified as the most valuable,
both in our present reality and in the AI-driven future. ... As we navigate this
era of AI, we must remember that technology is a tool, not a replacement for
humanity. By embracing our capacity for creativity, connection and empathy, we
can ensure that AI serves to enhance our humanity, not diminish it. This means
accepting that preserving our humanness sometimes requires assistance. It means
investing in education and training that fosters critical thinking,
problem-solving and emotional intelligence. It means creating workplaces that
value human connection and collaboration, where employees feel supported and
empowered to bring their whole selves to work. And it means fostering a culture
that celebrates creativity, innovation and the pursuit of knowledge. At a time
when seven out of every ten companies are already using AI in at least one
business function, let us embrace the challenge of this new era with both
optimism and intentionality. Let us use AI to build a better future for
ourselves and for generations to come – a future where technology serves
humanity, and where every individual has the opportunity to thrive.
‘Interoperable but not identical’: applying ID standards across diverse communities
Exchanging knowledge and experiences with identity systems to improve future ID
projects is central to the concept of ID4Africa’s mission. At this year’s
ID4Africa AGM in Addis Ababa, Ethiopia, a tension was more evident than ever
before between the quest for transferable insights and replicable successes and
the uniqueness of each African nation. Thales Cybersecurity and Digital
Identity Field Marketing Director for the Middle East and Africa Jean Lindner
wrote in an emailed response to questions from Biometric Update following the
event that the mix of attendees reflected that “every African country has its
own diverse history or development maturity and therefore unique legacy identity
systems, with different constraints. Let us recognize here there is no unique
quick-fix to country-specific hurdles,” he says. The lessons of one country can
only benefit another to the extent that common ground is identified. The
development of the concept of digital public infrastructure has mapped out some
common ground, but standards and collaborative organizations have a major role
to play. Unfortunately, Stéphanie de Labriolle, executive director services at
the Secure Identity Alliance says “the widespread lack of clarity around
standards and what compliance truly entails” was striking at this year’s
ID4Africa AGM.
The Race to Shut Hackers out of IoT Networks
Considered among the weakest links in enterprise networks, IoT devices are used
across industries to perform critical tasks at a rapid rate. An estimated 57% of
deployed units "are susceptible to medium- or high-severity attacks," according
to research from security vendor Palo Alto Networks. IoT units are inherently
vulnerable to security attacks, and enterprises are typically responsible for
protecting against threats. Additionally, the IoT industry hasn't settled on
standardized security, as time to market is sometimes a priority over standards.
... 3GPP developed RedCap to provide a viable option for enterprises seeking a
higher-performance, feature-rich 5G alternative to traditional IoT connectivity
options such as low-power WANs (LPWANs). LPWANs are traditionally used to
transmit limited data over low-speed cellular links at a low cost. In contrast,
RedCap offers moderate bandwidth and enhanced features for more demanding use
cases, such as video surveillance cameras, industrial control systems in
manufacturing and smart building infrastructure. ... From a security standpoint,
RedCap inherits strong capabilities in 5G, such as authentication, encryption
and integrity protection. It can also be supplemented at application and device
levels for a multilayered security approach.
Architecting the MVP in the Age of AI
/articles/architecting-mvp-AI/en/smallimage/architecting-mvp-AI-thumbnail-1752567203613.jpg)
A key aspect of architecting an MVP is forming and testing hypotheses about how
the system will meet its QARs. Understanding and prioritizing these QARs is not
an easy task, especially for teams without a lot of architecture experience. AI
can help when teams provide context by describing the QARs that the system must
satisfy in a prompt and asking the LLM to suggest related requirements. The LLM
may suggest additional QARs that the team may have overlooked. For example, if
performance, security, and usability are the top 3 QARs that a team is
considering, an LLM may suggest looking at scalability and resilience as well.
This can be especially helpful for people who are new to software architecture.
... Sometimes validating the AI’s results may require more skills than would be
required to create the solution from scratch, just as is sometimes the case when
seeing someone else’s code and realizing that it’s better than what you would
have developed on your own. This can be an effective way to improve developers’
skills, provided that the code is good. AI can also help you find and fix bugs
in your code that you may miss. Beyond simple code inspection, experimentation
provides a means of validating the results produced by AI. In fact,
experimentation is the only real way to validate it, as some researchers have
discovered.
/filters:no_upscale()/articles/optimizing-search-systems/en/resources/97figure-2-1752143797166.jpg)
