Quote for the day:
"A company is like a ship. Everyone ought to be prepared to take the helm." -- Morris Wilks
AI-Driven Threat Hunting: Catching Zero Day Exploits Before They Strike
 Cybersecurity has come a long way from the days of simple virus scanners and
static firewalls. Signature-based defenses were sufficient to detect known
malware during the past era. Zero-day exploits operate as unpredictable threats
that traditional security tools fail to detect. The technology sector saw
Microsoft and Google rush to fix more than dozens of zero day vulnerabilities
which attackers used in the wild during 2023. The consequences reach extreme
levels because a single security breach results in major financial losses and
immediate destruction of corporate reputation. AI functions as a protective
measure that addresses weaknesses in human capabilities and outdated system
limitations. The system analyzes enormous amounts of data from network traffic
and timestamps and IP logs, and other inputs to detect security risks. ... So
how does AI pull this off? It’s all about finding the weird stuff. Network
traffic packets follow regular patterns, but zero-day exploits cause packet size
fluctuations and timing irregularities. AI detects anomalies by comparing data
against its knowledge base of typical behavior patterns. Autoencoders function
as neural networks that learn to recreate data during operation. When an
autoencoder fails to rebuild data, it automatically identifies the suspicious
activity.
Cybersecurity has come a long way from the days of simple virus scanners and
static firewalls. Signature-based defenses were sufficient to detect known
malware during the past era. Zero-day exploits operate as unpredictable threats
that traditional security tools fail to detect. The technology sector saw
Microsoft and Google rush to fix more than dozens of zero day vulnerabilities
which attackers used in the wild during 2023. The consequences reach extreme
levels because a single security breach results in major financial losses and
immediate destruction of corporate reputation. AI functions as a protective
measure that addresses weaknesses in human capabilities and outdated system
limitations. The system analyzes enormous amounts of data from network traffic
and timestamps and IP logs, and other inputs to detect security risks. ... So
how does AI pull this off? It’s all about finding the weird stuff. Network
traffic packets follow regular patterns, but zero-day exploits cause packet size
fluctuations and timing irregularities. AI detects anomalies by comparing data
against its knowledge base of typical behavior patterns. Autoencoders function
as neural networks that learn to recreate data during operation. When an
autoencoder fails to rebuild data, it automatically identifies the suspicious
activity.How AI is changing the GRC strategy
 CISOs are in a tough spot because they have a dual mandate to increase
productivity and leverage this powerful emerging technology, while still
maintaining governance, risk and compliance obligations, according to Rich
Marcus, CISO at AuditBoard. “They’re being asked to leverage AI or help
accelerate the adoption of AI in organizations to achieve productivity gains.
But don’t let it be something that kills the business if we do it wrong,” says
Marcus. ... “The really important thing to be successful with managing AI risk
is to approach the situation with a collaborative mindset and broadcast the
message to folks that we’re all in it together and you’re not here to slow them
down.” ... Ultimately, the task is for security leaders to apply a security lens
to AI using governance and risk as part of the broader GRC framework in the
organization. “A lot of organizations will have a chief risk officer or someone
of that nature who owns the broader risk across the environment, but security
should have a seat at the table,” Norton says. “These days, it’s no longer about
CISOs saying ‘yes’ or ‘no’. It’s more about us providing visibility of the risks
involved in doing certain things and then allowing the organization and the
senior executives to make decisions around those risks.”
CISOs are in a tough spot because they have a dual mandate to increase
productivity and leverage this powerful emerging technology, while still
maintaining governance, risk and compliance obligations, according to Rich
Marcus, CISO at AuditBoard. “They’re being asked to leverage AI or help
accelerate the adoption of AI in organizations to achieve productivity gains.
But don’t let it be something that kills the business if we do it wrong,” says
Marcus. ... “The really important thing to be successful with managing AI risk
is to approach the situation with a collaborative mindset and broadcast the
message to folks that we’re all in it together and you’re not here to slow them
down.” ... Ultimately, the task is for security leaders to apply a security lens
to AI using governance and risk as part of the broader GRC framework in the
organization. “A lot of organizations will have a chief risk officer or someone
of that nature who owns the broader risk across the environment, but security
should have a seat at the table,” Norton says. “These days, it’s no longer about
CISOs saying ‘yes’ or ‘no’. It’s more about us providing visibility of the risks
involved in doing certain things and then allowing the organization and the
senior executives to make decisions around those risks.”Three Invisible Hurdles to Innovation
 Innovation changes internal power dynamics. The creation of a new line of
  business leads to a legacy line of business declining or, at an extreme,
  shutting down or being spun out. One part of the organization wins; another
  loses. Why would a department put forward or support a proposal that would put
  that department out of business or lead it to lose organizational influence?
  That means senior leaders might never see a proposal that’s good for the whole
  organization if it is bad for one part of the organization. ... While the
  natural language interface of OpenAI’s ChatGPT was easy the first time I used
  it, I wasn’t sure what to do with a large language model (LLM). First I tried
  to mimic a Google search, and then jumped in and tried to design a course from
  scratch. The lack of artfully constructed prompts on first-generation
  technology led to predictably disappointing results. For DALL-E, I tried to
  prove that AI couldn’t match the skills of my daughter, a skilled artist.
  Seeing mediocre results left me feeling smug, reaffirming my humanity. ...
  Social identity theory suggests that individuals often merge their personal
  identity with the offerings of the company at which they work. Ask them who
  they are, and they respond with what they do: “I’m a newspaper guy.” So
  imagine how Gilbert’s message landed with his employees who worked to produce
  a print newspaper every day.
  Innovation changes internal power dynamics. The creation of a new line of
  business leads to a legacy line of business declining or, at an extreme,
  shutting down or being spun out. One part of the organization wins; another
  loses. Why would a department put forward or support a proposal that would put
  that department out of business or lead it to lose organizational influence?
  That means senior leaders might never see a proposal that’s good for the whole
  organization if it is bad for one part of the organization. ... While the
  natural language interface of OpenAI’s ChatGPT was easy the first time I used
  it, I wasn’t sure what to do with a large language model (LLM). First I tried
  to mimic a Google search, and then jumped in and tried to design a course from
  scratch. The lack of artfully constructed prompts on first-generation
  technology led to predictably disappointing results. For DALL-E, I tried to
  prove that AI couldn’t match the skills of my daughter, a skilled artist.
  Seeing mediocre results left me feeling smug, reaffirming my humanity. ...
  Social identity theory suggests that individuals often merge their personal
  identity with the offerings of the company at which they work. Ask them who
  they are, and they respond with what they do: “I’m a newspaper guy.” So
  imagine how Gilbert’s message landed with his employees who worked to produce
  a print newspaper every day.Beyond Code Generation: How Asimov is Transforming Engineering Team Collaboration
The conventional wisdom around AI coding assistance has been misguided. Research shows that engineers spend only about 10% of their time writing code, while the remaining 70% is devoted to understanding existing systems, debugging issues, and collaborating with teammates on intricate problems. This reality exposes a significant gap in current AI tooling, which predominantly focuses on code generation rather than comprehension. “Engineers don’t spend most of their time writing code. They spend most of their time understanding code and collaborating with other teammates on hard problems,” explains the Reflection team. This insight drives Asimov’s unique approach to engineering productivity. ... As engineering teams grapple with increasingly complex systems and distributed architectures, tools like Asimov offer a glimpse into a future where AI serves as a genuine collaborative partner rather than just a code completion engine. By focusing on understanding and context rather than mere generation, Asimov addresses the actual pain points that slow down engineering teams. The tool is currently in early access, with Reflection AI selecting teams for initial deployment.Data Management Makes or Breaks AI Success for SLGs
 “Many agencies start their AI journeys with a specific use case, something
simple like a chatbot,” says John Whippen, regional vice president for U.S.
public sector at Snowflake. “As they show the value of those individual use
cases, they’ll attempt to make it more prevalent across an entire agency or
department.” Especially in populous jurisdictions, readying data for large-scale
AI initiatives can be challenging. Nevertheless, that initial data
consolidation, governance and management are central to cross-agency AI
deployments, according to Whippen and other industry experts. ... Most state
agencies operate on a hybrid cloud model. Many of them work with multiple
hyperscalers and likely will for the foreseeable future. This creates potential
data fragmentation. However, where the data is stored is not necessarily as
important as the ability to centralize how it is accessed, managed and
manipulated. “Today, you can extract all of that data much more easily, from a
user interface perspective, and manipulate it the way you want, then put it back
into the system of record, and you don't need a data scientist for that,” says
Mike Hurt, vice president of state and local government and education for
ServiceNow. “It's not your grandmother's way of tagging anymore.”
“Many agencies start their AI journeys with a specific use case, something
simple like a chatbot,” says John Whippen, regional vice president for U.S.
public sector at Snowflake. “As they show the value of those individual use
cases, they’ll attempt to make it more prevalent across an entire agency or
department.” Especially in populous jurisdictions, readying data for large-scale
AI initiatives can be challenging. Nevertheless, that initial data
consolidation, governance and management are central to cross-agency AI
deployments, according to Whippen and other industry experts. ... Most state
agencies operate on a hybrid cloud model. Many of them work with multiple
hyperscalers and likely will for the foreseeable future. This creates potential
data fragmentation. However, where the data is stored is not necessarily as
important as the ability to centralize how it is accessed, managed and
manipulated. “Today, you can extract all of that data much more easily, from a
user interface perspective, and manipulate it the way you want, then put it back
into the system of record, and you don't need a data scientist for that,” says
Mike Hurt, vice president of state and local government and education for
ServiceNow. “It's not your grandmother's way of tagging anymore.”The Role Of Empathy In Effective Leadership
 To maintain good working relationships with others, you must be willing to
understand their experiences and perspectives. As we all know, everyone sees the
world through a different lens. Even if you don’t fully align with others’
worldviews, as a leader, you must create an environment where individuals feel
heard and respected. ... Operate with perspective and cultivate inclusive
practices. In a way, empathy is being able to see through the eyes of others.
Many of the unspoken rules of the corporate world are based on the experience of
white males in the workforce. Considering the countless other demographics in
the modern workforce, most of these nuances or patterns are outdated,
exclusionary, counterproductive, and even harmful to some people. Can you
identify any unspoken rules you enforce or adhere to within your career?
Sometimes, they are hard to spot right away. In my research as a DEI
professional, I’ve encountered many unspoken cultural rules that don’t consider
the perspective of diverse groups. ... Empathetic leaders create more harmonious
workplaces and inspire their teams to perform better. Creating an atmosphere of
acceptance and understanding sets the stage for healthier dynamics. In
questioning the status quo, you root out any counterproductive trends in company
culture that need addressing.
To maintain good working relationships with others, you must be willing to
understand their experiences and perspectives. As we all know, everyone sees the
world through a different lens. Even if you don’t fully align with others’
worldviews, as a leader, you must create an environment where individuals feel
heard and respected. ... Operate with perspective and cultivate inclusive
practices. In a way, empathy is being able to see through the eyes of others.
Many of the unspoken rules of the corporate world are based on the experience of
white males in the workforce. Considering the countless other demographics in
the modern workforce, most of these nuances or patterns are outdated,
exclusionary, counterproductive, and even harmful to some people. Can you
identify any unspoken rules you enforce or adhere to within your career?
Sometimes, they are hard to spot right away. In my research as a DEI
professional, I’ve encountered many unspoken cultural rules that don’t consider
the perspective of diverse groups. ... Empathetic leaders create more harmonious
workplaces and inspire their teams to perform better. Creating an atmosphere of
acceptance and understanding sets the stage for healthier dynamics. In
questioning the status quo, you root out any counterproductive trends in company
culture that need addressing.
New Research on the Link Between Learning and Innovation
 Cognitive neuroscience confirms what experienced leaders intuitively know: Our
brains need structured breaks to turn experiences into actionable knowledge.
Just as sleep helps consolidate daily experiences into long-term memory,
structured reflection allows teams to integrate insights gained during
exploration phases into strategies and plans. Without these deliberate rhythms,
teams risk becoming overwhelmed by continual information intake—akin to
endlessly inhaling without pausing to exhale—leading to confusion and burnout.
By intentionally embedding reflective pauses within structured learning cycles,
teams can harness their full innovative potential. ... You can think of a team’s
learning activities as elements of a musical masterpiece. Just as great
compositions—like Beethoven’s Fifth Symphony—skillfully balance moments of
tension with moments of powerful resolution, effective team learning thrives on
the structured interplay between building up and then releasing tension.
Harmonious learning occurs when complementary activities, such as team
reflection and external expert consultations, reinforce one another, creating
moments of clarity and alignment. Conversely, dissonance arises when conflicting
activities, like simultaneous experimentation and detailed planning, collide and
cause confusion.
Cognitive neuroscience confirms what experienced leaders intuitively know: Our
brains need structured breaks to turn experiences into actionable knowledge.
Just as sleep helps consolidate daily experiences into long-term memory,
structured reflection allows teams to integrate insights gained during
exploration phases into strategies and plans. Without these deliberate rhythms,
teams risk becoming overwhelmed by continual information intake—akin to
endlessly inhaling without pausing to exhale—leading to confusion and burnout.
By intentionally embedding reflective pauses within structured learning cycles,
teams can harness their full innovative potential. ... You can think of a team’s
learning activities as elements of a musical masterpiece. Just as great
compositions—like Beethoven’s Fifth Symphony—skillfully balance moments of
tension with moments of powerful resolution, effective team learning thrives on
the structured interplay between building up and then releasing tension.
Harmonious learning occurs when complementary activities, such as team
reflection and external expert consultations, reinforce one another, creating
moments of clarity and alignment. Conversely, dissonance arises when conflicting
activities, like simultaneous experimentation and detailed planning, collide and
cause confusion.
Optimizing Search Systems: Balancing Speed, Relevance, and Scalability
/filters:no_upscale()/articles/optimizing-search-systems/en/resources/97figure-2-1752143797166.jpg) Efficiently managing geospatial search queries on Uber Eats is crucial, as users
often seek outnearby restaurants or grocery stores. To achieve this, Uber Eats
uses geo-sharding, a technique that ensures all relevant data for a specific
location is stored within a single shard. This minimizes query overhead and
eliminates inefficiencies caused by fetching and aggregating results from
multiple shards. Additionally, geo sharding allows first-pass ranking to happen
directly on data nodes, improving speed and accuracy. Uber Eats primarily
employs two geo sharding techniques: latitude sharding and hex sharding.
Latitude sharding divides the world into horizontal bands, with each band
representing a distinct shard. Shard ranges are computed offline using Spark
jobs, which first divide the map into thousands of narrow latitude stripes and
then group adjacent stripes to create shards of roughly equal size. Documents
falling on shard boundaries are indexed in both neighboring shards to prevent
missing results. One key advantage of latitude sharding is its ability to
distribute traffic efficiently across different time zones. Given that Uber Eats
experiences peak activity following a "sun pattern" with high demand during the
day and lower demand at night, this method helps prevent excessive load on
specific shards.
Efficiently managing geospatial search queries on Uber Eats is crucial, as users
often seek outnearby restaurants or grocery stores. To achieve this, Uber Eats
uses geo-sharding, a technique that ensures all relevant data for a specific
location is stored within a single shard. This minimizes query overhead and
eliminates inefficiencies caused by fetching and aggregating results from
multiple shards. Additionally, geo sharding allows first-pass ranking to happen
directly on data nodes, improving speed and accuracy. Uber Eats primarily
employs two geo sharding techniques: latitude sharding and hex sharding.
Latitude sharding divides the world into horizontal bands, with each band
representing a distinct shard. Shard ranges are computed offline using Spark
jobs, which first divide the map into thousands of narrow latitude stripes and
then group adjacent stripes to create shards of roughly equal size. Documents
falling on shard boundaries are indexed in both neighboring shards to prevent
missing results. One key advantage of latitude sharding is its ability to
distribute traffic efficiently across different time zones. Given that Uber Eats
experiences peak activity following a "sun pattern" with high demand during the
day and lower demand at night, this method helps prevent excessive load on
specific shards. 
How to beat the odds in tech transformation
 Creating an enterprise-wide technology solution requires defining a scope that’s
ambitious and quickly actionable and has an underlying objective to keep your
customers and organization on board throughout the project. ... Technology may
seem even more autonomous, but tech transformations are not. They depend on the
full engagement and alignment of people across your organization, starting with
leadership. First, senior leaders need to be educated so they clearly understand
not just the features of the new technology but more so the business benefits.
This will motivate them to champion engagement and adoption throughout the
organization. ... Even the best-planned journeys to new frontiers will run into
unexpected challenges. For instance, while we had extensively planned for
customer migration during our tech transformation, the effort required to make
it go as quickly and smoothly as possible was greater than expected. After all,
we provide mission-critical solutions, so customers didn’t simply want to know
we had validated a new product. They wanted reassurance we had validated their
specific use cases. In response, we doubled down on resources to give them
enhanced confidence. As mentioned, we introduced a protocol of parallel systems,
running the old and new simultaneously.
Creating an enterprise-wide technology solution requires defining a scope that’s
ambitious and quickly actionable and has an underlying objective to keep your
customers and organization on board throughout the project. ... Technology may
seem even more autonomous, but tech transformations are not. They depend on the
full engagement and alignment of people across your organization, starting with
leadership. First, senior leaders need to be educated so they clearly understand
not just the features of the new technology but more so the business benefits.
This will motivate them to champion engagement and adoption throughout the
organization. ... Even the best-planned journeys to new frontiers will run into
unexpected challenges. For instance, while we had extensively planned for
customer migration during our tech transformation, the effort required to make
it go as quickly and smoothly as possible was greater than expected. After all,
we provide mission-critical solutions, so customers didn’t simply want to know
we had validated a new product. They wanted reassurance we had validated their
specific use cases. In response, we doubled down on resources to give them
enhanced confidence. As mentioned, we introduced a protocol of parallel systems,
running the old and new simultaneously. 
 
 
No comments:
Post a Comment